SlideShare a Scribd company logo

Introducing Novell Privileged User Manager and Securing Novell Open Enterprise Server 2

Novell
Novell

Come to this session and see how Novell Privileged User Manager can help your organization reduce the cost, complexity and risk associated with managing superusers across the enterprise. Find out how to rapidly deploy superuser management for Novell Open Enterprise Server 2. You will see a live demo of how Novell Privileged User Manager allows you to control what commands users are authorized to run, at what time and from what location.

1 of 45
Download to read offline
Intro to Novell ® Privileged User Manager and Securing Novell Open Enterprise Server 2 Brett A. Berger Aaron Burgemeister Global Technical Support Global Technical Support Novell, Inc/bberger@novell.com Novell, Inc/ab@novell.com
Novell Privileged User Manager ® • Introduction to Novell Privileged User Manager – Business Challenges – Novell Privileged User Manager solutions • The Framework – Framework Components – Framework Deployment • Command Control – Configuration - Rules – Configuration - Commands – Configuration - Scripts 2 © Novell, Inc. All rights reserved.
Novell Privileged User Manager ® (cont.) • Audit, Compliance, and Reporting – Overview • Demo – Agent installation and registration – Patching Agents and Managers – Using NPUM to secure OES2 > eDirectory ™ > Novell-tomcat > etc. • Questions and Answers 3 © Novell, Inc. All rights reserved.
Intro to Novell ® Privileged User Manager
The IT Landscape is Changing The risks and challenges of computing across multiple Linux/Unix environments must be eliminated. Users should have unimpeded, secure and compliant access to the computing services they need to do their jobs right. Computing should be secure and compliant. 5 © Novell, Inc. All rights reserved.
Business challenges Linux/UNIX Administrators require elevated (superuser) privileges to do their job Uncontrolled superuser access leaves the data center open to back door entries Audit Weakness – Rogue admins/users covering their tracks Compliance and Reporting 6 © Novell, Inc. All rights reserved.
Delegating Superuser Privileges • Linux/UNIX admins require elevated (Superuser) privileges to do their jobs IT Manager System Admin root root DBA App Developer Admin Security Admin Novell Privileged User Manager ® can solve this 7 © Novell, Inc. All rights reserved.
Uncontrolled Superuser Access Uncontrolled Superuser access leaves the data center open to Backdoor entry. Novell Privileged User Manager ® can solve this 8 © Novell, Inc. All rights reserved.
Audit Weakness Audit weakness – users covering their tracks. Novell Privileged User Manager ® can solve this 9 © Novell, Inc. All rights reserved.
Compliance and Reporting Compliance and reporting user access. Novell Privileged User Manager ® can solve this 10 © Novell, Inc. All rights reserved.
Novell Privileged User Manager ®
Novell Privileged User Manager ® • Control user access to root privileges • Audit all user activity with 100% keystroke logging • Simplify audit activity with the most relevant, context-based information • Analyze potential threats based on policy-based risk ratings 12 © Novell, Inc. All rights reserved.
The Framework
The Framework • The Framework is made up of three primary components: Framework Framework Framework Manager Console Agent 1 2 3 14 © Novell, Inc. All rights reserved.
Framework Manager Audit Novell Privileged Use Manager Command Control Agent Compliance Back Up Manager Reporting Agent ® Package Manager Primary Manager Agent 15 © Novell, Inc. All rights reserved.
Framework Console 16 © Novell, Inc. All rights reserved.
Framework Agent Command Novell Privileged Use Manager Control Registry Agent Distribution Back Up Manager Store and Forward Agent ® System Information (optional) Primary Manager Agent 17 © Novell, Inc. All rights reserved.
Underlying Modular Architecture Audit databases can be placed in multiple Multiple Managers provide fail-over Internet locations for redundancy and security capability and load-balancing. Audit Manager Command Control Framework Console Audit Manager Command Control Port Agent Agent Agent 443 Web Browser (Administrative Access) Port Port Port Port Port 29120 29120 29120 29120 29120 Host to host communications Command Control Groups of Agents can be added to Agent Agent Agent Agent logical domains for load-balancing, redundancy and traffic segregation Port Port Port Port Port 29120 29120 29120 29120 29120 Host to host communications 18 © Novell, Inc. All rights reserved.
Deploying Novell Privileged User Manager ®
NPUM Prerequisites Admin Console requires Browser with Adobe Flash installed Open ports 443 (manager) and 29120 (agents and manager) Servers must be resolvable (DNS/hosts/etc) Time in sync (use ntp) For SUSE Linux Enterprise Server (SLES) – See ® TID#7003992 - usrun reports /bin/ls: cannot read symbolic link /proc/$$/exe: Permission denied 20 © Novell, Inc. All rights reserved.
Configuration Manager • Novell Privileged User Manager 2.2.1 - ® – rpm -ivh novell-npum-manager-2.2.1-linux-2.X-XXX.rpm – Verify install in /opt/novell/npum/logs/unifid.log • Login to https://ipaddress_of_framework_manager – User: admin – Pwd: novell – Default port of Framework Manager is 443 – /opt/novell/npum/service/local/admin/connector.xml – <Connector ssl_ctx="https" port="443"mode="https"/> 21 © Novell, Inc. All rights reserved.
Simple Deployment Step 1 Install Framework Manager • Only one Framework Manager Manager is installed • Framework Manager can be installed on any supported host operating SLES 11 OES2 SP2 system RedHat AIX Solaris 22 © Novell, Inc. All rights reserved.
Simple Deployment Step 2 Pre-register Agents • Log onto Web Console Manager • Enter the names of the agents that will be added to this Framework. SLES 11 OES2 SP2 RedHat AIX Solaris 23 © Novell, Inc. All rights reserved.
Configuration Agents • Installing and registering an NPUM Agent – rpm -ivh novell-npum-agent-2.2.1-linux-2.X-XXXX.rpm – Register the Agent > sd145:/ # /opt/novell/npum/sbin/unifi regclnt register Please provide the hostname or address for the framework manager : () 151.155.128.68 Please provide the port number for the framework manager: (29120) Please provide the hostname or address for this agent: (sd145) Please provide the registered agent name for this agent: (sd145) 24 © Novell, Inc. All rights reserved.
Simple Deployment Step 3 Install Framework Agents • Each Framework Agent has a unique installer for the Manager Agent platform. • During the install process the Framework Manager address SLES 11 OES2 SP2 is entered together with valid Framework credentials to register the new Agent into the Agent Agent Framework. • The Agent and Manager Agent handshake and a trust RedHat AIX relationship is established. Solaris 25 © Novell, Inc. All rights reserved.
Command Control
Novell Privileged User Manager ® Non- Log in as root submit user: root controlled runuser: root submit user: aaron Command Control authorization DB NPUM Log in as aaron remote shell controlled remote shell runuser: root – User logs in with own non-privileged account – Commands authorized before being executed remotely – Known as ‘root delegation’ 27 © Novell, Inc. All rights reserved.
Configuration Setting up Rules • Rules provide the means by which you can control commands. Commands can be authorized to run, or not authorized to run. • Optional rule conditions. – The command being submitted – The user and host submitting the command – The user and host assigned to run the command – The time the command is submitted – etc. 28 © Novell, Inc. All rights reserved.
Configuration Setting up Commands • Commands – Commands > novell-tomcat5* » Would allow all options after novell-tomcat5 » Examples: novell-tomcat5 start or novell-tomcat5 stop, etc – Commands, using regular expressions > =~#^(|/etc/init.d/)novell-tomcat5(s+|$)# » Would allow /etc/init.d/novell-tomcat5 or novell-tomcat5 with any options afterwards. » Examples: /etc/init.d/novell-tomcat5 start or novell-tomcat5 stop, etc 29 © Novell, Inc. All rights reserved.
Configuration Setting up Scripts • Scripts – In addition to commands, perl scripts can be added to rules to do additional processing such as: > Send an email when a command is run > Execute Run users profile > Define Illegal commands > Truncate stdin/stdout/sterr captured by KB 30 © Novell, Inc. All rights reserved.
Configuration Running Commands • usrun – usrun [command] – usrun passes the command to the Command Control Manager and for authorization. Command is allowed or denied based on configured rules. – Examples: > usrun /etc/init.d/ndsd stop > usrun novell-tomcat5 restart • Rush – usrun rush – Rush shell is based off the Korn (ksh) shell. Rush allows for complete session capture. Configure Command risk. • Crush - Change users logon shell to /usr/bin/crush. Crush allows for complete session capture, without granting superuser privileges. 31 © Novell, Inc. All rights reserved.
Audit, Compliance, and Reporting
Audit/Reporting • Independent audit events are sent to the configured Audit servers from each agent • Audit events include the following – Capture (Full keystroke session playback) – Start time/End time – User, Host, Command – Authorized/Unauthorized 33 © Novell, Inc. All rights reserved.
Compliance • Compliance Auditor collects, filters and generates reports of audit data for analysis and sign-off by authorized personnel. • Rules can be configured to pull any number of audit events matching a given filter at a specific interval. • When an audit event is viewed, auditors can authorize the event, mark it as unauthorized, escalate it, or assign it to someone else for further review. – Each change is recorded as an “Audit trail” • Automatic reports can be generated and e-mailed to appropriate personnel 34 © Novell, Inc. All rights reserved.
Workflow for Novell Privileged User Manager ® Session event and keystroke log Command Control Validate and secure Add audit group User Activity 1 user session 2 and risk rating Audit Rules Log Automated rules pull events into Compliance Manager notified by e-mail 3 Auditor database according to pre- 4 each night of events defined risk filters waiting to be authorized Compliance Auditor Manager logs into Manager 5 Compliance Auditor and authorizes events Each event record is color-coded according to the highest rated command risk 35 © Novell, Inc. All rights reserved.
Demo
Demo Agent install and registration • Agent installation – rpm -ivh novell-npum-agent-2.2.1-linux-2.4-intel.rpm • Agent must be entered into the GUI – Host | Select the desired domain | “Add Hosts” • Agent registration – Please remember to register this installation with the Novell Privileged User Manager using the command: /opt/novell/npum/sbin/unifi regclnt register 37 © Novell, Inc. All rights reserved.
Demo Agent install and registration • Agent registration (client side) sles11-npum2:~ # /opt/novell/npum/sbin/unifi regclnt register Please provide the hostname or address for the framework manager : () 151.155.130.142 Please provide the port number for the framework manager: (29120) Please provide the hostname or address for this agent: () 151.155.128.131 Please provide the registered agent name for this agent: (sles11-npum2) Framework manager: 151.155.130.142:29120 Agent hostname or address : 151.155.128.131 Agent name : sles11-npum2 Is this correct: (y) Please enter the name and password of an account with permission to register this host. User name: (admin) Password: 38 © Novell, Inc. All rights reserved.
Demo Patching Hosts • Once the Agent has been installed, patches can be deployed through GUI to all registered hosts. • Login to GUI | Hosts | select the desired host | Update Packages • Patches may be applied on a single host or by domain, or by all hosts in the environment 39 © Novell, Inc. All rights reserved.
Demo Securing OES2 Services • On OES2 Linux, most of the “services” such as eDirectory , novell-tomcat5, LUM, etc must be ™ configured and administered as root • With Novell Privileged User Manager, simple rules can ® be created to allow administrators of these services to run their commands with root privileges WITHOUT knowing roots password or logging in as root. 40 © Novell, Inc. All rights reserved.
Demo Securing OES2 Services (cont.) • Sample rule to Start/Stop eDirectory ™ • Begin Rule: eDirectory Stop/Start If (command IN eDir Start/Stop AND user IN eDirAdminFull) Then Set Authorize: yes Set runUser = "root" Run Script: Execute RunUsers Profile() Stop if authorized End If End Rule: eDirectory Stop/Start 41 © Novell, Inc. All rights reserved.
Demo Securing OES2 Services (cont.) From this example, user “bergerbr” which is apart of the eDirAdminFull group, logged in with normal privileges would be able to run “usrun /etc/init.d/ndsd stop” or “usrun /etc/init.d/ndsd start” 42 © Novell, Inc. All rights reserved.
Question and Answers
Unpublished Work of Novell, Inc. All Rights Reserved. This work is an unpublished work and contains confidential, proprietary, and trade secret information of Novell, Inc. Access to this work is restricted to Novell employees who have a need to know to perform tasks within the scope of their assignments. No part of this work may be practiced, performed, copied, distributed, revised, modified, translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of Novell, Inc. Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability. General Disclaimer This document is not to be construed as a promise by any participating company to develop, deliver, or market a product. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. Novell, Inc. makes no representations or warranties with respect to the contents of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. The development, release, and timing of features or functionality described for Novell products remains at the sole discretion of Novell. Further, Novell, Inc. reserves the right to revise this document and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. All Novell marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc. in the United States and other countries. All third-party trademarks are the property of their respective owners.

Recommended

Novell Success Stories: Endpoint Management in Education
Novell Success Stories: Endpoint Management in EducationNovell Success Stories: Endpoint Management in Education
Novell Success Stories: Endpoint Management in EducationNovell
 
Novell Success Stories: Endpoint Management in High Tech and Professional Ser...
Novell Success Stories: Endpoint Management in High Tech and Professional Ser...Novell Success Stories: Endpoint Management in High Tech and Professional Ser...
Novell Success Stories: Endpoint Management in High Tech and Professional Ser...Novell
 
Migrating from Novell ZENworks 7 Desktop Management to Novell ZENworks Config...
Migrating from Novell ZENworks 7 Desktop Management to Novell ZENworks Config...Migrating from Novell ZENworks 7 Desktop Management to Novell ZENworks Config...
Migrating from Novell ZENworks 7 Desktop Management to Novell ZENworks Config...Novell
 
Novell Success Stories: Endpoint Management for Nonprofits
Novell Success Stories: Endpoint Management for NonprofitsNovell Success Stories: Endpoint Management for Nonprofits
Novell Success Stories: Endpoint Management for NonprofitsNovell
 
Novell Success Stories: Endpoint Management in Government
Novell Success Stories: Endpoint Management in GovernmentNovell Success Stories: Endpoint Management in Government
Novell Success Stories: Endpoint Management in GovernmentNovell
 
Novell Success Stories: Endpoint Management in Healthcare
Novell Success Stories: Endpoint Management in HealthcareNovell Success Stories: Endpoint Management in Healthcare
Novell Success Stories: Endpoint Management in HealthcareNovell
 
Novell Support Revealed! An Insider's Peek and Feedback Opportunity
Novell Support Revealed! An Insider's Peek and Feedback OpportunityNovell Support Revealed! An Insider's Peek and Feedback Opportunity
Novell Support Revealed! An Insider's Peek and Feedback OpportunityNovell
 
Novell Success Stories: Collaboration in Travel and Hospitality
Novell Success Stories: Collaboration in Travel and HospitalityNovell Success Stories: Collaboration in Travel and Hospitality
Novell Success Stories: Collaboration in Travel and HospitalityNovell
 

Recommended

Novell Success Stories: Endpoint Management in Education
Novell Success Stories: Endpoint Management in EducationNovell Success Stories: Endpoint Management in Education
Novell Success Stories: Endpoint Management in EducationNovell
 
Novell Success Stories: Endpoint Management in High Tech and Professional Ser...
Novell Success Stories: Endpoint Management in High Tech and Professional Ser...Novell Success Stories: Endpoint Management in High Tech and Professional Ser...
Novell Success Stories: Endpoint Management in High Tech and Professional Ser...Novell
 
Migrating from Novell ZENworks 7 Desktop Management to Novell ZENworks Config...
Migrating from Novell ZENworks 7 Desktop Management to Novell ZENworks Config...Migrating from Novell ZENworks 7 Desktop Management to Novell ZENworks Config...
Migrating from Novell ZENworks 7 Desktop Management to Novell ZENworks Config...Novell
 
Novell Success Stories: Endpoint Management for Nonprofits
Novell Success Stories: Endpoint Management for NonprofitsNovell Success Stories: Endpoint Management for Nonprofits
Novell Success Stories: Endpoint Management for NonprofitsNovell
 
Novell Success Stories: Endpoint Management in Government
Novell Success Stories: Endpoint Management in GovernmentNovell Success Stories: Endpoint Management in Government
Novell Success Stories: Endpoint Management in GovernmentNovell
 
Novell Success Stories: Endpoint Management in Healthcare
Novell Success Stories: Endpoint Management in HealthcareNovell Success Stories: Endpoint Management in Healthcare
Novell Success Stories: Endpoint Management in HealthcareNovell
 
Novell Support Revealed! An Insider's Peek and Feedback Opportunity
Novell Support Revealed! An Insider's Peek and Feedback OpportunityNovell Support Revealed! An Insider's Peek and Feedback Opportunity
Novell Support Revealed! An Insider's Peek and Feedback OpportunityNovell
 
Novell Success Stories: Collaboration in Travel and Hospitality
Novell Success Stories: Collaboration in Travel and HospitalityNovell Success Stories: Collaboration in Travel and Hospitality
Novell Success Stories: Collaboration in Travel and HospitalityNovell
 
Custom Development with Novell Teaming
Custom Development with Novell TeamingCustom Development with Novell Teaming
Custom Development with Novell TeamingNovell
 
Avoiding Common Novell ZENworks Configuration Management Implementation Pitfalls
Avoiding Common Novell ZENworks Configuration Management Implementation PitfallsAvoiding Common Novell ZENworks Configuration Management Implementation Pitfalls
Avoiding Common Novell ZENworks Configuration Management Implementation PitfallsNovell
 
Novell ZENworks Advanced Application Management
Novell ZENworks Advanced Application ManagementNovell ZENworks Advanced Application Management
Novell ZENworks Advanced Application ManagementNovell
 
Best Practices for Administering Novell GroupWise 8
Best Practices for Administering Novell GroupWise 8Best Practices for Administering Novell GroupWise 8
Best Practices for Administering Novell GroupWise 8Novell
 
Introducing Novell Conferencing
Introducing Novell ConferencingIntroducing Novell Conferencing
Introducing Novell ConferencingNovell
 
How to Maintain Software Appliances
How to Maintain Software AppliancesHow to Maintain Software Appliances
How to Maintain Software AppliancesNovell
 
Novell Success Stories: Endpoint Management in Retail and Manufacturing
Novell Success Stories: Endpoint Management in Retail and ManufacturingNovell Success Stories: Endpoint Management in Retail and Manufacturing
Novell Success Stories: Endpoint Management in Retail and ManufacturingNovell
 
Novell Success Stories: Collaboration in Government
Novell Success Stories: Collaboration in GovernmentNovell Success Stories: Collaboration in Government
Novell Success Stories: Collaboration in GovernmentNovell
 
Adaptive Computing Using PlateSpin Orchestrate
Adaptive Computing Using PlateSpin OrchestrateAdaptive Computing Using PlateSpin Orchestrate
Adaptive Computing Using PlateSpin OrchestrateNovell
 
Novell Success Stories: Collaboration in Education
Novell Success Stories: Collaboration in EducationNovell Success Stories: Collaboration in Education
Novell Success Stories: Collaboration in EducationNovell
 
BSM201.pdf
BSM201.pdfBSM201.pdf
BSM201.pdfNovell
 
IDC Says, Don't Move To The Cloud
IDC Says, Don't Move To The CloudIDC Says, Don't Move To The Cloud
IDC Says, Don't Move To The CloudNovell
 
What an Enterprise Should Look for in a Cloud Provider
What an Enterprise Should Look for in a Cloud ProviderWhat an Enterprise Should Look for in a Cloud Provider
What an Enterprise Should Look for in a Cloud ProviderNovell
 
Integrating Novell Teaming within Your Existing Infrastructure
Integrating Novell Teaming within Your Existing InfrastructureIntegrating Novell Teaming within Your Existing Infrastructure
Integrating Novell Teaming within Your Existing InfrastructureNovell
 
Windows and Linux Interopability
Windows and Linux InteropabilityWindows and Linux Interopability
Windows and Linux InteropabilityNovell
 
Protection against Lost or Stolen Data with Novell ZENworks Endpoint Security...
Protection against Lost or Stolen Data with Novell ZENworks Endpoint Security...Protection against Lost or Stolen Data with Novell ZENworks Endpoint Security...
Protection against Lost or Stolen Data with Novell ZENworks Endpoint Security...Novell
 
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...Novell
 
Finding Virtual Coins in the Couch
Finding Virtual Coins in the CouchFinding Virtual Coins in the Couch
Finding Virtual Coins in the CouchNovell
 
Run Book Automation with PlateSpin Orchestrate
Run Book Automation with PlateSpin OrchestrateRun Book Automation with PlateSpin Orchestrate
Run Book Automation with PlateSpin OrchestrateNovell
 
Creating a Full Privileged User Solution with Novell Privileged User Manager,...
Creating a Full Privileged User Solution with Novell Privileged User Manager,...Creating a Full Privileged User Solution with Novell Privileged User Manager,...
Creating a Full Privileged User Solution with Novell Privileged User Manager,...Novell
 
Integrating Novell Access Governance Suite with Novell Identity Manager
Integrating Novell Access Governance Suite with Novell Identity ManagerIntegrating Novell Access Governance Suite with Novell Identity Manager
Integrating Novell Access Governance Suite with Novell Identity ManagerNovell
 
Wallix AdminBastion - Privileged User Management &amp; Access Control
Wallix AdminBastion - Privileged User Management &amp; Access ControlWallix AdminBastion - Privileged User Management &amp; Access Control
Wallix AdminBastion - Privileged User Management &amp; Access Controlzayedalji
 

More Related Content

What's hot

Custom Development with Novell Teaming
Custom Development with Novell TeamingCustom Development with Novell Teaming
Custom Development with Novell TeamingNovell
 
Avoiding Common Novell ZENworks Configuration Management Implementation Pitfalls
Avoiding Common Novell ZENworks Configuration Management Implementation PitfallsAvoiding Common Novell ZENworks Configuration Management Implementation Pitfalls
Avoiding Common Novell ZENworks Configuration Management Implementation PitfallsNovell
 
Novell ZENworks Advanced Application Management
Novell ZENworks Advanced Application ManagementNovell ZENworks Advanced Application Management
Novell ZENworks Advanced Application ManagementNovell
 
Best Practices for Administering Novell GroupWise 8
Best Practices for Administering Novell GroupWise 8Best Practices for Administering Novell GroupWise 8
Best Practices for Administering Novell GroupWise 8Novell
 
Introducing Novell Conferencing
Introducing Novell ConferencingIntroducing Novell Conferencing
Introducing Novell ConferencingNovell
 
How to Maintain Software Appliances
How to Maintain Software AppliancesHow to Maintain Software Appliances
How to Maintain Software AppliancesNovell
 
Novell Success Stories: Endpoint Management in Retail and Manufacturing
Novell Success Stories: Endpoint Management in Retail and ManufacturingNovell Success Stories: Endpoint Management in Retail and Manufacturing
Novell Success Stories: Endpoint Management in Retail and ManufacturingNovell
 
Novell Success Stories: Collaboration in Government
Novell Success Stories: Collaboration in GovernmentNovell Success Stories: Collaboration in Government
Novell Success Stories: Collaboration in GovernmentNovell
 
Adaptive Computing Using PlateSpin Orchestrate
Adaptive Computing Using PlateSpin OrchestrateAdaptive Computing Using PlateSpin Orchestrate
Adaptive Computing Using PlateSpin OrchestrateNovell
 
Novell Success Stories: Collaboration in Education
Novell Success Stories: Collaboration in EducationNovell Success Stories: Collaboration in Education
Novell Success Stories: Collaboration in EducationNovell
 
BSM201.pdf
BSM201.pdfBSM201.pdf
BSM201.pdfNovell
 
IDC Says, Don't Move To The Cloud
IDC Says, Don't Move To The CloudIDC Says, Don't Move To The Cloud
IDC Says, Don't Move To The CloudNovell
 
What an Enterprise Should Look for in a Cloud Provider
What an Enterprise Should Look for in a Cloud ProviderWhat an Enterprise Should Look for in a Cloud Provider
What an Enterprise Should Look for in a Cloud ProviderNovell
 
Integrating Novell Teaming within Your Existing Infrastructure
Integrating Novell Teaming within Your Existing InfrastructureIntegrating Novell Teaming within Your Existing Infrastructure
Integrating Novell Teaming within Your Existing InfrastructureNovell
 
Windows and Linux Interopability
Windows and Linux InteropabilityWindows and Linux Interopability
Windows and Linux InteropabilityNovell
 
Protection against Lost or Stolen Data with Novell ZENworks Endpoint Security...
Protection against Lost or Stolen Data with Novell ZENworks Endpoint Security...Protection against Lost or Stolen Data with Novell ZENworks Endpoint Security...
Protection against Lost or Stolen Data with Novell ZENworks Endpoint Security...Novell
 
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...Novell
 
Finding Virtual Coins in the Couch
Finding Virtual Coins in the CouchFinding Virtual Coins in the Couch
Finding Virtual Coins in the CouchNovell
 
Run Book Automation with PlateSpin Orchestrate
Run Book Automation with PlateSpin OrchestrateRun Book Automation with PlateSpin Orchestrate
Run Book Automation with PlateSpin OrchestrateNovell
 

What's hot (19)

Custom Development with Novell Teaming
Custom Development with Novell TeamingCustom Development with Novell Teaming
Custom Development with Novell Teaming
 
Avoiding Common Novell ZENworks Configuration Management Implementation Pitfalls
Avoiding Common Novell ZENworks Configuration Management Implementation PitfallsAvoiding Common Novell ZENworks Configuration Management Implementation Pitfalls
Avoiding Common Novell ZENworks Configuration Management Implementation Pitfalls
 
Novell ZENworks Advanced Application Management
Novell ZENworks Advanced Application ManagementNovell ZENworks Advanced Application Management
Novell ZENworks Advanced Application Management
 
Best Practices for Administering Novell GroupWise 8
Best Practices for Administering Novell GroupWise 8Best Practices for Administering Novell GroupWise 8
Best Practices for Administering Novell GroupWise 8
 
Introducing Novell Conferencing
Introducing Novell ConferencingIntroducing Novell Conferencing
Introducing Novell Conferencing
 
How to Maintain Software Appliances
How to Maintain Software AppliancesHow to Maintain Software Appliances
How to Maintain Software Appliances
 
Novell Success Stories: Endpoint Management in Retail and Manufacturing
Novell Success Stories: Endpoint Management in Retail and ManufacturingNovell Success Stories: Endpoint Management in Retail and Manufacturing
Novell Success Stories: Endpoint Management in Retail and Manufacturing
 
Novell Success Stories: Collaboration in Government
Novell Success Stories: Collaboration in GovernmentNovell Success Stories: Collaboration in Government
Novell Success Stories: Collaboration in Government
 
Adaptive Computing Using PlateSpin Orchestrate
Adaptive Computing Using PlateSpin OrchestrateAdaptive Computing Using PlateSpin Orchestrate
Adaptive Computing Using PlateSpin Orchestrate
 
Novell Success Stories: Collaboration in Education
Novell Success Stories: Collaboration in EducationNovell Success Stories: Collaboration in Education
Novell Success Stories: Collaboration in Education
 
BSM201.pdf
BSM201.pdfBSM201.pdf
BSM201.pdf
 
IDC Says, Don't Move To The Cloud
IDC Says, Don't Move To The CloudIDC Says, Don't Move To The Cloud
IDC Says, Don't Move To The Cloud
 
What an Enterprise Should Look for in a Cloud Provider
What an Enterprise Should Look for in a Cloud ProviderWhat an Enterprise Should Look for in a Cloud Provider
What an Enterprise Should Look for in a Cloud Provider
 
Integrating Novell Teaming within Your Existing Infrastructure
Integrating Novell Teaming within Your Existing InfrastructureIntegrating Novell Teaming within Your Existing Infrastructure
Integrating Novell Teaming within Your Existing Infrastructure
 
Windows and Linux Interopability
Windows and Linux InteropabilityWindows and Linux Interopability
Windows and Linux Interopability
 
Protection against Lost or Stolen Data with Novell ZENworks Endpoint Security...
Protection against Lost or Stolen Data with Novell ZENworks Endpoint Security...Protection against Lost or Stolen Data with Novell ZENworks Endpoint Security...
Protection against Lost or Stolen Data with Novell ZENworks Endpoint Security...
 
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...
 
Finding Virtual Coins in the Couch
Finding Virtual Coins in the CouchFinding Virtual Coins in the Couch
Finding Virtual Coins in the Couch
 
Run Book Automation with PlateSpin Orchestrate
Run Book Automation with PlateSpin OrchestrateRun Book Automation with PlateSpin Orchestrate
Run Book Automation with PlateSpin Orchestrate
 

Similar to Introducing Novell Privileged User Manager and Securing Novell Open Enterprise Server 2

Creating a Full Privileged User Solution with Novell Privileged User Manager,...
Creating a Full Privileged User Solution with Novell Privileged User Manager,...Creating a Full Privileged User Solution with Novell Privileged User Manager,...
Creating a Full Privileged User Solution with Novell Privileged User Manager,...Novell
 
Integrating Novell Access Governance Suite with Novell Identity Manager
Integrating Novell Access Governance Suite with Novell Identity ManagerIntegrating Novell Access Governance Suite with Novell Identity Manager
Integrating Novell Access Governance Suite with Novell Identity ManagerNovell
 
Wallix AdminBastion - Privileged User Management &amp; Access Control
Wallix AdminBastion - Privileged User Management &amp; Access ControlWallix AdminBastion - Privileged User Management &amp; Access Control
Wallix AdminBastion - Privileged User Management &amp; Access Controlzayedalji
 
Novell ZENworks Overview and Futures
Novell ZENworks Overview and FuturesNovell ZENworks Overview and Futures
Novell ZENworks Overview and FuturesNovell
 
Novell ZENworks Overview and Futures
Novell ZENworks Overview and FuturesNovell ZENworks Overview and Futures
Novell ZENworks Overview and FuturesNovell
 
Implementing and Proving Compliance Tactics with Novell Compliance Management...
Implementing and Proving Compliance Tactics with Novell Compliance Management...Implementing and Proving Compliance Tactics with Novell Compliance Management...
Implementing and Proving Compliance Tactics with Novell Compliance Management...Novell
 
End-point Management
End-point ManagementEnd-point Management
End-point ManagementIBM Danmark
 
Run Book Automation with PlateSpin Orchestrate
Run Book Automation with PlateSpin OrchestrateRun Book Automation with PlateSpin Orchestrate
Run Book Automation with PlateSpin OrchestrateNovell
 
Run Book Automation with PlateSpin Orchestrate
Run Book Automation with PlateSpin OrchestrateRun Book Automation with PlateSpin Orchestrate
Run Book Automation with PlateSpin OrchestrateNovell
 
Run Book Automation with PlateSpin Orchestrate
Run Book Automation with PlateSpin OrchestrateRun Book Automation with PlateSpin Orchestrate
Run Book Automation with PlateSpin OrchestrateNovell
 
Run Book Automation with PlateSpin Orchestrate
Run Book Automation with PlateSpin OrchestrateRun Book Automation with PlateSpin Orchestrate
Run Book Automation with PlateSpin OrchestrateNovell
 
Rules, Rules, Rules: Proactively Automate Management of the Service Infrastru...
Rules, Rules, Rules: Proactively Automate Management of the Service Infrastru...Rules, Rules, Rules: Proactively Automate Management of the Service Infrastru...
Rules, Rules, Rules: Proactively Automate Management of the Service Infrastru...Novell
 
Rapid Deployment of Novell ZENworks Configuration Management
Rapid Deployment of Novell ZENworks Configuration ManagementRapid Deployment of Novell ZENworks Configuration Management
Rapid Deployment of Novell ZENworks Configuration ManagementNovell
 
Pre-TechEd EMEA 2012 - SCOM 2012 Down in the cloud
Pre-TechEd EMEA 2012 - SCOM 2012 Down in the cloudPre-TechEd EMEA 2012 - SCOM 2012 Down in the cloud
Pre-TechEd EMEA 2012 - SCOM 2012 Down in the cloudwwwally
 
Overview of Identity and Access Management Product Line
Overview of Identity and Access Management Product LineOverview of Identity and Access Management Product Line
Overview of Identity and Access Management Product LineNovell
 
Minicom in the Data Center
Minicom in the Data CenterMinicom in the Data Center
Minicom in the Data Centerdavidzucker
 
Simplified, Robust and Speedy Novell Identity Manager Implementation with Des...
Simplified, Robust and Speedy Novell Identity Manager Implementation with Des...Simplified, Robust and Speedy Novell Identity Manager Implementation with Des...
Simplified, Robust and Speedy Novell Identity Manager Implementation with Des...Novell
 
TenduitRIMCenter
TenduitRIMCenterTenduitRIMCenter
TenduitRIMCentergrudolphi
 

Similar to Introducing Novell Privileged User Manager and Securing Novell Open Enterprise Server 2 (20)

Creating a Full Privileged User Solution with Novell Privileged User Manager,...
Creating a Full Privileged User Solution with Novell Privileged User Manager,...Creating a Full Privileged User Solution with Novell Privileged User Manager,...
Creating a Full Privileged User Solution with Novell Privileged User Manager,...
 
Integrating Novell Access Governance Suite with Novell Identity Manager
Integrating Novell Access Governance Suite with Novell Identity ManagerIntegrating Novell Access Governance Suite with Novell Identity Manager
Integrating Novell Access Governance Suite with Novell Identity Manager
 
Wallix AdminBastion - Privileged User Management &amp; Access Control
Wallix AdminBastion - Privileged User Management &amp; Access ControlWallix AdminBastion - Privileged User Management &amp; Access Control
Wallix AdminBastion - Privileged User Management &amp; Access Control
 
Novell ZENworks Overview and Futures
Novell ZENworks Overview and FuturesNovell ZENworks Overview and Futures
Novell ZENworks Overview and Futures
 
Novell ZENworks Overview and Futures
Novell ZENworks Overview and FuturesNovell ZENworks Overview and Futures
Novell ZENworks Overview and Futures
 
Implementing and Proving Compliance Tactics with Novell Compliance Management...
Implementing and Proving Compliance Tactics with Novell Compliance Management...Implementing and Proving Compliance Tactics with Novell Compliance Management...
Implementing and Proving Compliance Tactics with Novell Compliance Management...
 
End-point Management
End-point ManagementEnd-point Management
End-point Management
 
Run Book Automation with PlateSpin Orchestrate
Run Book Automation with PlateSpin OrchestrateRun Book Automation with PlateSpin Orchestrate
Run Book Automation with PlateSpin Orchestrate
 
Run Book Automation with PlateSpin Orchestrate
Run Book Automation with PlateSpin OrchestrateRun Book Automation with PlateSpin Orchestrate
Run Book Automation with PlateSpin Orchestrate
 
Run Book Automation with PlateSpin Orchestrate
Run Book Automation with PlateSpin OrchestrateRun Book Automation with PlateSpin Orchestrate
Run Book Automation with PlateSpin Orchestrate
 
Run Book Automation with PlateSpin Orchestrate
Run Book Automation with PlateSpin OrchestrateRun Book Automation with PlateSpin Orchestrate
Run Book Automation with PlateSpin Orchestrate
 
Rules, Rules, Rules: Proactively Automate Management of the Service Infrastru...
Rules, Rules, Rules: Proactively Automate Management of the Service Infrastru...Rules, Rules, Rules: Proactively Automate Management of the Service Infrastru...
Rules, Rules, Rules: Proactively Automate Management of the Service Infrastru...
 
Rapid Deployment of Novell ZENworks Configuration Management
Rapid Deployment of Novell ZENworks Configuration ManagementRapid Deployment of Novell ZENworks Configuration Management
Rapid Deployment of Novell ZENworks Configuration Management
 
Novell ZCM
Novell ZCM Novell ZCM
Novell ZCM
 
Pre-TechEd EMEA 2012 - SCOM 2012 Down in the cloud
Pre-TechEd EMEA 2012 - SCOM 2012 Down in the cloudPre-TechEd EMEA 2012 - SCOM 2012 Down in the cloud
Pre-TechEd EMEA 2012 - SCOM 2012 Down in the cloud
 
Overview of Identity and Access Management Product Line
Overview of Identity and Access Management Product LineOverview of Identity and Access Management Product Line
Overview of Identity and Access Management Product Line
 
Private Cloud Day Session 2: Creating & Configure your Private Cloud
Private Cloud Day Session 2: Creating & Configure your Private CloudPrivate Cloud Day Session 2: Creating & Configure your Private Cloud
Private Cloud Day Session 2: Creating & Configure your Private Cloud
 
Minicom in the Data Center
Minicom in the Data CenterMinicom in the Data Center
Minicom in the Data Center
 
Simplified, Robust and Speedy Novell Identity Manager Implementation with Des...
Simplified, Robust and Speedy Novell Identity Manager Implementation with Des...Simplified, Robust and Speedy Novell Identity Manager Implementation with Des...
Simplified, Robust and Speedy Novell Identity Manager Implementation with Des...
 
TenduitRIMCenter
TenduitRIMCenterTenduitRIMCenter
TenduitRIMCenter
 

More from Novell

Filr white paper
Filr white paperFilr white paper
Filr white paperNovell
 
Social media class 4 v2
Social media class 4 v2Social media class 4 v2
Social media class 4 v2Novell
 
Social media class 3
Social media class 3Social media class 3
Social media class 3Novell
 
Social media class 2
Social media class 2Social media class 2
Social media class 2Novell
 
Social media class 1
Social media class 1Social media class 1
Social media class 1Novell
 
Social media class 2 v2
Social media class 2 v2Social media class 2 v2
Social media class 2 v2Novell
 
LinkedIn training presentation
LinkedIn training presentationLinkedIn training presentation
LinkedIn training presentationNovell
 
Twitter training presentation
Twitter training presentationTwitter training presentation
Twitter training presentationNovell
 
Getting started with social media
Getting started with social mediaGetting started with social media
Getting started with social mediaNovell
 
Strategies for sharing and commenting in social media
Strategies for sharing and commenting in social mediaStrategies for sharing and commenting in social media
Strategies for sharing and commenting in social mediaNovell
 
Information Security & Compliance in Healthcare: Beyond HIPAA and HITECH
Information Security & Compliance in Healthcare: Beyond HIPAA and HITECHInformation Security & Compliance in Healthcare: Beyond HIPAA and HITECH
Information Security & Compliance in Healthcare: Beyond HIPAA and HITECHNovell
 
Workload iq final
Workload iq finalWorkload iq final
Workload iq finalNovell
 
The Identity-infused Enterprise
The Identity-infused EnterpriseThe Identity-infused Enterprise
The Identity-infused EnterpriseNovell
 
Shining the Enterprise Light on Shades of Social
Shining the Enterprise Light on Shades of SocialShining the Enterprise Light on Shades of Social
Shining the Enterprise Light on Shades of SocialNovell
 
Accelerate to the Cloud
Accelerate to the CloudAccelerate to the Cloud
Accelerate to the CloudNovell
 
The New Business Value of Today’s Collaboration Trends
The New Business Value of Today’s Collaboration TrendsThe New Business Value of Today’s Collaboration Trends
The New Business Value of Today’s Collaboration TrendsNovell
 
Preventing The Next Data Breach Through Log Management
Preventing The Next Data Breach Through Log ManagementPreventing The Next Data Breach Through Log Management
Preventing The Next Data Breach Through Log ManagementNovell
 
Iaas for a demanding business
Iaas for a demanding businessIaas for a demanding business
Iaas for a demanding businessNovell
 
Workload IQ: A Differentiated Approach
Workload IQ: A Differentiated ApproachWorkload IQ: A Differentiated Approach
Workload IQ: A Differentiated ApproachNovell
 
Virtual Appliances: Simplifying Application Deployment and Accelerating Your ...
Virtual Appliances: Simplifying Application Deployment and Accelerating Your ...Virtual Appliances: Simplifying Application Deployment and Accelerating Your ...
Virtual Appliances: Simplifying Application Deployment and Accelerating Your ...Novell
 

More from Novell (20)

Filr white paper
Filr white paperFilr white paper
Filr white paper
 
Social media class 4 v2
Social media class 4 v2Social media class 4 v2
Social media class 4 v2
 
Social media class 3
Social media class 3Social media class 3
Social media class 3
 
Social media class 2
Social media class 2Social media class 2
Social media class 2
 
Social media class 1
Social media class 1Social media class 1
Social media class 1
 
Social media class 2 v2
Social media class 2 v2Social media class 2 v2
Social media class 2 v2
 
LinkedIn training presentation
LinkedIn training presentationLinkedIn training presentation
LinkedIn training presentation
 
Twitter training presentation
Twitter training presentationTwitter training presentation
Twitter training presentation
 
Getting started with social media
Getting started with social mediaGetting started with social media
Getting started with social media
 
Strategies for sharing and commenting in social media
Strategies for sharing and commenting in social mediaStrategies for sharing and commenting in social media
Strategies for sharing and commenting in social media
 
Information Security & Compliance in Healthcare: Beyond HIPAA and HITECH
Information Security & Compliance in Healthcare: Beyond HIPAA and HITECHInformation Security & Compliance in Healthcare: Beyond HIPAA and HITECH
Information Security & Compliance in Healthcare: Beyond HIPAA and HITECH
 
Workload iq final
Workload iq finalWorkload iq final
Workload iq final
 
The Identity-infused Enterprise
The Identity-infused EnterpriseThe Identity-infused Enterprise
The Identity-infused Enterprise
 
