立即与支持人员聊天
与支持团队交流

Safeguard for Sudo 7.3 - Release Notes

Safeguard for Sudo 7.3

Safeguard for Sudo 7.3

Release Notes

24 May 2024, 10:29

These release notes provide information about the One Identity Safeguard for Sudo release.

Topics:
About this release

Safeguard for Sudo helps Unix/Linux organizations take privileged account management through Sudo to the next level: with a central policy server, centralized management of Sudo and sudoers, centralized reporting on sudoers and elevated rights activities, and event and keystone logging of activities performed through Sudo. With Safeguard for Sudo, One Identity provides a plug-in to Sudo 1.8.1 (and later) to make administering Sudo across a few, dozens, hundreds, or thousands of Unix/Linux servers easy, intuitive, and consistent. It eliminates the box-to-box management of Sudo that is the source of so much inefficiency and inconsistency. In addition, the centralized approach delivers the ability to report on the change history of the sudoers policy file.

Safeguard for Sudo 7.3 is a patch release that includes Resolved issues.

NOTE: Beginning with version 7.0, Safeguard for Sudo supports only Linux-based systems for Safeguard for Sudo policy servers.

End of support notice

After careful consideration, One Identity has decided to cease the development of the Management Console for Unix (MCU). Therefore, the MCU will enter limited support for all versions on April 1, 2021. Support for all versions will reach end of life on Nov 1, 2021.

As One Identity retires the MCU, we are building its feature set into modern platforms starting with Software Distribution and Profiling. Customers that use the MCU to deploy Authentication Services and Safeguard for Sudo can now use our Ansible collections for those products, which can be found at Ansible Galaxy.

New features

New features in Safeguard for Sudo 7.3:

  • Safeguard for Sudo now supports MacOS version 14.

  • Services can now write the syslog messages as CEF (Common Event Format), useful for messages about Accept and Reject events.

    NOTE: Logging in CEF is disabled by default. To enable it, set the configuration option logFormat to cef.

  • Introduced the pmcheckperms utility, used to check the ownership and permissions of Privilege Manager files on the system. For more information, see pmcheckperms in the Safeguard for Sudo Administration Guide.

See also:

Resolved issues

The following is a list of issues addressed in this release.

Table 1: Resolved issues
Resolved Issue Issue ID

Fixed an issue where sudo could crash when the Safeguard for Sudo plugin was installed and the pmserviced daemon was not running.

The pmserviced daemon is responsible for starting the pmmasterd service, which supports offline policy evaluation when the policy server is not reachable. If the pmmasterd service is unavailable, the Safeguard for Sudo plugin will attempt to contact the policy server directly. A bug in the code that implements this fallback mechanism could have resulted in a crash if the pmserviced daemon was not running, and has been fixed.

438545

Fixed an issue where the pmlogsrvd service on a policy server would attempt to process a duplicate event indefinitely.

Duplicate events are now discarded instead of being retried. If two different events have the same UUID, the second event is assigned a new UUID.

439903

On newer Linux distributions, such as RHEL 9.2, the qpm packages required installing the libxcrypt-compat package to work.

This dependency is not required anymore.

443055

Fixed an issue where pmlogxfer reported the following error message in the syslog when transferring the logs collected in offline mode:

1101 Assignment to constant

444510

On macOS ARM64, packages do not require Rosetta 2 to be installed anymore.

453156

Supported platforms

The following table provides a list of supported platforms for Safeguard for Sudo clients.

NOTE: Beginning with version 7.0, Safeguard for Sudo supports only Linux-based systems for Safeguard for Sudo policy servers.

CAUTION: As of Safeguard for Sudo version 7.3, the following platforms and architectures are no longer supported:

  • CentOS Linux 6

  • Apple MacOS 11.3

  • Oracle Enterprise Linux (OEL) 6

  • Red Hat Enterprise Linux (RHEL) 6

Table 2: Linux supported platforms — server and plugin

Platform

Version

Architecture

Alma Linux

8, 9

x86_64, AARCH64, PPC64le, s390x

Amazon Linux

AMI, 2, AL2022

x86_64

CentOS Linux

7, 8, 9

Current Linux architectures: s390x, PPC64, PPC64le, x86, x86_64, AARCH64

CentOS Stream

8, 9

x86_64, AARCH64, PPC64le, s390x

Debian

Current supported releases

x86_64, x86, AARCH64

Fedora Linux

Current supported releases

x86_64, x86, AARCH64

OpenSuSE

Current supported releases

x86_64, x86, AARCH64

Oracle Enterprise Linux (OEL)

7, 8, 9

Current Linux architectures: s390x, PPC64, PPC64le, x86, x86_64, AARCH64

Red Hat Enterprise Linux (RHEL)

7, 8, 9

Current Linux architectures: s390x, PPC64, PPC64le, x86, x86_64, AARCH64

Rocky Linux

8, 9

x86_64, AARCH64, PPC64le, s390x

SuSE Linux Enterprise Server (SLES)/Workstation

12, 15

Current Linux architectures: s390x, PPC64, PPC64le, x86, x86_64, AARCH64

Ubuntu

Current supported releases

x86_64, x86, AARCH64

Table 3: Unix and Mac supported platforms — plugin

Platform

Version

Architecture

Apple MacOS

12.0 and above

x86_64, ARM64

FreeBSD

12.x, 13.x, 14.x

x32, x64

HP-UX

11.31

IA-64

IBM AIX

6.1 TL9, 7.1 TL3, TL4, TL5, 7.2, 7.3

Power 4+

Oracle Solaris

10 8/11 (Update 10), 11.x

SPARC, x64

自助服务工具
知识库
通知和警报
产品支持
下载软件
技术说明文件
用户论坛
视频教程
RSS订阅源
联系我们
获得许可 帮助
技术支持
查看全部
相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级