Symantec Critical System User Manual

Symantec™ Critical System Protection Installation Guide

10 ContentsCopying files required for the policy conversion utility ...110Migrating legacy detection policy files ...

100 Installing UNIX agentsTroubleshooting agent issues

Chapter5Migrating to the latest versionThis chapter includes the following topics: Migrating legacy installations of Symantec Critical System Protect

102 Migrating to the latest versionMigrating legacy installations of Symantec Critical System ProtectionWhen migrating legacy installations for Symant

103Migrating to the latest versionMigrating legacy installations of Symantec Critical System ProtectionIf you changed the name of the database owner a

104 Migrating to the latest versionMigrating legacy installations of Symantec Critical System ProtectionTable 5-1 lists the management server-related

105Migrating to the latest versionMigrating other legacy agent installationsTo specify the management server list for an agent1 At a command prompt, l

106 Migrating to the latest versionChecklist for migrating from Symantec Intruder AlertPolicy migration involves using a policy conversion utility tha

107Migrating to the latest versionChecklist for migrating from Symantec Intruder AlertSystem Protection authoring environment (and eventually conditio

108 Migrating to the latest versionChecklist for migrating from Symantec Host IDSChecklist for migrating from Symantec Host IDSSymantec Critical Syste

109Migrating to the latest versionMigrating legacy agent software(and each ungrouped agent), noting the stock policies and the custom policies that ar

Chapter1Introducing Symantec™ Critical System ProtectionThis chapter includes the following topics: About Symantec Critical System Protection Compon

110 Migrating to the latest versionPreparing for detection policy migrationInstalling the authoring environment and policy conversion utilityThe Syman

111Migrating to the latest versionMigrating legacy detection policy filesMigrating legacy detection policy filesYour legacy detection policy files may

112 Migrating to the latest versionMigrating legacy detection policy filesTable 5-2 lists the policy conversion utility command line switches.Note: To

113Migrating to the latest versionMigrating legacy detection policy files4 Type ITAHIDSpolicyMigration.exe, type the names of your source and destinat

114 Migrating to the latest versionMigrating legacy detection policy files3 In the right pane, on the General tab, in the Name box, type a name for yo

115Migrating to the latest versionMigrating legacy detection policy filesYou should also check other migrated rule elements such as patterns and actio

116 Migrating to the latest versionMigrating legacy detection policy files6 For rules that need to be changed, on the Rules tab, right-click the rule

117Migrating to the latest versionMigrating legacy detection policy filesApplying policies created and compiled in the authoring environmentYou use th

118 Migrating to the latest versionMigrating legacy detection policy files

IndexAagentalternate management servers 27, 103fail back interval 26failover 25, 74groupscommon configuration 53, 63, 76, 81detection configuration 54

12 Introducing Symantec™ Critical System ProtectionComponents of Symantec Critical System ProtectionSymantec Critical System Protection agents detect

120 IndexIP routing 24LLinux agentsdisabling and enabling 93kernel driver support 19monitoring and restarting 98uninstalling manually 87log filesagent

121IndexSQL serverevaluation installation 44installation requirements 34installing to existing 34MDAC requirements 35production database installation

122 Index

13Introducing Symantec™ Critical System ProtectionHow Symantec Critical System Protection worksHow Symantec Critical System Protection worksSymantec C

14 Introducing Symantec™ Critical System ProtectionWhere to get more informationWhere to get more informationProduct manuals for Symantec Critical Sys

Chapter2Planning the installationThis chapter includes the following topics: About planning the installation About network architecture and policy d

16 Planning the installationSystem requirementsalong with a few agents, and become familiar with Symantec Critical System Protection operations. When

17Planning the installationSystem requirementsOperating system requirementsTable 2-1 lists Symantec Critical System Protection component operating sys

18 Planning the installationSystem requirementsSolaris packagesThe agent installation checks for the presence of Solaris system packages.The following

