The following table provides a list of supported platforms for Privilege Manager for Unix clients.
Table 2: Linux supported platforms — server and client
Amazon Linux |
AMI, 2 |
x86_64 |
CentOS Linux |
6, 7, 8 |
Current Linux architectures: s390x, PPC64, PPC64le, x86, x86_64, AARCH64 |
Debian |
Current supported releases |
x86_64, x86, AARCH64 |
Fedora Linux |
Current supported releases |
x86_64, x86, AARCH64 |
OpenSuSE |
Current supported releases |
x86_64, x86, AARCH64 |
Oracle Enterprise Linux (OEL) |
6, 7, 8 |
Current Linux architectures: s390x, PPC64, PPC64le, x86, x86_64, AARCH64 |
Red Hat Enterprise Linux (RHEL) |
6, 7, 8 |
Current Linux architectures: s390x, PPC64, PPC64le, x86, x86_64, AARCH64 |
SuSE Linux Enterprise Server (SLES)/Workstation |
11 SP4, 12, 15 |
Current Linux architectures: s390x, PPC64, PPC64le, x86, x86_64, AARCH64 |
Ubuntu |
Current supported releases |
x86_64, x86, AARCH64 |
Table 3: Unix and Mac supported platforms — client
Apple MacOS |
10.15 or later |
x86_64, ARM64 |
FreeBSD |
12.x, 13.x |
x32, x64 |
HP-UX |
11.31 |
PA, IA-64 |
IBM AIX |
6.1 TL9, 7.1 TL3, 7.2 |
Power 4+ |
Oracle Solaris |
10 8/11 (Update 10), 11.x |
SPARC, x64 |
Reserve the following names for Privilege Manager for Unix usage:
- pmpolicy (user and group)
- pmlog (group)
For more information, see Reserve special user and group names..
You will need root privileges to install Privilege Manager for Unix software. Either log in as root or use the su program to acquire root privileges. Due to the importance of the root account, Privilege Manager for Unix carefully protects the system against certain accidental or deliberate situations that might lead to a breach in security. For example, if Privilege Manager for Unix discovers that its configuration files are open to modification by non-root users, it will reject all job requests. Furthermore, all Privilege Manager for Unix directories back to the / directory are checked for security in the same way, to guard against accidental or deliberate replacement.
Keystroke and event log disk space requirements
The amount of disk space required to store keystroke logs will vary significantly based on the amount of terminal output generated by the user's daily activity and the level of logging configured. An average Privilege Manager for Unix keystroke log will contain an additional 4KB of data on top of the amount of data displayed to the user's terminal. Taking an average of the amount of terminal output generated by a few users over the course of a normal day would allow for an approximate estimation to be calculated. For example, a developer using a vi session throughout the day may generate 200KB of terminal output. A team of 200 developers each generating a similar amount of terminal output per working day could be expected to use 31GB of disk space over a three-year period [ 204 (200 + 4KB) x 200 (developers) x 260 (working days) x 3 (years) = 31,824,000 ].
The level of logging can also be configured to reduce the overhead on the Masters. For example, some customers only log the user's input (key presses) which will dramatically reduce the amount of logging.
Event log entries will typically use 4-5KB of storage per event, but may vary slightly depending on the data stored in the events. For example, events might be slightly larger for users that have lots of environment variables defined. Taking an average of the number of events that occur over the course of a normal day should allow you to estimate the disk space requirements for event logs. For example, if the same team of developers generate 1,000 events in a normal working day, they would be expected to use nearly 4GB of disk space over a three-year period [ 5 (KB) * 1000 (events) * 260 (days) * 3 (years) = 3,900,000 ].
Policy server deployment requirements
The following recommendations are only provided as a rough guideline. The number of policy servers required for your environment may vary greatly depending on usage.
- One policy server is suitable for small test environments with less than 50 hosts.
- Production environments should have a minimum of two policy servers.
- Add an additional policy server for every 150-200 Privilege Manager for Unix hosts.
- Additional policy servers may be required to support geographically disparate locations.