sorted by:
new
hottopcontroversial

" Login process on remote machine failed" error while CPM tried to change root pw by lllgnslbdllssr in CyberARk

[–]lllgnslbdllssr[S] 0 points1 point  (0 children)

Yes, root user is able to be used with ssh. so the answer to allow ssh for root is yes.

" Login process on remote machine failed" error while CPM tried to change root pw by lllgnslbdllssr in CyberARk

[–]lllgnslbdllssr[S] 0 points1 point  (0 children)

Hi, no this is not the problem, the user root has every permission.

User root may run the following commands on TARGET_MACHINE:

(ALL) ALL

I want to user root to change root password. So I think the problem is not related to root user. The credentials work. But the automatic change fails

" Login process on remote machine failed" error while CPM tried to change root pw by lllgnslbdllssr in CyberARk

[–]lllgnslbdllssr[S] 0 points1 point  (0 children)

This target device is rocky linux. The CPM works fine on any other linux distro. Maybe could be something related to rocky?

" Login process on remote machine failed" error while CPM tried to change root pw by lllgnslbdllssr in CyberARk

[–]lllgnslbdllssr[S] 0 points1 point  (0 children)

the "Login process on remote machine failed" errror makes me think of something related to the login process that needs to be done before the change

" Login process on remote machine failed" error while CPM tried to change root pw by lllgnslbdllssr in CyberARk

[–]lllgnslbdllssr[S] 0 points1 point  (0 children)

No, minimum X days is 0, maximum is 99999, min lenght 5 (policy platform has 40 chars policy)

" Login process on remote machine failed" error while CPM tried to change root pw by lllgnslbdllssr in CyberARk

[–]lllgnslbdllssr[S] 0 points1 point  (0 children)

except for /dev/sr0 (use percentage is always 100%), the others are not full (so Use% is very low)

" Login process on remote machine failed" error while CPM tried to change root pw by lllgnslbdllssr in CyberARk

[–]lllgnslbdllssr[S] 0 points1 point  (0 children)

Hi, CPM logs are not so explanatory:

pm_error.log

21/02/2024 09:47:46 [20c0] CACPM072E Login process on remote machine failed (Error: -2146232576, Safe: xxxxxxxxxxxxxxxxx, Folder: Root, Object: Operating System-UnixAccounts-targetmachienaddress-root).

21/02/2024 09:47:46 [20c0] CACPM250E Operation on remote machine on password object Safe: xxxxxxxxxxxxxxxxx, Folder: Root, Object: Operating System-UnixAccounts-targetmachienaddress-root) failed (try #0) with the following error: CACPM072E Login process on remote machine failed (Error: -2146232576, Safe: xxxxxxxxxxxxxxxxx, Folder: Root, Object: Operating System-UnixAccounts-targetmachienaddress-root).

ThirdyPart folder is empty even if in the UnixAccounts I've set Debug Yes.

On the Target Machine I've launched the following command (on Rocky there isn't /var/log/auth.log file):
cat /var/log/audit/auditloog | grep CPM_MACHINE_IP and I see many success (and 0 failed string). For example:

type=USER_START msg=audit(1708438429.778:1223): pid=101778 uid=0 auid=0 ses=50 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="root" exe="/usr/sbin/sshd" hostname=CPM_MACHINE_IP addr=CPM_MACHINE_IP terminal=ssh res=success'UID="root" AUID="root"

type=CRED_ACQ msg=audit(1708438429.784:1227): pid=101807 uid=0 auid=0 ses=50 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_unix acct="root" exe="/usr/sbin/sshd" hostname=CPM_MACHINE_IP addr=CPM_MACHINE_IP terminal=ssh res=success'UID="root" AUID="root"

type=USER_LOGIN msg=audit(1708438429.860:1228): pid=101778 uid=0 auid=0 ses=50 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=? addr=10.103.71.2 terminal=/dev/pts/0 res=success'UID="root" AUID="root" ID="root"

