Welcome, we are now Quest! Learn more about Support at Quest

Quest One Management Console for Unix 2.5.1 - Administrators Guide

Quest One Privileged Access Suite for Unix Introducing Quest One Management Console for Unix Installing Management Console for Unix Preparing Unix Hosts Working with Host Systems Managing Local Groups Managing Local Users Active Directory Integration Authentication Services Integration Privilege Manager Integration
Getting Started Configure a Primary Policy Server Configure a Secondary Policy Server Install PM Agent or Sudo Plugin on a Remote Host Managing Security Policy Event Logs and Keystroke Logging
Reporting Setting Preferences
User Preferences System Settings
Security Troubleshooting Tips
Auto Profile Issues Active Directory Issues Auditing and Compliance Cannot Create a Service Connection Point Check QAS Agent Status Commands Not Available CSV or PDF Reports Do Not Open Database Port Number Is Already in Use Elevation Is Not Working Hosts Do Not Display Import File Lists Fakepath Information Does Not Display in the Console Java Applet Failures License Info in Report is not Accurate Out of Memory Error Post Install Configuration Fails on Unix or Mac Privilege Manager Feature Issues Profile Task Never Completes questusr Account was Deleted Readiness Check Failed Recovering From a Failed Upgrade Reports Are Slow Reset the Supervisor Password Running on a Windows 2008 R2 Domain Controller Service Account Login Fails Setting Custom Configuration Settings Single Sign-on (SSO) Issues JVM Memory Tuning Suggestions Start/Stop/Restart Management Console for Unix Service Tool Bar Buttons Are Not Enabled UID or GID Conflicts
System Maintenance Command Line Utilities Web Services Database Maintenance

Quest One Privileged Access Suite for Unix

Unix Security Simplified

Quest One Privileged Access Suite for Unix solves the inherent security and administration issues of Unix-based systems (including Linux and Mac) while making satisfying compliance requirements a breeze. It unifies and consolidates identities, assigns individual accountability and enables centralized reporting for user and administrator access to Unix. The Privileged Access Suite for Unix is a one-stop shop for Unix security that combines an Active Directory bridge and root delegation solutions under a unified console that grants organizations centralized visibility and streamlined administration of identities and access rights across their entire Unix environment.

Active Directory Bridge

Achieve unified access control, authentication, authorization and identity administration for Unix, Linux, and Mac systems by extending them into Active Directory (AD) and taking advantage of AD’s inherent benefits. Patented technology allows non-Windows resources to become part of the AD trusted realm, and extends AD’s security, compliance and Kerberos-based authentication capabilities to Unix, Linux, and Mac. (See Authentication Services for more information about the Active Directory Bridge product.)

Root Delegation

The Privileged Access Suite for Unix offers two different approaches to delegating the Unix root account. The suite either enhances or replaces sudo, depending on your needs.

  • By choosing to enhance sudo, you will keep everything you know and love about sudo while enhancing it with features like a central sudo policy server, centralized keystroke logs, a sudo event log, and compliance reports for who can do what with Sudo.

    (See Quest One Privilege Manager for Sudo for more information about enhancing sudo.)

  • By choosing to replace sudo, you will still be able to delegate the Unix root privilege based on centralized policy reporting on access rights, but with a more granular permission and the ability to log keystrokes on all activities from the time a user logs in, not just the commands that are prefixed with "sudo". In addition, this option implements several additional security features like restricted shells, remote host command execution, and hardened binaries that remove the ability to escape out of commands and gain undetected elevated access.

    (See Privilege Manager for Unix for more information about replacing sudo.)

Privileged Access Suite for Unix

Privileged Access Suite for Unix offers two editions - Standard edition and Advanced edition. Both editions include: Quest One Management Console for Unix, a common management console that provides a consolidated view and centralized point of management for local Unix users and groups; and Authentication Services, patented technology that enables organizations to extend the security and compliance of Active Directory to Unix, Linux, and Mac platforms and enterprise applications. In addition

  • The Standard edition licenses you for Privilege Manager for Sudo.
  • The Advanced edition licenses you for Privilege Manager for Unix.

Quest recommends that you follow these steps:

  1. Install Authentication Services on one machine, so you can set up your Active Directory Forest.
  2. Install Quest One Management Console for Unix, so you can perform all the other installation steps from the management console.
  3. Add and profile host(s) using the management console.
  4. Configure the console to use Active Directory.
  5. Deploy client software to remote hosts.

