サポートと今すぐチャット
サポートとのチャット

Privilege Manager for Unix 7.3 - Administration Guide

Introducing Privilege Manager for Unix Planning Deployment Installation and Configuration Upgrade Privilege Manager for Unix System Administration Managing Security Policy The Privilege Manager for Unix Security Policy Advanced Privilege Manager for Unix Configuration Administering Log and Keystroke Files InTrust Plug-in for Privilege Manager for Unix Troubleshooting Privilege Manager for Unix Policy File Components Privilege Manager for Unix Variables
Variable names Variable scope Global input variables Global output variables Global event log variables PM settings variables
Privilege Manager for Unix Flow Control Statements Privilege Manager for Unix Built-in Functions and Procedures
Environment functions Hash table functions Input and output functions LDAP functions LDAP API example List functions Miscellaneous functions Password functions Remote access functions String functions User information functions Authentication Services functions
Privilege Manager for Unix programs Installation Packages

Install PM Agent on a remote host

Once you have installed and configured the primary policy server, you are ready to install a PM Agent on a remote host.

Checking PM Agent host for installation readiness

To check a PM Agent host for installation readiness

  1. Log on to the remote host system as the root user and navigate to the files you extracted on the primary policy server.

  2. From the root directory, run a readiness check to verify the host meets the requirements for installing and using the PM Agent, by running:

    # sh preflight.sh --pmpolicy --policyserver <primary_policy_server>

    where <primary_policy_server> is the hostname of the primary policy server.

    Running preflight.sh --pmpolicy performs these tests:

    • Basic Network Conditions:

      • Hostname is configured

      • Hostname can be resolved

      • Reverse lookup returns it own IP

    • Privilege Manager for Unix Client Network Requirements

      • PM Agent port is available (TCP/IP port 12346)

      • Tunnel port is available (TCP/IP port 12347)

    • Policy Server Connectivity

      • Hostname of policy server can be resolved

      • Can ping the policy server

      • Can make a connection to policy server

      • Policy server is eligible for a join

      • Policy server can make a connection to the PM Agent on port 12346

  3. Resolve any reported issues and rerun pmpreflight until all tests pass.

Installing a PM Agent on a remote host

To install an agent on a remote host

  1. Log on as the root user.

  2. Change to the directory containing the qpm-agent package for your specific platform. For example, on a 64-bit Red Hat Linux, enter:

    # cd agent/linux-x86_64
  3. Run the platform-specific installer. For example, on Red Hat Linux run:

    # rpm --install qpm-agent-*.rpm

    Once you install the Privilege Manager for Unix agent package, the next task is to join the agent to the policy server.

Joining the PM Agent to the primary policy server

Once you have installed a Privilege Manager for Unix agent on a remote host you are ready to join it to the primary policy server.

To join a PM Agent to the primary policy server

  1. From the command line of the remote host, run:

    # /opt/quest/sbin/pmjoin <primary_policy_server>.example.com

    where <primary_policy_server> is the name of the primary policy server host.

    If you are not running the pmjoin command on a policy server, it requires that you specify the name of a policy server within a policy group.

    The pmjoin command supports many command line options. For more details, see pmjoin or run pmjoin with the -h option to display the help.

    • When you run pmjoin with no options, the configuration script automatically configures the agent with default settings. For details about the default and alternate agent configuration settings, see Agent configuration settings.

      You can modify the /etc/opt/quest/qpm4u/pm.settings file later, if you want to change one of the settings. For more details, see PM settings variables.

    • When you run pmjoin with the -i (interactive) option, the configuration script gathers information from you by asking you a series of questions. During this interview, you are allowed to either accept a default setting or set an alternate setting.

      Once you have completed the configuration script interview, it configures the agent and joins it to the policy server.

    Running pmjoin performs the configuration of the Privilege Manager for Unix agent, including modifying the pm.settings file and starting up the pmserviced daemon.

  2. When you run pmjoin for the first time, it asks you to read and accept the End User License Agreement (EULA).

    Once you complete the agent configuration script (by running the pmjoin command), it:

    • Enables the pmlocald service

    • Updates the pm.settings file

    • Creates wrappers for the installed shells

    • Updates /etc/shells

    • Reloads the pmserviced configuration

    • Checks the connection to the policy server host

  3. To verify that the agent installation has been successful, run

    # pmclientinfo

    This returns displays configuration information about a client host. For more details, see pmclientinfo.

関連ドキュメント

The document was helpful.

評価を選択

I easily found the information I needed.

評価を選択