Generate the Privilege Management for Unix and Linux Settings Files

This section of the execution shows the generation of the Privilege Management for Unix and Linux settings files (pb.key, pb.cfg, and pb.settings) and also displays the Privilege Management for Unix and Linux installation menu. This output was generated using the pbinstall program with the -z option and selecting menu options to install a run host and a submit host:

# ./pbinstall -z
Starting pbinstall main() from /opt/pbpkg/powerbroker/v9.4/pmul_hpux.ia64_9.4.3-18/install/.
hpux.ia64
Privilege Management for Unix and Linux Settings File Generation
		 
Please read thePrivilege Management for Unix and Linux Installation Instructions before proceeding.
		 
Checking MANIFEST against release directory
		 
Press return to continue
The Registry Name Service of Privilege Management for Unix and Linux facilitates location of other services within the pmul enterprise with the aid of a centralized
data repository.
IMPORTANT: client registration is required if this is not the Primary Server and you intend to use Registry Name Services.
Do you wish to utilize Registry Name Service? [yes]? no
BeyondTrustPrivilege Management for Unix and Linux Installation Menu
Opt  Description                                [Value]
1    Install Everything Here (Demo Mode)?       [no]
2    Install License Server?                    [no]
3    Install Registry Name Services Server?     [no]
5    Install Policy Server Host?                [yes]
6    Install Run Host?                          [yes]
7    Install Submit Host?                       [yes]
9    Install sudo Policy Server?                [no]
10   Install Log Host?                          [yes]
14   Install File Integrity Monitoring Polic... [no]
N for the next menu page, C to continue, X to exit
Please enter a menu option [For technical support call 1-800-234-9072]> 7
		 
Privilege Management for Unix and Linux executes secured tasks on hosts which are designated as Run Hosts.  These hosts execute the commands using the pblocald daemon.
		 
To allowPrivilege Management for Unix and Linux to execute a command, a host must be configured as a Run Host.
		 
Do you want this host to be a Run Host [no]? yes
BeyondTrustPrivilege Management for Unix and Linux Installation Menu
Opt  Description                                Value]
1    Install Everything Here (Demo Mode)?       [no]
2    Install License Server?                    [no]
3    Install Registry Name Services Server?     [no]
5    Install Policy Server Host?                [yes]
6    Install Run Host?                          [yes]
7    Install Submit Host?                       [yes]
9    Install sudo Policy Server?                [no]
10   Install Log Host?                          [yes]
14   Install File Integrity Monitoring Polic... [no]
25   Install Secure GUI Host?                   [yes]
26   Install Utilities: pbvi, pbnvi, pbmg, p... [yes]
29   Install man pages?                         [no]
30   Will this host use a Log Host?             [yes]
31   AD Bridge Integration?                     [no]
55   Synchronization program can be initiate... [yes]
56   Daemons location                           [/usr/sbin]
59   User programs location                     [/usr/local/bin]
N for the next menu page, C to continue, X to exit
Please enter a menu option [For technical support call 1-800-234-9072]> 8
Privilege Management for Unix and Linux allows requests for secured tasks to be made on hosts configured as Submit Hosts.
		 
To have pbrun initiate requests for secured tasks, this host must be a Submit Host.
		 
