Installation programs
This section describes the Endpoint Privilege Management for Unix and Linux installation programs and their options.
pbinstall
pbinstall installs, updates, and configures all Endpoint Privilege Management for Unix and Linux products. pbinstall is a menu-driven, interactive installation script. It enables the superuser installer to install, update, or reconfigure Endpoint Privilege Management for Unix and Linux as required by configuration changes or updates. pbinstall properly configures (as appropriate) /etc/services, the superdaemon configuration files (/etc/inetd.conf and/or /etc/xinetd.conf), and Endpoint Privilege Management for Unix and Linux for most execution environments.
An initial screen of legal information and credits is displayed, followed by a check to determine if the VISUAL or EDITOR environment variables select the editor to use during the installation. If you have not set either of these environment variables, then you are prompted to supply the path to an editor, with vi as the default.
Endpoint Privilege Management for Unix and Linux is configured by a menu system with a menu of numbered selections and lettered options.
- To select an item to configure, type the number of that item and press ENTER to display the configuration prompts.
- To navigate the menu pages, use the following commands:
- C Continue installation
- N Next menu page
- P Previous menu page
- R Redraw menu (not shown due to space limitations)
- X Exit script without performing any configuration
- After C is selected, you are asked if the settings are acceptable. If you indicate that they are not, then pbinstall returns to the configuration menu.
- If the settings are acceptable, then pbinstall asks if you want to view the generated installation script.
Important
The generated installation script contains thousands of lines of code; therefore, viewing this script is recommended for advanced users only. To view the script, type y.
- You are then asked if the generated installation script is to be executed. If it is not to be executed, then the name of that script is displayed and pbinstall exits. Otherwise, the script is immediately executed.
Multiple command line options can be used together. During an update installation, the –m, –l, –r, –g, and –i arguments have no effect and must be explicitly changed using the Endpoint Privilege Management for Unix and Linux installation menu for pbinstall.
An update installation is an installation in which the previous Endpoint Privilege Management for Unix and Linux version has not been uninstalled. It uses the same installation directories as the previous installation (including the untar and unpack occurring in the same directories as the previous installation if the distribution was using FTP), and uses the existing pb.settings, pb.key, and pb.conf files. If done properly, all (or almost all) of the previous installation parameters carry forward to the new installation.
Syntax
pbinstall [options]
Example
pbinstall -h
Example
pbinstall -L hostname
| -a architecture | This option and its required argument explicitly specify which Unix or Linux architecture file to install. If the –a option is used, then the installer compares the expected flavor and the flavor that is specified with the -a option and displays a warning if they do not match. In Endpoint Privilege Management for Unix and Linux v3.2 and earlier, the installation does not cross-check flavors. Beginning with Endpoint Privilege Management for Unix and Linux v3.5, the installation script cross-checks flavors. |
| -A | Sets the Application ID for client registration. |
| -b | Runs pbinstall in batch mode. In batch mode, the specified existing and then default settings are automatically used. User intervention is not allowed and hit enter prompts are suppressed. This option also invokes -e. |
| -B | Specify base daemon port number. |
| -c | Causes pbinstall to skip the steps that process or update the Endpoint Privilege Management for Unix and Linux settings file (/etc/pb.settings). This option is often used during the upgrade of an existing Endpoint Privilege Management for Unix and Linux installation. The /etc/pb.settings file is not changed. It is backed up (to /etc/pb.settings.sybak.####) and replaced. Therefore, the creation and/or modification dates on the file may be changed. |
| -d | Installs the static pbdemo.key for a fresh install. This keyfile is static and shipped as part of the tar file. Therefore it should only be used for demo purposes and should not be used in a production environment. |
| -D | Sets the address for the primary license server for client registration. |
| -e | Runs pbinstall automatically by bypassing the menu step of pbinstall. Bypassing the pbinstall menu step makes it impossible to change installation options or configurations. |
| -g | Creates a log host (that is, installs pblogd). |
| -h | Prints the usage information for pbinstall and causes it to exit. |
| -i | Ignores previous pb.settings files. |
| -I This argument uses a capital "i". | Installs primary license server (infers -X and -Y). |
| -j | This option defines the base directory for generated files/directories of Endpoint Privilege Management for Unix and Linux which overrides the default /opt/pbul directory. |
| -K | Sets the Application Key for client registration. |
| -l | Creates a run host (that is, installs pblocald). |
| -L host | This option with a following word argument specifies the hostname to be used in the logservers in pb.settings. A list of hosts can be specified by repeating the -L argument followed by the host: -L host1 -L host2 |
| -m | Creates a policy server host (that is, installs pbmasterd). |
| -M host | This option with a following word argument specifies the hostame to be used in the acceptmasters and submitmasters in pb.settings. A list of hosts can be specified by repeating the -M argument followed by the host: -M host1 -M host2 |
| -N | Set the Registration Profile name for client registration. |
| -O | Install the Endpoint Privilege Management for Unix and Linux sudo wrapper. This option cannot be combined with other pbinstall options because sudo wrapper should be installed only after the other components are installed and configured. Before installing the sudo wrapper, you must ensure the EPM-UL policy is correctly configured for use with the sudo wrapper. |
| -p prefix | This option with a following word argument specifies an installation prefix for this installation. |
| -P | Sets the port for the primary license server for client registration. |
| -Q | Installs Primary Registry Name Server (infers -S, -W and -X). |
| -r | Creates a submit host; installs client software (pbrun, pbsh, pbksh). |
| -R directory | Specifies a base directory for applicable settings in the generated pb.settings file. Used with -z option only. |
| -s suffix | This option with a following word argument specifies an installation suffix for this installation. |
| -S | Specifies y or n to enable or disable Registry Name Service. |
| -t | Set the temporary directory to be used during installation. When a temporary directory is defined, TMPDIR is overwritten, and the tempfilepath is included in pb.settings. -t /tmp/tempdir |
| -u | Installs Endpoint Privilege Management for Unix and Linux(pbvi, pbless, and so forth). |
| -v | Prints pbinstall version information and exits. |
| -W | Installs Registry Name Server. |
| -y | Specifies license server(s) with one or more -y arguments. The first host specified must be the primary license server. |
| -Y | Installs license server. |
| -x | Creates a log synchronization host (that is, installs pbsyncd). |
| -X | Installs Client Registration Services |
| -z | Creates pb.settings, pb.conf, and (if applicable) pb.key files only. For use when installing Endpoint Privilege Management for Unix and Linux with package installers. Cannot be combined with the -b, -c, -e, -i, -o, -p, -s. -u, -w, or -x options. |
| -Z | Installs File Integrity Policy Services |
Files
Not applicable
Note
For more information, please also see the following:
run_pbinstall
run_pbinstall is a wrapper script for pbinstall that simplifies installation of components, providing a smaller set of options. It is meant to be used for fresh installation where it is acceptable to use default settings.
Syntax
run\_pbinstall \[options\]
-a|b|c \[--L host \[-L host\]...\] \[-M host \[\[-M host\]...\] \[-p prefix\] \[-s suffix\]
Example
/run\_pbinstall -a
Example
run\_pbinstall -a -p adm1 -L lhost1 -L lhost2 -M mhost1
Arguments
| -a | Install all components of . Equivalent to running pbinstall -i -e -mgrlowux . |
| -b | Install server (back-end) components of . It creates a policy server host (installs pbmasterd, log host (pblogd), and log synchronization host (pbsyncd). Equivalent to running pbinstall -i -e -mgowx . |
| -c | Install client components of . It creates a submit host (installs pbrun, pbsh, pbksh), run host (pblocald), and servers utility programs (pbvi, pbless, etc). Equivalent to running pbinstall -i -e -rul. |
| -p prefix | Specify installation prefix. |
| -s suffix | Specify installation suffix. |
| -L hostname | Specify log servers with one or more -L arguments. The hostname is used for logservers in pb.settings. |
| -M hostname | Specify policy servers with one or more -M arguments. The hostname is used for acceptmasters and submitmasters in pb.settings. |
| -h | Prints the usage information for run_pbinstall and exits. |
pbmakeremotetar
pbmakeremotetar makes a clone of a configuration for a binary and configuration-compatible target environment for Endpoint Privilege Management for Unix and Linux.
pbmakeremotetar is a menu-driven, interactive installation script. It enables the superuser installer to install, update, or reconfigure Endpoint Privilege Management for Unix and Linux as required by configuration changes or updates. pbmakeremotetar properly configures (as appropriate) /etc/services, the superdaemon configuration files (/etc/inetd.conf and/or /etc/xinetd.conf), and Endpoint Privilege Management for Unix and Linux for most execution environments.
pbmakeremotetar must be executed where the default directory is the directory in which pbmakeremotetar resides or the parent directory to the directory containing pbmakeremotetar.
An initial screen appears, reminding the user about the function of pbmakeremotetar. A prompt also appears, allowing a SIGINT (CTRL+C) to abort the script.
When the script continues, it determines the switches that are necessary for tar to function as desired. A list of files to transfer to the target system is generated and presented to the user for approval or editing.
When the file list is accepted, a tarball file that contains the selected files is created, with the specified tarfilename and with the additional file type of tar appended. The remote_unpack script is generated. Finally, a tarball file that contains both the first tarball file and the remote_unpack script is generated at the location that is specified by tarfilename.
After the final tarball file is created, it must be made available to the target systems. This can be done in any manner that preserves the security and binary integrity of the tarball file.
An installation work directory should be selected other than /tmp (for the same reasons as with pbinstall). The tarball file should be unpacked with the following commands:
$ cd {installation_directory}
$ tar -xvf {tarfilename_on_local_system}
$ ./remote_unpack
The remote_unpack script unpacks the encapsulated tarball file into the proper locations. The script then prompts you to allow the configuration of the system (/etc/services, superdaemon configuration files). If you allow this configuration, then these configuration files are automatically modified with the appropriate superdaemons instructed to reload their databases. If you decide not to do the configuration at this time, then the name of the script to continue with the configuration is displayed and the script exits.
For policy server target installations, an initial installation (using pbinstall) must be done before a target remote install. Doing so ensures the proper handling of all licensing issues.
Different target system installation (working) directories should be used for different prefix and/or suffix versions of cloned installations.
Encrypted policy files are not scanned for included policy files. You must process the encrypted policy files by restoring the unencrypted ones before running pbmakeremotetar, or by manually moving the encrypted files.
Note
If the settings file is encrypted, then pbmakeremotetar does not work. An unencrypted version of the settings file must be restored before pbmakeremotetar can work. An encrypted policy file is not handled properly.
Note
For details about including encrypted policy files or policy subfiles, see pbmakeremotetar Installation Information.
Syntax
pbmakeremotetar [options] tarfilename
Example
pbmakeremotetar -h
Arguments
| -a | Includes all Endpoint Privilege Management for Unix and Linux installation types. |
| -b | Runs in batch mode (no confirmation prompts). |
| -c | Includes submit host software for target system. |
| -h | Displays this usage text and exits. |
| -l | Includes log host software for target system. |
| -m | Includes policy server software for target system. |
| -p prefix | Sets the Endpoint Privilege Management for Unix and Linux installation prefix. |
| -r | Includes run host software for target system. |
| -s suffix | Sets the Endpoint Privilege Management for Unix and Linux installation suffix. |
| -t | Rebuilds off of a previously generated file name list. |
| -v | Displays the script version and exits. |
| -w dirspec | Specifies the work directory to use when the directory containing pbmakeremotetar is read-only (for example, on a CD). |
| -x | Includes log synchronization host software for target system. |
| -A | Set the Application ID for RNS Client Registration. |
| -K | Set the Application Key for RNS Client Registration. |
| -D | Set the address of the primary server for RNS Client Registration. |
| -P | Set the port for the primary policy server for RNS Client Registration. |
| -N | Set the Registration Profile name for RNS Client Registration. |
| tarfilename | Specifies the name of the tarball file to create (may include the full path). |
Note
Any combination of -c, -g, -l, -r, and -m may be specified if the current installation has those components.
Registry name service (RNS) support
Any new RNS-enabled Endpoint Privilege Management for Unix and Linux installation must register with the RNS primary server to use the RNS features. pbmakeremotetar creates an RNS registration script to be included in the generated tar ball, and is extracted as /opt/pbul/scripts/pbrnscfg.sh by remote_unpack on the target host. remote_unpack also calls pbremoteinstall, which in turn, automatically invokes the RNS registration script. The script displays prompts asking for the necessary registration information (RNS Primary Server’s appid/appkey/address/port#).
pbmakeremotetar also offers the user a choice to save their appid/appkey info to make it available for pbrnscfg.sh. However, this feature is provided only as a convenience. If you want to safeguard the appid/appkey info, decline pbmakeremotetar’s offer and just use the interactive prompt of pbrnscfg.sh when running on the target host.
If you are agreeable to saving the appid/appkey info, pbmakeremotetarcreates the input file which is written to /etc/.pbrnscfg.in on the target host. The RNS registration script automatically looks for this hidden input file, thus skipping the interactive prompts.
Files
Not applicable
Note
For more information, please also see the following:
pbpatchinstall
- [ver 5.1.2 and earlier]: pbpatchinstall not available.
- [ver 5.2 and later]: pbpatchinstall available.
pbpatchinstall enables you to install and uninstall patches for installations that are running Endpoint Privilege Management for Unix and Linux v4 and later.
Note
All Endpoint Privilege Management for Unix and Linux daemons running a process during the patch installation should be stopped before using pbpatchinstall and restarted after using pbpatchinstall.
Only root can run pbpatchinstall. It must be run from the install directory where the Endpoint Privilege Management for Unix and Linux patch was untarred. For example, if you untarred the Endpoint Privilege Management for Unix and Linux patch from the /opt/beyondtrust directory, the patch install directory is then /opt/beyondtrust/powerbroker/v6.0/ pbx86_linuxA-6.0.0-16-sp1/install.
pbpatchinstall should not be moved from this install directory because it is dependent on the included Endpoint Privilege Management for Unix and Linux installer scripts (sy_install_support and pb_install_support) that are located there.
pbpatchinstall allows an Endpoint Privilege Management for Unix and Linux patch to load if the patch release number differs from the Endpoint Privilege Management for Unix and Linux installation release number. However, it does not allow a patch to load if the patch version does not match the Endpoint Privilege Management for Unix and Linux installation major and minor version numbers.
pbpatchinstall does not run on Endpoint Privilege Management for Unix and Linux versions earlier than v4.0 due to binary - version argument limitations. Also, pbpatchinstall does not report the binary version for executable files pbnvi or pbuvqrpg.
To uninstall a patch, go to the install directory where the patch was originally installed and execute pbpatchinstall -u. pbpatchinstall attempts to uninstall the patch version that is defined by the install directory where pbpatchinstall resides.
For example, if you run pbpatchinstall from the /opt/beyondtrust/powerbroker/v5.1/ pbx86_linuxA-5.1.2-03-sp1/install directory, pbpatchinstall attempts to uninstall the Endpoint Privilege Management for Unix and Linux pbx86_linuxA-5.1.2- 03-sp1 patch from that install directory.
If multiple patches are installed and you need to remove one or more of them, they must be removed in the reverse order from the order in which they were added.
Syntax
pbpatchinstall [options]
Example
pbpatchinstall -p test
This creates an Endpoint Privilege Management for Unix and Linux installation using the prefix test.
Arguments
| -a | This option and its required argument explicitly specify which Unix or Linux architecture file to install. If the –a option is used, then the installer compares the expected flavor and the flavor that is specified with the -a option and displays a warning if they do not match. In Endpoint Privilege Management for Unix and Linux v3.2 and earlier, the installation does not cross- check flavors. Beginning with Endpoint Privilege Management for Unix and Linux v3.5, the installation script cross-checks flavors. |
| -f | Forces the installation of the patch without a prompt, regardless of the release number. |
| -h | Displays the usage message and exits. |
| -p prefix | Sets the Endpoint Privilege Management for Unix and Linux installation prefix. |
| -s suffix | Sets the Endpoint Privilege Management for Unix and Linux installation suffix. |
| -u | Uninstalls the Endpoint Privilege Management for Unix and Linux patch installation. |
| -v | Displays the version of pbpatchinstall and exits. |
Note
For more information, see the following:
- On version numbering, Installation considerations.
