2.1.12 Zscaler App Connector

In order for Indeni to run its full set of discovery and interrogation scripts, a SSH user needs to be used to connect your system. It is highly recommended that a unique Indeni user is created for auditing and security purposes. Before adding any App Connector, make sure the SSH credential is provided in Credentials Set.

The Indeni user needs to run the “systemctl status zpa-connector” command. This requires elevated privileges. To allow the command, create a file in the /etc/sudoers.d directory and include the following line in the file.

Indeni <system-name> = NOPASSWD: /bin/systemctl status zpa-connector

Default permissions (0002) can be used for this file.

Verify the privileges

Use the commands below to verify the privileges for the Indeni user.

[indeni@RedHat-8-4 ~]$ id
uid=1000(indeni) gid=1000(indeni) groups=1000(indeni),10(wheel) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
[indeni@RedHat-8-4 ~]$ 
[indeni@RedHat-8-4 ~]$ 
[indeni@RedHat-8-4 ~]$ sudo -l
Matching Defaults entries for indeni on RedHat-8-4:
    !visiblepw, always_set_home, match_group_by_gid, always_query_group_plugin, env_reset, env_keep="COLORS DISPLAY HOSTNAME HISTSIZE
    KDEDIR LS_COLORS", env_keep+="MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE", env_keep+="LC_COLLATE LC_IDENTIFICATION
    LC_MEASUREMENT LC_MESSAGES", env_keep+="LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE", env_keep+="LC_TIME LC_ALL LANGUAGE
    LINGUAS _XKB_CHARSET XAUTHORITY", secure_path=/sbin\:/bin\:/usr/sbin\:/usr/bin

User indeni may run the following commands on RedHat-8-4:
    (ALL) ALL
    (root) NOPASSWD: /usr/bin/yum, /bin/systemctl status zpa-connector
[indeni@RedHat-8-4 ~]$