18 December,19 at 11:47 AM
What is the dzdo validator?
It's a way to customize the behavior of Centrify-enhanced sudo.
How is it implemented?
Via the dzdo.validator parameter in /etc/centrifydc/centrifydc.conf
Via the GPO "Require dzdo command validation check" in with Computer Configuration/Policies/Centrify
Sample Validator - Provide a Change Control Number
Centrify provides a sample validator located under /usr/share/centrifydc/sbin, it's called dzcheck.sample. It prompts for a change control number when elevating. Example:
$ dzdo tail /var/log/messages Enter the change control ticket number:1255
The validator, sends the following data to syslog:
Nov 7 15:04:39 engcen6 dzcheck.sample[35173]: User "dwirth@centrify.vms" will run "/usr/bin/tail /var/log/messages" as "root" with ticket number "1255"
If you're running DirectAudit, the Audit Analyzer displays the following event:
The benefit here is that you could search for al DA sessions related to a particular change control number.
Implementation
With the configuration file
dzdo.validator: /usr/share/centrifydc/sbin/dzcheck
With group policy:
Video
Related Articles:
[Labs] Integrating ServiceNow Approvals to Centrify-enhanced sudo using the dzdo validator