Getting Started Guide
Novell®
Privileged User Manager
novdocx (en) 16 April 2010
AUTHORIZED DOCUMENTATION
2.2.1
March 31, 2010
www.novell.com
Novell Privileged User Manager 2.2.1 Getting Started Guide
Legal Notices
Novell, Inc., makes no representations or warranties with respect to the contents or use of this documentation, and
specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose.
Further, Novell, Inc., reserves the right to revise this publication and to make changes to its content, at any time,
without obligation to notify any person or entity of such revisions or changes.
Further, Novell, Inc., makes no representations or warranties with respect to any software, and specifically disclaims
any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc.,
reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to
notify any person or entity of such changes.
Any products or technical information provided under this Agreement may be subject to U.S. export controls and the
trade laws of other countries. You agree to comply with all export control regulations and to obtain any required
licenses or classification to export, re-export or import deliverables. You agree not to export or re-export to entities on
the current U.S. export exclusion lists or to any embargoed or terrorist countries as specified in the U.S. export laws.
You agree to not use deliverables for prohibited nuclear, missile, or chemical biological weaponry end uses. See the
Novell International Trade Services Web page (http://www.novell.com/info/exports/) for more information on
exporting Novell software. Novell assumes no responsibility for your failure to obtain any necessary export
approvals.
novdocx (en) 16 April 2010
Copyright © 2009 Novell, Inc. All rights reserved. No part of this publication may be reproduced, photocopied,
stored on a retrieval system, or transmitted without the express written consent of the publisher.
Novell, Inc., has intellectual property rights relating to technology embodied in the product that is described in this
document. In particular, and without limitation, these intellectual property rights may include one or more of the U.S.
patents listed on the Novell Legal Patents Web page (http://www.novell.com/company/legal/patents/) and one or
more additional patents or pending patent applications in the U.S. and in other countries.
Novell, Inc.
404 Wyman Street, Suite 500
Waltham, MA 02451
U.S.A.
www.novell.com
Online Documentation: To access the latest online documentation for this and other Novell products, see
the Novell Documentation Web page (http://www.novell.com/documentation).
Novell Trademarks
For Novell trademarks, see the Novell Trademark and Service Mark list (http://www.novell.com/company/legal/
trademarks/tmlist.html).
Third-Party Materials
All third-party trademarks are the property of their respective owners.
novdocx (en) 16 April 2010
novdocx (en) 16 April 2010
4 Novell Privileged User Manager 2.2.1 Getting Started Guide
Contents
About This Guide 7
1 Novell Privileged User Manager Overview 9
1.1 Product Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
1.2 Components. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
1.3 What’s New in 2.2.1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
1.3.1 General Installation Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
1.3.2 Framework User Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
1.3.3 Command Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
1.3.4 Compliance Auditor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
1.3.5 Reporting Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
1.3.6 Package Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
2 Installation Requirements 13
novdocx (en) 16 April 2010
2.1 Software Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
2.2 System Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
2.3 Supported Platforms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
2.4 Procedural Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
3 Installing the Framework Manager 15
3.1 Installing a Framework Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
3.1.1 AIX Framework Manager Install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
3.1.2 HP-UX Framework Manager Install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
3.1.3 Linux Framework Manager Install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
3.1.4 Solaris Framework Manager Install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
3.1.5 Tru64 Framework Manager Install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
3.1.6 Windows Framework Manager Install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
3.2 Accessing the Framework Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
3.3 Installing a Novell Privileged User Manager License . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
3.4 Setting Up a Package Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
3.5 Stopping and Restarting the Framework . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
3.5.1 AIX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
3.5.2 HP-UX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
3.5.3 Linux . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
3.5.4 Solaris . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
3.5.5 Tru64 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
3.5.6 Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
3.6 Removing the Framework Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
3.6.1 AIX Manager Uninstall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
3.6.2 HP-UX Manager Uninstall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
3.6.3 Linux Manager Uninstall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
3.6.4 Solaris Manager Uninstall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
3.6.5 Tru64 Manager Uninstall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
3.6.6 Windows Manager Uninstall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Contents 5
4 Installing the Agents 27
4.1 Agent Installation Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
4.2 Creating a Host Name for Each Agent. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
4.3 Opening Firewall Ports. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
4.4 Installing and Registering a Framework Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
4.4.1 AIX Agent Install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
4.4.2 HP-UX Agent Install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
4.4.3 Linux Agent Install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
4.4.4 Solaris Agent Install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
4.4.5 Tru64 Agent Install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
4.5 Removing the Agent Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
4.5.1 AIX Agent Uninstall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
4.5.2 HP-UX Agent Uninstall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
4.5.3 Linux Agent Uninstall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
4.5.4 Solaris Agent Uninstall. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
4.5.5 Tru64 Agent Uninstall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
5 Upgrading from 2.2 to 2.2.1 35
novdocx (en) 16 April 2010
6 Novell Privileged User Manager 2.2.1 Getting Started Guide
About This Guide
This Getting Started Guide explains the hardware requirements for the Privileged User Manager
components, then explains how to install the components.
