지금 지원 담당자와 채팅
지원 담당자와 채팅

Safeguard for Sudo 7.2.1 - Administration Guide

Introducing Safeguard for Sudo Planning Deployment Installation and Configuration Upgrade Safeguard for Sudo System Administration Managing Security Policy Administering Log and Keystroke Files Supported sudo plugins Troubleshooting Safeguard Variables Safeguard programs Installation Packages Unsupported Sudo Options Safeguard for Sudo Policy Evaluation

Failed to push references to Git URL

Error

After export pmgit sends the error message:

# pmgit export --git-url <Git_URL>
Creating backup from SVN repository ...                             [ OK ]
Creating directory for local Git repository ...                     [ OK ]
Cloning SVN ...                                                     [ OK ]
Setting Git remote ...                                              [ OK ]
Push Git repository to remote ...                               [ ERROR ]
   To <Git_URL>
! [rejected]        <Git_branch> -> <Git_branch> (fetch first)
error: failed to push some refs to '<Git_URL>'
Cause

You tried to export to a Git repository which is not empty.

Effect

You are unable to export the policies to that Git repository.

Solution

Create an empty bare repository.

Example

This is an example for creating an empty bare Git repository from command line.

git init --bare <repo_name>.git

Sudo command is rejected by Safeguard for Sudo

Safeguard for Sudo might reject a sudo command. For example, let us assume you ran the following command:

$ sudo id

and received output similar to the following:

<user> is not in the sudoers file. This incident will be reported. 
Request rejected by Safeguard

There are several things you can do to troubleshoot this issue.

To troubleshoot why a sudo command is rejected

Run the following from the policy server:

  1. To ensure the user has permission, run the following as a sudo administrator.
    # sudo -U <username> -l
  2. To check that the policy is located at /etc/opt/quest/qpm4u/policy/sudoers is the current version, run:
    # pmpolicy masterstatus

    In the output, ensure that Current Revision and Latest Trunk Revision have the same number and Locally modified is "No".

  3. To ensure the user has permission to run the command, check the /etc/opt/quest/qpm4u/policy/sudoers file and verify the user’s (or group’s) permissions:
    # cat /etc/opt/quest/qpm4u/policy/sudoers
  4. To verify that the policy server is working properly, enter:
    # pmsrvcheck

    This command returns output similar to:

    testing policy server [ Pass ]

    From the command line, enter:

    # pmsrvinfo

    This command returns output similar to:

    Policy Server Configuration: 
    ---------------------------- 
       Safeguard version : 7.2.1.0 (0nn) 
       Listening port for pmmasterd daemon  : 12345 
       Comms failover method                : random 
       Comms timeout(in seconds)            : 10 
       Policy type in use                   : sudo 
       Group ownership of logs              : pmlog 
       Group ownership of policy repository : pmpolicy 
       Policy server type                   : primary 
       Primary policy server for this group : Myhost1 
       Group name for this group            : Myhost1.example.com 
       Location of the repository           : file:
                           ////var/opt/quest/qpm4u/.qpm4u/.repository/sudo_repos/trunk 
       Hosts in the group : Myhost1 
Related Topics

pmpolicy

pmsrvcheck

pmsrvinfo

Sudo policy is not working properly

If your sudo policy is not working as expected, use these troubleshooting steps:

  1. To verify the version of sudo on your host:
    # sudo -V
  2. To verify that the Sudo Plugin host is joined to the policy server, run:
    # pmplugininfo
  3. To see what commands the user is allowed to run:
    # sudo -l -U <username>

    This command returns output similar to:

    Matching Defaults entries for testuser on this host: 
          log_output 
    User testuser may run the following commands on this host: 
          (ALL) /opt/quest/bin/
  4. On the policy server, use the pmpolicy utility for managing the Privilege Manager for Unix security policy.
    1. To verify that you have the correct version of the policy, run:
      # pmpolicy masterstatus

      Ensure that Locally modified in the output is No.

    2. To update the version of the policy, run:
      # pmpolicy sync
    3. To verify there are no syntax errors in the policy, run:
      # pmpolicy checkout -d <dir>
  5. On the Sudo Plugin host, use the pmpolicyplugin utility to display the revision status of the cached security policy on this host or to request an update from the central repository.
    1. To verify that you have the correct version of the policy on the Sudo Plugin host, run
      # pmpolicyplugin

      Use the -g option to update the local cached security policy with the latest revision on the central repository (equivalent to pmpolicy sync on a server).

Related Topics

pmplugininfo

pmpolicy

pmpolicyplugin

Safeguard Variables

This appendix provides detailed information about the variables that may be present in event log entries:

See also Profile Variables for additional information about policy profile variables.

관련 문서

The document was helpful.

평가 결과 선택

I easily found the information I needed.

평가 결과 선택