Privilege Manager for Unix 7.3 - Administration Guide

TCP/IP configuration Firewalls Hosts database Reserve special user and group names Applications and file availability Policy server daemon hosts Local daemon hosts

Installing the Privilege Manager for Unix packages

Modifying PATH environment variable

Configuring the primary policy server for Privilege Manager for Unix

pmpolicy server configuration settings Verifying the primary policy server configuration Recompile the whatis database

Join hosts to policy group

Joining PM Agent to a Privilege Manager for Unix policy server

Agent configuration settings Swap and install keys

Configure a secondary policy server

Installing secondary servers Configuring a secondary server

Synchronizing policy servers within a group

Install PM Agent on a remote host

Checking PM Agent host for installation readiness Installing a PM Agent on a remote host Joining the PM Agent to the primary policy server Verifying PM Agent configuration Load balancing on the client

Remove configurations

Uninstalling the Privilege Manager for Unix software packages

Upgrade Privilege Manager for Unix

Before you upgrade Upgrading Privilege Manager for Unix packages

Upgrading the server package Upgrading the PM Agent package

Removing Privilege Manager for Unix packages

Removing the server package Removing the PM Agent package

System Administration

Reporting basic policy server configuration information Checking the status of the master policy Checking the policy server Checking policy server status Checking the PM Agent configuration status Installing licenses

Displaying license usage

Listing policy file revisions Viewing differences between revisions Backup and recovery

Managing Security Policy

Security policy types Specifying security policy type pmpolicy type policy Modifying complex policies Viewing the security profile changes Managing policies in Git

Prerequisites for Git policy management Example setup with GitHub

The Privilege Manager for Unix Security Policy

Default profile-based policy (pmpolicy)

Policy profiles Profile-based policy files Profile selection Profile variables

Exploring profiles Customizing the default profile-based policy (pmpolicy)

Customization example - pf_forbidusers list

Policy scripting tutorial

Install the example policy file Create test users Set Lesson number variable Introductory lessons

Lesson 1: Basic policy Lesson 2: Conditional privilege Lesson 3: Specific commands Lesson 4: Policy optimization with list variables Lesson 5: Keystroke logging Lesson 6: Conditional keystroke logging Lesson 7: Policy optimizations

Advanced lessons

Lesson 8: Controlling the execution environment Lesson 9: Flow control Lesson 10: Basic menus

Sample policy files

Main policy configuration file Lesson 1 Sample: Basic policy Lesson 2 Sample: Conditional privilege Lesson 3 Sample: Specific commands Lesson 4 Sample: Policy optimizations with list variables Lesson 5 Sample: Keystroke logging Lesson 6 Sample: Conditional keystroke logging Lesson 7 Sample: Policy optimizations Lesson 8 Sample: Controlling the execution environment Lesson 9 Sample: Flow control Lesson 10 Sample: Basic menus

Advanced Privilege Manager for Unix Configuration

Privilege Manager for Unix shells

Privilege Manager for Unix shell features Forbidden commands Allowed commands Allowed piped commands Check shell built-in commands Read-only variable list Running a shell in restricted mode Additional shell considerations

Configuring Privilege Manager for Unix for policy scripting

Configuration prerequisites Configuration file examples

Example 1: Basics Example 2: Accept or reject requests Example 3: Command constraints Example 4: Lists Example 5: I/O logging, event logging, and replay Example 6: More complex policies Example 7: Use variables to store constraints Example 8: Control the run-time environment Example 9: Switch and case statements Example 10: Menus

Use the while loop Use parallel lists Best practice policy guidelines Multiple configuration files and read-only variables Mail Environmental variables NIS netgroups Specify trusted hosts

Configuring firewalls

Privilege Manager for Unix port usage Restricting port numbers for command responses Configuring pmtunneld Configuring Network Address Translation (NAT)

Configuring Kerberos encryption Configuring certificates

Enable configurable certification

Configuring alerts Configuring Pluggable Authentication Method (PAM)

Utilizing PAM authentication Authenticate PAM to client

Administering Log and Keystroke Files

Controlling logs Local logging

Event logging Keystroke (I/O) logging

Keystroke (I/O) logging policy variables

Audit server logging

Configuration options

Central logging with Privilege Manager for Unix Controlling log size with Privilege Manager for Unix Viewing the log files using command line tools Listing event logs Backing up and archiving event and keystroke logs

