How to export and import rules safely and rebuild the database from scratch with PIM.
search cancel

How to export and import rules safely and rebuild the database from scratch with PIM.

book

Article ID: 54174

calendar_today

Updated On:

Products

CA Privileged Identity Management Endpoint (PIM) CA Privileged Access Manager - Server Control (PAMSC) CA Virtual Privilege Manager

Issue/Introduction

This article describes the steps for backup and restore of seosdb for Unix/Linux and Windows environments.

Environment

Privileged Identity Manager 12.x
PAM Server Control 14.x

Resolution

Below is the detailed procedure to be followed in your UNIX / LINUX environments. Note: Run these commands as the 'root' user.

Note: Application -- Refers to eTrust Access Control (eAC) / Privileged Identity Management endpoint (PIM) / Endpoint CA Privileged Access Manager Endpoint (PAMSC EP). The installation location will be referred as <Install_Dir>, paths vary by release names (e.g., eTrust, PIM, PAMSC)

  1. Check if the application is running, execute the command 'issec', if the path is not set go to the bin directory under <Install_Dir> and execute ./issec
  2. If the Daemons are running, stop the application daemons : Run: 'secons -s'
  3. You need to be inside the 'seosdb' directory: Run: 'cd /<Install_Dir>/seosdb'
  4. Export the existing rules: Run: 'dbmgr -e -l -f /tmp/dbrules.txt'
  5. Export user-related data: Run: 'dbmgr -m -r /tmp/dbuser.pwd'
  6. One level up from 'seosdb': Run: 'cd ..'
  7. Create a new directory 'seosdb_new': Run: 'mkdir seosdb_new'
  8. You need to be inside the new directory 'seosdb_new': Run: 'cd seosdb_new'
  9. Create the new database files from scratch: Run: 'dbmgr -create -cq -d -f dbLayout' (-cq does not prompt for verification) ( The utility creates a new database in the 'seosdb_new' directory. It also creates a file (dbLayout) that contains the database layout documentation. By default, it creates the user root in the database, and assigns it the ADMIN, AUDITOR, and IGN_HOL attributes.)
  10. Import the rule set exported at the step 4: Run: 'selang -l -d . -f /tmp/dbrules.txt'
  11. Import user-related data exported at the step 5: Run: 'dbmgr -m -w /tmp/dbuser.pwd'
  12. One level up from 'seosdb_new': Run: 'cd ..'
  13. Rename the existing seosdb directory to 'seosdb_old': Run: 'mv seosdb seosdb_old' (Creates a backup copy)
  14. Rename the newly created seosdb_new directory to 'seosdb': Run: 'mv seosdb_new seosdb'
  15. Verify, that the TERMINAL entry is created and the 'root' user has full access for the TERMINAL.
  16. Restart the application daemons Run: 'seload'

======================================================================================

Below is the procedure to be followed in your WINDOWS environment as "Administrator"

Note: Application -- Refers to eTrust Access Control (eAC) / Privileged Identity Management endpoint (PIM) / Endpoint CA Privileged Access Manager Endpoint (PAMSC EP). The installation location will be referred as <Install_Dir>, paths vary by release names (e.g., eTrust, PIM, PAMSC)

All the commands are to be executed in an command prompt.

  1. Check if the application is running: Run: sc query "SeOS Engine"
  2. If the application is running, stop the application : Run: 'secons -s'
  3. You need to be inside the 'seosdb' directory: Run: <Install_Dir>\data\seosdb'
  4. Export the existing rules: Run: 'dbmgr -e -l -f C:\TEMP\dbrules.txt'
  5. Export user-related data: Run: 'dbmgr -m -r C:\TEMP\dbuser.pwd'
  6. One level up from 'seosdb': Run: 'cd ..'
  7. Create a new directory 'seosdb_new': Run: 'mkdir seosdb_new'
  8. You need to be inside the new directory 'seosdb_new': Run: 'cd seosdb_new'
  9. Create the new database files from scratch: Run: 'dbmgr -create -cq -u <user> -t <FQDN_of_host / IP address / myterminal.company.com> ' (-cq does not prompt for verification) (The utility creates a new database in the 'seosdb_new' directory. It creates the user <user> in the database, who has the ADMIN, AUDITOR, and IGN_HOL attributes, and can administer the database from the terminal FQDN_of_host / IP address / myterminal.company.com.
  10. Import the rule set exported at the step 4: Run: 'selang -l -f C:\TEMP\dbrules.txt'
  11. Import user-related data exported at the step 5: Run: 'dbmgr -m -w C:\TEMP\dbuser.pwd'
  12. One level up from 'seosdb_new': Run: 'cd ..'
  13. Rename the existing seosdb directory to 'seosdb_old': Run: 'ren seosdb seosdb_old'
  14. Rename the new seosdb_new directory created at the step 8 to 'seosdb': Run: 'ren seosdb_new seosdb'
  15. Verify that the TERMINAL entry is created and the <user>, generally this would be 'Administrator' since the commands are being executed as Administrator, has the full access for the TERMINAL
  16. Restart Access Control: run 'seosd -start'

Note: If the PATH for the installation location for eTrust Access Control / PIM / PAMSC server is not set, then the commands have to be executed with the actual path.
Eg: To run 'dbmge.exe' the full command would be <Install_Dir/bin>dbmgr

Powered by Wolken Software