Installation Procedure
# PKG_NONABI_SYMLINKS=true # export PKG_NONABI_SYMLINKS
This prevents the symbolic links from being removed by the pkgadd command on Solaris.
To install Endpoint Privilege Management for Unix and Linux using the Solaris Package Manager, do the following:
- Extract the package tarball files into the /opt/beyondtrust/ directory by executing the following command:
gunzip -c pmul<flavor_version>_pkg.tar.Z | tar xvf -
- Navigate to the /opt/beyondtrust/powerbroker/<version>/<flavor>/install/ directory.
- Execute the following command:
./pbinstall -z
You can include other options with the -z option. Use the -R option if you want to specify an alternate base directory for installing the component packages.
You are asked if you want to use client registration. If you plan to enable Registry Name Service, and are installing on a host that is not designated as a primary server, you must run client registration.
pbinstall then asks if you want to enable Registry Name Service.
pbinstall displays the Endpoint Privilege Management for Unix and Linux installation menu.
- Make your menu selections.
When the menu selection process is complete, pbinstall creates the following files in the specified location:
- pb.settings
- pb.cfg
- pb.key (if encryption is enabled)
- pb.conf (for Policy Server host)
- pbpolicykey.pem and pbpolicypubcert.pem (for Policy Server hosts with Cached Policy feature enabled)
The Enter existing pb.settings path menu option enables you to specify your own pb.settings file to use. Also, the Enter directory path for settings file creation menu option enables you to specify where to save the generated settings files. These menu options are available only when running pbinstall with the -z option.
- Optional. For an Endpoint Privilege Management for Unix and Linux client, if client-server communications are to be encrypted, replace the generated pb.key file with the pb.key file from the policy server host. Also, copy any other required key files into the same directory.
- Optional. For a policy server host, write a policy file (pb.conf) and place it in the directory with the other generated files. If you do not provide a pb.conf file, a pb.conf file with the single command reject; is generated and packaged.
Starting with v8.0, pbinstall -z can optionally install the default role-based policies and asks:
Installing default role-based policy pbul_policy.conf and pbul_functions.conf in <install_dir>/settings_files Would you like to use the default role-based policy in the configuration package?
- Answer Yes for new installs only.
- If you are upgrading an existing configuration package, to avoid overwriting your existing policy, answer No.
Use the default role-based policy [Y]?
- If you answer Yes, the default pb.conf, pbul_policy.conf and pbul_functions.conf are created and installed on the policy server.
- If you are installing over an existing installation, and have an existing policy in place, answer No.
- Navigate to the /opt/beyondtrust/powerbroker/<version>/<flavor>/install/ directory.
- Run the pbcreatesolcfgpkg utility by typing:
pbcreatesolcfgpkg -p suffix -s directory
- suffix is appended to the filenames of the configuration package datastream file and the package administration file; length can be up to 26 characters (3 characters for unpatched Solaris 8).
- directory contains the Endpoint Privilege Management for Unix and Linux settings and configuration files to include in the package.
The pbcreatesolcfgpkg utility creates the following files:
- Configuration package file BTPBcf<suffix>.ds
- Package administration file BTPBadmin<suffix>
- Response file BTPB<suffix>.resp
- Navigate to the /opt/beyondtrust/powerbroker/<version>/<flavor>/package/ directory.
- Optional. To install Endpoint Privilege Management for Unix and Linux in an alternative base directory, edit the provided BTPBadmin file and change the basedir=default entry as follows:
basedir=target_base_directory
target_base_directory is the absolute path of the target base directory.
- For each required component package, run the Solaris pkgadd utility to install the component package by typing:
pkgadd -a BTPBadmin -r response-file -d pkg-datastream-file pkg-name
pkg-datastream-file is the name of the component package datastream (.ds) file. response-file is the location and name of the response file, if generated, and pkg-name is the name of the package. For Endpoint Privilege Management for Unix and Linux packages, the package name is the same as the datastream file name without the .ds extension.
pkgadd -a BTPBadmin -r ./BTPB<suffix>.resp -d BTPBrunh.ds BTPBrunh
If no response file is generated (not applicable):
pkgadd -a BTPBadmin -d BTPBrunh.ds BTPBrunh
- Run the Solaris pkgadd utility to install the Endpoint Privilege Management for Unix and Linux configuration package by typing:
pkgadd -a BTPBadmin<suffix> -d BTPBcf<suffix>.ds BTPBcf<suffix>
<suffix> is the suffix specified when the Endpoint Privilege Management for Unix and Linux configuration package is created in step 8.
- Verify the installation of the packages with the Solaris pkginfo utility by typing:
pkginfo | grep BTPB
- If Registry Name Service is enabled and installed on a non-primary server, register the host with the Primary Registry Name Server using a post-install configuration script. Gather the Application ID, Application Key, network name or IP address, and REST TCP/IP port of the primary server, then run the script to register the host and follow the prompts:
/opt/pbul/scripts/pbrnscfg.sh
If you install Endpoint Privilege Management for Unix and Linux using a custom JumpStart session, the Endpoint Privilege Management for Unix and Linux configuration package should be added or removed only once per session to avoid installing conflicting rc scripts.
For more information, see the following:
- For other options you can use with the pbinstall -z option, Plan Your Installation
- pblighttpd
- pbcreatesolcfgpkg
