Manage access control
For Linux hosts, root-level privileges are required. Data Collectors require read-only access to execute non-intrusive commands on hosts. It is strongly recommended that a separate login account used strictly for IT Analytics be established and using Active Directory for Windows systems and the sudo command for Linux systems, restrict the commands that IT Analytics can issue. To accommodate this security approach, you can optionally specify access control commands like sudo, sesudo, or pbrun.
Files containing sudo commands per operating system can be found on the Portal server in: /opt/aptare/updates. These filenames contain both the OS and the version of the sudo commands file so that you can identify the files that contain the latest updates; for example: hpux_9.1.01, aix_9.1.01, linux_9.1.01, solaris_9.1.01.
Multiple Access Control settings can be created to manage access control commands for Linux hosts.
See Host resources prerequisites and configurations.
See Host discovery and collection configuration steps.
To Manage Access Control Settings
- Click Admin > Data Collection > Host Discovery and Collection.
- Click Manage Access Control.
- Click Add to configure settings and then click OK.
Table: Access Control Settings
Field | Description | Sample Values |
|---|---|---|
Domain* | Select the Domain from the list; for most environments, only one Domain is displayed. Multiple domains facilitate management for Managed Services Partners (MSPs). | |
Name* | Assign a name to identify this Access Control setting. | |
Command* | Linux hosts only: Provide the full path to the access control command, such as or . Files containing sudo commands per operating system can be found on the Portal server in: /opt/aptare/updates. These filenames contain both the OS and the version of the sudo commands file so that you can identify the files that contain the latest updates; for example: hpux_9.1.01, aix_9.1.01, linux_9.1.01, solaris_9.1.01. You can configure sudo to prompt for a password using a custom prompt (the default is "Password"). The product expects the prompt to be "Password." If the hosts have a custom password prompt, you'll need to specify after the path to sudo. See the example to the right. | /usr/bin/sudo /usr/local/bin/sudo -p Password |
Use for all command* | Select Yes to have the Data Collector use the access command for all commands. | |
Description | Enter a note to help identify this Access Control setting |