2.2 Traditional Change Guardian Server Installation

You can install the Change Guardian server on your own Linux server, where you own both the hardware and the full Linux operating system that is installed on your hardware. If you want to install the managed software appliance, see Section 2.3, Appliance Change Guardian Server Installation.

To install the Change Guardian server interactively:

  1. On the command line, type the following command to extract the installation file:

    tar zxvf cgserver-x.x.x-xx.x86_64.tgz

  2. Run the Change Guardian server installation program by typing the following command in the root of the extracted directory:

    ./install-changeguardian.sh

    NOTE:To see additional installation script options, run ./install-changeguardian.sh -h to display the Help.

  3. Press the space bar to read the license agreement. You must page through the entire agreement before you can accept it.

  4. When prompted, select the standard or custom configuration.

    If you select standard, installation proceeds with the 60-day evaluation license key included with the installer. This license key activates the full set of product features for a 60-day evaluation period. At any time you can replace the evaluation license with a license key you have purchased.

  5. (Conditional) If you select the custom configuration, complete the configuration using the following information:

    • Add a production license key: Installs a production web console license key.
    • Assign admin account password: Account for global administration of the system.
    • Assign dbauser account password: PostgreSQL database maintenance account.
    • Assign appuser account password: Account used to interact with the PostgreSQL database at runtime.
    • Customize port assignments: Change the default ports used by the system.
    • Configure LDAP authentication integration: Configure an LDAP user repository to handle authentication.
    • Configure FIPS mode: Configuring FIPS using the custom configuration is not currently supported. For more information about configuring Change Guardian to run in FIPS mode, see Section 2.4.7, Configure Change Guardian to Run in FIPS Mode.

  6. Create an admin account password for global system administration.

  7. Configure the server to use a static or a dynamic (DHCP) IP address. If you select to use a DHCP IP address, monitored systems must be able to resolve the hostname to connect to the Change Guardian server.

  8. Create a Change Guardian cgadmin user password. Use this account to log in to the Policy Editor. This account has the privilege to administer monitoring configuration.

    NOTE:The cgadmin, dbauser, and appuser accounts use this password.

  9. Configure the default email host using the following information:

    • SMTP Host – The full name, including domain name, of the email server from which you want to send scheduled reports by email. You must be able to resolve the specified hostname from the Change Guardian server.

    • SMTP Port – The remote SMTP port used to connect. The default is 25.

    • From – The return email address appearing on each email sent.

    • SMTP User Name (Optional) – The user name to use when connecting to the SMTP server.

    • SMTP Password (Optional) – The password that corresponds to the SMTP user name.

    NOTE:This step is necessary if you want to email reports. You can skip this step, but if you later decide to email reports and events, you must use the Change Guardian server configure.sh script to update this configuration.

When the Change Guardian server installation finishes, the server starts. It might take a few minutes for all services to start after installation. Wait until the installation finishes and all services start before you log in to the server.

To access the Change Guardian web interface, specify the following URL in your web browser:

https:// IP_Address_Change_Guardian_server :8443