The following table lists the default and alternative configuration settings when configuring a Safeguard for Sudo server. For more information about the policy server configuration settings, see PM settings variables.
| Configuration Setting | Default | Alternate |
|---|---|---|
|
Configure Safeguard for Sudo Policy Mode | ||
|
Policy mode: For more information about policy types, see Security policy types. Sets policymode in pm.settings. (Policy "modes" are the same as policy "types" in the console.) |
sudo |
The Sudo Plugin supports the sudo policy type and the pmpolicy type. |
|
Configure host as primary or secondary policy group server: |
primary |
Enter secondary, then supply the primary server host name. |
|
Policy Group Name: Sets sudoersfile in pm.settings. |
<FQDN name of policy server> |
Enter policy group name of your choice. |
|
Path to sudoers file to import: |
/etc/sudoers |
Enter a path of your choice |
|
Configure Safeguard for Sudo Daemon Settings | ||
|
Policy server command line options: Sets pmmasterdopts in pm.settings. |
-ar |
Enter:
-a, -r, and -s override syslog no option; -e <logfile> overrides the pmmasterdlog <logfile> option. |
|
Configure policy server host components to communicate with remote hosts through firewall? |
No |
Do not change this setting, because firewall options to not apply to the Sudo Plugin. |
|
Define host services? |
Yes Adds services entries to the /etc/services file. |
Enter No You must add service entries to either the /etc/services file or the NIS services map. |
|
Communications Settings for Safeguard for Sudo | ||
|
Policy server daemon port number: Sets masterport in pm.settings. |
12345 |
Enter a port number for the policy server to communicate with agents and clients. |
|
Specify a range of reserved port numbers for this host to connect to other defined Safeguard for Sudo hosts across a firewall? Sets setreserveportrange in pm.settings. |
No |
Enter Yes, then enter a value between 600 and 1023:
|
|
Specify a range of non-reserved port numbers for this host to connect to other defined Safeguard for Sudo hosts across a firewall? Sets setnonreserveportrange in pm.settings. |
No |
Enter Yes, then enter a value between 1024 and 65535:
|
|
Allow short host names? Sets shortnames in pm.settings. |
Yes |
Enter No to use fully-qualified host names instead. |
|
Configure Kerberos on your network? Sets kerberos in pm.settings. |
No |
Enter Yes, then enter:
|
|
Encryption level: Sets encryption in pm.settings. |
AES |
Enter one of these encryption options:
|
|
Enable certificates? Sets certificates in pm.settings. |
No |
Enter Yes, then answer: Generate a certificate on this host? (Default is NO.) Enter Yes and specify a passphrase for the certificate. Once configuration of this host is complete, swap and install keys for each host in your system that need to communicate with this host. For more details, see Swap and install keys. |
|
Activate the failover timeout? |
No |
Enter Yes, then assign the failover timeout in seconds: (Default is 10.) |
|
Failover timeout in seconds Sets failovertimeout in pm.settings. |
10 |
Enter timeout interval. |
|
Configure Safeguard for Sudo Logging Settings | ||
|
Send errors reported by the policy server and local daemons to syslog? |
Yes |
Enter No |
|
Policy server log location: Sets pmmasterdlog in pm.settings. |
/var/log/pmmasterd.log |
Enter a location. |
|
Configure Safeguard for Sudo Sudo Plugin | ||
|
Configure Sudo Plugin? |
No |
Enter Yes |
| Install Safeguard for Sudo Licenses | ||
|
XML license file to apply: |
(use the freeware product license) |
Enter the location of the .xml license file. Enter Done when finished. |
|
Enter <password> This password is also called the "Join" password. You will use this password when you add secondary policy servers or join remote hosts to this policy group. | ||
You can find an installation log file at: /opt/quest/qpm4u/install/pmsrvconfig_output_<Date>.log