19Planning the installationSystem requirements SUNWkvm Core Architecture, (Kvm) SUNWcsr Core Solaris, (Root) SUNWcsu Core Solaris, (Usr) SUNWcsd C

Symantec™ Critical System ProtectionInstallation GuideThe software described in this book is furnished under a license agreement and may be used only

20 Planning the installationSystem requirementsIf a system is configured with a different kernel, the agent will attempt to load the latest version av

21Planning the installationDisabling Windows XP firewallsDisabling Windows XP firewallsWindows XP and Windows 2003 Server contain firewalls that are e

22 Planning the installationAbout using firewalls with Symantec Critical System Protection4 On the Advanced tab, under Internet Connection Firewall, u

23Planning the installationAbout name resolutionto the instance using that port. Thus, your firewall must allow traffic from the management server to

24 Planning the installationAbout IP routingAbout IP routingAs bastion hosts, firewalls traditionally incorporate some form of network address transla

25Planning the installationAbout simple failoverBy default, the enable intrusion prevention option is selected during Symantec Critical System Protect

26 Planning the installationAbout simple failover Once the IPS Service fails away from the first server in the ordered list, it periodically checks i

27Planning the installationAbout the Windows NT agent installationSpecifying the management server list for an agentTo use simple failover for an agen

28 Planning the installationAbout log filesdrivers. To temporarily disable agents that run on Windows NT Server, you create an alternate hardware prof

29Planning the installationWhat to do after installationTable 2-5 lists the management server log files.What to do after installationYou can begin enf

Technical SupportSymantec Technical Support maintains support centers globally. Technical Support’s primary role is to respond to specific queries abo

30 Planning the installationWhat to do after installation

Chapter3Installing Symantec Critical System Protection on WindowsThis chapter includes the following topics: About installing Symantec Critical Syste

32 Installing Symantec Critical System Protection on WindowsAbout installing Symantec Critical System Protection on WindowsAbout installing Symantec C

33Installing Symantec Critical System Protection on WindowsAbout installing Symantec Critical System Protection on WindowsBypassing prerequisite check

34 Installing Symantec Critical System Protection on WindowsAbout installing a database to a SQL Server instanceAbout installing a database to a SQL S

35Installing Symantec Critical System Protection on WindowsAbout installing a database to a SQL Server instanceAfter you install the instance of SQL S

36 Installing Symantec Critical System Protection on WindowsConfiguring the temp environment variableConfiguring the temp environment variableThe inst

37Installing Symantec Critical System Protection on WindowsInstalling the management server Evaluation installation using existing MS SQL instanceYou

38 Installing Symantec Critical System Protection on WindowsInstalling the management serverUsing the SQL Server Enterprise Manager, do the following:

39Installing Symantec Critical System Protection on WindowsInstalling the management serverDestination Folder C:\Program Files\Symantec\Critical Syste

Operating system Version and patch level Network topology Router, gateway, and IP address information Problem description: Error messages and l

40 Installing Symantec Critical System Protection on WindowsInstalling the management serverMSDE Data Path C:\Program Files\Symantec\Critical System P

41Installing Symantec Critical System Protection on WindowsInstalling the management serversa password noneYou have the following options: MSDE Eval:

42 Installing Symantec Critical System Protection on WindowsInstalling the management serverInstalling evaluation installation that runs MSDE on the l

43Installing Symantec Critical System Protection on WindowsInstalling the management server4 In the Installation Type panel, click Evaluation Installa

44 Installing Symantec Critical System Protection on WindowsInstalling the management server7 In the Database Selection panel, change the default serv

45Installing Symantec Critical System Protection on WindowsInstalling the management server3 In the License Agreement panel, select I accept the terms

46 Installing Symantec Critical System Protection on WindowsInstalling the management server All other accounts (owner, guest, and internal accounts)

47Installing Symantec Critical System Protection on WindowsInstalling the management server9 In the Database Configuration panel, specify the database

