Skip to main content

Setting up the Unix Listener

You must install the Unix Listener on each Unix system where Bravura Security Fabric performs operations. To do this:

  1. Determine requirements

  2. If you did not select the Unix Installation Packages when you installed the Connector Pack, install the psunix installation package

  3. Run the installation shell script in:

Requirements

Before you begin:

  • Ensure that the xinetd or inetd service is configured.

    The Unix Listener requires an Internet services daemon for operation, and the installer checks for xinetd/inetd configuration prior to installation. If either service is installed but not configured, the installer will configure the service. If neither service is installed, the installer will inform you that the Unix Listener requires either xinetd or inetd for operation. The xinetd server is the preferred server and is chosen by default if both inetd and xinetd are available.

    Bravura Security Fabric supports xinetd versions 2.3.4 and newer.

  • Have the following information available:

    • The local administrative account that will be used to authenticate the Unix Listener

      This is the same account that you use as credentials when adding the target in Bravura Security Fabric .

    • The port the Unix Listener will be listening on; the default is 905.

    • The encrypted communication key (COMMKEY), or a copy of the idmsetup.inf configuration file.

      The idmsetup.inf configuration file is located on the <instance>\psconfig\ directory.

    Tip

    After copying idmsetup.inf, the best practice is to remove all unrequired data from the file before use.

    You will be prompted to enter these values during the Unix Listener installation.

    Bravura Security Fabric does not support plus (+) or minus (-) entries in UNIX local passwd and group files to incorporate NIS. Instead, you can use /etc/nsswitch.conf to incorporate NIS.

Installing the Unix Listener interactively

Installing interactively takes less preparation and allows you to specify settings during installation. You can use the idmsetup.inf configuration to pass through some of the information as defaults.

Ensure that you have met the requirements.

To interactively install the Unix Listener on the Unix system:

  1. Run the shell script install.sh from the root of the installation package:

    sudo sh install.sh [ -inf <path>/idmsetup.inf ] [ -inst <instancename> ]

    where:

    Option

    Description

    -inf

    Specifies the path to the idmsetup.inf file. If omitted, you must enter communication key (or Master Key) and other information when prompted.

    -inst

    Specifies the instance name for location of the psunix files. If omitted, files are copied to the /usr/local/psunix/default instance. See Determining the psunix instance for more information about the instance location.

  2. Follow the instructions displayed by the installer script.

    In the installation process:

    • Allow system files to be backed up.

    • Select the Listener Service.

    • Submit the Communication Key.

    • Submit the local administrative account. This is the same account that you use as credentials when adding the target in Bravura Security Fabric .

    • Note the port number that was assigned to Bravura Security Fabric by the installation shell script. It is normally 905, but may be different on your system.

      You need this port number when adding the Unix target system to Bravura Security Fabric , as described in Targeting a Unix system .

      On systems where /etc/services defines port 905/tcp to be reserved, the installer will consider that port as unavailable. To make it available, first make sure it is not in use, then comment out the 905/tcp line in /etc/services . This can be done while the installer is waiting for a new port number to be input.

Installing the Unix Listener non-interactively

The installer’s non-interactive mode allows you to perform unattended installations. This would be advantageous where you want to install on many systems over SSH, for example. This mode requires you to write a response file that is used with a command line option.

Ensure that you have met the requirements.

To install the Unix Listener non-interactively:

  1. Edit the following sections of the psunix-responsefile.cfg in the root of the installation package:

    ###################################################################### 
## general options 

# Prior to installing PSUNIX, the installer allows the option to 
# backup files affected by the installation process. 

  pre-backup = "Y"; 

# By default, if pre-existing configuration file(s) contains all the 
# required options, do not replace them. 

  use-preexisting-cfg = "Y"; 

###################################################################### 
## listener options 

# The port that the PSUNIX listener binds to and listens on.  The 
# default is port "905". 

  listener-port = "905";

  2. Edit the <psunix-root>/conf/psunix.d/listener configuration file to specify the administrative user that the Listener will authenticate against.

  3. Edit <psunix-root>/conf/psunix.cfg to define the communication key (or Master Key) that matches the one set during installation on the Bravura Security Fabric server; for example:

    commkey = "<encrypted commkey value>";

    Optionally, you can pre-configure other options in this file if you want different behavior from the default. See Unix Configuration Scripts for details.

  4. Run the shell script install.sh from the root of the installation package:

    sh install.sh -c 1 -ni [ -inst <instancename> ]

    where:

    Option

    Description

    -inst

    Specifies the instance name for location of the psunix files. If omitted, files are copied to the /usr/local/psunix/default instance. See Determining the psunix instance for more information about the instance location.

In this section: