Chat now with support
Chat with Support

One Identity Management Console for Unix 2.5.2 - Administration Guide

One Identity Privileged Access Suite for Unix Introducing One Identity Management Console for Unix Installing Management Console for Unix Preparing Unix hosts Working with host systems Managing local groups Managing local users Active Directory integration Authentication Services integration Privilege Manager integration
Getting started Configure a primary policy server Configure a secondary policy server Install PM agent or Sudo plugin on a remote host Security policy management
Opening a policy file Edit panel commands Editing PM policy files Reviewing the Access and Privileges by User report Reviewing the Access and Privileges by Host report
Event logs and keystroke logging
Reporting Setting preferences
User preferences System preferences
Security Troubleshooting tips
Auto profiling issues Active Directory Issues Auditing and compliance Cannot create a service connection point Check Authentication Services agent status commands not available CSV or PDF reports do not open Database port number is already in use Elevation is not working Hosts do not display Import file lists fakepath Information does not display in the console License information in report is not accurate Out of memory error Post install configuration fails on Unix or Mac Privilege Manager feature issues Profile task never completes questusr account was deleted Readiness check failed Recovering from a failed upgrade Reports are slow Reset the supervisor password Running on a Windows 2008 R2 domain controller Service account login fails Setting custom configuration settings Single Sign-on (SSO) issues JVM memory tuning suggestions Start/stop/restart Management Console for Unix service Toolbar buttons are not enabled UID or GID conflicts
System maintenance Command line utilities Web services Database maintenance About us

All Hosts tab columns

The All Hosts view contains the following information for each Unix host system added to the mangement console:

Note: Each column has a drop-down menu from which you can choose which columns you want to view on the mangement console. In addition, the drop-down menu for the Status, Joined to Domain, and Joined to Policy Group columns allows you to filter the items displayed by various criteria.

Table 16: All Hosts tab: Columns
Column Description

The first column contains a selection check box which allows you to select or deselect a host. Once selected, the available toolbar buttons and right-click commands enable which allow you to manage the selected hosts.

To select a host, click a host name or the selection check box in the All Hosts view. When you select a host name, the entry highlights. To select all hosts in the list, click the check box in the heading.

To deselect a host, click the selection check box. To deselect all hosts, clear the check box in the heading.

Managed Hosts Columns

The Host state column displays the current profiled state of each managed host system. The following icons represent the different states:

Not Profiled

Profiling in progress

Profiled

Auto-profile enabled

Auto-profile connection failure

No heartbeat

You can sort the Host state column based on profiled status. The sort order follows the order of the key above, either ascending or descending. By default, all of the managed hosts display on the All Hosts view regardless of their profiled status. To filter the hosts by profiled status, open the Host state column drop-down menu, navigate to the Filters option, and choose one or more of the profile status options.

NOTE: When you select a filter, only the hosts that match that criteria display. For example, if you select No heartbeat, the console lists only profiled and joined hosts that have not sent a ping in the required amount of time. Thus, the console may not display any hosts.

Host Displays the value (FQDN, IP address or short name) entered when the host was added to the mangement console.
IP Address Displays the IP address of each managed host system.
OS Displays the operating system running on each managed host system.
Authentication Services Columns

The QAS state column displays the following icons:

Auto QAS status updates not enabled

- Auto QAS status updates enabled

- Auto QAS status connection failed

- No QAS status heartbeat

No icon in the QAS state column indicates the host is not configured to check the QAS agent status automatically.

You can sort the QAS state column based on status. The sort order follows the order of the key above, either ascending or descending. By default, all of the managed hosts display on the All Hosts view. To view only hosts in one or more of these categories, open the QAS state column drop-down menu, navigate to the Filters option, and choose one or more of these options.

NOTE: When you select a filter, only the hosts that match that criteria display. For example, if you select Auto QAS status updates not enabled, the console lists only hosts not configured to check the QAS agent status automatically.

Version Displays the version of the Authentication Services Agent software that is currently installed on each managed host system. This column is blank if you have not installed the Authentication Services Agent software on the host system.
Joined to Domain

Displays the name of the Active Directory domain to which the host is joined. This column is blank if you have not joined the host to an Active Directory domain.

NOTE: Use the column drop-down menu to filter the hosts by specific "joined" states.

Privilege Manager Columns
Installed

Indicates which type of Privilege Manager product is installed: Server, PM Agent, or Sudo Plugin.

  • When the Privilege Manager Policy Server software is installed on a host, but is not yet configured as a primary or secondary policy server, the Installed column lists that host as a "Server".
  • When the Policy Server is configured as a Primary or Secondary, but is not yet joined to a policy group, the Installed column lists the host as a "Primary Server" or "Secondary Server" and indicates the type of policy it manages (sudo or pmpolicy).
  • If only the PM Agent is installed on a host, the console lists that host as "PM Agent".
  • If only the Sudo Plugin is installed on a host, the console lists that host as "Sudo Plugin".

Use the column drop-down menu to filter the hosts by client type: Sudo Plugin, PM Agent, or Server.

NOTE: When you select a filter, only the hosts that match that criteria display. However, when you install the Privilege Manager Policy Server it installs all three Privilege Manager for Unix packages on that host. Thus, if you filter by either the PM Agent or the Sudo Plugin, the console displays all the server hosts, as well.

