Sample Execution for the Linux Package Installer
The sample execution shows the installation of an Endpoint Privilege Management for Unix and Linux submit host, run host, and shared libraries using the Endpoint Privilege Management for Unix and Linux Linux package installer.
This sample execution is divided into the following parts:
- Generate the Endpoint Privilege Management for Unix and Linux settings files.
- Create the Endpoint Privilege Management for Unix and Linux configuration package using the pbcreatelincfgpkg program.
- Install the component packages using the rpm command.
- Install the configuration package using the rpm command.
Generate the Endpoint Privilege Management for Unix and Linux Settings Files
This section of the execution shows the generation of the Endpoint Privilege Management for Unix and Linux settings files (pb.key, pb.cfg, and pb.settings) and also displays the Endpoint Privilege Management for Unix and Linux installation menu. This output was generated using the pbinstall program with the options: –z, -l, and -r:
# ./pbinstall -zlr Starting pbinstall main() from /opt/final/powerbroker/v9.4/pmul_linux.x86-64_9.4.1-03/install/. linux.x86-64 Endpoint Privilege Management for Unix and Linux Settings File Generation Please read the Endpoint Privilege Management for Unix and Linux Installation Instructions before proceeding. Checking MANIFEST against release directory Press return to continue The Registry Name Service of Endpoint Privilege Management for Unix and Linux facilitates location of other services within the EPM-UL enterprise with the aid of a centralized data repository. IMPORTANT: client registration is required if this is not the Primary Server and you intend to use Registry Name Services. Do you wish to utilize Registry Name Service? [yes]? no BeyondTrust Endpoint Privilege Management for Unix and Linux Installation Menu Opt Description [Value] 1 Install Everything Here (Demo Mode)? [no] 2 Install License Server? [no] 3 Install Registry Name Services Server? [no] 4 Install Client Registration Server? [no] 5 Install Policy Server Host? [yes] 6 Install Run Host? [yes] 7 Install Submit Host? [yes] 8 Install PBSSH? [yes] 10 Install Log Host? [yes] 11 Enable Logfile Tracking and Archiving? [yes] 12 Is this a Log Archiver Storage Server? [no] 13 Is this a Log Archiver Database Server? [no] 14 Install File Integrity Monitoring Polic... [no] 15 Install REST Services? [yes] 16 List of License Servers [*] 19 Path to Password Safe 'pkrun' binary [] 23 Install Synchronization program? [yes] 25 Install Secure GUI Host? [yes] 26 Install Utilities: pbvi, pbnvi, pbmg, p... [yes] 27 Install pbksh? [yes] 28 Install pbsh? [yes] 29 Install man pages? [no] 30 Will this host use a Log Host? [yes] 31 AD Bridge Integration? [no] 37 Integration with BeyondInsight? [no] 55 Synchronization program can be initiate... [yes] 56 Daemons location [/usr/sbin] 57 Number of reserved spaces for submit pr... [80] 58 Administration programs location [/usr/sbin] 59 User programs location [/usr/local/bin] 60 GUI library directory [/usr/local/lib/pbbuilder] 61 Policy include (sub) file directory [/opt/pbul/policies] 62 Policy file name [/opt/pbul/policies/pb.conf] 65 Log Archive Storage Server name [] 67 Log Archiver Database Server name [] 69 Logfile Name Cache Database file path? [/opt/pbul/dbs/pblogcache.db] 70 REST Service installation directory? [/usr/lib/beyondtrust/pb/rest] 71 Install REST API sample code? [no] 73 Pblighttpd user [pblight] 75 Pblighttpd user UID [] 76 Pblighttpd user GID [] 78 Configure systemd? [yes] 79 Command line options for pbmasterd [-ar] 80 Policy Server Delay [500] 81 Policy Server Protocol Timeout [-1] 82 pbmasterd diagnostic log [/var/log/pbmasterd.log] 83 Eventlog filename [/var/log/pb.eventlog] 84 Configure eventlog rotation via size? [] 85 Configure eventlog rotation path? [] 86 Configure eventlog rotation via cron? [no] 87 Validate Submit Host Connections? [no] 88 List of Policy Servers to submit to [kandor] 89 pbrun diagnostic log? [none] 90 pbssh diagnostic log? [none] 91 Allow Local Mode? [yes] 92 Additional secured task checks? [no] 93 Suppress Policy Server host failover er... [yes] 94 List of Policy Servers