Chat now with support
Chat mit Support

Safeguard for Sudo 7.3 - Administration Guide

Introducing Safeguard for Sudo Planning Deployment Installation and Configuration Upgrade Safeguard for Sudo System Administration Managing Security Policy Administering Log and Keystroke Files Supported sudo plugins Troubleshooting Safeguard for Sudo Variables Safeguard for Sudo programs Installation Packages Supported Sudoers directives Unsupported Sudo Options Safeguard for Sudo Policy Evaluation

System requirements

Prior to installing Safeguard for Sudo, ensure your system meets the minimum hardware and software requirements for your platform.

Table 1: Hardware and software requirements
Component Requirements

Operating systems

See Supported platforms to review a list of platforms that support Safeguard clients.

Disk space

80 MB of disk space for program binaries and manuals for each architecture.

Considerations:

  • At a minimum, you must have 80 MB of free disk space. The directories in which the binaries are installed must have sufficient disk space available on a local disk drive rather than a network drive. Before you install Safeguard, ensure that the partitions that will contain /opt/quest have sufficient space available.

  • Sufficient space for the keystroke logs, application logs, and event logs. The size of this space depends on the number of servers, the number of commands, and the number of policies configured.

  • The space can be on a network disk drive rather than a local drive.

  • The server hosting Safeguard must be a separate machine dedicated to running the pmmasterd daemon.

SSH software

You must install and configure SSH client and server software on all policy server hosts.

You must also install SSH client software on all hosts that will use the Sudo Plugin.

You must enable access to SSH as the root user on the policy server hosts during configuration of the policy servers. Both OpenSSH 4.3 (and later) and Tectia SSH 6.4 (and later) are supported.

Processor

Policy Servers: 4 cores

RAM

Policy Servers: 8 GB

Safeguard for Sudo Requirements
Table 2: Primary policy server and host system installation requirements
Systems Required Minimum Requirements

Primary Policy Server

  • Supported Unix or Linux operating system

  • SSH (ssh-keyscan binary)

Host System

  • Supported Unix, Linux, or macOS platform

  • SSH (ssh-keyscan binary)

  • Sudo 1.8.1 (or later)

Default Ports

Configure the firewall ports appropriately when installing the Sudo Plugin on separate machines from the policy server.

Table 3: Masterport requirements
Variable Default Port Description

masterport

12345

TCP/IP port for pmmasterd. Safeguard uses the masterport to communicate with the pmmasterd (policy server daemon).

Supported platforms

The following table provides a list of supported platforms for Safeguard for Sudo clients.

NOTE: Beginning with version 7.0, Safeguard for Sudo supports only Linux-based systems for Safeguard for Sudo policy servers.

CAUTION: As of Safeguard for Sudo version 7.3, the following platforms and architectures are no longer supported:

  • CentOS Linux 6

  • Apple MacOS 11.3

  • Oracle Enterprise Linux (OEL) 6

  • Red Hat Enterprise Linux (RHEL) 6

Table 4: Linux supported platforms — server and plugin

Platform

Version

Architecture

Alma Linux

8, 9

x86_64, AARCH64, PPC64le, s390x

Amazon Linux

AMI, 2, AL2022

x86_64

CentOS Linux

7, 8, 9

Current Linux architectures: s390x, PPC64, PPC64le, x86, x86_64, AARCH64

CentOS Stream

8, 9

x86_64, AARCH64, PPC64le, s390x

Debian

Current supported releases

x86_64, x86, AARCH64

Fedora Linux

Current supported releases

x86_64, x86, AARCH64

OpenSuSE

Current supported releases

x86_64, x86, AARCH64

Oracle Enterprise Linux (OEL)

7, 8, 9

Current Linux architectures: s390x, PPC64, PPC64le, x86, x86_64, AARCH64

Red Hat Enterprise Linux (RHEL)

7, 8, 9

Current Linux architectures: s390x, PPC64, PPC64le, x86, x86_64, AARCH64

Rocky Linux

8, 9

x86_64, AARCH64, PPC64le, s390x

SuSE Linux Enterprise Server (SLES)/Workstation

12, 15

Current Linux architectures: s390x, PPC64, PPC64le, x86, x86_64, AARCH64

Ubuntu

Current supported releases

x86_64, x86, AARCH64

Table 5: Unix and Mac supported platforms — plugin

Platform

Version

Architecture

Apple MacOS

12.0 and above

x86_64, ARM64

FreeBSD

12.x, 13.x, 14.x

x32, x64

HP-UX

11.31

IA-64

IBM AIX

6.1 TL9, 7.1 TL3, TL4, TL5, 7.2, 7.3

Power 4+

Oracle Solaris

10 8/11 (Update 10), 11.x

SPARC, x64

Reserve special user and group names

Reserve the following names for Safeguard for Sudo usage:

  • pmpolicy (user and group)

  • pmlog (group)

For more information, see Reserve special user and group names..

Required privileges

You will need root privileges to install Safeguard for Sudo software. Either log in as root or use the su program to acquire root privileges. Due to the importance of the root account, Safeguard for Sudo carefully protects the system against certain accidental or deliberate situations that might lead to a breach in security. For example, if Safeguard for Sudo discovers that its configuration files are open to modification by non-root users, it will reject all job requests. Furthermore, all Safeguard for Sudo directories back to the / directory are checked for security in the same way, to guard against accidental or deliberate replacement.

Verwandte Dokumente

The document was helpful.

Bewertung auswählen

I easily found the information I needed.

Bewertung auswählen