IBM AIX Computers
IBM AIX Computers
Before you deploy the agent on an AIX host, make sure IBM C++ Runtime Environment Components for AIX (version 8.0 or later) are installed. For instructions on installing these components, see http://www-1.ibm.com/support/docview.wss?uid=swg21215669.
Installing an agent does not make it usable by the server, but only prepares it (unpacks installation files, starts services, etc.). Please make sure that you establish a connection with the desired server. When planning where to install the agent, consider that it requires at least 260 megabytes of disk space (280MB recommended).
In addition, make sure that you have enough disk space for the event cache, which is located in /var/InTrust by default. You can change the location by editing the agent.ini file located in the directory where you install the agent. If you want to make agent configuration changes, you must complete them before you establish a connection with the InTrust server.
|
Note: To diagnose disk space usage, you can use the "Agent-side backup failure" and "Agent-side backup failure resolved" rules. Although these rules monitor all kinds of backup failures, the most common reason for a failure is lack of disk space. |
To install an agent
- Log in to the target computer.
- Copy the adcscm_package.aix_ppc.sh installation script to a local folder on the target computer.
This script is located in <InTrust_installation_folder>\InTrust\Server\ADC\Agent\aix_ppc on the InTrust server, where it is put during IBM AIX 5L Knowledge Pack setup. If you use a protocol with text and binary modes for copying (for example, FTP), make sure the mode is set to binary before the copying starts.
- Start the script:
./adcscm_package.aix_ppc.sh
You will be prompted to supply the path to the installation directory.
- The script prompts you whether you want to configure system audit so that the InTrust agent can capture Audit log events. If you answer y, the following changes will be made to the /etc/security/audit/config file:
- In the start stanza of the file, the streammode option will be set to on.
- In the stream stanza, the cmds option will be set to the <agent_installation_directory>/InTrustStreamCmds file.
A backup copy of the original /etc/security/audit/config file will be saved to the /etc/security/audit/config_intrust_backup file.
- Restart system audit.
After the installation, the agent will be started automatically.
|
Note: There is another way to specify the path to an installation directory. Supply the location right in the command line. For example:
./adcscm_package.aix_ppc.sh /opt/InTrustAgent
In this case the agent will be installed in /opt/InTrustAgent. |
Uninstalling the Agent
To uninstall an agent from the AIX computer
- Run the following script from the agent's working directory:
./Uninstall.sh
- Restore the settings in the start and stream stanzas of the /etc/security/audit/config file to the state they were in before the InTrust agent installation. For that, use the backup stored in the /etc/security/audit/config_intrust_backup file.
- Restart system audit.
Uninstalling the agent does not automatically unregister it from InTrust servers. So, you should manually disconnect the agent from each InTrust server it communicates with.
HP-UX Computers
When planning where to install the agent, consider that it requires at least 260 megabytes of disk space (280MB recommended).
In addition, make sure that you have enough disk space for the event cache, which is located in /var/InTrust by default. You can change the location by editing the agent.ini file located in the directory where you install the agent. If you want to make agent configuration changes, you must complete them before you establish a connection with the InTrust server.
To install the agent, complete the following steps:
- Log in to the target computer.
- Copy the adcscm_package.hpux_parisc.depot package to a local folder on the target computer. This file is located in <InTrust_installation_folder>\InTrust\Server\ADC\Agent\hpux_parisc on the InTrust server, where it is put during HP-UX Knowledge Pack setup. If you use a protocol with text and binary modes for copying (for example, FTP), make sure the mode is set to binary before the copying starts.
- Start SAM, and use the Software Management | Install Software to Local Host item to set up the agent.
The default installation directory is /usr/local/ADC.
After the installation, the agent will be started automatically.
Uninstalling the Agent
To uninstall the agent from the HP-UX computer, use the Software Management | Remove Local Host Software item in SAM. The name of the package is ADCAgent.
|
Notes:
- Installing an agent does not make it usable by the server, but only prepares it (unpacks installation files, starts services etc.). Please make sure that you establish connection with the desired server (see Establishing a Connection with the Server).
- Uninstalling the agent does not automatically unregister it from InTrust servers.
- To diagnose disk space usage, you can use the "Agent-side backup failure" and "Agent-side backup failure resolved" rules. Although these rules monitor all kinds of backup failures, the most common reason for a failure is lack of disk space.
|
Installing Agents Using Group Policy
You can automate the installation of agents using Group Policy settings. InTrust is shipped with a Windows Installer file containing the agent package.
To automatically install agents on specific computers, take the following steps:
- Copy the agent package from the Agent folder in the InTrust distribution to a share available to all those computers.
- In the Active Directory Users and Computers MMC snap-in, create an OU that includes all of the required computers and add a Group Policy object for this OU.
- Using the Group Policy Object Editor MMC snap-in, in Computer Settings, assign the agent package to the Group Policy object you added earlier.
- To make InTrust process these computers with agents, make sure the computers are included in InTrust sites.
Establishing a Connection with the Server
To establish a connection between an agent and an InTrust server, you should log on to the computer where the agent is installed using an administrative account (Microsoft Windows computers) or the root account (Unix computers) and run one of the following commands:
adcscm.nt_intel -add ServerName Port [password]
for Microsoft Windows computers
./adcscm -add ServerName Port [password]
for Unix computers
where:
- ServerName specifies the InTrust Server to which you bind the agent This may be either the NetBIOS name, FQDN, or IP address.
- Port specifies the port number at which the server listens to the requests coming from the agent (that is the same as the listening port you specified for InTrust server during setup); the default port number is 900.
- Password is the password for initial agent-server authentication; it is required if the Use authentication option is enabled on the InTrust server (see Setting Up Authentication). By default this password is the same as the organization password supplied during InTrust Server installation (you can change the agent installation password in InTrust server properties). If you want to use an empty password, supply empty quotation marks (""). If authentication is disabled on the InTrust server, do not specify any password.
To disconnect the agent from the InTrust server, on the target computer run:
adcscm.nt_intel -remove ServerName Port
for Microsoft Windows computers
./adcscm -remove ServerName Port
for Unix computers