지금 지원 담당자와 채팅
지원 담당자와 채팅

Safeguard for Sudo 7.3 - Administration Guide

Introducing Safeguard for Sudo Planning Deployment Installation and Configuration Upgrade Safeguard for Sudo System Administration Managing Security Policy Administering Log and Keystroke Files Supported sudo plugins Troubleshooting Safeguard for Sudo Variables Safeguard for Sudo programs Installation Packages Supported Sudoers directives Unsupported Sudo Options Safeguard for Sudo Policy Evaluation

Installing licenses

To install a license file

  1. Copy the .dlv license file to the policy server.
  2. To install the license, run:

    # /opt/quest/sbin/pmlicense -l <license_file>

    This command displays your currently installed license and the details of the new license to be installed.

  3. When the prompt "Would you like to install the new license (Y/N) [Y]?" appears, press Enter, or type: Y.

  4. If there are other policy servers configured in your policy server group, it forwards the license configuration to the other servers.

Related Topics

pmlicense

Displaying license usage

Use the pmlicense command to display how many client licenses are installed on the policy server on which you run the command.

Use pmlicense without any arguments to show an overall status summary, including the number of licenses configured and the total licenses in use for each license option.

To display current license status information

  1. At the command line, enter:

    # pmlicense

    Safeguard for Sudo displays the current license information, noting the status of the license. Your output will be similar to the following:

    *** One Identity Safeguard *** 
    *** QPM4U VERSION 7.3.0 (0xx) *** 
    *** CHECKING LICENSE ON HOSTNAME:user123.example.com, IP ADDRESS:10.10.178.123 *** 
    *** SUMMARY OF ALL LICENSES CURRENTLY INSTALLED *** 
       * License Type PERMANENT 
       * Commercial/Freeware License COMMERCIAL 
       * Expiration Date NEVER 
       * Max QPM4U Client Licenses 0 
       * Max Sudo Policy Plugin Licenses 10 
       * Max Sudo Keystroke Plugin Licenses 0 
       * Authorization Policy Type permitted ALL 
       * Total QPM4U Client Licenses In Use 0 
       * Total Sudo Policy Plugins Licenses In Use 4 
       * Total Sudo Keystroke Plugins Licenses In Use 0

The above example shows that the current license allows for ten Sudo Policy Plugins (Sudo Plugin licenses) and four licenses are currently in use.

Use pmlicense with the -us option to view a summary usage report; use -uf to view the full usage report.

To show a full usage report including last use dates

  1. At the command line, enter:

    # pmlicense -uf

    Your output will be similar to the following:

    Detailed Licensed Hosts Report 
    ------------------------------------------------------------------------- 
    Number | Last Access Time                           | Hostname 
    ------------------------------------------------------------------------- 
           | QPM4U | SudoPolicy         | SudoKeystroke | 
    ------------------------------------------------------------------------- 
    1      |       |  2012/07/01 17:14  |               | admin1.example.com 
    2      |       |  2012/07/01 17:14  |               | user101.example.com 
    3      |       |  2012/07/01 16:28  |               | user123.example.com 
    4      |       |  2012/07/01 17:14  |               | dev023.example.com

The above output shows the full report, including the host names and dates the Sudo Plugins used the policy server.

The pmlicense command supports many other command-line options.

Related Topics

pmlicense

Listing policy file revisions

After you have made several revisions to your policy file under source control, you can view the list of policy file versions stored in the repository.

To display all previous version numbers with timestamps and commit logs

  1. From the command line, enter:

    # pmpolicy log

    This command returns output similar to this:

    ** Validate options          [ OK ] 
    ** Check out working copy    [ OK ] 
    ** Retrieve revision details [ OK ] 
    version="3",user="pmpolicy",date=2011-05-11,time=19:27:01,msg="" 
    version="2",user="pmpolicy",date=2011-05-11,time=19:19:47,msg="added tuser" 
    version="1",user="pmpolicy",date=2011-05-11,time=15:56:12,msg="First import"

Viewing differences between revisions

You can view the changes from revision to revision of a policy file.

To show the differences between version 1 and version 3

  1. From the command line, enter:

    # pmpolicy diff -r:1:2

    This command returns output similar to this:

    ** Validate options                                          [ OK ] 
    ** Check out working copy (trunk revision)                   [ OK ] 
    ** Check differences                                         [ OK ] 
    ** Report differences between selected revisions             [ OK ] 
       - Differences were detected between the selected versions 
    Details: 
    Index: sudoers
    =================================================================== 
    --- sudoers (revision 1) 
    +++ sudoers (revision 2) 
    @@ -88,6 +88,6 @@ 
    # Defaults targetpw # Ask for the password of the target user
    # ALL ALL=(ALL) ALL # WARNING: only use this together with 'Defaults targetpw'
                                 
    -## Read drop-in files from /etc/sudoers.d 
    +## Read drop-in files from sudoers.d 
    ## (the '#' here does not indicate a comment)
    -##includedir /etc/sudoers.d
    +# includedir sudoers.d 

    The output reports lines removed and lines added in a unified diff format.

관련 문서

The document was helpful.

평가 결과 선택

I easily found the information I needed.

평가 결과 선택