Event capture for Unix/Linux systems doesn't require a specific OS. However, the following commands from the system need to return useful data. You may need to install extra packages on the target, if the commands are unavailable.
In order to detect and kill processes on *nix systems, the DPA connects to and monitors the target system using SSH.
The functional account for the platform is used to log onto the system to run these commands. If using a non-root account ensure the functional account has been given permissions to run the current commands for your system.
The following commands must be executable on the target system by the functional account in order to detect and kill processes.
- uname
- echo
- kill ("kill" command is required and tested due to the ability of TPAM to do the action "Kill Command" in the Restricted Command profile.)
One of the following commands must return required data to list processes
- "ps -ef" or "ps -axlww" depending on *nix variant
One of the following commands must return required data to list network connections
- "netstat -ntp", "sockstat -c4", "lsof -i4 -n -P" or "lsof -i -n -P"
When selecting "Test Event Configuration", the script will determine which of the last 2 commands to use, based on which returns the required data.
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center