Installation Directories
Endpoint Privilege Management for Unix and Linux is not sensitive about the location of its binary files; you can place them in any convenient directory. However, there are a few points to consider when you are selecting installation directories:
- It is important to install the Endpoint Privilege Management for Unix and Linux pbrun and pbssh programs in a directory that is in the user’s path.
- Online manuals (such as user man pages and Endpoint Privilege Management for Unix and Linux documentation) should be accessible from every computer to enable users to get online help for Endpoint Privilege Management for Unix and Linux programs.
Default Directories
The following table lists various Endpoint Privilege Management for Unix and Linux components and their locations. The installation script uses these locations by default, but you can change them during installation. Usually /usr/local/bin is used for user programs and /usr/sbin for administrator and daemon programs (depending on the platform).
Default Directories for Endpoint Privilege Management for Unix and Linux Components
| Directory | Files | Description |
| /etc (v9.4.1 and earlier) /opt/pbul/policies (v9.4.3+) | pb.conf |
Default policy. Includes /etc/pb/pbul_policy.conf (v9.4.1 and earlier) /opt/pbul/policies/pbul_policy.conf (v9.4.3+) |
|
/etc/pb (v9.4.1 and earlier) /opt/pbul/policies (v9.4.3+) |
pbul_policy.conf |
Main policy containing the following roles:
|
|
/etc/pb (v9.4.1 and earlier) /opt/pbul/policies (v9.4.3+) |
pbul_functions.conf | Functions and procedures implementing the roles in pbul_policy.conf |
| /etc | pb.key | Encryption key |
| pb.settings | Endpoint Privilege Management for Unix and Linux configuration file (server-side component) | |
| pbsudo.settings | Endpoint Privilege Management for Unix and Linux configuration file(client component) | |
| /usr/adm, /var/adm, or /var/log | pb.eventlog | Default event log file |
| pblocald.log | pblocald diagnostic log file | |
| pblogd.log | pblogd diagnostic log file | |
| pbmasterd.log | pbmasterd diagnostic log file | |
| pbrun.log | pbrun diagnostic log file | |
| pbssh.log | pbssh diagnostic log file | |
| pbsync.log | pbsync diagnostic log file | |
| pbsyncd.log | pbsyncd diagnostic log file | |
| /usr/local/bin | pbbench | Utility |
| pbcall | Utility | |
| pbksh | Utility | |
| pbless | Utility | |
| pbmg | Utility | |
| pbnvi | Utility | |
| pbrun | Utility | |
| pbssh | Utility | |
| pbumacs | Utility | |
| pbsh | Utility | |
| pbvi | Utility | |
| /usr/local/lib/pbbuilder | Contains the various GUI and pbguid components. Do not make any changes in this directory. | |
| /usr/sbin | pbdbutil | Utility providingEndpoint Privilege Management database maintenance. |
| pbcheck | Utility | |
| pbencode | Utility | |
| pbkey | Utility | |
| pblocald | Daemon | |
| pblog | Utility | |
| pblogd | Daemon | |
| pbmasterd | Daemon | |
| pbpasswd | Utility | |
| pbreplay | Utility | |
| pbsum | Utility | |
| pbsync | Utility | |
| pbsyncd | Daemon | |
| pbversion | Utility | |
| /opt/pbul/dbs | pbsudo.db | Database files generated and used by Endpoint Privilege Management for Unix and Linux |
| pbsvc.db | ||
| pbsvccache.db | ||
| pbdbsync.db | ||
| pbregclnt.db | ||
| pbrbpolicy.db | ||
| pbevent.db | ||
| pbfim.db | ||
| pbrstkeys.db | ||
| pblogarchive.db | ||
| pblogcache.db |
The default log directory varies by platform to match that platform’s conventions. The directories /usr/adm, /var/adm, and /var/log are used interchangeably throughout as the default location of the Endpoint Privilege Management for Unix and Linux log files.
Change /opt/pbul Base Directory
As seen in the previous table, files that Endpoint Privilege Management for Unix and Linuxgenerates at runtime are created under /opt/pbul. If you want to change this default location, use pbinstall's basedir menu to specify a directory location.
If there is no previous settings file, or if you are running pbinstall -i to ignore previous settings, changing basedir will cause the following settings to be updated with the new location and enabled to ensure that runtime files do not end up in the old default location:
| Keyword | Value |
|---|---|
| basedir |
<basedir> |
| databasedir | <basedir>/dbs |
| lockfilepath | <basedir>/locks |
| scriptdir | <basedir>/scripts |
| licensestatsdb | <basedir>/dbs/pblicense.db |
| licensestatswq | <basedir>/dbs/pblicense.wq |
| pbrestkeyfile | <basedir>/pbrstkeys.db |
| schedulingservicedb | <basedir>/dbs/pbsched.db |
| messageroutersocketpath | <basedir>/msgrouter |
| writequeuepath | <basedir>/msgrouter |
| clntregdb | <basedir>/dbs/pbregclnt.db |
| eventdb | <basedir>/dbs/pbevent.db |
| odbcinidir | <basedir>/etc |
| servicedb | <basedir>/dbs/pbsvc.db |
| svccachedb | <basedir>/dbs/pbsvccache.db |
| dbsyncdb | <basedir>/dbs/pbdbsync.db |
| policypersistentvariabledb | <basedir>/dbs/pbpolpersistvar.db |
| policydir | <basedir>/policies |
| policyfile | <basedir>/policies/pb.conf |
| policydb | <basedir>/dbs/pbrbpolicy.db |
| sudoersdb | <basedir>/dbs/pbsudo.db |
| sudoersdir | <basedir>/sudoersdir |
| logarchivedb | <basedir>/dbs/pblogarchive.db |
| logcachedb | <basedir>/dbs/pbiologcache.db |
| iologcachedb | <basedir>/dbs/pbiologcache.db |
| integratedproductsqueuedb | <basedir>/dbs/pbintprodq.db |
| iologactiondb | <basedir>/dbs/pbiologaction.db |
| advkeystrokeactionpolicydb | <basedir>/dbs/pbadvkeystrokeactionpolicy.db |
| advkeystrokeactioncachedb | <basedir>/dbs/pbadvkeystrokeactioncache.db |
| elasticsearchidxtemplate | <basedir>/elk/etc/pbelasticsearchtemplate.json |
| siemcachedb | <basedir>/dbs/pbsiemcache.db |
| elkcreddb | <basedir>/dbs/pbelkcred.db |
| dequeuedatabasedir | <basedir>/dequeuedbs |
| fileintegritydb | <basedir>/dbs/pbfim.db |
| fileintegritysignaturesdb | <basedir>/dbs/pbfimsignatures.db |
| elkecsconfiguration | <basedir>/elk/etc/pbelkecsconfiguration.json |
