What actions are required to configure a Quest Privilege Manager for Sudo policy server?
Configure the primary policy server
The command to configure primary sudo policy server is pmsrvconfig -m sudo -n {group name}. For example: pmsrvconfig -m sudo -n mysudo.
Note: By default, the local /etc/sudoers policy file is used and imported into the policy server repository.
You may wish to add -f flag to the command as well to import an alternate sudoers file: /opt/quest/sbin/pmsrvconfig –f {path to sudoers file}. For example: /opt/quest/sbin/pmsrvconfig –f /tmp/sudoers
For more information on pmsrvconfig command type: /opt/quest/sbin/pmsrvconfig -h
Accept the End User License Agreement (EULA) to configure the policy server.
When prompted, set the password for the new pmpolicy user. Note: When you run pmsrvconfig, it configures a password for the primary policy server used to setup an SSH key between the sudo host and the server for the offline policy caching feature. You are required to use this password when you join a remote sudo plugin host to the policy server. (See Join Host(s) to Policy Group from the Console for details.)
(Optional) All Privilege Manager commands are in the /opt/quest/sbin directory so you may want to update your PATH to include the Privilege Manager commands, as follows:
# PATH=$PATH:/opt/quest/sbin:/opt/quest/bin
Note: When you install the qpm-server package, the Quest One Privilege Manager for Sudo plugin is installed on the policy server automatically.
/opt/quest/sbin/pmsrvconfig -s servername
Check the Policy Server:
/opt/quest/sbin/pmsrvinfo
For more information please go to the Privilege Manager for Sudo 2.0 - Administrators Guide
Join the sudo plugin on the policy server to the policy group by running the following command:
/opt/quest/sbin/pmjoin_plugin {policy server name}
Where is the policy server name of the primary policy server you just installed.
To automatically accept the End User License Agreement (EULA), use the –a option with the join command:
# pmjoin_plugin -a PolicyServer
You have now installed the Quest One Privilege Manager for Sudo packages and configured a primary Privilege Manager policy server. The primary policy server is ready to accept commands using sudo.
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center