to accept from [kandor] 95 pblocald diagnostic log [/var/log/pblocald.log] 96 Command line options for pblocald [] 97 Syslog pblocald sessions? [no] 98 Record PTY sessions in utmp/utmpx? [yes] 99 Validate Policy Server Host Connections? [no] 100 List of Log Hosts [kandor] 101 Command line options for pblogd [] 102 Log Host Delay [500] 103 Log Host Protocol Timeout [-1] 104 pblogd diagnostic log [/var/log/pblogd.log] 105 List of log reserved filesystems [none] 106 Number of free blocks per log system fi... [0] 107 Command line options for pbsyncd [] 108 Sync Protocol Timeout [-1] 109 pbsyncd diagnostic log [/var/log/pbsyncd.log] 110 pbsync diagnostic log [/var/log/pbsync.log] 111 pbsync sychronization time interval (in... [15] 112 Add installed shells to /etc/shells [no] 113 pbksh diagnostic file [/var/log/pbksh.log] 114 pbsh diagnostic file [/var/log/pbsh.log] 115 Stand-alone pblocald command [none] 116 Stand-alone root shell default iolog [/pbshell.iolog] 121 Use syslog? [yes] 122 Syslog facility to use? [LOG_AUTHPRIV] 123 Base Daemon port number [24345] 124 pbmasterd port number [24345] 125 pblocald port number [24346] 126 pblogd port number [24347] 129 pbsyncd port number [24350] 130 REST Service port number [24351] 131 Add entries to '/etc/services' [yes] 132 Allow non-reserved port connections [yes] 133 Inbound Port range [1025-65535] 134 Outbound Port range [1025-65535] 137 Network encryption options [aes-256:keyfile=/etc/pb.key] 138 Event log encryption options [none] 139 I/O log encryption options [none] 140 Report encryption options [none] 141 Policy file encryption options [none] 142 Settings file encryption type [none] 143 REST API encryption options [aes-256:keyfile=/etc/pb.re...] 144 Configure with Kerberos v5? [no] 150 Enforce High Security Encryption? [yes] 151 Use SSL? [yes] 152 SSL Configuration? [requiressl] 153 SSL pbrun Certificate Authority Directory? [none] 154 SSL pbrun Certificate Authority File? [none] 155 SSL pbrun Cipher List? [HIGH:!SSLv2:!3DES:!MD5:@ST…] 156 SSL pbrun Certificate Directory? [none] 157 SSL pbrun Certificate File? [none] 158 SSL pbrun Private Key Directory? [none] 159 SSL pbrun Private Key File? [none] 160 SSL pbrun Certificate Subject Checks? [none] 161 SSL Server Certificate Authority Direct... [none] 162 SSL Server Certificate Authority File? [none] 163 SSL Server Cipher List? [HIGH:!SSLv2:!3DES:!MD5:@ST...] 164 SSL Server Certificate Directory? [none] 165 SSL Server Certificate File? [/etc/pbssl.pem] 166 SSL Server Private Key Directory? [none] 167 SSL Server Private Key File? [/etc/pbssl.pem] 168 SSL Server Certificate Subject Checks? [none] 169 SSL Certificate Country Code [US] 170 SSL Certificate State/Province [AZ] 171 SSL Certificate Location (Town/City) [Phoenix] 172 SSL Certificate Organizational Unit/Dep... [Security] 173 SSL Certificate Organization [BeyondTrust] 174 Configure Privilege Management for Unix... [no] 175 Install BeyondTrust built-in third-part... [yes] 176 BeyondTrust built-in third-party librar... [/usr/lib/beyondtrust/pb] 188 Use PAM? [no] 196 Allow Remote Jobs? [yes] 197 UNIX Domain Socket directory [none] 198 Reject Null Passwords? [no] 199 Enable TCP keepalives? [no] 200 Name Resolution Timeout [0] N for the next menu page, P for the previous menu page, C to continue, X to exit Please enter a menu option [For technical support call 1-800-234-9072]> c Generating key file /opt/final/powerbroker/v9.4/pmul_linux.x86-64_9.4.1-03/install/settings_files/pb.key... Are all the installation settings correct [yes]? Generating config file /opt/final/powerbroker/v9.4/pmul_linux.x86-64_9.4.1-03/install/settings_files/pb.cfg Creating the settings file creation script Backed up existing settings file creation script to: '/opt/final/powerbroker/v9.4/pmul_linux.x86-64_9.4.1-03/install/pbcreatesettingsfile.ctime.Feb_13_16:28' Running settings file creation script Creating settings file /opt/final/powerbroker/v9.4/pmul_linux.x86-64_9.4.1-03/install/settings_files/pb.settings Generated settings files are in directory: /opt/final/powerbroker/v9.4/pmul_linux.x86-64_9.4.1-03/install/settings_filesEndpoint Privilege Management for Unix and Linux Settings File Generation completed successfully.
