Check Client for Policy Readiness performs a series of tests to verify that the specified hosts meet the minimum requirements to be joined to a policy server.
This command is only available, if
-AND-
|
Note: For the readiness check to finish successfully, the path to the Privilege Manager software packages must be correctly set in System Settings. See Setting the Privilege Manager software path for details. |
To check hosts for policy readiness
Select one or more hosts on the All Hosts view of the Hosts tab, open the Check menu from the Prepare panel of the toolbar, and choose Check Client for Policy Readiness.
In the Check Client for Policy Readiness dialog, choose a policy group to use for the check and click OK.
On the Log on to Host dialog, enter user credentials to access the hosts and click OK.
|
Note: This task requires elevated credentials. If you select multiple hosts, you are asked if you want to use the same credentials for all the hosts (default) or enter different credentials for each host.
|
To check the results of the readiness check,
Right-click the host on the All Hosts view of the Hosts tab, and choose Readiness Check Results.
Choose Policy Readiness from the drop-down menu, if necessary.
The results of the Check Client for Policy Readiness check depend on whether you run it on a Sudo Plugin or PM Agent host.
Running the readiness check on a Sudo Plugin host performs these tests:
Running the check on a PM Agent host runs these tests:
A progress bar displays in the Task Progress pane. The final status of the task displays, including any failures or advisories encountered.
There are two Privilege Manager client software packages available to install onto a remote host that provide central policy management, granular access control reporting, as well as the ability to enable, gather, store and playback keystroke logs.
|
Note: Centralized policy management and keystroke logging are licensed separately. |
|
Note: Before you install the Sudo Plugin on the host, ensure the host has Sudo 1.8.1 or higher installed on it. While you can install the Sudo Plugin without Sudo 1.8.1, you cannot join the host to a policy server without it. |
To install the Privilege Manager client software and join to a policy group
|
Note: The Install Software toolbar menu is enabled when you select hosts that are profiled. The toolbar button will not be active if
|
On the Install Software dialog, select Sudo Plugin or Privilege Manager Agent and, optionally, select the Join option if you want to join the remote host to the policy group at this time. You can only install one package or the other.
|
Note: If you do not see these software packages, verify the path to the software packages is correctly set in System Settings. Refer to Setting the Privilege Manager software path for details. |
|
Note: When you join a remote host to a policy group, you are indicating which policy group you want to use for policy verification. That is, you are enabling that host to validate security privileges against a single common policy file located on the primary policy server, instead of a policy file located on the local host. You can join the remote host to the policy group later. See Joining the host to a policy group for details. The Join process configures the host to run the Privilege Manager software with a policy group that you have previously activated in System Settings. If you have not already activated a policy group (as explained in Configuring a service account), you can install the Privilege Manager software without "joining" the host to a policy group at this time. Later, you can use the Join to Policy Group option from the Join or Configure menu to join the host to a policy group. |
On Join to Policy Group tab,
The Join password is the password for the pmpolicy user that was setup when the Policy Server was configured. See Configuring the primary policy server for details.
Where there are two or more policy servers, Privilege Manager connects to the next available server when it cannot make a connection to a policy server.
|
Note: To change the failover order, unjoin the host from the policy group and then rejoin it using new settings. |
On the Log on to Host dialog, enter your host credentials and click OK to start the installation process.
|
Note: This task requires elevated credentials. |
The mangement console displays the version of Privilege Manager in the Version column; and, if it is joined, the name of the policy group to which the host is joined in the Status column.
The security policy lies at the heart of Privilege Manager. It stipulates which users may access which commands with escalated privileges. Privilege Manager guards access to privileged functions on your systems according to rules specified in the security policy.
Privilege Manager for Unix supports two security policy types:
Management Console for Unix gives you the ability to centrally manage policy located on the primary policy server. You view and edit both types of policy from the Policy tab on the mangement console.
|
Note: To manage policy, you must log in either as the supervisor or an Active Directory account with rights to edit the policy file; that is, an account in the Manage Sudo Policy or Manage PM Policy roles. |
To open a policy
To use the Sudo Policy Editor or the PM Policy Editor, you must first add and profile a Privilege Manager policy server, configure the service account, and activate the policy group in the mangement console. See Activating policy groups for details.
|
Note: See Edit panel commands for more information about editing the policy in the text editor. |
The policy is saved as a new version.
© 2019 One Identity LLC. ALL RIGHTS RESERVED. Feedback Conditions d’utilisation Confidentialité