48 Installing Symantec Critical System Protection on WindowsInstalling and configuring the management consoleNote: If the management server database i

49Installing Symantec Critical System Protection on WindowsInstalling and configuring the management consoleC:/Program Files/Symantec/Critical System

Maintenance agreement resourcesIf you want to contact Symantec regarding an existing maintenance agreement, please contact the maintenance agreement a

50 Installing Symantec Critical System Protection on WindowsInstalling and configuring the management consoleTo configure the management console1 Clic

51Installing Symantec Critical System Protection on WindowsInstalling a Windows agentInstalling a Windows agentThe Symantec Critical System Protection

52 Installing Symantec Critical System Protection on WindowsInstalling a Windows agentLogs File DirectoryC:\Program Files\Symantec\Critical System Pro

53Installing Symantec Critical System Protection on WindowsInstalling a Windows agentPrimary Management Serverlocalhost The IP address or fully qualif

54 Installing Symantec Critical System Protection on WindowsInstalling a Windows agentPrevention Policy Groupnone The name of an existing prevention p

55Installing Symantec Critical System Protection on WindowsInstalling a Windows agentInstalling the Windows agent softwareThe installation CD contains

56 Installing Symantec Critical System Protection on WindowsInstalling a Windows agent4 In the Destination Folder panel, change the folders if necessa

57Installing Symantec Critical System Protection on WindowsInstalling a Windows agentIf you changed the Agent Port setting during management server in

58 Installing Symantec Critical System Protection on WindowsInstalling a Windows agentYou may add multiple detection policy group names separated with

59Installing Symantec Critical System Protection on WindowsUnattended agent installationUnattended agent installationYou must log on to an Administrat

60 Installing Symantec Critical System Protection on WindowsUnattended agent installation3 Type and run one of the following commands:agent.exe ?orage

61Installing Symantec Critical System Protection on WindowsUnattended agent installationInstallation propertiesTable 3-6 describes the Windows agent i

62 Installing Symantec Critical System Protection on WindowsUnattended agent installationLOG_DIR=<val> C:\Program Files\Symantec\Critical System

63Installing Symantec Critical System Protection on WindowsUnattended agent installationCOMMON_CONFIG_GROUP=<val>Common Configuration The name o

64 Installing Symantec Critical System Protection on WindowsInstalling the Windows NT policyInstalling the Windows NT policyThe Windows NT prevention

65Installing Symantec Critical System Protection on WindowsUninstalling Symantec Critical System Protection You must install the Symantec Critical Sy

66 Installing Symantec Critical System Protection on WindowsUninstalling Symantec Critical System ProtectionUninstalling an agent using Add or Remove

67Installing Symantec Critical System Protection on WindowsUninstalling Symantec Critical System ProtectionSee “Unattended agent installation” on page

68 Installing Symantec Critical System Protection on WindowsTemporarily disabling Windows agents3 Click Symantec Critical System Protection Management

69Installing Symantec Critical System Protection on WindowsTemporarily disabling Windows agentsC:\Program Files\Symantec\Critical System Protection\Ag

ContentsTechnical SupportChapter 1 Introducing Symantec™ Critical System ProtectionAbout Symantec Critical System Protection ...

70 Installing Symantec Critical System Protection on WindowsTemporarily disabling Windows agentsUse one of the following methods to disable intrusion

71Installing Symantec Critical System Protection on WindowsReinstalling Windows agentsReinstalling Windows agentsYou can perform an unattended reinsta

72 Installing Symantec Critical System Protection on WindowsReinstalling Windows agents

Chapter4Installing UNIX agentsThis chapter includes the following topics: About installing UNIX agents Installing an agent in verbose mode Installi

74 Installing UNIX agentsAbout installing UNIX agents If you are installing a Solaris, Linux, HP-UX, AIX, or Tru64 agent on a system that supports no

75Installing UNIX agentsAbout installing UNIX agentsAgent Port 443 The Agent Port number that was used during management server installation.See Table