Do you want this host to be a Submit Host [no]? yes
BeyondTrustPrivilege Management for Unix and Linux Installation Menu
Opt  Description                                  [Value] 
1    Install Everything Here (Demo Mode)?         [no]
2    Install License Server?                      [no]
3    Install Registry Name Services Server?       [no]
4    Install Client Registration Server?          [no]
5    Install Policy Server Host?                  [yes]
6    Install Run Host?                            [yes]
7    Install Submit Host?                         [yes]
8    Install PBSSH                                [yes]
9    Install sudo Policy Server?                  [no]
10   Install Log Host?                            [yes]
11   Enable Logfile Tracking and Archiving?       [yes]
12   Is this a Log Archiver Storage Server?       [no]
13   Is this a Log Archiver Database Server?      [no]
14   Install File Integrity Monitoring Polic...   [no]
15   Install REST Services?                       [yes]
16   List of License Servers                      [*]
19   Path to Password Safe 'pkrun' binary         []
23   Install Synchronization program?             [yes]              			
25   Install Secure GUI Host?                     [yes]
26   Install Utilities: pbvi, pbnvi, pbmg, p...   [yes]
27   Install pbksh?                               [yes]
28   Install pbsh?                                [yes]
29   Install man pages?                           [no]
30   Will this host use a Log Host?               [yes]
31   AD Bridge Integration?                       [no]
37   Integration with BeyondInsight?              [no]
55   Synchronization program can be initiate...   [yes]
56   Daemons location                             [/usr/sbin]
57   Number of reserved spaces for submit pr...   [80]
58   Administration programs location             [/usr/sbin]
59   User programs location                       [/usr/local/bin]
60   GUI library directory                        [/usr/local/lib/pbbuilder]
61   Policy include (sub) file directory          [/opt/pbul/policies]
62   Policy file name                             [/opt/pbul/policies/pb.conf]
65   Log Archive Storage Server name              []
67   Log Archiver Database Server name            []
69   Logfile Name Cache Database file path?       [/opt/pbul/dbs/pblogcache.db]
70   REST Service installation directory?         [/usr/lib/beyondtrust/pb/rest]
71   Install REST API sample code?                [no]
73   Pblighttpd user                              [pblight]
75   Pblighttpd user UID                          []
76   Pblighttpd user GID                          []
78   Configure systemd?                           [yes]
79   Command line options for pbmasterd           [-ar]
80   Policy Server Delay                          [500]
81   Policy Server Protocol Timeout               [-1]
82   pbmasterd diagnostic log                     [/var/log/pbmasterd.log]
83   Eventlog filename                            [/var/log/pb.eventlog]
84   Configure eventlog rotation via size?        []
85   Configure eventlog rotation path?            []
86   Configure eventlog rotation via cron?        [no]
87   Validate Submit Host Connections?            [no]
88   List of Policy Servers to submit to          [kandor]
89   pbrun diagnostic log?                        [none]
90   pbssh diagnostic log?                        [none]
91   Allow Local Mode?                            [yes]
92   Additional secured task checks?              [no]
93   Suppress Policy Server host failover er...   [yes]
94   List of Policy Servers to accept from        [kandor]
95   pblocald diagnostic log                      [/var/log/pblocald.log]
96   Command line options for pblocald            []
97   Syslog pblocald sessions?                    [no]
98   Record PTY sessions in utmp/utmpx?           [yes]
99   Validate Policy Server Host Connections?     [no]
100  List of Log Hosts                            [kandor]
101  Command line options for pblogd              []
102  Log Host Delay                               [500]
103  Log Host Protocol Timeout                    [-1]
104  pblogd diagnostic log                        [/var/log/pblogd.log]
105  List of log reserved filesystems             [none]			
106  Number of free blocks per log system fi...   [0]
107  Command line options for pbsyncd             []
108  Sync Protocol Timeout                        [-1]
109  pbsyncd diagnostic log                       [/var/log/pbsyncd.log]
110  pbsync diagnostic log                        [/var/log/pbsync.log]
111  pbsync sychronization time interval (in...   [15]
112  Add installed shells to /etc/shells          [no]
113  pbksh diagnostic file                        [/var/log/pbksh.log]
114  pbsh diagnostic file                         [/var/log/pbsh.log]
115  Stand-alone pblocald command                 [none]
116  Stand-alone root shell default iolog         [/pbshell.iolog]
117  Command line options for pbguid              []
118  Command line options for secure pbsguid      []
119  pbguid and pbsguid diagnostic log            [/var/log/pbguid.log]
120  pbguid and pbsguid site configuration file   [none]
121  Use syslog?                                  [yes]
122  Syslog facility to use?                      [LOG_AUTHPRIV]
123  Base Daemon port number                      [24345]
124  pbmasterd port number                        [24345]
125  pblocald port number                         [24346]
126  pblogd port number                           [24347]
127  pbguid port number                           [24348]
128  Secure pbsguid port number                   [24349]
129  pbsyncd port number                          [24350]
130  REST Service port number                     [24351]
131  Add entries to '/etc/services'               [yes]
132  Allow non-reserved port connections          [yes]
133  Inbound Port range                           [1025-65535]
134  Outbound Port range                          [1025-65535]
137  Network encryption options                   [aes-256:keyfile=/etc/pb.key]
138  Event log encryption options                 [none]
139  I/O log encryption options                   [none]
140  Report encryption options                    [none]
141  Policy file encryption options               [none]
142  Settings file encryption type                [none]
143  REST API encryption options                  [aes-256:keyfile=/etc/pb.re...]
144  Configure with Kerberos v5?                  [no]
150  Enforce High Security Encryption?            [yes]
151  Use SSL?                                     [yes]
152  SSL Configuration?                           [requiressl]
153  SSL pbrun Certificate Authority Directory?   [none]
154  SSL pbrun Certificate Authority File?        [none]
155  SSL pbrun Cipher List?                       [HIGH:!SSLv2:!3DES:!MD5:@ST…]
156  SSL pbrun Certificate Directory?             [none]
157  SSL pbrun Certificate File?                  [none]
158  SSL pbrun Private Key Directory?             [none]
159  SSL pbrun Private Key File?                  [none]
160  SSL pbrun Certificate Subject Checks?        [none]
161  SSL Server Certificate Authority Direct...   [none]
162  SSL Server Certificate Authority File?       [none]
163  SSL Server Cipher List?                      [HIGH:!SSLv2:!3DES:!MD5:@ST...]
164  SSL Server Certificate Directory?            [none]
165  SSL Server Certificate File?                 [/etc/pbssl.pem]
166  SSL Server Private Key Directory?            [none]
167  SSL Server Private Key File?                 [/etc/pbssl.pem]
168  SSL Server Certificate Subject Checks?       [none]
169  SSL Certificate Country Code                 [US]
170  SSL Certificate State/Province               [AZ]
171  SSL Certificate Location (Town/City)         [Phoenix]
172  SSL Certificate Organizational Unit/Dep...   [Security]
173  SSL Certificate Organization                 [BeyondTrust]
174  Configure Privilege Management for Unix...   [no]
175  Install BeyondTrust built-in third-part...   [yes]
176  BeyondTrust built-in third-party librar...   [/usr/lib/beyondtrust/pb]
188  Use PAM?                                     [no]
196  Allow Remote Jobs?                           [yes]
197  UNIX Domain Socket directory                 [none]
198  Reject Null Passwords?                       [no]
199  Enable TCP keepalives?                       [no]
200  Name Resolution Timeout                      [0]
N for the next menu page, P for the previous menu page, C to continue, X to exit
Please enter a menu option [For technical support call 1-800-234-9072]> c
		 
ypcat:  no such map in server's NIS domain
No submitmasters was specified and no NIS netgroup called pbsubmitmasters found
Privilege Management for Unix and Linux needs to know the submitmasters(s) to work.
ThePrivilege Management for Unix and Linux programs need to know which Policy Server Host(s) you have decided to allow to act as submitmaster(s) for this machine.
Submitmasters take requests for secured tasks from Submit Hosts,
accept or reject them, and pass the accepted requests to a Run Host.
To locate submitmasters, programs look for a setting in the settings file
containing the names of the submitmaster machines or a netgroup
called pbsubmitmasters.
		 
Enter Policy Server list (submitmasters):  hp113-ca025-012.unix.symark.com
ypcat:  no such map in server's NIS domain
No acceptmasters was specified and no NIS netgroup called pbacceptmasters foundPrivilege Management for Unix and Linux needs to know the acceptmasters(s) to work.
		 
ThePrivilege Management for Unix and Linux programs need to know which Policy Server Host(s) you have decided to allow to request execution of secured tasks to this machine.
Hosts on the acceptmasters list are the Policy Server Hosts which are allowed
to make secured task requests to this machine.
		 
To do this, programs look for a setting in the settings file containing the
names of the acceptmasters machines or a netgroup called pbacceptmasters.
		 
Enter Incoming Policy Server list (acceptmasters):  hp113-ca025-012.unix.symark.com
ypcat:  no such map in server's NIS domain
No log hosts was specified and no NIS netgroup called pblogservers found
Privilege Management for Unix and Linux needs to know the log hosts(s) to work.
		 
ThePrivilege Management for Unix and Linux programs need to know which machine(s) you have selected as Log Host(s).  Log Hosts are hosts which Policy Servers
select for Run Hosts to do event and I/O logging.
		 
To do this, pbmasterd looks for the setting logservers in the settings
file. This setting contains the names of the Log Host machines or a netgroup.
		 
Current installation settings for Log Server(s):
		 
Enter Log Server list (logservers):  hp113-ca025-012.unix.symark.com
		 
Generating key file /opt/pbpkg/powerbroker/v9.4/pbul_hpux.ia64_9.4.3-18/install/settings_files/pb.key...
		 
Are all the installation settings correct [yes]?
Generating config file /opt/pbpkg/powerbroker/v9.4/pmul_hpux.ia64_9.4.3-18/install/settings_files/pb.cfg
Creating the settings file creation script
Backed up existing settings file creation script to:
'/opt/pbpkg/powerbroker/v9.4/pbul_hpux.ia64_9.4.3-18/install/pbcreatesettingsfile.ctime.May_26_15:05'
Running settings file creation script
Creating settings file /opt/pbpkg/powerbroker/v9.4/pmul_hpux.ia64_9.4.3-18/install/settings_files/pb.settings
Generated settings files are in directory: /opt/pbpkg/powerbroker/v9.4/pmul_hpux.ia64_9.4.3-18/install/settings_files
<MadCap:variable name="PM.PMUL" /> Settings File Generation completed successfully.