-
Title
sudo policy does not match between systems in same policy -
Description
sudo policy does not match between systems in same policy -
Cause
The daemon is not running, the agent does not have the correct revision and need a force update. -
Resolution
The pmpluginloadcheck daemon should be keeping the policy relatively up to date.
1 - Check the pmpluginloadcheck daemon is running
# ps -ef | grep load
root 2853 1 0 Jan14 ? 00:00:00 /opt/quest/sbin/pmpluginloadcheck -i
If it is not started run the following to start it: pmpluginloadcheck -i
2 - To verify that you have the correct version of the policy on the Sudo Plugin host, run: pmpolicyplugin -s3 - To update the local cached security policy with the latest revision on the central repository: pmpolicyplugin -g
You can also use /opt/quest/sbin/pmpluginloadcheck to check the current status of all configured policy servers and display a brief summary of their status, run pmpluginloadcheck with no options
Command Usage:
The pmpluginloadcheck program is determines the current availability of all configured masters, checks out policy, transfers license data, and transfers offline audit and event logs.
This program runs as a daemon, re-checking at intervals the current status of each of the servers that are marked as unavailable
To report the current status of each configured master run:
pmpluginloadcheck [-f]
-a: verify connection as if certificates configured
-b: Run in batch mode
-c: Report full details of selected server(s) in csv, rather than human readable format
-e: Specify the refresh interval time in minutes.
The default is 60 minutes.
The minimum value is 2 minutes.
-f: report full details of data for each master or selected master
Use with -h to attempt to communicate with a single master
-h: specify a single master host to check/report on.
-i: Start up the pmpluginloadcheck daemon
If the daemon is not currently running, then it is started.
-P: Pause (send SIGUSR1) to a running daemon
-p: Send SIGHUP to a running daemon
-r: report last cached data for selected server(s) instead of connecting to each one
-s: stop the pmpluginloadcheck daemon if it is currently running
-t: Specify a timeout (in seconds) to use for each connection
-v: print version information and exit
-z: Enable/disable debug tracing