Chatee ahora con Soporte
Chat con el soporte

Privilege Manager for Unix 7.2.3 - Release Notes

Privilege Manager for Unix 7.2.3

Privilege Manager for Unix 7.2.3

Release Notes

21 April 2023, 11:08

These release notes provide information about the Privilege Manager for Unix release.

Topics:
About this release

Privilege Manager for Unix protects the full power of root from potential misuse or abuse. With Privilege Manager for Unix there is no need to worry about anyone deleting critical files, modifying file permissions or databases, reformatting disks, or doing more subtle damage. Privilege Manager for Unix enables you to define a security policy that stipulates who has access to which root functions, as well as when and where they can perform those functions. It controls access to existing programs as well as purpose-built utilities that run common system administration tasks. At the administrator's request, Privilege Manager for Unix can protect sensitive data from network monitoring by encrypting the root commands or sessions it controls, including control messages and input keyed by users while running commands through Privilege Manager for Unix.

Privilege Manager for Unix 7.2.3 is a patch release that includes Resolved issues.

NOTE: Beginning with version 7.0, Privilege Manager for Unix supports only Linux-based systems for Privilege Manager for Unix policy servers.

End of support notice

After careful consideration, One Identity has decided to cease the development of the Management Console for Unix (MCU). Therefore, the MCU will enter limited support for all versions on April 1, 2021. Support for all versions will reach end of life on Nov 1, 2021.

As One Identity retires the MCU, we are building its feature set into modern platforms starting with Software Distribution and Profiling. Customers that use the MCU to deploy Authentication Services and Safeguard for Sudo can now use our Ansible collections for those products, which can be found at Ansible Galaxy.

Resolved issues

The following is a list of issues addressed in this release.

Table 1: Resolved Issues
Resolved Issue Issue ID

pmsrvconfig --unconfig asks for the removal of the pm.settings file.

sudo /opt/quest/sbin/pmsrvconfig --unconfig will ask the user to delete the pm.settings file.

280111

The commands pmjoin and pmsrvconfig will now recommend installing the security module selinux automatically if SELinux is in enforced or permissive mode.

306219

Resolved an issue where unjoined clients were not removed from the license database.

Clients that were joined to a policy server could end up having multiple entries in the license database. This prevented the client from being fully removed at unjoin time as well as the client being listed multiple times in the output of pmlicense -uf and pmlicense -us. The pmlicence -R command can be used to remove these phantom entries if necessary after upgrading.

385800

Fixed the piped output for pmrun command to work when SELinux is set to enforced mode.

393733

Packages do not contain the sysv init script anymore on distributions where systemd is used.

Previously we shipped both sysv and systemd service files. This change was introduced to avoid issues observed on Suse and SLES where systemd-sysv compatibility is enforced and broken on default installations, preventing the service to get enabled.

409691

Resolved an issue that prevented the configuration of Privilege Manager for Unix on RHEL 9 when the SELinux policy module from the Safeguard Authentication Services client package was also installed.

The issue occurred because the SELinux policy module from the Safeguard Authentication Services client package included rules that installed the files of Privilege Manager for Unix with incorrect security contexts. This prevented the successful configuration of the product on RHEL 9 when SELinux was in enforcing mode.

The issue was solved by updating the SELinux policy for Privilege Manager for Unix to include rules that explicitly label the package files with the proper security contexts.

414363

Supported platforms

The following table provides a list of supported platforms for Privilege Manager for Unix clients.

Table 2: Linux supported platforms — server and client

Platform

Version

Architecture

Amazon Linux

AMI, 2

x86_64

CentOS Linux

6, 7, 8, 9

Current Linux architectures: s390x, PPC64, PPC64le, x86, x86_64, AARCH64

Debian

Current supported releases

x86_64, x86, AARCH64

Fedora Linux

Current supported releases

x86_64, x86, AARCH64

OpenSuSE

Current supported releases

x86_64, x86, AARCH64

Oracle Enterprise Linux (OEL)

6, 7, 8, 9

Current Linux architectures: s390x, PPC64, PPC64le, x86, x86_64, AARCH64

Red Hat Enterprise Linux (RHEL)

6, 7, 8, 9

Current Linux architectures: s390x, PPC64, PPC64le, x86, x86_64, AARCH64

SuSE Linux Enterprise Server (SLES)/Workstation

11 SP4, 12, 15

Current Linux architectures: s390x, PPC64, PPC64le, x86, x86_64, AARCH64

Ubuntu

Current supported releases

x86_64, x86, AARCH64

Table 3: Unix and Mac supported platforms — client

Platform

Version

Architecture

Apple MacOS

10.15 or later

x86_64, ARM64

FreeBSD

12.x, 13.x

x32, x64

HP-UX

11.31

PA, IA-64

IBM AIX

6.1 TL9, 7.1 TL3, 7.2

Power 4+

Oracle Solaris

10 8/11 (Update 10), 11.x

SPARC, x64

System requirements

Before installing Privilege Manager for Unix 7.2.3, ensure that your system meets the following minimum hardware and software requirements.

NOTE: Beginning with version 7.2.3, Privilege Manager for Unix supports only Linux-based systems for Privilege Manager for Unix policy servers.

Table 4: Hardware and software requirements
Component Requirements
Operating systems

See Supported platforms to review a list of platforms that support Privilege Manager for Unix clients.

Disk space

80 MB of disk space for program binaries and manuals for each architecture.

Considerations:

  • At a minimum, you must have 80 MB of free disk space. The directories in which the binaries are installed must have sufficient disk space available on a local disk drive rather than a network drive. Before you install Privilege Manager for Unix, ensure that the partitions that will contain /opt/quest have sufficient space available.
  • Sufficient space for the keystroke logs, application logs, and event logs. The size of this space depends on the number of servers, the number of commands, and the number of policies configured.

  • The space can be on a network disk drive rather than a local drive.

  • The server hosting Privilege Manager for Unix must be a separate machine dedicated to running the pmmasterd daemon.
SSH software

You must install and configure SSH client and server software on all policy server hosts.

You must enable access to SSH as the root user on the policy server hosts during configuration of the policy servers. Both OpenSSH 4.3 (and later) and Tectia SSH 6.4 (and later) are supported.

Processor Policy Servers: 4 cores

RAM

Policy Servers: 8GB

Upgrade and compatibility

Privilege Manager for Unix supports a direct upgrade installation from version 6.0 and higher. The Privilege Manager for Unix software in this release is provided using platform-specific installation packages. For more information on upgrading, see the One Identity Privilege Manager for Unix Administration Guide.

One Identity recommends that:

  • You upgrade your policy server (Master) systems before agents, and that a policy server is run at the same or higher level than agents.
  • All policy server systems and agents are upgraded to the latest version to take advantage of all new features.

The upgrade process will create symbolic links to ensure that your existing paths function correctly.

Use of the Privilege Manager for Unix clients (pmrun and pmshells) with a policy server in Sudo policy mode is not supported.

Herramientas de autoservicio
Base de conocimientos
Notificaciones y alertas
Soporte de productos
Descargas de software
Documentación técnica
Foros de usuarios
Tutoriales en video
Aviso de actualizaciones de páginas web (RSS)
Comuníquese con nosotros
Obtenga asistencia con las licencias
Soporte Técnico
Ver todos
Documentos relacionados

The document was helpful.

Seleccionar calificación

I easily found the information I needed.

Seleccionar calificación