PAM LINUX RPM Initialization Script
search cancel

PAM LINUX RPM Initialization Script

book

Article ID: 369890

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM) CA Privileged Access Manager - Cloakware Password Authority (PA)

Issue/Introduction

PAM Admin looking for a way to start our Linux A2A Agent(s) via a service (systemctl command)

Environment

PAM A2A 4.12.3.X

Cause

The PAM A2A Agent only comes with a basic init script (cspmclientd) that you can implement with on any Linux server

Resolution

Most modern Linux variants now support systemctl as a service manager. You can utilize the OS provided service tool to enable automatic restarts on reboots as well as if the service crashes it can be restarted automatically. 

Note:  these directions take account for our A2A RPM Installer, installing to the default location in /opt/Broadcom/PAM/A2A.

Nonetheless, if this Agent is installed in a different location, than please update the highlighted fields.

1. Create a service file with the following content

[root@XXXXX]# vi /etc/systemd/system/cspm.service 

[Unit]
Description=A2A / CSPM Client
After=network.target network-online.target

[Service]
Type=forking
PIDFile=/opt/Broadcom/PAM/A2A/cspmclient/var/pid_file
Restart=always
RestartSec=30
User=root
ExecStart=/opt/Broadcom/PAM/A2A/cspmclient/bin/cspmclientd start
ExecStop=/opt/Broadcom/PAM/A2A/cspmclient/bin/cspmclientd stop
SuccessExitStatus=143

[Install]
WantedBy=multi-user.target

2. enable the service

[root@XXXXX]# systemctl enable cspm.service

3. start the service

[root@XXXXX]# systemctl start cspm.service

4. Check the status of the service

[root@XXXXX]# systemctl status cspm.service

 cspm.service - A2A / CSPM Client
     Loaded: loaded (/etc/systemd/system/cspm.service; enabled; preset: disabled)
     Active: active (running) since Thu 2024-06-13 15:22:03 EDT; 28s ago
    Process: 318237 ExecStart=/opt/Broadcom/PAM/A2A/cspmclient/bin/cspmclientd start (code=exited, status=0/SUCCESS)
   Main PID: 318242 (java)
      Tasks: 38 (limit: 50440)
     Memory: 70.2M
        CPU: 2.651s
     CGroup: /system.slice/cspm.service
             └─318242 /opt/Broadcom/PAM/A2A/cspmclient_thirdparty/java/bin/java -d64 -classpath /opt/Broadcom/PAM/A2A/cspmclient/lib/cspmclient.jar:/o>

Jun 13 15:21:53 XXXXX systemd[1]: Starting A2A / CSPM Client...
Jun 13 15:22:03 XXXXX cspmclientd[318237]: Client Daemon 318242 started
Jun 13 15:22:03 XXXXX systemd[1]: Started A2A / CSPM Client.

5. Stop the service

[root@XXXXX]# systemctl stop cspm.service

Additional important commands. A2A service is now managed by the OS . You cannot manually kill the service after this since the system may restart the service automatically (depending on the configuration defined in the cspm.service).

1. Disable the service

[root@XXXXX]# systemctl disable cspm.service

2. If you make a change to the cspm.service file you will need to update the systemctl database before using the commands

[root@XXXXX]# systemctl daemon-reload 

Note: You can also forcibly clear the A2A cache on restart (and reboot) by adding the following line under the [Service] section. This can be a benefit if you have any issues where the cache became corrupted for any reason. Please note there is is a startup deley that can occur if you are removing this file as A2A will need to re-register. Depending on your configuration this may not be necessary or can cause delays

[Service]

ExecStopPost=/usr/bin/rm -f /opt/Broadcom/PAM/A2A//cspmclient/config/data/.cspmclient.dat 

Powered by Wolken Software