Novell Privileged User Manager 2.3 User guide

Brand: Novell

Model: Privileged User Manager 2.3

Type: User guide

Installation Guide

Privileged User Manager 2.3.2

January, 2013

Legal Notice

NetIQCorporation(“NetIQ”)makesnorepresentationsorwarrantieswithrespecttothecontentsoruseofthis

documentation,andspecificallydisclaimsanyexpressorimpliedwarrantiesofmerchantabilityorfitnessforanyparticular

purpose.Further,NetIQreservestherighttorevisethispublicationandtomakechangestoitscontent,at

anytime,without

obligationtonotifyanypersonorentityofsuchrevisionsorchanges.

NetIQmakesnorepresentationsorwarrantieswithrespecttoanysoftware,andspecificallydisclaimsanyexpressorimplied

warrantiesofmerchantabilityorfitnessforanyparticularpurpose.Further,NetIQreservestherighttomakechangesto

any

andallpartsofthesoftware,atanytime,withoutanyobligationtonotifyanypersonorentityofsuchchanges.

AnyproductsortechnicalinformationprovidedunderthisAgreementmaybesubjecttoU.S.exportcontrolsandthetrade

lawsofothercountries.Youagreetocomplywithall

exportcontrolregulationsandtoobtainanyrequiredlicensesor

classificationtoexport,re‐export,orimportdeliverables.Youagreenottoexportorre‐exporttoentitiesonthecurrentU.S.

exportexclusionlistsortoanyembargoedorterroristcountriesasspecifiedintheU.S.exportlaws.You

agreetonotuse

deliverablesforprohibitednuclear,missile,orchemicalbiologicalweaponryenduses.NetIQassumesnoresponsibilityfor

yourfailuretoobtainanynecessaryexportapprovals.

Copyright©2013NetIQCorporation.Allrightsreserved.Nopartofthispublicationmaybereproduced,photocopied,stored

onaretrievalsystem,or

transmittedwithouttheexpresswrittenconsentofthepublisher.

Allthird‐partytrademarksarethepropertyoftheirrespectiveowners.

Formoreinformation,pleasecontactNetIQat:

1233 West Loop South, Houston, Texas 77027

U.S.A.

www.netiq.com

Contents 3

Contents

About This Guide 5

1 NetIQ Privileged User Manager Overview 7

1.1 Product Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7

1.2 Components. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7

1.3 What’s New in 2.3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

2 Installation Requirements 9

2.1 Software Prerequisites. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9

2.2 System Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9

2.3 Supported Platforms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10

2.4 Supported Browsers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11

2.5 Procedural Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11

3 Installing the Framework Manager 13

3.1 Installing a Framework Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

3.1.1 AIX Framework Manager Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13

3.1.2 HP-UX Framework Manager Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14

3.1.3 Linux Framework Manager Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15

3.1.4 SLES Framework Manager Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

3.1.5 Solaris Framework Manager Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17

3.1.6 Windows Framework Manager Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17

3.2 Accessing the Framework Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

3.3 Installing a NetIQ Privileged User Manager License . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18

3.4 Setting Up a Package Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19

3.5 Stopping and Restarting the Framework . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19

3.5.1 AIX. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

3.5.2 HP-UX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20

3.5.3 Linux . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20

3.5.4 Solaris . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20

3.5.5 Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21

3.6 Removing the Framework Manager. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

3.6.1 AIX Manager Uninstall. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

3.6.2 HP-UX Manager Uninstall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .22

3.6.3 Linux Manager Uninstall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

3.6.4 SLES Framework Manager Uninstall. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

3.6.5 Solaris Manager Uninstall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

3.6.6 Windows Manager Uninstall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23

4 Installing the Agents 25

4.1 Agent Installation Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25

4.2 Creating a Host Name for Each Agent. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25

4.3 Opening Firewall Ports. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26

4.4 Installing and Registering a Framework Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26

4.4.1 AIX Agent Install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26

4.4.2 HP-UX Agent Install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27

4 Contents

4.4.3 Linux Agent Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

4.4.4 SLES Agent Installation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29

4.4.5 Windows Agent Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29

4.4.6 Solaris Agent Install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30

4.4.7 Tru64 Agent Install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .31

4.5 Removing the Agent Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .32

4.5.1 AIX Agent Uninstall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .32

4.5.2 HP-UX Agent Uninstall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

4.5.3 Linux Agent Uninstall. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .33

4.5.4 SLES Agent Uninstall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

4.5.5 Solaris Agent Uninstall. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .33

4.5.6 Tru64 Agent Uninstall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

4.5.7 Windows Agent Uninstall. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .34

5 Upgrading NetIQ Privileged User Manager 35

5.1 Upgrading from 2.2.x to 2.3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .35

5.2 Migrating from Generic Linux 2.2.x to 2.3 on SLES. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .36

5.2.1 Migrating Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .36

5.2.2 Migrating Framework Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .37

5.3 Upgrading from SLES 2.2.x to 2.3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .39

5.3.1 Upgrading Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .39

5.3.2 Upgrading Framework Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .39

About This Guide 5

About This Guide

ThisGettingStartedGuideexplainsthehardwarerequirementsforthePrivilegedUserManager

components,thenexplainshowtoinstallthecomponents.

 Chapter 1,“NetIQPrivilegedUserManagerOverview,”onpage 7

 Chapter 2,“InstallationRequirements,”onpage 9

 Chapter 3,“InstallingtheFrameworkManager,”onpage 13

 Chapter 4,“InstallingtheAgents,”onpage 25

 Chapter 5,“UpgradingNetIQ

PrivilegedUserManager,”onpage 35

Audience

ThisguideisintendedforuserswhoinstallandmanagethePrivilegedUserManagerproduct.

Feedback

Wewanttohearyourcommentsandsuggestionsaboutthismanualandtheotherdocumentation

includedwiththisproduct.PleaseusetheUserCommentsfeatureatthebottomofeachpageofthe

onlinedocumentation,orgotowww.novell.com/documentation/feedback.htmlandenteryour

commentsthere.

Documentation Updates

ForthemostrecentversionoftheGettingStartedGuide,visitthePrivilegedUserManagerWebSite

(http://www.novell.com/documentation/privilegedusermanager23).

Additional Documentation

PrivilegedUserManagerAdministrationGuide(http://www.novell.com/documentation/

privilegedusermanager23/npum_admin/data/bkyzr9y.html)

6 NetIQ Privileged User Manager 2.3.2 Installation Guide

NetIQ Privileged User Manager Overview 7

NetIQ Privileged User Manager Overview

NetIQPrivilegedUserManagerdeliversarobustandscalablearchitecture,intuitivemanagement

consoleandreusablescriptandcommandlibrariesthatenableadministratorstoreducemanagement

overheadandinfrastructurecostsinyourenvironment.

 Section 1.1,“ProductOverview,”onpage 7

 Section 1.2,“Components,”onpage 7

 Section 1.3,“What’sNewin2.3,”onpage 8

1.1 Product Overview

Certainsituationsopenpotentialbackdoorsintosystemsandincreasethelikelihoodofasecurity

breachinanenterprisenetwork.Forexample,whenrunningsomecommandsthatrequireelevated

privileges,userssometimesgetexposedtothesuperuserorrootaccountcredentials.Similarly,

passwordsareoftennotchangedwhenauseris

nomoreperformingtheadministrativerole.

NetIQPrivilegedUserManagerhelpsITadministratorsmanagetheidentityandaccessfor

superuserandrootaccountsbyprovidingcontrolledsuperuseraccesstoadministrators,allowing

themtoperformjobswithoutneedlesslyexposingrootaccountcredentials.Italsoprovidesa

centralizedactivitylogacrossmultiple

platforms.TheintroductionofNetIQPrivilegedUser

ManagerenrichestheNovellIdentityandAccessManagementandComplianceManagement

solutionsbyaddingauditingandtrackingcapabilitiesforprivilegeduseractivityacrossthe

organization.

NetIQPrivilegedUserManagerlimitscorporatesusceptibilitytounauthorizedtransactionsand

informationaccessbyhelpingorganizationsrapidlydeploysuperuser

managementandtracking

acrossallUNIXandLinuxenvironments.Itreducesmanagementoverheadandinfrastructurecosts,

controlsandrecordswhichprivilegedusershaveaccesstowhat,andreducescostsanderrors

throughdemonstrablecomplianceaudits.

NetIQPrivilegedUserManagerworksbydelegatingprivilegedaccess,whichisauthorizedviaa

centralizeddatabase.

Theendresultisthatauserisauthorizedtorunthepriv ilegedcommandand

allactivityislogged.Thecentralizeddatabaseprovidesforeasieradministration.Comparedto

competitivesolutionsinthemarketplace,NetIQPrivilegedUserManagerisdeployedmorequickly,

providesfasterresponsetime,betterloggingandauditingandimproved

administration,andleads

toamoresecuresystemandafastreturnoninvestment.

1.2 Components

PrivilegedUserManagerconsistsofaFrameworkManager,whereyoumanageandconfigurethe

system,andanagent,whichisinstalledoneachmachinewhereyouwanttomonitorandcontrol

superuseraccess.

8 NetIQ Privileged User Manager 2.3.2 Installation Guide

Figure 1-1 FrameworkManager

FromtheHomepage,youhaveaccesstosixadministrativeconsoles:

 ComplianceAuditor:Proactiveauditingtoolthatpullseventsfromtheeventlogsforanalysis,

accordingtopredefinedrules.Itpullsfilteredauditeventsathourly,daily,weeklyormonthly

intervals.Thisenablesauditorstoviewprefilteredsecuritytransactions,playback

recordingsof

useractivity,andrecordnotesforcompliancepurposes.Inaneraofincreasingregulatory

compliancerequirements,theabilitytosupplydemonstrableauditcomplianceatanytime

providesamoresecuresystemandreducesauditrisk.

 FrameworkUserManager:ManagesuserswhologintotheFrameworkManagerthrough

role‐

basedgrouping.

 Hosts:CentrallymanagesPrivilegedUserManagerinstallationandupdates,load‐balancing,

redundancyofresources,andhostalerts.

 Reporting:Provideseasyaccessandsearchcapabilityforeventlogsandallowsyoureviewand

color‐codeuserkeystrokeactivitythroughtheCommandRiskAnalysisEngine.

 CommandControl:Usesanintuitive

graphicalinterfacetomanagesecuritypoliciesfor

privilegemanagement.

 PackageManager:LetsyoueasilyupdateanyPrivilegedUserManagerapplication.

1.3 What’s New in 2.3

ForinformationaboutthenewfeaturesaddedinNetIQPrivilegedUserManager2.3seePrivileged

UserManager2.3Readme(http://www.novell.com/documentation/privilegedusermanager23/).

Installation Requirements 9

Installation Requirements

 Section 2.1,“SoftwarePrerequisites,”onpage 9

 Section 2.2,“SystemRequirements,”onpage 9

 Section 2.3,“SupportedPlatforms,”onpage 10

 Section 2.4,“SupportedBrowsers,”onpage 11

 Section 2.5,“ProceduralOverview,”onpage 11

2.1 Software Prerequisites

 NetIQPrivilegedUserManagerinstallationsoftware.LogintotheNovellCustomerCenter

(http://www.novell.com/center)andfollowthelinkthatallowsyoutodownloadthesoftware.

 AdobeFlashPlayer.

 NetIQPrivilegedUserManagerlicense.LogintotheNovellCustomerCenter(http://

www.novell.com/center)anddownloadthelicense.

NOTE:Bydefault,newinstallationsareprovidedwitha90‐daylicenseforfiveagents,oneof

whichisthemanager.

2.2 System Requirements

APUMagentshouldhavethefollowingsystemrequirements:

 CPU‐300MHz(RISC),1GHz(CISC)

 Memory‐50MBadditionalmemory

 HardDisk‐100MBadditionalmemory

APUMmanagershouldhavethefollowingsystemrequirements:

 CPU‐1GHz ormore(RISC),2GHzormore(CISC)

 Memory‐250MBadditional

memory

 HardDisk‐150MBadditionalmemoryandadditionalmemoryforAuditStorage

TIP:ApproximateadditionalmemorycalculationforAuditStorage=(250KB)X(numberofPUM

users)X(numberofsessionsperday(usually8sessions)).

10 NetIQ Privileged User Manager 2.3.2 Installation Guide

2.3 Supported Platforms

TheFrameworkManagersoftwarehasbeentestedonthefoll owingplatforms:

 Windows2008R232‐bitand64‐bit

 Windows200332‐bitand64‐bit

 Windows200832‐bitand64‐bit

 RedHat532‐bitand64‐bit

 RedHat632‐bitand64‐bit

 AIX5.3

32‐bitand64‐bit

 AIX6.132‐bitand64‐bit

 SUSELinuxEnterpriseServer10(SLES)32‐bitand64‐bit

 OpenEnterpriseServer2(32‐bitand64‐bit)

 SUSELinuxEnterpriseServer11(SLES)32‐bitand64‐bit

 OpenEnterpriseServer11(32‐bitand

64‐bit)

 Ubuntu10.04LTS64‐bit

 HP‐UX(PA‐RISC)11.1132‐bitand64‐bit

 HP‐UX(PA‐RISC)11.2332‐bitand64‐bit

 HP‐UX(Itanium)11.2364‐bit

 SunSolaris(SPARC)32‐bitand64‐bitonversions9and10

 SunSolaris(Intel)32‐bit

and64‐bitonversions10

TheFrameworkAgentsoftwarehasbeentestedonthefollowingplatforms:

 HPTru64UNIX64‐biton5.1aand5.1b

 Windows2008R232‐bitand64‐bit

 Windows200332‐bitand64‐bit

 Windows200832‐bitand64‐bit

 RedHat5

32‐bitand64‐bit

 RedHat632‐bitand64‐bit

 AIX5.332‐bitand64‐bit

 AIX6.132‐bitand64‐bit

 SUSELinuxEnterpriseServer10(SLES)32‐bitand64‐bit

 OpenEnterpriseServer2(32‐bitand64‐bit)

 SUSELinuxEnterprise

Server11(SLES)32‐bitand64‐bit

 OpenEnterpriseServer11(32‐bitand64‐bit)

 Ubuntu10.04LTS64‐bit

 HP‐UX(PA‐RISC)11.1132‐bitand64‐bit

 HP‐UX(PA‐RISC)11.2332‐bitand64‐bit

 HP‐UX(Itanium)11.2364‐bit

 SunSolaris(SPARC)

32‐bitand64‐bitonversions9and10

 SunSolaris(Intel)32‐bitand64‐bitonversions10

Installation Requirements 11

IMPORTANT

 Ensurethatyouroperatingsystemisrunningthevendorʹslatestmaintenancepatches.

 Usethe64bitinstallerofPrivilegedUserManagerforthe64bitWindowsplatforms.

Third Party Tested Platforms

TheagentcanbeinstalledonthefollowingLinuxplatform:

 UniventionCorporateServer(UCS)2.3

2.4 Supported Browsers

ToaccessNetIQPrivilegedUserManager,youneedtoinstallAdobeFlashPlayer11oraboveona

supportedbrowser.

Thefollowingarethesupportedbrowsers:

 MicrosoftInternetExplorer7.0

 MicrosoftInternetExplorer8.0

 MozillaFirefox17.0

 Chrome23.0

NOTE:Somefeatures,suchasRDPRelay,aresupportedonlyonInternetExplorer8.0.

2.5 Procedural Overview

ThefollowingstepsarerequiredtoinstallPrivilegedUserManager:

1 InstallaFrameworkManager.SeeChapter 3,“InstallingtheFrameworkManager,”onpage 13.

2 Whentheinstallationhascompleted, accessandlogintotheconsole.SeeSection 3.2,“Accessing

theFrameworkConsole,”onpage 18.

3 InstallthePrivilegedUserManagerlicense.SeeSection 3.3,“InstallingaNetIQPrivilegedUser

ManagerLicense,”onpage 18.

Bydefault,newinstallationsareprovidedwitha90‐daylicenseforfiveagents,oneofwhichis

themanager.Youneedtoinsta llyourlicensebeforethedefaultlicenseexpires.

4 SetupaPackageManagersoyoucaninstalladditionalpackagesontheagentsandpush

packageupdatestoyourframeworkcomponents.SeeSection 3.4,“SettingUpaPackage

Manager,”onpage 19.

5 InstallandregisteraFrameworkAgentonthecomputersthatyouwanttomanage.See

Chapter 4,“InstallingtheAgents,”onpage 25.

WhenyouhaveinstalledandregisteredtheFrameworkagents,youhavecompletedthe

installationoftheFramework.

6 Forconfigurationinform ation,seetheNetIQPrivilegedUserManager2.3.2AdministrationGuide.

12 NetIQ Privileged User Manager 2.3.2 Installation Guide

Installing the Framework Manager 13

Installing the Framework Manager

 Section 3.1,“InstallingaFrameworkManager,”onpage 13

 Section 3.2,“AccessingtheFrameworkConsole,”onpage 18

 Section 3.3,“InstallingaNetIQPrivilegedUserManagerLicense,”onpage 18

 Section 3.4,“SettingUpaPackageManager,”onpage 19

 Section 3.5,“StoppingandRestartingtheFramework,”onpage 19

 Section 3.6,“RemovingtheFrameworkManager,”onpage 21

3.1 Installing a Framework Manager

Currently,theFrameworkManagerisavailableforinstallationontheplatformslistedbelow.Referto

Chapter 2,“InstallationRequirements,”onpage 9formoreinformationregardingsupported

versions.

NOTE:AftertheFrameworkManagerisinstalled,themanagerconsolerunsonthedefaultport443

andcanbeaccessedwith

https://<ip>

.Thedefaultportcan bechangedbychangingtheport

numberinthe

connector.xml

filelocatedat

<install_path>/service/local/admin/

connector.xml

.ForSUSE,theconnector.xmlfileislocatedat

/etc/opt/novell/npum/service/

local/admin/connector.xml

Fordetailedinstallationinstructionsforyourplatform,selectfromthelistbelow:

 Section 3.1.1,“A I XFrameworkManagerInstallation,”onpage 13

 Section 3.1.2,“HP‐UXFrameworkManagerInstallation,”onpage 14

 Section 3.1.3,“LinuxFrameworkManagerInstallation,”onpage 15

 Section 3.1.4,“SLESFrameworkManagerInstallation,”onpage 15

 Section 3.1.5,“SolarisFrameworkManagerInstallati on,”onpage 17

 Section 3.1.6,“Windows

FrameworkManagerInstallation,”onpage 17

3.1.1 AIX Framework Manager Installation

TheAIXinstallationpackageiscompressedthroughgzip.Inordertoinstallthepackage,youmust

unzipthepackagethroughgunzip.

Bydefault,theinstallationprograminstallsthesoftwareinto

/opt/novell/npum

.Tochangethis,

createadirectoryintherequiredpartofthefilesystemandcreateasymboliclinkto

/opt/novell/

npum

.

14 NetIQ Privileged User Manager 2.3.2 Installation Guide

ToinstalltheAIXmanager:

1 Copytheinstallationpackagetoatemporarylocationandusethefollowingcommandtoextract

theinstallationfiles:

gunzip <filename>

Seethe“NetIQPrivilegedUserManagerReadme”(http://www.novell.com/documentation/

privilegedusermanager23/readme/data/privilegedusermanager_readme.html)fortheactual

filename.

2 AftertheAIXinstallationpackageisuncompressed,useoneofthefollowingmethodsto

performtheinstallation.

 TheAIXsmittyprogram.

 Thefollowingcommand:

installp -acgNQqwX -d <directory of .bff file> netiqnpum

3 Afterinstallationiscomplete,checkthattheserviceisrunningbyviewingthelogfile.Thelog

fileislocatedin

/opt/novell/npum/logs/unifid.log

,ifthedefaultinstalllocationwasused.

Ifthemanagerinstalledcorrectly,servicesshouldbelisteningon0.0.0.0:29120and0.0.0.0:443.

4 Ifyouhavebeensuppliedwithalicense,logintotheFrameworkConsoleandinstallthelicense.

Forinformation,refertoSection 3.2,“AccessingtheFrameworkConsole,”onpage 18,andthen

Section 3.3,“InstallingaNetIQPrivilegedUserManagerLicense,”onpage 18.

3.1.2 HP-UX Framework Manager Installation

TheHP‐UXinstallationpackageiscompressedthroughgzip.Inordertoinstallthepackage,you

mustunzipthepackagethroughgunzip.

Bydefault,theinstallationprograminstallsthesoftwareinto

/opt/novell/npum

.Tochangethis,

createadirectoryintherequiredpartofthefilesystemandcreateasymboliclinkto

/opt/novell/

npum

ToinstalltheHP‐UXmanager:

1 Copytheinstallationpackagetoatemporarylocationandusethefollowingcommandtoextract

theinstallationfiles:

gunzip <filename>

Seethe“NetIQPrivilegedUserManagerReadme”(http://www.novell.com/documentation/

privilegedusermanager23/readme/data/privilegedusermanager_readme.html)fortheactual

filename.

2 AftertheHP‐UXinstallationpackageisuncompressed,usethefollowingcommandtoinstall

themanager:

swinstall -s /<directory of .depot file>/<filename>.depot \*

3 Afterinstallationiscomplete,checkthattheserviceisrunningbyviewingthelogfile.Thelog

fileislocatedin

/opt/novell/npum/logs/unifid.log,

ifthedefaultinstalllocationwasused.

Ifthemanagerinstalledcorrectly,servicesshouldbelisteningon0.0.0.0:29120and0.0.0.0:443.

Installing the Framework Manager 15

4 Ifyouhavebeensuppliedwithalicense,logintotheFrameworkConsoleandinstallthelicense.

Forinformation,refertoSection 3.2,“AccessingtheFrameworkConsole,”onpage 18,andthen

Section 3.3,“InstallingaNetIQPrivilegedUserManagerLicense,”onpage 18.

3.1.3 Linux Framework Manager Installation

LinuxhostsusetheRPMpackagingsystemforinstallation,upgrade,andremoval.

Bydefault,theinstallationprograminstallsthesoftwareinto

/opt/novell/npum

.Tochangethis,

createadirectoryintherequiredpartofthefilesystemandcreateasymboliclinkto

/opt/novell/

npum

.

ToinstalltheLinuxmanager:

1 Copytheinstallationpackagetoatemporarylocationandusethefollowingcommandtoinstall

thefile:

rpm -i <filename>.rpm

Seethe“NetIQPrivilegedUserManagerReadme”(http://www.novell.com/documentation/

privilegedusermanager23/readme/data/privilegedusermanager_readme.html)fortheactual

filename.

2 Afterinstallationiscomplete,checkthattheserviceisrunningbyviewingthelogfile.Thelog

fileislocatedin

/opt/novell/npum/logs/unifid.log

,ifthedefaultinstalllocationwasused.

Ifthemanagerinstalledcorrectly,servicesshouldbelisteningon0.0.0.0:29120and0.0.0.0:443.

3 Ifyouhavebeensuppliedwithalicense,logintotheFrameworkConsoleandinstallthelicense.

Forinformation,refertoSection 3.2,“AccessingtheFrameworkConsole,”onpage 18,andthen

Section 3.3,“InstallingaNetIQPrivilegedUserManagerLicense,”onpage 18.

3.1.4 SLES Framework Manager Installation

Toinstallanewmanagerhost,youmustinstallbasepackages,managerpackagesandotherrequired

dependencies.

NOTE:

 ForSLESspecificRPMs,theopensourcedependenciesmustbefulfilledbeforetheRPMis

installedusingtheRPMcommand.

IftheSLESoperatingsystemisproperlyregisteredandtheSLESupdatechannelsare

configured,youcanusethezyppercommandwiththeSLESspecificRPMswhichwill

automatically

pulltherequiredopensourcedependenciesfromtheconfiguredSLESupdate

channels.

 BeforeinstallingthemanagerRPM,insta lltheagentRPM.

ToinstalltheSLESmanager:

1 Copytheinstallationpackagetoatemporarylocation.

Seethe“NetIQPrivilegedUserManagerReadme”(http://www.novell.com/documentation/

privilegedusermanager23/readme/data/privilegedusermanager_readme.html)fortheactual

filename.

16 NetIQ Privileged User Manager 2.3.2 Installation Guide

2 AftertheSLESinstallationpackageisuncompressed,installtheSLESmanager.Toinstallthe

SLESmanager,youmust installtheagentpackagebeforeinstallingthemanagerpackage.

UsethefollowingcommandtoinstalltheSLESmanager:

 ForSLES11usezypper:

zypper install <Agent name>.rpm



<Manager name>.rpm

 ForSLES10userug:

rug install <Agent name>.rpm

<Managername>.rpm

 rpm:

rpm -i <Agent name>.rpm

rpm -i <Manager name>.rpm

NOTE:Seethe“NetIQPrivilegedUserManagerReadme”(http://www.novell.com/

documentation/privilegedusermanager23/readme/data/

privilegedusermanager_readme.html)fortheactualAgentnameandManagername.

Aspartoftheinstallationprocessthezypperorrugcommandlineinterfacesautomatically

resolvetherequireddependencies.However,iftheinstallationisthroughtheRPMcommand,

theinstallationwillfailifthefollowingdependenciesarenotinstalled.



libapr1



libapr-util1



openssl



perl



apr





zlib





pcre



openldap

3 Afterinstallationiscomplete,checkthattheserviceisrunningbyviewingthelogfile.Thelog

fileislocatedin

/var/opt/novell/npum/logs/unifid.log

,ifthedefaultinstalllocationwas

accepted.Ifthemanagerinstalledcorrectly,servicesshouldbelisteningon0.0.0.0:29120and

0.0.0.0:443.

4 Ifyouhavebeensuppliedwithalicense,logintotheFrameworkConsoleandinstallthelicense.

Forinformation,refertoSection 3.2,“AccessingtheFrameworkConsole,”onpage 18,andthen

Section 3.3,“InstallingaNetIQPrivilegedUserManagerLicense,”onpage 18.

NOTE:ForupgradingtoNPUM2.2.2onSLESfromapreviousrelease,seeSection 5.2,“Migrating

fromGenericLinux2.2.xto2.3onSLES,”onpage 36.

