Chatta subito con l'assistenza
Chat con il supporto

Privilege Manager for Unix 7.3 - Administration Guide

Introducing Privilege Manager for Unix Planning Deployment Installation and Configuration Upgrade Privilege Manager for Unix System Administration Managing Security Policy The Privilege Manager for Unix Security Policy Advanced Privilege Manager for Unix Configuration Administering Log and Keystroke Files InTrust Plug-in for Privilege Manager for Unix Troubleshooting Privilege Manager for Unix Policy File Components Privilege Manager for Unix Variables
Variable names Variable scope Global input variables Global output variables Global event log variables PM settings variables
Privilege Manager for Unix Flow Control Statements Privilege Manager for Unix Built-in Functions and Procedures
Environment functions Hash table functions Input and output functions LDAP functions LDAP API example List functions Miscellaneous functions Password functions Remote access functions String functions User information functions Authentication Services functions
Privilege Manager for Unix programs Installation Packages

Supported platforms

The following table provides a list of supported platforms for Privilege Manager for Unix clients.

CAUTION: As of Privilege Manager for Unix version 7.3, the following platforms and architectures are no longer supported:

  • CentOS Linux 6

  • Apple MacOS 11.3

  • Oracle Enterprise Linux (OEL) 6

  • Red Hat Enterprise Linux (RHEL) 6

Table 2: Linux supported platforms — server and client

Platform

Version

Architecture

Alma Linux

8, 9

x86_64, AARCH64, PPC64le, s390x

Amazon Linux

AMI, 2, AL2022

x86_64

CentOS Linux

7, 8, 9

Current Linux architectures: s390x, PPC64, PPC64le, x86, x86_64, AARCH64

CentOS Stream

8, 9

x86_64, AARCH64, PPC64le, s390x

Debian

Current supported releases

x86_64, x86, AARCH64

Fedora Linux

Current supported releases

x86_64, x86, AARCH64

OpenSuSE

Current supported releases

x86_64, x86, AARCH64

Oracle Enterprise Linux (OEL)

7, 8, 9

Current Linux architectures: s390x, PPC64, PPC64le, x86, x86_64, AARCH64

Red Hat Enterprise Linux (RHEL)

7, 8, 9

Current Linux architectures: s390x, PPC64, PPC64le, x86, x86_64, AARCH64

Rocky Linux

8, 9

x86_64, AARCH64, PPC64le, s390x

SuSE Linux Enterprise Server (SLES)/Workstation

12, 15

Current Linux architectures: s390x, PPC64, PPC64le, x86, x86_64, AARCH64

Ubuntu

Current supported releases

x86_64, x86, AARCH64

Table 3: Unix and Mac supported platforms — client

Platform

Version

Architecture

Apple MacOS

12.0 and above

x86_64, ARM64

FreeBSD

12.x, 13.x, 14.x

x32, x64

HP-UX

11.31

IA-64

IBM AIX

6.1 TL9, 7.1 TL3, TL4, TL5, 7.2, 7.3

Power 4+

Oracle Solaris

10 8/11 (Update 10), 11.x

SPARC, x64

Reserve special user and group names

Reserve the following names for Privilege Manager for Unix usage:

  • pmpolicy (user and group)

  • pmlog (group)

For more information, see Reserve special user and group names..

Required privileges

You will need root privileges to install Privilege Manager for Unix software. Either log in as root or use the su program to acquire root privileges. Due to the importance of the root account, Privilege Manager for Unix carefully protects the system against certain accidental or deliberate situations that might lead to a breach in security. For example, if Privilege Manager for Unix discovers that its configuration files are open to modification by non-root users, it will reject all job requests. Furthermore, all Privilege Manager for Unix directories back to the / directory are checked for security in the same way, to guard against accidental or deliberate replacement.

Estimating size requirements

Keystroke and event log disk space requirements

The amount of disk space required to store keystroke logs will vary significantly based on the amount of terminal output generated by the user's daily activity and the level of logging configured. An average Privilege Manager for Unix keystroke log will contain an additional 4KB of data on top of the amount of data displayed to the user's terminal. Taking an average of the amount of terminal output generated by a few users over the course of a normal day would allow for an approximate estimation to be calculated. For example, a developer using a vi session throughout the day may generate 200KB of terminal output. A team of 200 developers each generating a similar amount of terminal output per working day could be expected to use 31GB of disk space over a three-year period [ 204 (200 + 4KB) x 200 (developers) x 260 (working days) x 3 (years) = 31,824,000 ].

The level of logging can also be configured to reduce the overhead on the Masters. For example, some customers only log the user's input (key presses) which will dramatically reduce the amount of logging.

Event log entries will typically use 4-5KB of storage per event, but may vary slightly depending on the data stored in the events. For example, events might be slightly larger for users that have lots of environment variables defined. Taking an average of the number of events that occur over the course of a normal day should allow you to estimate the disk space requirements for event logs. For example, if the same team of developers generate 1,000 events in a normal working day, they would be expected to use nearly 4GB of disk space over a three-year period [ 5 (KB) * 1000 (events) * 260 (days) * 3 (years) = 3,900,000 ].

Policy server deployment requirements

The following recommendations are only provided as a rough guideline. The number of policy servers required for your environment may vary greatly depending on usage.

  • One policy server is suitable for small test environments with less than 50 hosts.

  • Production environments should have a minimum of two policy servers.

  • Add an additional policy server for every 150-200 Privilege Manager for Unix hosts.

  • Additional policy servers may be required to support geographically disparate locations.

Related Documents

The document was helpful.

Seleziona valutazione

I easily found the information I needed.

Seleziona valutazione