InTrust Plug-in for Privilege Manager for Unix

InTrust Plug-in requirements Installing InTrust Plug-in components InTrust Plug-in installation prerequisites Configuring the policy server for the InTrust Plug-in Installing the InTrust Knowledge Pack

InTrust Knowledge Pack objects

Installing the InTrust Reporting Pack Configuring the InTrust data collection Viewing InTrust reports Generating reports

Gathering InTrust data

Troubleshooting

Displaying profile-based policy debug information Enabling program-level tracing Load balancing and policy updates Policy servers are failing pmgit Troubleshooting

Setting alert for syntactically incorrect policies Automatic synchronization failed Failed to push references to Git URL

Privilege Manager for Unix Policy File Components

Lexical and syntactic productions Data types Operators and expressions

Privilege Manager for Unix Variables

Variable names Variable scope Global input variables

alertkeymatch argc argv bkgd client_parent_pid client_parent_uid client_parent_procname clienthost command cwd date day dayname domainname env false FEATURE_LDAP FEATURE_VAS gid group groups host hour masterhost masterversion minute month nice nodename optarg opterr optind optopt optreset optstrictparameters pid pmclient_type pmclient_type_pmrun pmclient_type_sudo pmshell pmshell_builtin pmshell_cmd pmshell_cmdtype pmshell_exe pmshell_interpreter pmshell_prog pmshell_script pmshell_uniqueid pmversion ptyflags requestlocal requestuser rlimit_as rlimit_core rlimit_cpu rlimit_data rlimit_fsize rlimit_locks rlimit_memlock rlimit_nofile rlimit_nproc rlimit_rss rlimit_stack samaccount selinux status submithost submithostip thishost time true ttyname tzname uid umask unameclient unamemaster uniqueid use_rundir use_rungroup use_rungroups use_runshell user year

Global output variables

alertkeyaction alertkeysequence disable_exec eventlog eventloghost execfailedmsg iolog iolog_encrypt iolog_errmax iolog_opmax iologhost log_passwords logomit logstderr logstdin logstdout notfoundmsg passprompts pmshell_allow pmshell_allowpipe pmshell_checkbuiltins pmshell_forbid pmshell_readonly pmshell_reject pmshell_restricted preserve_clienthost profile_keepenv profile_setenv profile_unsetenv profile_use_runuser rejectmsg runargv runbkgd runchroot runcksum runclienthost runcommand runconfirmuser runcwd runenablerlimits runenv rungroup rungroups runhost runnice runpaths runptyflags runrlimit_as runrlimit_core runrlimit_cpu runrlimit_data runrlimit_fsize runrlimit_locks runrlimit_memlock runrlimit_nofile runrlimit_nproc runrlimit_rss runrlimit_stack runtimeout runumask runuser runutmpuser subprocuser tmplogdir

Global event log variables

alertdate alerttime event exitdate exitstatus exittime

PM settings variables

Privilege Manager for Unix Flow Control Statements

accept, reject break continue do-while for loop for loop function if-else include procedure / function readonly readonlyexcept return switch while

Privilege Manager for Unix Built-in Functions and Procedures

Environment functions

getenv getlistsetting getnumericsetting getstringsetting getyesnosetting keepenv policygetenv policysetenv policyunsetenv setenv unsetenv

Hash table functions

hashtable_add hashtable_create hashtable_enum hashtable_import hashtable_lookup

Input and output functions

fprintf input inputnoecho print printf printnnl printvars readdir readfile sprintf syslog

LDAP functions

ldap_ bind ldap_count_entries ldap_dn2ufn ldap_explode_dn ldap_first_attribute ldap_first_entry ldap_get_attributes ldap_get_dn ldap_get_values ldap_next_attribute ldap_next_entry ldap_open ldap_search ldap_unbind

LDAP API example List functions

append insert join length lsubst range replace search split splitSubst

Miscellaneous functions Password functions

getgrouppasswd getstringpasswd getuserpasswd

Remote access functions

remotefileexists remotegroupinfo remotegrouplist remotesysinfo remoteusergroups remoteuserinfo remoteuserlist

String functions

match pad strindex strlen strsub sub subst substr

User information functions

getfullname getgroup getgroups gethome getshell

Authentication Services functions

vas_auth_user_password vas_host_in_ADgrouplist vas_host_is_member vas_user_get_groups vas_user_in_ADgrouplist vas_user_is_member

Privilege Manager for Unix programs

pmauditsrv pmbash pmcheck pmcheckperms pmclientd pmclientinfo pmcp pmcsh pmgit

pmgit subcommands

pmgit export pmgit Import pmgit Enable pmgit Disable pmgit Update pmgit Set pmgit Status pmgit Help

pmincludecheck pminfo pmjoin pmkey pmksh pmless pmlicense pmlist pmloadcheck pmlocald pmlog pmlogadm pmlogsearch pmlogsrvd pmmasterd pmmg pmpasswd pmpolicy pmpolicyconvert pmpolsrvconfig pmremlog pmreplay

Navigating the log file

pmresolvehost pmrun pmscp pmserviced pmsh pmshellwrapper pmsrvcheck pmsrvconfig pmsrvinfo pmstatus pmsum pmsysid pmtunneld pmumacs pmverifyprofilepolicy pmvi

Installation Packages

Package locations Installed files and directories

pmpolicy

Privilege Manager for Unix programs > pmpolicy

Syntax

pmpolicy -v | -z on|off[:<pid>] command [args] [-c] [<command>.] -h

Description

pmpolicy is a command line utility for managing the Privilege Manager for Unix security policy. Use the pmpolicy command to view and edit the policy in use by the group. Any user in the pmpolicy group may run this command on any configured policy server host.

This utility checks out the current version, checks in an updated version, and reports on the repository.

You can use the -c option to display the result of the command in CSV, rather than in a human-readable form. The CVS output displays the following fields: Resultcode, name, description, Output msg.

The pmpolicy utility exits with the following possible exit status codes, unless otherwise stated below:

Exit status codes

0: Success
1: Repository does not exist
2: Specified path does not exist
3: Failed to checkout from the repository
4: Failed to check in to the repository
5: Syntax error found in new policy – check in was abandoned
6: Conflict found when attempting a check in - check in was abandoned
7: Policy type not found in repository
8: Failed to access the repository to report requested information
9: The selected version was not found in the repository
10: Directory did not contain a working copy
11: Check in abandoned
12: Invalid path specified
13: Invalid configuration

Options

The following is a summary of the commands and options available to pmpolicy.

Run any command with a -h to get more information about it. For example:

