Using sudo Elevation in System Center 2012 - Operations Manager

A new feature for UNIX and Linux monitoring with System Center 2012 – Operations Manager is the ability to use sudo elevation in the discovery and agent ugprade wizards, as well as Run As accounts. This means that the root user is no longer needed for privileged monitoring (log file monitoring, script/command execution) and agent maintenance (installation, upgrade, and uninstallation). Information on configuring Operations Manager credentials to use sudo elevation can be found here.



In order to use sudo-enabled accounts for Operations Manager monitoring, the sudoers file must be configured (on each UNIX/Linux computer) to authorize elevation for the selected user account, using visudo.  General requirements for the accounts used by Operations Manager with sudo elevation are:

  • The sudoers option requiretty must be disabled for the user
  • For required commands, sudo authorization must be configured to allow the user to elevate to root, without password

Information on the rights and privileges required for Operations Manager activities can be found here.

Sample Configurations

The actual list of commands used for privileged monitoring or agent maintenance varies between platforms. The sample configurations below provide a user named “monuser” with the minimum necessary authorization to perform the following activities:

  • Discover and install the agent 
  • Sign the agent certificate
  • Upgrade the agent
  • Restart the agent (used in certificate signing and agent recovery)
  • Uninstall the agent
  • Read privileged log files

Commented lines in these configurations provide example syntax for use with custom command/script monitors, rules, or tasks (such as those created with the UNIX/Linux Shell Command monitoring templates), as well as daemon monitoring diagnostic and recovery tasks. 



System Center 2012 SP1 & R2 - Operations Manager

These configurations apply to System Center 2012 SP1 - Operations Manager and to System Center 2012 R2 - Operations Manager. Example configurations for System Center 2012 - Operations Manager are listed in the next section.

AIX

#-----------------------------------------------------------------------------------

#User configuration for Operations Manager agent – for a user with the name: monuser

 #General requirements

Defaults:monuser !requiretty

 

#Agent maintenance (discovery, install, uninstall, upgrade, restart, cert signing)

monuser ALL=(root) NOPASSWD: /bin/sh -c cp /tmp/scx-monuser/scx.pem /etc/opt/microsoft/scx/ssl/scx.pem; rm -rf /tmp/scx-monuser; /opt/microsoft/scx/bin/tools/scxadmin -restart

monuser ALL=(root) NOPASSWD: /bin/sh -c sh /tmp/scx-monuser/GetOSVersion.sh; EC=$?; rm -rf /tmp/scx-monuser; exit $EC

monuser ALL=(root) NOPASSWD: /bin/sh -c cat /etc/opt/microsoft/scx/ssl/scx.pem

monuser ALL=(root) NOPASSWD: /bin/sh -c /usr/sbin/installp -u scx

monuser ALL=(root) NOPASSWD: /usr/bin/sh -c gzip -dqf /tmp/scx-monuser/scx-1.[0-9].[0-9]-[0-9][0-9][0-9].aix.[0-9].ppc.lpp.gz;/usr/sbin/installp -a -d /tmp/scx-monuser/scx-1.[0-9].[0-9]-[0-9][0-9][0-9].aix.[0-9].ppc.lpp scx; EC=$?; cd /tmp; rm -rf /tmp/scx-monuser; exit $EC

#Log file monitoring

monuser ALL=(root) NOPASSWD: /opt/microsoft/scx/bin/scxlogfilereader -p

###Examples

#Custom shell command monitoring example – replace <shell command> with the correct command string

#monuser ALL=(root) NOPASSWD: /bin/bash -c <shell command>

 

#Daemon diagnostic and restart recovery tasks example (using cron)

#monuser ALL=(root) NOPASSWD: /bin/sh -c ps -ef | grep cron | grep -v grep

#monuser ALL=(root) NOPASSWD: /usr/sbin/cron & 

 

#End user configuration for Operations Manager agent

#----------------------------------------------------------------------------------- 

 

HP-UX

#-----------------------------------------------------------------------------------

#User configuration for Operations Manager agent – for a user with the name: monuser



#Agent maintenance (discovery, install, uninstall, upgrade, restart, cert signing)

monuser ALL=(root) NOPASSWD: /usr/bin/sh -c sh /tmp/scx-monuser/GetOSVersion.sh; EC=$?; rm -rf /tmp/scx-monuser; exit $EC

#ia64

monuser ALL=(root) NOPASSWD: /usr/bin/sh -c uncompress -f /tmp/scx-monuser/scx-1.[0-9].[0-9]-[0-9][0-9][0-9].hpux.11iv[0-9].ia64.depot.Z;/usr/sbin/swinstall -s /tmp/scx-monuser/scx-1.[0-9].[0-9]-[0-9][0-9][0-9].hpux.11iv[0-9].ia64.depot scx; EC=$?; cd /tmp; rm -rf /tmp/scx-monuser; exit $EC

#parisc

monuser ALL=(root) NOPASSWD: /usr/bin/sh -c uncompress -f /tmp/scx-monuser/scx-1.[0-9].[0-9]-[0-9][0-9][0-9].hpux.11iv[0-9].parisc.depot.Z;/usr/sbin/swinstall -s /tmp/scx-monuser/scx-1.[0-9].[0-9]-[0-9][0-9][0-9].hpux.11iv[0-9].parisc.depot scx; EC=$?; cd /tmp; rm -rf /tmp/scx-monuser; exit $EC

monuser ALL=(root) NOPASSWD: /usr/bin/sh -c cat /etc/opt/microsoft/scx/ssl/scx.pem

monuser ALL=(root) NOPASSWD: /usr/bin/sh -c cp /tmp/scx-monuser/scx.pem /etc/opt/microsoft/scx/ssl/scx.pem; rm -rf /tmp/scx-monuser; /opt/microsoft/scx/bin/tools/scxadmin -restart

monuser ALL=(root) NOPASSWD: /usr/bin/sh -c /usr/sbin/swremove scx

#Logfile monitoring

monuser ALL=(root) NOPASSWD: /opt/microsoft/scx/bin/scxlogfilereader -p

###Examples

#Custom shell command monitoring example – replace <shell command> with the correct command string

#monuser ALL=(root) NOPASSWD: /bin/bash -c <shell command>

 

#Daemon diagnostic and restart recovery tasks example (using cron)

#monuser ALL=(root) NOPASSWD: /bin/sh -c ps -ef | grep cron | grep -v grep

#monuser ALL=(root) NOPASSWD: /usr/sbin/cron & 



 

#End user configuration for Operations Manager agent

#-----------------------------------------------------------------------------------

 

Linux - RHEL

#-----------------------------------------------------------------------------------

#User configuration for Operations Manager agent – for a user with the name: monuser



#General requirements

Defaults:monuser !requiretty

 

#Agent maintenance (discovery, install, uninstall, upgrade, restart, cert signing)

monuser ALL=(root) NOPASSWD: /bin/sh -c cp /tmp/scx-monuser/scx.pem /etc/opt/microsoft/scx/ssl/scx.pem; rm -rf /tmp/scx-monuser; /opt/microsoft/scx/bin/tools/scxadmin -restart

monuser ALL=(root) NOPASSWD: /bin/sh -c sh /tmp/scx-monuser/GetOSVersion.sh; EC=$?; rm -rf /tmp/scx-monuser; exit $EC

monuser ALL=(root) NOPASSWD: /bin/sh -c  cat /etc/opt/microsoft/scx/ssl/scx.pem

monuser ALL=(root) NOPASSWD: /bin/sh -c  rpm -e scx

monuser ALL=(root) NOPASSWD: /bin/sh -c /bin/rpm -F --force /tmp/scx-monuser/scx-1.[0-9].[0-9]-[0-9][0-9][0-9].rhel.[0-9].x[6-8][4-6].rpm; EC=$?; cd /tmp; rm -rf /tmp/scx-monuser; exit $EC

monuser ALL=(root) NOPASSWD: /bin/sh -c /bin/rpm -U --force /tmp/scx-monuser/scx-1.[0-9].[0-9]-[0-9][0-9][0-9].rhel.[0-9].x[6-8][4-6].rpm; EC=$?; cd /tmp; rm -rf /tmp/scx-monuser; exit $EC

#Log file monitoring

monuser ALL=(root) NOPASSWD: /opt/microsoft/scx/bin/scxlogfilereader -p



###Examples

#Custom shell command monitoring example – replace <shell command> with the correct command string

#monuser ALL=(root) NOPASSWD: /bin/bash -c <shell command>

 

#Daemon diagnostic and restart recovery tasks example (using cron)

#monuser ALL=(root) NOPASSWD: /bin/sh -c ps -ef | grep cron | grep -v grep

#monuser ALL=(root) NOPASSWD: /usr/sbin/cron & 

 #End user configuration for Operations Manager agent

#-----------------------------------------------------------------------------------

 

Linux - SLES

#-----------------------------------------------------------------------------------

#User configuration for Operations Manager agent – for a user with the name: monuser

#General requirements

Defaults:monuser !requiretty

 

#Agent maintenance (discovery, install, uninstall, upgrade, restart, cert signing)

monuser ALL=(root) NOPASSWD: /bin/sh -c cp /tmp/scx-monuser/scx.pem /etc/opt/microsoft/scx/ssl/scx.pem; rm -rf /tmp/scx-monuser; /opt/microsoft/scx/bin/tools/scxadmin -restart

monuser ALL=(root) NOPASSWD: /bin/sh -c sh /tmp/scx-monuser/GetOSVersion.sh; EC=$?; rm -rf /tmp/scx-monuser; exit $EC

monuser ALL=(root) NOPASSWD: /bin/sh -c  cat /etc/opt/microsoft/scx/ssl/scx.pem

monuser ALL=(root) NOPASSWD: /bin/sh -c  rpm -e scx

#SLES 9

monuser ALL=(root) NOPASSWD: /bin/sh -c /bin/rpm -F --force /tmp/scx-monuser/scx-1.[0-9].[0-9]-[0-9][0-9][0-9].sles.9.x[6-8][4-6].rpm; EC=$?; cd /tmp; rm -rf /tmp/scx-monuser; exit $EC

monuser ALL=(root) NOPASSWD: /bin/sh -c /bin/rpm -U --force /tmp/scx-monuser/scx-1.[0-9].[0-9]-[0-9][0-9][0-9].sles.9.x[6-8][4-6].rpm; EC=$?; cd /tmp; rm -rf /tmp/scx-monuser; exit $EC

#SLES 10, 11 or 12

monuser ALL=(root) NOPASSWD: /bin/sh -c /bin/rpm -F --force /tmp/scx-monuser/scx-1.[0-9].[0-9]-[0-9][0-9][0-9].sles.1[0|1|2].x[6-8][4-6].rpm; EC=$?; cd /tmp; rm -rf /tmp/scx-monuser; exit $EC

monuser ALL=(root) NOPASSWD: /bin/sh -c /bin/rpm -U --force /tmp/scx-monuser/scx-1.[0-9].[0-9]-[0-9][0-9][0-9].sles.1[0|1|2].x[6-8][4-6].rpm; EC=$?; cd /tmp; rm -rf /tmp/scx-monuser; exit $EC

#Log file monitoring

monuser ALL=(root) NOPASSWD: /opt/microsoft/scx/bin/scxlogfilereader -p





###Examples

#Custom shell command monitoring example – replace <shell command> with the correct command string

#monuser ALL=(root) NOPASSWD: /bin/bash -c <shell command>

 

#Daemon diagnostic and restart recovery tasks example (using cron)

#monuser ALL=(root) NOPASSWD: /bin/sh -c ps -ef | grep cron | grep -v grep

#monuser ALL=(root) NOPASSWD: /usr/sbin/cron & 

 

#End user configuration for Operations Manager agent

#-----------------------------------------------------------------------------------

 

Linux - Universal DEB (Debian, Ubuntu)

#-----------------------------------------------------------------------------------

#User configuration for Operations Manager agent – for a user with the name: monuser



#General requirements

Defaults:monuser !requiretty

 

#Agent maintenance (discovery, install, uninstall, upgrade, restart, cert signing)

monuser ALL=(root) NOPASSWD: /bin/sh -c cp /tmp/scx-monuser/scx.pem /etc/opt/microsoft/scx/ssl/scx.pem; rm -rf /tmp/scx-monuser; /opt/microsoft/scx/bin/tools/scxadmin -restart

monuser ALL=(root) NOPASSWD: /bin/sh -c sh /tmp/scx-monuser/GetOSVersion.sh; EC=$?; rm -rf /tmp/scx-monuser; exit $EC

monuser ALL=(root) NOPASSWD: /bin/sh -c cat /etc/opt/microsoft/scx/ssl/scx.pem

monuser ALL=(root) NOPASSWD: /bin/sh -c dpkg -P scx

monuser ALL=(root) NOPASSWD: /bin/sh -c dpkg -i /tmp/scx-monuser/scx-1.[0-9].[0-9]-[0-9][0-9][0-9].universald.1.x[6-8][4-6].deb; EC=$?; cd /tmp; rm -rf /tmp/scx-monuser; exit $EC

#Log file monitoring

monuser ALL=(root) NOPASSWD: /opt/microsoft/scx/bin/scxlogfilereader -p

###Examples

#Custom shell command monitoring example – replace <shell command> with the correct command string

#monuser ALL=(root) NOPASSWD: /bin/bash -c <shell command>

 

#Daemon diagnostic and restart recovery tasks example (using cron)

#monuser ALL=(root) NOPASSWD: /bin/sh -c ps -ef | grep cron | grep -v grep

#monuser ALL=(root) NOPASSWD: /usr/sbin/cron & 

 

#End user configuration for Operations Manager agent

#-----------------------------------------------------------------------------------

 

Linux - Universal RPM (CentOS, Oracle)

#----------------------------------------------------------------------------------

#User configuration for Operations Manager agent – for a user with the name: monuser



#General requirements

Defaults:monuser !requiretty

 

#Agent maintenance (discovery, install, uninstall, upgrade, restart, cert signing)

monuser ALL=(root) NOPASSWD: /bin/sh -c cp /tmp/scx-monuser/scx.pem /etc/opt/microsoft/scx/ssl/scx.pem; rm -rf /tmp/scx-monuser; /opt/microsoft/scx/bin/tools/scxadmin -restart

monuser ALL=(root) NOPASSWD: /bin/sh -c sh /tmp/scx-monuser/GetOSVersion.sh; EC=$?; rm -rf /tmp/scx-monuser; exit $EC

monuser ALL=(root) NOPASSWD: /bin/sh -c  cat /etc/opt/microsoft/scx/ssl/scx.pem

monuser ALL=(root) NOPASSWD: /bin/sh -c  rpm -e scx

monuser ALL=(root) NOPASSWD: /bin/sh -c /bin/rpm -F --force /tmp/scx-monuser/scx-1.[0-9].[0-9]-[0-9][0-9][0-9].universalr.[0-9].x[6-8][4-6].rpm; EC=$?; cd /tmp; rm -rf /tmp/scx-monuser; exit $EC

monuser ALL=(root) NOPASSWD: /bin/sh -c /bin/rpm -U --force /tmp/scx-monuser/scx-1.[0-9].[0-9]-[0-9][0-9][0-9].universalr.[0-9].x[6-8][4-6].rpm; EC=$?; cd /tmp; rm -rf /tmp/scx-monuser; exit $EC

#Log file monitoring

monuser ALL=(root) NOPASSWD: /opt/microsoft/scx/bin/scxlogfilereader -p



###Examples

#Custom shell command monitoring example – replace <shell command> with the correct command string

#monuser ALL=(root) NOPASSWD: /bin/bash -c <shell command>

 

#Daemon diagnostic and restart recovery tasks example (using cron)

#monuser ALL=(root) NOPASSWD: /bin/sh -c ps -ef | grep cron | grep -v grep

#monuser ALL=(root) NOPASSWD: /usr/sbin/cron & 

 

#End user configuration for Operations Manager agent

#-----------------------------------------------------------------------------------

 

Solaris

#----------------------------------------------------------------------------------

#User configuration for Operations Manager agent – for a user with the name: monuser




# Defaults specification

Defaults:monuser passwd_tries = 1, passwd_timeout = 1

##OS Discovery Script

monuser ALL=(root) NOPASSWD: /usr/bin/sh -c sh /tmp/scx-monuser/GetOSVersion.sh; EC=??; rm -rf /tmp/scx-monuser; exit ?EC

#Agent install and upgrade

#Solaris 9

monuser ALL=(root) NOPASSWD: /usr/bin/sh -c echo -e "mail=*/usr/sbin/pkgadd -a /tmp/scx-monuser/scx -n -d /tmp/scx-monuser/scx-1.[0-9].[0-9]-[0-9][0-9][0-9].solaris.9.sparc.pkg MSFTscx;*exit ?EC

#Solaris 10 or 11

monuser ALL=(root) NOPASSWD: /usr/bin/sh -c echo -e "mail=*/usr/sbin/pkgadd -a /tmp/scx-monuser/scx -n -d /tmp/scx-monuser/scx-1.[0-9].[0-9]-[0-9][0-9][0-9].solaris.1[0-1].sparc.pkg MSFTscx;*exit ?EC

monuser ALL=(root) NOPASSWD: /usr/bin/sh -c echo -e "mail=*/usr/sbin/pkgadd -a /tmp/scx-monuser/scx -n -d /tmp/scx-monuser/scx-1.[0-9].[0-9]-[0-9][0-9][0-9].solaris.1[0-1].x86.pkg MSFTscx;*exit ?EC

