立即与支持人员聊天
与支持团队交流

Privilege Manager for Unix 7.0 - Administration Guide

Introducing Privilege Manager for Unix Planning Deployment Installation and Configuration Upgrade Privilege Manager for Unix System Administration Managing Security Policy The Privilege Manager for Unix Security Policy Advanced Privilege Manager for Unix Configuration Administering Log and Keystroke Files InTrust Plug-in for Privilege Manager for Unix Troubleshooting Privilege Manager for Unix Policy File Components Privilege Manager for Unix Variables
Variable names Variable scope Global input variables Global output variables Global event log variables PM settings variables
Privilege Manager for Unix Flow Control Statements Privilege Manager for Unix Built-in Functions and Procedures
Environment functions Hash table functions Input and output functions LDAP functions LDAP API example List functions Miscellaneous functions Password functions Remote access functions String functions User information functions Authentication Services functions
Privilege Manager for Unix programs Installation Packages

Viewing InTrust reports

To view InTrust reports

  1. Using a web browser, navigate to your InTrust reports and verify that you now have an InTrust for Privilege Manager for Unix section.

    http://<Intrust Server>/Reports

     

  2. Select the report type that you want to generate, based on the data currently held in InTrust.

Generating reports

InTrust provides all of its reporting services through the InTrust Knowledge Portal which is based on Microsoft SQL Server Reporting Services. This provides functionality to generate reports dynamically from the InTrust data store and display them though a simple browser based utility.

The Knowledge Portal allows you to create reports manually, however there are a number of pre-compiled reports that gather the following Privilege Manager for Unix event log data:

  • All events
  • Elevated privilege events
  • All events grouped result
  • Out of band events
  • Rejected events

The reports are provided in a .msi installer which installs and configures the required Knowledge Portal components. To view the reports, simply load the Knowledge Portal using Start | Programs | Quest Software | Quest InTrust Knowledge Portal | Quest InTrust Knowledge Portal, then select InTrust for Privilege Manager for Unix from the report list.

For more information, please refer to the InTrust for Active Directory documentation.

Gathering InTrust data

The general concept behind the InTrust server is that you configure a number of objects individually to perform a specific part of the data gathering process. These objects are then combined to form a work flow system. These are the objects you need to configure to complete a simple data gathering work flow:

  • Configuration | Sites: Contains a list of Privilege Manager for Unix policy servers from which the gathering process gathers data.
  • Configuration | Data Sources: Stores details about the data source format.
  • Gathering | Gathering Policies: Specifies which data source to use.
  • Workflow | Tasks: A task contains a list of jobs, each of which specifies the frequency at which to gather data according to a particular gathering policy.
  • Configuration | Data Stores: Database or InTrust Repository that stores the imported data.

You can either manually create these objects or import them from the Privilege Manager for Unix Knowledge Pack.

To import these objects

  1. Run the InTrustPDOImport import utility:

    InTrustPDOImport.exe –import <object>

    The import utility is located by default in:

    <install location>\Quest Software\InTrust\Server\ADC\SupportTools

  2. Once you have imported the objects, add the list of Privilege Manager for Unix policy servers to the site object.

    For more information about importing objects, refer to the InTrust Creating Custom Data Collection documentation.

    Once configured, the InTrust server objects can gather the data.

    By default the Privilege Manager for Unix gathering task provided in the knowledge pack retrieves event log data on a daily basis. However, you can customize this setting in the Gathering Policy.

One Identity recommends that you verify the gathering process by running the task manually.

To run the gathering process manually

  1. In the Quest InTrust Manager, navigate to Workflow | Tasks.
  2. Right-click the Privilege Manager for Unix task and select Run.

The details of a gathering job are recorded in Workflow | Sessions, accessible by means of the tree view.

The example below shows the result of a successful job.

Troubleshooting

To help you troubleshoot, One Identity recommends the following resolutions to some of the common problems you might encounter as you deploy and use Privilege Manager for Unix.

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级