pmpolicy <command> -h

Table 75: Commands and options: pmpolicy
Command	Description
add	Adds a new file from the specified path to the policy repository. add -p path -d dir [-n [-l commitmsg]] [-c] [-u <user>] Records the addition of a new file to the working copy of the policy. Use the -p option to specify the file path (relative to the top-level directory in the policy) to add. Use the -d option to specify the directory of the working copy. The -n option commits the changes to the repository. If you use the -n option, you can also use the -l option to provide a commit log message. If you use -n without the -l, the command interactively prompts you for the commit log message
checkout	Checks out a working copy of the policy to the specified directory. checkout -d <dir> [-c] [-r <revision>] If the directory does not exist, it is created. If the selected directory exists, the existing contents is overwritten. By default, the latest copy is retrieved; use the -r option to check out a particular revision. You can specify a revision using SVN DATE format, or the HEAD keyword, as well as revision numbers. A date format specified without a time, defaults to 00:00:00. The earliest time you can use to identify a particular revision is one second after the time you commit the revision. For example, if you committed revision 2 at 12:00:00, then you must specify a time of 12:00:01 or later to check out revision 2. For example: pmpolicy checkout -d /tmp -r "{2012-01-02 12:00:01}" # checkout revision that existed on 2012-01-02 00:00:00
commit	Checks in changes from a working copy to the policy repository. commit -d <dir> [-l <commitmsg>] [-c] [-a force\|abort\|merge\|overwrite][-u <user>] Commits the working copy of the policy from the indicated directory. All files in the indicated directory are checked in to the repository. This working copy is first verified for syntax errors using the pmcheck utility. The working copy must match the policy type currently in use, otherwise a syntax error will be produced by pmcheck. If no syntax errors are encountered, it attempts to check in this copy into the repository, honoring the -a option as described below. Exit status of 0 indicates successful check in. The -a option indicates the action to be taken when checking in a working copy, if the repository has changed since the working copy was checked out, that is, the edits are based on an out-of-date copy of the repository. The resulting differences between the working copy and the repository may or may not conflict. You can specify the following actions: Merge: If the only differences are non-conflicting, then merge the changes. If any conflicting changes are found, abort the check in. Overwrite: Merge the changes. If any conflicting changes are found in the repository, select those from the working copy. Force: Overwrite the copy in the repository with the working copy, discarding any changes that have been committed since the working copy was checked out. Abort: Abandon the check in if the working copy is out of date, regardless of whether changes are in conflict (this is the default) For example: pmpolicy commit -d /tmp -a force
diff	Checks the differences between two revisions of the policy and reports the output to stdout, or to the selected output file. diff [-o <outfile>][-c][-f][-p <path>][-d <dir> [-r <v1>]] \| [-r [<v1>:[<v2>]] By default, this option displays the differences between the two selected revisions. If you specify the -f option, it displays the incremental differences between each revision in the specified range. You can specify revisions using any acceptable SVN revision format, such as HEAD, COMMITTED, or DATE format. You can use the -o option to report the "diff" output to a file, rather than to stdout (the default). If you specify a directory, it compares the copy in that directory with the selected revision (or the latest revision in the repository, if you do not specify a revision). If you specify one revision, it reports the difference between the latest and selected revision. If you specify two revisions, it reports the difference between the selected revisions. Exit status codes: 0: no differences were detected. 1: differences were detected 2: An error occurred For example: pmpolicy diff -d /tmp -o /tmp/diffs.txt -r2 pmpolicy diff -r1:2 -o /tmp/diffs.txt
edit	The utility checks out a temporary working copy of the policy and starts the appropriate interactive editor to edit the files. edit [-a force\|abort\|merge\|overwrite] [-l <commitmsg>] [-p <path>][-u <user>] This option is useful for manual interactive editing of the policy on the command line. On completion of the edit, it verifies the syntax of the policy. If no errors are found, it checks the edits back in to the repository. If any errors are found, then it exits without checking in the changes. When saving an edited policy, some non-ASCII characters in the commit log message may error and cause all changes to the policy to be discarded. To avoid this possibility, avoid using backspace, arrow keys and any other keys that may be interpreted as non-ASCII characters within the shell.
help	Displays usage information.
log	Logs revision information about the repository. log [-o <outfile>][-c][-e][-r <revision>] Reports information about the repository to stdout or to the selected output file. This displays details of the user who changed the repository, the version number for this change, along with the time and date of the change. By default, this option shows details of each revision in the repository, one version per line. If you specify a version, it shows the details of this version. You can use the -o option to report the "log" output to a file, rather than to stdout. The status is displayed in the following format for CSV output: "<version>","<username>",<YYYY-MM-DD>,<HH:MM:SS>"<commitmsg>" For example: pmpolicy log -r 3
masterstatus	Reports the status of the production copy of the policy used by Privilege Manager for Unix to authorize commands. masterstatus [-o <outfile>] [-c] The production copy is stored in the following directory by default: /etc/opt/quest/qpm4u/policy/ You can use the -o option to report the information to a file instead of to stdout. It reports the following information: Path to the production copy Date and time the production copy was checked out Revision number of the production copy Latest trunk revision number of the repository Locally modified flag (indicates that someone manually edited the file) The information is displayed in the following format for CSV output: <path>,<YYYY/MM/DD>,<HH:MM><policyrevision>,<trunkrevision>,0\|1
remove	Removes a file from the specified path in the policy repository. remove -p path -d dir [-n [-l <commitmsg>]] [-c] [-u <user>] Removes a file from the indicated working copy directory. Use the -p option to specify a path to the file (relative to the top-level directory in the policy). Use the -d option to specify the directory of the working copy. The -n option commits the changes to the repository. If you use the -n option, you can also use the -l option to provide a commit log message. If you use -n without -l, the command interactively prompts you for the commit log message.
revert	Reverts to the selected revision of the policy. revert [-c] [-r <version>][-l <commitmsg>] Checks out a copy of the selected revision, edits the files, and checks the copy back in as the latest revision.
status	Verifies the working copy of the policy in the directory indicated. status -d <dir> [-c] Verifies the working copy of the policy in the specified directory. You can use this to verify the status of a working copy that was previously checked out, before attempting to commit any edits. Each file in the selected directory is checked against the latest version in the repository. For example: pmpolicy status -d /tmp Exit status codes: 0: The working copy is up to date and has not been modified; no action is required. 1: The working copy is up to date and has been modified; you must check in to commit the edits made in the working copy. To commit the changes, run: pmpolicy commit -d <dir> 2: The working copy is out of date and has not been modified; You must check out to get an up-to-date copy of the policy before editing. To check out the latest copy, run: pmpolicy checkout -d <dir> 3: The working copy is out of date and has been modified, but the changes do not conflict with the latest version. Therefore, a default check in will fail. To commit the you must use the -a option. To commit the changes, run: pmpolicy commit -d <dir> -a merge 4: The working copy is out of date and has been modified and the changes conflict with the latest version, therefore a default check in will fail. To commit the changes and overwrite any conflicts with the working copy’s changes run: pmpolicy commit -d <dir> -a force 5: An error occurred when attempting to verify the status.
sync	Checks out the latest version to the production copy of the policy used by Privilege Manager for Unix to authorize commands. sync [-f][-c] Synchronize the local production copy of the policy with the latest revision in the repository.
-v	Displays the Privilege Manager for Unix version.
-z	Enables or disables debug tracing and optionally sends SIGHUP to a running process. Before using this option, see Enabling program-level tracing.

