Chat now with support
Chat with Support

Safeguard for Sudo 2.0 - Administrators Guide

One Identity Privileged Access Suite for Unix Introducing Privilege Manager for Unix Introducing Privilege Manager for Sudo Planning Deployment Installation and Configuration
Download Privilege Manager for Unix Software Packages Download Privilege Manager for Sudo Software Packages Quick Start and Evaluation Configure a Primary Policy Server Configure a Secondary Policy Server Install PM Agent or Sudo Plugin on a Remote Host Remove Configurations
Upgrading Privilege Manager System Administration Managing Security Policy The Privilege Manager for Unix Security Policy Advanced Privilege Manager for Unix Configuration Administering Log and Keystroke Files InTrust Plug-in for Privilege Manager Troubleshooting Privilege Manager for Unix Policy File Components Privilege Manager Variables Privilege Manager for Unix Flow Control Statements Privilege Manager for Unix Built-in Functions and Procedures Privilege Manager Programs Installation Packages Unsupported Sudo Options Sudo Plugin Policy Evaluation About us

pmsrvinfo

Syntax
pmsrvinfo [--csv] | -v
Description

Use the pmsrvinfo command to display information about the group in either human readable or CSV format. You can run this program on any server in the policy group.

Options

pmsrvinfo has the following options:

Table 93: Options: pmsrvinfo
Option Description
--csv Display csv, instead of human readable, output.
-v Displays the Privilege Manager for Unix version number and exits.

Examples
# pmsrvinfo
Policy Server Configuration: 
---------------------------- 
Privilege Manager for Unixversion   : 6.0.0 (nnn) 
Listening port for pmmasterd daemon    : 12345 
Comms failover method                  : random 
Comms timeout(in seconds)              : 10 
Policy type in use                     : pmpolicy 
Group ownership of logs                : pmlog 
Group ownership of policy repository   : pmpolicy 
Policy server type                     : primary 
Primary policy server for this group   : adminhost1 
Group name for this group              : adminGroup1 
Location of the repository             :
file:////var/opt/quest/qpm4u/.qpm4u/.repository/pmpolicy_repos/trunk 
Hosts in the group                     : adminhost1 adminhost2

pmstatus

Syntax
pmstatus [-v] [-p port] [-h hostname] [-f hostfile] [-o outfile]
Description

The pmstatus program checks connectivity between Privilege Manager for Unix and pmlocald and pmmasterd on the specified hosts. You must specify at least one host, using either the -h or -f option.

NOTE: This program is not designed to use with sudo policy.

Options

pmstatus has the following options:

Table 94: Options: pmstatus
Option Description
-f hostfile Specifies the name of a file containing a list of hosts to check.
-h hostname Specifies the name of the host to check. -h supercedes -f if you specify both options.
-o outfile Writes status information to the specified file.
-p port Specifies an alternative port to use when checking for connectivity with pmmasterd.
-v Displays version information for the pmstatus program.
Examples

The following is an example of the output from pmstatus, if the command is directed at a host that is contactable and that contains Privilege Manager components:

[root@sdfbs02p linux-intel]# ./pmstatus -h sdfbs07p 
Master process on sdfbs07p:12345 responded 
Agent process on sdfbs07p:12346 responded 

The following is an example of the output from pmstatus, if the command is directed at a host that is contactable, but does not contain any Privilege Manager components:

[root@sdfbs02p linux-intel]# ./pmstatus -h sdfbs07p 
pmstatus5.0.2 (006): 3003 Could not connect to a master daemon for sdfbs07p 
No master process responded on sdfbs07p:12345 
pmstatus5.0.2 (006): 3001 Connection to pmlocald on sdfbs07p failed: Connection refused 
No agent process responded on sdfbs07p:12346 

pmscp

Description

Use pmscp in conjunction with scp to launch the remote scp -t and scp -f daemons by means of pmrun -h. This allows you to use Privilege Manager to launch the remote scp daemons.

pmscp provides an alternate encryption channel for the scp command leaving authentication requirements to your Privilege Manager policy. Either put /opt/quest/bin in your PATH or use the absolute path.

Examples

To copy files to the /tmp directory on remote host, as root run the following:

scp -S pmscp <filename> user@remotehost:/tmp

pmsum

Syntax
pmsum /full_path_name
Description

Use pmsum to generate a checksum of the named file. The output it produces can be used in a policy with the runcksum variable. If the requested binary/command does not match the checksum, it rejects the command. (See runcksum for details.)

Options

pmsum has the following options:

Table 95: Options: pmsum
Option Description
-v Prints the version number of Privilege Manager for Unix and exits.
Examples
# pmsum /bin/ls 
5591e026 /bin/ls
Related Documents