Linux Installation¶

Section: Installation | Article 05
Audience: IT Administrators
Last Updated: 2026-04-07

Overview¶

This article covers installing RP-PAM on Linux using native packages. Packages are provided for Debian/Ubuntu (.deb) and RHEL/CentOS/Fedora (.rpm). After completing this guide, the RP-PAM service will be running under systemd and responding to health checks.

Prerequisites¶

Requirement	Details
Operating System	Ubuntu 22.04+, Debian 12+, RHEL 9+, or CentOS Stream 9+
CPU	2 cores minimum (4 recommended)
RAM	4 GB minimum (8 GB recommended)
Disk	30 GB SSD minimum
.NET Runtime	.NET 10 Runtime — included in the package as a dependency
Account	`root` or a user with `sudo` privileges
Network	Outbound HTTPS (443) to `downloads.ravenphyre.net`

See System Requirements for full sizing tables.

Step 1 — Download the Package¶

Debian / Ubuntu¶

Bash:

# Create a temporary directory
mkdir -p /tmp/rppam && cd /tmp/rppam

# Download the .deb package (replace version as needed)
curl -LO "https://downloads.ravenphyre.net/rppam/latest/rppam-1.0.0-linux-amd64.deb"

RHEL / CentOS / Fedora¶

Bash:

mkdir -p /tmp/rppam && cd /tmp/rppam

# Download the .rpm package (replace version as needed)
curl -LO "https://downloads.ravenphyre.net/rppam/latest/rppam-1.0.0-linux-amd64.rpm"

PowerShell (cross-platform):

New-Item -ItemType Directory -Path "/tmp/rppam" -Force
Invoke-WebRequest `
    -Uri "https://downloads.ravenphyre.net/rppam/latest/rppam-1.0.0-linux-amd64.deb" `
    -OutFile "/tmp/rppam/rppam-1.0.0-linux-amd64.deb"

Authentication: If the download requires authentication, pass your portal credentials with -u user:token (curl) or use -Credential (PowerShell).

Step 2 — Verify the Download (Optional but Recommended)¶

# Download the checksum
curl -LO "https://downloads.ravenphyre.net/rppam/latest/rppam-1.0.0-linux-amd64.deb.sha256"

# Verify
sha256sum -c rppam-1.0.0-linux-amd64.deb.sha256

Expected output:

rppam-1.0.0-linux-amd64.deb: OK

Step 3 — Install the Package¶

Debian / Ubuntu¶

sudo apt update
sudo dpkg -i /tmp/rppam/rppam-1.0.0-linux-amd64.deb

# If there are missing dependencies, fix them:
sudo apt --fix-broken install -y

RHEL / CentOS / Fedora¶

sudo dnf install -y /tmp/rppam/rppam-1.0.0-linux-amd64.rpm

Note: On older RHEL/CentOS 7 systems, use yum instead of dnf.

Step 4 — File Locations¶

After installation, files are placed in the following locations:

Path	Contents
`/opt/rppam/`	Application binaries, libraries, and runtime
`/opt/rppam/modules/`	Installed module packages (`.rppkg` files)
`/etc/rppam/`	Configuration files (`rppam.config`, certificates)
`/etc/rppam/keys/`	Encrypted key material (KEK, DEK wrappers)
`/var/log/rppam/`	Application and audit log files
`/var/lib/rppam/`	Local database files (if using embedded mode)

The installer also creates a dedicated service account rppam that owns these files. Do not run RP-PAM as root in production.

Step 5 — Start and Enable the Service¶

The package installs a systemd unit file. Enable it so that RP-PAM starts automatically on boot.

Bash:

# Enable the service to start on boot
sudo systemctl enable rppam

# Start the service now
sudo systemctl start rppam

# Check the status
sudo systemctl status rppam

Expected output (abbreviated):

● rppam.service - Ravenphyre RP-PAM
     Loaded: loaded (/etc/systemd/system/rppam.service; enabled)
     Active: active (running) since ...

PowerShell (cross-platform):

# PowerShell can invoke native commands directly
& systemctl enable rppam
& systemctl start rppam
& systemctl status rppam

Step 6 — Verify the Health Endpoint¶

Bash:

curl -sk https://localhost:7101/health | python3 -m json.tool

Expected response:

{
    "status": "healthy",
    "version": "1.0.0",
    "uptime": "00:00:45"
}

PowerShell:

Invoke-RestMethod -Uri "https://localhost:7101/health" -SkipCertificateCheck

Note: The -k flag (curl) or -SkipCertificateCheck (PowerShell) is needed because RP-PAM ships with a self-signed certificate. Replace it with a trusted certificate for production use.

Service Management¶

Bash (systemctl)¶

# Stop the service
sudo systemctl stop rppam

# Start the service
sudo systemctl start rppam

# Restart the service
sudo systemctl restart rppam

# View service status
sudo systemctl status rppam

# Disable auto-start on boot
sudo systemctl disable rppam

# Re-enable auto-start on boot
sudo systemctl enable rppam

Viewing Logs¶

RP-PAM writes logs to /var/log/rppam/ and also to the systemd journal.

Using journalctl:

# View recent RP-PAM log entries
sudo journalctl -u rppam --no-pager -n 50

# Follow the log in real time
sudo journalctl -u rppam -f

Using the log file directly:

# View the last 50 lines
tail -n 50 /var/log/rppam/rppam.log

# Follow in real time
tail -f /var/log/rppam/rppam.log

PowerShell:

Get-Content "/var/log/rppam/rppam.log" -Tail 50
Get-Content "/var/log/rppam/rppam.log" -Tail 20 -Wait

Uninstalling¶

Debian / Ubuntu¶

# Remove the package (keeps configuration)
sudo apt remove rppam

# Remove the package and its configuration
sudo apt purge rppam

RHEL / CentOS / Fedora¶

sudo dnf remove rppam

Note: Uninstalling removes application binaries but preserves data in /var/lib/rppam/ and configuration in /etc/rppam/. To fully remove all data, delete those directories manually after uninstallation.

Troubleshooting¶

Symptom	Cause	Resolution
`dpkg` fails with dependency errors	Missing .NET 10 Runtime dependency	Run `sudo apt --fix-broken install -y` to resolve
`dnf install` fails with conflicts	Older version already installed	Run `sudo dnf remove rppam` first, then install the new version
Service fails to start	Configuration error or port conflict	Check `sudo journalctl -u rppam -n 50` for the startup error
Health endpoint returns connection refused	Service not running	Verify with `systemctl status rppam`; check logs for errors
Permission denied errors in logs	Wrong file ownership	Run `sudo chown -R rppam:rppam /etc/rppam /var/lib/rppam /var/log/rppam`
SELinux denials (RHEL/CentOS)	SELinux blocking network or file access	Check `sudo ausearch -m AVC -ts recent` and apply the RP-PAM SELinux policy module (see Config Reference)

Next Steps¶

Setup Wizard — Run the first-time setup wizard to configure your database, encryption keys, and admin account
MSSQL Database Setup — Prepare a MSSQL database before running the setup wizard
PostgreSQL Database Setup — Prepare a PostgreSQL database before running the setup wizard
Online License Activation — Activate your license after setup
LVS Relay Setup — Deploy an on-premises license validation proxy (recommended for environments without direct internet access or for resilience against upstream outages)