Chat now with support
Chat with Support

Safeguard Authentication Services 4.1.5 - Management Console for Unix Administration Guide

One Identity Privileged Access Suite for Unix Introducing One Identity Management Console for Unix Installing Management Console for Unix Preparing Unix Hosts Working with Host Systems Managing Local Groups Managing Local Users Active Directory Integration Authentication Services Integration Privilege Manager Integration Reporting Setting Preferences Security Troubleshooting Tips
Auto Profile Issues Active Directory Issues Auditing and Compliance Cannot Create a Service Connection Point Check Authentication Services Agent Status Commands Not Available CSV or PDF Reports Do Not Open Database Port Number Is Already in Use Elevation Is Not Working Hosts Do Not Display Import File Lists Fakepath Information Does Not Display in the Console Java Applet Failures License Info in Report is not Accurate Out of Memory Error Post Install Configuration Fails on Unix or Mac Privilege Manager Feature Issues Profile Task Never Completes questusr Account was Deleted Readiness Check Failed Recovering From a Failed Upgrade Reports Are Slow Reset the Supervisor Password Running on a Windows 2008 R2 Domain Controller Service Account Login Fails Setting Custom Configuration Settings Single Sign-on (SSO) Issues JVM Memory Tuning Suggestions Start/Stop/Restart Management Console for Unix Service Tool Bar Buttons Are Not Enabled UID or GID Conflicts
System Maintenance Command Line Utilities Web Services Database Maintenance

Database Security

The Management Console for Unix server communicates with a database on port 9001 over the loopback interface. The password used is randomly generated at install time. One Identity recommends that you configure a local firewall to exclude remote access to this port. For information on how to change the default port on which the database runs, see Database Port Number Is Already in Use.

Summary of Security Recommendations

One Identity recommends that you implement the following to secure the data used by Management Console for Unix:

  • When authenticating Active Directory users for access to Management Console for Unix make sure that the server is installed on a machine that is joined to the Active Directory forest you wish to manage.
  • Install an SSL/TLS key pair and certificate that is signed by a Certification Authority that will be trusted by all users' browsers.
  • Directly import SSH host keys using a known_hosts file, or the Import SSH Host Key tool bar command; or manually verify the fingerprints by disabling the Automatically accept SSH keys option when profiling.
  • Configure a local firewall to restrict remote access to the database port (Default port is 9001).

Troubleshooting Tips

To help you troubleshoot, One Identity recommends the following resolutions to some of the common problems you might encounter as you deploy and use Management Console for Unix.

Note: Simply re-profiling a host can resolve issues caused when the host is out of sync with the server.

Auto Profile Issues

The following topics may help you resolve some problems related to Auto Profiling.

Related Documents