System Requirements
Prior to installing Privilege Manager, ensure your system meets the minimum hardware and software requirements for your platform.
| Component | Requirements | ||||
|---|---|---|---|---|---|
| Operating Systems |
Click www.quest.com/privilege-manager-for-unix to review a list of Unix and Linux® platforms that support Privilege Manager for Unix. Click www.quest.com/quest-one-privilege-manager-for-sudo to review a list of Unix, Linux®, and Mac OS X® platforms that support Privilege Manager for Sudo. | ||||
| Disk Space |
80 MB of disk space for program binaries and manuals for each architecture.
| ||||
| SSH Software | You must install and configure SSH client and server software on all policy server hosts, and install SSH client software on all hosts that will use the Sudo Plugin. You must enable access to SSH as the root user on the policy server hosts during configuration of the policy servers. Both OpenSSH 2.5 (and higher) and Tectia SSH 5.0 (and higher) are supported. | ||||
| Processor | Policy Servers - 4 cores | ||||
| RAM | Policy Servers - 4GB |
Privilege Manager for Sudo Requirements
| Systems Required | Minimum Requirements |
|---|---|
| Primary Policy Server |
|
| Host System |
|
Default Ports
Configure the firewall ports appropriately when installing the Sudo Plugin on separate machines from the policy server.
| Variable | Default Port | Description |
|---|---|---|
| masterport | 12345 | TCP/IP port for pmmasterd. Privilege Manager for Unix uses the masterport to communicate with the pmmasterd (policy server daemon). |
Reserve Special User and Group Names
Reserve the following names for Privilege Manager for Unix usage:
- pmpolicy (user and group)
- pmlog (group)
Required Privileges
You will need root privileges to install Privilege Manager software. Either log in as root or use the su program to acquire root privileges. Due to the importance of the root account, Privilege Manager carefully protects the system against certain accidental or deliberate situations that might lead to a breach in security. For example, if Privilege Manager discovers that its configuration files are open to modification by non-root users, it will reject all job requests. Furthermore, all Privilege Manager directories back to the / directory are checked for security in the same way, to guard against accidental or deliberate replacement.
Estimating Size Requirements
Keystroke and Event Log Disk Space Requirements
The amount of disk space required to store keystroke logs will vary significantly based on the amount of terminal output generated by the user's daily activity and the level of logging configured. An average Privilege Manager for Unix keystroke log will contain an additional 4KB of data on top of the amount of data displayed to the user's terminal. Taking an average of the amount of terminal output generated by a few users over the course of a normal day would allow for an approximate estimation to be calculated. For example, a developer using a vi session throughout the day may generate 200KB of terminal output. A team of 200 developers each generating a similar amount of terminal output per working day could be expected to use 31GB of disk space over a three-year period [ 204 (200 + 4KB) x 200 (developers) x 260 (working days) x 3 (years) = 31,824,000 ].
The level of logging can also be configured to reduce the overhead on the Masters. For example, some customers only log the user's input (key presses) which will dramatically reduce the amount of logging.
Event log entries will typically use 4-5KB of storage per event, but may vary slightly depending on the data stored in the events. For example, events might be slightly larger for users that have lots of environment variables defined. Taking an average of the number of events that occur over the course of a normal day should allow you to estimate the disk space requirements for event logs. For example, if the same team of developers generate 1,000 events in a normal working day, they would be expected to use nearly 4GB of disk space over a three-year period [ 5 (KB) * 1000 (events) * 260 (days) * 3 (years) = 3,900,000 ].
Policy Server Deployment Requirements
The following recommendations are only provided as a rough guideline. The number of policy servers required for your environment may vary greatly depending on usage.
- 1 policy server is suitable for small test environments with less than 50 hosts.
- Production environments should have minimum of 2 policy servers.
- Add an additional policy server for every 150-200 Privilege Manager hosts.
- Additional policy servers may be required to support geographically disparate locations.