Before you install the InTrust for Active Directory components:
For more information on this process, refer to the InTrust Preparing for Auditing and Monitoring Linux document.
Run the pmintrust.sh script as the root user.
You might need to edit pmintrust.sh to ensure it can find all relevant event log files.
The script outputs event log data in a format that the InTrust Agent can handle. When the script runs, it creates a separate file for InTrust called /tmp/pm_evlog.intrust containing a plain text version of the events stored in the event log files.
To configure the policy server for the InTrust Plugin
# gzip -dc pmintrust.tgz | tar xvf - -C /tmp pmintrust/ pmintrust/pmpolicy.crontab pmintrust/root.crontab pmintrust/pmintrust.profile pmintrust/pmintrust.sh
# cp /tmp/pmintrust/pmintrust.sh /opt/quest/sbin
eventlog="/var/log/eventlogs/"+year+"/"+month+"/"+day+"/"+user+"_events.db";
Change the EVDIRS and EVGLOB variables in the pmintrust.sh script to:
EVDIRS=`find /var/log/eventlogs -type d` EVGLOB="*_events.db"
One Identity recommends that you add a crontab entry as the pmpolicy service user, and configure the cronjob to run pmrun with root user privileges.
The crontab entry is a file called pmpolicy.crontab in the pmintrust.tgz archive.
The following crontab entry runs pmrun pmintrust.sh at 10:50 pm everyday:
50 22 * * * /opt/quest/bin/pmrun /opt/quest/sbin/pmintrust.sh
To add the crontab, login (or su) to the pmpolicy service account and run the following command:
$ crontab /tmp/pmintrust/pmpolicy.crontab
Alternatively, you can configure the script to run directly as the root user by creating a root cron job, and skip part b) of this step.
There is a root.cronjob file in the pmintrust.tgz archive.
To checkout, add, and commit the changes to the policy, run the following pmpolicy command:
# /opt/quest/sbin/pmpolicy checkout -d /tmp # cp /tmp/pmintrust/pmintrust.profile /tmp/policy_pmpolicy/profiles/ # chown pmpolicy:pmpolicy /tmp/policy_pmpolicy/profiles/pmintrust.profile # /opt/quest/sbin/pmpolicy add -p profiles/pmintrust.profile -d /tmp # /opt/quest/sbin/pmpolicy commit -d /tmp -l ″add pmintrust profile″
# pmrun id
To install the InTrust Knowledge Pack
<INTRUST_HOME>\Server\ADC\SupportTools\
# InTrustPDOImport.exe -import D:\temp\PM_DataSource.xml # InTrustPDOImport.exe -import D:\temp\PM_GatheringJob.xml # InTrustPDOImport.exe -import D:\temp\PM_GatheringJob_igtc.xml # InTrustPDOImport.exe -import D:\temp\PM_GatheringPolicy.xml # InTrustPDOImport.exe -import D:\temp\PM_GatheringTask.xml # InTrustPDOImport.exe -import D:\temp\PM_Site.xml
| Object type | Objects |
|---|---|
| Gathering policy | ‘Privilege Manager for Unix: Event Log Monitoring’ |
| Job | ‘Gather Privilege Manager for Unix Events’ |
| Task | ‘Privilege Manager for Unix daily collection of events’ |
| Site | ‘Privilege Manager for Unix hosts’ |
| Report |
‘Privilege Manager for Unix All Events’ ‘Privilege Manager for Unix All Events By Result’ ‘Privilege Manager for Unix Elevated Privilege Events’ ‘Privilege Manager for Unix Policy Server By Result’ ‘Privilege Manager for Unix Policy Server Events’ ‘Privilege Manager for Unix Rejected Events’ ‘Privilege Manager for Unix Out Of Band Events’ |
|
Data Source |
Privilege Manager for Unix Event Log’ |
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Feedback Términos de uso Privacidad Cookie Preference Center
