Necessary file for AIX install s5.0.2000.174-AIX-4.3-release.gz
/opt/ISS The ISS Sensor is installed in /opt/ISS by default. You may choose to create it's own filesystem to keep it from filling the root filesystem "/".
Installing and configuring the Management Console on NT 4.0
1. Check that MDAC 2.5 is installed.
2. Install Msde2000.exe, this isn't necessary if you already have SQL server on the workstation.
3. Install RealSecureWorkgroupManager60.exe During the install, when it asks to harden the security of the RealSecure Console, say NO by checking the box "Do Not Lock Down".
When generating the private/public keys pairs, use the encryption provided by ISS called "ISS ECNRA Built-In Provider Strong Encryption Version /EC_KEYX EC239A01", give the keys a passphrase and make a copy of the keys in case you need to reinstall a WorkGroup Manager.
Follow these 2 steps BEFORE starting RealSecure for the first time.
2. Copy the public keys from the WorkGroup Manager to the Sensor server.
Location of public keys on WorkGroup Manager machine C:\Program Files\ISS\issDaemon\Keys\Archives\CerticomNRA
Where to put the public keys on Sensor server /opt/ISS/RealSecure/Keys/CerticomNRA
When starting the RealSecure WorkGroup Manager DON'T run the deployment wizard, it doesn't work correctly.
Adding an asset
From the Window "Managed Assets", choose Asset, Manage à Click "ADD >>"
Choose Daemon, and type in the name of the server and the hostname or ip address.
Click "Add Asset", it will add the Daemon asset and then add the system agent.
Now choose the asset "system_agent_1". OK.
As long as all is successful, the status should show as connected and active in the "Managed Assets" window.
Configuring and Testing the policies
Deselect all the policies except those on the "Suspected Connections" tab in the Policy Editor. You may choose to setup custom policies that can search for patterns in the syslog.
To test that the policy is working for finger scans, try running the finger client from the sensor machine against itself. A machine "plato" can try to finger root on it's local machine with this line: finger root@plato
A port scanner like nmap works well for checking, but be sure you have permission to use it on the sensor server.