- run_pbinstall
- pbuninstall
pbcreateaixcfgpkg
- [ver 6.1 and earlier]: pbcreateaixcfgpkg not available.
- [ver 6.2 and later]: pbcreateaixcfgpkg available.
pbcreateaixcfgpkg creates an AIX lpp configuration package for BeyondTrust Endpoint Privilege Management. pbcreateaixcfgpkg is a script that can be run interactively or non-interactively. The script enables a user to build a BeyondTrust Endpoint Privilege Management AIX lpp configuration package, which is loaded along with one or more BeyondTrust Endpoint Privilege Management AIX lpp component packages.
Unlike the Endpoint Privilege Management AIX lpp component packages, which are created and distributed by BeyondTrust, AIX lpp configuration packages are created by the user. First, settings files must be created. This is accomplished by running pbinstall with the -z argument. Settings files are created by default in directory install/settings_files, although the user can specify the directory. The user may optionally put a policy file pb.conf in the settings_files directory to be included in the configuration package. After the settings files have been created, a user runs pbcreateaixcfgpkg from the Endpoint Privilege Management install directory. pbcreateaixcfgpkg accepts the following arguments:
-h Help (this message) and exit.
-l Save (do not delete) package build directory.
-p User-specified lpp package name to be appended to powerbroker.config.
-s Settings files directory location.
-v Print version of pbcreateaixcfgpkg and exit.
If the -p or -s arguments are not supplied on the command line, the pbcreateaixcfgpkg script becomes interactive and prompts the user for input. The -p argument, user-specified package suffix, allows the user to suffix the package name with any name they wish, up to a total of 24 ASCII characters a-z, A-Z, 0-9 (including package base name config), For example, if the user enters Client_Asia, the configuration package is named powerbroker.configClient_Asia. If the length of the package name exceeds 24 characters, an error message is displayed, and the user is again prompted for the configuration package suffix.
The -s argument, settings files directory location, allows the user to specify the directory where the settings files to be included in the configuration package reside. The default value is {pbinstall_directory}/settings_files.
If the user wishes to include other Endpoint Privilege Management installations keyfiles in the configuration package, the user needs to copy the keyfiles to the settings files directory prior to building the configuration package.
If an Endpoint Privilege Management policy server configuration package is to be built, the user can include an existing policy file pb.conf in the settings files directory prior to building the config, the configuration package. If an Endpoint Privilege Management policy server configuration package is to be built, the user can include an existing policy file pb.conf in the settings files directory prior to building the configuration package. If pb.conf is not included, a new pb.conf is created and packaged containing the entry:
reject;
The optional -l argument, save (do not delete) package build directory, allows the user to build the configuration package and not remove the package build directory, which is normally done after the package is built. The created package can be found in the current (install) directory, and will be the package name, for example, powerbroker.configClient_Asia, where the -p argument had been set to Client_Asia.
Note
Upon running pbcreateaixcfgpkg, the script informs the user as to which Endpoint Privilege Management component packages need to be loaded on the target system. The Endpoint Privilege Management configuration package does not load until the required component packages are loaded on the target system. AIX lpp packages are loaded using the installp command.
Syntax
pbcreateaixcfgpkg [options]
Example
pbcreateaixcfgpkg -v
Arguments
| -h | Prints usage message and exits. |
| -l | Saves (does not delete) package build directory. |
| -p suffix | User-specified lpp package name to be appended to powerbroker.config. |
| -s directory | Settings files directory location. |
| -v | Prints version of pbcreateaixcfgpkg and exits. |
Note
For more information, see run_pbinstall.
pbcreatehpuxcfgpkg
- [ver 6.2 and earlier]: pbcreatehpuxcfgpkg not available.
