This topic provides information about the various ways to install Security Agent for UNIX.
Remote deployment provides a convenient and uniform method for installing one or more Agents. You can use the Deployment wizard provided in the UNIX Agent Manager for remote deployment, unless one of the following conditions exist:
Your site standards prohibit your access to root passwords.
Your site standards require a specific software distribution mechanism.
Your site standards prohibit software distribution mechanisms.
To remotely deploy the Agent components:
Launch UNIX Agent Manager.
Go to File > Remote Deployment.
Select Add Host, specify the host name of the computer on which you want to install the Agent and click OK.
Select the checkbox next to the added host, fill in all the details on the right panel, and click Next.
Specify the User name and Password of the target computer.
Select Create a new configuration in the Prepare Agent Configuration window and click Next.
NOTE:If you have already saved the configuration file from a previous installation or silent installation file, you can use the other options accordingly.
(Conditional) If you have already installed components on host(s) and want to use them, select Add the selected components to the existing install in the Installation type.
(Conditional) If you are installing the components on the host(s) newly, select Create a new install with the selected components in the Installation type. This will remove any components already installed on the host(s), including AppManager components.
Select the required components to install and click Next.
(Conditional) Go to the Required Configuration window, specify the Port as 2620 and select Enable FIPS Security Restrictions, and complete the installation.
NOTE:Do not restrict communication security settings to Federal Information Processing Standard (FIPS) encrypted algorithms unless you are certain that your environment requires that restriction. If you enable FIPS 140-2 mode, UNIX Agent Manager cannot communicate with Agents that are running in non-FIPS mode. For more information about FIPS and the other security level options, see Section 5.0, Converting Agent from Non-FIPS to FIPS mode.
When prompted, specify rclink. rclink is the default option for restart method. For more information about restart methods, see Restart Methods for the Security Agent for UNIX.
(Conditional) If you are monitoring Secure Configuration Manager servers, go to the Secure Configuration Manager Configuration window and specify the following:
uvserv Port: Enter 1622.
Hostname: Specify the host name.
Port: Enter 1627.
SCM Core Version: Specify the version of Secure Configuration Manager server.
NOTE:To enable FIPS communication between the Agent and Secure Configuration Manager server, select the checkbox next to Enable FIPS Security Restrictions.
(Conditional) If you are monitoring Change Guardian servers, go to the Change Guardian Configuration window and specify the following:
CGU Component Startup Type: Select rc scripts.
Hostname: Specify the host name.
Port: Enter 8094.
Username: Enter the user name.
Password: Enter the password.
NOTE:You can specify the other details and click Next.
(Conditional) If you are monitoring Sentinel servers, go to the Sentinel Configuration window and specify the following:
Sentinel Component Startup Type: Select rc scripts.
Hostname: Specify the host name.
Port: Enter 1590.
Failover 1: Specify the IP address of the first server.
Failover 2: Specify the IP address of the second server.
SNMP Console Host Name: Specify the IP address of the SNMP host.
NOTE:You can specify the other details and click Next.
Continue with the installation as prompted until the installation is complete.
(Conditional) If you are monitoring Oracle databases with Sentinel, provide the configuration information for the computer by clicking Configure > Sentinel Options > Configure Oracle Endpoints.
To add a host in UNIX Agent Manager, where the Agent is already installed:
Go to Manage Hosts > Add Host.
Enter the host name or IP address of the computer on which the Agent is already installed.
When prompted, enter the UNIX Agent Manager database account Username and Password.
Click Add Host button to add the host.
The following procedure guides you through logging on to the endpoints and locally installing the Agent computer.
To install an Agent on a local computer:
Log on to an Agent computer using an account with superuser privileges.
Download the package in the root folder and specify the following command to extract the install files from the tar file.
tar -zxvf <install_filename>
Replace <install_filename> with the actual name of the install file.
Change to the directory where you extracted the installer:
cd <directory_name>
Specify the following command to start the install script:
/bin/sh ./install.sh
(Conditional) If a compatible agent is already installed, enter y when you are prompted with the following text:
A compatible agent is already installed on this machine in the directory '/usr’. Do you want to add or upgrade existing agents to it?