Create the Endpoint Privilege Management for Unix and Linux Configuration Package Using pbcreatelincfgpkg
This section shows the creation of the Endpoint Privilege Management for Unix and Linux configuration package using the pbcreatelincfgpkg program with the -p and -s options.
At the end of its output, the pbcreatelincfgpkg script shows which Endpoint Privilege Management for Unix and Linux component packages need to be installed.
# ./pbcreatelincfgpkg -p CLIENTPAKU -s /opt/final/powerbroker/v9.4/CLIENTPAKU_settings_files pbcreatelincfgpkg: starting from /opt/final/powerbroker/v9.4/pmul_linux.x86-64_9.4.1-03/install pbcreatelincfgpkg: keyfile pb.key will be included in package Reading /opt/final/powerbroker/v9.4/CLIENTPAKU_settings_files/pb.cfg pbcreatelincfgpkg: making PowerBroker Linux configuration package . . . Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.kq2x6j + umask 022 + cd /opt/final/powerbroker/v9.4/pmul_linux.x86-64_9.4.1-03/install/rpmbuild/BUILD + LANG=C + export LANG + unset DISPLAY + rm -rf '/opt/final/powerbroker/v9.4/pmul_linux.x86-64_9.4.1-03/install/rpmbuild/BUILD/*' + exit 0 Executing(%build): /bin/sh -e /var/tmp/rpm-tmp.Z2J5QI + umask 022 + cd /opt/final/powerbroker/v9.4/pmul_linux.x86-64_9.4.1-03/install/rpmbuild/BUILD + LANG=C + export LANG + unset DISPLAY + exit 0 Executing(%install): /bin/sh -e /var/tmp/rpm-tmp.wlumC7 + umask 022 + cd /opt/final/powerbroker/v9.4/pmul_linux.x86-64_9.4.1-03/install/rpmbuild/BUILD + '[' /opt/final/powerbroker/v9.4/pmul_linux.x86-64_9.4.1-03/install/rpmbuild/BUILDROOT/powerbroker-9.4.1.03-1.x86_64 '!=' / ']' + rm -rf /opt/final/powerbroker/v9.4/pmul_linux.x86-64_9.4.1-03/install/rpmbuild/BUILDROOT/powerbroker-9.4.1.03-1.x86_64 ++ dirname /opt/final/powerbroker/v9.4/pmul_linux.x86-64_9.4.1-03/install/rpmbuild/BUILDROOT/powerbroker-9.4.1.03-1.x86_64 + mkdir -p /opt/final/powerbroker/v9.4/pmul_linux.x86-64_9.4.1-03/install/rpmbuild/BUILDROOT + mkdir /opt/final/powerbroker/v9.4/pmul_linux.x86-64_9.4.1-03/install/rpmbuild/BUILDROOT/powerbroker-9.4.1.03-1.x86_64 + LANG=C + export LANG + unset DISPLAY + mkdir -p /opt/final/powerbroker/v9.4/pmul_linux.x86-64_9.4.1-03/install/rpmbuild/BUILDROOT/powerbroker-9.4.1.03-1.x86_64/etc + mkdir -p /opt/final/powerbroker/v9.4/pmul_linux.x86-64_9.4.1-03/install/rpmbuild/BUILDROOT/powerbroker-9.4.1.03-1.x86_64/etc/pb + cp /opt/final/powerbroker/v9.4/CLIENTPAKU_settings_files/pb.settings /opt/final/powerbroker/v9.4/pmul_linux.x86-64_9.4.1-03/install/rpmbuild/BUILDROOT/powerbroker-9.4.1.03-1.x86_64/etc/pb.settings + cp /opt/final/powerbroker/v9.4/CLIENTPAKU_settings_files/pb.cfg /opt/final/powerbroker/v9.4/pbul_linux.x86-64_9.4.1-03/install/rpmbuild/BUILDROOT/powerbroker-9.4.1.03-1.x86_64/etc/pb.cfg + cp /opt/final/powerbroker/v9.4/CLIENTPAKU_settings_files/pb.key /opt/final/powerbroker/v9.4/pbul_linux.x86-64_9.4.1-03/install/rpmbuild/BUILDROOT/powerbroker-9.4.1.03-1.x86_64/etc/pb.key ++ dirname /var/log/pblocald.log + logfiledir=/var/log + '[' '!' -d /opt/final/powerbroker/v9.4/pmul_linux.x86-64_9.4.1-03/install/rpmbuild/BUILDROOT/powerbroker-9.4.1.03-1.x86_64/var/log ']' + mkdir -p /opt/final/powerbroker/v9.4/pmul_linux.x86-64_9.4.1-03/install/rpmbuild/BUILDROOT/powerbroker-9.4.1.03-1.x86_64/var/log ++ dirname /var/log/pbksh.log + logfiledir=/var/log + '[' '!' -d /opt/final/powerbroker/v9.4/pmul_linux.x86-64_9.4.1-03/install/rpmbuild/BUILDROOT/powerbroker-9.4.1.03-1.x86_64/var/log ']' ++ dirname /var/log/pbsh.log + logfiledir=/var/log + '[' '!' -d /opt/final/powerbroker/v9.4/pmul_linux.x86-64_9.4.1-03/install/rpmbuild/BUILDROOT/powerbroker-9.4.1.03-1.x86_64/var/log ']' ++ dirname /pbshell.iolog + logfiledir=/ + '[' '!' -d /opt/final/powerbroker/v9.4/pmul_linux.x86-64_9.4.1-03/install/rpmbuild/BUILDROOT/powerbroker-9.4.1.03-1.x86_64/ ']' + /usr/lib/rpm/check-buildroot + /usr/lib/rpm/redhat/brp-compress + /usr/lib/rpm/redhat/brp-strip /usr/bin/strip + /usr/lib/rpm/redhat/brp-strip-static-archive /usr/bin/strip + /usr/lib/rpm/redhat/brp-strip-comment-note /usr/bin/strip /usr/bin/objdump + /usr/lib/rpm/brp-python-bytecompile /usr/bin/python + /usr/lib/rpm/redhat/brp-python-hardlink + /usr/lib/rpm/redhat/brp-java-repack-jars Processing files: powerbroker-configCLIENTPAKU-9.4.1.03-1.noarch Requires(interp): /bin/sh /bin/sh /bin/sh /bin/sh Requires(rpmlib): rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(FileDigests) <= 4.6.0-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1 Requires(pre): /bin/sh Requires(post): /bin/sh Requires(preun): /bin/sh Requires(postun): /bin/sh Checking for unpackaged file(s): /usr/lib/rpm/check-files /opt/final/powerbroker/v9.4/pbul_linux.x86-64_9.4.1-03/install/rpmbuild/BUILDROOT/powerbroker-9.4.1.03-1.x86_64 Wrote: /opt/final/powerbroker/v9.4/pbul_linux.x86-64_9.4.1-03/install/rpmbuild/RPMS/noarch/powerbroker-configCLIENTPAKU-9.4.1.03-1.noarch.rpm Executing(%clean): /bin/sh -e /var/tmp/rpm-tmp.A8w0eY + umask 022 + cd /opt/final/powerbroker/v9.4/pbul_linux.x86-64_9.4.1-03/install/rpmbuild/BUILD + rm -rf /opt/final/powerbroker/v9.4/pmul_linux.x86-64_9.4.1-03/install/rpmbuild/BUILDROOT/powerbroker-9.4.1.03-1.x86_64/etc /opt/final/powerbroker/v9.4/pbul_linux.x86-64_9.4.1-03/install/rpmbuild/BUILDROOT/powerbroker-9.4.1.03-1.x86_64/pbshell.iolog /opt/final/powerbroker/v9.4/pmul_linux.x86-64_9.4.1-03/install/rpmbuild/BUILDROOT/powerbroker-9.4.1.03-1.x86_64/var + exit 0 pbcreatelincfgpkg: rpm package built pbcreatelincfgpkg: rpm package verified pbcreatelincfgpkg: rpm package 'powerbroker-configCLIENTPAKU-9.4.1.03-1.noarch.rpm' placed in /opt/final/powerbroker/v9.4/pmul_linux.x86-64_9.4.1-03/install pbcreatelincfgpkg: the following packages will need to be loaded to the target system: powerbroker-runhost powerbroker-submithost powerbroker-shlibs pbcreatelincfgpkg: completed.
Install Component Packages Using the rpm Command
