After you have made several revisions to your policy file under source control, you can view the list of policy file versions stored in the repository.
To display all previous version numbers with timestamps and commit logs
# pmpolicy log
This command returns output similar to this:
** Validate options [ OK ] ** Check out working copy [ OK ] ** Retrieve revision details [ OK ] version="3",user="pmpolicy",date=2011-05-11,time=19:27:01,msg="" version="2",user="pmpolicy",date=2011-05-11,time=19:19:47,msg="added tuser" version="1",user="pmpolicy",date=2011-05-11,time=15:56:12,msg="First import"
You can view the changes from revision to revision of a policy file.
To show the differences between version 1 and version 3
# pmpolicy diff –r:1:3
This command returns output similar to this:
** Validate options [ OK ] ** Check out working copy [ OK ] ** Check differences [ OK ] ** Report differences between selected revisions [ OK ] Details: Index: sudoers =================================================================== --- sudoers (revision 1) +++ sudoers (revision 3) @@ -13,6 +13,7 @@ ## User privilege specification ## root ALL=(ALL) ALL +tuser myhost.example.com, myhost.example.com = /usr/bin/whoami ## Uncomment to allow members of group wheel to execute any command # %wheel ALL=(ALL) ALL
The output reports lines removed and lines added in a unified diff format.
It is important for you to perform systematic backups of the following directories on all policy servers:
|
NOTE: When recovering from a failure, keep the same hostname and IP address. |
The Privilege Manager security system consists of one or more centralized policy servers and one or more remote clients. A user wishing to run a command secured by Privilege Manager makes a request to their client. The request is then propagated to the policy server which consults a security policy to determine whether to allow or disallow the command. A typical Privilege Manager installation has several policy servers to provide adequate fail-over and load-balancing coverage.
The Privilege Manager policy servers are capable of recording all the activity which passes through them. The power to accurately log root, and other account activities in a safe environment allows you to implement a secure system administration regime with an indelible audit trail. You always know exactly what is happening in root, as well as who did it, when it happened, and where.
The data created by the Privilege Manager policy servers is stored in a log file called an event log. An entry in the event log is made every time a policy server is used to run a command.
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy