HPE Community
Operating System - HP-UX
1820029 Members
3423 Online
109608 Solutions
New Discussion юеВ

Re: security Containment RBAC

 
SOLVED
Go to solution
Antonio Egea
Advisor

тАО02-16-2010 02:10 AM

тАО02-16-2010 02:10 AM

security Containment RBAC


Hello,

I am not able to guess what this error means in the rbacdbchk. It only appears with an rbacdbchk, but not with one of the options alone (-r, -a, -u, -c, -R, -x), and it is not showed when -vvv is used (I can see all the checking around the DBs is done but the error is not there)

# rbacdbchk
[Invalid Authorization in role_auth DB. Auth with operation='hpux.*' and object='*' does not exist in the auths DB]
Administrator:(hpux.*, *)

In other environment this is working, being the user_role, roles, role_auth, cmd_priv and auths files the same.

Any help or clue will be welcomed, thank you in advance

#rbacdbchk -vvv

### Checking database /etc/rbac/roles
Checking field values in line: 'Administrator: Sample role shipped with system; assigned all auths by default'
...(and some more)

### Checking database /etc/rbac/auths
Checking field values in line: '(hpux.*,*):'
Checking field values in line: '(hpux.admin.boot.config,*):'
Checking field values in line: '(hpux.admin.boot.make,*):'
Checking field values in line: '(hpux.admin.boot.remove,*):'
Checking field values in line: '(hpux.admin.kernel.config,*):'
Checking field values in line: '(hpux.admin.kernel.crash.save,*):'
...
0 Kudos
Reply
4 REPLIES 4
smatador
Honored Contributor

тАО02-16-2010 02:41 AM

тАО02-16-2010 02:41 AM

Re: security Containment RBAC

Hi,
I'm not very familiar with rbac, but normally as I understand the messages says that in the file /etc/rbac/role_auth you have a value
Administrator: (hpux.*, *) that is not matching the auths file. But the auths file are always like (hpux.*,*):
So maybe there is a typo error on the /etc/rbac/role_auth that you can not see while the rbacdbck can check it.
Copy this line from another good server could help you?
HTH
0 Kudos
Reply
Antonio Egea
Advisor

тАО02-16-2010 05:17 AM

тАО02-16-2010 05:17 AM

Re: security Containment RBAC

We thought about that, but the copied all the files from the working server to the failing one and it the same error is appearing...

They are having some issues with Ignite and maybe that's the problem but I am not sure
0 Kudos
Reply
smatador
Honored Contributor

тАО02-16-2010 06:05 AM

тАО02-16-2010 06:05 AM

Solution

Re: security Containment RBAC

Hi Antonio

>We thought about that, but the copied all the files from the working server to the failing one and it the same error is appearing...

That's mean, the db is ok. So I suppose the problem is on the rbacdbchk command.
You write about ignite issue. What's the problem? Do you have restore this box?


Do you have check about library of rbackdbchk
ldd /usr/sbin/rbacdbchk
and compare ll with another good one.
You could also check about patches like
PHCO_40362

HTH
Reply
Antonio Egea
Advisor

тАО02-17-2010 03:24 AM

тАО02-17-2010 03:24 AM

Re: security Containment RBAC

We are investigating the corruption problem. From a tusc looks like it is opening the /etc/rbac/auths several times with different contents, I will try cksum
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.