Novell PRIVILEGED USER MANAGER EVALUATION, PRIVILEGED USER MANAGER 2.2 Quick Start Manual
Novell Privileged User Manager
Evaluation Quick Start Guide
2.2 Release
Novell Privileged User Manager v2.2
Evaluation Quick Start Guide
Page 2
Table of Contents
1.0 CONCEPTS AND OVERVIEW ......................................................................................................................... 3
1.1 PREREQUISITES ............................................................................................................................................................3
1.2 OBTAINING EVALUATION INSTALLER ............................................................................................................................3
1.3 IMPORTANT INFORMATION – PLEASE READ BEFORE YOU START ..............................................................................4
2.1 INSTALL STD MANAGER PACKAGE ...............................................................................................................................5
2.1.1 AIX MANAGER INSTALL ....................................................................................................................................................5
2.1.2 HP-UX FRAMEWORK MANAGER INSTALL.............................................................................................................................6
2.1.3 LINUX FRAMEWORK MANAGER INSTALL ...............................................................................................................................7
2.1.4 SOLARIS FRAMEWORK MANAGER INSTALL ............................................................................................................................8
2.1.5 TRU64 FRAMEWORK MANAGER INSTALL .............................................................................................................................9
2.1.6 WINDOWS FRAMEWORK MANAGER INSTALL ......................................................................................................................10
2.2 LOG ON AND SET ADMINISTRATOR PASSWORD .........................................................................................................11
2.3 LOAD AND INSTALL EVALUATION DATABASES............................................................................................................12
2.3.1 LOAD EVALUATION INSTALLER ..........................................................................................................................................12
2.3.2 INSTALL EVALUATION DATABASES TO HOST ........................................................................................................................12
3.0 INITIAL ORIENTATION ................................................................................................................................... 14
LOG ON TO THE NOVELL PRIVILEGED USER MANAGER ADMINISTRATION CONSOLE .......................................................14
CHANGE PASSWORD .........................................................................................................................................................14
ORIENTATION: HOME MENU .............................................................................................................................................15
ORIENTATION: COMPLIANCE AUDITOR .............................................................................................................................16
ORIENTATION: REPORTING ...............................................................................................................................................17
ORIENTATION: HOSTS .......................................................................................................................................................18
ORIENTATION: PACKAGE MANAGER .................................................................................................................................19
ORIENTATION: COMMAND CONTROL ................................................................................................................................20
ORIENTATION: MANAGE USERS .......................................................................................................................................21
4.0 STEP BY STEP EXERCISES ......................................................................................................................... 22
REVIEWING KEYSTROKE ACTIVITY PROACTIVELY .............................................................................................................22
REVIEWING KEYSTROKE ACTIVITY FORENSICALLY ...........................................................................................................27
USE COMMAND CONTROL TO ACCESS A PRIVILEGED SHELL ...........................................................................................31
REVIEW NOVELL PRIVILEGED USER MANAGER SYSTEM LOGS ........................................................................................32
DOWNLOAD NOVELL UPDATES AND DEPLOY TO YOUR HOST ...........................................................................................33
Novell Privileged User Manager v2.2
Evaluation Quick Start Guide
Page 3
1.0 Concepts and Overview
The Novell Privileged User Manager evaluation package is a collection of preconfigured databases that can
be added to any standard manager installation to create an environment pre-populated with sample events
and example configurations. Evaluation deployment steps involve:
1. Check prerequisites and download appropriate manager installer binaries (Section 1.1).
2. Obtain evaluation installer (Section 1.2).
3. Read and understand evaluation warnings (Section 1.3)
4. Install standard manager package onto your supported platform (Section 2.1).
5. Log on to the administration console and set initial password (Section 2.2).
6. Install and load evaluation package to create pre-populated environment (Section 2.3)
7. Follow initial orientation to familiarize environment (Section 3).
8. Walk step by step through the example exercises (Section 4).
1.1 Prerequisites
- The administration console requires Adobe Flash to operate.
- Binaries for the standard Manager install can be obtained through download.novell.com
- Please make sure that you read and understand the implications of installing the evaluation package onto
an already configured system in Section 1.3.
SUSE Linux Enterprise Desktop and SUSE Linux Enterprise Server
1. You must make sure that the ksh shell is installed for the example exercises in Section 4 to work.
2. Edit /etc/ksh.kshrc as shown below to avoid the error below.
/bin/ls: cannot read symbolic link /proc/22154/exe: Permission denied
This is caused by the following line in /etc/ksh.kshrc
case "`/bin/ls --color=never -l /proc/$$/exe`" in
You can prevent this message by changing the line to the following:
case "`/bin/ls --color=never -l /proc/$$/exe 2>/dev/null`" in
1.2 Obtaining Evaluation Installer
The evaluation installer can be obtained through sales or technical support.