Installing the Framework Manager 17

3.1.5 Solaris Framework Manager Installation

TheSolarisinstallationpackageiscompressedthroughgzip.Inordertoinstallthepackage,youmust

unzipthepackagethroughgunzip.

Bydefault,theinstallationprograminstallsthesoftwareinto

/opt/novell/npum

.Tochangethis,

createadirectoryintherequiredpartofthefilesystemandcreateasymboliclinkto

/opt/novell/

npum

ToinstalltheSolarismanager:

1 Copytheinstallationpackagetoatemporarylocationandusethefollowingcommandtoextract

theinstallationfiles:

gunzip <filename>

Seethe“NetIQPrivilegedUserManagerReadme”(http://www.novell.com/documentation/

privilegedusermanager23/readme/data/privilegedusermanager_readme.html)fortheactual

filename.

2 AftertheSolarisinstallationpackageisuncompressed,usethefollowing commandtoinstallthe

manager:

pkgadd -d /<directory of .pkg file>/<filename>.pkg

3 Afterinstallationiscomplete,checkthattheserviceisrunningbyviewingthelogfile.Thelog

fileislocatedin

/opt/novell/npum/logs/unifid.log

,ifthedefaultinstalllocationwas

accepted.Ifthemanagerinstalledcorrectly,servicesshouldbelisteningon0.0.0.0:29120and

0.0.0.0:443.

4 Ifyouhavebeensuppliedwithalicense,logintotheFrameworkConsoleandinstallthelicense.

Forinformation,refertoSection 3.2,“AccessingtheFrameworkConsole,”onpage 18,andthen

Section 3.3,“InstallingaNetIQPrivilegedUserManagerLicense,”onpage 18.

3.1.6 Windows Framework Manager Installation

1 Runthefollowinginstallexecutabletostarttheinstallation:

<filename>.exe

Seethe“NetIQPrivilegedUserManagerReadme”(http://www.novell.com/documentation/

privilegedusermanager23/readme/data/privilegedusermanager_readme.html)fortheactual

filename.

2 Followthestepsintheinstallwizard.

TheFrameworkManagerservicecanbeinstalledonanypartofthenormalfilesystem.It

defaultstothe

C:\Program Files\Novell\npum

folder.

3 Afterinstallationiscomplete,checkthattheserviceisrunningbyviewingthelogfile.Thelog

fileislocatedin

C:\Program Files\Novell\npum\logs\unifid.log

,ifthedefaultinstall

locationwasused.Ifthemanagerinstalledcorrectly,servicesshouldbelisteningon0.0.0.0 :29120

and0.0.0.0:443.

4 Ifyouhavebeensuppliedwithalicense,logintotheFrameworkConsoleandinstallthelicense.

Forinformation,refertoSection 3.2,“AccessingtheFrameworkConsole,”onpage 18,andthen

Section 3.3,“InstallingaNetIQPrivilegedUserManagerLicense,”onpage 18.

18 NetIQ Privileged User Manager 2.3.2 Installation Guide

3.2 Accessing the Framework Console

1 OpenaWebbrowseronyourchosenplatform.

2 Intheaddressbar,entertheURLfortheFrameworkConsoleasfollows:

https://<hostname>

Replace<hostname>withoneofthefollowing:

 TheDNSnameoftheserverwheretheFrameworkManagerisinstalled.

 TheDNSnameofaserverthathasthe AdministrationAgentpackageinstalled.

3 Ifyouarepresentedwithasecurityalert,verifythedetailsandselectYestocontinue.

4 IfyourbrowserisnotalreadyequippedwithAdobeFlashPlayer,thebrowserattemptstoinstall

it.VerifythedetailsandselectInstalltocontinue.

Arebootorbrowserrestartmightberequired.

5 LogintotheFrameworkConsole.

AfteryouentertheURLfortheFrameworkConsole,theinitiallogonscreenisdisplayedinthe

browserwindow.Youmustauthenticatetothesystembyusingausernameandpassword

definedonthesystem.

6 (Conditional)Ifthisisthefirsttimetologintothe console,specifytheusername

admin

and

password

novell

,thenclickLogon.

7 (Conditional)Ifthisisthefirsttimetologintothe FrameworkConsole,youarepromptedto

changethedefaultpassword.

Yournewpasswordshouldbeaminimumofeightcharacters.Ifthenewpasswordisacceptable

tothesystem,youareloggedintotheconsole.

IMPORTANT:TonavigateintheFrameworkConsole,donotuseyourbrowser’sForwardor

Backbuttons;usethetrailatthetopofeachpage,suchas:

Home/ComplianceAuditor

ClickHometoreturntomainconsolemenu.