##Agent uninstall

monuser ALL=(root) NOPASSWD: /usr/bin/sh -c rm -rf /tmp/scx-monuser;*/usr/sbin/pkgrm -a /tmp/scx-monuser/scx -n MSFTscx;*exit ?EC

##Certificate signing

monuser ALL=(root) NOPASSWD: /usr/bin/sh -c cat /etc/opt/microsoft/scx/ssl/scx.pem

monuser ALL=(root) NOPASSWD: /usr/bin/sh -c rm -rf /tmp/scx-monuser

monuser ALL=(root) NOPASSWD: /usr/bin/sh -c cp /tmp/scx-monuser/scx.pem /etc/opt/microsoft/scx/ssl/scx.pem; rm -rf /tmp/scx-monuser; /opt/microsoft/scx/bin/tools/scxadmin -restart

##Agent control

monuser ALL=(root) NOPASSWD: /opt/microsoft/scx/bin/tools/scxadmin

##Log file monitoring

monuser ALL=(root) NOPASSWD: /opt/microsoft/scx/bin/scxlogfilereader -p



#End user configuration for Operations Manager agent

#-----------------------------------------------------------------------------------

 

 

System Center 2012 - Operations Manager

These configurations apply to System Center 2012 - Operations Manager

AIX

#-----------------------------------------------------------------------------------

#User configuration for Operations Manager agent – for a user with the name: monuser

#General requirements

Defaults:monuser !requiretty

#Lower sudo password prompt timeout for the user

Defaults:monuser passwd_tries = 1, passwd_timeout = 1

#Agent maintenance (discovery, install, uninstall, upgrade, restart, cert signing)

monuser ALL=(root) NOPASSWD: /opt/microsoft/scx/bin/tools/scxadmin

monuser ALL=(root) NOPASSWD: /usr/bin/sh -c sh /tmp/scx-*/GetOSVersion.sh; EC=$?; rm -rf /tmp/scx-*; exit $EC

monuser ALL=(root) NOPASSWD: /usr/bin/sh -c cat /etc/opt/microsoft/scx/ssl/scx.pem

monuser ALL=(root) NOPASSWD: /usr/bin/sh -c gzip -dqf /tmp/scx-*

monuser ALL=(root) NOPASSWD: /usr/bin/sh -c echo *

monuser ALL=(root) NOPASSWD: /usr/bin/sh -c /usr/sbin/installp -u scx

###Examples

#Custom shell command monitoring example – replace <shell command> with the correct command string

#monuser ALL=(root) NOPASSWD: /bin/bash -c <shell command>

#Daemon diagnostic and restart recovery tasks example (using cron)

#monuser ALL=(root) NOPASSWD: /bin/sh -c ps -ef | grep cron | grep -v grep

#monuser ALL=(root) NOPASSWD: /usr/sbin/cron &

#End user configuration for Operations Manager agent

#-----------------------------------------------------------------------------------

 

HP-UX

#-----------------------------------------------------------------------------------

#User configuration for Operations Manager agent – for a user with the name: monuser

#General requirements

Defaults:monuser !requiretty

#Lower sudo password prompt timeout for the user

Defaults:monuser passwd_tries = 1, passwd_timeout = 1

#Agent maintenance (discovery, install, uninstall, upgrade, restart, cert signing)

monuser ALL=(root)      NOPASSWD: /opt/microsoft/scx/bin/tools/scxadmin

monuser ALL=(root)      NOPASSWD: /bin/sh -c sh /tmp/scx-*/GetOSVersion.sh; EC=$?; rm -rf /tmp/scx-*; exit $EC

monuser ALL=(root)      NOPASSWD: /bin/sh -c uncompress -f /tmp/scx-*

monuser ALL=(root)      NOPASSWD: /bin/sh -c cat /etc/opt/microsoft/scx/ssl/scx.pem

monuser ALL=(root)      NOPASSWD: /bin/sh -c echo *

monuser ALL=(root)      NOPASSWD: /bin/sh -c /usr/sbin/swremove scx

###Examples

#Custom shell command monitoring example – replace <shell command> with the correct command string

#monuser ALL=(root) NOPASSWD: /bin/bash -c <shell command>

#Daemon diagnostic and restart recovery tasks example (using cron)