Shining the Enterprise Light on Shades of Social
Shining the Enterprise Light on Shades of SocialShining the Enterprise Light on Shades of Social
Shining the Enterprise Light on Shades of Social
 
Accelerate to the Cloud
Accelerate to the CloudAccelerate to the Cloud
Accelerate to the Cloud
 
The New Business Value of Today’s Collaboration Trends
The New Business Value of Today’s Collaboration TrendsThe New Business Value of Today’s Collaboration Trends
The New Business Value of Today’s Collaboration Trends
 
Preventing The Next Data Breach Through Log Management
Preventing The Next Data Breach Through Log ManagementPreventing The Next Data Breach Through Log Management
Preventing The Next Data Breach Through Log Management
 
Iaas for a demanding business
Iaas for a demanding businessIaas for a demanding business
Iaas for a demanding business
 
Workload IQ: A Differentiated Approach
Workload IQ: A Differentiated ApproachWorkload IQ: A Differentiated Approach
Workload IQ: A Differentiated Approach
 
Virtual Appliances: Simplifying Application Deployment and Accelerating Your ...
Virtual Appliances: Simplifying Application Deployment and Accelerating Your ...Virtual Appliances: Simplifying Application Deployment and Accelerating Your ...
Virtual Appliances: Simplifying Application Deployment and Accelerating Your ...
 

Introducing Novell Privileged User Manager and Securing Novell Open Enterprise Server 2

  • 1. Intro to Novell ® Privileged User Manager and Securing Novell Open Enterprise Server 2 Brett A. Berger Aaron Burgemeister Global Technical Support Global Technical Support Novell, Inc/bberger@novell.com Novell, Inc/ab@novell.com
  • 2. Novell Privileged User Manager ® • Introduction to Novell Privileged User Manager – Business Challenges – Novell Privileged User Manager solutions • The Framework – Framework Components – Framework Deployment • Command Control – Configuration - Rules – Configuration - Commands – Configuration - Scripts 2 © Novell, Inc. All rights reserved.
  • 3. Novell Privileged User Manager ® (cont.) • Audit, Compliance, and Reporting – Overview • Demo – Agent installation and registration – Patching Agents and Managers – Using NPUM to secure OES2 > eDirectory ™ > Novell-tomcat > etc. • Questions and Answers 3 © Novell, Inc. All rights reserved.
  • 4. Intro to Novell ® Privileged User Manager
  • 5. The IT Landscape is Changing The risks and challenges of computing across multiple Linux/Unix environments must be eliminated. Users should have unimpeded, secure and compliant access to the computing services they need to do their jobs right. Computing should be secure and compliant. 5 © Novell, Inc. All rights reserved.
  • 6. Business challenges Linux/UNIX Administrators require elevated (superuser) privileges to do their job Uncontrolled superuser access leaves the data center open to back door entries Audit Weakness – Rogue admins/users covering their tracks Compliance and Reporting 6 © Novell, Inc. All rights reserved.
  • 7. Delegating Superuser Privileges • Linux/UNIX admins require elevated (Superuser) privileges to do their jobs IT Manager System Admin root root DBA App Developer Admin Security Admin Novell Privileged User Manager ® can solve this 7 © Novell, Inc. All rights reserved.
  • 8. Uncontrolled Superuser Access Uncontrolled Superuser access leaves the data center open to Backdoor entry. Novell Privileged User Manager ® can solve this 8 © Novell, Inc. All rights reserved.
  • 9. Audit Weakness Audit weakness – users covering their tracks. Novell Privileged User Manager ® can solve this 9 © Novell, Inc. All rights reserved.
  • 10. Compliance and Reporting Compliance and reporting user access. Novell Privileged User Manager ® can solve this 10 © Novell, Inc. All rights reserved.
  • 12. Novell Privileged User Manager ® • Control user access to root privileges • Audit all user activity with 100% keystroke logging • Simplify audit activity with the most relevant, context-based information • Analyze potential threats based on policy-based risk ratings 12 © Novell, Inc. All rights reserved.
  • 14. The Framework • The Framework is made up of three primary components: Framework Framework Framework Manager Console Agent 1 2 3 14 © Novell, Inc. All rights reserved.
  • 15. Framework Manager Audit Novell Privileged Use Manager Command Control Agent Compliance Back Up Manager Reporting Agent ® Package Manager Primary Manager Agent 15 © Novell, Inc. All rights reserved.
  • 16. Framework Console 16 © Novell, Inc. All rights reserved.
  • 17. Framework Agent Command Novell Privileged Use Manager Control Registry Agent Distribution Back Up Manager Store and Forward Agent ® System Information (optional) Primary Manager Agent 17 © Novell, Inc. All rights reserved.
  • 18. Underlying Modular Architecture Audit databases can be placed in multiple Multiple Managers provide fail-over Internet locations for redundancy and security capability and load-balancing. Audit Manager Command Control Framework Console Audit Manager Command Control Port Agent Agent Agent 443 Web Browser (Administrative Access) Port Port Port Port Port 29120 29120 29120 29120 29120 Host to host communications Command Control Groups of Agents can be added to Agent Agent Agent Agent logical domains for load-balancing, redundancy and traffic segregation Port Port Port Port Port 29120 29120 29120 29120 29120 Host to host communications 18 © Novell, Inc. All rights reserved.
  • 20. NPUM Prerequisites Admin Console requires Browser with Adobe Flash installed Open ports 443 (manager) and 29120 (agents and manager) Servers must be resolvable (DNS/hosts/etc) Time in sync (use ntp) For SUSE Linux Enterprise Server (SLES) – See ® TID#7003992 - usrun reports /bin/ls: cannot read symbolic link /proc/$$/exe: Permission denied 20 © Novell, Inc. All rights reserved.
  • 21. Configuration Manager • Novell Privileged User Manager 2.2.1 - ® – rpm -ivh novell-npum-manager-2.2.1-linux-2.X-XXX.rpm – Verify install in /opt/novell/npum/logs/unifid.log • Login to https://ipaddress_of_framework_manager – User: admin – Pwd: novell – Default port of Framework Manager is 443 – /opt/novell/npum/service/local/admin/connector.xml – <Connector ssl_ctx="https" port="443"mode="https"/> 21 © Novell, Inc. All rights reserved.
  • 22. Simple Deployment Step 1 Install Framework Manager • Only one Framework Manager Manager is installed • Framework Manager can be installed on any supported host operating SLES 11 OES2 SP2 system RedHat AIX Solaris 22 © Novell, Inc. All rights reserved.
  • 23. Simple Deployment Step 2 Pre-register Agents • Log onto Web Console Manager • Enter the names of the agents that will be added to this Framework. SLES 11 OES2 SP2 RedHat AIX Solaris 23 © Novell, Inc. All rights reserved.
  • 24. Configuration Agents • Installing and registering an NPUM Agent – rpm -ivh novell-npum-agent-2.2.1-linux-2.X-XXXX.rpm – Register the Agent > sd145:/ # /opt/novell/npum/sbin/unifi regclnt register Please provide the hostname or address for the framework manager : () 151.155.128.68 Please provide the port number for the framework manager: (29120) Please provide the hostname or address for this agent: (sd145) Please provide the registered agent name for this agent: (sd145) 24 © Novell, Inc. All rights reserved.
  • 25. Simple Deployment Step 3 Install Framework Agents • Each Framework Agent has a unique installer for the Manager Agent platform. • During the install process the Framework Manager address SLES 11 OES2 SP2 is entered together with valid Framework credentials to register the new Agent into the Agent Agent Framework. • The Agent and Manager Agent handshake and a trust RedHat AIX relationship is established. Solaris 25 © Novell, Inc. All rights reserved.
  • 27. Novell Privileged User Manager ® Non- Log in as root submit user: root controlled runuser: root submit user: aaron Command Control authorization DB NPUM Log in as aaron remote shell controlled remote shell runuser: root – User logs in with own non-privileged account – Commands authorized before being executed remotely – Known as ‘root delegation’ 27 © Novell, Inc. All rights reserved.
  • 28. Configuration Setting up Rules • Rules provide the means by which you can control commands. Commands can be authorized to run, or not authorized to run. • Optional rule conditions. – The command being submitted – The user and host submitting the command – The user and host assigned to run the command – The time the command is submitted – etc. 28 © Novell, Inc. All rights reserved.
  • 29. Configuration Setting up Commands • Commands – Commands > novell-tomcat5* » Would allow all options after novell-tomcat5 » Examples: novell-tomcat5 start or novell-tomcat5 stop, etc – Commands, using regular expressions > =~#^(|/etc/init.d/)novell-tomcat5(s+|$)# » Would allow /etc/init.d/novell-tomcat5 or novell-tomcat5 with any options afterwards. » Examples: /etc/init.d/novell-tomcat5 start or novell-tomcat5 stop, etc 29 © Novell, Inc. All rights reserved.
  • 30. Configuration Setting up Scripts • Scripts – In addition to commands, perl scripts can be added to rules to do additional processing such as: > Send an email when a command is run > Execute Run users profile > Define Illegal commands > Truncate stdin/stdout/sterr captured by KB 30 © Novell, Inc. All rights reserved.
  • 31. Configuration Running Commands • usrun – usrun [command] – usrun passes the command to the Command Control Manager and for authorization. Command is allowed or denied based on configured rules. – Examples: > usrun /etc/init.d/ndsd stop > usrun novell-tomcat5 restart • Rush – usrun rush – Rush shell is based off the Korn (ksh) shell. Rush allows for complete session capture. Configure Command risk. • Crush - Change users logon shell to /usr/bin/crush. Crush allows for complete session capture, without granting superuser privileges. 31 © Novell, Inc. All rights reserved.
  • 33. Audit/Reporting • Independent audit events are sent to the configured Audit servers from each agent • Audit events include the following – Capture (Full keystroke session playback) – Start time/End time – User, Host, Command – Authorized/Unauthorized 33 © Novell, Inc. All rights reserved.
  • 34. Compliance • Compliance Auditor collects, filters and generates reports of audit data for analysis and sign-off by authorized personnel. • Rules can be configured to pull any number of audit events matching a given filter at a specific interval. • When an audit event is viewed, auditors can authorize the event, mark it as unauthorized, escalate it, or assign it to someone else for further review. – Each change is recorded as an “Audit trail” • Automatic reports can be generated and e-mailed to appropriate personnel 34 © Novell, Inc. All rights reserved.
  • 35. Workflow for Novell Privileged User Manager ® Session event and keystroke log Command Control Validate and secure Add audit group User Activity 1 user session 2 and risk rating Audit Rules Log Automated rules pull events into Compliance Manager notified by e-mail 3 Auditor database according to pre- 4 each night of events defined risk filters waiting to be authorized Compliance Auditor Manager logs into Manager 5 Compliance Auditor and authorizes events Each event record is color-coded according to the highest rated command risk 35 © Novell, Inc. All rights reserved.
  • 36. Demo
  • 37. Demo Agent install and registration • Agent installation – rpm -ivh novell-npum-agent-2.2.1-linux-2.4-intel.rpm • Agent must be entered into the GUI – Host | Select the desired domain | “Add Hosts” • Agent registration – Please remember to register this installation with the Novell Privileged User Manager using the command: /opt/novell/npum/sbin/unifi regclnt register 37 © Novell, Inc. All rights reserved.
  • 38. Demo Agent install and registration • Agent registration (client side) sles11-npum2:~ # /opt/novell/npum/sbin/unifi regclnt register Please provide the hostname or address for the framework manager : () 151.155.130.142 Please provide the port number for the framework manager: (29120) Please provide the hostname or address for this agent: () 151.155.128.131 Please provide the registered agent name for this agent: (sles11-npum2) Framework manager: 151.155.130.142:29120 Agent hostname or address : 151.155.128.131 Agent name : sles11-npum2 Is this correct: (y) Please enter the name and password of an account with permission to register this host. User name: (admin) Password: 38 © Novell, Inc. All rights reserved.
  • 39. Demo Patching Hosts • Once the Agent has been installed, patches can be deployed through GUI to all registered hosts. • Login to GUI | Hosts | select the desired host | Update Packages • Patches may be applied on a single host or by domain, or by all hosts in the environment 39 © Novell, Inc. All rights reserved.
  • 40. Demo Securing OES2 Services • On OES2 Linux, most of the “services” such as eDirectory , novell-tomcat5, LUM, etc must be ™ configured and administered as root • With Novell Privileged User Manager, simple rules can ® be created to allow administrators of these services to run their commands with root privileges WITHOUT knowing roots password or logging in as root. 40 © Novell, Inc. All rights reserved.
  • 41. Demo Securing OES2 Services (cont.) • Sample rule to Start/Stop eDirectory ™ • Begin Rule: eDirectory Stop/Start If (command IN eDir Start/Stop AND user IN eDirAdminFull) Then Set Authorize: yes Set runUser = "root" Run Script: Execute RunUsers Profile() Stop if authorized End If End Rule: eDirectory Stop/Start 41 © Novell, Inc. All rights reserved.
  • 42. Demo Securing OES2 Services (cont.) From this example, user “bergerbr” which is apart of the eDirAdminFull group, logged in with normal privileges would be able to run “usrun /etc/init.d/ndsd stop” or “usrun /etc/init.d/ndsd start” 42 © Novell, Inc. All rights reserved.
  • 44.
  • 45. Unpublished Work of Novell, Inc. All Rights Reserved. This work is an unpublished work and contains confidential, proprietary, and trade secret information of Novell, Inc. Access to this work is restricted to Novell employees who have a need to know to perform tasks within the scope of their assignments. No part of this work may be practiced, performed, copied, distributed, revised, modified, translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of Novell, Inc. Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability. General Disclaimer This document is not to be construed as a promise by any participating company to develop, deliver, or market a product. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. Novell, Inc. makes no representations or warranties with respect to the contents of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. The development, release, and timing of features or functionality described for Novell products remains at the sole discretion of Novell. Further, Novell, Inc. reserves the right to revise this document and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. All Novell marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc. in the United States and other countries. All third-party trademarks are the property of their respective owners.