8 ContinuewithSection 3.3,“InstallingaNetIQPrivilegedUserManagerLicense,”onpage 18.

3.3 Installing a NetIQ Privileged User Manager License

LogintotheNovellCustomerCenter(http://www.novell.com/center)anddownloadyourlicense

file.Usethefollowingstepstoinstallit:

1 LogintotheFrameworkConsole.

2 FromtheTaskPane,clickAboutFramework.

3 ClickRegisterFramework.

4 Copythesuppliedlicenseandpasteitintothetextarea.

5 ClickFinish>Close.

YourlicensedetailscanbeviewedbyselectingtheAboutFrameworkoptionfromtheTaskPane.

6 Continuewithoneofthefollowing:

 Section 3.4,“SettingUpaPackageManager,”onpage 19

 Chapter 4,“InstallingtheAgents,”onpage 25

Installing the Framework Manager 19

3.4 Setting Up a Package Manager

ThePackageManagerallowsyoutopushupdatestohostsandtoinstalladditionalpackagesonthe

hostsforloadbalancingandfailover.TousetheNovellUpdateServerasthePackageManager,see

“ConfiguringthePa ckage Manager”intheNetIQPrivilegedUserManager2.3.2AdministrationGuide.

Touse

alocalhostasaPackageManager:

1 Createadirectorysuchas

framework

ontheFrameworkManagerinthe

/tmp

directory.

Thisdirectoryiscalled

framework

intherestoftheseinstructions.

2 Copythe

netiq-npum-packages-2.3.2.tar.gz

fromthePackageManagerdirectoryonthe

CDtothemachine.

3 Extractthefiletothe

framework

directory.

ForUNIXandLinuxplatforms,usethefollowingcommands:

gunzip netiq-npum-packages-2.3.2.tar.gz

tar -xvf netiq-npum-packages-2.3.2.tar

ForWindowsplatforms,useWinZiptoextractthe file.

4 UsethefollowingcommandtopublishthepackagestothePackageManager.

Replace<admin>withthenameofyouradminuser.

ForLinuxandUNIXplatforms:

/opt/novell/npum/sbin/unifi -u <admin> distrib publish -d /tmp/framework

ForWindowsplatforms:

c:\Program Files\novell\npum\bin\unifi -u <admin> distrib publish -d

c:\tmp\framework

5 Whenprompted,enterthepasswordfortheadminuser.

6 (Optional)Toviewavailablepackages,logintotheFrameworkManager,thenclickPackage

Manager.

7 Deletethe

framework

directory.

3.5 Stopping and Restarting the Framework

TheFrameworkservicesandprocessesstartautoma ticallyafterinstallationandsystemreboot,so

thereisnormallynoneedtostopandrestartthem.Ifyouneedtostopandrestarttheservicesand

processesmanually,followtheinstructionsbelowforyourplatform:

 Section 3.5.1,“A I X, ” onpage 20

 Section 3.5.2,“HP‐UX,”onpage 20

 Section 3.5.3,“Linux,”onpage 20

 Section 3.5.4,“Solaris,”onpage 20

 Section 3.5.5,“Windows,”onpage 21

20 NetIQ Privileged User Manager 2.3.2 Installation Guide

3.5.1 AIX

TostoptheFram eworkprocess:

stopsrc -s npum

TostarttheFrameworkprocess:

startsrc -s npum

3.5.2 HP-UX

TostoptheFram eworkprocess:

/sbin/init.d/npum stop

TostarttheFrameworkprocess:

/sbin/init.d/npum start

Tocheckthestatus:

/sbin/init.d/npum status

3.5.3 Linux

Thefollowinginstructionsapplytoalldistributions.

TostoptheFram eworkprocess:

/etc/init.d/npum stop

TostarttheFrameworkprocess:

/etc/init.d/npum start

Tocheckthestatus:

/etc/init.d/npum status

3.5.4 Solaris

Thefollowinginstructionsapplytoallsupporteddistributions.

TostoptheFram eworkprocess:

/etc/init.d/npum stop

TostarttheFrameworkprocess:

/etc/init.d/npum start

Tocheckthestatus:

/etc/init.d/npum status

Solaris10alsousestheSMF(ServiceManagementfacility).Examplecommandsare:

svcs | grep npum

Page is loading ...

Novell Privileged User Manager 2.3 User guide

Novell Privileged User Manager 2.3 User guide

Novell Privileged User Manager 2.3 User guide

Related papers

Other documents