Symantec™ Critical System Protection Installation Guide
10 ContentsCopying files required for the policy conversion utility ...110Migrating legacy detection policy files ...
100 Installing UNIX agentsTroubleshooting agent issues
Chapter5Migrating to the latest versionThis chapter includes the following topics: Migrating legacy installations of Symantec Critical System Protect
102 Migrating to the latest versionMigrating legacy installations of Symantec Critical System ProtectionWhen migrating legacy installations for Symant
103Migrating to the latest versionMigrating legacy installations of Symantec Critical System ProtectionIf you changed the name of the database owner a
104 Migrating to the latest versionMigrating legacy installations of Symantec Critical System ProtectionTable 5-1 lists the management server-related
105Migrating to the latest versionMigrating other legacy agent installationsTo specify the management server list for an agent1 At a command prompt, l
106 Migrating to the latest versionChecklist for migrating from Symantec Intruder AlertPolicy migration involves using a policy conversion utility tha
107Migrating to the latest versionChecklist for migrating from Symantec Intruder AlertSystem Protection authoring environment (and eventually conditio
108 Migrating to the latest versionChecklist for migrating from Symantec Host IDSChecklist for migrating from Symantec Host IDSSymantec Critical Syste
109Migrating to the latest versionMigrating legacy agent software(and each ungrouped agent), noting the stock policies and the custom policies that ar
Chapter1Introducing Symantec™ Critical System ProtectionThis chapter includes the following topics: About Symantec Critical System Protection Compon
110 Migrating to the latest versionPreparing for detection policy migrationInstalling the authoring environment and policy conversion utilityThe Syman
111Migrating to the latest versionMigrating legacy detection policy filesMigrating legacy detection policy filesYour legacy detection policy files may
112 Migrating to the latest versionMigrating legacy detection policy filesTable 5-2 lists the policy conversion utility command line switches.Note: To
113Migrating to the latest versionMigrating legacy detection policy files4 Type ITAHIDSpolicyMigration.exe, type the names of your source and destinat
114 Migrating to the latest versionMigrating legacy detection policy files3 In the right pane, on the General tab, in the Name box, type a name for yo
115Migrating to the latest versionMigrating legacy detection policy filesYou should also check other migrated rule elements such as patterns and actio
116 Migrating to the latest versionMigrating legacy detection policy files6 For rules that need to be changed, on the Rules tab, right-click the rule
117Migrating to the latest versionMigrating legacy detection policy filesApplying policies created and compiled in the authoring environmentYou use th
118 Migrating to the latest versionMigrating legacy detection policy files
IndexAagentalternate management servers 27, 103fail back interval 26failover 25, 74groupscommon configuration 53, 63, 76, 81detection configuration 54
12 Introducing Symantec™ Critical System ProtectionComponents of Symantec Critical System ProtectionSymantec Critical System Protection agents detect
120 IndexIP routing 24LLinux agentsdisabling and enabling 93kernel driver support 19monitoring and restarting 98uninstalling manually 87log filesagent
121IndexSQL serverevaluation installation 44installation requirements 34installing to existing 34MDAC requirements 35production database installation
122 Index
13Introducing Symantec™ Critical System ProtectionHow Symantec Critical System Protection worksHow Symantec Critical System Protection worksSymantec C
14 Introducing Symantec™ Critical System ProtectionWhere to get more informationWhere to get more informationProduct manuals for Symantec Critical Sys
Chapter2Planning the installationThis chapter includes the following topics: About planning the installation About network architecture and policy d
16 Planning the installationSystem requirementsalong with a few agents, and become familiar with Symantec Critical System Protection operations. When
17Planning the installationSystem requirementsOperating system requirementsTable 2-1 lists Symantec Critical System Protection component operating sys
18 Planning the installationSystem requirementsSolaris packagesThe agent installation checks for the presence of Solaris system packages.The following
19Planning the installationSystem requirements SUNWkvm Core Architecture, (Kvm) SUNWcsr Core Solaris, (Root) SUNWcsu Core Solaris, (Usr) SUNWcsd C
Symantec™ Critical System ProtectionInstallation GuideThe software described in this book is furnished under a license agreement and may be used only
20 Planning the installationSystem requirementsIf a system is configured with a different kernel, the agent will attempt to load the latest version av
21Planning the installationDisabling Windows XP firewallsDisabling Windows XP firewallsWindows XP and Windows 2003 Server contain firewalls that are e
22 Planning the installationAbout using firewalls with Symantec Critical System Protection4 On the Advanced tab, under Internet Connection Firewall, u
23Planning the installationAbout name resolutionto the instance using that port. Thus, your firewall must allow traffic from the management server to
24 Planning the installationAbout IP routingAbout IP routingAs bastion hosts, firewalls traditionally incorporate some form of network address transla
25Planning the installationAbout simple failoverBy default, the enable intrusion prevention option is selected during Symantec Critical System Protect
26 Planning the installationAbout simple failover Once the IPS Service fails away from the first server in the ordered list, it periodically checks i
27Planning the installationAbout the Windows NT agent installationSpecifying the management server list for an agentTo use simple failover for an agen
28 Planning the installationAbout log filesdrivers. To temporarily disable agents that run on Windows NT Server, you create an alternate hardware prof
29Planning the installationWhat to do after installationTable 2-5 lists the management server log files.What to do after installationYou can begin enf
Technical SupportSymantec Technical Support maintains support centers globally. Technical Support’s primary role is to respond to specific queries abo
30 Planning the installationWhat to do after installation
Chapter3Installing Symantec Critical System Protection on WindowsThis chapter includes the following topics: About installing Symantec Critical Syste
32 Installing Symantec Critical System Protection on WindowsAbout installing Symantec Critical System Protection on WindowsAbout installing Symantec C
33Installing Symantec Critical System Protection on WindowsAbout installing Symantec Critical System Protection on WindowsBypassing prerequisite check
34 Installing Symantec Critical System Protection on WindowsAbout installing a database to a SQL Server instanceAbout installing a database to a SQL S
35Installing Symantec Critical System Protection on WindowsAbout installing a database to a SQL Server instanceAfter you install the instance of SQL S
36 Installing Symantec Critical System Protection on WindowsConfiguring the temp environment variableConfiguring the temp environment variableThe inst
37Installing Symantec Critical System Protection on WindowsInstalling the management server Evaluation installation using existing MS SQL instanceYou
38 Installing Symantec Critical System Protection on WindowsInstalling the management serverUsing the SQL Server Enterprise Manager, do the following:
39Installing Symantec Critical System Protection on WindowsInstalling the management serverDestination Folder C:\Program Files\Symantec\Critical Syste
Operating system Version and patch level Network topology Router, gateway, and IP address information Problem description: Error messages and l
40 Installing Symantec Critical System Protection on WindowsInstalling the management serverMSDE Data Path C:\Program Files\Symantec\Critical System P
41Installing Symantec Critical System Protection on WindowsInstalling the management serversa password noneYou have the following options: MSDE Eval:
42 Installing Symantec Critical System Protection on WindowsInstalling the management serverInstalling evaluation installation that runs MSDE on the l
43Installing Symantec Critical System Protection on WindowsInstalling the management server4 In the Installation Type panel, click Evaluation Installa
44 Installing Symantec Critical System Protection on WindowsInstalling the management server7 In the Database Selection panel, change the default serv
45Installing Symantec Critical System Protection on WindowsInstalling the management server3 In the License Agreement panel, select I accept the terms
46 Installing Symantec Critical System Protection on WindowsInstalling the management server All other accounts (owner, guest, and internal accounts)
47Installing Symantec Critical System Protection on WindowsInstalling the management server9 In the Database Configuration panel, specify the database
48 Installing Symantec Critical System Protection on WindowsInstalling and configuring the management consoleNote: If the management server database i
49Installing Symantec Critical System Protection on WindowsInstalling and configuring the management consoleC:/Program Files/Symantec/Critical System
Maintenance agreement resourcesIf you want to contact Symantec regarding an existing maintenance agreement, please contact the maintenance agreement a
50 Installing Symantec Critical System Protection on WindowsInstalling and configuring the management consoleTo configure the management console1 Clic
51Installing Symantec Critical System Protection on WindowsInstalling a Windows agentInstalling a Windows agentThe Symantec Critical System Protection
52 Installing Symantec Critical System Protection on WindowsInstalling a Windows agentLogs File DirectoryC:\Program Files\Symantec\Critical System Pro
53Installing Symantec Critical System Protection on WindowsInstalling a Windows agentPrimary Management Serverlocalhost The IP address or fully qualif
54 Installing Symantec Critical System Protection on WindowsInstalling a Windows agentPrevention Policy Groupnone The name of an existing prevention p
55Installing Symantec Critical System Protection on WindowsInstalling a Windows agentInstalling the Windows agent softwareThe installation CD contains
56 Installing Symantec Critical System Protection on WindowsInstalling a Windows agent4 In the Destination Folder panel, change the folders if necessa
57Installing Symantec Critical System Protection on WindowsInstalling a Windows agentIf you changed the Agent Port setting during management server in
58 Installing Symantec Critical System Protection on WindowsInstalling a Windows agentYou may add multiple detection policy group names separated with
59Installing Symantec Critical System Protection on WindowsUnattended agent installationUnattended agent installationYou must log on to an Administrat
60 Installing Symantec Critical System Protection on WindowsUnattended agent installation3 Type and run one of the following commands:agent.exe ?orage
61Installing Symantec Critical System Protection on WindowsUnattended agent installationInstallation propertiesTable 3-6 describes the Windows agent i
62 Installing Symantec Critical System Protection on WindowsUnattended agent installationLOG_DIR=<val> C:\Program Files\Symantec\Critical System
63Installing Symantec Critical System Protection on WindowsUnattended agent installationCOMMON_CONFIG_GROUP=<val>Common Configuration The name o
64 Installing Symantec Critical System Protection on WindowsInstalling the Windows NT policyInstalling the Windows NT policyThe Windows NT prevention
65Installing Symantec Critical System Protection on WindowsUninstalling Symantec Critical System Protection You must install the Symantec Critical Sy
66 Installing Symantec Critical System Protection on WindowsUninstalling Symantec Critical System ProtectionUninstalling an agent using Add or Remove
67Installing Symantec Critical System Protection on WindowsUninstalling Symantec Critical System ProtectionSee “Unattended agent installation” on page
68 Installing Symantec Critical System Protection on WindowsTemporarily disabling Windows agents3 Click Symantec Critical System Protection Management
69Installing Symantec Critical System Protection on WindowsTemporarily disabling Windows agentsC:\Program Files\Symantec\Critical System Protection\Ag
ContentsTechnical SupportChapter 1 Introducing Symantec™ Critical System ProtectionAbout Symantec Critical System Protection ...
70 Installing Symantec Critical System Protection on WindowsTemporarily disabling Windows agentsUse one of the following methods to disable intrusion
71Installing Symantec Critical System Protection on WindowsReinstalling Windows agentsReinstalling Windows agentsYou can perform an unattended reinsta
72 Installing Symantec Critical System Protection on WindowsReinstalling Windows agents
Chapter4Installing UNIX agentsThis chapter includes the following topics: About installing UNIX agents Installing an agent in verbose mode Installi
74 Installing UNIX agentsAbout installing UNIX agents If you are installing a Solaris, Linux, HP-UX, AIX, or Tru64 agent on a system that supports no
75Installing UNIX agentsAbout installing UNIX agentsAgent Port 443 The Agent Port number that was used during management server installation.See Table
76 Installing UNIX agentsAbout installing UNIX agentsCommon Config Groupnone The name of an existing common configuration group for this agent to join
77Installing UNIX agentsAbout installing UNIX agentsBypassing prerequisite checksThe UNIX installation kit lets you bypass some of the prerequisite ch
78 Installing UNIX agentsInstalling an agent in verbose modeYou can use the bypass prerequisite checks feature to bypass the following prerequisite ch
79Installing UNIX agentsInstalling an agent in silent mode On the computer on which the agent will be installed, create a directory and then copy the
8 ContentsBypassing prerequisite checks ... 33About installing a database to a SQL Ser
80 Installing UNIX agentsInstalling an agent in silent modeTable 4-2 describes the settings that are used with the installation commands.Table 4-2 UNI
81Installing UNIX agentsInstalling an agent in silent mode-cert=<file> /tmp/agent-cert.ssl The directory location of the SSL certificate file, a
82 Installing UNIX agentsInstalling an agent in silent mode-idsPolGrp=<group> OS-specific groupThe OS-specific group is one of the following: A
83Installing UNIX agentsInstalling an agent in silent modeUse the -silent option and other options to perform a silent installation.The following comm
84 Installing UNIX agentsUninstalling agents using package commandsTo install an agent in silent mode1 Follow the procedures and steps that are used t
85Installing UNIX agentsUninstalling agents manually6 On HP-UX, type and run the following command:swremove SYMCcsp7 On Tru64, type and run the follow
86 Installing UNIX agentsUninstalling agents manuallypgrep -U sisips -P1 -f sisipsdaemonpgrep -U sisips -P1 -f sisipsutildaemonpgrep -U root -P1 -f si
87Installing UNIX agentsUninstalling agents manuallyUninstalling Linux agents manuallyYou can manually uninstall Linux agents.To uninstall Linux agent
88 Installing UNIX agentsUninstalling agents manually7 Remove the following lines from the initialization scripts:Remove the lines (including comments
89Installing UNIX agentsUninstalling agents manuallyrm -rf /var/log/scsplog (default directory)rm -f /var/run/sisipsdaemon.pidrm -f /var/run/sisidsdae
9ContentsInstalling an agent in silent mode ... 79Uninstalling agents using package
90 Installing UNIX agentsUninstalling agents manually5 Type and run the following commands to remove the agent user and group:userdel sisipsrmgroup si
91Installing UNIX agentsDisabling and enabling UNIX agentsEdit and remove the line from /etc/symantec/sis/sis.conf:SisInstalledClsId=<cluster_membe
92 Installing UNIX agentsDisabling and enabling UNIX agentsAfter you disable the driver, apply the Null prevention policy or a prevention policy in wh
93Installing UNIX agentsDisabling and enabling UNIX agentsEnabling a disabled Solaris agentYou can enable a Solaris agent that was previously disabled
94 Installing UNIX agentsDisabling and enabling UNIX agentsWarning: You should perform these procedures only in emergency situations.To permanently di
95Installing UNIX agentsDisabling and enabling UNIX agents/sbin/init.d/sisidsagent stopPermanently disabling HP-UX agentsIf you have performance issue
96 Installing UNIX agentsDisabling and enabling UNIX agentsTemporarily disabling AIX agentsWarning: You should perform these procedures only in emerge
97Installing UNIX agentsDisabling and enabling UNIX agentsrcsisidsagent:23456789:wait:/etc/rc.sisidsagent start >/dev/console 2>&13 Type and
98 Installing UNIX agentsMonitoring and restarting UNIX agentsmv sisipsagent sisipsagentOFFmv sisidsagent sisidsagentOFFIf the machine not is a member
99Installing UNIX agentsTroubleshooting agent issues0 * * * * /etc/init.d/sisidsagent health_check0 * * * * /etc/init.d/sisipsutil health_check (Sola
Comments to this Manuals