dzdo
For Linux and UNIX computers, Verify Privilege Server Suite includes authorization services that enable users to run with elevated privileges using the dzdo command line program. The dzdo program is similar to sudo except that, instead of using a sudoers configuration file, the program uses the role-based access rights for zones stored in Active Directory.
dzdo Audit Event Log Sample
The following is a sample of an audit event log for Centrify Audit Event ID 30004. This log sample documents that the dzdo service has been granted authorization.The change was made by user=dwirth(type:ad,dwirth@acme.vms) on April 7 at 01:20:12.
Apr 7 01:20:12 engcen6 adclient[2191]: INFO AUDIT_
TRAIL|Centrify Suite|dzdo|1.0|0|dzdo
granted|5|user=dwirth(type:ad,dwirth@acme.vms)
pid=32224 utc=1460010012602 Centrify EventID=30004
DAInst=AuditingInstallation DASessID=c72252aa-e616
-44ff-a5f6-d3f53f09bb67 status=GRANTED
service=dzdo command=/bin/vi runas=root role=ROLE_SYSTEM_
Archt/Global env=(none)
dzdo Audit Events
dzdo Audit Events
| Event Id | Description | Parameters |
|---|---|---|
| 30000-Deprecated | dzdo granted This event has been deprecated. Use Centrify Event Id 30004 introduced in release 2017.3 instead. | command: command runas: username@domain role: role name env: environment variables |
| 30001-Deprecated | dzdo denied This event has been deprecated. Use Centrify Event Id 30005 introduced in release 2017.3 instead. If the command is valid and requires authentication, Centrify Event Id 30005 is generated in release 2017.3 (and later versions) to show whether MFA is required or not. | command: command runas: username@domain reason: error message |
| 30002 | Trouble ticket entered | ticket: ticket |
| 30004 | dzdo granted added in release 2017.3 | command: command runas: username@domain role: role name env: environment variables MfaRequired: whether user was required to do MFA EntityName: Entity Name |
| 30005 | dzdo denied added in release 2017.3 | command: command runas: username@domain reason: error message MfaRequired: whether user was required to do MFA EntityName: Entity Name |
| 30100 | dzdo command execution starts added in release 18.11 | command: command runas: username@domain role: role name env: environment variables MfaRequired: whether user was required to do MFA EntityName: Entity Name |
| 30101 | dzdo command execution ends added in release 18.11 |
command: command exitcode: exit code |