- [ver 6.2.1 and later]: pbcreatehpuxcfgpkg available.
pbcreatehpuxcfgpkg creates an HP-UX configuration depot for BeyondTrust Endpoint Privilege Management. pbcreatehpuxcfgpkg is a script that can be run interactively or non-interactively. The script enables a user to build a BeyondTrust Endpoint Privilege Management HP-UX configuration depot, which is loaded along with one or more BeyondTrust Endpoint Privilege Management HP-UX component filesets.
Unlike the BeyondTrust HP-UX component depot, which is created and distributed by BeyondTrust, HP-UX configuration depots are created by the user. First, settings files must be created by running pbinstall with the -z argument. Settings files are created by default in directory install/settings_files, although the user can specify the directory. The user may optionally put a policy file pb.conf in the settings_files directory to be included in the configuration package. After the settings files have been created, user runs pbcreatehpuxcfgpkg from the Endpoint Privilege Management for Unix and Linux install directory. pbcreatehpuxcfgpkg accepts the following arguments:
-d Set the component fileset dependency to hppaD rather than hppaB (default)
-h Help (this message) and exit.
-l Save (do not delete) depot build directory.
-p User-specified name for the configuration fileset.
-s Settings files directory location.
-v Print version of pbcreatehpuxcfgpkg and exit.
If one or both of the -p and -s arguments are not supplied on the command line, the pbcreatehpuxcfgpkg script becomes interactive and prompts you for input. The -p argument, user-specified fileset name, enables you to specify the configuration fileset name. The name can be between 4 and 15 ASCII characters (inclusive), and can be A-Z, 0-9, and the hyphen (-). The first character cannot be a hyphen. For example, if you specify CLIENT-ASIA, the configuration fileset is named PowerBroker-Cfg[X].CLIENT-ASIA. If the length of the fileset name is more than 15 or less than 4 characters, or if a hyphen is the first character, then an error message is displayed, and you are again prompted for the fileset name.
The -s argument, settings files directory location, enables you to specify the directory that contains the settings files to be included in the configuration package. The default value is <pbinstall_directory>/settings_files.
If you want to include other Endpoint Privilege Management for Unix and Linux installations keyfiles in the configuration depot, you must copy the keyfiles to the settings files directory prior to building the configuration depot.
If an Endpoint Privilege Management for Unix and Linux policy server configuration depot is to be built, you can include an existing policy file pb.conf in the settings files directory prior to building the configuration depot. If pb.conf is not included, a new pb.conf is created and packaged containing the entry:
reject;
The optional -d argument, set component fileset dependency to hppaD rather than hppaB (default), enables you to generate an Endpoint Privilege Management for Unix and Linux configuration depot that can be used for either hppaD or ia64A systems. If you do not use this option, then pbcreatehpuxcfgpkg creates a configuration depot that can be used for either hppaB or ia64A systems.
Note
If you create configuration depots for different flavors, use the -p argument to specify different fileset names for each flavor.
The optional -l argument, save (do not delete) depot build directory, enables you to build the configuration depot and not remove the depot build directory, which is normally removed after the depot is built. The created depot can be found in the current (install) directory, and is the depot name. For example, PowerBroker-Cfg[X]-version.CLIENT-ASIA.depot, where the -p argument had been set to CLIENT-ASIA.
Upon running pbcreatehpuxcfgpkg, note that the script informs you as to which Endpoint Privilege Management for Unix and Linux component filesets need to be installed on the target system. The Endpoint Privilege Management for Unix and Linux configuration package installs the required component filesets if they are not already installed, provided they have been copied into the appropriate SD depot. HP-UX depots are copied into the desired SD depot using the swcopy command and are installed using the swinstall command.
Syntax
pbcreatehpuxcfgpkg [options]
Example
pbcreatehpuxcfgpkg -h
Arguments
| -d | Generates a configuration depot that has, as its dependencies, component filesets for hppaD (these component filesets can also be used on ia64A systems). Without this argument, pbcreatehpuxcfgpkg generates a configuration depot that has, as its dependencies, component filesets for hppaB (which also can be used on ia64A systems). |
| -h | Prints usage message and exits. |
| -l | Saves (does not delete) package build directory. |
| -p depot _fileset_name | User-specified name for the configuration fileset. The resulting fileset is PowerBroker-Cfg[X].depot-fileset-name. The value of depot-fileset-name can be between 4 and 15 characters (inclusive), and allowed characters are A-Z, 0-9, and the hyphen (-); the first character cannot be a hyphen. |
| -s settings_files_directory _location | Settings files directory location. |
| -v | Prints version of pbcreatehpuxcfgpkg and exits. |
Note
For more information, see run_pbinstall.
pbcreatelincfgpkg
- [ver 5.2 and earlier]: pbcreatelincfgpkg not available.
