To install the Sudo Plugin package
# cd sudo_plugin/linux-x86_64
# rpm –-install qpm-plugin*.rpm
The topics in this section explain how to upgrade an existing Privilege Manager master to a Privilege Manager 6.0 primary policy server.
Because the Privilege Manager for Unix 6.0 native platform installer packages do not provide an automated rollback script, Quest highly recommends that you back up important data such as your license, pm.settings file, policy, and log files before you attempt to upgrade your existing Privilege Manager masters or policy servers.
If your Privilege Manager 5.5 master is a member of a License Cluster, Quest recommends that you unconfigure the License Cluster before starting the upgrade. License Clusters are not supported in Privilege Manager for Unix 6.0.
If you are upgrading a master with a version earlier than 5.5.0, Quest.short recommends that you back up important data and uninstall the previously installed version of Privilege Manager prior to installing version 6.0. Note that the master will not be able to service any agent requests while the previous version of Privilege Manager is uninstalled and before the new version is installed and configured.
|
NOTE: To install Privilege Manager 6.0, change to the directory where the install package is located for your platform and run the package installer. (See Install the Privilege Manager Packages for details about how to install the Privilege Manager for Unix software.) |
Unlike the Privilege Manager for Unix 5.5 installation and configuration program, there are separate Server and Agent installation packages provided in Privilege Manager for Unix 6.0. If you are upgrading a Privilege Manager for Unix master, install only the Server package, as it includes both server and agent components. If you are upgrading a Privilege Manager for Unix agent, install the agent package and then skip to "Joining the Agent to the Policy Group".
The pmsrvconfig configuration script initializes the policy repository on the primary policy server. pmsrvconfig creates a pmpolicy service account, which is used to own and manage the security policy repository. The configuration script asks you to provide a new password for the pmpolicy user. Please take note of this password, as you will need to provide it when configuring any secondary policy server(s). (See Security Policy Types for more information about the pmpolicy user.)
By default, the pmsrvconfig command generates a new policy. However, you may wish to import an existing policy (for example, if you are upgrading from a version prior to 5.6). To do this, use the pmsrvconfig command with the –f option. (See pmsrvconfig for details.)
Use the following guidelines for importing a policy:
The default profile-based policy in Privilege Manager 5.5.2 uses two distinct locations for its policy files. The main policy file, pm.conf, is located in /etc/opt/quest/qpm4u, while the remaining policy files are located in /opt/quest/qpm4u/policies.
The following example shows you how to import the policy.
To import the Privilege Manager 5.5.2 profile-based policy into Privilege Manager 6.0
# mkdir ~/policytmp # cp /etc/opt/quest/qpm4u/policy/pm.conf ~/policytmp # cp –r /opt/quest/qpm4u/policies/* ~/policytmp # vi ~/policytmp/pm.conf
include "/opt/quest/qpm4u/policies/profileBasedPolicy.conf";
to:
include "profileBasedPolicy.conf";
Now that you have modified the policy to conform to the above guidelines, test the policy using the pmcheck command.
|
NOTE: pmcheck and other Privilege Manager administrative commands are located in the /opt/quest/sbin directory. |
# pmcheck –p ~/policytmp –f ~/policytmp/pm.conf
The command returns:
Version 6.0.0 (021) licensed with no expiry date. ******************************************************************** ** QuestPrivilege Manager for Unix Version 6.0.0 (021) ** This request is being authorized on master :polsrv1.example.com ** User "root" has submitted a request from host "polsrv1.example.com" ** to run the command "NONE" ******************************************************************** Request accepted by the "admin" profile User : root Host : polsrv1.example.com Command : NONE All interactions with this command will be recorded in the file: /opt/quest/qpm4u/iologs/admin/root/NONE_20120525_1516_DDv0O1 Executing "NONE" as user "root" ... ******************************************************************** File /root/policytmp/pm.conf contains 0 errors.
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy