Diagnostic Messages

This guide provides detailed information regarding the security policy file programming language for BeyondTrust Endpoint Privilege Management for Unix and Linux as well as a comprehensive diagnostic message list. The Endpoint Privilege Management for Unix and Linux suite includes:

• Endpoint Privilege Management for Unix and Linux
• Endpoint Privilege Management for Networks
• Endpoint Privilege Management for Unix and Linux, Essentials Edition

This language is used to create security policy files to control tasks and systems. You can control:

• The task a user or group of users may perform
• The systems a task may be submitted from
• The systems from which a task can be run
• When a specific task may be run (day and time)
• Where a task may be run from
• When and if secondary security checks (passwords and checksums) are required to run a task
• When and if supplemental security programs are run before a task is started

⚠️

Important

We assume the reader has a basic understanding of Unix or Linux system administration as well as experience working with a scripting (or equivalent) language. We recommend that you have experience in these areas before you attempt to create or modify security policy files.

ℹ️

Note

For more information about licensing and installation, see the Endpoint Privilege Management for Unix and Linux Installation Guide.

Sample policy files

When EPM-UL is installed, you can choose to copy sample policy files to the installation host. These sample policy files include detailed explanations of their function, and you can use these files to learn how policy files are typically written for various scenarios. The directory where the sample files are copied to is determined by the GUI library directory option you specify during installation. By default, this directory is /usr/local/lib/pbbuilder. A readme_samples text file is available in the directory and includes a brief description of each sample file.