Chat now with support
Chat with Support

Privilege Manager for Unix 6.1.1 - Release Notes for Unix

One Identity Privilege Manager for Unix 6.1.1

One Identity Privilege Manager for Unix 6.1.1

Release Notes

March 2020

These release notes provide information about the One Identity Privilege Manager for Unix release.

Topics:

About this release

Privilege Manager for Unix protects the full power of root from potential misuse or abuse. With Privilege Manager there is no need to worry about anyone deleting critical files, modifying file permissions or databases, reformatting disks, or doing more subtle damage. Privilege Manager enables you to define a security policy that stipulates who has access to which root functions, as well as when and where they can perform those functions. It controls access to existing programs as well as purpose-built utilities that run common system administration tasks. At the administrator's request, Privilege Manager can protect sensitive data from network monitoring by encrypting the root commands or sessions it controls, including control messages and input keyed by users while running commands through Privilege Manager.

Privilege Manager for Unix 6.1.1 is a patch release that includes Resolved issues.

Resolved issues

The following is a list of issues addressed in this release.

Table 1: Resolved Issues
Resolved Issue Issue ID
Corrected memory violation issue which caused this error message: pmmasterd: Unexpected message returned -7. 221647

On an install, the package install sets the suid bit on relevant binaries. All pm*info binaries are 4755.

186531

When the SELinux module is installed pmsrvconfig or pmjoin also set the SELinux file contexts for pmlocald and pmsesh.

186509

Supported platforms

The following table provides a list of supported platforms for Privilege Manager clients.

CAUTION: In future versions of the product, macOS, HP-UX, AIX, and Solaris will only be supported as Privilege Manager clients. The client and server will continue to be supported on Linux-based platforms. Users are advised to migrate their Privilege Manager policy servers to Linux-based systems.

Table 2: Unix client: Supported platforms

Platform

Version

Architecture

Amazon Linux AMI

 

x86_64

Apple macOS

10.12, 10.13, 10.14

x86_64

CentOS Linux

5, 6, 7, 8

Current Linux architectures: s390, s390x, PPC64, PPC64le, ia64, x86, x86_64, AARCH64

Debian

Current supported releases

x86_64, x86, AARCH64

Fedora Linux

Current supported releases

x86_64, x86, AARCH64

FreeBSD

10.x, 11.x

x32, x64

HP-UX

11.31

PA, IA-64

IBM AIX

7.1, 7.2

Power 4+

OpenSuSE

Current supported releases

x86_64, x86, AARCH64

Oracle Enterprise Linux (OEL)

5, 6, 7, 8

Current Linux architectures: s390, s390x, PPC64, PPC64le, ia64, x86, x86_64, AARCH64

Red Hat Enterprise Linux (RHEL)

5, 6, 7, 8

Current Linux architectures: s390, s390x, PPC64, PPC64le, ia64, x86, x86_64, AARCH64

Solaris

10.x, 11.x

SPARC, x64

SuSE Linux Enterprise Server (SLES)/Workstation

11, 12, 15

Current Linux architectures: s390, s390x, PPC64, PPC64le, ia64, x86, x86_64, AARCH64

Ubuntu

Current supported releases

x86_64, x86, AARCH64

System requirements

Before installing Privilege Manager6.1.1, ensure that your system meets the following minimum hardware and software requirements.

Table 3: Hardware and software requirements
Component Requirements
Operating systems

See Supported platforms to review a list of platforms that support Privilege Manager clients.

Disk space

80 MB of disk space for program binaries and manuals for each architecture.

Considerations:

  • At a minimum, you must have 80 MB of free disk space. The directories in which the binaries are installed must have sufficient disk space available on a local disk drive rather than a network drive. Before you install Privilege Manager, ensure that the partitions that will contain /opt/quest have sufficient space available.
  • Sufficient space for the keystroke logs, application logs, and event logs. The size of this space depends on the number of servers, the number of commands, and the number of policies configured.

  • The space can be on a network disk drive rather than a local drive.

  • The server hosting Privilege Manager must be a separate machine dedicated to running the pmmasterd daemon.
SSH software

You must install and configure SSH client and server software on all policy server hosts.

You must enable access to SSH as the root user on the policy server hosts during configuration of the policy servers. Both OpenSSH 4.3 (and later) and Tectia SSH 6.4 (and later) are supported.

Processor Policy Servers: 4 cores
Policy Servers: 4GB
Upgrade and compatibility

Privilege Manager for Unix supports a direct upgrade installation from version 6.0. The Privilege Manager software in this release is provided using platform-specific installation packages. For more information on upgrading, see the One IdentityPrivilege Manager for Unix Administration Guide.

One Identity recommends that:

  • You upgrade your policy server (Master) systems before agents, and that a policy server is run at the same or higher level than agents.
  • All policy server systems and agents are upgraded to the latest version to take advantage of all new features.

The upgrade process will create symbolic links to ensure that your existing paths function correctly.

Use of the Privilege Manager clients (pmrun and pmshells) with a policy server in Sudo policy mode is not supported.

Self Service Tools
Knowledge Base
Notifications & Alerts
Product Support
Software Downloads
Technical Documentation
User Forums
Video Tutorials
RSS Feed
Contact Us
Licensing Assistance
Technical Support
View All
Related Documents