Administration Programs

This section describes the EPM-UL system administration programs and their options.

For detailed information about installation-related programs, including package installation, see the Endpoint Privilege Management for Unix and Linux Installation Guide.

pbbench

The pbbench program tests installation and network configuration. If pbbench detects an error, an error message is printed to stdout. If no errors are detected, pbbench returns silently. pbbench generates a report that includes information about the tests that were performed, the results of the tests, and any errors that were encountered.

pbbench checks for very old versions of EPM-UL (prior to v2.0) by looking for /etc/pb.ports and /etc/pb.masters and reports a warning if these are found. The HTML GUI version of pbbench does not check for the EPM-UL pre-v2 files.

You can use the --skip-* options (such as --skip-inetd and --skip-logs) to prevent pbbench from performing those tests. However, the --skip-logs, --skip-gui, and --skip-sync options do not prevent pbbench from testing the connections to those hosts. To suppress the connection tests to these hosts, you must specify the --skip-connect option as well. This option suppresses connection tests for all host types.

To conduct connection tests only, use the -l (for log host connection tests) or -m (for policy server host connection tests) options. These options can be specified individually or together, for a single specified host name or IP address, or for all configured log hosts or policy server hosts. For both of these options, current output messages are skipped, and a single message is issued to stdout containing the version of the connected EPM-UL daemon (or connection failed). The exit status is zero if the specified host (or every configured policy server/log host) is successfully contacted. The exit status is non-zero if any policy server/log host cannot be contacted.

Syntax

  • Version 3.5 and earlier: long command options not supported.
  • Version 4.0 and later: long command options supported.
pbbench [options]
    -e, --stderr
    -E, --errors
    -l, --logServerTest=[host_name|IP_address|SRV lookup|`external program`]
    -m,--masterServerTest=[host_name|IP_address|SRV lookup|`external program`]
    -V, --verbose
        --no-timeouts
        --skip-connect
        --skip-inetd
        --skip-old
        --skip-logs
        --skip-gui
        --skip-path
        --skip-shells
    --skip-sync
pbbench –v | --version
pbbench --help

Arguments

-e, --stderr

Optional. Send all output to stderr.
-E, --error

Optional. Treat warnings as errors.

-l, 

--logServerTest

=[host_name

|IP_address

|SRV lookup

|"`external program`"]

Optional. Bypasses all existing tests and performs only the log host connection test on the specified host_name or IP_address. If the host_name or IP_ address is not specified, the connection test is performed for all configured log hosts.

Successful connections reported when running pbbench -l from the policy server host tell you that the log server is available, and Accept/Reject events can be logged when optimized run mode is used.

Successful connections reported when running pbbench -l from the run host tell you if Accepts/Finish events can be logged via pblocald, and pblocald can perform I/O logging.

Successful connections reported when running pbbench -l from the submit host tell you that Finish events can be logged while in optimized run mode and I/O logging is possible while in optimized run mode.

Version 6.2 and earlier: option not available .

Version 7.0 and later: option available .

-m, 

--masterServerTest

=[host_name

|IP_address

|SRV lookup

|"`external program`"]

Optional. Bypasses all existing tests and performs only the policy server host connection test on the specified host_name or IP_address. If the host_ name or IP_address is not specified, the connection test is performed for all configured policy server hosts.

Version 6.2 and earlier: option not available

Version 7.0 and later: option available
-V, --verbose

Optional. Verbose mode.
--no-timeouts

Optional. Disable connection test timeouts.
--skip-connect

Optional. Disable connection tests for all host types.
--skip-inetd

Optional. Disable superdaemon (inetd/xinetd) tests.
--skip-old

Optional. Disable checking of old constructs.
--skip-logs

Optional. Disable log file tests.
--skip-gui

Optional. Disable pbguid-related tests.
--skip-path

Disable path tests of executable files.
--skip-shells

Disable tests of /etc/shells.
--skip-sync

Optional. Disable pbsync-related tests.

Version 4.0 and earlier: option not available.

Version 5.0 and later: option available.
-v, --version

Optional. Display the pbbench version and exit.
--help

Optional. Display program help and usage information.

Files

  • /etc/inetd.conf
  • /opt/pbul/policies/pb.conf
  • /etc/pb.key
  • /etc/pb.masters
  • /etc/pb.ports
  • /etc/pb.settings
  • /etc/pbmasters
  • /etc/resolv.conf
  • /etc/services
  • /etc/syslog.conf
  • /etc/xinetd.conf DNS
  • mc NIS NIS+
  • PBexternal pbrun
  • SMF
    • Version 3.5 and earlier: Solaris SMF not supported.
    • Version 3.5.4 and later: Solaris SMF supported.
Run pbbench redirect output to the file pbbench.output rather than standard error:
pbbench > pbbench.output

For more information, see the following: