サポートと今すぐチャット
サポートとのチャット

Privilege Manager for Unix 7.3 - Administration Guide

Introducing Privilege Manager for Unix Planning Deployment Installation and Configuration Upgrade Privilege Manager for Unix System Administration Managing Security Policy The Privilege Manager for Unix Security Policy Advanced Privilege Manager for Unix Configuration Administering Log and Keystroke Files InTrust Plug-in for Privilege Manager for Unix Troubleshooting Privilege Manager for Unix Policy File Components Privilege Manager for Unix Variables
Variable names Variable scope Global input variables Global output variables Global event log variables PM settings variables
Privilege Manager for Unix Flow Control Statements Privilege Manager for Unix Built-in Functions and Procedures
Environment functions Hash table functions Input and output functions LDAP functions LDAP API example List functions Miscellaneous functions Password functions Remote access functions String functions User information functions Authentication Services functions
Privilege Manager for Unix programs Installation Packages

System Administration

Privilege Manager for Unix provides command line utilities to help you manage your policy servers. They can be used to check the status of your policy servers, edit the policy, or to simply report the information.

Reporting basic policy server configuration information

To report basic information about the configuration of a policy server

  1. From the command line, enter:

    # pmsrvinfo

    This command returns output similar to this:

    Policy Server Configuration:
    ----------------------------
    Privilege Manager for Unix version            : 7.3.0 (nnn)
    Listening port for pmmasterd daemon  : 12345
    Comms failover method                : random
    Comms timeout(in seconds)            : 10
    Policy type in use                   : pmpolicy
    Group ownership of logs              : pmlog
    Group ownership of policy repository : pmpolicy
    Policy server type                   : primary
    Primary policy server for this group : myhost.example.com
    Group name for this group            : MyPolicyGroup
    Location of the repository           : file:
                               ////var/opt/quest/qpm4u/.qpm4u/.repository/sudo_repos/trunk
    Hosts in the group                   : myhost.example.com

Checking the status of the master policy

The "master" copy of the policy file resides in a repository on the primary policy server. Each primary and secondary policy server maintains a "production" copy of the policy file or files. Use the pmpolicy utility to verify that the production copy is current with the master policy.

To compare the production policy file against the master policy on the primary server

  1. From the command line, enter:

    # pmpolicy masterstatus

    If the files are in sync, the Current Revision number will match the Latest Trunk Revision number. If someone hand-edited the local copy without using pmpolicy utility commands to commit the changes, Locally modified will indicate "YES".

    If the production policy is not current with the master policy you can update the production policy with pmpolicy sync.

Related Topics

pmpolicy

Checking the policy server

When the policy server is not working as expected, use the pmsrvcheck command to determine the state of the server and its configuration.

To verify the policy server is running

  1. From the command line, enter:

    # pmsrvcheck

    This command returns output similar to this:

    testing policy server [ Pass ]

    If the policy server is working properly, the output returns 'pass', otherwise it returns, 'fail'.

Related Topics

pmsrvcheck

関連ドキュメント

The document was helpful.

評価を選択

I easily found the information I needed.

評価を選択