Package installer | EPM-UL

The following sections detail how to install the server-side components of Endpoint Privilege Management for Unix and Linux (EPM-UL) on Solaris, Linux, and AIX using the system native package installer.

EPM-UL includes separate component packages for each log server, run host, policy server, etc.

Starting with v9.0, the shared library component package and the REST API component package need to be installed prior to installation of policy server, run host, submit host and log server.

Solaris package installer

This section describes how to install EPM-UL using a package installer for Solaris on an x86 or SPARC computer. Use the Solaris package installer if you want to do any of the following:

• Install EPM-UL using the Solaris Package Manager.
• Make the EPM-UL installation packages available on a JumpStart server to automate the installation of Solaris computers.

The Solaris package installer described here is not compatible with the Endpoint Privilege Management v5.x packages. Remove the v5.x packages before installing the Solaris package.

Prerequisites

• Package tarball file for the appropriate EPM-UL flavor

ℹ️

For the Solaris package installer, the tarball files are cumulative. That is, an update tarball file contains a complete EPM-UL installation. It is not necessary to install a baseline version before installing an update.

• Root access or superuser privileges

ℹ️

The Solaris package installer does not support prefix or suffix installations.

Plan your installation

When preparing to use the Solaris package installer, you should be familiar with the following concepts and restrictions:

• Component packages: an EPM-UL component package is a Solaris datastream (.ds) file that installs a portion of the EPM-UL application.

  The component packages are:

  • BTPBlibs.ds: Contains the shared libraries.
  • BTPBrest.ds: Contains the REST API files.
  • BTPBsbmh.ds: Contains the submit host and EPM-UL shells.
  • BTPBrunh.ds: Contains the run host and EPM-UL utilities.

  Which component packages are required depends on the type of EPM-UL host you create, such as submit host or run host. You can select the types of hosts in the pbinstall installation menu, as shown in the following table.

• Configuration package: Solaris installation package that is used to install the following files:

  • pb.settings: Hardcoded target location /etc/pb.settings
  • pb.cfg: Hardcoded target location /etc/pb.cfg
  • All the encryption keyfiles defined for networkencryption, eventlogencryption, iologencryption, reportencryption, policyencryption, and restkeyencryption
  • By default, two key files are created: pb.key and pb.rest.key
  • The sysadmin can define multiple encryption with different keyfiles in locations other than /etc. To upgrade and retain settings on the target machine, view all encryption settings in /etc/pb.settings and copy the files to the settings_files directory before running "pbinstall -z" and pbcreate*cfgpkg
  • Man pages for the pbinstall and pbcreatesolcfgpkg programs

  The configuration package is created by the pbcreatesolcfgpkg program. The component packages must be installed before you install the configuration package.

• Response file: pbcreatesolcfgpkg may also create a corresponding response file. The response file contains select information provided to pbinstall to customize objects contained within the prebuilt component package. For example, it ensures correct ownership of pblighttpd files. This file is created in the component package directory, /unzip-dir/powerbroker/<version>/<flavor>/package if it is accessible. If it is not, it is created in the current directory in the same location where the component package is created. Its name contains the same prefix supplied to pbcreatesolcfgpkg.

• Package name: Name of the installation package stored in the Solaris package manager database. For EPM-UL package installations, this name is the same as the package file name without the .ds extension.

• Package administration file: Contains alternative settings that control how Solaris packages are installed.

• Relocated base directory: The directory where the EPM-UL binary files and log files are installed. You can choose an alternative directory in which to install these files.

• pbinstall program: To create the EPM-UL settings files, you use the pbinstall program with the -z (settings only) option. pbinstall -z only creates the settings files and is incompatible with the following command line options:

  Options Incompatible with pbinstall -z	Description
  -b	Runs pbinstall in batch mode.
  -c	Skip the steps that process or update the EPM-UL settings file.
  -e	Runs install script automatically by bypassing the menu step of pbinstall.
  -i	Ignores previous pb.settings and pb.cfg files.
  -p	Sets the pb installation prefix.
  -s	Sets the pb installation suffix.
  -u	Install the utility programs.
  -x	Creates a log synchronization host (that is, installs pbsyncd).

When you execute pbinstall with the -z option, you can see two menu items that are not otherwise available:

• Enter existing pb.settings path: Enables you to set your pb.settings file. pbinstall reads this settings file and populates the remaining menu choices. You can override some menu choices. If set to none, then pbinstall does not read a settings file. The remaining menu choices are populated with default values.

• Enter directory path for settings file creation: Set an alternative output directory for the settings files. The default directory is /unzip-dir/powerbroker/<version>/<flavor>/install/settings_files, where unzip-dir is the directory where the package tarball file was unzipped.

  The behavior of pbinstall -z depends on whether certain additional command line options are specified:

  • If no other command line options are set, pbinstall initially presents a short version of the installation menu (items 1–8 only). Depending on your choices, further menu items become available.
  • If command line options -l or -r are set, pbinstall presents an expanded version of the installation menu that reflects the host types you are configuring.

  When running pbinstall with the -z option, the following menu items are preprogrammed and cannot be changed:

  • Install man pages?
  • Daemon location
  • Administration programs location
  • User programs location
  • User man page location
  • Admin man page location
  • BeyondTrust built-in third-party library directory

In addition, the values of the following menu items determine the values of other menu items:

If you plan to use Registry Name Service and are running pbinstall -z on a client host (non-primary server), you must perform client registration. This is necessary to properly set up the registry name service database. Client registration also requires that you collect the following information from the EPM-UL primary server:

• REST Application ID

• REST Application Key

• Primary server network name or IP address

• Primary License Server REST TCP/IP port

• Registration Client Profile name

• Registering client with Primary RNS: If Registry Name Services is enabled for EPM-UL, each client host (after the first server installation) needs to be registered with the Primary Registry Name Server. When using package installers on a target host, a post-install configuration script (/opt/pbul/scripts/pbrnscfg.sh) is provided to be manually executed on that host to properly register it. This post-install configuration script will ask for information about the Primary Registry Name Server, including the Application ID (appid), Application Key (appkey), address/domain name, and the REST TCP/IP port number. This is the same information provided during the client registration part of a pbinstall -z install which generates the settings file.

  If you prefer a more convenient method of registering RNS clients where the post-install configuration script is non-interactive, EPM-UL can save the relevant information in a hidden file during the settings-only run of pbinstall, bundle it with the configuration package, and automatically apply it to the target host when that package is installed. However, understand that this is not secure, but is available if the security-convenience trade-off is acceptable. To enable this, refer to the question regarding post-install configuration script displayed when running pbinstall -z.

ℹ️

For more information, see the following:

• Relocate the base directory
• If you use the package installer to install EPM-UL on a computer that already has an interactive EPM-UL installation on it, see Interactive versus packaged installation for additional considerations
• For complete pbinstall command-line options, see Installation Programs

Choose a package administration file

We recommend using the package administration files provided by BeyondTrust (BTPBadmin and BTPBadmin). The files are configured to eliminate interactive prompts during package installation.

To use the Solaris default package administration file or other package administration file, you may be required to respond to prompts to install the packages.

ℹ️

When installing a package using custom JumpStart, the installation process is required to be noninteractive.

Use EPM-UL packages on Solaris zones

The EPM-UL Solaris package installer supports Solaris Zones in Solaris release 10. The primary operating system instance is referred to as the global zone. All zones that are not the global zone are referred to as non-global zones.

ℹ️

Solaris release 10 is required. The use of Solaris Zones is not supported on earlier releases. There are three types of zones:

• Sparse root: A sparse zone is the default zone configuration and is configurable. It shares the read-only global zone’s /usr /lib /platform and /sbin partitions.
• Whole root: A whole root zone does not share global zone partitions, which increases configuration flexibility.
• Branded: A branded zone allows virtualization of Solaris 8, 9, or Linux and shares no partitions from the global zone. Branded zones are available as of Solaris 10 release 08/07 update 4.

ℹ️

EPM-UL Solaris Packages do not JumpStart to non-global zones. Using Custom JumpStart to install packages on Solaris 10 Zoned systems results in errors as the zones are not running during JumpStart execution.

Installing EPM-UL Solaris Packages on Zones is similar to installing these packages on Solaris systems without zones. However, keep the following considerations in mind:

• Solaris packages are designed to be installed from the global zone. Packages are propagated to the sparse and whole root zones upon global zone pkgadd and upon zone creation.
• Solaris packages are designed to be uninstalled from the global zone. Packages are removed from sparse and whole root zones upon the global zone pkgrm.
• Solaris packages can be installed in the global zone only, by using the pkgadd -G command. Solaris packages cannot be installed in sparse zones (with read-only partitions) and should instead be installed in the global zone. Although Solaris packages could be installed into a whole-root zone, the packages are designed to be installed from the global zone. Packages installed on a whole-root zone are subject to overwriting by packages installed in the global zone.
• As Solaris branded zones are fully contained instances of Solaris 8 or 9, EPM-UL packages should be installed as with non-zoned Solaris instances. Loading packages to the global zone does not update a branded zone. EPM-UL Solaris packages for Solaris branded zones running Linux are not supported.
• The Solaris configuration package must be removed before removing any EPM-UL component packages and must be removed individually. EPM-UL Solaris component packages may be removed simultaneously.

Overview of steps

Using the Solaris package installer involves the following steps:

1. Unpack the EPM-UL package tarball file.
2. Use the pbinstall program to create EPM-UL settings files.
3. Use the pbcreatesolcfgpkg program to create the EPM-UL configuration package along with a corresponding response file used for additional customization.
4. Perform a package installation using the Solaris pkgadd command for any required components.
5. Perform a package installation using the Solaris pkgadd command for the EEPM-UL configuration package.
6. If Registry Name Service is enabled and installed on a non-primary server, run /opt/pbul/scripts/pbrnscfg.sh to register the host.

ℹ️

For more detail on the steps above, see Installation Process.

Installation procedure

ℹ️

Before installing Solaris packages, if the directories where files are installed, /usr/local, /usr/bin etc., are symbolic links to other directories, then set the environment variable PKG_NONABI_SYMLINKS to true:

# PKG_NONABI_SYMLINKS=true
# export PKG_NONABI_SYMLINKS

This prevents the symbolic links from being removed by the pkgadd command on Solaris.

To install EPM-UL using the Solaris Package Manager, do the following:

1. Extract the package tarball files into the /opt/beyondtrust/ directory by executing the following command:

   gunzip -c pmul<flavor_version>_pkg.tar.Z | tar xvf -
   

2. Navigate to the /opt/beyondtrust/powerbroker/<version>/<flavor>/install/ directory.

3. Execute the following command:

   ./pbinstall -z
   

   You can include other options with the -z option. Use the -R option to set an alternate base directory for installing the component packages.

   You are asked if you want to use client registration. If you plan to enable Registry Name Service, and are installing on a host that is not designated as a primary server, you must run client registration.

   pbinstall then asks if you want to enable Registry Name Service.

   pbinstall displays the EPM-UL installation menu.

4. Make your menu selections.

   When the menu selection process is complete, pbinstall creates the following files in the specified location:

   • pb.settings
   • pb.cfg
   • pb.key (if encryption is enabled)
   • pb.conf (for Policy Server host)
   • pbpolicykey.pem and pbpolicypubcert.pem (for Policy Server hosts with Cached Policy feature enabled)

ℹ️

The Enter existing pb.settings path menu option enables you to set your own pb.settings file to use. Also, the Enter directory path for settings file creation menu option enables you to set where to save the generated settings files. These menu options are available only when running pbinstall with the -z option.

5. Optional. For an EPM-UL client, replace the generated pb.key file with the pb.key file from the policy server host to encrypt client-server communications. Also, copy any other required key files into the same directory.

6. Optional. For a policy server host, write a policy file (pb.conf) and place it in the directory with the other generated files. If you do not provide a pb.conf file, a pb.conf file with the single command reject; is generated and packaged.

   Starting with v8.0, pbinstall -z can optionally install the default role-based policies and asks:

   Installing default role-based policy pbul_policy.conf and pbul_functions.conf in <install_dir>/settings_files
   Would you like to use the default role-based policy in the configuration package?
   

   • Answer Yes for new installs only.
   • If you are upgrading an existing configuration package, to avoid overwriting your existing policy, answer No.

     Use the default role-based policy [Y]?
     

   • If you answer Yes, the default pb.conf, pbul_policy.conf and pbul_functions.conf are created and installed on the policy server.
   • If you are installing over an existing installation, and have an existing policy in place, answer No.

7. Navigate to the /opt/beyondtrust/powerbroker/<version>/<flavor>/install/ directory.

8. Run the pbcreatesolcfgpkg utility by typing:

   pbcreatesolcfgpkg -p suffix -s directory
   

   • suffix is appended to the filenames of the configuration package datastream file and the package administration file; length can be up to 26 characters (3 characters for unpatched Solaris 8).
   • directory contains the EPM-UL settings and configuration files to include in the package.

   The pbcreatesolcfgpkg utility creates the following files:

   • Configuration package file BTPBcf.ds
   • Package administration file BTPBadmin
   • Response file BTPB.resp

9. Navigate to the /opt/beyondtrust/powerbroker/<version>/<flavor>/package/ directory.

10. Optional. To install EPM-UL in an alternative base directory, edit the provided BTPBadmin file and change the basedir=default entry as follows:

    basedir=target_base_directory
    

    target_base_directory is the absolute path of the target base directory.

11. For each required component package, run the Solaris pkgadd utility to install the component package by typing:

    pkgadd -a BTPBadmin -r response-file  -d pkg-datastream-file pkg-name
    

    pkg-datastream-file is the name of the component package datastream (.ds) file. response-file is the location and name of the response file, if generated, and pkg-name is the name of the package. For EPM-UL packages, the package name is the same as the datastream file name without the .ds extension.

✅

Example

pkgadd -a BTPBadmin -r ./BTPB<suffix>.resp -d BTPBrunh.ds BTPBrunh

If no response file is generated (not applicable):

pkgadd -a BTPBadmin -d BTPBrunh.ds BTPBrunh

12. Run the Solaris pkgadd utility to install the EPM-UL configuration package by typing:

    pkgadd -a BTPBadmin<suffix> -d BTPBcf<suffix>.ds BTPBcf<suffix>
    

    <suffix> is the suffix specified when the EPM-UL configuration package is created in step 8.

13. Verify the installation of the packages with the Solaris pkginfo utility by typing:

    pkginfo | grep BTPB
    

14. If Registry Name Service is enabled and installed on a non-primary server, register the host with the Primary Registry Name Server using a post-install configuration script. Gather the Application ID, Application Key, network name or IP address, and REST TCP/IP port of the primary server, then run the script to register the host and follow the prompts:

    /opt/pbul/scripts/pbrnscfg.sh
    

ℹ️

If you install EPM-UL using a custom JumpStart session, the EPM-UL configuration package should be added or removed only once per session to avoid installing conflicting rc scripts.

ℹ️

For more information, see the following:

• For other options you can use with the pbinstall -z option, Plan your installation
• pblighttpd
• pbcreatesolcfgpkg

Remove EPM-UL packages

Removing the packages completely uninstalls EPM-UL from a computer.

To remove the packages:

1. Navigate to the /opt/beyondtrust/powerbroker/<version>/<flavor>/install/ directory.

2. Remove the EPM-UL packages by typing:

   pkgrm -na ./BTPBadmin config-package-name component-package-1 ... component-package-n
   

   • BTPBadmin is the package administration file that is supplied by BeyondTrust. You can set a different package administration file, or leave out the -a option to use the default package administration file. The BTPBadmin package administration file is designed to make the package installation and removal processes run noninteractively.
   • config-package-name is the name of the package specified when the configuration package is installed. Because of the dependency relationship between the configuration package and the component packages, this package name must come first in the list.
   • component-package-1 through component-package-n are the names of the packages specified when the component packages are installed.

Relocate the base directory

The Solaris package management system enables you set an alternative base directory for package installation. With this feature, set a directory to install the binary files and log files. Certain files, such as pb.settings, pb.cfg, and key files, must be located in the /etc directory for EPM-UL to run. These files are not relocatable.

To relocate the base directory from the default / (root) directory:

1. On the target machine, create the target base directory if it does not already exist.

2. When you run pbinstall, use the -R option and set the new base directory.

3. Before installing the EPM-UL component packages, edit the provided BTPBadmin package administration file and change the basedir entry to refer to the new base directory.

   Change the basedir=default entry as follows:

   basedir=target_base_directory
   

   target_base_directory is the absolute path of the target base directory.

4. When you install the component packages, execute pkgadd with the -a option and use the BTPBadmin package administration file.

   For each required component package, run the Solaris pkgadd utility to install the component package by typing:

   pkgadd -a BTPBadmin -r response-file  -d pkg-datastream-file pkg-name
   

   pkg-datastream-file is the name of the component package datastream (.ds) file. response-file is the location and name of the response file, if generated, and pkg-name is the name of the package. For EPM-UL packages, the package name is the same as the datastream file name without the .ds extension.

✅

Example

pkgadd -a BTPBadmin -r ./BTPB<suffix>.resp -d BTPBrunh.ds BTPBrunh

If no response file is generated (not applicable):

pkgadd -a BTPBadmin -d BTPBrunh.ds BTPBrunh

Update EPM-UL with the Solaris package Installer

The Solaris package installer can be used to update an existing installation to a new version. The existing version should have been installed with the EPM-UL package installer.

ℹ️

It is possible to use the Solaris package installer to install EPM-UL over an existing version that was installed with pbinstall. However, doing so is not recommended because it can result in unused files from the existing version remaining in the file system.

Package update considerations

Installing an update with the Solaris package installer is similar to using the Solaris package installer to install EPM-UL for the first time. Keep these considerations in mind when you prepare to update EPM-UL:

• Technically, the Solaris packages are update packages, as opposed to upgrade packages. An update package overwrites the existing files before registering the new version number in the Solaris Package Manager database.
• A Solaris update package contains a complete EPM-UL installation, not just the files that have changed since the previous release.
• The Solaris update packages are compatible with JumpStart.
• If you have more than one EPM-UL package on a computer, update all packages on that computer.
• A newer release can introduce features that use new settings or configurations. An upgrade of the configuration package of EPM-UL is also needed.
• Unlike EPM-UL patches that are installed with pbpatchinstall, update packages cannot be rolled back to a previous release. However, you can install an older package over a newer one, effectively rolling back to the older release.

Package update procedure

Follow this procedure to update your installation of EPM-UL using the Solaris package installer:

1. Obtain the tarball file for the Solaris update packages that are appropriate for your hardware. The tarball file name has the format pmul<flavor>-v.v.r-b-pn_pkg.tar.Z, where:
   • indicates the operating system and hardware architecture.
   • v.v.r is the major and minor version number and the release number.
   • b is the build number.
   • n is the update number.
2. Extract the package tarball files into the /unzip-dir/ directory of the computer that you are updating by executing the following command:

   gunzip -c pmul<flavor_version>_pkg.tar.Z | tar xvf -
   

3. Navigate to the /unzip-dir/powerbroker/<version>/<flavor>/install/ directory.
4. Create the settings_files directory and change directory to that location.
5. To retain or correctly update the settings of the current installation, copy the following files from the target installation host into the settings_files directory you created in step 4:
   • /etc/pb.settings
   • /etc/pb.cfg
   • encryption keys defined in pb.settings for networkencryption, eventlogencryption, iologencryption, reportencryption, policyencryption, and restkeyencryption settings (if enabled)

ℹ️

In a default installation, there are typically 2 key files created: pb.key and pb.rest.key.

• policy file defined in policyfile setting in pb.settings (if the target installation is a Policy Server)

ℹ️

In a default installation, the policy file is located in /opt/pbul/policies/pb.conf.

6. Execute the following command and verify the installation settings:

./pbinstall -z

7. Create the upgrade configuration package by running the pbcreatesolcfgpkg utility:

pbcreatesolcfgpkg -p suffix

Use the current suffix of the installation to be upgraded. Use the suffix you provided in the initial package installation in step 8 of the Installation procedure.

Another way to find the suffix is to run the following command on the target installation host to get the list of packages installed:

pkginfo -x | grep BTPB

Identify the suffix of the EPM-UL configuration package using this format:

BTPBcf<suffix>

8. Navigate to the /unzip-dir/powerbroker/<version>/<flavor>/package/ directory.

9. Optional. To install EPM-UL in an alternative base directory, edit the provided BTPBadmin file and change the basedir=default entry as follows:

   basedir=target_base_directory
   

   target_base_directory is the absolute path of the target base directory.

10. For each required component package, run the Solaris pkgadd utility to install the component package by typing:

    pkgadd -a BTPBadmin -r response-file -d pkg-datastream-file pkg-name
    

    pkg-datastream-file is the name of the component package datastream (.ds) file. response-file is the location and name of the response file, if generated, and pkg-name is the name of the package. For EPM-UL packages, the package name is the same as the datastream file name without the .ds extension.

✅

Example

pkgadd -a BTPBadmin -r ./BTPB<suffix>.resp -d BTPBrunh.ds BTPBrunh

If no response file is generated (not applicable):

pkgadd -a BTPBadmin -d BTPBrunh.ds BTPBrunh

11. Navigate to the /unzip-dir/powerbroker/<version>/<flavor>/install/ directory.

12. Run the Solaris pkgadd utility to install the EPM-UL configuration package by typing:

    pkgadd -a BTPBadmin<suffix> -d BTPBcf<suffix>.ds BTPBcf<suffix>
    

    <suffix> is the suffix specified when the EPM-UL configuration package is created in step 7.

13. Verify the installation of the packages with the Solaris pkginfo utility by typing:

    pkginfo -x | grep BTPB
    

Upgrade the configuration package

When upgrading the configuration package (cfg pkg), some settings that are part of the package might need settings and configuration files copied from the existing installation to the staging host.

Files included in the cfg package:

• pb.settings: Hardcoded target location /etc/pb.settings.

• pb.cfg: Hardcoded target location /etc/pb.cfg.

• All the encryption key files defined for networkencryption, eventlogencryption, iologencryption, reportencryption, policyencryption, and restkeyencryption. By default, two key files are typically created:

  • pb.key
  • pb.rest.key

  The sysadmin can define encryption with different key files in locations other than /etc. Therefore, when upgrading, and to retain what is installed on the target machine, look at all the encryption settings in /etc/pb.settings. Copy the settings to the settings_files directory before running pbinstall -z and pbcreate*cfgpkg.

• Policy file if the target is a policy server.

Sample execution for the Solaris package installer

The sample execution shows the installation of an EPM-UL submit host, run host, and shared libraries using the Solaris package installer.

This sample execution is divided into the following parts:

• Generate the EPM-UL settings files.
• Create the EPM-UL configuration package using the pbcreatesolcfgpkg program.
• Install the component packages using the pkgadd command.
• Install the configuration package using the pkgadd command.

Generate the EPM-UL settings files

This section of the execution shows the generation of the settings files (pb.key, pb.cfg, and pb.settings) and also displays the installation menu. This output was generated using the pbinstall program with the options: -z, -l, and -r.

✅

Example

# ./pbinstall -z -lr  
Starting pbinstall main() from /opt/beyondtrust/powerbroker/v25.1/pmul_solaris10-11.sparc_25.1.6-11/install/.
solaris10-11.sparc

IMPORTANT NOTE: You can only install Privilege Management for Unix & Linux client on this operating system.
 
WARNING: 
When creating configuration packages to be installed on Solaris Zones, care 
must be taken to set log file directories to Zone-writable partitions. 
The default Solaris sparse zone has the following read-only and/or shared 
partitions, although configuration can vary: 

        /usr /lib /platform /sbin

The Privilege Management for Unix & Linux log file default directory for Solaris Zones is '/var/adm'. 
 
Privilege Management for Unix & Linux Settings File Generation
 
Please read the Privilege Management for Unix & Linux Installation Instructions before proceeding.

Checking MANIFEST against release directory
Press return to continue 

The Registry Name Service of Privilege Management for Unix & Linux
facilitates location of other services within the 
Privilege Management for Unix & Linux enterprise with 
the aid of a centralized data repository.

IMPORTANT: Client Registration is required if this is not the Primary Server and you intend to use Registry Name Services.
Do you wish to utilize Registry Name Service? [no]? 


            BeyondTrust Privilege Management for Unix & Linux Installation Menu
Opt  Description                                [Value]
  1  Install Everything Here (Demo Mode)?       [no]
  2  Enter existing 'pb.settings' path          [none]
  3  Enter directory path for settings file ... [/opt/beyondtrust/powerbrok...]
 10  Install Run Host?                          [yes]
 11  Install Submit Host?                       [yes]
 13  Install PBSSH                              [yes]
 20  Install REST Services?                     [yes]
 24  Installation base directory?               [/opt/pbul]
 25  Database directory?                        [/opt/pbul/dbs]
 26  Path to Password Safe 'pkrun' binary       []
 31  Install Utilities: pbvi, pbnvi, pbmg, p... [yes]
 32  Install pbksh?                             [yes]
 33  Install pbsh?                              [yes]
 34  Install man pages?                         [yes]
 35  Will this host use a Log Host?             [yes]
 36  AD Bridge Integration?                     [no]
 59  Daemons location                           [/usr/sbin]
 60  Number of reserved spaces for submit pr... [not-supported]
 62  User programs location                     [/usr/local/bin]
 65  User man page location                     [/usr/local/man/man1]
 66  Admin man page location                    [/usr/local/man/man8]
 74  REST Service installation directory?       [/usr/lib/beyondtrust/pb/rest]
 75  Install REST API sample code?              [no]
 77  Pblighttpd user                            [pblight]
 78  Create Pblighttpd user?                    [yes]
 79  Pblighttpd user UID                        []
 80  Pblighttpd user GID                        []
 81  Pblighttpd user group name                 [pblight]
 83  Configure target system's SuperDaemon?     [yes]
 85  Policy Server Delay                        [500]
 86  Policy Server Protocol Timeout             [-1]
 93  List of Policy Servers to submit to        [server-01.mycompany.net]
 94  pbrun diagnostic log?                      [none]
 95  pbssh diagnostic log?                      [none]
 96  Allow Local Mode?                          [yes]
 97  Additional secured task checks?            [no]
 98  Suppress Policy Server host failover er... [yes]
 99  List of Policy Servers to accept from      [server-01.mycompany.net]
100  pblocald diagnostic log                    [/var/adm/pblocald.log]
101  Command line options for pblocald          []
102  Syslog pblocald sessions?                  [no]
103  Record PTY sessions in utmp/utmpx?         [yes]
104  Validate Policy Server Host Connections?   [no]
105  List of Log Hosts                          [server-01.mycompany.net]
107  Log Host Delay                             [500]
108  Log Host Protocol Timeout                  [-1]
110  List of log reserved filesystems           [none]
117  Add installed shells to /etc/shells        [no]
118  pbksh diagnostic file                      [/var/adm/pbksh.log]
119  pbsh diagnostic file                       [/var/adm/pbsh.log]
120  Stand-alone pblocald command               [none]
121  Stand-alone root shell default iolog       [/pbshell.iolog]
122  Use syslog?                                [yes]
123  Syslog facility to use?                    [LOG_AUTH]
124  Base Daemon port number                    [24345]
125  pbmasterd port number                      [24345]
126  pblocald port number                       [24346]
127  pblogd port number                         [24347]
129  REST Service port number                   [24351]
130  Add entries to '/etc/inet/services'        [yes]
131  Allow non-reserved port connections        [yes]
132  Inbound Port range                         [1024-65535]
133  Outbound Port range                        [1025-65535]
134  Network encryption options                 [aes-256:keyfile=/etc/pb.key]
138  Settings file encryption type              [none]
139  REST API encryption options                [aes-256:keyfile=/etc/pb.re...]
140  Configure with Kerberos v5?                [no]
146  Enforce High Security Encryption?          [yes]
147  SSL Configuration?                         [requiressl sslfirst]
148  SSL pbrun Certificate Authority Directory? [none]
149  SSL pbrun Certificate Authority File?      [none]
150  SSL pbrun Cipher List?                     [cipherlist=TLSv1.2:!SSLv2:...]
151  SSL pbrun Certificate Directory?           [none]
152  SSL pbrun Certificate File?                [none]
153  SSL pbrun Private Key Directory?           [none]
154  SSL pbrun Private Key File?                [none]
155  SSL pbrun Certificate Subject Checks?      [none]
156  SSL Server Certificate Authority Direct... [none]
157  SSL Server Certificate Authority File?     [none]
158  SSL Server Cipher List?                    [cipherlist=TLSv1.2:!SSLv2:...]
159  SSL Server Certificate Directory?          [none]
160  SSL Server Certificate File?               [/etc/pbssl.pem]
161  SSL Server Private Key Directory?          [none]
162  SSL Server Private Key File?               [/etc/pbssl.pem]
163  SSL Server Certificate Subject Checks?     [none]
164  SSL Certificate Country Code               [US]
165  SSL Certificate State/Province             [AZ]
166  SSL Certificate Location (Town/City)       [Phoenix]
167  SSL Certificate Organizational Unit/Dep... [Security]
168  SSL Certificate Organization               [BeyondTrust]
169  Configure Privilege Management for Unix... [no]
170  Install BeyondTrust built-in third-part... [yes]
171  BeyondTrust built-in third-party librar... [/usr/lib/beyondtrust/pb]
183  Use PAM?                                   [no]
189  Enable non-PAM Solaris Projects?           [no]
190  Solaris Projects library file name         [/usr/lib/libproject.so]
191  Allow Remote Jobs?                         [yes]
192  UNIX Domain Socket directory               [none]
193  Reject Null Passwords?                     [no]
194  Enable TCP keepalives?                     [no]
195  Name Resolution Timeout                    [0]
N for the next menu page, P for the previous menu page, C to continue, X to exit
Please enter a menu option [For technical support call 1-800-234-9072]> c


Generating key file /opt/beyondtrust/powerbroker/v25.1/pmul_solaris10-11.sparc_25.1.6-06/install/settings_files/pb.key...
Generating key file /opt/beyondtrust/powerbroker/v25.1/pmul_solaris10-11.sparc_25.1.6-06/install/settings_files/pb.rest.key...
 
Are all the installation settings correct [yes]? 
Generating config file /opt/beyondtrust/powerbroker/v25.1/pmul_solaris10-11.sparc_25.1.6-06/install/settings_files/pb.cfg
Creating the settings file creation script
Running settings file creation script
Creating settings file /opt/beyondtrust/powerbroker/v25.1/pmul_solaris10-11.sparc_25.1.6-06/install/settings_files/pb.settings

Generated settings files are in directory: /opt/beyondtrust/powerbroker/v25.1/pmul_solaris10-11.sparc_25.1.6-06/install/settings_files
Copied pbelasticsearchtemplate.json, pbelkecsconfiguration.json, pblogstashmapping.json and sample-logstash-http.conf to /opt/beyondtrust/powerbroker/v25.1/pmul_solaris10-11.sparc_25.1.6-06/install/settings_files

Privilege Management for Unix & Linux Settings File Generation completed successfully.

Create the EPM-UL configuration package using pbcreatesolcfgpkg

This section shows the creation of the configuration package using the pbcreatesolcfgpkg program with the -p and -s options.

ℹ️

At the end of its output, the pbcreatesolcfgpkg script shows which EPM-UL component packages need to be installed.

✅

Example

# cd /opt/beyondtrust/powerbroker/v25.1/pmul_solaris10-11.sparc_25.1.6-11/install

# ./pbcreatesolcfgpkg -p CLIENT -s /opt/beyondtrust/powerbroker/v25.1/pmul_solaris10-11.sparc_25.1.6-11/install/settings_files/
pbcreatesolcfgpkg: starting from /opt/beyondtrust/powerbroker/v25.1/pmul_solaris10-11.sparc_25.1.6-11/install
pbcreatesolcfgpkg: keyfile pb.key will be included in package
pbcreatesolcfgpkg: keyfile pb.rest.key will be included in package
Reading /opt/beyondtrust/powerbroker/v25.1/pmul_solaris10-11.sparc_25.1.6-11/install/settings_files//pb.cfg

## Building pkgmap from package prototype file.
## Processing pkginfo file.
## Attempting to volumize 20 entries in pkgmap.
part  1 -- 914 blocks, 71 entries
## Packaging one part.
/net/nethome/opt/beyondtrust/powerbroker/v25.1/pmul_solaris10-11.sparc_25.1.6-11/install/BTPBcfCLIENT/BTPBcfCLIENT/pkgmap
/net/nethome/opt/beyondtrust/powerbroker/v25.1/pmul_solaris10-11.sparc_25.1.6-11/install/BTPBcfCLIENT/BTPBcfCLIENT/pkginfo
/net/nethome/opt/beyondtrust/powerbroker/v25.1/pmul_solaris10-11.sparc_25.1.6-11/install/BTPBcfCLIENT/BTPBcfCLIENT/root/etc/init.d/sypbcfg_svcsinetdsmf
/net/nethome/opt/beyondtrust/powerbroker/v25.1/pmul_solaris10-11.sparc_25.1.6-11/install/BTPBcfCLIENT/BTPBcfCLIENT/root/etc/pb.cfg
/net/nethome/opt/beyondtrust/powerbroker/v25.1/pmul_solaris10-11.sparc_25.1.6-11/install/BTPBcfCLIENT/BTPBcfCLIENT/root/etc/pb.key
/net/nethome/opt/beyondtrust/powerbroker/v25.1/pmul_solaris10-11.sparc_25.1.6-11/install/BTPBcfCLIENT/BTPBcfCLIENT/root/etc/pb.rest.key
/net/nethome/opt/beyondtrust/powerbroker/v25.1/pmul_solaris10-11.sparc_25.1.6-11/install/BTPBcfCLIENT/BTPBcfCLIENT/root/etc/pb.settings
/net/nethome/opt/beyondtrust/powerbroker/v25.1/pmul_solaris10-11.sparc_25.1.6-11/install/BTPBcfCLIENT/BTPBcfCLIENT/root/opt/pbul/elk/etc/pbelasticsearchtemplate.json
/net/nethome/opt/beyondtrust/powerbroker/v25.1/pmul_solaris10-11.sparc_25.1.6-11/install/BTPBcfCLIENT/BTPBcfCLIENT/root/opt/pbul/elk/etc/pbelkecsconfiguration.json
/net/nethome/opt/beyondtrust/powerbroker/v25.1/pmul_solaris10-11.sparc_25.1.6-11/install/BTPBcfCLIENT/BTPBcfCLIENT/root/opt/pbul/elk/etc/pblogstashmapping.json
/net/nethome/opt/beyondtrust/powerbroker/v25.1/pmul_solaris10-11.sparc_25.1.6-11/install/BTPBcfCLIENT/BTPBcfCLIENT/root/opt/pbul/elk/etc/sample-logstash-http.conf
/net/nethome/opt/beyondtrust/powerbroker/v25.1/pmul_solaris10-11.sparc_25.1.6-11/install/BTPBcfCLIENT/BTPBcfCLIENT/root/opt/pbul/scripts/.closeactionsplunk.pl.SAMPLE
/net/nethome/opt/beyondtrust/powerbroker/v25.1/pmul_solaris10-11.sparc_25.1.6-11/install/BTPBcfCLIENT/BTPBcfCLIENT/root/opt/pbul/scripts/pbrnscfg.sh
/net/nethome/opt/beyondtrust/powerbroker/v25.1/pmul_solaris10-11.sparc_25.1.6-11/install/BTPBcfCLIENT/BTPBcfCLIENT/install/checkinstall
/net/nethome/opt/beyondtrust/powerbroker/v25.1/pmul_solaris10-11.sparc_25.1.6-11/install/BTPBcfCLIENT/BTPBcfCLIENT/install/copyright
/net/nethome/opt/beyondtrust/powerbroker/v25.1/pmul_solaris10-11.sparc_25.1.6-11/install/BTPBcfCLIENT/BTPBcfCLIENT/install/depend
/net/nethome/opt/beyondtrust/powerbroker/v25.1/pmul_solaris10-11.sparc_25.1.6-11/install/BTPBcfCLIENT/BTPBcfCLIENT/install/postinstall
/net/nethome/opt/beyondtrust/powerbroker/v25.1/pmul_solaris10-11.sparc_25.1.6-11/install/BTPBcfCLIENT/BTPBcfCLIENT/install/postremove
/net/nethome/opt/beyondtrust/powerbroker/v25.1/pmul_solaris10-11.sparc_25.1.6-11/install/BTPBcfCLIENT/BTPBcfCLIENT/install/preinstall
/net/nethome/opt/beyondtrust/powerbroker/v25.1/pmul_solaris10-11.sparc_25.1.6-11/install/BTPBcfCLIENT/BTPBcfCLIENT/install/preremove
## Validating control scripts.
WARNING: script <postremove> may require user interaction at line <832>.
WARNING: script <preremove> may require user interaction at line <1755>.
## Packaging complete.
pbcreatesolcfgpkg: created package BTPBcfCLIENT in /opt/beyondtrust/powerbroker/v25.1/pmul_solaris10-11.sparc_25.1.6-06/install/BTPBcfCLIENT
Checking uninstalled directory format package <BTPBcfCLIENT> from </net/nethome/opt/beyondtrust/powerbroker/v25.1/pmul_solaris10-11.sparc_25.1.6-06/install/BTPBcfCLIENT>
## Checking control scripts.
WARNING: script <postremove> may require user interaction at line <832>.
WARNING: script <preremove> may require user interaction at line <1755>.
## Checking package objects.
## Checking is complete.
pbcreatesolcfgpkg: pkgchk for spooled package BTPBcfCLIENT succeeded.
Transferring <BTPBcfCLIENT> package instance
pbcreatesolcfgpkg: pkgtrans for package BTPBcfCLIENT succeeded.
Checking uninstalled stream format package <BTPBcfCLIENT> from </net/nethome/opt/beyondtrust/powerbroker/v25.1/pmul_solaris10-11.sparc_25.1.6-06/install/BTPBcfCLIENT.ds>
## Checking control scripts.
WARNING: script <preremove> may require user interaction at line <1755>.
WARNING: script <postremove> may require user interaction at line <832>.
## Checking package objects.
## Checking is complete.
pbcreatesolcfgpkg: pkgchk for datastream package BTPBcfCLIENT succeeded.
pbcreatesolcfgpkg: spooled package BTPBcfCLIENT removed.
 
pbcreatesolcfgpkg: Solaris package response file created:
         /opt/beyondtrust/powerbroker/v25.1/pmul_solaris10-11.sparc_25.1.6-06/install/../package/BTPBCLIENT.resp
pbcreatesolcfgpkg: Use the response file to customize ownership of files related to the REST Services.
         Example: pkgadd -a BTPBadmin -r /opt/beyondtrust/powerbroker/v25.1/pmul_solaris10-11.sparc_25.1.6-06/install/../package/BTPBCLIENT.resp -d BTPBlich.ds BTPBlich
 
pbcreatesolcfgpkg: package datastream file is: /opt/beyondtrust/powerbroker/v25.1/pmul_solaris10-11.sparc_25.1.6-06/install/BTPBcfCLIENT.ds
pbcreatesolcfgpkg: package admin file is: /opt/beyondtrust/powerbroker/v25.1/pmul_solaris10-11.sparc_25.1.6-06/install/BTPBadminCLIENT
 
pbcreatesolcfgpkg: the following packages will need to be loaded to the target system:
        BTPBrunh BTPBsbmh BTPBrest BTPBlibs
 
pbcreatesolcfgpkg: completed.

Install component packages using the pkgadd command

This section shows the execution of the pkgadd command to install component packages for the submit host, run host, and shared libraries. The execution text also includes copyright, trademark, trade secrets, and other legal text; however, those notices and text were removed from the following excerpt to save space:

✅

Example

# cd /opt/beyondtrust/powerbroker/v25.1/pmul_solaris10-11.sparc_25.1.6-11/package/
# ls
BTPBCLIENT.resp  BTPBadmin        BTPBlibs.ds      BTPBrest.ds      BTPBrunh.ds      BTPBsbmh.ds


# pkgadd -a ./BTPBadmin -r ./BTPBCLIENT.resp -d ./BTPBlibs.ds BTPBlibs

Processing package instance <BTPBlibs> from </net/nethome/opt/beyondtrust/powerbroker/v25.1/pmul_solaris10-11.sparc_25.1.6-11/package/BTPBlibs.ds>

BeyondTrust Privilege Management Shared Libraries - Root Delegation and Privilege Management(sparc) 25.1.6-11
BeyondTrust Privilege Management for Unix & Linux (formerly PowerBroker for Unix & Linux)

## Executing checkinstall script.
Using </> as the package base directory.
## Processing package information.
## Processing system information.
   1 package pathname is already properly installed.
## Verifying package dependencies.
## Verifying disk space requirements.

Installing BeyondTrust Privilege Management Shared Libraries - Root Delegation and Privilege Management as <BTPBlibs>

## Executing preinstall script.
## Installing part 1 of 1.
/usr/lib/beyondtrust/pb/libcom_err.so <symbolic link>
/usr/lib/beyondtrust/pb/libcom_err.so.3 <symbolic link>
/usr/lib/beyondtrust/pb/libcom_err.so.3.0
/usr/lib/beyondtrust/pb/libcrypto.so <symbolic link>
/usr/lib/beyondtrust/pb/libcrypto.so.3
/usr/lib/beyondtrust/pb/libcurl.so <symbolic link>
/usr/lib/beyondtrust/pb/libcurl.so.4 <symbolic link>
/usr/lib/beyondtrust/pb/libcurl.so.4.8.0
/usr/lib/beyondtrust/pb/libgssapi_krb5.so <symbolic link>
/usr/lib/beyondtrust/pb/libgssapi_krb5.so.2 <symbolic link>
/usr/lib/beyondtrust/pb/libgssapi_krb5.so.2.2
/usr/lib/beyondtrust/pb/libk5crypto.so <symbolic link>
/usr/lib/beyondtrust/pb/libk5crypto.so.3 <symbolic link>
/usr/lib/beyondtrust/pb/libk5crypto.so.3.1
/usr/lib/beyondtrust/pb/libkrb5.so <symbolic link>
/usr/lib/beyondtrust/pb/libkrb5.so.3 <symbolic link>
/usr/lib/beyondtrust/pb/libkrb5.so.3.3
/usr/lib/beyondtrust/pb/libkrb5support.so <symbolic link>
/usr/lib/beyondtrust/pb/libkrb5support.so.0 <symbolic link>
/usr/lib/beyondtrust/pb/libkrb5support.so.0.1
/usr/lib/beyondtrust/pb/liblber-2.5.so <symbolic link>
/usr/lib/beyondtrust/pb/liblber-2.5.so.0 <symbolic link>
/usr/lib/beyondtrust/pb/liblber-2.5.so.0.1.12
/usr/lib/beyondtrust/pb/libldap-2.5.so <symbolic link>
/usr/lib/beyondtrust/pb/libldap-2.5.so.0 <symbolic link>
/usr/lib/beyondtrust/pb/libldap-2.5.so.0.1.12
/usr/lib/beyondtrust/pb/libssl.so <symbolic link>
/usr/lib/beyondtrust/pb/libssl.so.3
/usr/lib/beyondtrust/pb/pam_radius_auth.so <symbolic link>
/usr/lib/beyondtrust/pb/pam_radius_auth.so.1 <symbolic link>
/usr/lib/beyondtrust/pb/pam_radius_auth.so.1.3.17
[ verifying class <none> ]
## Executing postinstall script.
 
Checking installation of package: BTPBlibs

Installation of <BTPBlibs> was successful.



# pkgadd -a ./BTPBadmin -r ./BTPBCLIENT.resp -d ./BTPBrunh.ds BTPBrunh

Processing package instance <BTPBrunh> from </net/nethome/opt/beyondtrust/powerbroker/v25.1/pmul_solaris10-11.sparc_25.1.6-06/package/BTPBrunh.ds>

BeyondTrust Privilege Management Run Host - Root Delegation and Privilege Management(sparc) 25.1.6-06
BeyondTrust Privilege Management for Unix & Linux (formerly PowerBroker for Unix & Linux)

## Executing checkinstall script.
Using </> as the package base directory.
## Processing package information.
## Processing system information.
## Verifying package dependencies.
## Verifying disk space requirements.

Installing BeyondTrust Privilege Management Run Host - Root Delegation and Privilege Management as <BTPBrunh>

## Executing preinstall script.
## Installing part 1 of 1.
/usr/lib/beyondtrust/pb/rest/etc/pblighttpd-rc
/usr/lib/beyondtrust/pb/rest/etc/pblighttpd-smf.xml
/usr/lib/beyondtrust/pb/rest/etc/pblighttpd.conf.orig
/usr/lib/beyondtrust/pb/rest/lib/mod_dirlisting.so
/usr/lib/beyondtrust/pb/rest/lib/mod_openssl.so
/usr/lib/beyondtrust/pb/rest/sbin/pbconfigd
/usr/lib/beyondtrust/pb/rest/sbin/pblighttpd
/usr/lib/beyondtrust/pb/rest/sbin/pblighttpd-launch
/usr/lib/beyondtrust/pb/rest/sbin/pblighttpd-svc
/usr/lib/secure/64/libpbul_aca-elf64.so
/usr/lib/secure/libpbul_aca-elf32.so
/usr/local/bin/pbbench
/usr/local/bin/pbcall
/usr/local/bin/pbless
/usr/local/bin/pbmg
/usr/local/bin/pbnvi
/usr/local/bin/pbumacs
/usr/local/bin/pbvi
/usr/local/man/man1/pbbench.1
/usr/local/man/man1/pbless.1
/usr/local/man/man1/pbmg.1
/usr/local/man/man1/pbnvi.1
/usr/local/man/man1/pbumacs.1
/usr/local/man/man1/pbvi.1
/usr/local/man/man8/pbcreatesolcfgpkg.8
/usr/local/man/man8/pbdbutil.8
/usr/local/man/man8/pbencode.8
/usr/local/man/man8/pbinstall.8
/usr/local/man/man8/pblocald.8
/usr/local/man/man8/pbregister.8
/usr/local/man/man8/pbsum.8
/usr/local/man/man8/pbulpreinstall.sh.8
/usr/local/man/man8/pbversion.8
/usr/sbin/pbdbutil
/usr/sbin/pbencode
/usr/sbin/pblocald
/usr/sbin/pbregister
/usr/sbin/pbrestcall
/usr/sbin/pbsnapshot.sh
/usr/sbin/pbsum
/usr/sbin/pbulpreinstall.sh
/usr/sbin/pbversion
[ verifying class <none> ]
## Executing postinstall script.

Checking installation of package: BTPBrunh

Installation of <BTPBrunh> was successful.



# pkgadd -a ./BTPBadmin -r ./BTPBCLIENT.resp -d ./BTPBsbmh.ds BTPBsbmh

Processing package instance <BTPBsbmh> from </net/nethome/opt/beyondtrust/powerbroker/v25.1/pmul_solaris10-11.sparc_25.1.6-06/package/BTPBsbmh.ds>

BeyondTrust Privilege Management Submit Host - Root Delegation and Privilege Management(sparc) 25.1.6-06
BeyondTrust Privilege Management for Unix & Linux (formerly PowerBroker for Unix & Linux)

## Executing checkinstall script.
Using </> as the package base directory.
## Processing package information.
## Processing system information.
   39 package pathnames are already properly installed.
## Verifying package dependencies.
## Verifying disk space requirements.

Installing BeyondTrust Privilege Management Submit Host - Root Delegation and Privilege Management as <BTPBsbmh>

## Executing preinstall script.
## Installing part 1 of 1.
/usr/lib/beyondtrust/pb/rest/etc/pblighttpd-rc
/usr/lib/beyondtrust/pb/rest/etc/pblighttpd-smf.xml
/usr/lib/beyondtrust/pb/rest/etc/pblighttpd.conf.orig
/usr/local/bin/pbksh
/usr/local/bin/pbrun
/usr/local/bin/pbrunssh
/usr/local/bin/pbrunsshaka
/usr/local/bin/pbsh
/usr/local/bin/pbssh
/usr/local/man/man1/pbrun.1
/usr/local/man/man1/pbssh.1
[ verifying class <none> ]
## Executing postinstall script.

Checking installation of package: BTPBsbmh

Installation of <BTPBsbmh> was successful.



# pkgadd -a ./BTPBadmin -r ./BTPBCLIENT.resp -d ./BTPBrest.ds BTPBrest

Processing package instance <BTPBrest> from </net/nethome/opt/beyondtrust/powerbroker/v25.1/pmul_solaris10-11.sparc_25.1.6-06/package/BTPBrest.ds>

BeyondTrust Privilege Management REST API - Root Delegation and Privilege Management(sparc) 25.1.6-06
BeyondTrust Privilege Management for Unix & Linux (formerly PowerBroker for Unix & Linux)

## Executing checkinstall script.
Using </> as the package base directory.
## Processing package information.
## Processing system information.
   20 package pathnames are already properly installed.
## Verifying package dependencies.
## Verifying disk space requirements.

Installing BeyondTrust Privilege Management REST API - Root Delegation and Privilege Management as <BTPBrest>

## Executing preinstall script.
## Installing part 1 of 1.
/usr/lib/beyondtrust/pb/rest/etc/pblighttpd-rc
/usr/lib/beyondtrust/pb/rest/etc/pblighttpd-smf.xml
/usr/lib/beyondtrust/pb/rest/etc/pblighttpd.conf.orig
/usr/local/lib/pbrest/examples/java/PBULAPI/.classpath
/usr/local/lib/pbrest/examples/java/PBULAPI/.project
/usr/local/lib/pbrest/examples/java/PBULAPI/.settings/org.eclipse.jdt.core.prefs
/usr/local/lib/pbrest/examples/java/PBULAPI/build.xml
/usr/local/lib/pbrest/examples/java/PBULAPI/doc/about.html
/usr/local/lib/pbrest/examples/java/PBULAPI/doc/all-classes.html
/usr/local/lib/pbrest/examples/java/PBULAPI/doc/all-packages.html
/usr/local/lib/pbrest/examples/java/PBULAPI/doc/allclasses-frame.html
/usr/local/lib/pbrest/examples/java/PBULAPI/doc/allclasses-noframe.html
/usr/local/lib/pbrest/examples/java/PBULAPI/doc/alphaindex-1.html
/usr/local/lib/pbrest/examples/java/PBULAPI/doc/alphaindex-10.html
/usr/local/lib/pbrest/examples/java/PBULAPI/doc/alphaindex-2.html
/usr/local/lib/pbrest/examples/java/PBULAPI/doc/alphaindex-3.html
/usr/local/lib/pbrest/examples/java/PBULAPI/doc/alphaindex-4.html
/usr/local/lib/pbrest/examples/java/PBULAPI/doc/alphaindex-5.html
/usr/local/lib/pbrest/examples/java/PBULAPI/doc/alphaindex-6.html
/usr/local/lib/pbrest/examples/java/PBULAPI/doc/alphaindex-7.html
/usr/local/lib/pbrest/examples/java/PBULAPI/doc/alphaindex-8.html
/usr/local/lib/pbrest/examples/java/PBULAPI/doc/alphaindex-9.html
/usr/local/lib/pbrest/examples/java/PBULAPI/doc/class-use/testAll.html
/usr/local/lib/pbrest/examples/java/PBULAPI/doc/com/beyondtrust/pbul/PBULException-uses.html
/usr/local/lib/pbrest/examples/java/PBULAPI/doc/com/beyondtrust/pbul/PBULException.html
/usr/local/lib/pbrest/examples/java/PBULAPI/doc/com/beyondtrust/pbul/PBULarray-uses.html
/usr/local/lib/pbrest/examples/java/PBULAPI/doc/com/beyondtrust/pbul/PBULarray.html
/usr/local/lib/pbrest/examples/java/PBULAPI/doc/com/beyondtrust/pbul/PBULevents-uses.html
/usr/local/lib/pbrest/examples/java/PBULAPI/doc/com/beyondtrust/pbul/PBULevents.html
/usr/local/lib/pbrest/examples/java/PBULAPI/doc/com/beyondtrust/pbul/PBULiologs-uses.html
/usr/local/lib/pbrest/examples/java/PBULAPI/doc/com/beyondtrust/pbul/PBULiologs.html
/usr/local/lib/pbrest/examples/java/PBULAPI/doc/com/beyondtrust/pbul/PBULkey-uses.html
/usr/local/lib/pbrest/examples/java/PBULAPI/doc/com/beyondtrust/pbul/PBULkey.html
/usr/local/lib/pbrest/examples/java/PBULAPI/doc/com/beyondtrust/pbul/PBULlicense-uses.html
/usr/local/lib/pbrest/examples/java/PBULAPI/doc/com/beyondtrust/pbul/PBULlicense.html
/usr/local/lib/pbrest/examples/java/PBULAPI/doc/com/beyondtrust/pbul/PBULobject-uses.html
/usr/local/lib/pbrest/examples/java/PBULAPI/doc/com/beyondtrust/pbul/PBULobject.html
/usr/local/lib/pbrest/examples/java/PBULAPI/doc/com/beyondtrust/pbul/PBULpolicy-uses.html
/usr/local/lib/pbrest/examples/java/PBULAPI/doc/com/beyondtrust/pbul/PBULpolicy.html
/usr/local/lib/pbrest/examples/java/PBULAPI/doc/com/beyondtrust/pbul/PBULsession-uses.html
/usr/local/lib/pbrest/examples/java/PBULAPI/doc/com/beyondtrust/pbul/PBULsession.html
/usr/local/lib/pbrest/examples/java/PBULAPI/doc/com/beyondtrust/pbul/PBULsetting-uses.html
/usr/local/lib/pbrest/examples/java/PBULAPI/doc/com/beyondtrust/pbul/PBULsetting.PBULsettingType-uses.html
/usr/local/lib/pbrest/examples/java/PBULAPI/doc/com/beyondtrust/pbul/PBULsetting.PBULsettingType.html
/usr/local/lib/pbrest/examples/java/PBULAPI/doc/com/beyondtrust/pbul/PBULsetting.html
/usr/local/lib/pbrest/examples/java/PBULAPI/doc/com/beyondtrust/pbul/PBULsettings-uses.html
/usr/local/lib/pbrest/examples/java/PBULAPI/doc/com/beyondtrust/pbul/PBULsettings.html
/usr/local/lib/pbrest/examples/java/PBULAPI/doc/com/beyondtrust/pbul/PBULsolr-uses.html
/usr/local/lib/pbrest/examples/java/PBULAPI/doc/com/beyondtrust/pbul/PBULsolr.html
/usr/local/lib/pbrest/examples/java/PBULAPI/doc/com/beyondtrust/pbul/PBULtype-uses.html
/usr/local/lib/pbrest/examples/java/PBULAPI/doc/com/beyondtrust/pbul/PBULtype.html
/usr/local/lib/pbrest/examples/java/PBULAPI/doc/com/beyondtrust/pbul/PBULutil-uses.html
/usr/local/lib/pbrest/examples/java/PBULAPI/doc/com/beyondtrust/pbul/PBULutil.html
/usr/local/lib/pbrest/examples/java/PBULAPI/doc/com/beyondtrust/pbul/class-use/PBULException.html
/usr/local/lib/pbrest/examples/java/PBULAPI/doc/com/beyondtrust/pbul/class-use/PBULarray.html
/usr/local/lib/pbrest/examples/java/PBULAPI/doc/com/beyondtrust/pbul/class-use/PBULevents.html
/usr/local/lib/pbrest/examples/java/PBULAPI/doc/com/beyondtrust/pbul/class-use/PBULiologs.html
/usr/local/lib/pbrest/examples/java/PBULAPI/doc/com/beyondtrust/pbul/class-use/PBULkey.html
/usr/local/lib/pbrest/examples/java/PBULAPI/doc/com/beyondtrust/pbul/class-use/PBULlicense.html
/usr/local/lib/pbrest/examples/java/PBULAPI/doc/com/beyondtrust/pbul/class-use/PBULobject.html
/usr/local/lib/pbrest/examples/java/PBULAPI/doc/com/beyondtrust/pbul/class-use/PBULpolicy.html
/usr/local/lib/pbrest/examples/java/PBULAPI/doc/com/beyondtrust/pbul/class-use/PBULsession.html
/usr/local/lib/pbrest/examples/java/PBULAPI/doc/com/beyondtrust/pbul/class-use/PBULsetting.PBULsettingType.html
/usr/local/lib/pbrest/examples/java/PBULAPI/doc/com/beyondtrust/pbul/class-use/PBULsetting.html
/usr/local/lib/pbrest/examples/java/PBULAPI/doc/com/beyondtrust/pbul/class-use/PBULsettings.html
/usr/local/lib/pbrest/examples/java/PBULAPI/doc/com/beyondtrust/pbul/class-use/PBULsolr.html
/usr/local/lib/pbrest/examples/java/PBULAPI/doc/com/beyondtrust/pbul/class-use/PBULtype.html
/usr/local/lib/pbrest/examples/java/PBULAPI/doc/com/beyondtrust/pbul/class-use/PBULutil.html
/usr/local/lib/pbrest/examples/java/PBULAPI/doc/com/beyondtrust/pbul/classes.html
/usr/local/lib/pbrest/examples/java/PBULAPI/doc/com/beyondtrust/pbul/package-frame.html
/usr/local/lib/pbrest/examples/java/PBULAPI/doc/com/beyondtrust/pbul/package-summary.html
/usr/local/lib/pbrest/examples/java/PBULAPI/doc/com/beyondtrust/pbul/package-tree.html
/usr/local/lib/pbrest/examples/java/PBULAPI/doc/com/beyondtrust/pbul/package-use.html
/usr/local/lib/pbrest/examples/java/PBULAPI/doc/com/beyondtrust/pbul/tree.html
/usr/local/lib/pbrest/examples/java/PBULAPI/doc/constant-values.html
/usr/local/lib/pbrest/examples/java/PBULAPI/doc/deprecated-list.html
/usr/local/lib/pbrest/examples/java/PBULAPI/doc/deprecated.html
/usr/local/lib/pbrest/examples/java/PBULAPI/doc/gjdoc.properties
/usr/local/lib/pbrest/examples/java/PBULAPI/doc/help-doc.html
/usr/local/lib/pbrest/examples/java/PBULAPI/doc/index-files/index-1.html
/usr/local/lib/pbrest/examples/java/PBULAPI/doc/index-files/index-10.html
/usr/local/lib/pbrest/examples/java/PBULAPI/doc/index-files/index-2.html
/usr/local/lib/pbrest/examples/java/PBULAPI/doc/index-files/index-3.html
/usr/local/lib/pbrest/examples/java/PBULAPI/doc/index-files/index-4.html
/usr/local/lib/pbrest/examples/java/PBULAPI/doc/index-files/index-5.html
/usr/local/lib/pbrest/examples/java/PBULAPI/doc/index-files/index-6.html
/usr/local/lib/pbrest/examples/java/PBULAPI/doc/index-files/index-7.html
/usr/local/lib/pbrest/examples/java/PBULAPI/doc/index-files/index-8.html
/usr/local/lib/pbrest/examples/java/PBULAPI/doc/index-files/index-9.html
/usr/local/lib/pbrest/examples/java/PBULAPI/doc/index.html
/usr/local/lib/pbrest/examples/java/PBULAPI/doc/overview-summary.html
/usr/local/lib/pbrest/examples/java/PBULAPI/doc/overview-tree.html
/usr/local/lib/pbrest/examples/java/PBULAPI/doc/package-frame.html
/usr/local/lib/pbrest/examples/java/PBULAPI/doc/package-list
/usr/local/lib/pbrest/examples/java/PBULAPI/doc/package-summary.html
/usr/local/lib/pbrest/examples/java/PBULAPI/doc/package-tree.html
/usr/local/lib/pbrest/examples/java/PBULAPI/doc/package-use.html
/usr/local/lib/pbrest/examples/java/PBULAPI/doc/resources/background.gif
/usr/local/lib/pbrest/examples/java/PBULAPI/doc/resources/gjdoc.js
/usr/local/lib/pbrest/examples/java/PBULAPI/doc/resources/gjdochtml-clean-color1.css
/usr/local/lib/pbrest/examples/java/PBULAPI/doc/resources/gjdochtml-clean-layout.css
/usr/local/lib/pbrest/examples/java/PBULAPI/doc/resources/inherit.png
/usr/local/lib/pbrest/examples/java/PBULAPI/doc/resources/tab.gif
/usr/local/lib/pbrest/examples/java/PBULAPI/doc/resources/titlebar.gif
/usr/local/lib/pbrest/examples/java/PBULAPI/doc/resources/titlebar_end.gif
/usr/local/lib/pbrest/examples/java/PBULAPI/doc/resources/xhtml11-target10.dtd
/usr/local/lib/pbrest/examples/java/PBULAPI/doc/serialized-form.html
/usr/local/lib/pbrest/examples/java/PBULAPI/doc/stylesheet.css
/usr/local/lib/pbrest/examples/java/PBULAPI/doc/testAll.html
/usr/local/lib/pbrest/examples/java/PBULAPI/doc/tree.html
/usr/local/lib/pbrest/examples/java/PBULAPI/src/com/beyondtrust/pbul/PBULException.java
/usr/local/lib/pbrest/examples/java/PBULAPI/src/com/beyondtrust/pbul/PBULarray.java
/usr/local/lib/pbrest/examples/java/PBULAPI/src/com/beyondtrust/pbul/PBULevents.java
/usr/local/lib/pbrest/examples/java/PBULAPI/src/com/beyondtrust/pbul/PBULiologs.java
/usr/local/lib/pbrest/examples/java/PBULAPI/src/com/beyondtrust/pbul/PBULkey.java
/usr/local/lib/pbrest/examples/java/PBULAPI/src/com/beyondtrust/pbul/PBULlicense.java
/usr/local/lib/pbrest/examples/java/PBULAPI/src/com/beyondtrust/pbul/PBULobject.java
/usr/local/lib/pbrest/examples/java/PBULAPI/src/com/beyondtrust/pbul/PBULpolicy.java
/usr/local/lib/pbrest/examples/java/PBULAPI/src/com/beyondtrust/pbul/PBULsession.java
/usr/local/lib/pbrest/examples/java/PBULAPI/src/com/beyondtrust/pbul/PBULsetting.java
/usr/local/lib/pbrest/examples/java/PBULAPI/src/com/beyondtrust/pbul/PBULsettings.java
/usr/local/lib/pbrest/examples/java/PBULAPI/src/com/beyondtrust/pbul/PBULsolr.java
/usr/local/lib/pbrest/examples/java/PBULAPI/src/com/beyondtrust/pbul/PBULtype.java
/usr/local/lib/pbrest/examples/java/PBULAPI/src/com/beyondtrust/pbul/PBULutil.java
/usr/local/lib/pbrest/examples/java/PBULAPI/src/org/json/JSONArray.java
/usr/local/lib/pbrest/examples/java/PBULAPI/src/org/json/JSONException.java
/usr/local/lib/pbrest/examples/java/PBULAPI/src/org/json/JSONObject.java
/usr/local/lib/pbrest/examples/java/PBULAPI/src/org/json/JSONString.java
/usr/local/lib/pbrest/examples/java/PBULAPI/src/org/json/JSONStringer.java
/usr/local/lib/pbrest/examples/java/PBULAPI/src/org/json/JSONTokener.java
/usr/local/lib/pbrest/examples/java/PBULAPI/src/org/json/JSONWriter.java
/usr/local/lib/pbrest/examples/java/PBULAPI/test/testAll.java
/usr/local/lib/pbrest/examples/java/PBULAPI/test/testGetEvents.java
/usr/local/lib/pbrest/examples/java/PBULAPI/test/testGetIOLog.java
/usr/local/lib/pbrest/examples/java/PBULAPI/test/testGetIOLogs.java
/usr/local/lib/pbrest/examples/java/PBULAPI/test/testGetKey.java
/usr/local/lib/pbrest/examples/java/PBULAPI/test/testGetLicense.java
/usr/local/lib/pbrest/examples/java/PBULAPI/test/testGetPoliciesCSV.java
/usr/local/lib/pbrest/examples/java/PBULAPI/test/testGetPolicyCSV.java
/usr/local/lib/pbrest/examples/java/PBULAPI/test/testGetScriptPolicyAll.java
/usr/local/lib/pbrest/examples/java/PBULAPI/test/testGetSetting.java
/usr/local/lib/pbrest/examples/java/PBULAPI/test/testGetSettings.java
/usr/local/lib/pbrest/examples/java/PBULAPI/test/testGetSettingsFile.java
/usr/local/lib/pbrest/examples/java/PBULAPI/test/testGetSolr.java
/usr/local/lib/pbrest/examples/java/PBULAPI/test/testGetSriptPolicy.java
/usr/local/lib/pbrest/examples/java/PBULAPI/test/testPutKey.java
/usr/local/lib/pbrest/examples/java/PBULAPI/test/testSetNewPolicyFile.java
/usr/local/lib/pbrest/examples/java/PBULAPI/test/testSetPolciesCSV.java
/usr/local/lib/pbrest/examples/java/PBULAPI/test/testSetPolicyCSV.java
/usr/local/lib/pbrest/examples/java/PBULAPI/test/testSetPolicyFile.java
/usr/local/lib/pbrest/examples/java/PBULAPI/test/testSetPolicyLines.java
/usr/local/lib/pbrest/examples/java/PBULAPI/test/testSetSetting.java
/usr/local/lib/pbrest/examples/jsoncalls.html
/usr/local/lib/pbrest/examples/lighttpd/lighttpd/conf.d/access_log.conf
/usr/local/lib/pbrest/examples/lighttpd/lighttpd/conf.d/auth.conf
/usr/local/lib/pbrest/examples/lighttpd/lighttpd/conf.d/cgi.conf
/usr/local/lib/pbrest/examples/lighttpd/lighttpd/conf.d/compress.conf
/usr/local/lib/pbrest/examples/lighttpd/lighttpd/conf.d/debug.conf
/usr/local/lib/pbrest/examples/lighttpd/lighttpd/conf.d/dirlisting.conf
/usr/local/lib/pbrest/examples/lighttpd/lighttpd/conf.d/evhost.conf
/usr/local/lib/pbrest/examples/lighttpd/lighttpd/conf.d/expire.conf
/usr/local/lib/pbrest/examples/lighttpd/lighttpd/conf.d/fastcgi.conf
/usr/local/lib/pbrest/examples/lighttpd/lighttpd/conf.d/mime.conf
/usr/local/lib/pbrest/examples/lighttpd/lighttpd/conf.d/mod.template
/usr/local/lib/pbrest/examples/lighttpd/lighttpd/conf.d/proxy.conf
/usr/local/lib/pbrest/examples/lighttpd/lighttpd/conf.d/scgi.conf
/usr/local/lib/pbrest/examples/lighttpd/lighttpd/conf.d/secdownload.conf
/usr/local/lib/pbrest/examples/lighttpd/lighttpd/conf.d/simple_vhost.conf
/usr/local/lib/pbrest/examples/lighttpd/lighttpd/conf.d/ssi.conf
/usr/local/lib/pbrest/examples/lighttpd/lighttpd/conf.d/status.conf
/usr/local/lib/pbrest/examples/lighttpd/lighttpd/conf.d/userdir.conf
/usr/local/lib/pbrest/examples/lighttpd/lighttpd/lighttpd.conf
/usr/local/lib/pbrest/examples/lighttpd/lighttpd/modules.conf
/usr/local/lib/pbrest/examples/lighttpd/lighttpd/vhosts.d/vhosts.template
/usr/local/lib/pbrest/examples/scripts/getSetting.sh
/usr/local/lib/pbrest/examples/scripts/getSettings.sh
[ verifying class <none> ]
## Executing postinstall script.

Checking installation of package: BTPBrest

Installation of <BTPBrest> was successful.

Installing the configuration package using the pkgadd command

This section shows the execution of the Solaris pkgadd command to install the configuration package. Following installation of the configuration package, the installation is verified by submitting the id command to EPM-UL, and the Solaris pkginfo utility is used to list the EPM-UL packages installed.

The execution text also includes copyright, trademark, trade secrets, and other legal text; however, those notices and text were removed from the following excerpt to save space:

✅

Example

# cd /opt/beyondtrust/powerbroker/v25.1/pmul_solaris10-11.sparc_25.1.6-11/install

# pkgadd -a ./BTPBadminCLIENT -d ./BTPBcfCLIENT.ds BTPBcfCLIENT

Processing package instance <BTPBcfCLIENT> from </net/nethome/opt/beyondtrust/powerbroker/v25.1/pmul_solaris10-11.sparc_25.1.6-11/install/BTPBcfCLIENT.ds>

BeyondTrust Privilege Management Unix/Linux Configuration - Root Delegation and Privilege Management(noarch) 25.1.6-11
Privilege Management for Unix & Linux

## Executing checkinstall script.
Checking installation of dependent component packages...
## Processing package information.
## Processing system information.
WARNING: setting mode of </opt/pbul/elk> to default mode (755)
WARNING: setting mode of </opt/pbul/elk/etc> to default mode (755)
WARNING: setting mode of </opt/pbul/scripts> to default mode (755)
   5 package pathnames are already properly installed.
## Verifying package dependencies.
## Verifying disk space requirements.

Installing BeyondTrust Privilege Management Unix/Linux Configuration - Root Delegation and Privilege Management as <BTPBcfCLIENT>

## Executing preinstall script.
## Installing part 1 of 1.
/etc/init.d/sypbcfg_svcsinetdsmf
/etc/pb.cfg
/etc/pb.key
/etc/pb.rest.key
/etc/pb.settings
/etc/rc2.d/S99sypbcfg_svcsinetdsmf <symbolic link>
/opt/pbul/elk/etc/pbelasticsearchtemplate.json
/opt/pbul/elk/etc/pbelkecsconfiguration.json
/opt/pbul/elk/etc/pblogstashmapping.json
/opt/pbul/elk/etc/sample-logstash-http.conf
/opt/pbul/scripts/.closeactionsplunk.pl.SAMPLE
/opt/pbul/scripts/pbrnscfg.sh
[ verifying class <none> ]
## Executing postinstall script.
Checking installation of package: BTPBcfCLIENT
'pkgchk' of package BTPBcfCLIENT succeeded
Reading pb.cfg...
Creating /opt/pbul/dbs
Creating /opt/pbul/msgrouter
Creating /opt/pbul/etc
Creating /opt/pbul/policies
Creating /opt/pbul/sudoersdir
Checking installation of dependent component packages...
'pkgchk' of package BTPBlibs succeeded
'pkgchk' of package BTPBrest succeeded
'pkgchk' of package BTPBsbmh succeeded
'pkgchk' of package BTPBrunh succeeded
Looking for SuperDaemons to configure...
Removing PowerBroker service definitions (if any) from /etc/services.
Adding PowerBroker service definitions to /etc/services.
Removing PowerBroker service definitions (if any) from SMF.
Adding PowerBroker definitions to SMF.
Updating Settings in database (if any)...
Creating /opt/pbul/dequeuedbs
Creating /opt/pbul/dequeuedbs/mrsiem

Installation of <BTPBcfCLIENT> was successful.


# pkginfo|grep BTPB
application BTPBcfCLIENT     BeyondTrust Privilege Management Unix/Linux Configuration - Root Delegation and Privilege Management
application BTPBlibs         BeyondTrust Privilege Management Shared Libraries - Root Delegation and Privilege Management
application BTPBrest         BeyondTrust Privilege Management REST API - Root Delegation and Privilege Management
application BTPBrunh         BeyondTrust Privilege Management Run Host - Root Delegation and Privilege Management
application BTPBsbmh         BeyondTrust Privilege Management Submit Host - Root Delegation and Privilege Management


# /usr/local/bin/pbrun id
uid=0(root) gid=0(root)

Sample of the uninstall process from a package installation

This section shows the execution of the Solaris pkgrm utility to remove the EPM-UL packages.

Example

# cd /opt/beyondtrust/powerbroker/v25.1/pmul_solaris10-11.sparc_25.1.6-11/install
# pkgrm -na ./BTPBadminCLIENT BTPBcfCLIENT BTPBrunh BTPBsbmh BTPBrest BTPBlibs
Reading pb.cfg...
Looking for SuperDaemons to configure...
Removing PowerBroker service definitions (if any) from /etc/services.
Removing PowerBroker service definitions (if any) from SMF.
Moving /etc/pb.db to /var/tmp//beyondtrust_pbinstall
Moving generated content of /usr/lib/beyondtrust/pb/rest to /var/tmp//beyondtrust_pbinstall/rest
Removing /opt/pbul/dbs -- empty BeyondTrust Created Directory

Removal of <BTPBcfCLIENT> was successful.
Removing /opt/pbul/dequeuedbs -- empty BeyondTrust Created Directory
Removing /opt/pbul/etc -- empty BeyondTrust Created Directory
Removing /opt/pbul/locks -- empty BeyondTrust Created Directory
Removing /opt/pbul/msgrouter -- empty BeyondTrust Created Directory
Removing /opt/pbul/policies -- empty BeyondTrust Created Directory
Removing /opt/pbul/sudoersdir -- empty BeyondTrust Created Directory
Removing /opt/pbul -- empty BeyondTrust Created Directory

Removal of <BTPBrunh> was successful.
Removal of <BTPBsbmh> was successful.
Removal of <BTPBrest> was successful.
Removal of <BTPBlibs> was successful.

Linux package installer

This section describes how to install EPM-UL using a package installer for Red Hat Enterprise Linux (RHEL) on an x86-64 or s390x computer. Use the Linux package installation to install EPM-UL using the Linux RPM package manager.

The Linux package installer described here is not compatible with the Endpoint Privilege Management Endpoint Privilege Management v5.x packages. You must remove EPM-UL v5.x before installing EPM-UL Linux packages.

Prerequisites

• Package tarball file for the appropriate EPM-UL flavor

ℹ️

For the Linux package installer, the tarball files are cumulative. That is, an update tarball file contains a complete EPM-UL installation. It is not necessary to install a baseline version before installing an upgrade.

• Root access or superuser privileges
• RPM Package Manager (rpm) v4.4 or later

ℹ️

The Linux package installer does not support prefix or suffix installations.

Plan your installation

When preparing to use the Linux package installer, you should be familiar with the following concepts and restrictions:

Component packages: an EPM-UL component package is an RPM package manager (.rpm) file that installs a part of the EPM-UL application. The component packages are listed below with the format powerbroker-component-v.v.r.bb-pv.arch.rpm, where:

• component = Endpoint Privilege Management component package name
• v = major version v = minor version r = release
• bb = build
• pv = version number of the package
• arch = architecture (for example, i386)

Which component packages are required depends on the type of EPM-UL host you create, such as policy server host, submit host, and so on. You can select the types of hosts in the pbinstall installation menu, as shown in the following table. For readability the ending of each component in the table (-v.v.r.bb-pv.arch.rpm) is removed.

Configuration package: RPM package that is used to install the following files:

• pb.settings: Hardcoded target location /etc/pb.settings
• pb.cfg: Hardcoded target location /etc/pb.cfg
• All the encryption keyfiles defined for networkencryption, eventlogencryption, iologencryption, reportencryption, policyencryption, and restkeyencryption
• By default, two key files are created: pb.key and pb.rest.key
• The sysadmin can define multiple encryption with different keyfiles in locations other than /etc. To upgrade and retain settings on the target machine, view all encryption settings in /etc/pb.settings and copy the files to the settings_files directory before running "pbinstall -z" and pbcreate*cfgpkg
• If installing a Cached Policy client, copy the policypubcertfile (default=/etc/pbpolicypubcert.pem) from the policy server to the settings_files directory before running pbinstall -z and pbcreate*cfgpkg.
• pb.conf (for policy server hosts)
• Man pages for the pbinstall and pbcreatelincfgpkg programs

The configuration package is created by the pbcreatelincfgpkg program. The component packages must be installed before you install the configuration package.

Package name: Name of the package as stored in the RPM package manager database. For EPM-UL package installations, this name is the same as the package file name without the .arch.rpm extension.

Relocated base directory: The directory where the EPM-UL binary files and log files are installed. You can choose an alternative directory in which to install these files.

pbinstall program: To create the EPM-UL settings files, you use the pbinstall program with the -z (settings only) option. pbinstall -z only creates the settings files, and is incompatible with the following command line options:

When you execute pbinstall with the -z option, you can see two menu items that are not otherwise available:

• Enter existing pb.settings path: This enables you to set your own pb.settings file. pbinstall reads this settings file and populates the remaining menu choices. You can override some menu choices. If set to none, then pbinstall does not read a settings file. The remaining menu choices are populated with default values.
• Enter directory path for settings file creation: This enables you to set an alternative output directory for the settings files. The default directory is /unzip-dir/powerbroker/<version>/<flavor>install/settings_files, where unzip-dir is the directory where the package tarball file was unzipped.

The behavior of pbinstall -z depends on whether certain additional command line options are specified:

• If no other command line options are specified, pbinstall initially presents a short version of the installation menu. Depending on the choices you make in these items, further menu items become available.
• If command line options -g, -l, -m, -o, -r, or -w are specified, pbinstall presents an expanded version of the installation menu that reflects the host types that you are configuring.

When running pbinstall with the -z option, the following menu items are preprogrammed and cannot be changed:

• Install man pages?
• Endpoint Privilege Management daemon location
• Administration programs location
• User programs location
• Policy include (sub) file directory
• User man page location
• Admin man page location
• Policy filename
• BeyondTrust built-in third-party library directory

In addition, the values of the following menu items determine the values of other menu items:

ℹ️

If you plan to use the package installer to install EPM-UL on a computer that already has an interactive EPM-UL installation on it, see Interactive Versus Packaged Installation for additional considerations.

If you plan to use Registry Name Service and are running pbinstall -z on a client host (non-primary server), you must perform client registration. This is necessary to properly set up the registry name service database. Client registration also requires that you collect from the EPM-UL primary server the following information:

• REST Application ID
• REST Application Key
• Primary server network name or IP address
• Primary License Server REST TCP/IP port
• Registration Client Profile name

Registering client with Primary RNS: If Registry Name Services is enabled for EPM-UL, each client host (after the first server installation) needs to be registered with the Primary Registry Name Server. When using package installers on a target host, a post-install configuration script (/opt/pbul/scripts/pbrnscfg.sh) is provided to be manually executed on that host to properly register it. This post-install configuration script asks for information about the Primary Registry Name Server, including the Application ID (appid), Application Key (appkey), address/domain name, and the REST TCP/IP port number. This is the same information provided during the client registration part of a pbinstall -z install which generates the settings file.

If you prefer a more convenient method of registering RNS clients where the post-install configuration script is non-interactive, EPM-UL can save the relevant information in a hidden file during the settings-only run of pbinstall, bundle it with the configuration package, and automatically apply it to the target host when that package is installed. However, understand that this is not secure, but is available if the security-convenience trade-off is acceptable. To enable this, refer to the question regarding post-install configuration script displayed when running pbinstall -z.

Overview of steps

Use of the Linux package installer involves the following steps:

1. Unpack the package tarball file.
2. Use the pbinstall program to create settings files.
3. Use the pbcreatelincfgpkg program to create the configuration package.
4. Perform a package installation using the Linux rpm command for any required components.
5. Perform a package installation using the Linux rpm command for the EPM-UL configuration package.
6. If Registry Name Service is enabled and installing on a non-primary servery, run /opt/pbul/scripts/pbrnscfg.sh to register the host.

Installation procedure

To install EPM-UL using the RPM package manager:

1. Extract the package tarball files into the /opt/beyondtrust/ directory by executing the following command:

   tar xvfz pmul_<flavor_version>_pkg.tar.Z
   

2. Optional. The Linux package files are digitally signed. To verify the packages are genuine:

   • Go to www.beyondtrust.com, and click Support to display the EPM-UL Downloads page.

   • In the Customers section, click Login. Use your customer user name and password to log in to the EPM-UL Downloads page.

   • Click Digital Signature file for Linux RPM packages and download the tar file to the Linux computer.

   • Extract the key from the tar file.

   • Import the key to the RPM database with the following command:

     rpm --import keyfile
     

     keyfile is the file name of the key file.

   • Navigate to the /opt/beyondtrust/powerbroker/<version>/<flavor>/package/ directory.

   • Execute the following command:

     rpm -K *.rpm
     

     For each package, you should see output similar to the following:

     powerbroker-master-6.2.0.11-1.i386.rpm: (sha1) dsa sha1 md5 gpg OK
     

     The OK at the end of the line indicates that the package is genuine.

3. Navigate to the /opt/beyondtrust/powerbroker/<version>/<flavor>/install/ directory.

4. Execute the following command:

   ./pbinstall -z
   

   You can include other options with the -z option. Use the -R option to set an alternate base directory for installing the component packages.

   pbinstall displays the EPM-UL installation menu.

   You are asked if you want to use client registration. If you plan to enable Registry Name Service, and install on a host that is not designated as a primary server, you must run client registration.

   pbinstall then asks if you want to enable Registry Name Service.

5. Make your menu selections. Note that the Enter existing pb.settings path menu option enables you to set your own pb.settings file to use. Also, the Enter directory path for settings file creation menu option enables you to set where to save the generated settings files. These menu options are available only when running pbinstall with the -z option.

   When the menu selection process is complete, pbinstall creates the following files in the specified location:

   • pb.settings
   • pb.cfg
   • pb.key (if encryption is enabled)
   • pb.conf (for policy server host)
   • pbpolicykey.pem and pbpolicypubcert.pem (for Policy Server hosts with Cached Policy feature enabled)

6. Optional. For an EPM-UL client, if client-server communications are to be encrypted, replace the generated pb.key file with the pb.key file from the policy server host. Also, copy any other required key files into the same directory.

ℹ️

This step is automatically done if you choose to use client registration.

7. Required for Cached Policy client installation: Copy the policypubcertfile (default=/etc/pbpolicypubcert.pem) from the policy server to the settings_files directory.

8. Optional. For a policy server host, write a policy file (pb.conf) and place it in the directory with the other generated files. If you do not provide a pb.conf file, a pb.conf file with the single command reject; is generated and packaged.

   Starting with v8.0, pbinstall -z can optionally install the default role-based policies and asks:

   Installing default role-based policy pbul_policy.conf and pbul_functions.conf in <install_dir>/settings_files
   Would you like to use the default role-based policy in the configuration package?
   

   • Answer Yes for new installs only.
   • If you are upgrading an existing configuration package, to avoid overwriting your existing policy, answer No.

     Use the default role-based policy [Y]?
     

   • If you answer Yes, the default pb.conf, pbul_policy.conf and pbul_functions.conf files are created and installed on the policy server.
   • If you plan to install over an existing installation, and have an existing policy in place, answer No.

9. Navigate to the /opt/beyondtrust/powerbroker/<version>/<flavor>/install/ directory.

10. Run the pbcreatelincfgpkg utility by typing:

    pbcreatelincfgpkg -p suffix -s directory
    

    • suffix is appended to the configuration package name; length can be up to 18 characters.
    • directory contains the settings and configuration files to include in the package.

    The pbcreatelincfgpkg utility creates the configuration package file, powerbroker-config-sv-pv.arch.rpm.

11. Navigate to the /opt/beyondtrust/powerbroker/<version>/<flavor>/package/ directory.

12. For each required component package, run the Linux rpm utility to install the component package by typing:

    rpm -iv package-file
    

    package-file is the name of the component package (.rpm) file. For example:

    rpm -iv powerbroker-submithost-25.1.6.11-1.x86_64.rpm
    

ℹ️

To install all component packages, type the following command:

rpm -iv *.rpm

13. Navigate to the /opt/beyondtrust/powerbroker/<version>/<flavor>/install/ directory.

14. Run the Linux rpm utility to install the EPM-UL configuration package by typing:

    rpm -iv package-file
    

    package-file is the name of the configuration package (.rpm) file created in step 9.

15. Verify the installation of the packages by typing:

    rpm -qa| grep powerbroker
    

16. If Registry Name Service is enabled and installed on a non-primary server, register the host with the Primary Registry Name Server using a post-install configuration script. Gather the Application ID, Application Key, network name or IP address, and REST TCP/IP port of the primary server, then run the script to register the host and follow the prompts:

    /opt/pbul/scripts/pbrnscfg.sh
    

ℹ️

For more information, see the following:

• For other options you can use with the pbinstall -z option, Plan your installation
• pblighttpd
• pbcreatelincfgpkg

Remove EPM-UL packages

Removing the EPM-UL packages completely uninstalls EPM-UL from a computer.

To remove the EPM-UL packages, type the following:

rpm -e config-package-name
   component-package-1 ... component-package-n

• config-package-name is the name of the package specified when the configuration package is installed. This package name is not required to come first in the list; rpm removes it first. However, if you remove packages with separate rpm processes, you must remove the configuration package first.
• component-package-1 through component-package-n are the names of the packages specified when the component packages are installed.

✅

Example

rpm  -e  powerbroker-configCLIENTS-25.1.6.11-1.noarch powerbroker-submithost-25.1.6.11-1.x86_64

Relocate the base directory

Using the RPM package management system you can set an alternative base directory for installing packages. With this feature, you can set a directory to install the EPM-UL binary files and log files in. Certain files, such as pb.settings, pb.cfg, and EPM-UL key files, must be located in the /etc directory for EPM-UL to run. These files are not relocatable.

To relocate the base directory from the default / (root) directory, do the following:

1. On the target machine, create the target base directory if it does not already exist.
2. When you run pbinstall, use the -R option and set the new base directory.
3. When installing the component packages, execute rpm with the --prefix option and set the relocated directory.

✅

Example

rpm  -ivh  --prefix /local/powerbroker  powerbroker-runhost-25.1.6.11-1.x86_64

ℹ️

The files that are installed by the configuration package cannot be relocated. Do not use the --prefix option when installing the configuration package.

Update EPM-UL with the Linux package installer

The Linux package installer can be used to upgrade an existing installation. The existing version should have been installed with the Linux package installer.

ℹ️

It is possible to use the Linux package installer to install EPM-UL over an existing version that was installed with pbinstall. However, we do not recommended doing so because it can result in unused files from the existing version remaining in the file system.

Package upgrade considerations

Installing an upgrade using the Linux package installer is similar to using the Linux package installer to install EPM-UL for the first time. Keep these considerations in mind when you prepare to upgrade:

• Technically, the Linux packages are upgrade packages, as opposed to update packages. An upgrade package installs the new files before removing the existing files and registering the new version number in the RPM database.
• A Linux upgrade package contains a complete EPM-UL installation, rather than simply the files that have changed since the previous release.
• If you have more than one EPM-UL package on a computer, upgrade all packages on that computer.
• A newer release can introduce features that use new settings or configurations. In which case, an upgrade of the configuration package of EPM-UL is also needed.
• Unlike EPM-UL patches installed with pbpatchinstall, upgrade packages cannot be rolled back to a previous release. However, you can install an older package over a newer one, effectively rolling back to the older release.

Package upgrade procedure

Follow this procedure to upgrade using the Linux package installer:

1. Obtain the tarball file for the Linux upgrade packages that are appropriate for your hardware. The tarball file name has the format pmul_<flavor>-v.v.r-bb-pn_pkg.tar.Z.

   • indicates the operating system and hardware architecture.
   • v.v.r is the major and minor version number and the release number.
   • bb is the build number.
   • n is the update number.

2. Extract the package tarball files into the /unzip-dir/ directory by executing the following command:

   tar xvfz pmul_<flavor_version>_pkg.tar.Z
   

3. Navigate to the /unzip-dir/powerbroker/<version>/<flavor>/install/ directory

4. Create the settings_files directory and change directory to that location.

5. To retain or correctly update the settings of the current installation, copy the following files from the target installation host into the settings_files directory you created in step 4:

   • /etc/pb.settings
   • /etc/pb.cfg
   • encryption keys defined in pb.settings for networkencryption, eventlogencryption, iologencryption, reportencryption, policyencryption, and restkeyencryption settings (if enabled)

ℹ️

In a default installation, there are typically 2 key files created: pb.key and pb.rest.key.

• policy file defined in policyfile setting in pb.settings (if the target installation is a Policy Server)

ℹ️

In a default installation, the policy file is located in /opt/pbul/policies/pb.conf.

• For Cached Policy clients: policypubcertfile (default=/etc/pbpolicypubcert.pem)

6. Execute the following command and verify the installation settings:

./pbinstall -z

7. Create the upgrade configuration package by running the pbcreatelincfgpkg utility:

pbcreatelincfgpkg -p suffix

Use the current suffix of the installation to be upgraded. Use the suffix you provided during the initial package installation in step 9 of the Installation Procedure.

Another way to find the suffix is to run the following command on the target installation host to get the list of packages installed:

rpm -qa |grep powerbroker

Identify the suffix of the EPM-UL configuration package using this format:

powerbroker-config<suffix>-<version>.noarch

8. Navigate to the /unzip-dir/powerbroker/<version>/<flavor>/package/ directory.
9. Use the Linux rpm utility to upgrade the component packages by typing:

rpm -Uv package-file-1 package-file-2...

package-file-n is the name of a component package (.rpm) file.

rpm  -Uv  powerbroker-submithost-25.1.6.11-1.x86_64  powerbroker-runhost-25.1.6.11-1.x86_64

10. Navigate to the /unzip-dir/powerbroker/<version>/<flavor>/install/ directory.
11. Run the Linux rpm utility to install the EPM-UL configuration package by typing:

rpm -Uv package-file

package-file is the name of the configuration package (.rpm) file created in step 12. Verify the installation of the packages by typing:

rpm -qa| grep powerbroker

Revert to a previous version

Unlike EPM-UL patches installed with pbpatchinstall, upgrade packages cannot be rolled back to a previous release. However, you can install an older package over a newer one, effectively rolling back to the older release.

To install older packages over newer ones, use the following command:

rpm -Uv --oldpackage package-file-1 package file-2...

This command restores the previous release. Repeat the command to restore earlier releases. To restore a single package per rpm command, add the --replacepkgs option.

Upgrade the configuration package

When upgrading the configuration package (cfg pkg), some settings that are part of the package might need settings and configuration files copied from the existing installation to the staging host.

Files included in the cfg package:

• pb.settings: Hardcoded target location /etc/pb.settings.

• pb.cfg: Hardcoded target location /etc/pb.cfg.

• All the encryption key files defined for networkencryption, eventlogencryption, iologencryption, reportencryption, policyencryption, and restkeyencryption. By default, two key files are typically created:

  • pb.key
  • pb.rest.key

  The sysadmin can define encryption with different key files in locations other than /etc. Therefore, when upgrading, and to retain what is installed on the target machine, look at all the encryption settings in /etc/pb.settings. Copy the settings to the settings_files directory before running pbinstall -z and pbcreate*cfgpkg.

• Policy file if the target is a policy server.

Sample execution for the Linux package installer

The sample execution shows the installation of an EPM-UL submit host, run host, and shared libraries using the Linux package installer.

This sample execution is divided into the following parts:

• Generate the EPM-UL settings files.
• Create the EPM-UL configuration package using the pbcreatelincfgpkg program.
• Install the component packages using the rpm command.
• Install the configuration package using the rpm command.

Generate the EPM-UL settings files

This section of the execution shows the generation of the settings files (pb.key, pb.cfg, and pb.settings) and also displays the EPM-UL installation menu. This output was generated using the pbinstall program with the options: –z, -l, and -r:

✅

Example

#  h=`hostname -f` ; ./pbinstall -zImgrl  -y $h -L $h -M $h
Starting pbinstall main() from /opt/beyondtrust/powerbroker/v25.1/pmul_linux.x86-64_25.1.6-11/install/.
linux.x86-64

*******************************************************************************
*******************************************************************************
**                                                                           **
**                  Privilege Management for Unix & Linux [PMUL] v10         **
**                         CRITICAL LICENSE CHANGES                          **
**                                                                           **
**       If you are upgrading from a prior version of the software you       **
**                        MUST OBTAIN A NEW LICENSE.                         **
**                                                                           **
**   To obtain a new license follow the instructions below.                  **
**                                                                           **
**   On your designated Primary License Server (10.0 and later):             **
**   1. Extract the platform specific tarball for that system                **
**   2. Navigate to the 'bin' folder where the tarball was extracted         **
**   3. Run   pbdbutil --info --uuid                                         **
**   4. Contact your BeyondTrust License provider with your HostId           **
**                                                                           **
**   If you need more details about the new ‘License Server’ role please     **
**   reference the License Management chapter in the Administration Guide,   **
**   reference the release notes, or contact support.                        **
**                                                                           **
**   In Privilege Management for Unix & Linux Version 10.0 and later,        **
**   all server components can act as a redundant license server, however    **
**   only one license is required on the primary license server.             **
**                                                                           **
*******************************************************************************
*******************************************************************************

Press Enter to continue... 



Privilege Management for Unix & Linux must have a designated Primary Server
to provide control and consistency for all its components/entities. 
The Primary Server must be installed and configured first before all other hosts.

Is this the first installation in the enterprise (designated Primary Server) [yes]? 
 
Privilege Management for Unix & Linux Settings File Generation
 
Please read the Privilege Management for Unix & Linux Installation Instructions before proceeding.



Checking MANIFEST against release directory
 
Press return to continue 



The Registry Name Service of Privilege Management for Unix & Linux
facilitates location of other services within the 
Privilege Management for Unix & Linux enterprise with 
the aid of a centralized data repository.

IMPORTANT: Client Registration is required if this is not the Primary Server and you intend to use Registry Name Services.
Do you wish to utilize Registry Name Service? [no]?



            BeyondTrust Privilege Management for Unix & Linux Installation Menu
Opt  Description                                [Value]
  1  Install Everything Here (Demo Mode)?       [no]
  2  Enter existing 'pb.settings' path          [none]
  3  Enter directory path for settings file ... [/opt/beyondtrust/powerbrok...]
  4  Install License Server?                    [yes]
  5  Install Registry Name Services Server?     [no]
  6  Install Client Registration Server?        [yes]
  7  Install Policy Server Host?                [yes]
  8  Allow Policy & Log Caching?                [no]
  9  Enable Role Based Policy?                  [no]
 10  Install Run Host?                          [yes]
 11  Install Submit Host?                       [yes]
 13  Install PBSSH                              [yes]
 14  Install sudo Policy Server?                [no]
 15  Install Log Host?                          [yes]
 16  Enable Logfile Tracking and Archiving?     [no]
 17  Is this a Log Archiver Storage Server?     [no]
 18  Is this a Log Archiver Database Server?    [no]
 19  Install File Integrity Monitoring Polic... [no]
N for the next menu page, C to continue, X to exit
Please enter a menu option [For technical support call 1-800-234-9072]> n



            BeyondTrust Privilege Management for Unix & Linux Installation Menu
Opt  Description                                [Value]
 20  Install REST Services?                     [yes]
 21  List of License Servers                    [server-01.mycompany.net]
 22  Central License                            []
 23  Enable License History?                    [no]
 24  Installation base directory?               [/opt/pbul]
 25  Database directory?                        [/opt/pbul/dbs]
 26  Path to Password Safe 'pkrun' binary       []
 30  Install Synchronization program?           [yes]
 31  Install Utilities: pbvi, pbnvi, pbmg, p... [yes]
 32  Install pbksh?                             [yes]
 33  Install pbsh?                              [yes]
 34  Install man pages?                         [yes]
 35  Will this host use a Log Host?             [yes]
 36  AD Bridge Integration?                     [no]
 41  Integration with BeyondInsight?            [no]
 54  Registry Name Service database path?       [/opt/pbul/dbs/pbsvc.db]
 55  Client Registry database path?             [/opt/pbul/dbs/pbregclnt.db]
 58  Synchronization program can be initiate... [yes]
 59  Daemons location                           [/usr/sbin]
N for the next menu page, P for the previous menu page, C to continue, X to exit
Please enter a menu option [For technical support call 1-800-234-9072]> n



            BeyondTrust Privilege Management for Unix & Linux Installation Menu
Opt  Description                                [Value]
 60  Number of reserved spaces for submit pr... [80]
 61  Administration programs location           [/usr/sbin]
 62  User programs location                     [/usr/local/bin]
 63  Policy include (sub) file directory        [/opt/pbul/policies]
 64  Policy file name                           [/opt/pbul/policies/pb.conf]
 65  User man page location                     [/usr/local/man/man1]
 66  Admin man page location                    [/usr/local/man/man8]
 67  Log Archive Storage Server name            []
 69  Log Archiver Database Server name          []
 71  Enable Caching of Log Locations?           [yes]
 72  Event Logfile Name Cache Database file ... [/opt/pbul/dbs/pblogcache.db]
 73  I/O Logfile Name Cache Database file path? [/opt/pbul/dbs/pbiologcache.db]
 74  REST Service installation directory?       [/usr/lib/beyondtrust/pb/rest]
 75  Install REST API sample code?              [no]
 77  Pblighttpd user                            [pblight]
 78  Create Pblighttpd user?                    [yes]
 79  Pblighttpd user UID                        []
 80  Pblighttpd user GID                        []
 81  Pblighttpd user group name                 [pblight]
N for the next menu page, P for the previous menu page, C to continue, X to exit
Please enter a menu option [For technical support call 1-800-234-9072]> n



            BeyondTrust Privilege Management for Unix & Linux Installation Menu
Opt  Description                                [Value]
 83  Configure target system's SuperDaemon?     [yes]
 84  Command line options for pbmasterd         [-ar]
 85  Policy Server Delay                        [500]
 86  Policy Server Protocol Timeout             [-1]
 87  pbmasterd diagnostic log                   [/var/log/pbmasterd.log]
 88  Eventlog filename                          [/var/log/pb.eventlog]
 89  Configure eventlog rotation via size?      []
 90  Configure eventlog rotation path?          []
 91  Configure eventlog rotation via cron?      [no]
 92  Validate Submit Host Connections?          [no]
 93  List of Policy Servers to submit to        [server-01.mycompany.net]
 94  pbrun diagnostic log?                      [none]
 95  pbssh diagnostic log?                      [none]
 96  Allow Local Mode?                          [yes]
 97  Additional secured task checks?            [no]
 98  Suppress Policy Server host failover er... [yes]
 99  List of Policy Servers to accept from      [server-01.mycompany.net]
100  pblocald diagnostic log                    [/var/log/pblocald.log]
101  Command line options for pblocald          []
N for the next menu page, P for the previous menu page, C to continue, X to exit
Please enter a menu option [For technical support call 1-800-234-9072]> n



            BeyondTrust Privilege Management for Unix & Linux Installation Menu
Opt  Description                                [Value]
102  Syslog pblocald sessions?                  [no]
103  Record PTY sessions in utmp/utmpx?         [yes]
104  Validate Policy Server Host Connections?   [no]
105  List of Log Hosts                          [server-01.mycompany.net]
106  Command line options for pblogd            []
107  Log Host Delay                             [500]
108  Log Host Protocol Timeout                  [-1]
109  pblogd diagnostic log                      [/var/log/pblogd.log]
110  List of log reserved filesystems           [none]
111  Number of free blocks per log system fi... [0]
112  Command line options for pbsyncd           []
113  Sync Protocol Timeout                      [-1]
114  pbsyncd diagnostic log                     [/var/log/pbsyncd.log]
115  pbsync diagnostic log                      [/var/log/pbsync.log]
116  pbsync sychronization time interval (in... [15]
117  Add installed shells to /etc/shells        [no]
118  pbksh diagnostic file                      [/var/log/pbksh.log]
119  pbsh diagnostic file                       [/var/log/pbsh.log]
120  Stand-alone pblocald command               [none]
N for the next menu page, P for the previous menu page, C to continue, X to exit
Please enter a menu option [For technical support call 1-800-234-9072]> n



            BeyondTrust Privilege Management for Unix & Linux Installation Menu
Opt  Description                                [Value]
121  Stand-alone root shell default iolog       [/pbshell.iolog]
122  Use syslog?                                [yes]
123  Syslog facility to use?                    [LOG_AUTHPRIV]
124  Base Daemon port number                    [24345]
125  pbmasterd port number                      [24345]
126  pblocald port number                       [24346]
127  pblogd port number                         [24347]
128  pbsyncd port number                        [24350]
129  REST Service port number                   [24351]
130  Add entries to '/etc/services'             [yes]
131  Allow non-reserved port connections        [yes]
132  Inbound Port range                         [1024-65535]
133  Outbound Port range                        [1025-65535]
134  Network encryption options                 [aes-256:keyfile=/etc/pb.key]
135  Event log encryption options               [none]
136  I/O log encryption options                 [none]
137  Policy file encryption options             [none]
138  Settings file encryption type              [none]
139  REST API encryption options                [aes-256:keyfile=/etc/pb.re...]
N for the next menu page, P for the previous menu page, C to continue, X to exit
Please enter a menu option [For technical support call 1-800-234-9072]> n



            BeyondTrust Privilege Management for Unix & Linux Installation Menu
Opt  Description                                [Value]
140  Configure with Kerberos v5?                [no]
146  Enforce High Security Encryption?          [yes]
147  SSL Configuration?                         [requiressl sslfirst]
148  SSL pbrun Certificate Authority Directory? [none]
149  SSL pbrun Certificate Authority File?      [none]
150  SSL pbrun Cipher List?                     [cipherlist=TLSv1.2:!SSLv2:...]
151  SSL pbrun Certificate Directory?           [none]
152  SSL pbrun Certificate File?                [none]
153  SSL pbrun Private Key Directory?           [none]
154  SSL pbrun Private Key File?                [none]
155  SSL pbrun Certificate Subject Checks?      [none]
156  SSL Server Certificate Authority Direct... [none]
157  SSL Server Certificate Authority File?     [none]
158  SSL Server Cipher List?                    [cipherlist=TLSv1.2:!SSLv2:...]
159  SSL Server Certificate Directory?          [none]
160  SSL Server Certificate File?               [/etc/pbssl.pem]
161  SSL Server Private Key Directory?          [none]
162  SSL Server Private Key File?               [/etc/pbssl.pem]
163  SSL Server Certificate Subject Checks?     [none]
N for the next menu page, P for the previous menu page, C to continue, X to exit
Please enter a menu option [For technical support call 1-800-234-9072]> n



            BeyondTrust Privilege Management for Unix & Linux Installation Menu
Opt  Description                                [Value]
164  SSL Certificate Country Code               [US]
165  SSL Certificate State/Province             [AZ]
166  SSL Certificate Location (Town/City)       [Phoenix]
167  SSL Certificate Organizational Unit/Dep... [Security]
168  SSL Certificate Organization               [BeyondTrust]
169  Configure Privilege Management for Unix... [no]
170  Install BeyondTrust built-in third-part... [yes]
171  BeyondTrust built-in third-party librar... [/usr/lib/beyondtrust/pb]
183  Use PAM?                                   [no]
191  Allow Remote Jobs?                         [yes]
192  UNIX Domain Socket directory               [none]
193  Reject Null Passwords?                     [no]
194  Enable TCP keepalives?                     [no]
195  Name Resolution Timeout                    [0]
N for the next menu page, P for the previous menu page, C to continue, X to exit
Please enter a menu option [For technical support call 1-800-234-9072]> n



            BeyondTrust Privilege Management for Unix & Linux Installation Menu
Opt  Description                                [Value]
N for the next menu page, P for the previous menu page, C to continue, X to exit
Please enter a menu option [For technical support call 1-800-234-9072]> c


Validating Log Archive Storage Server name...

Validating Log Archive Database Server name...
 
Generating key file /opt/beyondtrust/powerbroker/v25.1/pmul_linux.x86-64_25.1.6-06/install/settings_files/pb.key...
Generating key file /opt/beyondtrust/powerbroker/v25.1/pmul_linux.x86-64_25.1.6-06/install/settings_files/pb.rest.key...
 
Are all the installation settings correct [yes]? 
Generating config file /opt/beyondtrust/powerbroker/v25.1/pmul_linux.x86-64_25.1.6-06/install/settings_files/pb.cfg
Creating the settings file creation script
Backed up existing settings file creation script to:
     '/opt/beyondtrust/powerbroker/v25.1/pmul_linux.x86-64_25.1.6-06/install/pbcreatesettingsfile.ctime.Oct_1_17:09'
Running settings file creation script
Creating settings file /opt/beyondtrust/powerbroker/v25.1/pmul_linux.x86-64_25.1.6-06/install/settings_files/pb.settings
Reloading SuperDaemon Configurations...
Done Reloading SuperDaemon Configurations...

Generated settings files are in directory: /opt/beyondtrust/powerbroker/v25.1/pmul_linux.x86-64_25.1.6-06/install/settings_files
 
Installing default script-based policy pbul_policy.conf and pbul_functions.conf in /opt/beyondtrust/powerbroker/v25.1/pmul_linux.x86-64_25.1.6-06/install/settings_files
 
 
Would you like to use the default script-based policy in the configuration package?
Answer "Yes" for Fresh installs only.
If you are upgrading an existing configuration package, to avoid overwriting 
your existing policy, you should answer "No"
Use the default script-based policy [Y]? 
 
The main policy pbul_policy.conf will be included in /opt/beyondtrust/powerbroker/v25.1/pmul_linux.x86-64_25.1.6-06/install/settings_files/pb.conf

Copied pbelasticsearchtemplate.json, pbelkecsconfiguration.json, pblogstashmapping.json and sample-logstash-http.conf to /opt/beyondtrust/powerbroker/v25.1/pmul_linux.x86-64_25.1.6-06/install/settings_files

Privilege Management for Unix & Linux Settings File Generation completed successfully.
          
            

Create the EPM-UL configuration package using pbcreatelincfgpkg

This section shows the creation of the configuration package using the pbcreatelincfgpkg program with the -p and -s options.

ℹ️

At the end of its output, the pbcreatelincfgpkg script shows which EPM-UL component packages need to be installed.

✅

Example

# ./pbcreatelincfgpkg -p PRIMARY -s /opt/beyondtrust/powerbroker/v25.1/pmul_linux.x86-64_25.1.6-11/install/settings_files
pbcreatelincfgpkg: starting from /opt/beyondtrust/powerbroker/v25.1/pmul_linux.x86-64_25.1.6-11/install
pbcreatelincfgpkg: keyfile pb.key will be included in package
pbcreatelincfgpkg: keyfile pb.rest.key will be included in package
Reading /opt/beyondtrust/powerbroker/v25.1/pmul_linux.x86-64_25.1.6-11/install/settings_files/pb.cfg
Policy file pb.conf will be included in package
 
