Operating System - HP-UX
1748230 Members
4337 Online
108759 Solutions
New Discussion

Re: PowerBroker Documentation for HP-UX

 
ashutosh99
Frequent Advisor

PowerBroker Documentation for HP-UX

Hi All,

 

I'm new to PowerBroker and haven't seen its user manuals on the internet. I have some taks, which need to be done with the help of PowerBroker. Since, I can't use "sudo" for audit reasons, I've to get familiar with PowerBroker soon.

 

So, I request all you guys to please share the user manuals, admin guides or any documentation you have with you regarding PowerBroker. I went to their site "BeyondTrust", but they don't have any proper documentation.

 

Regards,

Ashutosh 

4 REPLIES 4
Matti_Kurkela
Honored Contributor

Re: PowerBroker Documentation for HP-UX

PowerBroker is commercial software, so I would expect that the documentation is copyrighted unless it explicitly says otherwise. Sharing such documentation without an express permission from BeyondTrust would be a copyright violation.

 

The documentation for open versions of their software would seem to be available here:

http://www.beyondtrust.com/Resources/OpenSourceDocumentation/

There are also the Administration and Installation Guides for the Enterprise versions. If this is not "proper documentation", then I don't know what you're looking for.

 

(The route from the www.beyondtrust.com main page to that page is just 3 clicks: Support -> Content Library -> Open Source Documentation. )

 

The current full name of their main product would seem to be "PowerBroker Identity Services" or PBIS for short. There is an open edition of PBIS available for free, and its full documentation is available too. I would expect that most things you can learn from the open version would be applicable to the commercial Enterprise version too.

MK
ashutosh99
Frequent Advisor

Re: PowerBroker Documentation for HP-UX

Hi Matti,
I don't know if the documentation is copyrighted or just a bad practice on beyondtrust's part. Anyways, I went to the open source documentation and couldn't find any useful information. I'm trying to allow a user run a command as root. Its very easy if you use sudo, but I'm not able to do so using PowerBroker.

Any help is greatly appreciated.

Regards,
Ashutosh
Matti_Kurkela
Honored Contributor

Re: PowerBroker Documentation for HP-UX

Looking at the documentation I linked above, it appears that the current versions of PowerBroker only offer tools for AD integration and central management of the sudoers file, at best.

If user wants to become root, s/he will use sudo as usual.

 

The "Account Management Best Practices" document even specifically mentions sudo:

http://download1.beyondtrust.com/Technical-Support/Downloads/files/pbise/Manuals/PBISE_Installation_and_Administration_Guide_V7.0/Content/Planning/best_practices_unix/acct_mgt.htm

-----quote:-----

Service Accounts

Any application that runs as a process on a host as a user ID should be run as a local service account. Users should not authenticate as these accounts, but instead should use sudo or a similar process to authenticate as themselves with the authorization to run commands on behalf of the service account.

-----end quote-----

 

The Group Policy Administration Guide describes how to create sudo policies. You're still using the standard sudoers file syntax, but you type it to a dialog in a PowerBroker admin GUI:

http://download1.beyondtrust.com/Technical-Support/Downloads/files/pbise/Manuals/PBISE_Group_Policy_Guide_V7.0.pdf

(Page 16 and onwards, "Create and Test a sudo Group Policy Object")

Then you can use the PowerBroker GUI to apply the sudo GPO to any Linux/Unix hosts you're managing with PowerBroker.

 

I think the idea is that you should create some groups, write your sudo policies to allow all users in particular group or groups to use commands through sudo, and then assign the appropriate users to those groups using the normal user/group management tools. This is a good way to do things even if you don't have PowerBroker: you can do the same using sudo and local user groups too.

 

Personally, I've never used PowerBroker but I've heard about it. After browsing through the documentation, it seems considerably less mysterious than before :-)

 

MK
ashutosh99
Frequent Advisor

Re: PowerBroker Documentation for HP-UX

Hi Matti,

Thank for the suggestion, but I can't use sudo as the system I'm working is strictly controlled and audited externally. I'll keep looking for some easier ways.

Regards,
Ashutosh