Skip to main content
Version: 3.25


As stated earlier, policies written without a target user or resource, end up being valid for the entire system, increasing the risk of a total system lock.

The service secpack-maestro will always be running and updating the rules as they are registered in senhasegura . But if there is a need for manual intervention on the device, perform the following procedure:

  1. Using the root user, stop running the service secpack-maestro

    service secpack-maestro stop 
  2. Run the caitsith-loadpolicy binary to remove the desired policies. We will remove the previously created policy as an example.

    echo 'delete 100 acl write path = "/etc/oracle/tnsnames.ora"' \| /usr/sbin/caitsith-loadpolicy 
  3. Validate that the policy has been removed by re-checking the applied file

    cat /sys/kernel/security/caitsith/policy 
  4. Make changes to senhasegura so that the rule is not applied again

  5. Restart the service secpack-maestro

    service secpack-maestro start