Sample Execution for the Linux Package Installer

The sample execution shows the installation of a Privilege Management for Unix and Linux submit host, run host, and shared libraries using the Privilege Management for Unix and Linux Linux package installer.

This sample execution is divided into the following parts:

  • Generate the Privilege Management for Unix and Linux settings files.
  • Create the Privilege Management for Unix and Linux configuration package using the pbcreatelincfgpkg program.
  • Install the component packages using the rpm command.
  • Install the configuration package using the rpm command.

Generate the Privilege Management for Unix and Linux Settings Files

This section of the execution shows the generation of the Privilege Management for Unix and Linux settings files (pb.key, pb.cfg, and pb.settings) and also displays the Privilege Management for Unix and Linux installation menu. This output was generated using the pbinstall program with the options: –z, -l, and -r:

# ./pbinstall -zlr
Starting pbinstall main() from /opt/final/powerbroker/v9.4/pmul_linux.x86-64_9.4.1-03/install/.
linux.x86-64
 
Privilege Management for Unix and Linux Settings File Generation
 
Please read the Privilege Management for Unix and Linux Installation Instructions before proceeding.
 
Checking MANIFEST against release directory
Press return to continue
The Registry Name Service of Privilege Management for Unix and Linux facilitates location of other services within the PMUL enterprise with the aid of a centralized
data repository.
IMPORTANT: client registration is required if this is not the Primary Server and you intend to use Registry Name Services.
Do you wish to utilize Registry Name Service? [yes]? no
BeyondTrust Privilege Management for Unix and Linux Installation Menu          
            Opt  Description                                [Value] 
            1  Install Everything Here (Demo Mode)?         [no]
            2  Install License Server?                      [no]
            3  Install Registry Name Services Server?       [no]
            4  Install Client Registration Server?          [no]
            5  Install Policy Server Host?                  [yes]
            6  Install Run Host?                            [yes]
            7  Install Submit Host?                         [yes]
            8  Install PBSSH?                               [yes]
            10  Install Log Host?                           [yes]
            11  Enable Logfile Tracking and Archiving?      [yes]
            12  Is this a Log Archiver Storage Server?      [no]
            13  Is this a Log Archiver Database Server?     [no]
            14  Install File Integrity Monitoring Polic...  [no]
            15  Install REST Services?                      [yes]
            16  List of License Servers                     [*]
            19  Path to Password Safe 'pkrun' binary        []
            23  Install Synchronization program?            [yes]
            25  Install Secure GUI Host?                    [yes]
            26  Install Utilities: pbvi, pbnvi, pbmg, p...  [yes]
            27  Install pbksh?                              [yes]
            28  Install pbsh?                               [yes]
            29  Install man pages?                          [no]
            30  Will this host use a Log Host?              [yes]
            31  AD Bridge Integration?                      [no]
            37  Integration with BeyondInsight?             [no]
            55  Synchronization program can be initiate...  [yes]
            56  Daemons location                            [/usr/sbin]
            57  Number of reserved spaces for submit pr...  [80]
            58  Administration programs location            [/usr/sbin]
            59  User programs location                      [/usr/local/bin]
            60  GUI library directory                       [/usr/local/lib/pbbuilder]
            61  Policy include (sub) file directory         [/opt/pbul/policies]
            62  Policy file name                            [/opt/pbul/policies/pb.conf]
            65  Log Archive Storage Server name             []
            67  Log Archiver Database Server name           []
            69  Logfile Name Cache Database file path?      [/opt/pbul/dbs/pblogcache.db]
            70  REST Service installation directory?        [/usr/lib/beyondtrust/pb/rest]
            71  Install REST API sample code?               [no]
            73  Pblighttpd user                             [pblight]
            75  Pblighttpd user UID                         []
            76  Pblighttpd user GID                         []
            78  Configure systemd?                          [yes]
            79  Command line options for pbmasterd          [-ar]
            80  Policy Server Delay                         [500]
            81  Policy Server Protocol Timeout              [-1]
            82  pbmasterd diagnostic log                    [/var/log/pbmasterd.log]
            83  Eventlog filename                           [/var/log/pb.eventlog]
            84  Configure eventlog rotation via size?       []
            85  Configure eventlog rotation path?           []
            86  Configure eventlog rotation via cron?       [no]
            87  Validate Submit Host Connections?           [no]
            88  List of Policy Servers to submit to         [kandor]
            89  pbrun diagnostic log?                       [none]
            90  pbssh diagnostic log?                       [none]
            91  Allow Local Mode?                           [yes]
            92  Additional secured task checks?             [no]
            93  Suppress Policy Server host failover er...  [yes]
            94  List of Policy Servers to accept from       [kandor]
            95  pblocald diagnostic log                     [/var/log/pblocald.log]
            96  Command line options for pblocald           []
            97  Syslog pblocald sessions?                   [no]
            98  Record PTY sessions in utmp/utmpx?          [yes]
            99  Validate Policy Server Host Connections?    [no]
            100  List of Log Hosts                          [kandor]
            101  Command line options for pblogd            []
            102  Log Host Delay                             [500]
            103  Log Host Protocol Timeout                  [-1]
            104  pblogd diagnostic log                      [/var/log/pblogd.log]
            105  List of log reserved filesystems           [none]
            106  Number of free blocks per log system fi... [0]
            107  Command line options for pbsyncd           []
            108  Sync Protocol Timeout                      [-1]
            109  pbsyncd diagnostic log                     [/var/log/pbsyncd.log]
            110  pbsync diagnostic log                      [/var/log/pbsync.log]
            111  pbsync sychronization time interval (in... [15]
            112  Add installed shells to /etc/shells        [no]
            113  pbksh diagnostic file                      [/var/log/pbksh.log]
            114  pbsh diagnostic file                       [/var/log/pbsh.log]
            115  Stand-alone pblocald command               [none]
            116  Stand-alone root shell default iolog       [/pbshell.iolog]
            117  Command line options for pbguid            []
            118  Command line options for secure pbsguid    []
            119  pbguid and pbsguid diagnostic log          [/var/log/pbguid.log]
            120  pbguid and pbsguid site configuration file [none]
            121  Use syslog?                                [yes]
            122  Syslog facility to use?                    [LOG_AUTHPRIV]
            123  Base Daemon port number                    [24345]
            124  pbmasterd port number                      [24345]
            125  pblocald port number                       [24346]
            126  pblogd port number                         [24347]
            127  pbguid port number                         [24348]
            128  Secure pbsguid port number                 [24349]
            129  pbsyncd port number                        [24350]
            130  REST Service port number                   [24351]
            131  Add entries to '/etc/services'             [yes]
            132  Allow non-reserved port connections        [yes]
            133  Inbound Port range                         [1025-65535]
            134  Outbound Port range                        [1025-65535]
            137  Network encryption options                 [aes-256:keyfile=/etc/pb.key]
            138  Event log encryption options               [none]
            139  I/O log encryption options                 [none]
            140  Report encryption options                  [none]
            141  Policy file encryption options             [none]
            142  Settings file encryption type              [none]
            143  REST API encryption options                [aes-256:keyfile=/etc/pb.re...]
            144  Configure with Kerberos v5?                [no]
            150  Enforce High Security Encryption?          [yes]
            151  Use SSL?                                   [yes]
            152  SSL Configuration?                         [requiressl]
            153  SSL pbrun Certificate Authority Directory? [none]
            154  SSL pbrun Certificate Authority File?      [none]
            155  SSL pbrun Cipher List?                     [HIGH:!SSLv2:!3DES:!MD5:@ST…]
            156  SSL pbrun Certificate Directory?           [none]
            157  SSL pbrun Certificate File?                [none]
            158  SSL pbrun Private Key Directory?           [none]
            159  SSL pbrun Private Key File?                [none]
            160  SSL pbrun Certificate Subject Checks?      [none]
            161  SSL Server Certificate Authority Direct... [none]
            162  SSL Server Certificate Authority File?     [none]
            163  SSL Server Cipher List?                    [HIGH:!SSLv2:!3DES:!MD5:@ST...]
            164  SSL Server Certificate Directory?          [none]
            165  SSL Server Certificate File?               [/etc/pbssl.pem]
            166  SSL Server Private Key Directory?          [none]
            167  SSL Server Private Key File?               [/etc/pbssl.pem]
            168  SSL Server Certificate Subject Checks?     [none]
            169  SSL Certificate Country Code               [US]
            170  SSL Certificate State/Province             [AZ]
            171  SSL Certificate Location (Town/City)       [Phoenix]
            172  SSL Certificate Organizational Unit/Dep... [Security]
            173  SSL Certificate Organization               [BeyondTrust]
            174  Configure Privilege Management for Unix... [no]
            175  Install BeyondTrust built-in third-part... [yes]
            176  BeyondTrust built-in third-party librar... [/usr/lib/beyondtrust/pb]
            188  Use PAM?                                   [no]
            196  Allow Remote Jobs?                         [yes]
            197  UNIX Domain Socket directory               [none]
            198  Reject Null Passwords?                     [no]
            199  Enable TCP keepalives?                     [no]
            200  Name Resolution Timeout                    [0]
            N for the next menu page, P for the previous menu page, C to continue, X to exit
Please enter a menu option [For technical support call 1-800-234-9072]> c
Generating key file /opt/final/powerbroker/v9.4/pmul_linux.x86-64_9.4.1-03/install/settings_files/pb.key...
 
Are all the installation settings correct [yes]?
Generating config file /opt/final/powerbroker/v9.4/pmul_linux.x86-64_9.4.1-03/install/settings_files/pb.cfg
Creating the settings file creation script
Backed up existing settings file creation script to:
'/opt/final/powerbroker/v9.4/pmul_linux.x86-64_9.4.1-03/install/pbcreatesettingsfile.ctime.Feb_13_16:28'
Running settings file creation script
Creating settings file /opt/final/powerbroker/v9.4/pmul_linux.x86-64_9.4.1-03/install/settings_files/pb.settings
Generated settings files are in directory: /opt/final/powerbroker/v9.4/pmul_linux.x86-64_9.4.1-03/install/settings_filesPrivilege Management for Unix and Linux Settings File Generation completed successfully.

Create the Privilege Management for Unix and Linux Configuration Package Using pbcreatelincfgpkg

This section shows the creation of the Privilege Management for Unix and Linux configuration package using the pbcreatelincfgpkg program with the -p and -s options.

At the end of its output, the pbcreatelincfgpkg script shows which Privilege Management for Unix and Linux component packages need to be installed.

# ./pbcreatelincfgpkg  -p CLIENTPAKU  -s /opt/final/powerbroker/v9.4/CLIENTPAKU_settings_files
pbcreatelincfgpkg: starting from /opt/final/powerbroker/v9.4/pmul_linux.x86-64_9.4.1-03/install
pbcreatelincfgpkg: keyfile pb.key will be included in package
Reading /opt/final/powerbroker/v9.4/CLIENTPAKU_settings_files/pb.cfg
		 