Section 1 – Concepts and Prerequisites
Novell Privileged User Manager v2.2
Evaluation Quick Start Guide
Page 4
1.3 Important Information – Please Read Before You Start
Note
We recommend that you apply the evaluation database package to a clean installation of the
standard Manager. You should also uninstall the package when finished as per the instructions at the
bottom of this page.
The evaluation database package consists of pre-population versions of the following databases:
Command Control audit database
Compliance Auditor event database
Command Control rules database
Installing the evaluation package
Installing the evaluation database package will create a backup copy of your existing configuration and
replace with the following:
Sample log events, including keystrokes
Sample Compliance Auditor events and rule
Sample Command Control rule configuration
Sample Command-Risk configuration
Uninstalling the evaluation package
Uninstalling the evaluation database package will restore your previously backed up configuration. Please
note that any configuration changes or captured events generated with the evaluation package installed will
be permanently removed.
Note also that the evaluation environment can be „refreshed‟ at any time simply by uninstalling and
reinstalling the evaluation package.
Recommendation
When you have finished your evaluation, we strongly recommend that you perform the following steps:
Uninstall the evaluation and restore your original configuration through the host console by clicking the
evaluation package, then selecting the „Uninstall Package‟ option from the left-hand menu (as below).
Remove the evaluation package from the Package Manager by clicking the package and selecting the
„Delete Packages‟ option from the left-hand menu (as below).
Section 1 – Concepts and Prerequisites
Novell Privileged User Manager v2.2
Evaluation Quick Start Guide
Page 5
2.1 Install Std Manager Package
Copy the evaluation package appropriate for your platform to a temporary location on the machine that will
be used for testing, and install according to the following instructions.
Note: By default the installation will install the software into /opt/novell.
2.1.1 AIX Manager Install
The AIX installation package is compressed through gzip. In order to install the package, you must unzip the
package through gunzip.
By default, the installation program installs the software into /opt/novell. To change this, create a directory in
the required part of the file system and create a symbolic link to /opt/novell.
To install the AIX manager:
1. Copy the installation package to a temporary location and use the following command to extract the
installation files:
gunzip novell-npum-manager-X.X-aix-X.X-powerpc.bff.gz
2. After the AIX installation package is uncompressed, use one of the following methods to perform the
installation.
o The AIX smitty program
o The following command:
installp -acgNQqwX -d <directory of .bff file> novellnpum
3. After installation is complete, check that the service is running by viewing the log file. The log file is
located in /opt/novell/npum/logs/unifid.log, if the default install location was used.
You should see an output similar to the following:
========================================
Version 2.2.0 (Rev:14967,Bld:4550) [aix-5.1-powerpc]
Database Version 3.5.7
[admin 2.2.0 (Rev:14979,Bld:4550) ] module loaded
[audit 2.2.0 (Rev:14937,Bld:4550) ] module loaded
[auth 2.2.0 (Rev:14897,Bld:4550) ] module loaded
[cmdctrl 2.2.0 (Rev:14867,Bld:4550) ] module loaded
[distrib 2.2.0 (Rev:14601,Bld:4550) ] module loaded
[msgagnt 2.2.0 (Rev:14842,Bld:4550) ] module loaded
[pkgman 2.2.0 (Rev:14972,Bld:4550) ] module loaded
[regclnt 2.2.0 (Rev:14845,Bld:4550) ] module loaded
[registry 2.2.0 (Rev:14926,Bld:4550) ] module loaded
[rexec 2.2.0 (Rev:14949,Bld:4550) ] module loaded
[secaudit 2.2.0 (Rev:14793,Bld:4550) ] module loaded
[strfwd 2.2.0 (Rev:14872,Bld:4550) ] module loaded
Service listening on 0.0.0.0:29120
Service listening on 0.0.0.0:443
Checking service registration for ussm-aixv1 (ussm-aixv1)
valid from Mon Mar 09 16:34:59 2009 to Mon Apr 06 17:34:59 2009 (registry offset 0 seconds)
Section 2 – Installation
Novell Privileged User Manager v2.2
Evaluation Quick Start Guide
Page 6
2.1.2 HP-UX Framework Manager Install
The HP-UX installation package is compressed through gzip. In order to install the package, you must unzip
the package through gunzip.
