Chat now with support
Chat with Support

One Identity Management Console for Unix 2.5.2 - Administration Guide

One Identity Privileged Access Suite for Unix Introducing One Identity Management Console for Unix Installing Management Console for Unix Preparing Unix hosts Working with host systems Managing local groups Managing local users Active Directory integration Authentication Services integration Privilege Manager integration Reporting Setting preferences Security Troubleshooting tips
Auto profiling issues Active Directory Issues Auditing and compliance Cannot create a service connection point Check Authentication Services agent status commands not available CSV or PDF reports do not open Database port number is already in use Elevation is not working Hosts do not display Import file lists fakepath Information does not display in the console License information in report is not accurate Out of memory error Post install configuration fails on Unix or Mac Privilege Manager feature issues Profile task never completes questusr account was deleted Readiness check failed Recovering from a failed upgrade Reports are slow Reset the supervisor password Running on a Windows 2008 R2 domain controller Service account login fails Setting custom configuration settings Single Sign-on (SSO) issues JVM memory tuning suggestions Start/stop/restart Management Console for Unix service Toolbar buttons are not enabled UID or GID conflicts
System maintenance Command line utilities Web services Database maintenance

Reviewing the Access and Privileges by User report

The Access and Privileges by User report identifies the hosts where the selected user can login, the commands that user can run on each host, as well as the "runas aliases" information for that user.

To create the Access & Privileges by User report

  1. From the mangement console, navigate to Reporting.
  2. From the Reports view, double-click the Access and Privileges by User report name.

    The report opens a new Access & Privileges by User tab on the Reporting view.

  3. Choose the type of user to include in the report: a local user or Active Directory user.
  4. Click Browse to select the user name.
  5. Select the Show detailed report option.
  6. Open the Export drop-down menu and select the format you want to use for the report: PDF or CVS.

    It launches a new browser or application page and displays the report in the selected format.

Note: When generating multiple reports simultaneously or generating a single report that contains a large amount of data, One Identity recommends that you increase the JVM memory. See JVM memory tuning suggestions for details.

Reviewing the Access and Privileges by Host report

The Access and Privileges by Host report identifies all users with logon access to a host and the commands users can run on the host. To run this report you must have an active policy group; you can only include hosts that are joined to a policy group in the report.

To create the Access & Privileges by Host report

  1. From the mangement console, navigate to Reporting.
  2. From the Reports view, double-click the Access and Privileges by Host report name.

    The report opens a new Access & Privileges by Host tab on the Reporting view.

  3. Browse to select the host for which you want to create the report.
  4. Select the Show detailed report option.
  5. Open the Export drop-down menu and select the format you want to use for the report: PDF or CSV.

    It launches a new browser or application page and displays the report in the selected format.

Note: When generating multiple reports simultaneously or generating a single report that contains a large amount of data, One Identity recommends that you increase the JVM memory. See JVM memory tuning suggestions for details.

Event logs and keystroke logging

Privilege Manager enables event logging. Each time a command is run, the policy server accepts or rejects the requested command according to the rules in the policy and creates an event (audit) log. The policy server records the keystroke input and terminal output for each accepted command, creating comprehensive "keystroke logs" files. With these logs, you can perform forensic-level auditing of any command executed.

Event logs are always captured and stored on the policy servers in /var/opt/quest/qpm4u/pmevents.db; keystroke logs are stored at var/opt/quest/qpm4u/iolog.

Note: You can use the iolog_dir and iolog_file policy options to reconfigure the iolog file location. For more information about the policy options, refer to the Privilege Manager Administration Guide.

You can view event logs or replay keystroke logs from the Policy tab of the mangement console if you are logged in either as the supervisor or an Active Directory account with rights to audit the policy file; that is, an account in the Audit Sudo Policy or Audit PM Policy role.

BEST PRACTICE: As a best practice, One Identity recommends that you set up a separate policy server for archiving and viewing logs.

Enabing keystroke logging

To enable keystroke logging for sudo policy

  1. From the mangement console, navigate to Policy | Sudo Policy Editor.

  2. Open the Open menu and select Current version to open the latest saved version of the policy file that is currently in use by the mangement console. See Opening a policy file for details.

  3. Add the following line to the policy file to enable keystroke logs:

    Defaults log_output
  4. Add an entry for a local user in the form who where = (as_whom) what. For example:

    localuser     ALL=(ALL)     ALL

    where localuser is a local user account name.

    NoteS:

    • This allows localuser to perform any command on any machine as any user.
    • To set up a local user, see Adding a local user.
  5. Save and close the policy.

To enable keystroke logging for pmpolicy

  1. Using the GUI editor, open the role's General setting page.
  2. Select the Enable keystroke logging option.
Related Documents