Problem:
There are duplicate sessions showing in Audit Analyzer console whenever a user logged onto an agent-based Unix or Linux system using the Centrify Infrastructure Services portal. These duplicated sessions could be experienced with one of the following systems:
1) Docker Container
2) Server running inside a NAT environment that does port mapping
3) AWS instance
After restarted Audit Management Server, there should only be one session showing in the Audit Analyzer.
Cause:
The root cause is that the public IP address, stored in CPS secret, not the same as the local IP address of the Linux agent
the following line is observed in the log:
Aug 09 18:31:06 8966775f08c9 -bash[9925]: DEBUG: IP address (10.100.41.121) in CPS secret is mismatched with the current machine's.
In those cases, if logged onto Linux agent from CPS, cdash will think the session is not from CPS because it found the IP address included in the CPS 'secret' not the same as the local IP address, then log a duplicated session.
Workaround:
Duplicated session can be prevented by setting the following parameter in centrifyda.conf file
dash.check.cps.secret.ipaddr: false
The default value is 'true'. By changing it to 'false', IP address checking will be skipped
Resolution:
This issue has been resolved in Suite 18.11 with setting the following parameter in centrifyda.conf file to specify the local IP address to be stored in CPS secret for the Linux agent
dash.check.ipaddr.list
one example would be:
dash.check.ipaddr.list: 10.100.41.120
command dareload is required to take effect