Step-by-Step Instructions for a Basic Installation Using pbinstall

The basic pbinstall procedure assumes that you have successfully downloaded and unarchived the Endpoint Privilege Management for Unix and Linux distribution or have an Endpoint Privilege Management for Unix and Linux CD.

For additional information about Endpoint Privilege Management for Unix and Linux components and more options for pbinstall, see the following:

Run a Basic Installation Using pbinstall

To perform a basic Endpoint Privilege Management for Unix and Linux installation using the pbinstall script, use the following procedure:

  1. If you downloaded Endpoint Privilege Management for Unix and Linux using the Web or FTP, then do the following. To install Endpoint Privilege Management for Unix and Linux from a CD, skip to step 2.
    • Create the /opt/beyondtrust directory if it does not already exist.
    • Extract the Endpoint Privilege Management for Unix and Linux installation files by executing the following command: 
      gunzip -c pmul<flavor_version>.tar.Z | tar xvf -
  2. To install from a CD, insert it into the CD-ROM drive on your machine. Mount the CD by entering:
    mount /cdrom <device_name>

Your system may require additional command options or have a different mount point. For more information, see the mount main page for your system.

  1. Navigate to the appropriate install directory on the file system or CD.
  2. Start the pbinstall script with the following command:
    ./pbinstall
  3. Press Enter after you read the initial messages.
  4. A prompt will ask if this is the first installation in the enterprise:
    Endpoint Privilege Management for Unix and Linux must have a designated Primary Server to provide control and consistency for all its components/entities.
The Primary Server must be installed and configured first before all other hosts.
Is this the first installation in the enterprise (designated Primary Server) [yes]?
  5. If you install a new client you may wish to use the client registration facility. When first invoking pbinstall, the following is displayed:
    Client registration provides a method of automatic configuration based upon a profile provided by your Primary License Server. To use this functionality you will need to know specific parameters from your  Primary License Server setup. See the installation guide for details.
Do you wish to utilize client registration? [no]? yes
Enter the Application ID generated on the Primary License Server: appid
Enter the Application Key generated on the Primary License Server: 0b5e954e- be38-424d-b7e7-3e0ec91d9301                                                                                                            
Enter the Primary License Server address/domain name for registering clients: master.organization.com
Enter the Primary License Server REST TCP/IP port [24351]:
Enter the Registration Client Profile name[default]:

    If you wish to enable automatic configuration using client registration, you need the following:

    • REST Application ID
    • REST Application Key
    • Network name or IP address of the primary license server that has been configured to enable client registration
    • REST services port
    • Name of the client registration profile configured by the administrator

    Once you have the data and have entered them into the pbinstall prompts, the configuration of the client is downloaded and the installation continues. All defaults used during the rest of the installation process are from the information retrieved.

  6. A prompt asks if you want to install the Registry Name Services. 
    The Registry Name Service of Endpoint Privilege Management for Unix and Linux facilitates location of other services within the pmul enterprise with the aid of a centralized data repository.
IMPORTANT: It is highly recommended to utilize client registration if you are using Registry Name Services. Do you wish to utilize Registry Name Service? [yes]?

    If you answer no to the previous question, Is this the first installation?, you are asked to register the host as a Registry Name Service client.

    To enable the use of Registry Name Services each client needs to be registered with the primary server.

    Please complete the questions below to enable this registration.
Enter the Application ID generated on the Primary Registry Name Server:  appid
Enter the Application Key generated on the Primary Registry Name Server:  appkey
Enter the address/domain name for the Primary Registry Name Server:  host
Enter the Primary Registry Name Server REST TCP/IP port [24351]:

    If RNS is specified, the defaults for submitmasters, acceptmasters, logservers, etc, are changed to asterisk (*), and registrynameserver yes is added to the prospective pb.settings.

  7. The pbinstall menu displays a set of options similar to the following:
Opt Description [Value]
1 Install Everything Here (Demo Mode)? [yes]
2 Install License Server? [yes]
3 Install Registry Name Services Server? [no]
4 Install Client Registration Server? [yes]
5 Install Policy Server Host? [yes]
6 Allow Policy & Log Caching? [yes]
7 Enable Role-Based Policy? [yes]
8 Install Run Host? [yes]
9 Install Submit Host? [yes]
10 Enable Policy & Logs Caching for client? [yes]
11 Install PBSSH? [yes]
12 Install sudo Policy Server? [yes]
13 Install Log Host? [yes]
14 Enable Logfile Tracking and Archiving? [yes]
15 Is this a Log Archiver Storage Server? [yes]

The following instructions select the required options to do a basic installation only.

  1. Choose your options.
  2. Use the c navigation command to continue the installation.
  3. A prompt asks if you want to view the install script. Specify n.

 

This option is intended for troubleshooting by BeyondTrust Technical Support. The generated install script contains thousands of lines of code.

  1. A prompt asks if you want to install the product now. Specify y.

The Endpoint Privilege Management for Unix and Linux install script executes and installs Endpoint Privilege Management for Unix and Linux components on this machine.

  1. If an Endpoint Privilege Management for Unix and Linux policy file exists, it is not modified. Starting with version 8.0, if you do not have a policy file, a default policy is installed by default. The files {prefix}pbul_policy.conf{suffix} and {prefix}pbul_functions.conf{suffix} are created in the default directory /opt/pbul/policies from v9.4.3+ and /etc prior to v9.4.3. {prefix}pbul_policy.conf{suffix} is then included in the main policy (by default /opt/pbul/policies/{prefix}pb.conf {suffix} from v9.4.3+ and /etc/{prefix}pb.conf {suffix} prior to v9.4.3).

 

An empty policy file rejects all Endpoint Privilege Management for Unix and Linux commands. For information about writing policy files, see the Endpoint Privilege Management for Unix and Linux Policy Language Guide.

  1. Change the permissions on the policy file so that it can be read by root only:
    chmod 600 /opt/pbul/policies/pb.conf

The installation is now complete.

For more information, see Advanced Installation Instructions Using pbinstall.