How to setup systemd specific startup scripts for ControlMinder
search cancel

How to setup systemd specific startup scripts for ControlMinder

book

Article ID: 39773

calendar_today

Updated On:

Products

CA Virtual Privilege Manager CA Privileged Identity Management Endpoint (PIM) CA Privileged Access Manager (PAM)

Issue/Introduction

How to start CA Privileged Identity Manager (PIM) automatically in a Systemd machine after installation and configuration of PIM, in order to protect the host?
CA Privileged Identity Manager (earlier know as CA Control Minder) can be installed on Red Hat Enterprise Linux 7 and above. 
This document is describing how to define Systemd specific startup scripts in case the legacy startup scripts provided by PIM shall not be used.

Environment

Release: ACP1M005900-12.9-Privileged Identity Manager
Component: Privileged Identity Manager

CA Privileged Identity Manager - R12.8 and higher
Operating System: Red Hat Enterprise Linux 7 and higher

Cause

Currently, as of writing this Technical Document, we do not have the appropriate files for triggering the startup of PIM endpoint automatically after reboot using the unit files for Red Hat Enterprise Edition 7.x

Resolution

  1. Login as the 'root' user
  2. Create a Service file for starting up PIM endpoint daemons at system startup time. This file has to be in the /etc/systemd/system directory only.
  3. # touch /etc/systemd/system/seos.service
  4. Make sure that the file access permissions are set as 'read+write','read' and 'read'
  5. The following is the content of the file. Modify the location of 'seload' binary as per the location where PIM endpoint is installed.

[Unit]
Description=CA Privileged Access Manager Server Control
After=network.target
 
[Service]
Type=forking
ExecStart=/opt/CA/AccessControl/bin/seload
ExecStop=/opt/CA/AccessControl/bin/secons -sk
 
[Install]
WantedBy=multi-user.target

  1. Save and exit the file
  2. in a root shell run
    # systemctl daemon-reload
    (to reload systemd manager configuration. This will rerun all generators (see systemd.generator(7)), reload all unit files, and recreate the entire dependency tree.)
  3. #systemctl start seos.service
    (to startup the newly created service)
  4. #systemctl enable seos.service
    (to enable a unit to be started on boot, automatically creating the required links)
  5. Reboot the host and verify that the services are started up automatically.

Additional Information

Systemd is a system and service manager for Linux operating systems. It is designed to be backward compatible with SysV init scripts and provides a number of features such as parallel startup of system services at boot time, on-demand activation of daemons, support for system state snapshots, or dependency-based service control logic. In Red Hat Enterprise Linux 7, systemd replaces Upstart as the default init system.

Systemd introduces the concept of systemd units. These units are represented by unit configuration.

More information about Systemd can be looked up at various resources available, such as Red Hat Enterprise Linux Documentation.

Powered by Wolken Software