Installation Procedure

To install Privilege Management for Unix and Linux in the AIX global environment, do the following:

  1. Extract the package tarball files into the /opt/beyondtrust/ directory by executing the following command:
    gunzip -c pmul_<flavor_version>_pkg.tar.Z | tar xvf -
  2. Navigate to the /opt/beyondtrust/powerbroker/<version>/<flavor>/install/ directory.
  3. Execute the following command:
    ./pbinstall -z

    You are asked if you want to use client registration. If you plan to enable Registry Name Service, and are installing on a host that is not designated as a primary server, you must run client registration.

    pbinstall next asks if you want to enable Registry Name Service.

    pbinstall displays the Privilege Management for Unix and Linux installation menu.

  1. Make your menu selections. When the menu selection process is complete, pbinstall creates the following files in the specified location:
    • pb.settings
    • pb.cfg
    • pb.key (if encryption is enabled)
    • pb.conf (for policy server host)

The Enter existing pb.settings path menu option enables you to specify your own pb.settings file to use. Also, the Enter directory path for settings file creation menu option enables you to specify where to save the generated settings files. These menu options are available only when running pbinstall with the -z option.

  1. Optional. For a Privilege Management for Unix and Linux client, if client-server communications are to be encrypted, replace the generated pb.key file with pb.key file from the policy server host. Also, copy any other required key files into the same directory.
  2. Optional. For a policy server host, write a policy file (pb.conf) and place it in the directory with the other generated files. If you do not provide a pb.conf file, a pb.conf file with the single command reject ; is generated and packaged.

    Starting with v8.0, pbinstall -z can optionally install the default role-based policies and asks:

    Installing default role-based policy pbul_policy.conf and pbul_functions.conf in <install_dir>/settings_files
    						
    Would you like to use the default role-based policy in the configuration package?
    • Answer Yes for new installs only.
    • If you are upgrading an existing configuration package, to avoid overwriting your existing policy, answer No.

    Use the default role-based policy [Y]?
    • If you answer Yes, the default pb.conf, pbul_policy.conf and pbul_functions.conf files are created and installed on the policy server.
    • If you are installing over an existing installation, and have an existing policy in place, answer No.
  3. Navigate to the /opt/beyondtrust/powerbroker/<version>/<flavor>/install/ directory.
  4. Run the pbcreateaixcfgpkg utility by typing:
    pbcreateaixcfgpkg -p suffix -s directory
    • suffix is appended to the filenames of the configuration package backup file format file and the package administration file; the length can be up to 26 characters.
    • directory contains the Privilege Management for Unix and Linux settings and configuration files to include in the package.

    The pbcreateaixcfgpkg utility creates the configuration package file, powerbroker.config<suffix>-v.v.r.b.bff.

  5. Navigate to the /opt/beyondtrust/powerbroker/<version>/<flavor>/package/ directory.
  6. For each required component package, run the AIX installp command to install one component package by typing:
    installp -agd ./ powerbroker.pkg-name

    pkg-name is the name of the component package file.

    installp -agd ./ powerbroker.submithost

    Using the -g option installs all the prerequisite packages along with the powerbroker.submithost package. In this case, powerbroker.common is a prerequisite package for the powerbroker.submit package.

    Alternately you can install all the component packages by typing:

    installp -agd ./ powerbroker
  7. Run the AIX installp command to install the Privilege Management for Unix and Linux configuration package by typing:
    installp -ad ./ powerbroker.config<suffix>

    <suffix> is the suffix that is set when you create the Privilege Management for Unix and Linux configuration package in step 8.

  8. Verify the installation of the packages with the AIX lslpp command by typing:
    lslpp -l | grep powerbroker
  9. If Registry Name Service is enabled and installed on a non-primary server, register the host with the Primary Registry Name Server using a post-install configuration script. Gather the Application ID, Application Key, network name or IP address, and REST TCP/IP port of the primary server, then run the script to register the host and follow the prompts:
  10. /opt/pbul/scripts/pbrnscfg.sh
For additional information, please see the following:

Install Privilege Management for Unix and Linux onto WPARs

The process for installing Privilege Management AIX packages onto non-shared workload partitions (WPARs) is similar to the process for installing in the global AIX environment because the installed software is private to the non-shared WPAR. Therefore, there is no need for synchronization.

To install Privilege Management for Unix and Linux packages onto shared WPARs, follow the following:

  1. Follow the procedures in the installation procedure to create the AIX packages.
  2. Install Privilege Management component (usr) packages in the global AIX environment. The usr packages are visible to the WPARs.
  3. Install Privilege Management configuration (root) package in the global AIX environment. The root packages are not visible to the WPARs until propagated.
  4. To make the Privilege Management configuration (root) package visible to the WPARs, use the syncwpar command and propagate the packages to WPARs.
  5. Optional. List the WPARs.