This section shows the execution of the rpm command to install component packages for the submit host, run host, and shared libraries:
# cd /opt/final/powerbroker/v9.4/pmul_linux.x86-64_9.4.1-03/package # rpm -iv powerbroker-shlibs-9.4.1.03-1.x86_64.rpm powerbroker-submithost-9.4.1.03-1.x86_64.rpm powerbroker-runhost-9.4.1.03-1.x86_64.rpm warning: powerbroker-shlibs-9.4.1.03-1.x86_64.rpm: Header V3 DSA/SHA1 Signature, key ID 19227ca5: NOKEY Preparing packages for installation... powerbroker-shlibs-9.4.1.03-1 powerbroker-runhost-9.4.1.03-1 powerbroker-submithost-9.4.1.03-1
Install the Configuration Package Using the rpm Command
This section shows the execution of the Linux rpm command to install the configuration package. Following installation of the configuration package, the installation is verified by submitting the id command to Endpoint Privilege Management for Unix and Linux, and the Linux rpm -qa utility is used to list the Endpoint Privilege Management for Unix and Linux packages that are installed:
# cd /opt/final/powerbroker/v9.4/pmul_linux.x86-64_9.4.1-03/install # rpm -iv powerbroker-configCLIENTPAKU-9.4.1.03-1.noarch.rpm Preparing packages for installation... powerbroker-configCLIENTPAKU-9.4.1.03-1 Reading pb.cfg... Updating Settings in database (if any)... Checking installation of dependent component packages... 'rpm -V' of package powerbroker-shlibs succeeded 'rpm -V' of package powerbroker-submithost succeeded 'rpm -V' of package powerbroker-runhost succeeded Looking for SuperDaemons to configure... Finished looking for SuperDaemons to configure... Removing PowerBroker service definitions (if any) from /etc/services. Adding PowerBroker service definitions to /etc/services. Removing any PowerBroker definitions from SuperDaemon xinetd file /etc/xinetd.conf Adding PowerBroker definitions to SuperDaemon configurations /etc/xinetd.conf. Reloading SuperDaemon Configurations... Done Reloading SuperDaemon Configurations... # rpm -qa | grep powerbroker powerbroker-runhost-9.4.1.03-1.x86_64 powerbroker-configCLIENTPAKU-9.4.1.03-1.noarch powerbroker-shlibs-9.4.1.03-1.x86_64 powerbroker-submithost-9.4.1.03-1.x86_64 # pbrun id # test PowerBroker uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk), 10(wheel),501(amanda) # rpm -qa | grep powerbroker # list PowerBroker packages powerbroker-runhost-9.4.1.03-1.x86_64 powerbroker-configCLIENTPAKU-9.4.1.03-1.noarch powerbroker-shlibs-9.4.1.03-1.x86_64 powerbroker-submithost-9.4.1.03-1.x86_64