Unix Server
Connector name |
|
Connector type | Executable, with local agent - Unix Listener |
Type (UI field value) | Unix target system |
Target system versions supported / tested | Linux glibc-2.28.x64 systems |
Connector status / support | Bravura Security-Verified This connector has been tested and is fully supported by Bravura Security. |
Installation / setup | The connector and Unix Listener is shipped with Connector Pack.The Unix Listener, which you install on the Unix system , is distributed with the Connector Pack as an archive file, psunix-linux-glibc-2.28.x64.tar.gz . |
Upgrade notes | Listener packages for other systems were deprecated as of Connector Pack 4.6. For other integrations use SSH connectors for AIX Server , HP-UX Server , Oracle Solaris Server , Linux Server and other SSH-enabled systems . |
The connector for Unix (agtunix) connects to the Unix Listener, a local agent run by the inetd or xinetd service, to update and retrieve information from the Unix system.The Unix Listener provides secure, encrypted communication between Bravura Security Fabric components and the Unix system.
The following Bravura Security Fabric operations are built-in to the Unix Listener:
user verify password
get server information
user change password
administrator reset password
administrator reset+expire password
expire password
unexpire password
check password expiry
administrator verify password
verify+reset password
disable account
check account enabled
create account
delete account
add user to group
delete user from group
enable account
create group
delete group
unlock account *
update attributes
list account attributes
List:
accounts
attributes
groups
members
Note
*The unlock account operation is not implemented by default and a script must be used to add support.
For a full list and explanation of each connector operation, see Connector operations.
When a password or an account operation is requested by Bravura Security Fabric , the agent for Unix (agtunix) connects to a designated port (default 905) on the Unix system. The inetd/xinetd daemon forwards the connection to the Unix Listener, which performs the requested operations and returns the results.
The Unix Listener requires a configuration file to define interaction between Bravura Security Fabric components and your system. A default psunix.cfg file and psunix.d directory are created for you during the listener installation. If required, you can edit this file to override the built-in behavior of the Unix Listener. See Unix Configuration Scripts for more information on editing Unix scripts.
This process is illustrated in the figure below.
If Bravura Privilege will be used to manage the password on any Unix system that uses a file system integrity checking program (fcheck, tripwire, debsums), you need to either configure the program to ignore changes to the shadow file or be prepared to filter the error messages it generates.
The following sections show you how to:
Define an account for the target system administrator on a Unix server
Create template accounts
Install and configure the Bravura Security Fabric Unix Listener on the target system
Create server scripts for NIS systems
Add the target system in Bravura Security Fabric
This chapter also describes how Bravura Identity handles special attributes, used when creating or modifying accounts on a Unix target.
See also
Bravura Security Fabric can also perform operations on Unix implementations using either a Telnet or Secure Shell (SSH) script, assuming either services are available on the Unix system. These methods require you to write a script. The Telnet method is not secure. SSH script methods offer varying levels of security, depending on the system. See TCP Telnet HTTP or HTTPS Access for details on writing a telnet script. For SSH integrations use connectors for AIX Server , HP-UX Server , Oracle Solaris Server , Linux Server and other SSH-enabled systems .