(Conditional) If you are installing a new agent, when prompted, enter /usr and proceed through the prompts.
(Conditional) To install the Agent in FIPS mode, enter y when you are prompted with the following text in the command prompt:
Do you want to enable FIPS security restrictions for communication with this component? [n]
The default value is n.
Proceed through the prompts.
Enter y if you want the Agent to monitor other NetIQ security products. Otherwise, enter n.
When prompted, specify rclink.
rclink is the default option for restart method. For more information about restart methods, see Restart Methods for the Security Agent for UNIX.
(Conditional) If you are using Sentinel, when the installation completes, add the host using UNIX Agent Manager for deploying the Sentinel rules. For information about how to deploy rules, see Activating Rule Sets.
(Conditional) If you are monitoring Oracle databases with Sentinel, provide the configuration information for the computer by clicking Configure> Sentinel Options > Configure Oracle Endpoints.
The installation process finishes and the Agent starts. It might take a few minutes for all services to start after installation.
The silent or unattended installation is useful if you need to install more than one Agent. Silent installation allows you to install the Agent without interactively running the installation script.
IMPORTANT:To perform silent installation, ensure that you have recorded the installation parameters during the interactive installation and then run the recorded file on other endpoints. Silent installation uses an installation file that records the information required for completing the installation. Each line in the file is a name=value pair that provides the required information, for example, HOME=/usr/netiq.
The installation script extracts information from the installation file and installs the Agent according to the values you specify.
If you use the deployment wizard to perform local installation on one computer, you can create a silent installation file based on your requirement. A sample installation file, SampleSilentInstallation.cfg, is located in your Agent download package.
To perform a silent installation:
Download the installation files from the NetIQ Downloads website.
Download the package in the root folder and specify the following command to extract the install files from the tar file:
tar -zxvf <install_filename>
Replace <install_filename> with the actual name of the install file.
After you create the installation file, you can run silent installation on the endpoints from command line using the following command:
./install.sh <Target_Directory> -s <SilentConfigurationFile>.cfg
Where Target_Directory is the directory you want to install the Agent and SilentConfigurationFile is the file name used to specify the installation options. You can also use the default configuration file, SampleSilentInstallation.cfg. The installation file name must be specified as an absolute path. By default, SampleSilentInstallation.cfg is located in the Agent install directory.
NOTE:If you are using the Agent with Sentinel, perform additional steps after the silent installation:
Deploy the Sentinel rules using UNIX Agent Manager on the Agent computer. For information about how to deploy rules, see Activating Rule Sets.
Configure Oracle database monitoring by clicking Configure> Sentinel Options > Configure Oracle Endpoints.
Following is the list of parameters that you can use during silent installation:
|
Parameter |
Description |
|---|---|
FRESH_INSTALL |
Specifies whether you want to install or upgrade the Agent. Valid entries are 1 (install) and 0 (upgrade). The default value is 1. |
CREATE_TARGET_DIR |
Specifies whether you want the install program to create the target installation directory if it does not already exist. Valid entries are y and n. The default value is y. |
CONTINUE_WITHOUT_PATCHES |
Specifies whether the install program stops or continues when the operating system is not a supported version. Valid entries are y and n. The default value is n. |
IQCONNECT_PORT |
Specifies the port that the Agent uses to listen for communications from UNIX Agent Manager. The default value is 2620. |
IQ_STARTUP |
Specify restart method for the uagent process. For information about the options, see Restart Methods for the Security Agent for UNIX. Valid entries are rclink and inittab. The default option is rclink. |
USE__COMMON |
Specifies whether the Agent communicates with UNIX Agent Manager in FIPS mode. For more information about this option, see Section 5.0, Converting Agent from Non-FIPS to FIPS mode. The default value is 0. |
INSTALL_SENTINEL |
Specifies whether the Agent works with Sentinel. Valid entries are y and n. |
SENTINEL_ADDR= |
Specifies the IP address of the primary Sentinel Agent Manager Server SSL. |
SENTINEL_PORT |
Specifies the port that the Agent will use to communicate with Sentinel. The default value is 1590. |
SENTINEL_FAILOVER1_ADDR= |
Specifies the IP address of the failover Sentinel that the Agent will attempt to contact if the primary Sentinel does not respond. |
SENTINEL_FAILOVER1_PORT= |
Specifies the port that the Agent will use to communicate with the first failover Sentinel. The default value is 1590. |
SENTINEL_FAILOVER2_ADDR= |
Specifies the IP address of the failover Sentinel server that the Agent will attempt to contact if the first failover Sentinel does not respond. |
SENTINEL_FAILOVER2_PORT= |
Specifies the port that the Agent will use to communicate with the second failover Sentinel server. The default value is 1590. |
SENTINEL_PRIMARY_RETRY |
Specifies how many seconds you want the Agent to wait before attempting to reconnect to a primary computer that does not respond. |
SENTINEL_SNMP_TRAPS |
Specifies the port that the Agent will monitor for SNMP notifications. |
SENTINEL_LOW_DISK |
Specifies the minimum disk space in bytes that are required to run the Agent. If the disk space falls below this limit, then the Agent will stop monitoring. |
SENTINEL_STARTUP |
Specifies restart method for the Agent. For information about the options, see Restart Methods for the Security Agent for UNIX. Valid entries are rclink and inittab. The default value is rclink. |
INSTALL_SCM |
Specifies whether the Agent works with Secure Configuration Manager. Valid entries are y and n. |
SCM_CORE_ADDR |
Specifies the IP address of the computer where you installed Secure Configuration Manager Core Services. |
SCM_CORE_PORT |
Specifies the port that the Agent will use to communicate with Secure Configuration Manager Core Services. |
SCM_UVSERV_PORT |
Specifies the port that the Agent will use to communicate with Secure Configuration Manager. |
SCM_UVSERV_STARTUP |
Specifies the restart method for the uvserv process. For information about the options, see Restart Methods for the Security Agent for UNIX. Valid entries are rclink, inetd, and inittab. The default value is rclink. |
USE_FIPS_SCM |
Specifies whether the Agent communicates with Secure Configuration Manager in FIPS mode. Use this option if your environment requires FIPS. For more information, see Restart Methods for the Security Agent for UNIX. Valid entries are 0, communication is not restricted, and 1, communication is restricted. The default value is 0. |
INSTALL_CGU |
Specifies whether the Agent works with Change Guardian. Valid entries are y and n. |
IQRM_ADDR |
Specifies the IP address of the computer where you installed the Change Guardian Policy Repository. |
IQRM_PORT |
Specifies the port that the Agent will use to communicate with the Change Guardian Policy Repository. The default value is 8094. |
IQRM_USER |
Specifies the account that the Agent uses when accessing the Change Guardian Policy Repository. |
IQRM_PASS |
Specifies the password for the account that the Agent uses when accessing the Change Guardian Policy Repository. |
IQCONFIG_RECONNECT |
Specifies how often, in minutes, the Agent checks for new information in the Change Guardian Policy Repository. For example, 2. |
CGU_STARTUP |
Specifies restart method for the detected process. For information about the options, see Restart Methods for the Security Agent for UNIX. Valid entries are rclink and inittab. The default value is rclink. |
MANAGE_AUDIT_LOGS |
Specifies whether the Agent reduces the size and removes old audit logs. Valid entries are y and n. |
AUDIT_LOG_SIZE |
Specifies the maximum size, in bytes, that the Agent allows an audit log to reach before starting a new log. |
AUDIT_LOG_RETENTION |
Specifies the number of audit logs that the Agent keeps. Once this number of audit logs exists, the Agent will delete old logs when making new ones. |
KEEP_OLD_AGENT_DIR |
Specifies whether to keep the previous installation directory when you are upgrading the Agent. Valid entries are y and n. |
OLD_INSTALL_DIR_MOVED |
Specifies the directory where you want the installation program to move to the previous installation directory. |