CA ControlMinder has a maintenance mode, also known as silent mode, for protection when the CA ControlMinder daemons are down for maintenance. In this mode, CA ControlMinder denies events while these daemons are down.
When CA ControlMinder is running, it intercepts security sensitive events and checks whether the event is allowed. Without activating maintenance mode, all events are permitted when CA ControlMinder services are down. With active maintenance mode, events are denied when CA ControlMinder daemons are down, stopping user activity while the system is maintained.
Maintenance mode can be tuned, and it is disabled by default.
When the CA ControlMinder security services are down:
When maintenance mode is activated and security is down, the prevented events are not logged in the audit log file.
To enable maintenance mode, follow these steps:
Important! If root is not the maintenance user, make sure you have an open session for the maintenance user as you will not be able to log in otherwise.
The token is located under SEOS_syscall section.
seini -s SEOS_syscall.silent_deny yes
seini -s SEOS_syscall.silent_admin <maintenance_UID>
Note: root is the default maintenance mode user (UID 0).
Important! If the maintenance user is not root, you must make the CA ControlMinder authorization daemon setuid to the root user so that you can start CA ControlMinder in maintenance mode. To make this change enter the following command:
chmod 6111 seosd
Note: If the maintenance mode user is not root, start CA ControlMinder daemons with seosd command.
Copyright © 2013 CA Technologies.
All rights reserved.
|
|