Privilege Management for Unix & Linux Basic 10.2 Release Notes

May 8, 2019

Requirements:

  • Requires the Privilege Management for Unix & Linux License Server, Policy Server, and Log Server to be installed prior to installing Privilege Management for Unix & Linux - Basic Edition.

New Features and Enhancements:

  • The software has been rebranded with the new company logo and colors, and some products have been renamed.
    • PowerBroker for Unix & Linux is now called Privilege Management for Unix & Linux.
    • PowerBroker Sudo is now called Privilege Management for Unix & Linux - Basic Edition.
    • PowerBroker Servers Management Console is now called BeyondInsight for Unix & Linux.
  • New values for ssloptions (TLSMin<ver> and TLSMax<ver>) were added that allow the specification of the minimum and maximum TLS level to be used in the Privilege Management for Unix & Linux protocols.
  • A new value for ssloptions (SSLFirst) was added that forces the SSL handshake to happen before the proprietary Privilege Management for Unix & Linux handshake.
  • A new value for ssloptions (SSLVerbose) was added that allows server components to log more informational messages to their error logs.
  • A shell script called pblighttpd_svc.sh now allows you to stop, start, or restart pblighttpd/pbconfigd services.
  • Use pbdbutil --info --restsvr to check on the health of the REST services (pblighttpd/pbconfigd).
  • Use tempfilepath in pb.settings to specify the temporary directory for Privilege Management for Unix & Linux binaries.
  • Use -t <tmpdir> in pbinstall, pbsudoinstall, and solrinstall to specify the temporary directory to be used during install. When this option is used, tempfilepath in pb.settings is also set to the specified directory.

Issues Resolved:

  • Resolved an issue where pbreplay --timestamp <iolog> would occasionally produce a segmentation violation on some platforms (HPUX).
  • When enforcehighsecurity is set, the cipherlist is no longer hard-coded, and the value of cipherlist in pb.settings is now used.
  • Resolved an issue introduced in 10.1.0 where the PBSUDOADMIN app ID was no longer recognized as a valid application ID during PBsudo client install.
  • The file /usr/lib/beyondtrust/pb/rest/ssl/rest.pem is now only readable for the root user and group.
  • Resolved a sporadic issue where, if the primary license server in a Registry Name Service environment was down, during a failover, the error 3811.31 Failed to update license database '/opt/pbul/dbs/pblicense.db' - I/O error was logged in pbrest.log.
  • Resolved several issues in the Message Router mechanism for writing eventlog records to the event log when under load.
    • Resolved an issue where a buffer was not deallocated correctly in the Message Router when a socket connect to the pblogd timed out, throwing an internal error message.
    • Resolved an issue where an error was not correctly interpreted, resulting in throwing up a spurious error instead of processing the write queue.
    • Resolved an issue where the new nag logging was not creating the shared memory object correctly, resulting in a crash when logging its first nag log message.
  • An appropriate error is now logged if the scheduler fails to create its defaults tasks if restkeyencryption is not set, if restkeyencryption is set incorrectly, or if the hostname is not resolvable.
  • In the message router client, a limit of 2*maxqsize is now used if a write queue entry could not be created (due to lack of space, for example), and an error is added to the logs, preventing the client from looping forever.
  • Resolved a sporadic issue where eventlog records were not written if logcachedb was not defined in pb.settings, the database pblogcache.db did not exist, and iologging was enabled.

Notes:

  • We recommend that you upgrade the License Server, the Policy Server (Master), and the Log Servers before upgrading any clients.
  • These platforms are no longer supported:
    • HP-UX 11i v2 (B.11.23) (PA-RISC 64-bit)
    • HP-UX 11i v3 (B.11.31) (PA-RISC 64-bit)
    • IBM AIX 5L v5.3
    • Oracle Solaris 9 (SPARC and x86)
    • Mac OS 10.5 to 10.11
    • Ubuntu 8.x, 9.x, 10.04, 11.4
    • SUSE Linux Ent Server 10