How to setup systemd specific startup scripts for ControlMinder

Document ID : KB000039773
Last Modified Date : 14/02/2018
Show Technical Document Details

Problem: 

How to start CA Privileged Identity Manager (PIM) automatically in a Systemd machine after installation and configuration of PIM, in order to protect the host ?
CA Privileged Identity Manager (earlier know as CA Control Minder) can be installed on Red Hat Enterprise Linux 7 and above. 
This document is describing how to define Systemd specific startup scripts in case the legacy startup scripts provided by PIM shall not be used.

Environment:  

CA Privileged Identity Manager - R12.8 and higher
Operating System : Red Hat Enterprise Linux 7 and higher

Cause: 

Currently as of writing this Technical Document, we do not have the appropriate files for triggering the startup of PIM endpoint automatically after reboot using the unit files for Red Hat Enterprise Edition 7.x

Workaround:

1. Login as the 'root' user

2. Create a Service file for starting up PIM endpoint daemons at system startup time. This file has to be in the /etc/systemd/system directory only.

3. # touch /etc/systemd/system/seos.service

4. Make sure that the file access permissions are set as 'read+write','read' and 'read'

5. The following is the content of the file. Modify the location of 'seload' binary as per the location where PIM endpoint is installed.

[Unit]
Description=CA Privileged Access Manager Server Control
After=network.target
 
[Service]
Type=forking
ExecStart=/opt/CA/AccessControl/bin/seload
ExecStop=/opt/CA/AccessControl/bin/secons -sk
 
[Install]
WantedBy=multi-user.target

 

6. Save and exit the file

7. in a root shell run
# systemctl daemon-reload
(to reload systemd manager configuration. This will rerun all generators (see systemd.generator(7)), reload all unit files, and recreate the entire dependency tree.)

8. #systemctl start seos.service
(to startup the newly created service)

9. #systemctl enable seos.service
(to enable a unit to be started on boot, automatically creating the required links)

10. Reboot the host and verify that the services are started up automatically.

Additional Information:

Systemd is a system and service manager for Linux operating systems. It is designed to be backwards compatible with SysV init scripts, and provides a number of features such as parallel startup of system services at boot time, on-demand activation of daemons, support for system state snapshots, or dependency-based service control logic. In Red Hat Enterprise Linux 7, systemd replaces Upstart as the default init system.

Systemd introduces the concept of systemd units. These units are represented by unit configuration.

More information about Systemd can be looked up at various resources available, such as Red Hat Enterprise Linux Documentation.