- [ver 6.0 and later]: pbcreatelincfgpkg available.
pbcreatelincfgpkg creates a Linux RPM installation package for Endpoint Privilege Management for Unix and Linux configuration and settings files. Installing this package after the required Endpoint Privilege Management for Unix and Linux component packages completes the Endpoint Privilege Management for Unix and Linux package installation.
If the -p option or -s option is not specified, then you are prompted to supply these values.
The output from pbcreatelincfgpkg indicates which Endpoint Privilege Management for Unix and Linux component packages must be installed before the Endpoint Privilege Management for Unix and Linux configuration package.
After you create the configuration package with pbcreatelincfgpkg, you install the required component packages, then install the configuration package.
Syntax
pbcreatelincfgpkg [options]
Example
pbcreatelincfgpkg -p SBM -sopt/beyondtrust/powerbroker/v6.0/ pbx86_linuxB-6.0.0-09/install/settings_filesThis uses the Endpoint Privilege Management for Unix and Linux settings and configuration files that are located in /opt/beyondtrust/powerbroker/v6.0/pbx86_linuxB-6.0.0-09/ install/settings_files and creates an RPM file (powerbroker-configSBM-6.0.0-09-1- noarch.rpm) in the current directory.
Arguments
| -h | Displays the usage message and exits. |
| -p package_suffix | Specifies a suffix of up to 18 characters to append to the configuration package name. |
| -s directory | Specifies the directory that contains the Endpoint Privilege Management for Unix and Linux settings and configuration files to include in the package. The default value is ./settings_files. |
| -v | Displays the version of pbcreatelincfgpkg and exits. |
pbcreatesolcfgpkg
- [ver 5.2 and earlier]: pbcreatesolcfgpkg not available.
- [ver 6.0 and later]: pbcreatesolcfgpkg available.
pbcreatesolcfgpkg creates a Solaris installation package and corresponding package administration file for Endpoint Privilege Management for Unix and Linux configuration and settings files. Installing this package after the required Endpoint Privilege Management for Unix and Linux component packages completes the Endpoint Privilege Management for Unix and Linux package installation.
If the -p option or -s option is not specified, then you are prompted to supply these values.
The output from pbcreatesolcfgpkg indicates which Endpoint Privilege Management for Unix and Linux component packages must be installed before the Endpoint Privilege Management for Unix and Linux configuration package.
After you create the configuration package with pbcreatesolcfgpkg, you install the required component packages, then install the configuration package.
Syntax
pbcreatesolcfgpkg [options]
Example
pbcreatesolcfgpkg -p SBM -s /opt/beyondtrust/powerbroker/v6.0/ pbsparc_solarisC-6.0.0-09/install/settings_filesThis example uses the Endpoint Privilege Management for Unix and Linux settings and configuration files that are located in /opt/beyondtrust/powerbroker/v6.0/pbsparc_solarisC-6.0.0-09/install/settings_ files and creates a datastream file (SYPBcfSBM.ds) and package admin file (SYPBcfSBM) in the current directory.
Arguments
| -h | Displays the usage message and exits. |
| -l | Saves (does not delete) the spooled package directory, from which the package datastream (.ds) file is created. The spooled package directory is normally deleted after the datastream file is created. Saving the spooled package directory can help BeyondTrust Technical Support to diagnose installation problems. |
| -p package_suffix | Specifies a suffix to append to the file names of the Endpoint Privilege Management for Unix and Linux configuration package file and package admin file. This suffix can be up to 26 characters in length (3 characters for unpatched Solaris 8). |
| -s directory | Specifies the directory that contains the Endpoint Privilege Management for Unix and Linux settings and configuration files to include in the package. The default value is ./settings_files. |
| -v | Displays the version of pbcreatesolcfgpkg and exits. |
pblighttpd
The pblighttpd_svc.sh script is packaged in the distribution tar under /powerbroker//pbul_*/bin.