Chapter 1, “Novell Privileged User Manager Overview,” on page 9
Chapter 2, “Installation Requirements,” on page 13
Chapter 3, “Installing the Framework Manager,” on page 15
Chapter 4, “Installing the Agents,” on page 27
Chapter 5, “Upgrading from 2.2 to 2.2.1,” on page 35
Audience
This guide is intended for users who install and manage the Privileged User Manager product.
novdocx (en) 16 April 2010
Feedback
We want to hear your comments and suggestions about this manual and the other documentation
included with this product. Please use the User Comments feature at the bottom of each page of the
online documentation, or go to www.novell.com/documentation/feedback.html and enter your
comments there.
Documentation Updates
For the most recent version of the Getting Started Guide, visit the Privileged User Manager Web
Site (http://www.novell.com/documentation/privilegedusermanager22).
Additional Documentation
Privileged User Manager Administration Guide (http://www.novell.com/documentation/
privilegedusermanager22/npum_admin/data/bkyzr9y.html)
Documentation Conventions
In Novell
items in a cross-reference path.
A trademark symbol (
trademark.
®
documentation, a greater-than symbol (>) is used to separate actions within a step and
®
, TM, etc.) denotes a Novell trademark. An asterisk (*) denotes a third-party
About This Guide 7
novdocx (en) 16 April 2010
8 Novell Privileged User Manager 2.2.1 Getting Started Guide
1
Novell Privileged User Manager
novdocx (en) 16 April 2010
Overview
Novell® Privileged User Manager delivers a robust and scalable architecture, intuitive management
console and reusable script and command libraries that enable administrators to reduce management
overhead and infrastructure costs in your environment.
Section 1.1, “Product Overview,” on page 9
Section 1.2, “Components,” on page 9
Section 1.3, “What’s New in 2.2.1,” on page 10
1.1 Product Overview
Many organizations needlessly expose their superuser or root account credentials to users who are
required to run commands that need elevated privileges, and passwords are often not changed when
administrative staff change jobs. This opens potential back doors into systems and increases the
likelihood of a security breach.
Novell Privileged User Manager helps IT administrators manage the identity and access for
superuser and root accounts by providing controlled superuser access to administrators, allowing
them to perform jobs without needlessly exposing root account credentials. It also provides a
centralized activity log across multiple platforms. The introduction of Novell Privileged User
Manager enriches the Novell Identity and Access Management and Compliance Management
solutions by adding auditing and tracking capabilities for privileged user activity across the
organization.
1
Novell Privileged User Manager limits corporate susceptibility to unauthorized transactions and
information access by helping organizations rapidly deploy superuser management and tracking
across all UNIX* and Linux* environments. It reduces management overhead and infrastructure
costs, controls and records which privileged users have access to what, and reduces costs and errors
through demonstrable compliance audits.
Novell Privileged User Manager works by delegating privileged access, which is authorized via a
centralized database. The end result is that a user is authorized to run the privileged command and
all activity is logged. The centralized database provides for easier administration. Compared to
competitive solutions in the marketplace, Novell Privileged User Manager is deployed more
quickly, provides faster response time, better logging and auditing and improved administration, and
leads to a more secure system and a fast return on investment.
