지금 지원 담당자와 채팅
지원 담당자와 채팅

Privilege Manager for Unix 7.2.1 - Administration Guide

Introducing Privilege Manager for Unix Planning Deployment Installation and Configuration Upgrade Privilege Manager for Unix System Administration Managing Security Policy The Privilege Manager for Unix Security Policy Advanced Privilege Manager for Unix Configuration Administering Log and Keystroke Files InTrust Plug-in for Privilege Manager for Unix Troubleshooting Privilege Manager for Unix Policy File Components Privilege Manager for Unix Variables
Variable names Variable scope Global input variables Global output variables Global event log variables PM settings variables
Privilege Manager for Unix Flow Control Statements Privilege Manager for Unix Built-in Functions and Procedures
Environment functions Hash table functions Input and output functions LDAP functions LDAP API example List functions Miscellaneous functions Password functions Remote access functions String functions User information functions Authentication Services functions
Privilege Manager for Unix programs Installation Packages

Configuring the InTrust data collection

To install the InTrust data collection

  1. Using an InTrust Administration account, log in to your InTrust server.
  2. From the menu, navigate to: Configuration | Sites | Unix Network | Privilege Manager for Unix hosts.
  3. Right click, then select Properties.
  4. Select the Objects tab, click Add | Computer, then enter the name of your Privilege Manager for Unix policy server InTrust agent.
  5. Click Apply, then OK.
  6. From the menu, navigate to: Workflow | Tasks | Privilege Manager for Unix daily collection of events.
  7. Right click, then select Run.
  8. From the menu, navigate to: Workflow | Sessions and view the status of your running task which should complete within a couple of minutes, depending on the size of your InTrust event log.
  9. Verify that the task completes successfully without errors.

Viewing InTrust reports

To view InTrust reports

  1. Using a web browser, navigate to your InTrust reports and verify that you now have an InTrust for Privilege Manager for Unix section.

    http://<Intrust Server>/Reports

     

  2. Select the report type that you want to generate, based on the data currently held in InTrust.

Generating reports

InTrust provides all of its reporting services through the InTrust Knowledge Portal which is based on Microsoft SQL Server Reporting Services. This provides functionality to generate reports dynamically from the InTrust data store and display them though a simple browser based utility.

The Knowledge Portal allows you to create reports manually, however there are a number of pre-compiled reports that gather the following Privilege Manager for Unix event log data:

  • All events
  • Elevated privilege events
  • All events grouped result
  • Out of band events
  • Rejected events

The reports are provided in a .msi installer which installs and configures the required Knowledge Portal components. To view the reports, simply load the Knowledge Portal using Start | Programs | Quest Software | Quest InTrust Knowledge Portal | Quest InTrust Knowledge Portal, then select InTrust for Privilege Manager for Unix from the report list.

For more information, please refer to the InTrust for Active Directory documentation.

Gathering InTrust data

The general concept behind the InTrust server is that you configure a number of objects individually to perform a specific part of the data gathering process. These objects are then combined to form a work flow system. These are the objects you need to configure to complete a simple data gathering work flow:

  • Configuration | Sites: Contains a list of Privilege Manager for Unix policy servers from which the gathering process gathers data.
  • Configuration | Data Sources: Stores details about the data source format.
  • Gathering | Gathering Policies: Specifies which data source to use.
  • Workflow | Tasks: A task contains a list of jobs, each of which specifies the frequency at which to gather data according to a particular gathering policy.
  • Configuration | Data Stores: Database or InTrust Repository that stores the imported data.

You can either manually create these objects or import them from the Privilege Manager for Unix Knowledge Pack.

To import these objects

  1. Run the InTrustPDOImport import utility:

    InTrustPDOImport.exe -import <object>

    The import utility is located by default in:

    <install location>\Quest Software\InTrust\Server\ADC\SupportTools

  2. Once you have imported the objects, add the list of Privilege Manager for Unix policy servers to the site object.

    For more information about importing objects, refer to the InTrust Creating Custom Data Collection documentation.

    Once configured, the InTrust server objects can gather the data.

    By default the Privilege Manager for Unix gathering task provided in the knowledge pack retrieves event log data on a daily basis. However, you can customize this setting in the Gathering Policy.

One Identity recommends that you verify the gathering process by running the task manually.

To run the gathering process manually

  1. In the Quest InTrust Manager, navigate to Workflow | Tasks.
  2. Right-click the Privilege Manager for Unix task and select Run.

The details of a gathering job are recorded in Workflow | Sessions, accessible by means of the tree view.

The example below shows the result of a successful job.

관련 문서

The document was helpful.

평가 결과 선택

I easily found the information I needed.

평가 결과 선택