One Identity Management Console for Unix 2.5.2 - Administration Guide

One Identity Privileged Access Suite for Unix Introducing One Identity Management Console for Unix Installing Management Console for Unix Preparing Unix hosts Working with host systems Managing local groups Managing local users Active Directory integration Authentication Services integration Privilege Manager integration
Getting started Configure a primary policy server Configure a secondary policy server Install PM agent or Sudo plugin on a remote host Security policy management
Opening a policy file Edit panel commands Editing PM policy files Reviewing the Access and Privileges by User report Reviewing the Access and Privileges by Host report
Event logs and keystroke logging
Reporting Setting preferences
User preferences System preferences
Security Troubleshooting tips
Auto profiling issues Active Directory Issues Auditing and compliance Cannot create a service connection point Check Authentication Services agent status commands not available CSV or PDF reports do not open Database port number is already in use Elevation is not working Hosts do not display Import file lists fakepath Information does not display in the console License information in report is not accurate Out of memory error Post install configuration fails on Unix or Mac Privilege Manager feature issues Profile task never completes questusr account was deleted Readiness check failed Recovering from a failed upgrade Reports are slow Reset the supervisor password Running on a Windows 2008 R2 domain controller Service account login fails Setting custom configuration settings Single Sign-on (SSO) issues JVM memory tuning suggestions Start/stop/restart Management Console for Unix service Toolbar buttons are not enabled UID or GID conflicts
System maintenance Command line utilities Web services Database maintenance About us

Upgrade Management Console for Unix

The process for upgrading Management Console for Unix from an older version is similar to installing it for the first time. The installer detects an older version of the console and automatically upgrades the components.

Note: The procedures in this topic assume you have Management Console for Unix 2.0.x or greater installed.

Before you begin the upgrade procedure, review the upgrade notes in the release notes, close the console and make a backup of your database, as explained in step 1.

To upgrade Management Console for Unix

  1. Backup the database files:
    1. Shutdown the service. See Start/stop/restart Management Console for Unix service for details.

      Management Console for Unix uses a HSQLDB (Hyper Structured Query Language Database) to store its data such as information about the hosts, settings, users, groups, and so forth.

    2. Copy the /var/opt/quest/mcu data directory to a backup location.

      Refer to Database maintenance for more information about the database locations and filenames.

    3. After backup is complete restart the service. See Start/stop/restart Management Console for Unix service for details.

      Once you backup the database files, you are ready to start the upgrade.

  2. To start the upgrade, follow the instructions for a first-time installation. See the Installing and Uninstalling topic for your platform under Installing the Management Console to start the installation procedure.

    When the installer detects a previous version of the mangement console is already installed, it asks if you want to continue.

  3. Click Yes at the Install Management Console for Unix dialog.
  4. Accept the terms of the license agreement and click Next.
  5. Modify the default SSL (https) and Non-SSL (http) port numbers, if necessary, and click Install.

    The installation wizard uninstalls the old version and configures the server database and service.

Note: After an upgrade from any version of Management Console for Unix, it is important to re-profile all managed hosts.

Preparing Unix hosts

The mangement console provides a central management and reporting console for local Unix users and groups.

Whether you have the core version of the mangement console or are managing hosts with Authentication Services or Privilege Manager for Unix, once you have successfully installed Management Console for Unix, you must first add your hosts to the console, and then profile them to gather system information. Once a host is added and profiled you can then manage users and groups on the hosts and run reports.

Note: Installing Authentication Services on hosts that you manage with the console unlocks many additional features for managing Unix systems with Active Directory, such as Active Directory user management and Access and Privileges reports.

Installing Privilege Manager on hosts that you manage with the console allows you to view and edit centrally stored policies, as well as search and replay keystroke logs. See What are the core features of the console for a list of these additional features.

Adding hosts to the Management Console

In order to manage a Unix host from the mangement console, you must first add the host. Go to the Hosts tab of the mangement console to either manually enter hosts or import them from a file.

To add hosts to the mangement console

  1. Click the Add Hosts toolbar button to display the Add Hosts dialog.

  2. To manually add one or more hosts, enter the FQDN, IP address, or short name of a host you want to add to the mangement console and either click the Add button or press Enter.

    Once added, the Host column displays the value you enter. The mangement console uses that value to connect to the host. You can rename the host if it has not been profiled using the Rename Host command on the Host panel of the toolbar. After a host is profiled the only way to change what is displayed in the Host column is to remove the host from the console and re-add it. For example, if you add a host by its IP address, the IP address displays in the Host column (as well as in the IP Address column); to change what is displayed in the Host column, you must use the Remove from console toolbar button to remove the host from the console; then use the Add Hosts button to re-add the client by its host name. If you had profiled the host before removing it, you will have to re-profile it after re-adding it.

  3. To add hosts from a known_hosts file, click the Import button.

    1. On the Import hosts from file dialog, browse to select a .txt file containing a list of hosts to import.

      Once imported, the host addresses display in the Add Host dialog list.

      Note: The valid format for an import file is:

      • .txt file - contains the IP address or DNS name, one per line
      • known_hosts file - contains address algorithm hostKey (separated by a space), one entry per line

      See Known_hosts file format for more information about the supported known_hosts file format.

  4. Once you have a list of one or more hosts to add, if you do not wish to profile the hosts at this time, clear the Profile hosts after adding option.

    Note: If you add more hosts to the list than selected in the Rows to show drop-down menu in the View panel of the toolbar, this option is disabled.

  5. If you do not clear the Profile hosts after adding option on the Add Hosts dialog, when you click OK, the Profile Host dialog prompts you to enter the user credentials to access the hosts. (Refer to Profiling hosts which walks you through the host profile steps.)

  6. If you clear the Profile hosts after adding option on the Add Hosts dialog, when you click OK, the Add Hosts dialog closes and control returns to the mangement console.

    The mangement console lists hosts that were successfully added on the All Hosts view by the FQDN, IP address, or short name of the hosts you entered on the Add Hosts dialog.

Add Hosts Dialog

The Add Hosts dialog displays when you select the Add Hosts toolbar button on the All Hosts view of the Hosts tab. From this view you can add one or more hosts and optionally run the profile task against the hosts you add.

Table 10: Add Host dialog
Option Description
Add a host using the FQDN, IP address, or short name: Place your cursor in the text box and enter the FQDN, IP address or short name of the host you want to add. Click the Enter key or the Add button to add the host to the selection list box.
Selection list This list box contains the hosts that are to be added to the mangement console.
Import

Select the Import button to import host addresses from a known_host file or a .txt file. When you click Import, the Import hosts from file dialog opens to allow you to browse to select the file to use for the import.

The valid format for an import file is:

  • .txt file - contains the IP address or DNS name, one per line
  • known_host file - contains address algorithm publicKey (separated by a space), one entry per line

See Known_hosts file format for details about the supported file formats.

Remove

Select a host from the selection list and click Remove to remove the selected host from the list.

Profile hosts after adding (Profiling limited to 50 hosts at a time)

Select this option to run the profile task after adding the hosts.

NOTE: If more than 50 hosts are added to the selection list, this option is disabled.

Documents connexes