Tchater maintenant avec le support
Tchattez avec un ingénieur du support

One Identity Management Console for Unix 2.5.2 - Administration Guide

One Identity Privileged Access Suite for Unix Introducing One Identity Management Console for Unix Installing Management Console for Unix Preparing Unix hosts Working with host systems Managing local groups Managing local users Active Directory integration Authentication Services integration Privilege Manager integration Reporting Setting preferences Security Troubleshooting tips
Auto profiling issues Active Directory Issues Auditing and compliance Cannot create a service connection point Check Authentication Services agent status commands not available CSV or PDF reports do not open Database port number is already in use Elevation is not working Hosts do not display Import file lists fakepath Information does not display in the console License information in report is not accurate Out of memory error Post install configuration fails on Unix or Mac Privilege Manager feature issues Profile task never completes questusr account was deleted Readiness check failed Recovering from a failed upgrade Reports are slow Reset the supervisor password Running on a Windows 2008 R2 domain controller Service account login fails Setting custom configuration settings Single Sign-on (SSO) issues JVM memory tuning suggestions Start/stop/restart Management Console for Unix service Toolbar buttons are not enabled UID or GID conflicts
System maintenance Command line utilities Web services Database maintenance

Group reports

Table 13: Group reports
Report Description
AD Group Conflicts

Lists all Active Directory groups with Unix Group ID (GID) numbers assigned to other Unix-enabled groups.

By default, it creates this report using the default domain as the base container. Browse to search Active Directory to locate and select the base container to begin the search.

NOTE: This report is available when you are logged on as an Active Directory account in the Manage Hosts role.
Local Unix Groups

Identifies the hosts where a specific group exists in /etc/group. This report includes the following information:

  • Host Name, DNS Name or IP Address where the group exists
  • Group Name, GID Number, and members for each host where the group exists

If you do not specify a group, it includes all local groups on each profiled host in the report.

To locate a specific group, use the following report parameters:

  • Group Name contains
  • GID Number is
  • Member contains
  • Include all group members in report

NOTE: The Member contains field accepts multiple entries separated by a comma. Spaces are taken literally in the search. For example, entering:

  • adm, user searches for members whose name contains 'adm' or ' user'
  • adm,user searches for members whose name contains 'adm' or 'user'.

NOTE: When you specify multiple report parameters (for example, Group Name contains, GID Number is, and Member contains), it uses the AND expression; therefore, ALL of the selected parameters must be met in order to locate a group.

In addition, it includes all of the group members in the report by default, but you can clear the Include all group members in report option.

NOTE: This report is available when you are logged on as the supervisor or an Active Directory account in the Manage Hosts role.
Unix-Enabled AD Groups

Lists all Active Directory groups that have Unix group attributes.

NOTE: A Group object is considered "Unix-enabled" if it has a value for the GID Number.

By default, it creates this report using the default domain as the base container. Browse to search Active Directory to locate and select a different base container to begin the search.

NOTE: This report is only available if you have configured the mangement console to recognize Active Directory objects (see Configuring the console to recognize Unix attributes in AD), and you are logged on as an Active Directory account in the Manage Hosts role.

Access & Privileges reports

Note: The Access & Privileges reports do not report on users and groups from a NIS domain.

Table 14: Access & Privileges reports
Report Description
Access & Privileges by Host

Identifies all users with log-on access to hosts and the commands the users can run on the hosts. This report includes the following information:

  • Total number of users that can log on to the host
  • The users that can log on to the host
  • The commands users can run on the host
  • The runas aliases for which the user can run commands on the host
  • The commands the runas alias can run on the host

Browse to select a host.

Optionally, select the Show detailed report option.

NOTE: This report is available when you are logged on as the supervisor or as an Active Directory account in the Manage Sudo Policy, Manage PM Policy, Audit Sudo Policy, or Audit PM Policy roles. You must have an active policy group for Privilege Manager to run this report; you can only include hosts that are joined to a policy group.

Access & Privileges by User

Identifies the users with log on access to hosts, the commands that user can run on each host, and the "runas aliases" information for that user. This report includes the following information:

  • Total number of hosts where the user can logon
  • The hosts where the user can logon
  • The commands the user can run on each host
  • The runas aliases for which the user can run commands on each host
  • The commands the runas alias can run on each host

Use the following report parameters to specify the user to include in the report:

  • A local user (default)
  • An AD user

Browse to select a user.

Optionally select the Show detailed report option.

