Update Privilege Management for Unix and Linux with the Linux Package Installer

The Privilege Management for Unix and Linux Linux package installer can be used to upgrade an existing Privilege Management for Unix and Linux installation to a new version. The existing Privilege Management for Unix and Linux version should have been installed with the Privilege Management for Unix and Linux package installer.

It is possible to use the Linux package installer to install Privilege Management for Unix and Linux over an existing version that was installed with pbinstall. However, we do not recommended doing so because it can result in unused files from the existing version remaining in the file system.

Package Upgrade Considerations

Installing an upgrade with the Linux package installer is similar to using the Linux package installer to install Privilege Management for Unix and Linux for the first time. Keep these considerations in mind when you prepare to upgrade:

  • Technically, the Privilege Management for Unix and Linux Linux packages are upgrade packages, as opposed to update packages. An upgrade package installs the new files before removing the existing files and registering the new version number in the RPM database.
  • A Privilege Management for Unix and Linux Linux upgrade package contains a complete Privilege Management for Unix and Linux installation, rather than simply the files that have changed since the previous release.
  • If you have more than one Privilege Management for Unix and Linux package on a computer, upgrade all packages on that computer.
  • A newer release can introduce features that use new settings or configurations. In which case, an upgrade of the configuration package of Privilege Management for Unix & Linux is also needed.
  • Unlike Privilege Management for Unix and Linux patches that are installed with pbpatchinstall, upgrade packages cannot be rolled back to a previous release. However, you can install an older package over a newer one, effectively rolling back to the older release.

For more information, please see Revert to a Previous Version.

Package Upgrade Procedure

Follow this procedure to upgrade your installation of Privilege Management for Unix and Linux using the Linux package installer:

  1. Obtain the tarball file for the Linux upgrade packages that are appropriate for your hardware. The tarball file name has the format pmul_<flavor>-v.v.r-bb-pn_pkg.tar.Z.
    • <flavor> indicates the operating system and hardware architecture.
    • v.v.r is the major and minor version number and the release number.
    • bb is the build number.
    • n is the update number.
  2. Extract the package tarball files into the /opt/beyondtrust/ directory by executing the following command:
    tar xvfz pmul_<flavor_version>_pkg.tar.Z
  1. Navigate to the /opt/beyondtrust/powerbroker/v<version>/<flavor>/install/ directory
  2. Create the settings_files directory and change directory to that location.
  3. To retain or correctly update the settings of the current installation, copy the following files from the target installation host into the settings_files directory you created in step 4:
    • /etc/pb.settings
    • /etc/pb.cfg
    • encryption keys defined in pb.settings for networkencryption, eventlogencryption, iologencryption, reportencryption, policyencryption, and restkeyencryption settings (if enabled)

      Note: In a default installation, there are typically 2 key files created: pb.key and pb.rest.key

    • policy file defined in policyfile setting in pb.settings (if the target installation is a Policy Server)

      Note: In a default installation, the policy file is located in /opt/pbul/policies/pb.conf

  1. Execute the following command and verify the installation settings:
  2. ./pbinstall -z
  1. Create the upgrade configuration package by running the pbcreatelincfgpkg utility:
  2. pbcreatelincfgpkg -p suffix

    Use the current suffix of the installation to be upgraded. Use the suffix you provided during the initial package installation in step 9 of the Installation Procedure.

    Another way to find the suffix is to run the following command on the target installation host to get the list of packages installed:

    rpm -qa |grep powerbroker

    Identify the suffix of the Privilege Management for Unix and Linux configuration package using this format:

    powerbroker-config<suffix>-<version>.noarch
  1. Navigate to the /opt/beyondtrust/powerbroker/v<version>/<flavor>/package/ directory.
  2. Use the Linux rpm utility to upgrade the component packages by typing:
    rpm -Uv package-file-1 package-file-2...

    package-file-n is the name of a component package (.rpm) file.

    rpm  -Uv  powerbroker-submithost-9.4.1.03-1.p2-1.x86_64.rpm  powerbroker-runhost-9.4.1.03-1.p2-1.x86_64.rpm
  1. Navigate to the /opt/beyondtrust/powerbroker/<version>/<flavor>/install/ directory.
  2. Run the Linux rpm utility to install the Privilege Management for Unix and Linux configuration package by typing:
    rpm -Uv package-file

    package-file is the name of the configuration package (.rpm) file created in step 7.

  1. Verify the installation of the packages by typing:
    rpm -qa| grep powerbroker

Revert to a Previous Version

Unlike Privilege Management for Unix and Linux patches that are installed with pbpatchinstall, upgrade packages cannot be rolled back to a previous release. However, you can install an older package over a newer one, effectively rolling back to the older release. To install older packages over newer ones, use the following command:

rpm -Uv --oldpackage package-file-1 package file-2...

This command restores the previous release. Repeat the command to restore earlier releases. To restore a single package per rpm command, add the --replacepkgs option.