By default, the installation program installs the software into /opt/novell. To change this, create a directory in
the required part of the file system and create a symbolic link to /opt/novell.
To install the HP-UX manager:
1. Copy the installation package to a temporary location and use the following command to extract the
installation files:
For HP/PA:
gunzip novell-npum-manager-X.X-hpux-X.X-hppa.depot.gz
For ITA:
gunzip novell-npum-manager-X.X-hpux-X.X-ia64.depot.gz
2. After the HP-UX installation package is uncompressed, use the following command to install the
manager:
For HP/PA:
swinstall -s /<directory of .depot file>/novell-npum-manager-X.X-hpux-X.X-hppa.depot \*
For ITA:
swinstall -s /<directory of .depot file>/novell-npum-manager-X.X-hpux-X.X-ia64.depot \*
3. After installation is complete, check that the service is running by viewing the log file. The log file is
located in /opt/novell/npum/logs/unifid.log, if the default install location was used.
You should see an output similar to the following:
========================================
Version 2.2.0 (Rev:14967,Bld:4552) [hpux-11.23-ia64]
Database Version 3.5.7
[admin 2.2.0 (Rev:14979,Bld:4552) ] module loaded
[audit 2.2.0 (Rev:14937,Bld:4552) ] module loaded
[auth 2.2.0 (Rev:14897,Bld:4552) ] module loaded
[cmdctrl 2.2.0 (Rev:14867,Bld:4552) ] module loaded
[distrib 2.2.0 (Rev:14601,Bld:4552) ] module loaded
[msgagnt 2.2.0 (Rev:14842,Bld:4552) ] module loaded
[pkgman 2.2.0 (Rev:14972,Bld:4552) ] module loaded
[regclnt 2.2.0 (Rev:14845,Bld:4552) ] module loaded
[registry 2.2.0 (Rev:14926,Bld:4552) ] module loaded
[rexec 2.2.0 (Rev:14949,Bld:4552) ] module loaded
[secaudit 2.2.0 (Rev:14793,Bld:4552) ] module loaded
[strfwd 2.2.0 (Rev:14872,Bld:4552) ] module loaded
Service listening on 0.0.0.0:29120
Service listening on 0.0.0.0:443
Checking service registration for ussm-hpuxv1 (ussm-hpuxv1)
valid from Mon Mar 09 16:31:49 2009 to Mon Apr 06 17:31:49 2009 (registry offset 0 seconds)
Section 2 – Installation
Section 2 – Installation
Novell Privileged User Manager v2.2
Evaluation Quick Start Guide
Page 7
2.1.3 Linux Framework Manager Install
Linux hosts use the RPM packaging system for installation, upgrade, and removal.
By default, the installation program installs the software into /opt/novell. To change this, create a directory in
the required part of the file system and create a symbolic link to /opt/novell.
To install the Linux manager:
1. Run the following command:
rpm -i novell-npum-manager-X.X-linux-X.X-intel.rpm
2. After installation is complete, check that the service is running by viewing the log file. The log file is
located in /opt/novell/npum/logs/unifid.log, if the default install location was used.
You should see an output similar to the following:
========================================
Version 2.2.0 (Rev:14967,Bld:4552) [linux-2.6-intel]
Database Version 3.5.7
[admin 2.2.0 (Rev:14979,Bld:4552) ] module loaded
[audit 2.2.0 (Rev:14937,Bld:4552) ] module loaded
[auth 2.2.0 (Rev:14897,Bld:4552) ] module loaded
[cmdctrl 2.2.0 (Rev:14867,Bld:4552) ] module loaded
[distrib 2.2.0 (Rev:14601,Bld:4552) ] module loaded
[msgagnt 2.2.0 (Rev:14842,Bld:4552) ] module loaded
[pkgman 2.2.0 (Rev:14972,Bld:4552) ] module loaded
[regclnt 2.2.0 (Rev:14845,Bld:4552) ] module loaded
[registry 2.2.0 (Rev:14926,Bld:4552) ] module loaded
[rexec 2.2.0 (Rev:14949,Bld:4552) ] module loaded
[secaudit 2.2.0 (Rev:14793,Bld:4552) ] module loaded
[strfwd 2.2.0 (Rev:14872,Bld:4552) ] module loaded
Service listening on 0.0.0.0:29120
Service listening on 0.0.0.0:443
Checking service registration for ussm-linv1 (ussm-linv1)
valid from Mon Mar 09 18:18:27 2009 to Mon Apr 06 19:18:27 2009 (registry offset 0 seconds)
Section 2 – Installation
Novell Privileged User Manager v2.2
Evaluation Quick Start Guide
Page 8
2.1.4 Solaris Framework Manager Install
The Solaris installation package is compressed through gzip. In order to install the package, you must unzip
the package through gunzip.