1.2 Components
Privileged User Manager consists of a Framework Manager, where you manage and configure the
system, and an agent, which is installed on each machine where you want to monitor and control
superuser access.
Novell Privileged User Manager Overview
9
Figure 1-1 Framework Manager
From the Home page, you have access to six administrative consoles:
Compliance Auditor: Proactive auditing tool that pulls events from the event logs for
analysis, according to predefined rules. It pulls filtered audit events at hourly, daily, weekly or
monthly intervals. This enables auditors to view prefiltered security transactions, play back
recordings of user activity, and record notes for compliance purposes. In an era of increasing
regulatory compliance requirements, the ability to supply demonstrable audit compliance at
any time provides a more secure system and reduces audit risk.
novdocx (en) 16 April 2010
Framework User Manager: Manages users who log in to the Framework Manager through
role-based grouping.
Hosts: Centrally manages Privileged User Manager installation and updates, load-balancing,
redundancy of resources, and host alerts.
Reporting: Provides easy access and search capability for event logs and allows you review
and color-code user keystroke activity through the Command Risk Analysis Engine.
Command Control: Uses an intuitive graphical interface to manage security policies for
privilege management.
Package Manager: Lets you easily update any Privileged User Manager application.
1.3 What’s New in 2.2.1
The following new features have been added to Privileged User Manager 2.2.1.
Section 1.3.1, “General Installation Updates,” on page 11
Section 1.3.2, “Framework User Manager,” on page 11
Section 1.3.3, “Command Control,” on page 11
Section 1.3.4, “Compliance Auditor,” on page 11
Section 1.3.5, “Reporting Console,” on page 12
Section 1.3.6, “Package Manager,” on page 12
10 Novell Privileged User Manager 2.2.1 Getting Started Guide
1.3.1 General Installation Updates
Framework Manager installations now include the Syslog Emitter, which allows events to be
published to a syslog server that supports TCP. For more information, see “Syslog Settings” in
the Novell Privileged User Manager 2.2.1 Administration guide.
Privileged User Manager can now be installed on Linux Mainframe zSeries 64-bit on SLES
For upgrades from 2.2 to 2.2.1, please see Chapter 5, “Upgrading from 2.2 to 2.2.1,” on
(SUSE
®
Linux Enterprise Server) versions 10 SP2 and 11 and Red Hat* version 5.
page 35.
A Sentinel collector is available for Privileged User Manager. To download the collector and
instructions, see Sentinel 6.1 Content (http://support.novell.com/products/sentinel/secure/
sentinel61.html).
1.3.2 Framework User Manager
Help Desk Role: You can select from a predefined set of attributes to create a help desk group
that can only manage user password problems such as forgotten passwords and locked accounts
because of too many bad login attempts. For more information, see “Configuring a Help Desk
Group” in the Novell Privileged User Manager 2.2.1 Administration guide.
LDAP Authentication: You can configure Framework Manager users so that they obtain their
authentication credentials from an LDAP server. For more information, see “Modify User:
Native Maps ” in the Novell Privileged User Manager 2.2.1 Administration guide.
novdocx (en) 16 April 2010
1.3.3 Command Control
Backup and Restore: You can create a backup of the Command Control database and restore
the backup at a future date. For more information, see “Backing Up and Restoring” in the
Novell Privileged User Manager 2.2.1 Administration guide.
Keystroke Error Reporting: The Command Control agent now sends an appropriate message
rather than “session not terminated” when an error occurs with the keystroke file. The
following messages can now be sent to the audit manager for display:
File does not exist
Remote host does not exist
Run user does not exist
Executing binary does not exist
Run process missing
usrun -t Option: Provides a test command option that tests the specified command against the
rule structure. A yes or no is printed to the screen, indicating whether the command would be
accepted or not. For more information, see “Using usrun with a Command” in the Novell
Privileged User Manager 2.2.1 Administration guide
1.3.4 Compliance Auditor
Archive: You can archive records, store them offline, and restore them. For more information,
see “Archiving Records” in the Novell Privileged User Manager 2.2.1 Administration guide.
Export and Import: You can export and import audit rules, audit report settings, and access
control levels.
Novell Privileged User Manager Overview 11
Loading...