pbcreatelincfgpkg: making Privilege Management Linux configuration package . . .
Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.RSMcgH
+ umask 022
+ cd /opt/beyondtrust/powerbroker/v25.1/pmul_linux.x86-64_25.1.6-11/install/rpmbuild/BUILD
+ rm -rf '/opt/beyondtrust/powerbroker/v25.1/pmul_linux.x86-64_25.1.6-11/install/rpmbuild/BUILD/*'
+ exit 0
Executing(%build): /bin/sh -e /var/tmp/rpm-tmp.e9Ts0F
+ umask 022
+ cd /opt/beyondtrust/powerbroker/v25.1/pmul_linux.x86-64_25.1.6-11/install/rpmbuild/BUILD
+ exit 0
Executing(%install): /bin/sh -e /var/tmp/rpm-tmp.Jidj1F
+ umask 022
+ cd /opt/beyondtrust/powerbroker/v25.1/pmul_linux.x86-64_25.1.6-11/install/rpmbuild/BUILD
+ '[' /opt/beyondtrust/powerbroker/v25.1/pmul_linux.x86-64_25.1.6-11/install/rpmbuild/BUILDROOT/powerbroker-25.1.6.11-1.x86_64 '!=' / ']'
+ rm -rf /opt/beyondtrust/powerbroker/v25.1/pmul_linux.x86-64_25.1.6-11/install/rpmbuild/BUILDROOT/powerbroker-25.1.6.11-1.x86_64
++ dirname /opt/beyondtrust/powerbroker/v25.1/pmul_linux.x86-64_25.1.6-11/install/rpmbuild/BUILDROOT/powerbroker-25.1.6.11-1.x86_64
+ mkdir -p /opt/beyondtrust/powerbroker/v25.1/pmul_linux.x86-64_25.1.6-11/install/rpmbuild/BUILDROOT
+ mkdir /opt/beyondtrust/powerbroker/v25.1/pmul_linux.x86-64_25.1.6-11/install/rpmbuild/BUILDROOT/powerbroker-25.1.6.11-1.x86_64
+ mkdir -p /opt/beyondtrust/powerbroker/v25.1/pmul_linux.x86-64_25.1.6-11/install/rpmbuild/BUILDROOT/powerbroker-25.1.6.11-1.x86_64/etc
+ mkdir -p /opt/beyondtrust/powerbroker/v25.1/pmul_linux.x86-64_25.1.6-11/install/rpmbuild/BUILDROOT/powerbroker-25.1.6.11-1.x86_64//opt/pbul
+ chmod 711 /opt/beyondtrust/powerbroker/v25.1/pmul_linux.x86-64_25.1.6-11/install/rpmbuild/BUILDROOT/powerbroker-25.1.6.11-1.x86_64//opt/pbul
+ mkdir -p /opt/beyondtrust/powerbroker/v25.1/pmul_linux.x86-64_25.1.6-11/install/rpmbuild/BUILDROOT/powerbroker-25.1.6.11-1.x86_64//opt/pbul/policies
+ mkdir -p /opt/beyondtrust/powerbroker/v25.1/pmul_linux.x86-64_25.1.6-11/install/rpmbuild/BUILDROOT/powerbroker-25.1.6.11-1.x86_64//opt/pbul/scripts
+ cp /opt/beyondtrust/powerbroker/v25.1/pmul_linux.x86-64_25.1.6-11/install/settings_files/pb.settings /opt/beyondtrust/powerbroker/v25.1/pmul_linux.x86-64_25.1.6-11/install/rpmbuild/BUILDROOT/powerbroker-25.1.6.11-1.x86_64/etc/pb.settings
+ cp /opt/beyondtrust/powerbroker/v25.1/pmul_linux.x86-64_25.1.6-11/install/settings_files/pb.cfg /opt/beyondtrust/powerbroker/v25.1/pmul_linux.x86-64_25.1.6-11/install/rpmbuild/BUILDROOT/powerbroker-25.1.6.11-1.x86_64/etc/pb.cfg
+ cp /opt/beyondtrust/powerbroker/v25.1/pmul_linux.x86-64_25.1.6-11/install/../etc/pbul-rc /opt/beyondtrust/powerbroker/v25.1/pmul_linux.x86-64_25.1.6-11/install/rpmbuild/BUILDROOT/powerbroker-25.1.6.11-1.x86_64/etc/.pb.pbul-rc
+ cp /opt/beyondtrust/powerbroker/v25.1/pmul_linux.x86-64_25.1.6-11/install/settings_files/pb.conf /opt/beyondtrust/powerbroker/v25.1/pmul_linux.x86-64_25.1.6-11/install/rpmbuild/BUILDROOT/powerbroker-25.1.6.11-1.x86_64/opt/pbul/policies/pb.conf
+ cp /opt/beyondtrust/powerbroker/v25.1/pmul_linux.x86-64_25.1.6-11/install/settings_files/pbul_policy.conf /opt/beyondtrust/powerbroker/v25.1/pmul_linux.x86-64_25.1.6-11/install/rpmbuild/BUILDROOT/powerbroker-25.1.6.11-1.x86_64/opt/pbul/policies/pbul_policy.conf
+ cp /opt/beyondtrust/powerbroker/v25.1/pmul_linux.x86-64_25.1.6-11/install/settings_files/pbul_functions.conf /opt/beyondtrust/powerbroker/v25.1/pmul_linux.x86-64_25.1.6-11/install/rpmbuild/BUILDROOT/powerbroker-25.1.6.11-1.x86_64/opt/pbul/policies/pbul_functions.conf
+ cp /opt/beyondtrust/powerbroker/v25.1/pmul_linux.x86-64_25.1.6-11/install/../etc/closeactionsplunk.pl /opt/beyondtrust/powerbroker/v25.1/pmul_linux.x86-64_25.1.6-11/install/rpmbuild/BUILDROOT/powerbroker-25.1.6.11-1.x86_64//opt/pbul/scripts/.closeactionsplunk.pl.SAMPLE
+ cp /opt/beyondtrust/powerbroker/v25.1/pmul_linux.x86-64_25.1.6-11/install/settings_files/pb.key /opt/beyondtrust/powerbroker/v25.1/pmul_linux.x86-64_25.1.6-11/install/rpmbuild/BUILDROOT/powerbroker-25.1.6.11-1.x86_64/etc/pb.key
+ cp /opt/beyondtrust/powerbroker/v25.1/pmul_linux.x86-64_25.1.6-11/install/settings_files/pb.rest.key /opt/beyondtrust/powerbroker/v25.1/pmul_linux.x86-64_25.1.6-11/install/rpmbuild/BUILDROOT/powerbroker-25.1.6.11-1.x86_64/etc/pb.rest.key
+ cp /opt/beyondtrust/powerbroker/v25.1/pmul_linux.x86-64_25.1.6-11/install/pbrnscfg.sh /opt/beyondtrust/powerbroker/v25.1/pmul_linux.x86-64_25.1.6-11/install/rpmbuild/BUILDROOT/powerbroker-25.1.6.11-1.x86_64//opt/pbul/scripts/pbrnscfg.sh
+ mkdir -p /opt/beyondtrust/powerbroker/v25.1/pmul_linux.x86-64_25.1.6-11/install/rpmbuild/BUILDROOT/powerbroker-25.1.6.11-1.x86_64//opt/pbul/elk/etc
+ cp /opt/beyondtrust/powerbroker/v25.1/pmul_linux.x86-64_25.1.6-11/install/settings_files/pbelasticsearchtemplate.json /opt/beyondtrust/powerbroker/v25.1/pmul_linux.x86-64_25.1.6-11/install/rpmbuild/BUILDROOT/powerbroker-25.1.6.11-1.x86_64//opt/pbul/elk/etc/pbelasticsearchtemplate.json
+ cp /opt/beyondtrust/powerbroker/v25.1/pmul_linux.x86-64_25.1.6-11/install/settings_files/pbelkecsconfiguration.json /opt/beyondtrust/powerbroker/v25.1/pmul_linux.x86-64_25.1.6-11/install/rpmbuild/BUILDROOT/powerbroker-25.1.6.11-1.x86_64//opt/pbul/elk/etc/pbelkecsconfiguration.json
+ cp /opt/beyondtrust/powerbroker/v25.1/pmul_linux.x86-64_25.1.6-11/install/settings_files/pblogstashmapping.json /opt/beyondtrust/powerbroker/v25.1/pmul_linux.x86-64_25.1.6-11/install/rpmbuild/BUILDROOT/powerbroker-25.1.6.11-1.x86_64//opt/pbul/elk/etc/pblogstashmapping.json
+ cp /opt/beyondtrust/powerbroker/v25.1/pmul_linux.x86-64_25.1.6-11/install/settings_files/sample-logstash-http.conf /opt/beyondtrust/powerbroker/v25.1/pmul_linux.x86-64_25.1.6-06/install/rpmbuild/BUILDROOT/powerbroker-25.1.6.11-1.x86_64//opt/pbul/elk/etc/sample-logstash-http.conf
++ dirname /var/log/pbksh.log
+ logfiledir=/var/log
+ '[' '!' -d /opt/beyondtrust/powerbroker/v25.1/pmul_linux.x86-64_25.1.6-11/install/rpmbuild/BUILDROOT/powerbroker-25.1.6.11-1.x86_64/var/log ']'
+ mkdir -p /opt/beyondtrust/powerbroker/v25.1/pmul_linux.x86-64_25.1.6-11/install/rpmbuild/BUILDROOT/powerbroker-25.1.6.11-1.x86_64/var/log
++ dirname /var/log/pbsh.log
+ logfiledir=/var/log
+ '[' '!' -d /opt/beyondtrust/powerbroker/v25.1/pmul_linux.x86-64_25.1.6-11/install/rpmbuild/BUILDROOT/powerbroker-25.1.6.11-1.x86_64/var/log ']'
++ dirname /pbshell.iolog
+ logfiledir=/
+ '[' '!' -d /opt/beyondtrust/powerbroker/v25.1/pmul_linux.x86-64_25.1.6-11/install/rpmbuild/BUILDROOT/powerbroker-25.1.6.06-1.x86_64/ ']'
++ dirname /var/log/pbsyncd.log
+ logfiledir=/var/log
+ '[' '!' -d /opt/beyondtrust/powerbroker/v25.1/pmul_linux.x86-64_25.1.6-11/install/rpmbuild/BUILDROOT/powerbroker-25.1.6.11-1.x86_64/var/log ']'
++ dirname /var/log/pbsync.log
+ logfiledir=/var/log
+ '[' '!' -d /opt/beyondtrust/powerbroker/v25.1/pmul_linux.x86-64_25.1.6-11/install/rpmbuild/BUILDROOT/powerbroker-25.1.6.11-1.x86_64/var/log ']'
+ /usr/lib/rpm/check-buildroot
+ /usr/lib/rpm/redhat/brp-ldconfig
/sbin/ldconfig: Warning: ignoring configuration file that cannot be opened: /etc/ld.so.conf: No such file or directory
+ /usr/lib/rpm/brp-compress
+ /usr/lib/rpm/brp-strip /usr/bin/strip
+ /usr/lib/rpm/brp-strip-comment-note /usr/bin/strip /usr/bin/objdump
+ /usr/lib/rpm/brp-strip-static-archive /usr/bin/strip
+ /usr/lib/rpm/brp-python-bytecompile '' 1
+ /usr/lib/rpm/brp-python-hardlink
+ PYTHON3=/usr/libexec/platform-python
+ /usr/lib/rpm/redhat/brp-mangle-shebangs
*** WARNING: ./opt/pbul/elk/etc/pbelasticsearchtemplate.json is executable but has no shebang, removing executable bit
*** WARNING: ./opt/pbul/elk/etc/pbelkecsconfiguration.json is executable but has no shebang, removing executable bit
*** WARNING: ./opt/pbul/elk/etc/pblogstashmapping.json is executable but has no shebang, removing executable bit
*** WARNING: ./opt/pbul/elk/etc/sample-logstash-http.conf is executable but has no shebang, removing executable bit
Processing files: powerbroker-configPRIMARY-25.1.6.11-1.noarch
Provides: powerbroker-configPRIMARY = 25.1.6.06-1
Requires(interp): /bin/sh /bin/sh /bin/sh /bin/sh /bin/sh
Requires(rpmlib): rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(FileDigests) <= 4.6.0-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1
Requires(pre): /bin/sh
Requires(post): /bin/sh
Requires(preun): /bin/sh
Requires(postun): /bin/sh
Requires(posttrans): /bin/sh
Requires: /bin/sh /usr/bin/perl
Checking for unpackaged file(s): /usr/lib/rpm/check-files /opt/beyondtrust/powerbroker/v25.1/pmul_linux.x86-64_25.1.6-11/install/rpmbuild/BUILDROOT/powerbroker-25.1.6.11-1.x86_64
Wrote: /opt/beyondtrust/powerbroker/v25.1/pmul_linux.x86-64_25.1.6-11/install/rpmbuild/RPMS/noarch/powerbroker-configPRIMARY-25.1.6.11-1.noarch.rpm
Executing(%clean): /bin/sh -e /var/tmp/rpm-tmp.l7DFmI
+ umask 022
+ cd /opt/beyondtrust/powerbroker/v25.1/pmul_linux.x86-64_25.1.6-11/install/rpmbuild/BUILD
+ rm -rf /opt/beyondtrust/powerbroker/v25.1/pmul_linux.x86-64_25.1.6-11/install/rpmbuild/BUILDROOT/powerbroker-25.1.6.11-1.x86_64/etc /opt/beyondtrust/powerbroker/v25.1/pmul_linux.x86-64_25.1.6-11/install/rpmbuild/BUILDROOT/powerbroker-25.1.6.11-1.x86_64/opt /opt/beyondtrust/powerbroker/v25.1/pmul_linux.x86-64_25.1.6-11/install/rpmbuild/BUILDROOT/powerbroker-25.1.6.11-1.x86_64/pbshell.iolog /opt/beyondtrust/powerbroker/v25.1/pmul_linux.x86-64_25.1.6-11/install/rpmbuild/BUILDROOT/powerbroker-25.1.6.11-1.x86_64/var
+ exit 0
pbcreatelincfgpkg: rpm package built
pbcreatelincfgpkg: rpm package verified
pbcreatelincfgpkg: rpm package 'powerbroker-configPRIMARY-25.1.6.11-1.noarch.rpm' placed in 
        /opt/beyondtrust/powerbroker/v25.1/pmul_linux.x86-64_25.1.6-11/install
 
pbcreatelincfgpkg: the following packages will need to be loaded to the target system:
        powerbroker-shlibs powerbroker-master powerbroker-runhost powerbroker-submithost powerbroker-loghost powerbroker-licsvr
 
pbcreatelincfgpkg: completed.

Install component packages using the rpm command

This section shows the execution of the rpm command to install component packages for the submit host, run host, and shared libraries:

✅

Example

# cd /opt/beyondtrust/powerbroker/v25.1/pmul_linux.x86-64_25.1.6-11/package/

# rpm -iv powerbroker-shlibs-25.1.6.11-1.x86_64.rpm powerbroker-master-25.1.6.11-1.x86_64.rpm powerbroker-runhost-25.1.6.11-1.x86_64.rpm powerbroker-submithost-25.1.6.11-1.x86_64.rpm powerbroker-loghost-25.1.6.11-1.x86_64.rpm powerbroker-licsvr-25.1.6.11-1.x86_64.rpm 
Verifying packages...
Preparing packages...
powerbroker-licsvr-25.1.6.11-1.x86_64
powerbroker-loghost-25.1.6.11-1.x86_64
powerbroker-submithost-25.1.6.11-1.x86_64
powerbroker-runhost-25.1.6.11-1.x86_64
powerbroker-master-25.1.6.11-1.x86_64
powerbroker-shlibs-25.1.6.11-1.x86_64

Install the configuration package using the rpm command

This section shows the execution of the Linux rpm command to install the configuration package. Following installation of the configuration package, the installation is verified by submitting the id command to EPM-UL, and the Linux rpm -qa utility is used to list the EPM-UL packages installed:

✅

Example

# cd /opt/beyondtrust/powerbroker/v25.1/pmul_linux.x86-64_25.1.6-11/install
# rpm -iv powerbroker-configPRIMARY-25.1.6.11-1.noarch.rpm 
Verifying packages...
Preparing packages...
Creating /opt/pbul
Creating /opt/pbul/dbs
Creating /opt/pbul/locks
Creating /opt/pbul/msgrouter
Creating /opt/pbul/etc
Creating /opt/pbul/policies
Creating /opt/pbul/scripts
Creating /opt/pbul/sudoersdir
powerbroker-configPRIMARY-25.1.6.11-1.noarch
Reading pb.cfg...
Created symlink /etc/systemd/system/multi-user.target.wants/pblighttpd.service -> /etc/systemd/system/pblighttpd.service.
Checking installation of dependent component packages...
'rpm -V powerbroker-shlibs  --nouser' of package powerbroker-shlibs succeeded
'rpm -V powerbroker-licsvr  --nouser' of package powerbroker-licsvr succeeded
'rpm -V powerbroker-loghost  --nouser' of package powerbroker-loghost succeeded
'rpm -V powerbroker-submithost  --nouser' of package powerbroker-submithost succeeded
'rpm -V powerbroker-runhost  --nouser' of package powerbroker-runhost succeeded
'rpm -V powerbroker-master  --nouser' of package powerbroker-master succeeded
Looking for SuperDaemons to configure...
Finished looking for SuperDaemons to configure...
Removing PowerBroker service definitions (if any) from /etc/services.
Adding PowerBroker service definitions to /etc/services.
Removing PowerBroker property lists (if any) from systemd. 
Adding PowerBroker property lists to systemd. 
Reloading SuperDaemon Configurations...
Done Reloading SuperDaemon Configurations...
Updating Settings in database (if any)...
 

Information for future Client Registration:
This host has been configured as the primary server in the Privilege Management for Unix & Linux enterprise.
To facilitate client configuration of Privilege Management for Unix & Linux clients for this server, 
retain the following information:

     Application ID  : admin
     Application Key : "1e3a5fe8-d5e9-4320-8606-16145763d5ee"
     Client Profile name(s): default, servers_default, pkginst_dflt, pkg_regrnsclient

     REST TCP/IP Port: 24351

Note: Get details of the profile by runnning the command:
      /usr/sbin/pbdbutil --reg -g \'{\"name\":\"<profile>\"}\'

Important: Note down the Application Key(s) since this cannot be retrieved later.


# pbrun id
uid=0(root) gid=0(root) groups=0(root)

 
# rpm -qa | grep powerbroker # list PowerBroker packages
powerbroker-master-25.1.6.11-1.x86_64
powerbroker-loghost-25.1.6.11-1.x86_64
powerbroker-configPRIMARY-25.1.6.11-1.noarch
powerbroker-runhost-25.1.6.11-1.x86_64
powerbroker-licsvr-25.1.6.11-1.x86_64
powerbroker-shlibs-25.1.6.11-1.x86_64
powerbroker-submithost-25.1.6.11-1.x86_64

Sample of the uninstall process from a package installation

This section shows the execution of the Linux rpm utility to remove the EPM-UL packages:

✅

Example

# rpm -e powerbroker-configPRIMARY-25.1.6.11-1.noarch powerbroker-runhost-25.1.6.11-1.x86_64 powerbroker-submithost-25.1.6.11-1.x86_64 powerbroker-licsvr-25.1.6.11-1.x86_64 powerbroker-loghost-25.1.6.11-1.x86_64 powerbroker-master-25.1.6.11-1.x86_64 powerbroker-shlibs-25.1.6.11-1.x86_64
Reading pb.cfg...
Looking for SuperDaemons to configure...
Finished looking for SuperDaemons to configure...
Removing PowerBroker service definitions (if any) from /etc/services.
Removing PowerBroker property lists (if any) from systemd. 
Reloading SuperDaemon Configurations...
Done Reloading SuperDaemon Configurations...
Moving /var/log/pb.eventlog to /tmp/beyondtrust_pbinstall
Moving /etc/pbssl.pem to /tmp/beyondtrust_pbinstall
Moving /etc/pb.db to /tmp/beyondtrust_pbinstall
Moving /opt/pbul/scripts/closeactionsplunk.pl to /tmp/beyondtrust_pbinstall
Moving /opt/pbul/scripts/closeactionsplunk.pl to /tmp/beyondtrust_pbinstall
Removing /opt/pbul/scripts -- empty BeyondTrust Created Directory
Removing /opt/pbul/policies -- empty BeyondTrust Created Directory
Removed /etc/systemd/system/multi-user.target.wants/pblighttpd.service.
Moving generated content of /usr/lib/beyondtrust/pb/rest to /tmp/beyondtrust_pbinstall/rest
Moving /opt/pbul/dbs/pbregclnt.db to /tmp/beyondtrust_pbinstall
Moving /opt/pbul/dbs/pbiologaction.db to /tmp/beyondtrust_pbinstall
Moving /opt/pbul/dbs/pblicense.db to /tmp/beyondtrust_pbinstall
Moving /opt/pbul/dbs/pblogcache.db to /tmp/beyondtrust_pbinstall
Moving /opt/pbul/dbs/pbrstkeys.db to /tmp/beyondtrust_pbinstall
Moving /opt/pbul/dbs/pbiologaction.db.pid to /tmp/beyondtrust_pbinstall
Moving /var/log/pbadmin.log to /tmp/beyondtrust_pbinstall
Removing /opt/pbul/locks -- empty BeyondTrust Created Directory
Removing /opt/pbul/msgrouter -- empty BeyondTrust Created Directory
Removing /opt/pbul/etc -- empty BeyondTrust Created Directory
Removing /opt/pbul/sudoersdir -- empty BeyondTrust Created Directory
Moving /var/log/pbrest.log to /tmp/beyondtrust_pbinstall
Moving directory /opt/pbul to /tmp/beyondtrust_pbinstall
Removing /usr/lib/beyondtrust/pb/rest/www/sockets
Removing /usr/lib/beyondtrust/pb/rest/www/docs
Removing /usr/lib/beyondtrust/pb/rest/www
Removing /usr/lib/beyondtrust/pb/rest/ssl
Removing /usr/lib/beyondtrust/pb/rest/run
Removing /usr/lib/beyondtrust/pb/rest/sbin
Removing /usr/lib/beyondtrust/pb/rest/lib
Removing /usr/lib/beyondtrust/pb/rest/etc

AIX package installer

This section describes how to install EPM-UL using a package installer for AIX on a POWER 64-bit computer. AIX package installers are compatible with or without workload partitions (WPARs). Use the AIX package installer to install EPM-UL using the AIX installp command.

The AIX package installer described here is not compatible with the BeyondTrust Endpoint Privilege Management v5.x packages. You must remove v5.x packages before installing the EPM-UL AIX packages.

WPARs

If you have AIX v6.1 or higher, then you can use WPARs.

ℹ️

For more information about WPARs and propagating BeyondTrust AIX package installations to them, see:

• Installation Process
• View a list of installed EPM-UL packages

Prerequisites

• Package tarball file for the appropriate EPM-UL flavor
• Root access or superuser privileges

ℹ️

The EPM-UL AIX package installer does not support prefix or suffix installations.

Plan your installation

When preparing to use the package installer, you should be familiar with the following concepts and restrictions:

Component packages: an EPM-UL component package is an AIX backup file format (.bff) file that installs a portion of the EPM-UL application. Component packages use a format of powerbroker.component-v.v.r.bb.bff, where:

• v = major version
• v = minor version
• r = release
• bb = build

✅

Example

powerbroker.submithost-25.1.6.05.bff

Which component packages are required depends on the type of EPM-UL host you are creating. You can select the types of hosts in the pbinstall installation menu, as shown in the following table.

Configuration package: AIX installation package created by the user named powerbroker.config[suffix], where suffix is user-defined. It contains the configuration files that are used to install the following files:

• pb.settings: Hardcoded target location /etc/pb.settings
• pb.cfg: Hardcoded target location /etc/pb.cfg
• All the encryption keyfiles defined for networkencryption, eventlogencryption, iologencryption, reportencryption, policyencryption, and restkeyencryption
• By default, two key files are created: pb.key and pb.rest.key
• The sysadmin can define multiple encryption with different keyfiles in locations other than /etc. To upgrade and retain settings on the target machine, view all encryption settings in /etc/pb.settings and copy the files to the settings_files directory before running "pbinstall -z" and pbcreate*cfgpkg
• Man pages for the pbinstall and pbcreateaixcfgpkg programs

The configuration package is created by the pbcreateaixcfgpkg program. The component packages must be installed before you install the configuration package.

Package name: Name of the installation package stored in the AIX database. For EPM-UL package installations, this name is the same as the package file name without the .bff extension.

pbinstall program: To create the EPM-UL settings files, you use the pbinstall program with the -z (settings only) option. pbinstall -z only creates the settings files and is incompatible with the following command line options:

When you execute pbinstall with the -z option, you can see two menu items that are not otherwise available:

• Enter existing pb.settings path: Enables you to set your pb.settings file. pbinstall reads this settings file and populates the remaining menu choices. You can override some menu choices. If set to none, then pbinstall does not read a settings file. The remaining menu choices are populated with default values.
• Enter directory path for settings file creation: Enables you to set an alternative output directory for the settings files. The default directory is /unzip-dir/powerbroker/<version>/<flavor>/ install/settings_files, where unzip-dir is the directory where the package tarball file was unzipped.

The behavior of pbinstall -z depends on whether certain additional command line options are specified:

• If no other command line options are specified, pbinstall initially presents a short version of the installation menu (items 1–8 only). Depending on the choices you make in these items, further menu items become available.
• If command line options -l or -r are specified, pbinstall presents an expanded version of the installation menu that reflects the host types that you are configuring.

When running pbinstall with the -z option, the following menu items are preprogrammed and cannot be changed:

• Install man pages?
• Daemon location
• Administration programs location
• User programs location
• User man page location
• Admin man page location
• BeyondTrust built-in third-party library directory

In addition, the values of the following menu items determine the values of other menu items:

If you plan to use Registry Name Service and are running pbinstall -z on a client host (non-primary server), you must perform client registration. This is necessary to properly set up the registry name service database. Client registration will also require that you collect from the EPM-UL primary server the following information:

• REST Application ID
• REST Application Key
• Primary server network name or IP address
• Primary License Server REST TCP/IP port
• Registration Client Profile name

ℹ️

If you are using the package installer to install EPM-UL on a computer that already has an interactive EPM-UL installation on it, see Installation considerations for additional considerations.

RNS client registration: If Registry Name Services is enabled for EPM-UL, each client host (after the first server installation) needs to be registered with the Primary Registry Name Server. When using package installers on a target host, a post-install configuration script (/opt/pbul/scripts/pbrnscfg.sh) is provided to be manually executed on that host to properly register it. This post-install configuration script asks for information about the Primary Registry Name Server, including the Application ID (appid), Application Key (appkey), address/domain name, and the REST TCP/IP port number. This is the same information provided during the client registration part of a pbinstall -z install which generates the settings file.

If you prefer a more convenient method of registering RNS clients where the post-install configuration script is non-interactive, EPM-UL can save the relevant information in a hidden file during the settings-only run of pbinstall, bundle it with the configuration package, and automatically apply it to the target host when that package is installed. However, understand that this is not secure, but is available if the security-convenience trade-off is acceptable. To enable this, refer to the question regarding post-install configuration script displayed when running pbinstall -z.

Use EPM-UL packages on AIX WPARs

The AIX package installer supports AIX WPARs in AIX v6.1 and higher. The primary operating system instance is referred to as the global WPARs. All WPARs that are not global are referred to as non-global WPARs.

ℹ️

AIX release v6.1 or higher is required. The use of WPARs is not supported on earlier releases. There are two types of WPARs:

• Shared WPARs share some of the global environment’s file systems and are administered by the global environment.
• Non-shared WPARs share none of the global environment’s file systems and are treated as stand-alone systems.

Installing AIX packages on WPARs is similar to installing these packages on AIX systems without WPARs.

Overview of steps

Using the AIX package installer involves the following steps:

1. Unpack the EPM-UL package tarball file.
2. Use the pbinstall program to create EPM-UL settings files.
3. Use the pbcreateaixcfgpkg program to create the EPM-UL configuration package.
4. Perform a package installation using the AIX installp command for any required components.
5. Perform a package installation using the AIX installp command for the EPM-UL configuration package.
6. If Registry Name Service is enabled and installing on a non-primary servery, run /opt/pbul/scripts/pbrnscfg.sh to register the host.