pmpolicyconvert

Privilege Manager for Unix programs > pmpolicyconvert

Syntax

pmpolicyconvert [-o <output dir>] [-v [-v]] path [paths...]

Description

The pmpolicyconvert utility allows you to verify, and if necessary, convert any number of policy files for use with Privilege Manager for Unix V5.5 (or later).

The pmpolicyconvert utility is a perl script that takes as input one or more policy files, and makes a copy of each file, performing any translation required to allow these files to be used in Privilege Manager for Unix.

pmpolicyconvert also warns about any variables and functions that are not applicable in Privilege Manager for Unix.

You can pass one or more files or directories as parameters to this utility. If a directory is specified, then pmpolicyconvert assumes it is to translate all files contained in that directory (and all subdirectories).

It copies the updated files to the specified output directory (mirroring the original directory structure if an entire directory is being translated). All changes are marked with a comment in the copied file.

A report is generated in the file ./ pmpolicyconvert _report.txt that describes the changes made.

Options

pmpolicyconvert has the following options.

Table 76: Options: pmpolicyconvert
Option	Description
-h	Displays a usage message and exit.
-o <output dir>	Specifies an output directory to use. If not specified, the default is ./pm_policy.
-v	Runs in verbose mode. Multiple -v options increase the verbosity. The maximum is two.
-V	Displays the version number of Privilege Manager for Unix and exits.

pmpolsrvconfig

Privilege Manager for Unix programs > pmpolsrvconfig

Syntax

pmpolsrvconfig -p <policygroupname> [-b][-i <path>][-o][-r <dir>] 
                 [-t sudo|pmpolicy] [-u <policyuser][-w <userpasswd>]  
                 [-g <policygroup>][-l <loggroup>] -s <host> [-b][-q] [-q] 
                  -a <user> [-b][-q] [-q] 
                  -d [-f] 
                  -e <host> [-f] 
                  -x [-f] 
                  -v 
                  -h 
                  -[-z on|off[:<pid>]]

Description

The pmpolsrvconfig program is normally run by pmsrvconfig script, not by the user, to configure or un-configure a primary or secondary policy server. But, you can use it to grant a user access to a repository.

Options

pmpolsrvconfig has the following options.

