Securden Agents for Macintosh Devices¶
You may use Securden to control and regulate execution of specific commands on Mac devices using the Securden Agent for Mac. You need to deploy the Securden Agent on all the required endpoints and the commands that you want to control and regulate using Securden. The steps to enforce command control on Mac devices are explained in this document.
Deploying the agent on Mac devices¶
The Securden privilege management agent can be deployed on devices running the Mac OS by directly downloading the agent package available in the Securden web interface.
Note
- The agent should be installed using a standard account. Then, the standard users may use the agent for privilege elevation.
- To use the Securden Agent on a Mac device, you need to have .NET framework and Python 3.0 installed. If your machine doesn't have .NET installed or Python 3.0 installed, they will automatically be installed as part of the installation procedure.
- Python and .NET framework won’t be removed when the agent is uninstalled as they could be used by other programs. If they are removed, the programs dependent on them will stop functioning. You need to manually remove them if required.
Follow the steps below to install the Securden agent on your Mac device:
- Navigate to Computers >> Mac Agent and click on the download button named SecurdenAgent.pkg
- To deploy the agent on a device, you may make copies of the downloaded package or download it fresh from the web interface for each device.
- In the required device, locate the package and open it.
- Click on Continue to go to the next step of installation.
- Specify the required installation folder location and click Install.
- Provide the administrator credentials to complete the installation.
- Once the agent is installed, you will be prompted to provide the server connectivity details to the agent.
In the web interface, navigate to Admin >> General >> Securden Server Connectivity to find the URL required to connect with the server.
Enter this URL (Securden server connectivity URL) in the window. Once the steps are completed, the agent will start communicating with the EPM server provided it is reachable from the endpoint. You can view the device in the Computers section.
Adding Unix commands into Securden¶
- To add commands to Securden, you need to navigate to the Applications section and click on Add.
- Provide a suitable Name, and Description (Optional).
- In the field Type, you need to select the option Unix Command from the drop down.
- Once you select the type, you need to specify the commands with its absolute path. You may add parameters with the command if needed.For example, /usr/bin/apt-get install python2
- Once the command is specified, click Save.
Now you may control privileges for this command by creating policies for specific commands to be used on specific computers by specific users and groups.
Creating a Unix command control policy¶
Navigate to Privileges >> Add Policy >> Add Unix Commands Policy to create a Unix command policy.
You have the option to associate the policy to work on all Linux and Mac devices or specific devices. Similarly, you can associate the policy with specific users and user groups or with all users in Securden.
Follow the steps below to create a Unix commands policy in Securden.
- You need to provide a specific name for the policy being created. You may optionally provide a description to add context to the policy.
-
Choose between Grant SUDO Privilege and Deny SUDO Privilege.
Note
Standard users will be able to use the command with superuser privileges in case of choosing to grant SUDO privileges. If you choose to deny SUDO privileges, even administrator users won't be allowed to run the commands with superuser privileges.
-
You need to select the commands for which you want to grant or deny SUDO privileges. Search and select the commands from the field Select Commands. The commands added to Securden will be available for selection.
- Once you have selected the required commands, you need to associate the required devices with the policy. You may choose to apply the policy to All devices in Securden or choose specific devices to Include and Exclude specific devices and associate the policy accordingly.
- Now, you need to associate the policy being created with the required users. You may choose to make this a blanket policy by associating the policy with All Users.
- If you want to associate the policy with specific users, you may choose to include them by choosing the radio button Include specific users or choose to associate the policy with all users except a few by clicking Exclude specific users. When you include or exclude specific users, you need to search and select the required users from the list.
Once all the above steps are completed, you may Save the policy to Securden. Upon approval from a peer administrator (if required), the policy will be in effect and all concerned users will be to use this policy on the associated devices. The agent will automatically pull the active policies and enforce them accordingly.
Managing Full Administrator Access Requests¶
When users require administrator privileges to complete certain tasks, they may place a request with the administrator using the agent. The user may open the Agent’s tray icon and click on Request Admin Privilege. In the pop-up, the user may specify the time during which they need admin rights.
The users have the option to request privileged access till a specific time or for a fixed duration.
Once the user places the request, it will be presented in front of an administrator for approval.
The administrator can review the request and choose to approve or reject the request.
The administrator can accept the user's proposed time duration or choose a time duration of their choice.
Once the administrators approve or reject the request, the agent will pull the changes and act accordingly.