Chat now with support
Chat with Support

Safeguard for Sudo 2.0 - Administrators Guide

One Identity Privileged Access Suite for Unix Introducing Privilege Manager for Unix Introducing Privilege Manager for Sudo Planning Deployment Installation and Configuration
Download Privilege Manager for Unix Software Packages Download Privilege Manager for Sudo Software Packages Quick Start and Evaluation Configure a Primary Policy Server Configure a Secondary Policy Server Install PM Agent or Sudo Plugin on a Remote Host Remove Configurations
Upgrading Privilege Manager System Administration Managing Security Policy The Privilege Manager for Unix Security Policy Advanced Privilege Manager for Unix Configuration Administering Log and Keystroke Files InTrust Plug-in for Privilege Manager Troubleshooting Privilege Manager for Unix Policy File Components Privilege Manager Variables Privilege Manager for Unix Flow Control Statements Privilege Manager for Unix Built-in Functions and Procedures Privilege Manager Programs Installation Packages Unsupported Sudo Options Sudo Plugin Policy Evaluation About us

Synchronizing Policy Servers within a Group

Privilege Manager for Unix generates log files containing event timestamps based on the local clock of the authorizing policy server.

To synchronize all policy servers in the policy group, use Network Time Protocol (NTP) or a similar method of your choice.

Install PM Agent or Sudo Plugin on a Remote Host

Installation and Configuration > Install PM Agent or Sudo Plugin on a Remote Host

Once you have installed and configured the primary policy server, you are ready to install a PM Agent or Sudo Plugin on a remote host.

NOTE: PM Agent pertains to Privilege Manager for Unix; while Sudo Plugin pertains to Privilege Manager for Sudo.

Check PM Agent Host for Installation Readiness

Installation and Configuration > Install PM Agent or Sudo Plugin on a Remote Host > Check PM Agent Host for Installation Readiness

To check a PM Agent host for installation readiness

  1. Log on to the remote host system as the root user and navigate to the files you extracted on the primary policy server.
  2. From the root directory, run a readiness check to verify the host meets the requirements for installing and using the PM Agent, by running:
    # sh preflight.sh –-pmpolicy –-policyserver <myhost>

    where <myhost> is the hostname of the primary policy server.

    NOTE: Running preflight.sh –-pmpolicy performs these tests:

    • Basic Network Conditions:
      • Hostname is configured
      • Hostname can be resolved
      • Reverse lookup returns it own IP
    • Privilege Manager for Unix Client Network Requirements
      • PM Agent port is available (TCP/IP port 12346)
      • Tunnel port is available (TCP/IP port 12347)
    • Policy Server Connectivity
      • Hostname of policy server can be resolved
      • Can ping the policy server
      • Can make a connection to policy server
      • Policy server is eligible for a join
      • Policy server can make a connection to the PM Agent on port 12346
  3. Resolve any reported issues and rerun pmpreflight until all tests pass.

Install a PM Agent on a Remote Host

To install an agent on a remote host

  1. Log on as the root user.
  2. Change to the directory containing the qpm-agent package for your specific platform. For example, on a 64-bit Red Hat® Linux®, enter:
    # cd agent/linux-x86_64
  3. Run the platform-specific installer. For example, on Red Hat® Linux® run:
    # rpm --install qpm-agent-*.rpm

    Once you install the Privilege Manager agent package, the next task is to join the agent to the policy server.

Related Documents