#monuser ALL=(root) NOPASSWD: /bin/sh -c ps -ef | grep cron | grep -v grep

#monuser ALL=(root) NOPASSWD: /sbin/init.d/cron start

#End user configuration for Operations Manager agent

#-------------------------------------------------------------------------------



Linux

#-----------------------------------------------------------------------------------

#User configuration for Operations Manager agent – for a user with the name: monuser

#General requirements

Defaults:monuser !requiretty

#Lower sudo password prompt timeout for the user

Defaults:monuser passwd_tries = 1, passwd_timeout = 1

 

#Agent maintenance (discovery, install, uninstall, upgrade, restart, cert signing)

monuser ALL=(root) NOPASSWD: /opt/microsoft/scx/bin/tools/scxadmin

monuser ALL=(root) NOPASSWD: /bin/sh -c sh /tmp/scx-*/GetOSVersion.sh; EC=$?; rm -rf /tmp/scx-*; exit $EC

monuser ALL=(root) NOPASSWD: /bin/sh -c  /bin/rpm -U --force */scx-*

monuser ALL=(root) NOPASSWD: /bin/sh -c  /bin/rpm -F --force */scx-*

monuser ALL=(root) NOPASSWD: /bin/sh -c  rpm -e scx

monuser ALL=(root) NOPASSWD: /bin/sh -c  cat /etc/opt/microsoft/scx/ssl/scx.pem

monuser ALL=(root) NOPASSWD: /bin/sh -c  echo *

 

#Log file monitoring

monuser ALL=(root) NOPASSWD: /opt/microsoft/scx/bin/scxlogfilereader -p

###Examples

#Custom shell command monitoring example – replace <shell command> with the correct command string

#monuser ALL=(root) NOPASSWD: /bin/bash -c <shell command>

 

#Daemon diagnostic and restart recovery tasks example (using cron)

#monuser ALL=(root) NOPASSWD: /bin/sh -c ps -ef | grep cron | grep -v grep

#monuser ALL=(root) NOPASSWD: /sbin/service cron start

 

#End user configuration for Operations Manager agent

#-----------------------------------------------------------------------------------

 

 

Solaris

#-----------------------------------------------------------------------------------

#User configuration for Operations Manager agent – for a user with the name: monuser

#General requirements

Defaults:monuser !requiretty

#Lower sudo password prompt timeout for the user

Defaults:monuser passwd_tries = 1, passwd_timeout = 1

Monuser ALL=(root) NOPASSWD: /opt/microsoft/scx/bin/tools/scxadmin

monuser ALL=(root) NOPASSWD: /usr/bin/sh -c sh /tmp/scx-*/GetOSVersion.sh; EC=$?; rm -rf /tmp/scx-*; exit $EC

monuser ALL=(root) NOPASSWD: /usr/bin/sh -c cat /etc/opt/microsoft/scx/ssl/scx.pem

monuser ALL=(root) NOPASSWD: /usr/bin/sh -c echo *

monuser ALL=(root) NOPASSWD: /usr/bin/sh -c rm -rf /tmp/scx-*

 

#Log file monitoring

monuser ALL=(root) NOPASSWD: /opt/microsoft/scx/bin/scxlogfilereader -p

###Examples

#Custom shell command monitoring example – replace <shell command> with the correct command string

#monuser ALL=(root) NOPASSWD: /bin/bash -c <shell command>

 

#Daemon diagnostic and restart recovery tasks example (using cron)

#monuser ALL=(root) NOPASSWD: /bin/sh -c ps -ef | grep cron | grep -v grep

#monuser ALL=(root) NOPASSWD: sh -c '/etc/init.d/cron start'

 

#End user configuration for Operations Manager agent

#-----------------------------------------------------------------------------------

 

Troubleshooting



Sudo log

The best way to troubleshoot authentication failures that may be related to sudoers configuration is to inspect the sudo log on the agent host.  Sudo logging is controlled in sudoers, with the Defaults parameter logfile.  For example, the line: Defaults logfile=/var/log/sudolog enables sudo logging to the file /var/log/sudolog.

Password Prompts and Timeouts



Operations Manager’s use of sudo elevation requires passwordless elevation. By default, sudo will prompt for a password if a command is not configured with NOPASSWD for the user (this may happen if a specific command was not configured for the user, or if the NOPASSWD option was not set). It is recommended that you configure the following option in sudoers for the user account: Defaults:monuser passwd_tries = 1, passwd_timeout = 1. This example sets a one minute password prompt timeout for the user monuser, which allows the command to fail quickly if a sudo configuration problem exists.