Chatta subito con l'assistenza
Chat con il supporto

Safeguard for Sudo 7.3 - Release Notes

System requirements

Before installing Safeguard for Sudo 7.3, ensure that your system meets the following minimum hardware and software requirements.

NOTE: Beginning with version 7.0, Safeguard for Sudo supports only Linux-based systems for Safeguard for Sudo policy servers.

Table 4: Hardware and software requirements
Component Requirements

Operating systems

To review a list of platforms that support Safeguard for Sudo clients, see Supported platforms.

Disk space

80 MB of disk space for program binaries and manuals for each architecture.

Considerations:

  • At a minimum, you must have 80 MB of free disk space. The directories in which the binaries are installed must have sufficient disk space available on a local disk drive rather than a network drive. Before you install Safeguard for Sudo, ensure that the partitions that will contain /opt/quest have sufficient space available.

  • Sufficient space for the keystroke logs, application logs, and event logs. The size of this space depends on the number of servers, the number of commands, and the number of policies configured.

  • The space can be on a network disk drive rather than a local drive.

  • The server hosting Safeguard for Sudo must be a separate machine dedicated to running the pmmasterd daemon.

SSH software

You must install and configure SSH client and server software on all policy server hosts.

You must also install SSH client software on all hosts that will use the Sudo Plugin.

You must enable access to SSH as the root user on the policy server hosts during configuration of the policy servers. Both OpenSSH 4.3 (and later) and Tectia SSH 6.4 (and later) are supported.

Processor

Policy Servers: 4 cores

RAM

Policy Servers: 8 GB

Table 5: Primary policy server and host system installation requirements
Systems Required Minimum Requirements

Primary Policy Server

  • Supported Unix or Linux operating system

  • SSH (ssh-keyscan binary)

Host System

  • Supported Unix, Linux, or macOS platform

  • SSH (ssh-keyscan binary)

  • Sudo 1.8.1 (or later)

Upgrade and compatibility

Safeguard for Sudo supports a direct upgrade installation from versions 2.0 and higher. The Safeguard for Sudo software in this release is provided using platform-specific installation packages. For more information on upgrading, see the One Identity Safeguard for Sudo Administration Guide.

One Identity recommends that:

  • You upgrade your policy server (Master) systems before Sudo plugins, and that a policy server is run at the same or higher level than Sudo plugins.

  • All policy server systems and Sudo plugins are upgraded to the latest version to take advantage of all new features.

The upgrade process will create symbolic links to ensure that your existing paths function correctly.

Product licensing

Although licenses are allocated on a per-agent basis, you install licenses on Safeguard for Sudo policy servers.

No special commands are required to register or license the clients with policy servers. Hosts using the Safeguard for Sudo agents are automatically granted a license once a request is received on the Safeguard for Sudo policy server by means of the sudo client program.

To install a license file

  1. Copy the .dlv license file to the policy server.
  2. To install the license, run:

    # /opt/quest/sbin/pmlicense -l <license_file>

    This command displays your currently installed license and the details of the new license to be installed.

  3. When the prompt "Would you like to install the new license (Y/N) [Y]?" appears, press Enter, or type: Y.

  4. If there are other policy servers configured in your policy server group, it forwards the license configuration to the other servers.

See the One Identity Safeguard for Sudo Administration Guide for more information about the syntax and usage of the pmlicense command.

Upgrade and installation instructions

NOTE: Due to a change in the communication protocol, using 7.1 or later clients and servers with 7.0 clients and servers is not supported. One Identity recommends you upgrade all of your 7.0 installations to 7.1 or later versions. Installations of release 6.x are not affected and can still be used with 7.1.

Upgrade instructions

For information on upgrading Safeguard for Sudo, see Upgrade Safeguard for Sudo in Safeguard for Sudo Administration Guide.

Upgrading your license

Depending on whether you are upgrading Safeguard for Sudo from a version earlier than 7.0 or from version 7.x, handling your license is different.

  • Upgrading from a version 7.x: If you have purchased Safeguard for Sudo version 7.x without owning an earlier version, you will receive a new license. In this case, you do not have to perform any extra steps and can proceed with the upgrade process.

  • Upgrading from a version earlier than 7.0: The product licensing changed with Safeguard for Sudo version 7.0. If you are upgrading Safeguard for Sudo from a version earlier than 7.0 to version 7.x, you must upgrade your license first.

    In this case, make sure that you have received you upgraded license before starting the upgrade process.

When client machines attempt to join to the policy server using the pmjoin or pmjoin_plugin command, if you do not have the proper license, the following error message appears:

*** Checking connection to policy server host <policy-server>           [FAIL]
- ERROR: policy server <policy-server> has no valid license (for QPM4U)
- ERROR: Unable to connect to any policy servers

To display a summary of the combined licenses configured on this host, enter the following command without any options

pmlicense

To install a license, enter the following command. For more information on license installation, see Installing licenses in Safeguard for Sudo Administration Guide.

pmlicense -l <path-to-dlv-file>
  • If the license file is valid, the installer displays the following:

    The selected license file (<path-to-dlv-file>) contains a valid license
  • If the license file is not valid, the installer displays the following error:

    Error: This license file is not valid. Please contact Quest Licensing for a new license file.

You will receive the following message after the license is installed, depending the success of the installation:

  • If the license is successfully installed:

    ** Successfully installed new license
  • If the license install is failed:

    ** Error: Cannot configure new license from file <path-to-dlv-file>
Related Documents

The document was helpful.

Seleziona valutazione

I easily found the information I needed.

Seleziona valutazione