Although the sesu utility is configured, anyone can run su.ORIG (the renamed system su utility), as before, with root's or a user's password. To prevent this, use the PROGRAM class to explicitly prevent su.ORIG execution when CA ControlMinder is running.
Note: If you used seuidpgm during CA ControlMinder installation and configuration, you do not need to follow this procedure. su will not run as it has been modified (renamed to su.ORIG).
To prevent users from running the system's su utility
nr program su_dir/su.ORIG defacc(x) own(nobody)
touch su_dir/su.ORIG
CA ControlMinder is watching su.ORIG and, because the file has been touched, will prevent it from being executed.
Copyright © 2013 CA Technologies.
All rights reserved.
|
|