Chat now with support
Chat with Support

Safeguard for Sudo 7.2.1 - Release Notes

Safeguard for Sudo 7.2.1

Safeguard for Sudo 7.2.1

Release Notes

07 March 2022, 17:27

These release notes provide information about the One Identity Safeguard for Sudo release.

About this release

Safeguard for Sudo helps Unix/Linux organizations take privileged account management through Sudo to the next level: with a central policy server, centralized management of Sudo and sudoers, centralized reporting on sudoers and elevated rights activities, and event and keystone logging of activities performed through Sudo. With Safeguard for Sudo, One Identity provides a plug-in to Sudo 1.8.1 (and later) to make administering Sudo across a few, dozens, hundreds, or thousands of Unix/Linux servers easy, intuitive, and consistent. It eliminates the box-to-box management of Sudo that is the source of so much inefficiency and inconsistency. In addition, the centralized approach delivers the ability to report on the change history of the sudoers policy file.

Safeguard for Sudo 7.2.1 is a patch release that includes Resolved issues.

NOTE: Beginning with version 7.0, Safeguard for Sudo supports only Linux-based systems for Safeguard policy servers.

End of support notice

After careful consideration, One Identity has decided to cease the development of the Management Console for Unix (MCU). Therefore, the MCU will enter limited support for all versions on April 1, 2021. Support for all versions will reach end of life on Nov 1, 2021.

As One Identity retires the MCU, we are building its feature set into modern platforms starting with Software Distribution and Profiling. Customers that use the MCU to deploy Authentication Services and Safeguard for Sudo can now use our Ansible collections for those products, which can be found at Ansible Galaxy.

New features

New features in Safeguard for Sudo 7.2.1:

  • Safeguard for Sudo is shipped with OpenSSL shared objects since version 7.0. Due to recent high severity fixes in the OpenSSL library, the shipped shared objects have been upgraded to version 1.1.1m, which include the corresponding fixes.

  • The text of the End-user license agreement (EULA) has been updated. Users must accept the updated EULA upon installing this product.

See also:

Resolved issues

The following is a list of issues addressed in this release.

Table 1: Resolved issues
Resolved Issue Issue ID

Fixed updating the /etc/services file during policy server configuration.

In some cases, after unconfiguring the policy server, the policy server could leave entries belonging to Privilege Manager daemons in /etc/services file and the policy server configuration could result in having multiple entries.


Fixed issue when orphaned pmmasterd processes hang indefinitely due to network disconnect.

If the policy server disconnects from the network while there is an open sudo session on a client, there is a chance that the pmmasterd process handling that client connection never terminates. This issue has been fixed by enabling SO_KEEPALIVE socket option on the socket by default. It can be disabled by setting the 'masterkeepalive' configuration option to 'NO' in the pm.settings product configuration file.


For sudo clients, license validity could be reported wrongly for short time periods.

Some tools like "pmplugininfo -v" could report having no license for the product for short periods of time, even if a valid license has previously been installed for the policy server. These wrong messages only affected sudo clients joined to the policy server and not the policy server itself.


On the relatively new Fedora 35, pmlogsearch failed to return search results.

pmlogsearch did not previously support "protected regular" security hardening option (which is enabled by default on the Fedora 35 server). This resulted the tool to run on error and search results to become empty.


Fixed issue when audit trail files stored on the policy server could not be transmitted to an SPS logserver.

When the connection between the Safeguard for Sudo policy server and an SPS logserver is interrupted, IO logs are cached on the policy server if the policy server is not in 'enforced' mode. Later on, when the connection is restored, the cached trails can be sent to the SPS logserver by running the pmauditsrv send command. This caused critical error on SPS side, the received trails became corrupt, and data loss could happen.


Linux packages now ship with native service files for systemd.

To work on older systems as well, our packages provide sysv init scripts for service maintenance.

Newer linux distributions however may not provide compatibility with these by default: some additional packages need to be installed for that (for example systemd-sysvinit / initscripts). Now these additional packages are not needed any more. Note that sysv init scripts are still provided, and distributions without systemd remains supported (like RHEL 6).


Improved git-svn handling.

Prior to git-svn 1.8 it is not possible to query the version number without a working repository. In order to make the user interface more convenient, we postponed the version check until it is necessary. Because of this it is less likely to get warnings about missing or incompatible programs, however with this change the dependency is less obvious.


Fixed a race condition between pmmasterd and pmlogsrvd.

There is a rare race condition between pmlogsrvd and pmmasterd when they both access the same event in the database. From now on pmlogsrvd detects such a situation and solves the problem by restarting the affected database operation.


Supported platforms

The following table provides a list of supported platforms for Safeguard for Sudo clients.

NOTE: Beginning with version 7.2.1, Safeguard for Sudo supports only Linux-based systems for Safeguard policy servers.

Table 2: Linux supported platforms — server and plugin




Amazon Linux

AMI, 2


CentOS Linux

6, 7, 8

Current Linux architectures: s390x, PPC64, PPC64le, x86, x86_64, AARCH64


Current supported releases

x86_64, x86, AARCH64

Fedora Linux

Current supported releases

x86_64, x86, AARCH64


Current supported releases

x86_64, x86, AARCH64

Oracle Enterprise Linux (OEL)

6, 7, 8

Current Linux architectures: s390x, PPC64, PPC64le, x86, x86_64, AARCH64

Red Hat Enterprise Linux (RHEL)

6, 7, 8

Current Linux architectures: s390x, PPC64, PPC64le, x86, x86_64, AARCH64

SuSE Linux Enterprise Server (SLES)/Workstation

11 SP4, 12, 15

Current Linux architectures: s390x, PPC64, PPC64le, x86, x86_64, AARCH64


Current supported releases

x86_64, x86, AARCH64

Table 3: Unix and Mac supported platforms — plugin




Apple MacOS

10.15 or later

x86_64, ARM64


12.x, 13.x

x32, x64



PA, IA-64


6.1 TL9, 7.1 TL3, 7.2

Power 4+

Oracle Solaris

10 8/11 (Update 10), 11.x

SPARC, x64

Self Service Tools
Knowledge Base
Notifications & Alerts
Product Support
Software Downloads
Technical Documentation
User Forums
Video Tutorials
RSS Feed
Contact Us
Licensing Assistance
Technical Support
View All
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating