Chat now with support
Chat mit Support

Privilege Manager for Unix 7.3 - Administration Guide

Introducing Privilege Manager for Unix Planning Deployment Installation and Configuration Upgrade Privilege Manager for Unix System Administration Managing Security Policy The Privilege Manager for Unix Security Policy Advanced Privilege Manager for Unix Configuration Administering Log and Keystroke Files InTrust Plug-in for Privilege Manager for Unix Troubleshooting Privilege Manager for Unix Policy File Components Privilege Manager for Unix Variables
Variable names Variable scope Global input variables Global output variables Global event log variables PM settings variables
Privilege Manager for Unix Flow Control Statements Privilege Manager for Unix Built-in Functions and Procedures
Environment functions Hash table functions Input and output functions LDAP functions LDAP API example List functions Miscellaneous functions Password functions Remote access functions String functions User information functions Authentication Services functions
Privilege Manager for Unix programs Installation Packages

Verifying package signature

All packages shipped by the vendor come with a signature. Signature verification depends on the platform:

  • MacOS packages are signed by an Apple developer certificate.

  • Linux, FreeBSD, AIX, Solaris and HP-UX packages are signed with a PGP key.

You can find the public key at pgp.mit.edu and at keyserver.ubuntu.com.

To fetch the public key, use its id:

gpg --keyserver <keyserver> --recv C5C4EC20AFB5B8E678085F81B161CD624417450C

You can also find the same public key in the oneidentity_pgpkey.pub file. To import it, use the following command:

gpg --import oneidentity_pgpkey.pub

To verify package signature

  1. Download the public key.

  2. Verify the files.

    • For platforms with separate .sig file signatures, use gpg2:

      gpg --verify <file>.sig <file>
    • For rpm packages, import the public key into the rpm's database:

      gpg --export -a "C5C4EC20AFB5B8E678085F81B161CD624417450C" >pubkey
      rpm --import pubkey

      And verify with:

      rpm --checksig --verbose <file>
    • For debian packages, use debsig-verify.

Configure a Primary Policy Server

The first thing you must do is install and configure the host you want to use as your primary policy server.

Checking the server for installation readiness

Privilege Manager for Unix comes with a Preflight program that checks to see if your system meets the install requirements.

To check for installation readiness

  1. Log on as the root user.

  2. Change to the directory containing the qpm-server package for your specific platform.

    For example, on a 64-bit Red HatLinux, run:

    # cd server/linux-x86_64
  3. Check if the pmpreflight command is executable. If it is not, run:

    # chmod 755 pmpreflight
  4. To verify your primary policy server host meets installation requirements, run:

    # sh pmpreflight.sh --server

    NOTE: The pmpreflight.sh shell script is not in the same directory as the pmpreflight binary. It is directly under the 7.3 directory. The user needs to change directory before running the script.

    Running pmpreflight.sh --server performs these tests:

    • Basic Network Conditions:

      • Hostname is configured

      • Hostname can be resolved

      • Reverse lookup returns its own IP

    • Privilege Manager for Unix Server Network Requirements:

      • Policy server port is available (TCP/IP port 12345)

    • Privilege Manager for Unix Prerequisites:

      • SSH keyscan is available

  5. Resolve any reported issues and rerun pmpreflight until all tests pass.

TCP/IP configuration

Privilege Manager for Unix uses TCP/IP to communicate with networked computers, so it is essential that you have TCP/IP correctly configured. If you cannot use programs such as ssh and ping to communicate between your computers, then TCP/IP is not working properly; consult your system administrator to find out why and make appropriate changes.

Ensure that your host has a statically assigned IP address and that your host name is not configured to the loopback IP address 127.0.0.1 in the /etc/hosts file.

Verwandte Dokumente

The document was helpful.

Bewertung auswählen

I easily found the information I needed.

Bewertung auswählen