pmsrvinfo [--csv] | -v
Use the pmsrvinfo command to display information about the group in either human readable or CSV format. You can run this program on any server in the policy group.
pmsrvinfo has the following options:
|--csv||Display csv, instead of human readable, output.|
|-v||Displays the Privilege Manager for Unix version number and exits.|
Policy Server Configuration: ---------------------------- Privilege Manager for Unixversion : 6.0.0 (nnn) Listening port for pmmasterd daemon : 12345 Comms failover method : random Comms timeout(in seconds) : 10 Policy type in use : pmpolicy Group ownership of logs : pmlog Group ownership of policy repository : pmpolicy Policy server type : primary Primary policy server for this group : adminhost1 Group name for this group : adminGroup1 Location of the repository : file:////var/opt/quest/qpm4u/.qpm4u/.repository/pmpolicy_repos/trunk Hosts in the group : adminhost1 adminhost2
pmstatus [-v] [-p port] [-h hostname] [-f hostfile] [-o outfile]
The pmstatus program checks connectivity between Privilege Manager for Unix and pmlocald and pmmasterd on the specified hosts. You must specify at least one host, using either the -h or -f option.
NOTE: This program is not designed to use with sudo policy.
pmstatus has the following options:
|-f hostfile||Specifies the name of a file containing a list of hosts to check.|
|-h hostname||Specifies the name of the host to check. -h supercedes -f if you specify both options.|
|-o outfile||Writes status information to the specified file.|
|-p port||Specifies an alternative port to use when checking for connectivity with pmmasterd.|
|-v||Displays version information for the pmstatus program.|
The following is an example of the output from pmstatus, if the command is directed at a host that is contactable and that contains Privilege Manager components:
[root@sdfbs02p linux-intel]# ./pmstatus -h sdfbs07p Master process on sdfbs07p:12345 responded Agent process on sdfbs07p:12346 responded
The following is an example of the output from pmstatus, if the command is directed at a host that is contactable, but does not contain any Privilege Manager components:
[root@sdfbs02p linux-intel]# ./pmstatus -h sdfbs07p pmstatus5.0.2 (006): 3003 Could not connect to a master daemon for sdfbs07p No master process responded on sdfbs07p:12345 pmstatus5.0.2 (006): 3001 Connection to pmlocald on sdfbs07p failed: Connection refused No agent process responded on sdfbs07p:12346
Use pmscp in conjunction with scp to launch the remote scp -t and scp -f daemons by means of pmrun -h. This allows you to use Privilege Manager to launch the remote scp daemons.
pmscp provides an alternate encryption channel for the scp command leaving authentication requirements to your Privilege Manager policy. Either put /opt/quest/bin in your PATH or use the absolute path.
To copy files to the /tmp directory on remote host, as root run the following:
scp -S pmscp <filename> user@remotehost:/tmp
Use pmsum to generate a checksum of the named file. The output it produces can be used in a policy with the runcksum variable. If the requested binary/command does not match the checksum, it rejects the command. (See runcksum for details.)
pmsum has the following options:
|-v||Prints the version number of Privilege Manager for Unix and exits.|
# pmsum /bin/ls 5591e026 /bin/ls