pbcreatelincfgpkg: making PowerBroker Linux configuration package . . .
Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.kq2x6j
+ umask 022
+ cd /opt/final/powerbroker/v9.4/pmul_linux.x86-64_9.4.1-03/install/rpmbuild/BUILD
+ LANG=C
+ export LANG
+ unset DISPLAY
+ rm -rf '/opt/final/powerbroker/v9.4/pmul_linux.x86-64_9.4.1-03/install/rpmbuild/BUILD/*'
+ exit 0
Executing(%build): /bin/sh -e /var/tmp/rpm-tmp.Z2J5QI
+ umask 022
+ cd /opt/final/powerbroker/v9.4/pmul_linux.x86-64_9.4.1-03/install/rpmbuild/BUILD
+ LANG=C
+ export LANG
+ unset DISPLAY
+ exit 0
Executing(%install): /bin/sh -e /var/tmp/rpm-tmp.wlumC7
+ umask 022
+ cd /opt/final/powerbroker/v9.4/pmul_linux.x86-64_9.4.1-03/install/rpmbuild/BUILD
+ '[' /opt/final/powerbroker/v9.4/pmul_linux.x86-64_9.4.1-03/install/rpmbuild/BUILDROOT/powerbroker-9.4.1.03-1.x86_64 '!=' / ']'
+ rm -rf /opt/final/powerbroker/v9.4/pmul_linux.x86-64_9.4.1-03/install/rpmbuild/BUILDROOT/powerbroker-9.4.1.03-1.x86_64
++ dirname /opt/final/powerbroker/v9.4/pmul_linux.x86-64_9.4.1-03/install/rpmbuild/BUILDROOT/powerbroker-9.4.1.03-1.x86_64
+ mkdir -p /opt/final/powerbroker/v9.4/pmul_linux.x86-64_9.4.1-03/install/rpmbuild/BUILDROOT
+ mkdir /opt/final/powerbroker/v9.4/pmul_linux.x86-64_9.4.1-03/install/rpmbuild/BUILDROOT/powerbroker-9.4.1.03-1.x86_64
+ LANG=C
+ export LANG
+ unset DISPLAY
+ mkdir -p /opt/final/powerbroker/v9.4/pmul_linux.x86-64_9.4.1-03/install/rpmbuild/BUILDROOT/powerbroker-9.4.1.03-1.x86_64/etc
+ mkdir -p /opt/final/powerbroker/v9.4/pmul_linux.x86-64_9.4.1-03/install/rpmbuild/BUILDROOT/powerbroker-9.4.1.03-1.x86_64/etc/pb
+ cp /opt/final/powerbroker/v9.4/CLIENTPAKU_settings_files/pb.settings /opt/final/powerbroker/v9.4/pmul_linux.x86-64_9.4.1-03/install/rpmbuild/BUILDROOT/powerbroker-9.4.1.03-1.x86_64/etc/pb.settings
+ cp /opt/final/powerbroker/v9.4/CLIENTPAKU_settings_files/pb.cfg /opt/final/powerbroker/v9.4/pbul_linux.x86-64_9.4.1-03/install/rpmbuild/BUILDROOT/powerbroker-9.4.1.03-1.x86_64/etc/pb.cfg
+ cp /opt/final/powerbroker/v9.4/CLIENTPAKU_settings_files/pb.key /opt/final/powerbroker/v9.4/pbul_linux.x86-64_9.4.1-03/install/rpmbuild/BUILDROOT/powerbroker-9.4.1.03-1.x86_64/etc/pb.key
++ dirname /var/log/pblocald.log
+ logfiledir=/var/log
+ '[' '!' -d /opt/final/powerbroker/v9.4/pmul_linux.x86-64_9.4.1-03/install/rpmbuild/BUILDROOT/powerbroker-9.4.1.03-1.x86_64/var/log ']'
+ mkdir -p /opt/final/powerbroker/v9.4/pmul_linux.x86-64_9.4.1-03/install/rpmbuild/BUILDROOT/powerbroker-9.4.1.03-1.x86_64/var/log
++ dirname /var/log/pbksh.log
+ logfiledir=/var/log
+ '[' '!' -d /opt/final/powerbroker/v9.4/pmul_linux.x86-64_9.4.1-03/install/rpmbuild/BUILDROOT/powerbroker-9.4.1.03-1.x86_64/var/log ']'
++ dirname /var/log/pbsh.log
+ logfiledir=/var/log
+ '[' '!' -d /opt/final/powerbroker/v9.4/pmul_linux.x86-64_9.4.1-03/install/rpmbuild/BUILDROOT/powerbroker-9.4.1.03-1.x86_64/var/log ']'
++ dirname /pbshell.iolog
+ logfiledir=/
+ '[' '!' -d /opt/final/powerbroker/v9.4/pmul_linux.x86-64_9.4.1-03/install/rpmbuild/BUILDROOT/powerbroker-9.4.1.03-1.x86_64/ ']'
+ /usr/lib/rpm/check-buildroot
+ /usr/lib/rpm/redhat/brp-compress
+ /usr/lib/rpm/redhat/brp-strip /usr/bin/strip
+ /usr/lib/rpm/redhat/brp-strip-static-archive /usr/bin/strip
+ /usr/lib/rpm/redhat/brp-strip-comment-note /usr/bin/strip /usr/bin/objdump
+ /usr/lib/rpm/brp-python-bytecompile /usr/bin/python
+ /usr/lib/rpm/redhat/brp-python-hardlink
+ /usr/lib/rpm/redhat/brp-java-repack-jars
Processing files: powerbroker-configCLIENTPAKU-9.4.1.03-1.noarch
Requires(interp): /bin/sh /bin/sh /bin/sh /bin/sh
Requires(rpmlib): rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(FileDigests) <= 4.6.0-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1
Requires(pre): /bin/sh
Requires(post): /bin/sh
Requires(preun): /bin/sh
Requires(postun): /bin/sh
Checking for unpackaged file(s): /usr/lib/rpm/check-files /opt/final/powerbroker/v9.4/pbul_linux.x86-64_9.4.1-03/install/rpmbuild/BUILDROOT/powerbroker-9.4.1.03-1.x86_64
Wrote: /opt/final/powerbroker/v9.4/pbul_linux.x86-64_9.4.1-03/install/rpmbuild/RPMS/noarch/powerbroker-configCLIENTPAKU-9.4.1.03-1.noarch.rpm
Executing(%clean): /bin/sh -e /var/tmp/rpm-tmp.A8w0eY
+ umask 022
+ cd /opt/final/powerbroker/v9.4/pbul_linux.x86-64_9.4.1-03/install/rpmbuild/BUILD
+ rm -rf /opt/final/powerbroker/v9.4/pmul_linux.x86-64_9.4.1-03/install/rpmbuild/BUILDROOT/powerbroker-9.4.1.03-1.x86_64/etc /opt/final/powerbroker/v9.4/pbul_linux.x86-64_9.4.1-03/install/rpmbuild/BUILDROOT/powerbroker-9.4.1.03-1.x86_64/pbshell.iolog /opt/final/powerbroker/v9.4/pmul_linux.x86-64_9.4.1-03/install/rpmbuild/BUILDROOT/powerbroker-9.4.1.03-1.x86_64/var
+ exit 0
pbcreatelincfgpkg: rpm package built
pbcreatelincfgpkg: rpm package verified
pbcreatelincfgpkg: rpm package 'powerbroker-configCLIENTPAKU-9.4.1.03-1.noarch.rpm' placed in
/opt/final/powerbroker/v9.4/pmul_linux.x86-64_9.4.1-03/install
		 
pbcreatelincfgpkg: the following packages will need to be loaded to the target system:
powerbroker-runhost powerbroker-submithost powerbroker-shlibs
		 
pbcreatelincfgpkg: completed.

Install Component Packages Using the rpm Command

This section shows the execution of the rpm command to install component packages for the submit host, run host, and shared libraries:

# cd /opt/final/powerbroker/v9.4/pmul_linux.x86-64_9.4.1-03/package
# rpm -iv powerbroker-shlibs-9.4.1.03-1.x86_64.rpm powerbroker-submithost-9.4.1.03-1.x86_64.rpm  powerbroker-runhost-9.4.1.03-1.x86_64.rpm
warning: powerbroker-shlibs-9.4.1.03-1.x86_64.rpm: Header V3 DSA/SHA1 Signature, key ID 19227ca5: NOKEY
        Preparing packages for installation...
        powerbroker-shlibs-9.4.1.03-1
        powerbroker-runhost-9.4.1.03-1
        powerbroker-submithost-9.4.1.03-1

Install the Configuration Package Using the rpm Command

This section shows the execution of the Linux rpm command to install the configuration package. Following installation of the configuration package, the installation is verified by submitting the id command to Privilege Management for Unix and Linux, and the Linux rpm -qa utility is used to list the Privilege Management for Unix and Linux packages that are installed:

# cd /opt/final/powerbroker/v9.4/pmul_linux.x86-64_9.4.1-03/install
# rpm  -iv powerbroker-configCLIENTPAKU-9.4.1.03-1.noarch.rpm
Preparing packages for installation...
powerbroker-configCLIENTPAKU-9.4.1.03-1
Reading pb.cfg...
Updating Settings in database (if any)...
Checking installation of dependent component packages...
'rpm -V' of package powerbroker-shlibs succeeded
'rpm -V' of package powerbroker-submithost succeeded
'rpm -V' of package powerbroker-runhost succeeded
Looking for SuperDaemons to configure...
Finished looking for SuperDaemons to configure...
Removing PowerBroker service definitions (if any) from /etc/services.
Adding PowerBroker service definitions to /etc/services.
Removing any PowerBroker definitions from SuperDaemon xinetd file /etc/xinetd.conf
Adding PowerBroker definitions to SuperDaemon configurations   /etc/xinetd.conf.
Reloading SuperDaemon Configurations...
Done Reloading SuperDaemon Configurations...
# rpm -qa | grep powerbroker
powerbroker-runhost-9.4.1.03-1.x86_64
powerbroker-configCLIENTPAKU-9.4.1.03-1.noarch
powerbroker-shlibs-9.4.1.03-1.x86_64
powerbroker-submithost-9.4.1.03-1.x86_64
		 
# pbrun id # test PowerBroker
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk), 10(wheel),501(amanda)
		 
# rpm -qa | grep powerbroker # list PowerBroker packages
powerbroker-runhost-9.4.1.03-1.x86_64
powerbroker-configCLIENTPAKU-9.4.1.03-1.noarch
powerbroker-shlibs-9.4.1.03-1.x86_64
powerbroker-submithost-9.4.1.03-1.x86_64