Bypass Trusted Process Authorization

 allows you to define programs as trusted.  stores the trusted programs and their children programs in a table. All events (inbound and outbound) related to trusted processes (and their corresponding ports) are permitted without authorization as part of a full network bypass.
capamsc141
PAM Server Control
 allows you to define programs as trusted. 
PAM Server Control
stores the trusted programs and their children programs in a table. All events (inbound
and
outbound) related to trusted processes (and their corresponding ports) are permitted without authorization as part of a full network bypass.
To specify these programs, use the SPECIALPGM class:
  • To bypass file and network events for the specified program, use the property PGMTYPE with values pbf and pbn.
  • To bypass setuid and setgid events for a specified program, use the property PGMTYPE with the value surrogate.
  • To bypass all 
    PAM Server Control
    authorization checks for a specified program, use the property PGMTYPE with the value fullbypass.
    PAM Server Control
     ignores a process that has the PGMTYPE(fullbypass) property, and no record of any process events appears in 
    PAM Server Control
    audit, trace, or debug logs.
  • To propagate bypasses to all programs that are called from the specified program, use the property PGMTYPE with the value propagate.
Security privilege propagation works with PBF, PBN, DCM, FULLBYPASS, and SURROGATE privileges only.