Securing and monitoring the performance of your UNIX and Linux environments can be expensive and time-consuming. The enterprise performance and security managers experience the following challenges:
Deficits in UNIX and Linux security and system expertise.
Managing various operating systems including Red Hat, AIX, HP-UX, Solaris, and SUSE Linux.
Controlling access to privileged commands and sensitive resources.
Lacking intrusion detection and response systems to handle both real and potential security breaches.
Security Agent for UNIX (Agent) helps you effectively address these challenges by enabling NetIQ security products, such as Secure Configuration Manager, Change Guardian, and Sentinel, to monitor the configuration and risk compliance of your UNIX and Linux environments.
The Agent validates the configuration of UNIX and Linux endpoints to ensure compliance with corporate security policies and find potential vulnerabilities. An endpoint represents an Agent-monitored operating system, application, web server, or database instance.
It collects security compliance information from one or more endpoints in one or many domains. The Agent receives requests from NetIQ security products and runs commands or responds by returning data, status, or results. It runs locally on the computers throughout your enterprise.
Figure 1-1 Security Agent for UNIX Architecture
You can deploy and manage Security Agent for UNIX using the following:
NetIQ UNIX Agent Manager (UAM): A console and data store that you can use to manage all your Security Agent for UNIX components across your enterprise. UNIX Agent Manager runs on Windows, UNIX, and Linux operating systems. Most features can be accessed from a command line as well as the console.
Change Guardian Agent Manager (CG AM): A web console that provides a central location from where you can manage your agents, organize your assets in groups, and remotely install and update agents on assets. It helps you maintain your environment by keeping track of agents that are not communicating and allows you to either fix the agent or remove it from your environment.
Both UAM and CG AM allow you to remotely install one or more Agents. They also allow you to install and reconfigure the selected Agent components directly on the assets you need to monitor without having to interact with the Agents individually. However, when using any one of the Agent managers (either UAM or CG AM), only specific functionalities are available. Depending on your requirements, you can decide whether you need to install UAM, CG AM, or both. UAM and CG AM can coexist.
The following tables list the comparison of functionalities of UAM and CG AM:
Table 1-1 UAM and CG AM Comparison for all Security Products
Function |
UAM |
CG AM (Change Guardian 5.0 and later) |
---|---|---|
Agent deployment |
Performed by UAM server |
Performed by process running on each agent |
Audit diagnostics |
Yes |
No |
Enhanced certificate management |
No |
Yes |
Asset view |
Shows which agent components (Change Guardian, SCM, Sentinel) are enabled on each asset |
Shows which assets have some components enabled (but not which specific components) |
Monitoring the agent status |
Yes |
No |
Patch release |
Yes for all patches |
Yes, only for patches bundled in Change Guardian release |
Licensing and availability |
Available with a licensed instance of Change Guardian, Secure Configuration Manager, or Sentinel |
Available with a licensed and installed instance of Change Guardian 5.0 and later |
Table 1-2 UAM and CG AM Comparison for Change Guardian
Function |
UAM |
CG AM (Change Guardian 5.0 and later) |
---|---|---|
Remote agent installation, upgrades, reconfiguration, and uninstallation |
Yes |
Yes |
Table 1-3 UAM and CG AM Comparison for Sentinel
Function |
UAM |
CG AM (Change Guardian 5.0 and later) |
---|---|---|
Remote agent installation, upgrades, reconfiguration, and uninstallation |
Yes |
Yes, if your existing deployment of agent has Change Guardian enabled |
Sentinel rule deployment |
Yes |
No |
Sentinel Oracle endpoint management |
Yes |
No |
Table 1-4 UAM and CG AM Comparison for SCM
Function |
UAM |
CG AM (Change Guardian 5.0 and later) |
---|---|---|
Remote agent installation, upgrades, reconfiguration, and uninstallation |
Yes |
Yes, only for upgrade, reconfiguration, and uninstallation. For new installations, use UAM. |
Security check execution on endpoints |
Yes |
No |
When you install an Agent, you can choose which NetIQ security products (Sentinel, Change Guardian, or Secure Configuration Manager) will monitor the computer on which the Agent resides. A single Agent can perform monitoring for one or more NetIQ security products. Each NetIQ security product has its own method for registering the Agents and configuring the Agent to send the proper data. These NetIQ security products are referred as Agent components.
For Sentinel, you must deploy rules on the Sentinel Agent by using UAM. The events are filtered and forwarded to the Sentinel server based on the rules deployed. You can monitor the most complex IT environments and obtain the security required to protect your IT environment.
For Change Guardian, deploy policies to monitor critical files on Change Guardian Agent via policy editor. The events are filtered and forwarded to the Change Guardian server based on the policies assigned. You can monitor security event details that pinpoint the who, what, when, where, and authorization status of a change or activity, including before and after details of the change.
For Secure Configuration Manager, the Agent also responds to requests for data sent from core services in the form of security checks and policy templates. Policy templates are groups of security checks to audit a specific series of IT controls that match a security policy standard. The Agent translates the security checks into queries and forwards to its monitored endpoints. After receiving responses to the queries, the Agent sends a report with the results to the Secure Configuration Manager server.