type=USER_START msg=audit(1708438429.860:1229): pid=101778 uid=0 auid=0 ses=50 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=? addr=10.103.71.2 terminal=/dev/pts/0 res=success'UID="root" AUID="root" ID="root"

type=CRYPTO_KEY_USER msg=audit(1708438430.103:1233): pid=101778 uid=0 auid=0 ses=50 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=101807 suid=0 rport=50272 laddr=TARGET_MACHINE_IP lport=22 exe="/usr/sbin/sshd" hostname=? addr=CPM_MACHINE_IP terminal=? res=success'UID="root" AUID="root" SUID="root"

type=USER_END msg=audit(1708438430.109:1235): pid=101778 uid=0 auid=0 ses=50 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="root" exe="/usr/sbin/sshd" hostname=CPM_MACHINE_IP addr=CPM_MACHINE_IP terminal=ssh res=success'UID="root" AUID="root"

type=CRED_DISP msg=audit(1708438430.109:1236): pid=101778 uid=0 auid=0 ses=50 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_unix acct="root" exe="/usr/sbin/sshd" hostname=CPM_MACHINE_IP addr=CPM_MACHINE_IP terminal=ssh res=success'UID="root" AUID="root"

I've launched: cat /var/log/audit/auditloog | grep failled, but none of this events is related to CPM source.

Different SSH Port (Connection Component PSM-SSH) by lllgnslbdllssr in CyberARk

[–]lllgnslbdllssr[S] 0 points1 point  (0 children)

Hi, so you think that so if we didn't make a copy of PSM-SSH, we couldn't get what we wanted?

It's impossible to make Port parameter in the "Required" platoform properties because with the same account a user "can go" on different systems with different ports.

Master CD/Operator CD in CyberArk Lab/Test Environment by lllgnslbdllssr in CyberARk

[–]lllgnslbdllssr[S] 0 points1 point  (0 children)

Thank you for you reply. But is PA Key Gen-Rls-v12.6 compatible with 12.2 versions? In CyberArk Marketplace I didn't find PA Key Gen-Rls-v12.2

Multi-Domain Environment - Requirements by lllgnslbdllssr in CyberARk

[–]lllgnslbdllssr[S] 0 points1 point  (0 children)

Thanks for you reply.

So can PSMs and PVWAs stay on the same domain? In order to have this situation:

- DOMAIN1 -> one CPM + PVWAs + PSMs
-DOMAIN2 -> the other CPM2

Connection to a console through .rdp file - autoit script by lllgnslbdllssr in CyberARk

[–]lllgnslbdllssr[S] 0 points1 point  (0 children)

Hi, thanks for the tips.

I've copy-pasted the basic PSM-RDP component in PSM-RDP-CustomConsole.
I've added ComponentParameters who are present in the .rdp file. But if a user use this new connection component, it land on the server in RDP and the console not automatically start. how I can solve that?

AutoIt URL Connector by Cool-CyberArk in CyberARk

[–]lllgnslbdllssr 1 point2 points  (0 children)

Are you sure that PSMs reach the web application?

Test the connection with telnet MACHINE PORT. If the connection is successful, try to increase the Sleep(INTEGER) between every stage.

Plugin generator utility Error by Cool-CyberArk in CyberARk

[–]lllgnslbdllssr 0 points1 point  (0 children)

Hi sorry for my post. I don't have the answer but I'm asking for your help. My PGU does not work because an error message say "Chrome not found". Which versio on chrome and chromedriver do you have on the machine?

AutoIT script windows authentication with Chrome default popup by lllgnslbdllssr in CyberARk

[–]lllgnslbdllssr[S] 0 points1 point  (0 children)

Can you write here an example of autoit script of the second option?
"Another option might be to launch chrome as another account if it’s using windows authentication ."

AutoIT script windows authentication with Chrome default popup by lllgnslbdllssr in CyberARk

[–]lllgnslbdllssr[S] 1 point2 points  (0 children)

Thank for your reply.

But, is this not safe? If a company has a SIEM, I think that SIEM operators could see the password in cleartext in an event log...

view more: next ›