Check the PAM version using SNMP

Document ID : KB000100623
Last Modified Date : 10/07/2018
Show Technical Document Details
Introduction:
If you need to be able to check the software installed on a PAM instance without logging in then follow the steps below.
Instructions:

In order to determine the software installed on a PAM instance with SNMP you must first enable it on the PAM instance.  Those who do not know how to do this should start with the SNMP section of the PAM documentation:  https://docops.ca.com/ca-privileged-access-manager/3-2/EN/implementing/configure-your-server/configure-network-settings/authorize-snmp-polling.  Once SNMP Polling is enabled in PAM you will be able to find the following MIB objects in PAM: gkVersion and gkAppliedPatches.  The easiest way to do this is with an snmpwalk, and then scan these objects.  On a 3.1.1 system this is what was seen:

gkVersion - 3.2.0.341

gkAppliedPatches - CAPAM_3.2.0 (13:25 21-06-2018), PAM_SUPPORT_SSH_DEBUG (14:42 11-01-2018), CAPAM_3.1.1.19-revert (15:04 23-05-2018), true (20:39 06-03-2018), CAPAM_3.1.1.03 (13:00 07-05-2018), CAPAM_3.1.1.20 (16:28 13-06-2018), CAPAM_3.0.1 (01:52 30-11-2017), CAPAM_3.1.1.12 (16:37 23-04-2018), CAPAM_3.1.1.23 (17:18 13-06-2018), CAPAM_3.1.1 (18:27 23-01-2018), CAPAM_3.1.1.13 (16:02 11-04-2018), CAPAM_3.1.1.14 (23:31 23-05-2018), CAPAM_3.1.1.18 (15:03 26-04-2018), CAPAM_3.1.0 (17:58 09-01-2018), CAPAM_3.1.1.19 (15:14 23-05-2018), CAPAM_3.1.1.22 (16:29 13-06-2018), CAPAM_3.1.1.16 (18:03 22-05-2018), CAPAM_3.1.1.23-revert (17:25 13-06-2018)


If you do not already have it, you may retrieve the PAM MIB from the PAM Community.  Here is the link to the PAM MIB that will work with PAM 2.8.3, 2.8.4.1, 3.0.x, 3.1.1 and 3.2:  https://communities.ca.com/docs/DOC-231177436-ca-pam-283-and-301-mib.  It may work with other versions as well, but these are all that have been confirmed as of this posting.