Installation procedure

To install EPM-UL in the AIX global environment, do the following:

1. Extract the package tarball files into the /opt/beyondtrust/ directory by executing the following command:

   gunzip -c pmul_<flavor_version>_pkg.tar.Z | tar xvf -
   

2. Navigate to the /opt/beyondtrust/powerbroker/<version>/<flavor>/install/ directory.

3. Execute the following command:

   ./pbinstall -z
   

   You are asked if you want to use client registration. If you plan to enable Registry Name Service, and are installing on a host that is not designated as a primary server, you must run client registration.

   pbinstall next asks if you want to enable Registry Name Service.

   pbinstall displays the EPM-UL installation menu.

4. Make your menu selections. When the menu selection process is complete, pbinstall creates the following files in the specified location:

   • pb.settings
   • pb.cfg
   • pb.key (if encryption is enabled)
   • pbpolicykey.pem and pbpolicypubcert.pem (for Policy Server hosts with Cached Policy feature enabled)

ℹ️

The Enter existing pb.settings path menu option enables you to set your own pb.settings file to use. Also, the Enter directory path for settings file creation menu option enables you to set where to save the generated settings files. These menu options are available only when running pbinstall with the -z option.

5. Optional. For an EPM-UL client, if client-server communications are to be encrypted, replace the generated pb.key file with pb.key file from the policy server host. Also, copy any other required key files into the same directory.

6. Optional. For a policy server host, write a policy file (pb.conf) and place it in the directory with the other generated files. If you do not provide a pb.conf file, a pb.conf file with the single command reject ; is generated and packaged.

   Starting with v8.0, pbinstall -z can optionally install the default role-based policies and asks:

   Installing default role-based policy pbul_policy.conf and pbul_functions.conf in <install_dir>/settings_files
                       
   Would you like to use the default role-based policy in the configuration package?
   

   • Answer Yes for new installs only.
   • If you are upgrading an existing configuration package, to avoid overwriting your existing policy, answer No.

   Use the default role-based policy [Y]?
   

   • If you answer Yes, the default pb.conf, pbul_policy.conf and pbul_functions.conf files are created and installed on the policy server.
   • If you are installing over an existing installation, and have an existing policy in place, answer No.

7. Navigate to the /opt/beyondtrust/powerbroker/<version>/<flavor>/install/ directory.

8. Run the pbcreateaixcfgpkg utility by typing:

   pbcreateaixcfgpkg -p suffix -s directory
   

   • suffix is appended to the filenames of the configuration package backup file format file and the package administration file; the length can be up to 26 characters.
   • directory contains the EPM-UL settings and configuration files to include in the package.

   The pbcreateaixcfgpkg utility creates the configuration package file, powerbroker.config-v.v.r.b.bff.

9. Navigate to the /opt/beyondtrust/powerbroker/<version>/<flavor>/package/ directory.

10. For each required component package, run the AIX installp command to install one component package by typing:

    installp -agd ./ powerbroker.pkg-name
    

    pkg-name is the name of the component package file.

    ✅

    Example

    installp -agd ./ powerbroker.pkg-name
    

Using the -g option installs all the prerequisite packages along with the powerbroker.submithost package. In this case, powerbroker.common is a prerequisite package for the powerbroker.submit package.

Alternately you can install all the component packages by typing:

installp -agd ./ powerbroker

11. Run the AIX installp command to install the configuration package by typing:

installp -ad ./ powerbroker.config<suffix>

is the suffix that is set when you create the configuration package in step 8.

12. Verify the installation of the packages with the AIX lslpp command by typing:

lslpp -l | grep powerbroker

13. If Registry Name Service is enabled and installed on a non-primary server, register the host with the Primary Registry Name Server using a post-install configuration script. Gather the Application ID, Application Key, network name or IP address, and REST TCP/IP port of the primary server, then run the script to register the host and follow the prompts:

/opt/pbul/scripts/pbrnscfg.sh

ℹ️

For additional information, see the following:

• For other options you can use with the pbinstall -z option, Plan Your Installation.
• pblighttpd
• pbcreateaixcfgpkg

Install EPM-UL onto WPARs

The process for installing AIX packages onto non-shared workload partitions (WPARs) is similar to the process for installing in the global AIX environment because the installed software is private to the non-shared WPAR. Therefore, there is no need for synchronization.

To install packages onto shared WPARs, follow the following:

1. Follow the procedures in the installation procedure to create the AIX packages.
2. Install Endpoint Privilege Management component (usr) packages in the global AIX environment. The usr packages are visible to the WPARs.
3. Install Endpoint Privilege Management configuration (root) package in the global AIX environment. The root packages are not visible to the WPARs until propagated.
4. To make the Endpoint Privilege Management configuration (root) package visible to the WPARs, use the syncwpar command and propagate the packages to WPARs.
5. Optional. List the WPARs.

Remove EPM-UL packages

Removing the EPM-UL packages completely uninstalls EPM-UL from a computer. To remove the packages:

1. Navigate to the /opt/beyondtrust/powerbroker/<version>/aix/install/ directory.
2. Remove multiple packages by typing:

   installp -u powerbroker.configClient component-package-1 ... component-package-n
   

• configClient is the name of the package specified during installation of the configuration package. Because of the dependency relationship between the configuration package and the component packages, this package name must come first in the list.
• component-package-1 through component-package-n are the names of the packages specified during installation of the component packages, such as powerbroker.submithost.

✅

Example

installp -u powerbroker.configClient powerbroker.submithost powerbroker.loghost

Or you may remove a package and its prerequisites by using the installp -gu command.

✅

Example

The following command removes the powerbroker.runhost package and its prerequisite package powerbroker.common:

installp -gu powerbroker.runhost

Remove AIX package from shared WPARs

To remove packages from shared workload partitions (WPARs), do the following:

1. Remove the packages from the global AIX environment using the following command:

   installp -u powerbroker
   

   All EPM-UL usr packages and the global root package are removed.

2. Remove the EPM-UL root packages from WPARs by doing either of the following:

   • Remove the root package from one or more specified WPARs by typing the following command from the global AIX environment:

     syncwpar [nodeA] [nodeB] ... [nodeX]
     

     nodeA, nodeB, ... nodeX are the names of the WPARs.

   • Remove the root package from all WPARs by typing the following command from the global AIX environment:

     syncwpar -A
     

     When you use the -A option, all root packages are removed from WPAR.

ℹ️

The syncwpar command synchronizes all packages between the AIX global environment and shared WPARs.

3. Optional. Verify that the packages are removed from the WPARs.

Update EPM-UL with update packages

The AIX package installer can be used to update an existing EPM-UL installation to a new version. The existing version should have been installed using the AIX package installer.

Update package considerations

Installing an update package is similar to using the AIX package installer to install EPM-UL for the first time. Keep these considerations in mind when you prepare to upgrade EPM-UL:

• Each release of AIX update packages contains only the updated files. Therefore, a full EPM-UL package installation (of the same major and minor version) must be performed before you can install an upgrade package. For example, before you can install update package version 9.2.1, you must have the full EPM-UL package version 9.2.0 installed.
• Each successive AIX update package is cumulative; for example, update package version 9.4.1 contains all of the updates in update package version 9.4.0.
• A newer release can introduce features that use new settings or configurations. In which case, an upgrade of the configuration package of EPM-UL is also needed.
• Update packages that have not been committed can be rejected. You cannot reject update packages that have been committed.
• Committing a given update package requires prior or concurrent commit of earlier update packages.
• The EPM-UL configuration package does not contain any executable files and therefore does not need to be upgraded. However, if you are creating a new configuration package, you should create it with the same version of EPM-UL as the component packages you are installing.

Update package procedure

Follow this procedure to update your installation of EPM-UL using the update packages:

1. Obtain the tarball file for the AIX update packages that are appropriate for your hardware. The tarball file name has the format pmul_-v.v.r-bb-update_pkg.tar.Z, where:
   • indicates the operating system and hardware architecture.
   • v.v.r is the major and minor version number and the release number.
   • bb is the build number.
2. Extract the package files into the /unzip-dir/ directory by executing the following command:

   gunzip -c pmul_<flavor_version>-update_pkg.tar.Z | tar xvf -
   

3. Navigate to the /unzip-dir/powerbroker/<version>/<flavor>/install/ directory.
4. Create the settings_files directory and change directory to that location.
5. To retain or correctly update the settings of the current installation, copy the following files from the target installation host into the settings_files directory you created in step 4:
   • /etc/pb.settings
   • /etc/pb.cfg
   • encryption keys defined in pb.settings for networkencryption, eventlogencryption, iologencryption, reportencryption, policyencryption, and restkeyencryption settings (if enabled)

ℹ️

In a default installation, there are typically 2 key files created: pb.key and pb.rest.key.

6. Execute the following command to verify and update the installation settings in the settings_files directory:

./pbinstall -z

7. Create the upgrade configuration package by running the pbcreateaixcfgpkg utility:

pbcreateaixcfgpkg -p suffix

Use the current suffix of the installation to be upgraded. Use the suffix you provided during the initial package installation in step 8 of the Installation procedure.

Another way to find the suffix is to run the following command on the target installation host to get the list of packages installed:

lslpp -l | grep powerbroker

Identify the suffix of the configuration package using this format:

powerbroker.config<suffix>

8. Navigate to the /unzip-dir/powerbroker/version/flavor/package/ directory.

9. Run the AIX installp utility to install the component package or packages by typing:

   installp -ad ./ powerbroker.package_name [v.v.r.bb] [powerbrokder.package_name [v.v.r.bb] ... ]
   

   where:

   • package_name is the name of the package to be installed.
   • v.v.r.bb (optional) is the version, release, and build number, for example, 9.4.1.03.

10. Navigate to the /unzip-dir/powerbroker/<version>/<flavor>/install/ directory.

11. Run the AIX installp command to install the configuration package by typing:

    installp -ad ./ powerbroker.config<suffix>
    

    is the suffix that is set when you create the configuration package in step 7.

12. Commit the update package by typing:

    installp -c powerbroker [v.v.r.bb]
    

    v.v.r.bb (optional) is the version, release, and build number, for example, 9.4.1.03.

13. Verify the installation of the filesets with the AIX lslpp utility by typing:

    lslpp -al powerbroker.package_name
    

    package_name is the name of the package that you installed.

Reject an update package

You can reject an update package that has been applied but not committed by typing:

installp -r powerbroker.package_name [v.v.r.bb]

where:

• package_name is the name of the package that you want to reject.
• v.v.r.bb (optional) is the version, release, and build number, for example, 6.2.1.11 After an update package has been committed, you can not reject it.

Update packages and WPARs

Installing update packages on workload partitions (WPARs) involves the same considerations as installing a baseline EPM-UL package on WPARs.

Upgrade the configuration package

When upgrading the configuration package (cfg pkg), some settings that are part of the package might need settings and configuration files copied from the existing installation to the staging host.

Files included in the cfg package:

• pb.settings: Hardcoded target location /etc/pb.settings.

• pb.cfg: Hardcoded target location /etc/pb.cfg.

• All the encryption key files defined for networkencryption, eventlogencryption, iologencryption, reportencryption, policyencryption, and restkeyencryption. By default, two key files are typically created:

  • pb.key
  • pb.rest.key

  The sysadmin can define encryption with different key files in locations other than /etc. Therefore, when upgrading, and to retain what is installed on the target machine, look at all the encryption settings in /etc/pb.settings. Copy the settings to the settings_files directory before running pbinstall -z and pbcreate*cfgpkg.

Sample execution for the AIX package installer

The sample execution shows the installation of an EPM-UL submit host, run host, and shared libraries using the AIX package installer.

This sample execution is divided into the following parts:

• Generate the EPM-UL settings files.
• Create the EPM-UL configuration package using the pbcreateaixcfgpkg program.
• Install the component packages using the installp -ad command.
• Install the configuration package using the installp -ad command.
• Use syncwpar to propagate additional AIX global environment packages to shared workload partitions (WPARs). WPARS are available with AIX v6.1 and higher.

Generate the EPM-UL settings files

This section of the execution shows the generation of the settings files (pb.key, pb.cfg, and pb.settings) and also displays the EPM-UL installation menu. This output was generated using the pbinstall program with the -z -lr option.

✅

Example

# ./pbinstall -z -lr 
Starting pbinstall main() from /opt/beyondtrust/powerbroker/v25.1/pmul_aix_25.1.6-11/install/.
aix

IMPORTANT NOTE: You can only install Privilege Management for Unix & Linux client on this operating system.
 
WARNING: 
When creating configuration packages to be installed on AIX WPARs, care 
must be taken to set log file directories to WPAR-writable partitions. 
The default AIX shared WPAR has the following read-only and/or shared 
partitions, although configuration can vary: 

        /usr /opt /proc

The Privilege Management for Unix & Linux log file default directory for AIX WPARs is '/var/adm'. 
 
Privilege Management for Unix & Linux Settings File Generation
 
Please read the Privilege Management for Unix & Linux Installation Instructions before proceeding.
 
Checking MANIFEST against release directory
Press return to continue 

The Registry Name Service of Privilege Management for Unix & Linux
facilitates location of other services within the 
Privilege Management for Unix & Linux enterprise with 
the aid of a centralized data repository.

IMPORTANT: Client Registration is required if this is not the Primary Server and you intend to use Registry Name Services.
Do you wish to utilize Registry Name Service? [no]? 

            BeyondTrust Privilege Management for Unix & Linux Installation Menu
Opt  Description                                [Value]
  1  Install Everything Here (Demo Mode)?       [no]
  2  Enter existing 'pb.settings' path          [none]
  3  Enter directory path for settings file ... [/opt/beyondtrust/powerbrok...]
 10  Install Run Host?                          [yes]
 11  Install Submit Host?                       [yes]
 13  Install PBSSH                              [yes]
 20  Install REST Services?                     [yes]
 24  Installation base directory?               [/opt/pbul]
 25  Database directory?                        [/opt/pbul/dbs]
 26  Path to Password Safe 'pkrun' binary       []
 31  Install Utilities: pbvi, pbnvi, pbmg, p... [yes]
 32  Install pbksh?                             [yes]
 33  Install pbsh?                              [yes]
 34  Install man pages?                         [yes]
 35  Will this host use a Log Host?             [yes]
 36  AD Bridge Integration?                     [no]
 59  Daemons location                           [/usr/sbin]
 60  Number of reserved spaces for submit pr... [80]
 62  User programs location                     [/usr/local/bin]
 65  User man page location                     [/usr/share/man/man1]
 66  Admin man page location                    [/usr/share/man/man8]
 74  REST Service installation directory?       [/usr/lib/beyondtrust/pb/rest]
 75  Install REST API sample code?              [no]
 77  Pblighttpd user                            [pblight]
 78  Create Pblighttpd user?                    [yes]
 79  Pblighttpd user UID                        []
 80  Pblighttpd user GID                        []
 81  Pblighttpd user group name                 [pblight]
 83  Configure target system's SuperDaemon?     [yes]
 85  Policy Server Delay                        [500]
 86  Policy Server Protocol Timeout             [-1]
 93  List of Policy Servers to submit to        [server-01.mycompany.net]
 94  pbrun diagnostic log?                      [none]
 95  pbssh diagnostic log?                      [none]
 96  Allow Local Mode?                          [yes]
 97  Additional secured task checks?            [no]
 98  Suppress Policy Server host failover er... [yes]
 99  List of Policy Servers to accept from      [server-01.mycompany.net]
100  pblocald diagnostic log                    [/var/adm/pblocald.log]
101  Command line options for pblocald          []
102  Syslog pblocald sessions?                  [no]
103  Record PTY sessions in utmp/utmpx?         [yes]
104  Validate Policy Server Host Connections?   [no]
105  List of Log Hosts                          [server-01.mycompany.net]
107  Log Host Delay                             [500]
108  Log Host Protocol Timeout                  [-1]
110  List of log reserved filesystems           [none]
117  Add installed shells to /etc/shells        [no]
118  pbksh diagnostic file                      [/var/adm/pbksh.log]
119  pbsh diagnostic file                       [/var/adm/pbsh.log]
120  Stand-alone pblocald command               [none]
121  Stand-alone root shell default iolog       [/pbshell.iolog]
122  Use syslog?                                [yes]
123  Syslog facility to use?                    [LOG_AUTH]
124  Base Daemon port number                    [24345]
125  pbmasterd port number                      [24345]
126  pblocald port number                       [24346]
127  pblogd port number                         [24347]
129  REST Service port number                   [24351]
130  Add entries to '/etc/services'             [yes]
131  Allow non-reserved port connections        [yes]
132  Inbound Port range                         [1024-65535]
133  Outbound Port range                        [1025-65535]
134  Network encryption options                 [aes-256:keyfile=/etc/pb.key]
138  Settings file encryption type              [none]
139  REST API encryption options                [aes-256:keyfile=/etc/pb.re...]
140  Configure with Kerberos v5?                [no]
146  Enforce High Security Encryption?          [yes]
147  SSL Configuration?                         [requiressl sslfirst]
148  SSL pbrun Certificate Authority Directory? [none]
149  SSL pbrun Certificate Authority File?      [none]
150  SSL pbrun Cipher List?                     [cipherlist=TLSv1.2:!SSLv2:...]
151  SSL pbrun Certificate Directory?           [none]
152  SSL pbrun Certificate File?                [none]
153  SSL pbrun Private Key Directory?           [none]
154  SSL pbrun Private Key File?                [none]
155  SSL pbrun Certificate Subject Checks?      [none]
156  SSL Server Certificate Authority Direct... [none]
157  SSL Server Certificate Authority File?     [none]
158  SSL Server Cipher List?                    [cipherlist=TLSv1.2:!SSLv2:...]
159  SSL Server Certificate Directory?          [none]
160  SSL Server Certificate File?               [/etc/pbssl.pem]
161  SSL Server Private Key Directory?          [none]
162  SSL Server Private Key File?               [/etc/pbssl.pem]
163  SSL Server Certificate Subject Checks?     [none]
164  SSL Certificate Country Code               [US]
165  SSL Certificate State/Province             [AZ]
166  SSL Certificate Location (Town/City)       [Phoenix]
167  SSL Certificate Organizational Unit/Dep... [Security]
168  SSL Certificate Organization               [BeyondTrust]
169  Configure Privilege Management for Unix... [no]
170  Install BeyondTrust built-in third-part... [yes]
171  BeyondTrust built-in third-party librar... [/usr/lib/beyondtrust/pb]
183  Use PAM?                                   [no]
191  Allow Remote Jobs?                         [yes]
192  UNIX Domain Socket directory               [none]
193  Reject Null Passwords?                     [no]
194  Enable TCP keepalives?                     [no]
195  Name Resolution Timeout                    [0]
N for the next menu page, P for the previous menu page, C to continue, X to exit
Please enter a menu option [For technical support call 1-800-234-9072]> c


Generating key file /opt/beyondtrust/powerbroker/v25.1/pmul_aix_25.1.6-06/install/settings_files/pb.key...
Generating key file /opt/beyondtrust/powerbroker/v25.1/pmul_aix_25.1.6-06/install/settings_files/pb.rest.key...
 
Are all the installation settings correct [yes]? 
Generating config file /opt/beyondtrust/powerbroker/v25.1/pmul_aix_25.1.6-06/install/settings_files/pb.cfg
Creating the settings file creation script
Running settings file creation script
Creating settings file /opt/beyondtrust/powerbroker/v25.1/pmul_aix_25.1.6-06/install/settings_files/pb.settings

Generated settings files are in directory: /opt/beyondtrust/powerbroker/v25.1/pmul_aix_25.1.6-06/install/settings_files
Copied pbelasticsearchtemplate.json, pbelkecsconfiguration.json, pblogstashmapping.json and sample-logstash-http.conf to /opt/beyondtrust/powerbroker/v25.1/pmul_aix_25.1.6-06/install/settings_files

Privilege Management for Unix & Linux Settings File Generation completed successfully.

Create the EPM-UL configuration package using pbcreateaixcfgpkg

This section shows the creation of the configuration package using the pbcreateaixcfgpkg program with the -p and -s options.

At the end of the output, the pbcreateaixcfgpkg script shows which component packages need to be installed.

