Endpoint Privilege Management for Unix and Linux Policy Language
This guide applies to both Endpoint Privilege Management for Unix and Linux (EPM-UL) and Endpoint Privilege Management for Linux (EPM-L). Content that doesn't apply to EPM-L is noted as such.
This guide provides detailed information regarding the security policy file programming language for the BeyondTrust Endpoint Privilege Management for Unix and Linux (EPM-UL) software. This language is used to create security policy files that are used by EPM-UL to:
- Control the tasks a user or group of users may perform
- Control the systems from which a task may be submitted
- Control the systems from which a task may be run
- Determine when a specific task may be run (day and time)
- Determine where a task may be run from
- Determine if secondary security checks, such as passwords or checksums, are required to run a task
- Determine if one or more supplemental security programs are run before a task is started
This guide assumes that you have a basic understanding of Unix or Linux system administration and some experience with a scripting or other computer language. We recommend that you have experience in these areas before you attempt to create or modify security policy files.
Specific font and line spacing conventions are used to ensure readability and to highlight important information, such as commands, syntax, and examples.
The BeyondInsight integration for Endpoint Privilege Management for Unix and Linux is no longer supported. Instead, EPM-UL uses BeyondInsight for Unix & Linux and ElasticSearch.
Both pbguid and pbsguid are deprecated as of EPM-UL version 22.3.0.
Sample Policy Files
When you receive the EPM-UL install media, there are sample EPM-UL policy files in the /examples folder. These sample policy files include detailed explanations of what they do. You can use these files to learn how policy files are typically written for various scenarios. A readme_samples text file in that directory includes a brief description of each sample file.
