Tchater maintenant avec le support
Tchattez avec un ingénieur du support

Privilege Manager for Unix 6.1.1 - Administration Guide for Unix

One Identity Privileged Access Suite for Unix Introducing Privilege Manager for Unix Planning Deployment Installation and Configuration Upgrade Privilege Manager for Unix System Administration Managing Security Policy The Privilege Manager for Unix Security Policy Advanced Privilege Manager for Unix Configuration Administering Log and Keystroke Files InTrust Plug-in for Privilege Manager Troubleshooting Privilege Manager for Unix Policy File Components Privilege Manager Variables Privilege Manager for Unix Flow Control Statements Privilege Manager for Unix Built-in Functions and Procedures Privilege Manager programs Installation Packages

System requirements

Prior to installing Privilege Manager, ensure your system meets the minimum hardware and software requirements for your platform.

Table 1: Hardware and software requirements
Component Requirements
Operating systems

See Supported platforms to review a list of platforms that support Privilege Manager clients.

Disk space

80 MB of disk space for program binaries and manuals for each architecture.

Considerations:

  • At a minimum, you must have 80 MB of free disk space. The directories in which the binaries are installed must have sufficient disk space available on a local disk drive rather than a network drive. Before you install Privilege Manager, ensure that the partitions that will contain /opt/quest have sufficient space available.
  • Sufficient space for the keystroke logs, application logs, and event logs. The size of this space depends on the number of servers, the number of commands, and the number of policies configured.

  • The space can be on a network disk drive rather than a local drive.

  • The server hosting Privilege Manager must be a separate machine dedicated to running the pmmasterd daemon.
SSH software

You must install and configure SSH client and server software on all policy server hosts.

You must enable access to SSH as the root user on the policy server hosts during configuration of the policy servers. Both OpenSSH 4.3 (and later) and Tectia SSH 6.4 (and later) are supported.

Processor Policy Servers: 4 cores
Policy Servers: 4GB

Supported platforms

The following table provides a list of supported platforms for Privilege Manager clients.

CAUTION: In future versions of the product, macOS, HP-UX, AIX, and Solaris will only be supported as Privilege Manager clients. The client and server will continue to be supported on Linux-based platforms. Users are advised to migrate their Privilege Manager policy servers to Linux-based systems.

Table 2: Unix client: Supported platforms

Platform

Version

Architecture

Amazon Linux AMI

 

x86_64

Apple macOS

10.12, 10.13, 10.14

x86_64

CentOS Linux

5, 6, 7, 8

Current Linux architectures: s390, s390x, PPC64, PPC64le, ia64, x86, x86_64, AARCH64

Debian

Current supported releases

x86_64, x86, AARCH64

Fedora Linux

Current supported releases

x86_64, x86, AARCH64

FreeBSD

10.x, 11.x

x32, x64

HP-UX

11.31

PA, IA-64

IBM AIX

7.1, 7.2

Power 4+

OpenSuSE

Current supported releases

x86_64, x86, AARCH64

Oracle Enterprise Linux (OEL)

5, 6, 7, 8

Current Linux architectures: s390, s390x, PPC64, PPC64le, ia64, x86, x86_64, AARCH64

Red Hat Enterprise Linux (RHEL)

5, 6, 7, 8

Current Linux architectures: s390, s390x, PPC64, PPC64le, ia64, x86, x86_64, AARCH64

Solaris

10.x, 11.x

SPARC, x64

SuSE Linux Enterprise Server (SLES)/Workstation

11, 12, 15

Current Linux architectures: s390, s390x, PPC64, PPC64le, ia64, x86, x86_64, AARCH64

Ubuntu

Current supported releases

x86_64, x86, AARCH64

Reserve special user and group names

Reserve the following names for Privilege Manager usage:

  • pmpolicy (user and group)
  • pmlog (group)

For more information, see Reserve special user and group names.

Required privileges

You will need root privileges to install Privilege Manager software. Either log in as root or use the su program to acquire root privileges. Due to the importance of the root account, Privilege Manager carefully protects the system against certain accidental or deliberate situations that might lead to a breach in security. For example, if Privilege Manager discovers that its configuration files are open to modification by non-root users, it will reject all job requests. Furthermore, all Privilege Manager directories back to the / directory are checked for security in the same way, to guard against accidental or deliberate replacement.

Documents connexes