Table 77: Options: pmpolsrvconfig
Option	Description
-a <user>	Provides the selected user with access to the existing repository. If the user does not exist, it is created. The host must first have been configured as a policy server. This user will be added to the pmpolicy group to grant it read/write access to the repository files, and to the pmlog group to grant it read access to the log files. On a secondary policy server, an ssh key will also be generated to provide access to the pmpolicy user account on the primary policy server. The "join" password is required to copy this ssh key to the primary policy server.
-b	Runs the script in batch mode (that is, no user interaction is possible). Default: Runs in interactive mode.
-d	Unconfigures the policy server, and deletes the repository if this is a primary server. If you do not specify the -f option, then it prompts you to confirm the action.
-e <host>	Removes the selected host from the server group.
-f	Forces the unconfigure action (that is, no user interaction required) Default: Prompt for confirmation for -x option.
-g <policygroup>	Specifies the policy group ownership for the repository. If this group does not exist, it is created. Default: pmpolicy
-h	Prints help.
-i <path>	Imports the selected policy into the repository. If this is a directory, the entire contents of the directory will be imported. Default: /etc/sudoers.
-l <loggroup>	Specifies the pmlog group ownership for the keystroke and audit logs Default: pmlog
-o	Overwrites the repository if it already exists. Default: Does not overwrite if the repository already exists.
-p <policygroup>	Configures a primary policy server for the selected group name.
-q	Reads the pmpolicy user's password from stdin.
-r <dir>	Creates the repository in the selected directory. Default: /var/opt/quest/qpm4u/.qpm4u/.repository
-s <host>	Configures a secondary policy server. You must supply the primary policy server host name. The secondary policy server retrieves the details of the policy group from the primary policy server. It creates the policygroup and loggroup groups to match those on the primary policy server and configures the policyuser user to grant it ssh access to the repository on the primary server. The "join" password is required to copy this ssh key to the primary policy server.
-t sudo\|pmpolicy	Specifies the security policy type: sudo or pmpolicy. Default: sudo policy type
-u <policyuser>	Specifies the policy user account that manages the production copy. If this user does not exist, it is created and added to both the policygroup and loggroup groups. This user owns the repository on the primary policy server and provides remote access to the repository files to the secondary policy servers. Default: pmpolicy
-v	Prints the product version.
-w <userpasswd>	(Optional) Sets new user's password for -a option. Default: No password is configured.
-x	Unconfigures the policy server. If you do not specify the -f option, you are prompted to confirm the action. This does not remove the repository.
-z	Enables or disables debug tracing, and optionally send SIGHUP to a running process. Before using this option, see Enabling program-level tracing.

pmremlog

Privilege Manager for Unix programs > pmremlog

Syntax

pmremlog -v | -z on|off[:<pid>] 
pmremlog -p pmlog|pmreplay|pmlogtxtsearch [-o <outfile>] 
pmremlog [-h <host>] [-b] [-c] -- <program args>

Description

The pmremlog command provides a wrapper for the pmlog and pmreplay utilities to access the event (audit) and keystroke (I/O) logs on any server in the policy group. Anyone in the pmlog group can run this utility on the primary policy server.

Note that pmlogtxtsearch is a command located in /opt/quest/libexec.

Options

pmremlog has the following options.

Table 78: Options: pmremlog
Option	Description
-b	Disables interactive input and uses batch mode.
-c	Displays output in CSV, rather than human-readable format.
-h <host>	Specifies a host in the policy server group to access.
-o <outfile>	Saves the pmlog output to a file.
-p	Specifies program to run: pmlog pmreplay pmlogtxtsearch
-v	Displays the Privilege Manager for Unix version number.
-z	Enables or disables debug tracing. Before using this option, see Enabling program-level tracing.

Examples

To view the audit log on the primary policy server, enter:

pmremlog -p pmlog -- -f /var/opt/quest/qpm4u/pmevents.db

To view the audit events for user fred on secondary policy server host1, save the pmlog output to a file, and display the result of the pmremlog command in CSV format, enter:

pmremlog -p pmlog -c -o /tmp/events.txt -h host1 -- --user fred

To view the stdout from keystroke log id_host1_x3jfuy, on secondary policy server host1, enter:

pmremlog -p pmreplay -h host1 -- -o -f /var/opt/quest/qpm4u/iologs/id_host1_x3jfuy

To retrieve the contents of keystroke log id_host1_x3jfuy, from secondary policy server host1, formatted for the pmreplay GUI, save the output to a temporary file, and display the result of the pmremlog command in CSV format, enter:

pmremlog -p pmreplay -h host1 -c -o /tmp/replay -- -zz -f /var/opt/quest/qpm4u/iologs/id_host1_x3jfuy

Documents connexes

The document was helpful.

Sélectionner une évaluation

I easily found the information I needed.

Sélectionner une évaluation

Veuillez sélectionner votre produit

Afin de mieux répondre à vos besoins, précisez l'objet du tchat:

Solutions recommandées pour votre problème

Privilege Manager for Unix 7.3 - Administration Guide

pmpolicy

Syntax

Description

Exit status codes

Options

Related Topics

pmpolicyconvert

Syntax

Description

Options

pmpolsrvconfig

Syntax

Description

Options

pmremlog

Syntax

Description

Options

Examples