You can install the agent locally on the computer you will monitor, by deploying from UNIX Agent Manager, or without user interaction by using an answer file.
If you are upgrading the agent, you can choose to create a custom configuration file that contains one or more configuration parameters instead of entering each parameter manually. For any configuration parameter in the file, the UNIX agent upgrade program uses that parameter instead of using the fields in the upgrade screen. You set the parameters in the file using the same format as the silent installation file. For more information about the silent installation file parameters, see Section 2.3.4, Silently Installing on the Agent Computer
The following procedure guides you through logging on to an agent computer and locally installing all required components on the agent computer. If you are upgrading and have used UNIX Agent Manager, make sure to export your host list.
To install or upgrade an agent on the local computer:
(Conditional) If you are upgrading and use UNIX Agent Manager, ensure you have upgraded UNIX Agent Manager to version 7.2 or higher. For information about upgrading UNIX Agent Manager, see Section 2.2, Installing or Upgrading UNIX Agent Manager.
Log on to an agent computer using an account with super user privileges.
Change directories to the product installation package, and then enter the following command to start the install script:
/bin/sh ./install.sh
Proceed through the prompts.
When you are given the option to configure the agent for use with other products, select the option only if you run NetIQ Sentinel, NetIQ Change Guardian, or NetIQ Security Manager to monitor the computer. If you will not use those products, type n instead of accepting the default response of y for those questions.
When you are given the option to specify the restart method, NetIQ recommends that you accept the default, rclink. For more information about restart methods, see Section 3.4, Restart Methods for the UNIX Agent.
(Conditional) If you receive a warning message stating that you do not have a required operating system patch installed, install the patch. If you have a later patch that supersedes the required patch, download a new patch version checker from www.netiq.com/support.
When you finish the installation process, the UNIX agent starts the daemons.
Remote deployment provides a convenient and uniform method for installing one or more UNIX agents. You can use the Deployment wizard provided in the UNIX Agent Manager for remote deployment, unless one of the following conditions exists:
You installed UNIX Agent Manager using the options to restrict all communication to FIPS certified encryption algorithms.
Your site standards prohibit your access to root passwords.
Your site standards require a specific software distribution mechanism.
Your site standards prohibit software distribution mechanisms.
For information about installing UNIX Agent Manager, see Section 2.2, Installing or Upgrading UNIX Agent Manager.
To remotely deploy UNIX agent components:
In the File menu of UNIX Agent Manager, select Remote Deployment.
Click the Add Host button and fill in the fields as prompted.
When you are given the option of communication security settings, do not restrict communication to only Federal Information Processing Standard (FIPS) encrypted algorithms unless you are certain that your environment requires that restriction. If you select that option, UNIX Agent Manager cannot fully communicate with agents that do not have the same restriction. For more information, see Section 3.3, Understanding FIPS Communication
When you are given the option to specify the restart method, NetIQ recommends that you accept the default, rclink. For more information about restart methods, see Section 3.4, Restart Methods for the UNIX Agent.
Proceed through the wizard to complete installation.
(Conditional) If you receive a warning message stating that you do not have a required operating system patch installed, install the patch. If you have a later patch that supersedes the required patch, download a new patch version checker from www.netiq.com/support.
UNIX Agent Manager provides a utility to upgrade existing agents. You cannot use this feature if your UNIX Agent Manager restricts communication to FIPS certified encryption algorithms.
To upgrade version 7.1 UNIX agents using UNIX Agent Manager version 7.2 or higher:
Ensure the computer that you want to upgrade is registered in UNIX Agent Manager. You can do this by either importing an existing list that contains the computer using Manage Hosts > Import/Export Host Lists, or by adding the computer using Manage Hosts > Add Host.
Highlight the computer you want to upgrade, and select Manage 7.1 Hosts > Upgrade Hosts. The left pane will display any options you need to select for your agent.
Scroll to the bottom of the panel and click the Start Upgrade button.
Performing a silent installation allows you to install the UNIX agent without interactively running the installation script. Instead, silent installation uses an installation file that records the information required for completing the installation. Each line in the file is a name=value pair that provides the required information, for example, HOME=/usr/netiq.
If you use the deployment wizard to perform a local installation on one computer, the wizard offers you an opportunity to create a silent installation file based on your choices. A sample installation file, SampleSilentInstallation.cfg, is located on your UNIX agent download package. The following parameters are available for silent installation for the NetIQ UNIX Agent working with Secure Configuration Manager:
|
Parameter |
Description |
|---|---|
CREATE_TARGET_DIR |
Specifies whether you want the install program to create the target installation directory if it does not already exist. Valid entries are y and n. The default is y. |
CONTINUE_WITHOUT_PATCHES |
Specifies whether the install program stops or continues when the operating system is not a supported version. Valid entries are y and n. The default is n. |
IQCONNECT_PORT |
Specifies the port that the UNIX agent uses to listen for communications from UNIX Agent Manager. The default is 2620. |
IQ_STARTUP |
Specifies restart method for the uagent process. For information about the options, see Section 3.4, Restart Methods for the UNIX Agent. Valid entries are rclink and inittab. The default is rclink. |
USE_FIPS_COMMON |
Specifies whether the UNIX agent communicates with UNIX Agent Manager using only FIPS certified encryption algorithms. Only use this option if your environment requires this restriction. For more information about this option, see Section 3.3, Understanding FIPS Communication. Valid entries are 0, meaning that communication is not restricted, and 1, meaning that communication is restricted. The default is 0. |
INSTALL_SCM |
Specifies whether the UNIX agent works with Secure Configuration Manager. Valid entries are y and n. |
SCM_CORE_ADDR |
Specifies the IP address of the computer where you installed Secure Configuration Manager Core Services. |
SCM_CORE_PORT |
Specifies the port that the UNIX agent will use to communicate with Secure Configuration Manager Core Services. |
SCM_UVSERV_PORT |
Specifies the port that the UNIX agent will use to communicate with Secure Configuration Manager. |
SCM_UVSERV_STARTUP |
Specifies the restart method for the uvserv process. For information about the options, see Section 3.4, Restart Methods for the UNIX Agent. Valid entries are rclink, inetd, and inittab. The default is rclink. |
USE_FIPS_SCM |
Specifies whether the UNIX agent communicates with Secure Configuration Manager using only FIPS certified encryption algorithms. Only use this option if your environment requires this restriction. For more information, see Section 3.3, Understanding FIPS Communication. Valid entries are 0, meaning that communication is not restricted, and 1, meaning that communication is restricted. The default is 0. |
Once you have created the installation file, you can run the silent installation from the command line. For example:
./install.sh <Target_Directory> -s <SilentConfigurationFile>.cfg
Where <Target_Directory> is the directory you want to install to and <SilentConfigurationFile> is the file name you used to specify the installation options. You can also use the default configuration file, SampleSilentInstallation.cfg.
The script will then extract information from the installation file and install the agent according to the values you have specified.
NOTE:The installation filename must be specified as an absolute path. By default, SampleSilentInstallation.cfg is located in the UNIX agent install directory.