# ./pbcreateaixcfgpkg -p CLIENTS -s /opt/beyondtrust/powerbroker/v25.1/pmul_aix_25.1.6-11/install/settings_files/
pbcreateaixcfgpkg: starting from /opt/beyondtrust/powerbroker/v25.1/pmul_aix_25.1.6-11/install
pbcreateaixcfgpkg: keyfile pb.key will be included in package
pbcreateaixcfgpkg: keyfile pb.rest.key will be included in package
pbcreateaixcfgpkg: Reading /opt/beyondtrust/powerbroker/v25.1/pmul_aix_25.1.6-11/install/settings_files//pb.cfg
pbcreateaixcfgpkg: processing, please wait . . .
pbcreateaixcfgpkg: archiving root package control library...
ar: Creating an archive file /opt/beyondtrust/powerbroker/v25.1/pmul_aix_25.1.6-11/install/lppbuild/usr/lpp/powerbroker.configCLIENTS/inst_root/liblpp.a.
q - powerbroker.configCLIENTS.al
q - powerbroker.configCLIENTS.cfgfiles
q - powerbroker.configCLIENTS.config
q - powerbroker.configCLIENTS.inventory
q - powerbroker.configCLIENTS.post_i
q - powerbroker.configCLIENTS.pre_i
q - powerbroker.configCLIENTS.size
q - powerbroker.configCLIENTS.unpost_i
q - powerbroker.configCLIENTS.unpre_i
ar: Sequentially ordering and compressing /opt/beyondtrust/powerbroker/v25.1/pmul_aix_25.1.6-11/install/lppbuild/usr/lpp/powerbroker.configCLIENTS/inst_root/liblpp.a.
g - powerbroker.configCLIENTS.al
g - powerbroker.configCLIENTS.cfgfiles
g - powerbroker.configCLIENTS.config
g - powerbroker.configCLIENTS.inventory
g - powerbroker.configCLIENTS.post_i
g - powerbroker.configCLIENTS.pre_i
g - powerbroker.configCLIENTS.size
g - powerbroker.configCLIENTS.unpost_i
g - powerbroker.configCLIENTS.unpre_i
pbcreateaixcfgpkg: archiving usr package control library...
ar: Creating an archive file /opt/beyondtrust/powerbroker/v25.1/pmul_aix_25.1.6-11/install/lppbuild/usr/lpp/powerbroker.configCLIENTS/liblpp.a.
q - powerbroker.configCLIENTS.al
q - powerbroker.configCLIENTS.copyright
q - powerbroker.configCLIENTS.size
ar: Sequentially ordering and compressing /opt/beyondtrust/powerbroker/v25.1/pmul_aix_25.1.6-11/install/lppbuild/usr/lpp/powerbroker.configCLIENTS/liblpp.a.
g - powerbroker.configCLIENTS.al
g - powerbroker.configCLIENTS.copyright
g - powerbroker.configCLIENTS.size
 
pbcreateaixcfgpkg: making Privilege Management Unix/Linux AIX configuration package . . .
Backing up to /opt/beyondtrust/powerbroker/v25.1/pmul_aix_25.1.6-11/install/lppbuild/powerbroker.configCLIENTS-25.1.6.11.bff.
Cluster 51200 bytes (100 blocks).
Volume 1 on /opt/beyondtrust/powerbroker/v25.1/pmul_aix_25.1.6-11/install/lppbuild/powerbroker.configCLIENTS-25.1.6.11.bff
a          348 ./lpp_name
a            0 ./usr/lpp
a            0 ./usr/lpp/powerbroker.configCLIENTS
a            0 ./usr/lpp/powerbroker.configCLIENTS/inst_root
a            0 ./usr/lpp/powerbroker.configCLIENTS/inst_root/etc
a         8094 ./usr/lpp/powerbroker.configCLIENTS/inst_root/etc/pb.settings
a         7503 ./usr/lpp/powerbroker.configCLIENTS/inst_root/etc/pb.cfg
a         1045 ./usr/lpp/powerbroker.configCLIENTS/inst_root/etc/pb.key
a         1045 ./usr/lpp/powerbroker.configCLIENTS/inst_root/etc/pb.rest.key
a            0 ./usr/lpp/powerbroker.configCLIENTS/inst_root/opt
a            0 ./usr/lpp/powerbroker.configCLIENTS/inst_root/opt/pbul
a            0 ./usr/lpp/powerbroker.configCLIENTS/inst_root/opt/pbul/policies
a            0 ./usr/lpp/powerbroker.configCLIENTS/inst_root/opt/pbul/scripts
a            0 ./usr/lpp/powerbroker.configCLIENTS/inst_root/opt/pbul/elk
a            0 ./usr/lpp/powerbroker.configCLIENTS/inst_root/opt/pbul/elk/etc
a        12448 ./usr/lpp/powerbroker.configCLIENTS/inst_root/opt/pbul/elk/etc/pbelasticsearchtemplate.json
a         3275 ./usr/lpp/powerbroker.configCLIENTS/inst_root/opt/pbul/elk/etc/pbelkecsconfiguration.json
a         6955 ./usr/lpp/powerbroker.configCLIENTS/inst_root/opt/pbul/elk/etc/pblogstashmapping.json
a          846 ./usr/lpp/powerbroker.configCLIENTS/inst_root/opt/pbul/elk/etc/sample-logstash-http.conf
a       256192 ./usr/lpp/powerbroker.configCLIENTS/inst_root/liblpp.a
a         7746 ./usr/lpp/powerbroker.configCLIENTS/liblpp.a
The total size is 305497 bytes.
Backup finished on Thu Oct  2 01:02:52 PDT 2025; there are 700 blocks on 1 volumes.
pbcreateaixcfgpkg: AIX lpp package powerbroker.configCLIENTS-25.1.6.11.bff created in /opt/beyondtrust/powerbroker/v25.1/pmul_aix_25.1.6-11/install/lppbuild
pbcreateaixcfgpkg: lpp package 'powerbroker.configCLIENTS-25.1.6.06.bff' placed in 
        /opt/beyondtrust/powerbroker/v25.1/pmul_aix_25.1.6-11/install
pbcreateaixcfgpkg: build directory for package powerbroker.configCLIENTS removed.
 
pbcreateaixcfgpkg: the following packages will need to be loaded to the target system:
       powerbroker.common powerbroker.runhost powerbroker.submithost powerbroker.sharedlibs
 
pbcreateaixcfgpkg: completed.

Install component packages using the installp command

This section shows the execution of the installp command to install component packages for the submit host, run host, and shared libraries.

The execution text also includes copyright, trademark, trade secrets, and other legal text; however, those notices and text were removed from the following excerpt to save space:

✅

Example

# cd /opt/beyondtrust/powerbroker/v25.1/pmul_aix_25.1.6-11/package/

# installp -agd ./ powerbroker.sharedlibs powerbroker.common powerbroker.runhost powerbroker.submithost
+-----------------------------------------------------------------------------+
                    Pre-installation Verification...
+-----------------------------------------------------------------------------+
Verifying selections...done
Verifying requisites...done
Results...

SUCCESSES
---------
  Filesets listed in this section passed pre-installation verification
  and will be installed.

  Selected Filesets
  -----------------
  powerbroker.common 25.1.6.11                 # BeyondTrust Privilege Manage...
  powerbroker.runhost 25.1.6.11                # BeyondTrust Privilege Manage...
  powerbroker.sharedlibs 25.1.6.11             # BeyondTrust Privilege Manage...
  powerbroker.submithost 25.1.6.11             # BeyondTrust Privilege Manage...

  << End of Success Section >>

+-----------------------------------------------------------------------------+
                   BUILDDATE Verification ...
+-----------------------------------------------------------------------------+
Verifying build dates...done
FILESET STATISTICS 
------------------
    4  Selected to be installed, of which:
        4  Passed pre-installation verification
  ----
    4  Total to be installed

+-----------------------------------------------------------------------------+
                         Installing Software...
+-----------------------------------------------------------------------------+

installp:  APPLYING software for:
        powerbroker.common 25.1.6.11

. . . . . << Copyright notice for powerbroker.common >> . . . . . . .
BeyondTrust Privilege Management for Unix & Linux (formerly PowerBroker for Unix & Linux)
. . . . . << End of copyright notice for powerbroker.common >>. . . .


Filesets processed:  1 of 4  (Total time:  2 secs).

installp:  APPLYING software for:
        powerbroker.runhost 25.1.6.11

. . . . . << Copyright notice for powerbroker.runhost >> . . . . . . .
BeyondTrust Privilege Management for Unix & Linux (formerly PowerBroker for Unix & Linux)
. . . . . << End of copyright notice for powerbroker.runhost >>. . . .


Filesets processed:  2 of 4  (Total time:  3 secs).

installp:  APPLYING software for:
        powerbroker.submithost 25.1.6.11

. . . . . << Copyright notice for powerbroker.submithost >> . . . . . . .
BeyondTrust Privilege Management for Unix & Linux (formerly PowerBroker for Unix & Linux)
. . . . . << End of copyright notice for powerbroker.submithost >>. . . . 


Filesets processed:  3 of 4  (Total time:  5 secs).

installp:  APPLYING software for:
        powerbroker.sharedlibs 25.1.6.11

. . . . . << Copyright notice for powerbroker.sharedlibs >> . . . . . . .
BeyondTrust Privilege Management for Unix & Linux (formerly PowerBroker for Unix & Linux)
. . . . . << End of copyright notice for powerbroker.sharedlibs >>. . . . 


Finished processing all filesets.  (Total time:  6 secs).

+-----------------------------------------------------------------------------+
                                Summaries:
+-----------------------------------------------------------------------------+

Installation Summary
--------------------
Name                        Level           Part        Event       Result
-------------------------------------------------------------------------------
powerbroker.common          25.1.6.11        USR         APPLY       SUCCESS    
powerbroker.runhost         25.1.6.11        USR         APPLY       SUCCESS    
powerbroker.submithost      25.1.6.11        USR         APPLY       SUCCESS    
powerbroker.sharedlibs      25.1.6.11        USR         APPLY       SUCCESS    

Install the configuration package using the installp command

This section shows the execution of the AIX installp -ad command to install the configuration package. Following installation of the configuration package, the installation is verified by submitting the pbrun id command to EPM-UL, and the AIX lslpp -l |grep powerbroker command is used to list the packages installed.

The execution text also includes copyright, trademark, trade secrets, and other legal text; however, those notices and text were removed from the following excerpt to save space:

✅

Example

# cd /opt/beyondtrust/powerbroker/v25.1/pmul_aix_25.1.6-11/install/

# installp -ad ./ powerbroker.configCLIENTS               
+-----------------------------------------------------------------------------+
                    Pre-installation Verification...
+-----------------------------------------------------------------------------+
Verifying selections...done
Verifying requisites...done
Results...

SUCCESSES
---------
  Filesets listed in this section passed pre-installation verification
  and will be installed.

  Selected Filesets
  -----------------
  powerbroker.configCLIENTS 25.1.6.11          # BeyondTrust Privilege Manage...

  << End of Success Section >>

+-----------------------------------------------------------------------------+
                   BUILDDATE Verification ...
+-----------------------------------------------------------------------------+
Verifying build dates...done
FILESET STATISTICS 
------------------
    1  Selected to be installed, of which:
        1  Passed pre-installation verification
  ----
    1  Total to be installed

+-----------------------------------------------------------------------------+
                         Installing Software...
+-----------------------------------------------------------------------------+

installp:  APPLYING software for:
        powerbroker.configCLIENTS 25.1.6.11


. . . . . << Copyright notice for powerbroker.configCLIENTS >> . . . . . . .
BeyondTrust Privilege Management Unix/Linux
. . . . . << End of copyright notice for powerbroker.configCLIENTS >>. . . . 


Creating /opt/pbul/dbs
Creating /opt/pbul/locks
Creating /opt/pbul/msgrouter
Creating /opt/pbul/etc
Creating /opt/pbul/policies
Creating /opt/pbul/scripts
Creating /opt/pbul/sudoersdir
Reading pb.cfg...
Checking installation of dependent component packages...
'lppchk -f/-c' of package powerbroker.common succeeded
'lppchk -f/-c' of package powerbroker.runhost succeeded
'lppchk -f/-c' of package powerbroker.submithost succeeded
'lppchk -f/-c' of package powerbroker.sharedlibs succeeded
Looking for SuperDaemons to configure...
Finished looking for SuperDaemons to configure...
Removing PowerBroker service definitions (if any) from /etc/services.
Adding PowerBroker service definitions to /etc/services.
Removing any PowerBroker definitions from SuperDaemon inetd file /etc/inetd.conf
Adding PowerBroker definitions to SuperDaemon configurations  /etc/inetd.conf .
Reloading SuperDaemon Configurations...
0513-095 The request for subsystem refresh was completed successfully.
Done Reloading SuperDaemon Configurations...
Updating Settings in database (if any)...
 
Creating /opt/pbul/dequeuedbs
Creating /opt/pbul/dequeuedbs/mrsiem
Checking installation of package: powerbroker.configCLIENTS
'lppchk -f/-c' of package powerbroker.configCLIENTS succeeded
Finished processing all filesets.  (Total time:  47 secs).

+-----------------------------------------------------------------------------+
                                Summaries:
+-----------------------------------------------------------------------------+

Installation Summary
--------------------
Name                        Level           Part        Event       Result
-------------------------------------------------------------------------------
powerbroker.configCLIENTS   25.1.6.6        USR         APPLY       SUCCESS    
powerbroker.configCLIENTS   25.1.6.6        ROOT        APPLY       SUCCESS    

View a list of installed EPM-UL packages

To view a list of the installed packages:

# lslpp -l | grep powerbroker

A list similar to the one in the example below appears. The configuration package appears twice because there are usr and root package portions.

✅

Example

powerbroker.common        25.1.6-11 COMMITTED BeyondTrust PowerBroker Common
powerbroker.configCLIENT1
powerbroker.runhost       25.1.6-11 COMMITTED BeyondTrust PowerBroker Run
powerbroker.sharedlibs    25.1.6-11 COMMITTED BeyondTrust PowerBroker Shared
powerbroker.submithost    25.1.6-11 COMMITTED BeyondTrust PowerBroker Submit
powerbroker.configCLIENT1

Perform a cursory test of EPM-UL on the AIX global environment

To perform a cursory test of EPM-UL on the AIX global environment, type the following:

# pbrun id

Results such as those shown in the example below display:

✅

Example

uid=0(root) gid=0(system) groups=2(bin),3(sys),7(security),8(cron),10 (audit),11(lp),4(adm),1(staff),6(mail), 501(amanda)

View a list of WPARs

WPARs are a new feature of AIX and exist only in AIX v6.1 and higher. To view a list of WPARs, type the following:

# lswpar

A list similar to the one in the example below appears:

✅

Example

Name State Type Hostname Directory
---------------------------------------------
wpar01 A S wpar01 /wpars/wpar01

Use syncwpar to propagate additional packages to shared WPARs

The syncwpar command synchronizes all packages between the AIX global environment and shared workload partitions (WPARs). This section shows how to use syncwpar to propagate additional AIX global environment packages to shared WPARs. WPARs are a feature that exists only in AIX v6.1 and later.

✅

Example

# syncwpar wpar01
*****************************************************************************
**
Synchronizing workload partition wpar01 (1 of 1).
*****************************************************************************
**
Executing /usr/sbin/syncroot in workload partition wpar01. syncroot: Processing root part installation status. syncroot: Synchronizing installp software.
+-----------------------------------------------------------------------------
+
Pre-installation Verification...
+-----------------------------------------------------------------------------
+
Verifying selections...done Verifying requisites...done Results...
         
SUCCESSES
---------
Filesets listed in this section passed pre-installation verification and will be installed.
         
Selected Filesets
-----------------
powerbroker.configClient 6.2.0.1 # BeyondTrust PowerBroker Conf...
     
<< End of Success Section >>
     
+-----------------------------------------------------------------------------
+
BUILDDATE Verification ...
+-----------------------------------------------------------------------------
+
Verifying build dates...done FILESET STATISTICS
------------------
1 Selected to be installed, of which:
1 Passed pre-installation verification
----
1 Total to be installed
         
         
+-----------------------------------------------------------------------------
+
Installing Software...
+-----------------------------------------------------------------------------
+
         
installp: APPLYING software for: powerbroker.configClient 6.2.0.1
         
Reading pb.cfg...
Checking installation of dependent component packages... 'lppchk -f/-c' of package powerbroker.common succeeded 'lppchk -f/-c' of package powerbroker.runhost succeeded 'lppchk -f/-c' of package powerbroker.submithost succeeded 'lppchk -f/-c' of package powerbroker.sharedlibs succeeded Looking for SuperDaemons to configure...
Finished looking for SuperDaemons to configure...
Removing PowerBroker service definitions (if any) from /etc/services. Adding PowerBroker service definitions to /etc/services.
Removing any PowerBroker definitions from SuperDaemon inetd file
/etc/inetd.conf
Adding PowerBroker definitions to SuperDaemon configurations /etc/inetd.conf. Reloading SuperDaemon Configurations...
0513-095 The request for subsystem refresh was completed successfully. Done Reloading SuperDaemon Configurations...
Checking installation of package: powerbroker.configClient 'lppchk -f/-c' of package powerbroker.configClient succeeded Finished processing all filesets. (Total time: 2 secs).
     
+-----------------------------------------------------------------------------
+
Summaries:
+-----------------------------------------------------------------------------
+
 
Installation Summary
--------------------
Name Level Part Event Result
------------------------------------------------------------------------------
-
powerbroker.configClient 6.2.0.1 ROOT APPLY SUCCESS syncroot: Processing root part installation status.
syncroot: Installp root packages are currently synchronized. syncroot: RPM root packages are currently synchronized. syncroot: Root part is currently synchronized.
syncroot: Returns Status = SUCCESS
Workload partition wpar01 synchronized successfully. Return Status = SUCCESS.

Log in to shared WPARs

Workload partitions (WPARs) are a feature that exists only in AIX v6.1 and higher.

To login to shared WPARs, type the following:

# clogin wpar01

✅

Example

A welcome message such as the one shown in the example below is displayed:

* *
* Welcome to AIX Version 6.1! *
* *

Run a cursory test of EPM-UL on a shared WPAR system

Workload partitions (WPARs) are a feature that exists only in AIX v6.1 and higher.

To run a cursory test of EPM-UL on a shared WPAR system, type the following:

# pbrun id

Results such as those shown in the example below are displayed:

✅

Example

uid=0(root) gid=0(system) groups=2(bin),3(sys),7(security),8(cron),10 (audit),11(lp)

Sample removal of an AIX package installation

This section shows the execution of the AIX installp -u command to remove the EPM-UL packages.

✅

Example

# installp -u powerbroker
+-----------------------------------------------------------------------------+
                    Pre-deinstall Verification...
+-----------------------------------------------------------------------------+
Verifying selections...done
Verifying requisites...done
Results...

SUCCESSES
---------
  Filesets listed in this section passed pre-deinstall verification
  and will be removed.

  Selected Filesets
  -----------------
  powerbroker.common 25.1.6.11                 # BeyondTrust Privilege Manage...
  powerbroker.configCLIENTS 25.1.6.11          # BeyondTrust Privilege Manage...
  powerbroker.runhost 25.1.6.11                # BeyondTrust Privilege Manage...
  powerbroker.sharedlibs 25.1.6.11             # BeyondTrust Privilege Manage...
  powerbroker.submithost 25.1.6.11             # BeyondTrust Privilege Manage...

  << End of Success Section >>

FILESET STATISTICS 
------------------
    5  Selected to be deinstalled, of which:
        5  Passed pre-deinstall verification
  ----
    5  Total to be deinstalled

+-----------------------------------------------------------------------------+
                           Deinstalling Software...
+-----------------------------------------------------------------------------+

installp:  DEINSTALLING software for:
        powerbroker.configCLIENTS 25.1.6.11

Reading pb.cfg...
Looking for SuperDaemons to configure...
Finished looking for SuperDaemons to configure...
Removing PowerBroker service definitions (if any) from /etc/services.
Removing any PowerBroker definitions from SuperDaemon inetd file /etc/inetd.conf
Reloading SuperDaemon Configurations...
0513-095 The request for subsystem refresh was completed successfully.
Done Reloading SuperDaemon Configurations...
Moving /etc/pb.db to /tmp/beyondtrust_pbinstall
Moving generated content of /usr/lib/beyondtrust/pb/rest to /tmp/beyondtrust_pbinstall/rest
Removing /opt/pbul/dbs -- empty BeyondTrust Created Directory
Removing /opt/pbul/dequeuedbs -- empty BeyondTrust Created Directory
Removing /opt/pbul/etc -- empty BeyondTrust Created Directory
Removing /opt/pbul/locks -- empty BeyondTrust Created Directory
Removing /opt/pbul/msgrouter -- empty BeyondTrust Created Directory
Removing /opt/pbul/policies -- empty BeyondTrust Created Directory
Removing /opt/pbul/scripts -- empty BeyondTrust Created Directory
Removing /opt/pbul/socketdir -- empty BeyondTrust Created Directory
Removing /opt/pbul/sudoersdir -- empty BeyondTrust Created Directory
Removing /opt/pbul -- empty BeyondTrust Created Directory
Filesets processed:  1 of 5  (Total time:  5 secs).

installp:  DEINSTALLING software for:
        powerbroker.runhost 25.1.6.6

Filesets processed:  2 of 5  (Total time:  6 secs).

installp:  DEINSTALLING software for:
        powerbroker.sharedlibs 25.1.6.6

Filesets processed:  3 of 5  (Total time:  6 secs).

installp:  DEINSTALLING software for:
        powerbroker.submithost 25.1.6.6

Filesets processed:  4 of 5  (Total time:  6 secs).

installp:  DEINSTALLING software for:
        powerbroker.common 25.1.6.6

Finished processing all filesets.  (Total time:  6 secs).

+-----------------------------------------------------------------------------+
                                Summaries:
+-----------------------------------------------------------------------------+

Installation Summary
--------------------
Name                        Level           Part        Event       Result
-------------------------------------------------------------------------------
powerbroker.configCLIENTS   25.1.6.6        ROOT        DEINSTALL   SUCCESS    
powerbroker.configCLIENTS   25.1.6.6        USR         DEINSTALL   SUCCESS    
powerbroker.runhost         25.1.6.6        USR         DEINSTALL   SUCCESS    
powerbroker.sharedlibs      25.1.6.6        USR         DEINSTALL   SUCCESS    
powerbroker.submithost      25.1.6.6        USR         DEINSTALL   SUCCESS    
powerbroker.common          25.1.6.6        USR         DEINSTALL   SUCCESS    

Example using syncwpar to propagate package removal from shared WPARs

The syncwpar command synchronizes all packages between the AIX global environment and shared workload partitions (WPARs). This section shows an example of how to use the syncwpar command to propagate removal of AIX global environment packages from shared WPARs. WPARs are a feature that exists only in AIX v6.1 and higher.

ℹ️

When syncwpar is run and an EPM-UL configuration package is removed, the following message may display:

"inulag: The file system has read permission only."

This message can be ignored.

✅

Example

# syncwpar wpar01
*****************************************************************************
**
Synchronizing workload partition wpar01 (1 of 1).
*****************************************************************************
**
Executing /usr/sbin/syncroot in workload partition wpar01. syncroot: Processing root part installation status. syncroot: Synchronizing installp software.
+-----------------------------------------------------------------------------
+
Pre-deinstall Verification...
+-----------------------------------------------------------------------------
+
Verifying selections...done Verifying requisites...done Results...
 
SUCCESSES
---------
Filesets listed in this section passed pre-deinstall verification and will be removed.
 
Selected Filesets
-----------------
powerbroker.configClient 6.2.0.1 # BeyondTrust PowerBroker Conf...
 
<< End of Success Section >> FILESET STATISTICS
         
         
------------------
1 Selected to be deinstalled, of which:
1 Passed pre-deinstall verification
----
1 Total to be deinstalled
 
+-----------------------------------------------------------------------------
+
Deinstalling Software...
+-----------------------------------------------------------------------------
+
         
installp: DEINSTALLING software for: powerbroker.configClient 6.2.0.1
         
Reading pb.cfg...
Looking for SuperDaemons to configure...
Finished looking for SuperDaemons to configure...
Removing PowerBroker service definitions (if any) from /etc/services. Removing any PowerBroker definitions from SuperDaemon inetd file
/etc/inetd.conf
Reloading SuperDaemon Configurations...
0513-095 The request for subsystem refresh was completed successfully. Done Reloading SuperDaemon Configurations...
inulag: The file system has read permission only. Finished processing all filesets. (Total time: 1 secs).
     
+-----------------------------------------------------------------------------
+
Summaries:
+-----------------------------------------------------------------------------
+
 
Installation Summary
--------------------
Name Level Part Event Result
------------------------------------------------------------------------------
-
powerbroker.configClient 6.2.0.1 ROOT DEINSTALL SUCCESS syncroot: Processing root part installation status.
syncroot: Installp root packages are currently synchronized. syncroot: RPM root packages are currently synchronized. syncroot: Root part is currently synchronized.
syncroot: Returns Status = SUCCESS
Workload partition wpar01 synchronized successfully. Return Status = SUCCESS.

Verify removal of EPM-UL packages

To verify that all packages were removed, type the following:

# lslpp -l | grep powerbroker

If all packages are removed, results such as those shown in the example below are displayed:

✅

Example

# <no output.>