Control Compliance Suite 11 support sudo to the root account for data collection on Unix/Linux systems.

book

Article ID: 156510

calendar_today

Updated On:

Products

Control Compliance Suite Unix

Issue/Introduction

Does CCS support authenticating with one account and using sudo to root for data collection on Unix/Linux systems?

 

Resolution

 

CCS does support authenticating with one account and sudo to root for general query credentials, but not does not support unique query credentials per-CCS user.

 To configure the general query credentials:

1.       From the CCS Console, navigate to Settings > System Topology

2.       Select the Common Tasks context menu and choose Configure Platform Settings

3.       Select the Unix platform

4.       Select the bvAgentlessConfig.ini settings file

5.       Click the Download link and save to the Desktop

6.       Open bvAgentlessConfig.ini in notepad

7.       In the [default] section, comment out the line SecuredFiles=SecuredFiles.dat by adding a semicolon to the beginning of the line

8.       In the [default] section, uncomment out the line SupportsSudo=false by removing a semicolon from the beginning of the line

9.       Change the value of SupportsSudo to from false to true

10.   Save the file and close notepad

11.   Return to the CCS Console platform settings dialog and upload the bvAgentlessConfig.ini file

12.   Close the platform settings dialog

13.   From the Infrastructure Tasks context menu, select Sync Configuration

14.   Return to Manage > Queries, re-run the Unix Users query and verify that data is being collected

NOTE: su is not supported only sudo is. Nor are any 3rd party utilities e.g. PowerBroker.

 

For more information and an example sudoers file, see this KB