In order for LiveAssurance to run its full set of discovery and interrogation scripts, a SSH user needs to be used to connect your system. It is highly recommended that a unique LiveAssurance user is created for auditing and security purposes. Before adding any App Connector, make sure the SSH credential is provided in Credentials Set.
The LiveAssurance user needs to run the systemctl status
zpa-connector command. This requires elevated privileges. To allow the
command, create a file in the /etc/sudoers.d directory and include
the following line in the file.
Indeni <system-name> = NOPASSWD: /bin/systemctl status
zpa-connector
Default permissions (0002) can be used for this file.
Verify the privileges
Use the commands below to verify the privileges for the LiveAssurance user.
[indeni@RedHat-8-4 ~]$ id
uid=1000(indeni) gid=1000(indeni) groups=1000(indeni),10(wheel) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
[indeni@RedHat-8-4 ~]$
[indeni@RedHat-8-4 ~]$
[indeni@RedHat-8-4 ~]$ sudo -l
Matching Defaults entries for indeni on RedHat-8-4:
!visiblepw, always_set_home, match_group_by_gid, always_query_group_plugin, env_reset, env_keep="COLORS DISPLAY HOSTNAME HISTSIZE
KDEDIR LS_COLORS", env_keep+="MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE", env_keep+="LC_COLLATE LC_IDENTIFICATION
LC_MEASUREMENT LC_MESSAGES", env_keep+="LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE", env_keep+="LC_TIME LC_ALL LANGUAGE
LINGUAS _XKB_CHARSET XAUTHORITY", secure_path=/sbin\:/bin\:/usr/sbin\:/usr/bin
User indeni may run the following commands on RedHat-8-4:
(ALL) ALL
(root) NOPASSWD: /usr/bin/yum, /bin/systemctl status zpa-connector
[indeni@RedHat-8-4 ~]$