Contact US

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Security, hacker detection & forensics FAQ

RealSecure installs

Installing AIX OS Sensor and WorkGroup Manger on NT 4.0 WS, what are the gotchas? by gcux
Posted: 29 Aug 01

Hints for installing and configuring the AIX OS sensor 5.x on AIX 4.3.2 with Console 6.x on NT 4.0

ISS has documentation at http://www.iss.net/customer_care/resource_center/online_doc/

Necessary file for AIX install

The ISS Sensor is installed in /opt/ISS by default. You may choose to create it's own filesystem to keep it from filling the root filesystem "/".

Installing and configuring the Management Console on NT 4.0

1. Check that MDAC 2.5 is installed.

2. Install Msde2000.exe, this isn't necessary if you already have SQL server on the workstation.

3. Install RealSecureWorkgroupManager60.exe
During the install, when it asks to harden the security of the RealSecure Console, say NO by checking the box "Do Not Lock Down".

When generating the private/public keys pairs, use the encryption provided by ISS called "ISS ECNRA Built-In Provider Strong Encryption Version /EC_KEYX EC239A01", give the keys a passphrase and make a copy of the keys in case you need to reinstall a WorkGroup Manager.

Follow these 2 steps BEFORE starting RealSecure for the first time.

1. Copy the license key "iss.key" to 3 places:

C:\Program Files\ISS
C:\Program Files\ISS\RealSecure 6.0 Console
C:\Program Files\ISS\RealSecure 6.0 Event Collector

2. Copy the public keys from the WorkGroup Manager to the Sensor server.

Location of public keys on WorkGroup Manager machine
C:\Program Files\ISS\issDaemon\Keys\Archives\CerticomNRA

Where to put the public keys on Sensor server

When starting the RealSecure WorkGroup Manager DON'T run the deployment wizard, it doesn't work correctly.

Adding an asset

From the Window "Managed Assets", choose Asset, Manage à
Click "ADD >>"

Choose Daemon, and type in the name of the server and the hostname or ip address.

Click "Add Asset", it will add the Daemon asset and then add the system agent.

Now choose the asset "system_agent_1". OK.

As long as all is successful, the status should show as connected and active in the "Managed Assets" window.

Configuring and Testing the policies

Deselect all the policies except those on the "Suspected Connections" tab in the Policy Editor. You may choose to setup custom policies that can search for patterns in the syslog.

To test that the policy is working for finger scans, try running the finger client from the sensor machine against itself. A machine "plato" can try to finger root on it's local machine with this line:
finger root@plato

A port scanner like nmap works well for checking, but be sure you have permission to use it on the sensor server.

Back to Security, hacker detection & forensics FAQ Index
Back to Security, hacker detection & forensics Forum

My Archive

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close