Chat now with support
Chat with Support

Safeguard for Sudo 7.1.1 - Administration Guide

Introducing Safeguard for Sudo Planning Deployment Installation and Configuration Upgrade Safeguard for Sudo System Administration Managing Security Policy Administering Log and Keystroke Files Troubleshooting Safeguard Variables Safeguard programs Installation Packages Unsupported Sudo Options Safeguard for Sudo Policy Evaluation

Configuring a secondary server

You use the pmsrvconfig -s <primary_policy_server> command to configure a secondary server. See pmsrvconfig for more information about the pmsrvconfig command options.

To configure the secondary server

  1. From the command line of the secondary server host, run: 
    # pmsrvconfig –s <primary_policy_server>

    where <primary_policy_server> is the hostname of your primary policy server.

    pmsrvconfig prompts you for the "Join" password from the primary policy server, exchanges ssh keys for the pmpolicy service user, and updates the new secondary policy server with a copy of the master (production) policy.

Once you have installed and configured a secondary server, you are ready to join the Sudo Plugin to it. See Join hosts to policy group for details.

Synchronizing policy servers within a group

Safeguard generates log files containing event timestamps based on the local clock of the authorizing policy server.

To synchronize all policy servers in the policy group, use Network Time Protocol (NTP) or a similar method of your choice.

Install Sudo Plugin on a remote host

Once you have installed and configured the primary policy server, you are ready to install a Sudo Plugin on a remote host.

Checking Sudo Plugin Host for installation readiness

To check a Sudo Plugin host for installation readiness

  1. Log on to the remote host system as the root user and navigate to the files you extracted on the primary policy server.
  2. From the root directory, run a readiness check to verify the host meets the requirements for installing and using the Sudo Plugin, by running: 
    # sh pmpreflight.sh –-sudo –-policyserver <myhost>

    where <myhost> is the hostname of the primary policy server.

    Running pmpreflight.sh –-sudo performs these tests:

    • Basic Network Conditions:
      • Hostname is configured
      • Hostname can be resolved
      • Reverse lookup returns it own IP
    • Policy Server Connectivity
      • Hostname of policy server can be resolved
      • Can ping the policy server
      • Can make a connection to policy server
      • Policy server is eligible for a join
    • Sudo Installation
      • sudo is present on the host
      • sudo is in a functional state
      • sudo is version 1.8.1 (or later)
    • Prerequisites to support off-line policy caching
      • SSH keyscan is available
      • Policy server port is available
  3. Resolve any reported issues and rerun pmpreflight until all tests pass.
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating