Solaris BSM events drop session id when escalating privileges.

  • 7018623
  • 15-Feb-2017
  • 15-Feb-2017

Environment

NetIQ Sentinel 7.x and 8.x Sentinel Server

Situation

Sentinel UNIX agent 7.4 is not forwarding the Effective UserName field to Sentinel for BSM events. Thus when the person switches to another user, the operations are still being shown as done by the logged in user.

Resolution

To resolve this issue on Sentinel install hotfix 7.4 HF14 from https://dl.netiq.com/patch/finder/ location

Cause

Effective UserName of Subject token is not being forwarded to sentinel server. Therefore Sentinel is unable to populate the Effective UserName information.