Safeguard for Sudo 7.3
Release Notes
24 May 2024, 10:29
These release notes provide information about the One Identity Safeguard for Sudo release.
Topics:
About this release
Safeguard for Sudo helps Unix/Linux organizations take privileged account management through Sudo to the next level: with a central policy server, centralized management of Sudo and sudoers, centralized reporting on sudoers and elevated rights activities, and event and keystone logging of activities performed through Sudo. With Safeguard for Sudo, One Identity provides a plug-in to Sudo 1.8.1 (and later) to make administering Sudo across a few, dozens, hundreds, or thousands of Unix/Linux servers easy, intuitive, and consistent. It eliminates the box-to-box management of Sudo that is the source of so much inefficiency and inconsistency. In addition, the centralized approach delivers the ability to report on the change history of the sudoers policy file.
Safeguard for Sudo 7.3 is a patch release that includes Resolved issues.
NOTE: Beginning with version 7.0, Safeguard for Sudo supports only Linux-based systems for Safeguard for Sudo policy servers.
End of support notice
After careful consideration, One Identity has decided to cease the development of the Management Console for Unix (MCU). Therefore, the MCU will enter limited support for all versions on April 1, 2021. Support for all versions will reach end of life on Nov 1, 2021.
As One Identity retires the MCU, we are building its feature set into modern platforms starting with Software Distribution and Profiling. Customers that use the MCU to deploy Authentication Services and Safeguard for Sudo can now use our Ansible collections for those products, which can be found at Ansible Galaxy.
New features in Safeguard for Sudo 7.3:
-
Safeguard for Sudo now supports MacOS version 14.
-
Services can now write the syslog messages as CEF (Common Event Format), useful for messages about Accept and Reject events.
NOTE: Logging in CEF is disabled by default. To enable it, set the configuration option logFormat to cef.
-
Introduced the pmcheckperms utility, used to check the ownership and permissions of Privilege Manager files on the system. For more information, see pmcheckperms in the Safeguard for Sudo Administration Guide.
See also:
The following is a list of issues addressed in this release.
Table 1: Resolved issues
Fixed an issue where sudo could crash when the Safeguard for Sudo plugin was installed and the pmserviced daemon was not running.
The pmserviced daemon is responsible for starting the pmmasterd service, which supports offline policy evaluation when the policy server is not reachable. If the pmmasterd service is unavailable, the Safeguard for Sudo plugin will attempt to contact the policy server directly. A bug in the code that implements this fallback mechanism could have resulted in a crash if the pmserviced daemon was not running, and has been fixed. |
438545 |
Fixed an issue where the pmlogsrvd service on a policy server would attempt to process a duplicate event indefinitely.
Duplicate events are now discarded instead of being retried. If two different events have the same UUID, the second event is assigned a new UUID. |
439903 |
On newer Linux distributions, such as RHEL 9.2, the qpm packages required installing the libxcrypt-compat package to work.
This dependency is not required anymore. |
443055 |
Fixed an issue where pmlogxfer reported the following error message in the syslog when transferring the logs collected in offline mode: 1101 Assignment to constant |
444510 |
On macOS ARM64, packages do not require Rosetta 2 to be installed anymore. |
453156 |
The following table provides a list of supported platforms for Safeguard for Sudo clients.
NOTE: Beginning with version 7.0, Safeguard for Sudo supports only Linux-based systems for Safeguard for Sudo policy servers.
|
CAUTION: As of Safeguard for Sudo version 7.3, the following platforms and architectures are no longer supported:
|
Table 2: Linux supported platforms — server and plugin
Alma Linux |
8, 9 |
x86_64, AARCH64, PPC64le, s390x |
Amazon Linux |
AMI, 2, AL2022 |
x86_64 |
CentOS Linux |
7, 8, 9 |
Current Linux architectures: s390x, PPC64, PPC64le, x86, x86_64, AARCH64 |
CentOS Stream |
8, 9 |
x86_64, AARCH64, PPC64le, s390x |
Debian |
Current supported releases |
x86_64, x86, AARCH64 |
Fedora Linux |
Current supported releases |
x86_64, x86, AARCH64 |
OpenSuSE |
Current supported releases |
x86_64, x86, AARCH64 |
Oracle Enterprise Linux (OEL) |
7, 8, 9 |
Current Linux architectures: s390x, PPC64, PPC64le, x86, x86_64, AARCH64 |
Red Hat Enterprise Linux (RHEL) |
7, 8, 9 |
Current Linux architectures: s390x, PPC64, PPC64le, x86, x86_64, AARCH64 |
Rocky Linux |
8, 9 |
x86_64, AARCH64, PPC64le, s390x |
SuSE Linux Enterprise Server (SLES)/Workstation |
12, 15 |
Current Linux architectures: s390x, PPC64, PPC64le, x86, x86_64, AARCH64 |
Ubuntu |
Current supported releases |
x86_64, x86, AARCH64 |
Table 3: Unix and Mac supported platforms — plugin
Apple MacOS |
12.0 and above |
x86_64, ARM64 |
FreeBSD |
12.x, 13.x, 14.x |
x32, x64 |
HP-UX |
11.31 |
IA-64 |
IBM AIX |
6.1 TL9, 7.1 TL3, TL4, TL5, 7.2, 7.3 |
Power 4+ |
Oracle Solaris |
10 8/11 (Update 10), 11.x |
SPARC, x64 |