Chat now with support
Chat mit Support

Safeguard for Sudo 7.3 - Administration Guide

Introducing Safeguard for Sudo Planning Deployment Installation and Configuration Upgrade Safeguard for Sudo System Administration Managing Security Policy Administering Log and Keystroke Files Supported sudo plugins Troubleshooting Safeguard for Sudo Variables Safeguard for Sudo programs Installation Packages Supported Sudoers directives Unsupported Sudo Options Safeguard for Sudo Policy Evaluation

Synchronizing policy servers within a group

Safeguard for Sudo generates log files containing event timestamps based on the local clock of the authorizing policy server.

To synchronize all policy servers in the policy group, use Network Time Protocol (NTP) or a similar method of your choice.

Install Sudo Plugin on a remote host

Once you have installed and configured the primary policy server, you are ready to install a Sudo Plugin on a remote host.

Checking Sudo Plugin Host for installation readiness

To check a Sudo Plugin host for installation readiness

  1. Log on to the remote host system as the root user and navigate to the files you extracted on the primary policy server.

  2. From the root directory, run a readiness check to verify the host meets the requirements for installing and using the Sudo Plugin, by running:

    # sh pmpreflight.sh --sudo --policyserver <myhost>

    where <myhost> is the hostname of the primary policy server.

    Running pmpreflight.sh --sudo performs these tests:

    • Basic Network Conditions:

      • Hostname is configured

      • Hostname can be resolved

      • Reverse lookup returns it own IP

    • Policy Server Connectivity

      • Hostname of policy server can be resolved

      • Can ping the policy server

      • Can make a connection to policy server

      • Policy server is eligible for a join

    • Sudo Installation

      • sudo is present on the host

      • sudo is in a functional state

      • sudo is version 1.8.1 (or later)

    • Prerequisites to support off-line policy caching

      • SSH keyscan is available

      • Policy server port is available

  3. Resolve any reported issues and rerun pmpreflight until all tests pass.

Installing a Sudo Plugin on a remote host

To install a Sudo Plugin on a remote host

  1. Log on as the root user.

  2. Change to the directory containing the qpm-plugin package for your specific platform. For example, on a 64-bit Red Hat Linux, enter:

    # cd sudo_plugin/linux-x86_64
  3. Run the platform-specific installer. For example, on Red Hat Linux run:

    # rpm --install qpm-plugin-*.rpm

Once you install the Sudo Plugin package, the next task is to join it to the policy server.

Verwandte Dokumente

The document was helpful.

Bewertung auswählen

I easily found the information I needed.

Bewertung auswählen