Aggregation of sudoer commands for Account and Groups

Identity Security Cloud (ISC) ISC Discussion and Questions
, , , ,
1

Hello,

We have setup Linux connector in Sandbox tenant (RHEL). We are following this doc for aggregating sudo commands.
https://community.sailpoint.com/t5/IdentityNow-Connectors/Linux-Source-Configuration-Reference-Guide/tac-p/243881#M771

However, We are stuck at step 3 of pre-requisites. Does anyone know how to make changes in source config xml for IDnow sources?
3. If you want to aggregate the sudo commands from multiple sudo files then you must provide the list of files as a separate config attribute in source config xml. For example, you can use:

Thanks,

2

The IDN Connector Documentation has been moved here:

For your specific question, you are likely going to have to use the Rest API to add that custom attribure. You will likely need to add it to the connectorAttributes, as shown in the API reference for Update Source (Full) however you can probably just use the API Reference for Update Source (Partial) so make that singular change.

NOTE: I did not set this up and test it myself.

3

Hi Geoff,
I apologies for the late response! I was able to add below connector attributes

[
  {
    "op": "add",
    "path": "/connectorAttributes/sudoCmdFiles",
    "value": "/etc/sudoers.d/linux_admins,/etc/sudoers.d/srv_admin,/etc/sudoers.d/idnowlinuxdc,/etc/sudoers.d/svcredhatsat"
  }
]

However, when I aggregate entitlements for source it is still showing local groups but not sudo commands as an Entitlement. Sudo user has ability to run “/usr/bin/awk” command and I have also added “sudocommands” multi-valued account schema attribute to the source. I have also tried resetting entitlement but did not work. Is there anything I am missing?
Appreciate your help!

Thanks,
Shubham

4

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.