How to debug Enhanced Access Control (EAC) policies for Linux / Unix

Document ID:7022828
Creation Date:09-Apr-2018
Modified Date:09-Apr-2018
- Micro Focus Products:
  Privileged Account Manager (Privileged User Manager)

Environment

Privileged Account Manager 3.2

Situation

How to debug issues with Enhanced Access Control policies for Linux / Unix
How to troubleshoot Enhanced Access Control (EAC)
Gathering debug trace logs for EAC

Resolution

To print debug session initialization details from cmdctrl to the terminal, add one of the following to the cmdctrl rule's user message field:

For XML output: $<>$
For JSON output: ${}$

For client-trace debugging of commands (similar to strace), append the following to the cmdctrl rule's Script Arguments, in the Value field:

trace <number>

Note: Replace <number> with a number ranging from 1-3, with 3 providing the highest level of detail. Debug output should then be printed to the client's terminal.