Update Privilege Management for Unix and Linux with the Solaris Package Installer

The Privilege Management for Unix and Linux Solaris package installer can be used to update an existing Privilege Management for Unix and Linux installation to a new version. The existing Privilege Management for Unix and Linux version should have been installed with the Privilege Management for Unix and Linux package installer.

It is possible to use the Solaris package installer to install Privilege Management for Unix and Linux over an existing version that was installed with pbinstall. However, doing so is not recommended because it can result in unused files from the existing version remaining in the file system.

Package Update Considerations

Installing a Privilege Management for Unix and Linux update with the Solaris package installer is similar to using the Solaris package installer to install Privilege Management for Unix and Linux for the first time. Keep these considerations in mind when you prepare to update Privilege Management for Unix and Linux:

  • Technically, the Privilege Management for Unix and Linux Solaris packages are update packages, as opposed to upgrade packages. An update package overwrites the existing files before registering the new version number in the Solaris Package Manager database.
  • A Privilege Management for Unix and Linux Solaris update package contains a complete Privilege Management for Unix and Linux installation, not just the files that have changed since the previous release.
  • The Privilege Management for Unix and Linux Solaris update packages are compatible with JumpStart.
  • If you have more than one Privilege Management for Unix and Linux package on a computer, you should update all packages on that computer.
  • A newer release can introduce features that use new settings or configurations. In which case, an upgrade of the configuration package of Privilege Management for Unix and Linux is also needed.
  • Unlike Privilege Management for Unix and Linux patches that are installed with pbpatchinstall, update packages cannot be rolled back to a previous release. However, you can install an older package over a newer one, effectively rolling back to the older release.

Package Update Procedure

Follow this procedure to update your installation of Privilege Management for Unix and Linux using the Solaris package installer:

  1. Obtain the tarball file for the Solaris update packages that are appropriate for your hardware. The tarball file name has the format pmul<flavor>-v.v.r-b-pn_pkg.tar.Z, where:
    • <flavor> indicates the operating system and hardware architecture.
    • v.v.r is the major and minor version number and the release number.
    • b is the build number.
    • n is the update number.
  2. Extract the package tarball files into the /opt/beyondtrust/ directory of the computer that you are updating by executing the following command:
    gunzip -c pmul<flavor_version>_pkg.tar.Z | tar xvf -
  3. Navigate to the /opt/beyondtrust/powerbroker/<version>/<flavor>/install/ directory.
  4. Create the settings_files directory and change directory to that location.
  5. To retain or correctly update the settings of the current installation, copy the following files from the target installation host into the settings_files directory you created in step 4:
    • /etc/pb.settings
    • /etc/pb.cfg
    • encryption keys defined in pb.settings for networkencryption, eventlogencryption, iologencryption, reportencryption, policyencryption, and restkeyencryption settings (if enabled)

      Note: In a default installation, there are typically 2 key files created: pb.key and pb.rest.key

    • policy file defined in policyfile setting in pb.settings (if the target installation is a Policy Server)

      Note: In a default installation, the policy file is located in /opt/pbul/policies/pb.conf

  1. Execute the following command and verify the installation settings:

  2. ./pbinstall -z
  1. Create the upgrade configuration package by running the pbcreatesolcfgpkg utility:

    pbcreatesolcfgpkg -p suffix
  2. Use the current suffix of the installation to be upgraded. Use the suffix you provided in the initial package installation in step 8 of the Installation Procedure.

    Another way to find the suffix is to run the following command on the target installation host to get the list of packages installed:

    pkginfo -x | grep BTPB

    Identify the suffix of the Privilege Management for Unix and Linux configuration package using this format:

    BTPBcf<suffix>
  1. Navigate to the /opt/beyondtrust/powerbroker/<version>/<flavor>/package/ directory.
  2. Optional. To install Privilege Management for Unix and Linux in an alternative base directory, edit the provided BTPBadmin file and change the basedir=default entry as follows:
    basedir=target_base_directory

    target_base_directory is the absolute path of the target base directory.

  3. For each required component package, run the Solaris pkgadd utility to install the component package by typing:
    pkgadd -a BTPBadmin -r response-file -d pkg-datastream-file pkg-name

    pkg-datastream-file is the name of the component package datastream (.ds) file. response-file is the location and name of the response file, if generated, and pkg-name is the name of the package. For Privilege Management for Unix and Linux packages, the package name is the same as the datastream file name without the .ds extension.

    pkgadd -a BTPBadmin -r ./BTPB<suffix>.resp -d BTPBrunh.ds BTPBrunh

    If no response file is generated (not applicable):

    pkgadd -a BTPBadmin -d BTPBrunh.ds BTPBrunh
  4. Navigate to the /opt/beyondtrust/powerbroker/<version>/<flavor>/install/ directory.
  5. Run the Solaris pkgadd utility to install the Privilege Management for Unix and Linux configuration package by typing:
    pkgadd -a BTPBadmin<suffix> -d BTPBcf<suffix>.ds BTPBcf<suffix>

    <suffix> is the suffix specified when the Privilege Management for Unix and Linux configuration package is created in step 7.

  1. Verify the installation of the packages with the Solaris pkginfo utility by typing:
    pkginfo -x | grep BTPB