REST Services

pbresturi

  • Version 8.5.0 and earlier: pbresturi setting not available.
  • Version 9.0.0 and later: pbresturi setting available.

The pbresturi setting is to allow the configuration of non-default REST Uniform Resource Locator paths for the pblighttpd service. This setting is primarily for diagnosis. We do not recommend that it be changed in a normal installation.

pbresturi	URLSTRING

No default value

All hosts

pbrestlog

  • Version 8.0 and earlier: pbrestlog setting not available.
  • Version 8.1.0 and later: pbrestlog setting available.

The pbrestlog setting defines the path to the REST services log.

Depending on the operating system standards, this can be any of the following:
  • /var/log/pbrest.log
  • /var/adm/pbrest.log
  • /usr/adm/pbrest.log
pbrestlog	/var/log/pbrest.log

All hosts

pbrestdir

  • Version 8.5.0 and earlier: pbrestdir setting not available.
  • Version 9.0.0 and later: pbrestdir setting available.

The pbrestdir setting specifies the directory for the installation of the REST services (including pblighttpd).

pbrestdir	/mypath/rest
pbrestdir	/usr/lib/beyondtrust/pb/<prefix>rest<suffix>

All hosts

pbrestkeyfile

  • Version 8.0 and earlier: pbrestkeyfile setting not available.
  • Version 8.1.0 and later: pbrestkeyfile setting available.

REST services are authenticated using Application ID's and Application Keys. These preshared keys are kept in a database. The pbrestkeyfile details the location of this database, and, similarly to all other databases can either be an absolute path, or a path relative to the databasedir setting.

pbrestkeyfile	/mypath/pbrestkeyfile.db
pbrestkeyfile	/opt/<prefix>pbul<suffix>/dbs/pbrstkeys.db

All hosts

pbresttimeout

  • Version 8.0 and earlier: pbresttimeout setting not available.
  • Version 8.1.0 and later: pbresttimeout setting available.

Many internal services in Privilege Management for Unix and Linux are provided by the REST services. The pbresttimeout provides a setting to set the maximum amount of time a service will wait until it times out. This timeout is for the overall connection attempt timeout.

For example, if there are 2 log servers with 2 physical addresses for each of them, pbresttimeout is the timeout that Privilege Management for Unix and Linux waits to make a successful connection to all 4 physical addresses. That is, each connection waits for 1/4th of pbresttimeout.

You can either set a single integer value specifying number of seconds or more detailed format to specify timeouts for specific service. In a detailed format, if connection is not for a specific service or timeout is not specified for a specific connection, default setting is used.

Minimum allowed value is 5 seconds. Maximum allowed value is 86400 seconds (24 hours).

To set a single timeout for all REST services:
pbresttimeout		120
To set timeout with a detailed format for each service:
pbresttimeout default=30 registry=60 pbpolicy=30 logsvr=30 solr=30 logarchive=30 advkeystrokeactionpolicy=30 fim=30

Default value is 30 seconds.

All hosts

pbrestport

  • Version 8.5.0 and earlier: pbrestport setting not available.
  • Version 9.0.0 and later: pbrestport setting available.

The pbrestport setting details the TCP/IP port that REST services use to communicate to remote hosts. This should be consistent across the enterprise installation.

pbrestport	3000
pbrestport	24351

All hosts

pbresttimeskew

REST services use cryptographic methods to communicate, which are relatively time sensitive to provide extra security. We recommend that hosts have their time set precisely or use a suitable protocol implementation such as NTP. If this is not possible, the pbresttimeskew details the maximum time difference in seconds between two hosts.

pbresttimeskew	120
pbresttimeskew 	60

All hosts