Chapter 8. Considerations and Limitations
Using security-enhancing tools that add extra restriction layers may interfere with some PPEM features. PPEM’s normal operation is neither guaranteed nor recommended when using such tools. These security-enhancing tools include:
SELinux mandatory access control (MAC) systems. For more information, refer to the official SELinux documentation.
Information protection suites in Astra Linux Special Edition. For more information, refer to the official Astra Linux documentation.
Agents automatically discover hosts, instances, instance objects, and other components installed on the server and create them in the web application. You can configure the automatic discovery in the
ppem-agent.ymlagent configuration file.The automatic discovery and a number of other features are not supported when PPEM is installed in a secure environment.
When configuring agents in secure environments on Astra Linux Smolensk 1.7, DBMS instances are controlled using the pg_ctl utility without the systemd service manager. Since the agent uses pg_ctl to manage instances, the agent unit file must be edited by adding the
KillMode=processparameter to the[Service]section. When this parameter is set, launched child processes will not be stopped if the agent terminates. This prevents agent process failures from affecting the operation of managed instances. In this case, you must start instances manually after the operating system restart.