1.0 Understanding Security Agent for UNIX
Securing and monitoring the performance of your UNIX and Linux environments can be expensive and time-consuming. The enterprise performance and security managers experience the following challenges:
-
Deficits in UNIX and Linux security and system expertise
-
Managing various operating systems including Red Hat, AIX, HP-UX, Solaris, and SUSE Linux
-
Controlling access to privileged commands and sensitive resources
-
Lacking intrusion detection and response systems to handle both real and potential security breaches
Security Agent for UNIX (agent) helps you effectively address these challenges by enabling security products, such as Sentinel, to monitor the configuration and risk compliance of your UNIX and Linux environments.
Figure 1-1 Security Agent for UNIX Architecture
You can deploy and manage Security Agent for UNIX using the following:
UNIX Agent Manager (UAM). UAM is a console and data store that you can use to manage the Security Agent for UNIX components in Sentinel. UNIX Agent Manager runs on Windows, UNIX, and Linux operating systems. Most features can be accessed from a command line as well as the console.
The following tables list the functionalities of UAM:
Table 1-1 UAM functionality for Sentinel
|
Function |
UAM |
|---|---|
|
Agent deployment |
Performed by UAM server |
|
Audit diagnostics |
Yes |
|
Enhanced certificate management |
No |
|
Asset view |
Shows which agent components are enabled on each asset |
|
Monitoring the agent status |
Yes |
|
Patch release |
Yes for all patches |
|
Licensing and availability |
Available with a licensed instance of Sentinel |
Table 1-2 UAM for Sentinel
|
Function |
UAM |
|---|---|
|
Remote agent installation, upgrades, reconfiguration, and uninstallation |
Yes |
|
Sentinel rule deployment |
Yes |
|
Sentinel Oracle endpoint management |
Yes |
When you install an agent, you can choose the security product as Sentinel, which monitors the computer on which the agent resides. A single agent can perform monitoring of the security product Sentinel. Sentinel has its own method for registering the agents and configuring the agent to send the proper data. This security product Sentinel is referred to as the agent component.
For Sentinel, you must deploy rules on the Sentinel Agent by using UAM. The events are filtered and forwarded to the Sentinel server based on the rules deployed. You can monitor the most complex IT environments and obtain the security required to protect your IT environment.