NOTE: This report is available when you are logged on as the supervisor or as an Active Directory account in the Manage Sudo Policy, Manage PM Policy, Audit Sudo Policy, or Audit PM Policy roles. You must have an active policy group for Privilege Manager to run this report; you can only include hosts that are joined to a policy group.
Commands Executed

Provides details about the commands executed by users on hosts joined to a policy group, based on their privileges and recorded as events or captured in keystroke logs by Privilege Manager. This report allows you to search for commands that have been recorded as part of events or keystroke logs for a policy group and includes the following information:

  • Command name
  • User who executed the command
  • Date and time the command was executed
  • Host where the command was executed

Use the following report parameters to define details in the report:

  • Policy Group
  • Command
  • Host
  • Log status
  • Date
NOTE: You can use wildcards in the text string you enter in the Command box, such as * and ?.
NOTE: This report is available when you are logged on as the supervisor or as an Active Directory account in the Manage Sudo Policy, Manage PM Policy, Audit Sudo Policy, or Audit PM Policy roles. You must have an active policy group for Privilege Manager to run this report; you can only include hosts that are joined to a policy group.
Console Access and Permissions

Lists users who have access to the mangement console based on membership in a console role and the permissions assigned to that role. This report includes the following information:

  • List of roles
  • List of permissions assigned to each role
  • List and number of members assigned to each role
NOTE: This report is available when you are logged on as the supervisor or an Active Directory account in the Manage Console Access role. However, when you access this report as supervisor, the mangement console requires that you authenticate to Active Directory.
Logon Policy for AD User

Identifies the hosts where Active Directory users have been granted log on permission. This report includes the following information for hosts joined to an Active Directory domain:

  • Total number of hosts where the AD user has access
  • List of hosts where the AD user has access

Specify the Active Directory users to include in the report:

  • All AD users (default)
  • Select AD user

Browse to search Active Directory to locate and select an Active Directory user.

NOTE: The report might show both the Active Directory login name and local user names in the Login Name column for a selected AD user account because an Active Directory user account can have one or more local user accounts mapped to it.
NOTE: Only hosts joined to an Active Directory domain with a Authentication Services 4.x agent are included in this report.
NOTE: This report is available when you are logged on as an Active Directory account in the Manage Hosts role.
Logon Policy for Unix Host

Identifies the Active Directory users that have been explicitly granted log on permissions for one or more Unix computers. This report includes the following information for hosts joined to an Active Directory domain:

  • Host Name, DNS Name or IP Address of the host selected for the report
  • Users that have been granted permission to log on

Specify the managed hosts to include in the report:

  • All profiled hosts (default)
  • Select host

Browse to locate and select a managed host that is joined to Active Directory.

NOTE: This report only includes hosts joined to an Active Directory domain with a Authentication Services 4.x agent.
NOTE: This report is available when you are logged on as an Active Directory account in the Manage Hosts role.
Policy Changes

Provides details of changes made to a policy for a Privilege Manager policy group. This report includes the following information:

  • Name of the user that made changes to the policy
  • Version number for the changes
  • Time and date the changes were saved and actively used to enforce policy
  • Changes made to the policy based on version

Select a policy group.

Select either to:

  • Show all changes to the policy
  • Show only changes for a specific pmpolicy file (not available for sudo-based policy)
  • Show changes to the policy for changes for one or more revisions
NOTE: This report is available when you are logged on as the supervisor or as an Active Directory account in the Manage Sudo Policy, Manage PM Policy, Audit Sudo Policy, or Audit PM Policy roles. You must have an active policy group for Privilege Manager to run this report; you can only include hosts that are joined to a policy group.

Product Licenses Usage reports

Table 15: Product Licenses Usage reports
Report Description
Product License Usage

Provides a summary of all licensing information. This report includes the following information for hosts managed by the console:

  • Product
  • Purchased licenses
  • Used licenses

Setting preferences

You can set both User and console System preferences. User preferences are settings that only apply to the user that is currently logged on to the mangement console. Whereas, System preferences are global settings that apply to all users using the mangement console.

You access User preferences from the top-level User menu represented by the authenticated user's login name. Its menu also has options for sign in/sign out. You access System settings from the top-level Settings menu represented by the gear icon, . Its menu also has a link to the Software updates dialog where you can check for client software updates.

While you can change User Preferences using any log on account; to change console System Settings you must log onto the mangement console using the supervisor account or an Active Directory account with rights to change System Settings; that is, an account in the Console Administration role.

Documents connexes