By default, the installation program installs the software into /opt/novell. To change this, create a directory in
the required part of the file system and create a symbolic link to /opt/novell.
To install the Solaris manager:
1. Copy the installation package to a temporary location and use the following command to extract the
installation files:
For SPARC:
gunzip novell-npum-manager-X.X-solaris-X.X-sparc.pkg.gz
For Intel:
gunzip novell-npum-manager-X.X-solaris-X.X-intel.pkg.gz
2. After the Solaris installation package is uncompressed, use the following command to install the
manager:
For SPARC:
pkgadd - d /<directory of .pkg file>/novell-npum-manager-X.X-solaris-X.X-sparc.pkg
For Intel:
pkgadd - d /<directory of .pkg file>/novell-npum-manager-X.X-solaris-X.X-intel.pkg
3. After installation is complete, check that the service is running by viewing the log file. The log file is
located in /opt/novell/npum/logs/unifid.log, if the default install location was accepted.
You should see an output similar to the following:
========================================
Version 2.2.0 (Rev:14967,Bld:4552) [solaris-2.10-sparc]
Database Version 3.5.7
[admin 2.2.0 (Rev:14979,Bld:4552) ] module loaded
[audit 2.2.0 (Rev:14937,Bld:4552) ] module loaded
[auth 2.2.0 (Rev:14897,Bld:4552) ] module loaded
[cmdctrl 2.2.0 (Rev:14867,Bld:4552) ] module loaded
[distrib 2.2.0 (Rev:14601,Bld:4552) ] module loaded
[msgagnt 2.2.0 (Rev:14842,Bld:4552) ] module loaded
[pkgman 2.2.0 (Rev:14972,Bld:4552) ] module loaded
[regclnt 2.2.0 (Rev:14845,Bld:4552) ] module loaded
[registry 2.2.0 (Rev:14926,Bld:4552) ] module loaded
[rexec 2.2.0 (Rev:14949,Bld:4552) ] module loaded
[secaudit 2.2.0 (Rev:14793,Bld:4552) ] module loaded
[strfwd 2.2.0 (Rev:14872,Bld:4552) ] module loaded
Service listening on 0.0.0.0:29120
Service listening on 0.0.0.0:443
Checking service registration for ussm-solv1 (ussm-solv1)
valid from Mon Mar 09 17:24:28 2009 to Mon Apr 06 18:24:28 2009 (registry offset 0 seconds)
Section 2 – Installation
Novell Privileged User Manager v2.2
Evaluation Quick Start Guide
Page 9
2.1.5 Tru64 Framework Manager Install
The Tru64 installation package is compressed through gzip. In order to install the package, you must unzip
the package through gunzip.
By default, the installation program installs the software into /opt/novell. To change this, create a directory in
the required part of the file system and create a symbolic link to /opt/novell.
To install the Tru64 manager:
1. Copy the installation package to a temporary location and use the following command to extract the
installation files:
gunzip novell-npum-manager-X.X-tru64-X.X-alpha.tar.gz
tar –xvf novell-npum-manager-X.X-tru64-X.X-alpha.tar
2. After the Tru64 installation package is uncompressed, use the following command to install the manager:
setld -l NOVELLNPUM/
3. After installation is complete, check that the service is running by viewing the log file. The log file is
located in /opt/novell/npum/logs/unifid.log, if the default install location was used.
You should see an output similar to the following:
========================================
Version 2.2.0 (Rev:14967,Bld:4551) [tru64-5.1-alpha]
Database Version 3.5.7
[admin 2.2.0 (Rev:14979,Bld:4551) ] module loaded
[audit 2.2.0 (Rev:14937,Bld:4551) ] module loaded
[auth 2.2.0 (Rev:14897,Bld:4551) ] module loaded
[cmdctrl 2.2.0 (Rev:14867,Bld:4551) ] module loaded
[distrib 2.2.0 (Rev:14601,Bld:4551) ] module loaded
[msgagnt 2.2.0 (Rev:0,Bld:4551) ] module loaded
[pkgman 2.2.0 (Rev:14972,Bld:4551) ] module loaded
[regclnt 2.2.0 (Rev:14845,Bld:4551) ] module loaded
[rexec 2.2.0 (Rev:14949,Bld:4551) ] module loaded
[registry 2.2.0 (Rev:14926,Bld:4551) ] module loaded
[secaudit 2.2.0 (Rev:0,Bld:4551) ] module loaded
[strfwd 2.2.0 (Rev:14872,Bld:4551) ] module loaded
Service listening on 0.0.0.0:29120
Service listening on 0.0.0.0:443
Checking service registration for ussm-truv1 (ussm-truv1)
valid from Mon Mar 09 16:42:59 2009 to Mon Apr 06 17:42:59 2009 (registry off
set 0 seconds)
Section 2 – Installation
Novell Privileged User Manager v2.2
Evaluation Quick Start Guide
Page 10
2.1.6 Windows Framework Manager Install
1. Run the following install executable to start the installation:
novell-npum-manager-X.X-windows-5.0-intel.exe
2. Follow the steps in the install wizard.
The Framework Manager service can be installed on any part of the normal file system. It defaults to the
C:\Program Files\Novell\npum folder.
3. After installation is complete, check that the service is running by viewing the log file. The log file is
located in C:\Program Files\Novell\npum\logs\unifid.log, if the default install location was used.
You should see an output similar to the following:
========================================
Version 2.2.0 (Rev:14967,Bld:4554) [windows-5.0-intel]
Database Version 3.5.7
Parent (1508) starting child
========================================
Version 2.2.0 (Rev:14967,Bld:4554) [windows-5.0-intel]
Database Version 3.5.7
Child (1520) main thread starting
[admin 2.2.0 (Rev:14979,Bld:4554) ] module loaded
[audit 2.2.0 (Rev:14937,Bld:4554) ] module loaded
[auth 2.2.0 (Rev:14897,Bld:4554) ] module loaded
[cmdctrl 2.2.0 (Rev:14867,Bld:4554) ] module loaded
[distrib 2.2.0 (Rev:14601,Bld:4554) ] module loaded
[msgagnt 2.2.0 (Rev:14842,Bld:4554) ] module loaded
[pkgman 2.2.0 (Rev:14972,Bld:4554) ] module loaded
[regclnt 2.2.0 (Rev:14845,Bld:4554) ] module loaded
[registry 2.2.0 (Rev:14926,Bld:4554) ] module loaded
[secaudit 2.2.0 (Rev:14793,Bld:4554) ] module loaded
[strfwd 2.2.0 (Rev:14872,Bld:4554) ] module loaded
Service listening on 0.0.0.0:29120
Service listening on 0.0.0.0:443
Checking service registration for ussm-winv1 (ussm-winv1)
valid from Tue Mar 10 11:12:34 2009 to Tue Apr 07 12:12:34 2009 (registry offset 0 seconds)
Section 2 – Installation
Novell Privileged User Manager v2.2
Evaluation Quick Start Guide
Page 11
2.2 Log on and Set Administrator Password
Log on to the Novell Privileged User Manager Administration console
In a browser with access to test machine, enter: https://testmachinename
Note: When prompted, accept security certificate
On first use, click through the license screen and enter the default credentials of:
Username: admin
Password: novell
Change password
You will be prompted to change your password: (minimum of 6 characters, 1 alpha and 1 numeric)
Section 2 – Installation
Novell Privileged User Manager v2.2
Evaluation Quick Start Guide
Page 12
2.3 Load and Install Evaluation Databases
2.3.1 Load Evaluation Installer
UNIX/Linux
Copy the evaluation installer file “cceval-2-2.pak” to a temporary location on your server.
Change to that directory and issue the following command to load the installer into your Framework Package
Manager.
/opt/novell/npum/sbin/unifi -u admin distrib publish -f cceval-2-2.pak
Note: You will be prompted for the administration password you set in section 2.2
Windows
Copy the evaluation installer file “cceval-2-2.pak” to a temporary location on your server.
Change to that directory and issue the following command to load the installer into your Framework Package
Manager.
“C:\Program Files\Novell\npum\bin\unifi” -u admin distrib publish -f cceval-2-2.pak
Note: You will be prompted for the administration password you set in section 2.2
2.3.2 Install Evaluation Databases to Host
Log onto the Administration Console and select the Hosts option.
Expand the hostname of your machine as shown below and then click on Packages.
Now select Install Packages from the left-hand menu
Section 2 – Installation
Loading...