    Depending on which Privileged Access Suite for Unix edition you have purchased, deploy either:

    • Privilege Manager for Unix software (that is, Privilege Manager Agent packages)

      -OR-

    • Privilege Manager for Sudo software (that is, Privilege Manager for Sudo Plugin packages)

See Install Privilege Manager Agent or Plugin Software for more information about the two Privilege Manager client software packages available to install onto remote hosts.

Note: Refer to Getting Started for a better understanding of the steps to take to be up and running quickly.

Was this topic helpful?

[Select Rating]



About Quest Software

Established in 1987, Quest Software (Nasdaq: QSFT) provides simple and innovative IT management solutions that enable more than 100,000 global customers to save time and money across physical and virtual environments. Quest products solve complex IT challenges ranging from database management, data protection, identity and access management, monitoring, user workspace management to Windows management. For more information, visit www.quest.com.

Contacting Quest Software

Phone: 949.754.8000 (United States and Canada)
Email: info@quest.com
Mail: Quest Software, Inc.
  World Headquarters
  5 Polaris Way
  Aliso Viejo, CA 92656 USA
Web site: www.quest.com

Was this topic helpful?

[Select Rating]



Quest One Identity Solution

Quest One Management Console for Unix is a component of the Quest One Identity Solution, a set of enabling technologies, products, and integration that empowers organizations to simplify identity and access management by:

  • Reducing the number of identities
  • Automating identity administration
  • Ensuring the security of identities
  • Leveraging existing investments, including Microsoft Active Directory

Quest One improves efficiency, enhances security and helps organizations achieve and maintain compliance by addressing identity and access management challenges as they relate to:

  • Single sign-on
  • Directory consolidation
  • Provisioning
  • Password management
  • Strong authentication
  • Privileged account management
  • Audit and compliance

Was this topic helpful?

[Select Rating]



Contacting Quest Support

Quest Support is available to customers who have a trial version of a Quest product or who have purchased a Quest product and have a valid maintenance contract. Quest Support provides unlimited 24x7 access to our self-service Support Portal.

Information Sources Contact Points
Quest Support

Support Portal: support.quest.com

Quest Support Portal gives you access to these tools and resources:

  • Search Knowledge Base

    Search our extensive Knowledge Base to quickly find answers to common questions. Popular solutions, latest releases, product notifications, product documentation, patches, video tutorials, are just a few clicks away. New content is added every day.

  • Communities

    Join other peers to get solutions, join discussion forums, hear from experts and voice your opinion in your product community.

  • Manage Service Requests

    Submit a Service Request as well as update and review the status of current Service Requests.

  • Additional Resources
    • Obtain Support by Product
    • Software Downloads
    • Documentation

You can submit a service request with Quest Support at https://support.quest.com/CaseManagement/ManageServiceRequest.aspx or phone: 1.800.306.9329.

Public Forum

The Community site is a place to find answers and advice, join a discussion forum, or get the latest documentation and release information: All Things Unix Community.

Support Services

View Support Services for a detailed explanation of support programs, online services, contact information, policies and procedures at: Support Services.

Find out everything you need to know about Quest Software's Global Support at: Support Policies

Note: If you call Quest Support for help, they may ask you to send them the following files:
  • <INSTALL_DIR>/.install4j
  • <DATA_HOME>/resouces/custom.cfg configuration file
  • <DATA_HOME>/logs (service.log or service_debug.log)

where "<INSTALL_DIR>" is the installation directory and "<DATA_HOME>" is the Management Console for Unix application data directory.

By default, the installation directory is:

  • On Windows 32-bit platforms:
    %SystemDrive%:\Program Files\Quest Software\Management Console for Unix
  • On Windows 64-bit platforms:
    %SystemDrive%:\Program Files (x86)\Quest Software\Management Console for Unix
  • On Unix/Mac platforms:
    /opt/quest/mcu

By default, the application data directory is:

  • On Windows XP/2003 Server:
    %SystemDrive%:\Documents and Settings\All Users\Application Data\Quest Software\Management Console for Unix
  • On Windows 2008 Server/Vista/7:
    %SystemDrive%:\ProgramData\Quest Software\Management Console for Unix
  • On Unix/Mac:
    /var/opt/quest/mcu



        


Was this topic helpful?

[Select Rating]



Self Service Tools
Knowledge Base
Product Support
Software Downloads
Technical Documentation
User Forums
Video Tutorials
Related Documents