Chat now with support
Chat with Support

Safeguard for Sudo 2.0 - Administrators Guide

One Identity Privileged Access Suite for Unix Introducing Privilege Manager for Unix Introducing Privilege Manager for Sudo Planning Deployment Installation and Configuration
Download Privilege Manager for Unix Software Packages Download Privilege Manager for Sudo Software Packages Quick Start and Evaluation Configure a Primary Policy Server Configure a Secondary Policy Server Install PM Agent or Sudo Plugin on a Remote Host Remove Configurations
Upgrading Privilege Manager System Administration Managing Security Policy The Privilege Manager for Unix Security Policy Advanced Privilege Manager for Unix Configuration Administering Log and Keystroke Files InTrust Plug-in for Privilege Manager Troubleshooting Privilege Manager for Unix Policy File Components Privilege Manager Variables Privilege Manager for Unix Flow Control Statements Privilege Manager for Unix Built-in Functions and Procedures Privilege Manager Programs Installation Packages Unsupported Sudo Options Sudo Plugin Policy Evaluation About us

Generating Reports

InTrust provides all of its reporting services through the InTrust Knowledge Portal which is based on Microsoft SQL Server® Reporting Services. This provides functionality to generate reports dynamically from the InTrust data store and display them though a simple browser based utility.

The Knowledge Portal allows you to create reports manually, however there are a number of pre-compiled reports that gather the following Privilege Manager event log data:

  • All events
  • Elevated privilege events
  • All events grouped result
  • Out of band events
  • Rejected events

The reports are provided in a .msi installer which installs and configures the required Knowledge Portal components. To view the reports, simply load the Knowledge Portal using Start | Programs | Quest Software | Quest InTrust Knowledge Portal | Quest InTrust Knowledge Portal, then select InTrust for Privilege Manager from the report list.

For more information, please refer to the InTrust for Active Directory documentation.

Gathering InTrust Data

The general concept behind the InTrust server is that you configure a number of objects individually to perform a specific part of the data gathering process. These objects are then combined to form a work flow system. These are the objects you need to configure to complete a simple data gathering work flow:

  • Site – Contains a list of Privilege Manager policy servers from which the gathering process gathers data.
  • Data Source – Stores details about the data source format.
  • Gathering Policy - Specifies which data source to use.
  • Task/Job – A task contains a list of jobs, each of which specifies the frequency at which to gather data according to a particular gathering policy.
  • Data Store – Database or InTrust Repository that stores the imported data.

You can either manually create these objects or import them from the Privilege Manager Knowledge Pack.

To import these objects

Run the InTrustPDOImport import utility:

InTrustPDOImport.exe –import <object>

The import utility is located by default in:

<install location>\Quest Software\InTrust\Server\ADC\SupportTools

Once you have imported the objects, add the list of Privilege Manager policy servers to the site object.

NOTE: For more information about importing objects, please refer to the InTrust Creating Custom Data Collection documentation.

Once configured, the InTrust server objects can gather the data.

NOTE: By default the Privilege Manager gathering task provided in the knowledge pack retrieves event log data on a daily basis. However, you can customize this setting in the Gathering Policy.

Quest recommends that you verify the gathering process by running the task manually.

To run the gathering process manually

  • Right-click the Privilege Manager task and select Run.

The details of a gathering job are recorded in sessions, accessible by means of the tree view.

The example below shows the result of a successful job.

Troubleshooting

Troubleshooting

To help you troubleshoot, Quest recommends the following resolutions to some of the common problems you might encounter as you deploy and use Privilege Manager.

Displaying Sudo Policy Debug Information

Troubleshooting > Displaying Sudo Policy Debug Information

Debug logs can help you determine if the sudo options are being enabled correctly in the policy.

To display debug information for Sudo policy

  1. From the command line, enter:
    $ sudo – D9 <command>

    NOTE: Specifying the –D9 option with the sudo command, enables maximum debugging, which is useful for verifying options in the sudoers policy. For example run the following and examine the output:

    $ sudo –D9 id
Related Documents