76 Installing UNIX agentsAbout installing UNIX agentsCommon Config Groupnone The name of an existing common configuration group for this agent to join

77Installing UNIX agentsAbout installing UNIX agentsBypassing prerequisite checksThe UNIX installation kit lets you bypass some of the prerequisite ch

78 Installing UNIX agentsInstalling an agent in verbose modeYou can use the bypass prerequisite checks feature to bypass the following prerequisite ch

79Installing UNIX agentsInstalling an agent in silent mode On the computer on which the agent will be installed, create a directory and then copy the

8 ContentsBypassing prerequisite checks ... 33About installing a database to a SQL Ser

80 Installing UNIX agentsInstalling an agent in silent modeTable 4-2 describes the settings that are used with the installation commands.Table 4-2 UNI

81Installing UNIX agentsInstalling an agent in silent mode-cert=<file> /tmp/agent-cert.ssl The directory location of the SSL certificate file, a

82 Installing UNIX agentsInstalling an agent in silent mode-idsPolGrp=<group> OS-specific groupThe OS-specific group is one of the following: A

83Installing UNIX agentsInstalling an agent in silent modeUse the -silent option and other options to perform a silent installation.The following comm

84 Installing UNIX agentsUninstalling agents using package commandsTo install an agent in silent mode1 Follow the procedures and steps that are used t

85Installing UNIX agentsUninstalling agents manually6 On HP-UX, type and run the following command:swremove SYMCcsp7 On Tru64, type and run the follow

86 Installing UNIX agentsUninstalling agents manuallypgrep -U sisips -P1 -f sisipsdaemonpgrep -U sisips -P1 -f sisipsutildaemonpgrep -U root -P1 -f si

87Installing UNIX agentsUninstalling agents manuallyUninstalling Linux agents manuallyYou can manually uninstall Linux agents.To uninstall Linux agent

88 Installing UNIX agentsUninstalling agents manually7 Remove the following lines from the initialization scripts:Remove the lines (including comments

89Installing UNIX agentsUninstalling agents manuallyrm -rf /var/log/scsplog (default directory)rm -f /var/run/sisipsdaemon.pidrm -f /var/run/sisidsdae

9ContentsInstalling an agent in silent mode ... 79Uninstalling agents using package

90 Installing UNIX agentsUninstalling agents manually5 Type and run the following commands to remove the agent user and group:userdel sisipsrmgroup si

91Installing UNIX agentsDisabling and enabling UNIX agentsEdit and remove the line from /etc/symantec/sis/sis.conf:SisInstalledClsId=<cluster_membe

92 Installing UNIX agentsDisabling and enabling UNIX agentsAfter you disable the driver, apply the Null prevention policy or a prevention policy in wh

93Installing UNIX agentsDisabling and enabling UNIX agentsEnabling a disabled Solaris agentYou can enable a Solaris agent that was previously disabled

94 Installing UNIX agentsDisabling and enabling UNIX agentsWarning: You should perform these procedures only in emergency situations.To permanently di

95Installing UNIX agentsDisabling and enabling UNIX agents/sbin/init.d/sisidsagent stopPermanently disabling HP-UX agentsIf you have performance issue

96 Installing UNIX agentsDisabling and enabling UNIX agentsTemporarily disabling AIX agentsWarning: You should perform these procedures only in emerge

97Installing UNIX agentsDisabling and enabling UNIX agentsrcsisidsagent:23456789:wait:/etc/rc.sisidsagent start >/dev/console 2>&13 Type and

98 Installing UNIX agentsMonitoring and restarting UNIX agentsmv sisipsagent sisipsagentOFFmv sisidsagent sisidsagentOFFIf the machine not is a member

99Installing UNIX agentsTroubleshooting agent issues0 * * * * /etc/init.d/sisidsagent health_check0 * * * * /etc/init.d/sisipsutil health_check (Sola