When the REST service is installed and configured to continuously run in the background, the script is installed. It is required when at least one EPM-UL server component is present. If the installation is an EPM-UL client-only installation, it is configured to be managed by the superserver daemon, and there is no need for this script to be present.
By default, pbinstall places the script in $inst_admindir and is set to /usr/sbin. However, the location can be changed in the installation menu with the option Where do you want the administrator programs installed?.
The script is removed by pbuninstall from $inst_admindir.
This script should be installed with each server/client component package. Below are commands for each package type.
AIX
/usr/bin/startsrc -s ${prefix}pblighttpd${suffix}
/usr/bin/stopsrc -s ${prefix}pblighttpd${suffix}
Darwin
/bin/launchctl load "/Library/LaunchDaemons/com.beyondtrust.${prefix}pblighttpd${suffix}.plist"
/bin/launchctl unload "/Library/LaunchDaemons/com.beyondtrust.${prefix}pblighttpd${suffix}.plist"
Solaris
/usr/sbin/svcadm enable ${prefix}pblighttpd${suffix}
/usr/sbin/svcadm disable ${prefix}pblighttpd${suffix}
/etc/init.d/${prefix}pblighttpd${suffix} start
/etc/init.d/${prefix}pblighttpd${suffix} stopt
HP
/sbin/init.d/${prefix}pblighttpd${suffix} start
/sbin/init.d/${prefix}pblighttpd${suffix} stop
Linux
/bin/systemctl start ${prefix}pblighttpd${suffix}.service
/bin/systemctl stop ${prefix}pblighttpd${suffix}.service
/usr/sbin/service ${prefix}pblighttpd${suffix} start
/usr/sbin/service ${prefix}pblighttpd${suffix} stop
*: /etc/init.d/${prefix}pblighttpd${suffix} start
/etc/init.d/${prefix}pblighttpd${suffix} stop
pbuninstall
pbuninstall is a menu-driven, interactive script that is used to uninstall Endpoint Privilege Management for Unix and Linux. pbuninstall properly configures (as appropriate) /etc/services and the superdaemon configuration files (/etc/inetd.conf and/or /etc/xinetd.conf) for the removal of Endpoint Privilege Management for Unix and Linux from most execution environments.
pbuninstall must be executed where the default directory is the directory in which pbuninstall resides, or the parent directory to the directory containing pbuninstall.
When pbuninstall is executed, you are presented with a reminder of the script’s function and prompted: Hit return to continue. Using CTRL+C at this time stops the execution of the script.
Note
pbuninstall removes only those installations that are explicitly named on the command line. It must be run separately for each prefixed and suffixed installation.
During execution, the script identifies files to move to $TMPDIR (log, policy, and configuration files), copies them to $TMPDIR (typically /tmp) and removes them from their original location. Files to be removed are removed.
/etc/services and the superdaemon configuration files have the appropriate Endpoint Privilege Management for Unix and Linux configuration lines removed. The appropriate superdaemon processes are requested to reload their configuration files.
Syntax
pbuninstall [options]
Note
For a pbuninstall execution example, see Example of a pbuninstall Execution.
Arguments
| -a | Explicitly sets the computer architecture. |
| -A appid | Allow the cleanup of RNS on the policy server. |
| -b | Runs in batch mode (no confirmation prompts). |
| -K appkey | |
| -h | Displays the usage message and exits. |
| -O | Uninstall sudo wrapper and leave other Endpoint Privilege Management for Unix and Linux installed components intact. If uninstalling Endpoint Privilege Management for Unix and Linux, pbuninstall automatically uninstalls sudo wrapper. |
| -p prefix | Sets the Endpoint Privilege Management for Unix and Linux installation prefix. |
| -s suffix | Sets the Endpoint Privilege Management for Unix and Linux installation suffix. |
Files
Not applicable
Note
For more information, see the following:
Updated 5 days ago