Version Displays the version of Privilege Manager software that is currently installed on each managed host system. This column is blank if you have not installed Privilege Manager on the host system.
Status

When a Server (Primary or Secondary), PM Agent, or Sudo Plugin is joined to a policy group, the Status column displays the name of the policy group to which it is joined. These are the policy groups the mangement console uses for centralized security privilege validation and keystroke logging.

  • A server can ONLY be joined to the policy group it hosts (in the case of a Primary) or shares in hosting (in the case of a Secondary).
  • You can not have a PM Agent client joined to a sudo policy group, and you can not have a Sudo Plugin client joined to a pmpolicy group; that is, a server (Primary or Secondary) that is managing a sudo policy type, can only be joined to the sudo policy group.

NOTE: The Status column also and indicates the "joined" or "ready" status, if available. When you mouse over the Ready or Not Ready icon, a message tells you if it is ready to configure as a policy server or ready to join to a policy group. Use the column drop-down menu to filter the host list by specific "joined" or "ready" states. To view all of the hosts that are joined to a specific policy group, in the advanced search, select the Status option from the filter drop-down to filter by a specific string. For example, if you filter by PM*, the console lists only servers joined to policy groups with names that begin with "PM".

All Hosts tab right-click menu

When you right-click an individual host on the All Hosts view, you can access the following options from the context menu:

  • Details
  • Users
  • Groups
  • Readiness Check Results
  • Software
  • Host Access Control (console must be configured for AD and host must be joined to AD)
  • Profile
  • SSH to Host
  • Find event logs

For more information about these options, refer to Host Properties

Host Properties

When you open a host's properties page, it shows you information imported from the Unix host system during the profiling operation. The upper region of the tab contains the name of the host, when the host was last profiled.

The Host Properties has the following tabs:

  • Details

    System information and host preparation status

  • Users

    List of local Unix users on the host

  • Groups

    List of local Unix groups on the host

  • Readiness Check Results

    Details about the checks performed by the Check for Policy Server Readiness and the Check for AD Readiness tasks

  • Software

    Lists the One Identity products installed on this host

  • Host Access Control (only available if console is configured for AD and the host is joined to AD)

    Support for managing the Authentication Services users.allow file

The Options menu, allows you to perform the following tasks against the selected host:

Table 17: Options menu
Option Description
Profile
  • Select Profile to rerun the profile task. The latest information displays on the Hosts tab.

    See Profiling hosts for details.

  • Select Profile Automatically to keep the profile information for this host up-to-date.

    See Automatically profiling hosts for details.

Check

  • Select the Check for Policy Server Readiness option to determine if the specified hosts meet the minimum requirements to be configured as a policy server.

    See Checking policy server readiness for details.

  • Select the Check Client for Policy Readiness to verify that the specified hosts meet the minimum requirements to be joined to a policy server.

    NOTE: The host must have either the PM Agent or Sudo Plugin software installed and at least one primary policy server added to the mangement console in System Settings. The console prompts you to choose a policy group and enter host access user credentials. See Checking client for policy readiness for details.

  • Select Check for AD readiness to check the host to determine if it is ready to join Active Directory.

    See Checking host for AD readiness for details.

  • Select the Check Authentication Services agent status command to check the status of your Authentication Services Agent.

    NOTE: The "Check Authentication Services" commands are only available for hosts that have the Authentication Services Agent software installed and are joined to Active Directory. See Manually checking QAS agent status for details.

  • Select the Check Authentication Services agent status automatically command to configure the mangement console to automatically check the QAS agent status and report any warnings or failures to the console periodically.

    See Automatically checking QAS agent status for details.

NOTE: The results of these checks display on the Readiness Check Results tab of the host's properties.

Join or Configure
  • Select Join to Policy Group command to join the selected hosts to a policy group.

    See Joining the host to a policy group for details.

    NOTE: When using a sudo policy type, to join a policy group, the selected hosts must have Sudo 1.8.1 (or higher) and the Sudo Plugin agent software installed.

  • Select Join to Active Directory command to initiate the join operation on one or more hosts. The mangement console displays the Join Host to Active Directory dialog which prompts you to enter the domain to join and the user credentials to use to access Active Directory.

    See Joining host to Active Directory for details.

  • Select Configure Policy Server to configure the host as either a primary or a secondary policy server.

    See Configuring the primary policy server or Configuring a secondary policy server for details.

Details view

Table 18: Details view
Option Description
Host Name Displays the host name.
Host Displays the value (FQDN, IP address or short name) entered when you added the host to the mangement console.
IP Address Displays the IP address of the host.
OS Displays the operating system installed on the host.
Login shells Displays a list of the login shells used by the host.
SSH Fingerprints Displays the SSH algorithm and SSH host key fingerprint that is currently cached and being used to verify the authenticity of the host.
Click Import SSH Host Key to upload a new SSH host key file (such as, 127.0.0.1.pub) for the selected host.
Sudo
Sudo Version Displays the version of sudo on the host.
Joined to Policy Group Displays the policy group to which the host is joined.
Authentication Services
Joined to Domain Displays the Active Directory domain to which the host is joined.
Related Documents