Rs Svrsensor Ig 7.0

IBM RealSecure
Server Sensor
Installation Guide
Version 7.0
IBM Internet Security Systems

© Copyright IBM Corporation 1998, 2007.
IBM Global Services
Route 100
Somers, NY 10589
U.S.A.
Produced in the United States of America.
All Rights Reserved.
IBM and the IBM logo are trademarks or registered trademarks of International Business Machines Corporation in the
United States, other countries, or both. ADDME, Ahead of the threat, BlackICE, Internet Scanner, Proventia, RealSecure,
SecurePartner, SecurityFusion, SiteProtector, System Scanner, Virtual Patch, X-Force and X-Press Update are trademarks or
registered trademarks of Internet Security Systems, Inc. in the United States, other countries, or both. Internet Security
Systems, Inc. is a wholly-owned subsidiary of International Business Machines Corporation.
Microsoft, Windows, and Windows NT are trademarks of Microsoft Corporation in the United States, other countries, or
both.
Other company, product and service names may be trademarks or service marks of others.
References in this publication to IBM products or services do not imply that IBM intends to make them available in all
countries in which IBM operates.
Disclaimer: The information contained in this document may change without notice, and may have been altered or
changed if you have received it from a source other than IBM Internet Security Systems (IBM ISS). Use of this information
constitutes acceptance for use in an “AS IS” condition, without warranties of any kind, and any use of this information is at
the user’s own risk. IBM Internet Security Systems disclaims all warranties, either expressed or implied, including the
warranties of merchantability and fitness for a particular purpose. In no event shall IBM ISS be liable for any damages
whatsoever, including direct, indirect, incidental, consequential or special damages, arising from the use or dissemination
hereof, even if IBM Internet Security Systems has been advised of the possibility of such damages. Some states do not allow
the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply.
Reference herein to any specific commercial products, process, or service by trade name, trademark, manufacturer, or
otherwise, does not necessarily constitute or imply its endorsement, recommendation, or favoring by IBM Internet Security
Systems. The views and opinions of authors expressed herein do not necessarily state or reflect those of IBM Internet
Security Systems, and shall not be used for advertising or product endorsement purposes.
Links and addresses to Internet resources are inspected thoroughly prior to release, but the ever-changing nature of the
Internet prevents IBM Internet Security Systems, Inc. from guaranteeing the content or existence of the resource. When
possible, the reference contains alternate sites or keywords that could be used to acquire the information by other methods.
If you find a broken or inappropriate link, please send an email with the topic name, link, and its behavior to
support@iss.net.
July 3, 2007
Contents
Preface
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
How to Use Server Sensor Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Getting Technical Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Chapter 1: Introduction to RealSecure Server Sensor

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
About RealSecure Server Sensor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Installation Programs and Utilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Deployment Suggestions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Chapter 2: Upgrading RealSecure Server Sensor

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Upgrading Sensors Remotely. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Upgrading Sensors Manually . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Upgrading Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Chapter 3: Before You Install RealSecure Server Sensor

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Prerequisite Checklist. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Sensor Naming Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Unhardening the Operating System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Using Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Automatically Importing Authentication Keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Customizing Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Archiving Private Keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Administering Public Authentication Keys. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Support for Non-English Windows Applications and Characters. . . . . . . . . . . . . . . . . 36
Installing Multiple Sensors on a System. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Enabling C2 Audit for AIX Platforms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Enabling C2 Audit for HP-UX Platforms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Increasing the Size Limits for Per Process Memory on HP-UX Platforms . . . . . . . . . . 42
Enabling the Basic Security Module (BSM) on Solaris Platforms . . . . . . . . . . . . . . . . 43
Protecting an Apache Web Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
IBM RealSecure Server Sensor Installation Guide, Version 7.0 3

Contents
Chapter 4: Installing on a Windows Platform

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Installation Options. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Unpackaging the Installation Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Typical Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Custom Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
Automated Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
Silent Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Working with Cryptographic Providers During a Windows Installation. . . . . . . . . . . . . 62
Archiving Private Keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
Chapter 5: Installing on a Solaris Platform

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
Chapter 6: Installing on an AIX Platform

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
Chapter 7: Installing on an HP-UX Platform

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
Chapter 8: After You Install RealSecure Server Sensor

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
Allowing Communication Between RealSecure Server Sensor and SiteProtector . . . . . 94
Configuring Authentication Manually . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
Restoring Archived Private Keys. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
Changing Encryption Providers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
Adding Key Administrators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
Starting and Stopping Sensors. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
Monitoring Local Syslog Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
Restarting the Apache Web Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
Testing the Sensor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
4 IBM Internet Security Systems

Contents
Chapter 9: Uninstalling a Sensor

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
Uninstalling a Sensor from a Windows Platform . . . . . . . . . . . . . . . . . . . . . . . . . . 108
Uninstalling a Sensor from a Solaris Platform . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
Uninstalling a Sensor from an HP-UX Platform . . . . . . . . . . . . . . . . . . . . . . . . . . . 110
Uninstalling a Sensor from an AIX Platform . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
Uninstalling Upgrades. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
Chapter 10: Troubleshooting

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
No Communication Between RealSecure Server Sensor for Windows and SiteProtector. .
114
Error Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
ISS Daemons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
Remote Upgrades . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119

Contents

Preface
Overview
Purpose This guide describes the requirements and procedures for installing and
preparing your IBM RealSecure Server Sensor version 7.0 for
configuration. This guide also gives procedures for upgrading sensors.
Audience This guide is intended for system administrators responsible for

installing RealSecure Server Sensor.
What’s new in this The RealSecure Server Sensor Installation Guide includes updated
guide information about installing server sensor on Windows, HP-UX, Solaris,
and AIX platforms.
Note the following:
● The installation package for RealSecure Server Sensor for Windows

includes all enhancements released with Service Release 4.4.
● The installation package for RealSecure Server Sensor for HP-UX
● The installation package for RealSecure Server Sensor for Solaris
● The installation package for RealSecure Server Sensor for AIX
When you install a sensor, the sensor will show as a version 7.0 sensor
with the appropriate Service Release applied.

Preface
How to Use Server Sensor Documentation

Using this guide Refer to this guide as you install or update a RealSecure Server Sensor.
Related publications For additional information, see the following publications:
● RealSecure Server Sensor Policy Guide

● RealSecure Server Sensor System Requirements
● SiteProtector Installation Guide
● SiteProtector Help

Getting Technical Support
Getting Technical Support

Introduction IBM ISS provides technical support through its Web site and by email or
telephone.
The IBM ISS Web The IBM Internet Security Systems (IBM ISS) Resource Center Web site
site (http://www.iss.net/support/) provides direct access to online user
documentation, current versions listings, detailed product literature,
white papers, and the Technical Support Knowledgebase.
Support levels IBM ISS offers three levels of support:
● Standard
● Select
● Premium
Each level provides you with 24x7 telephone and electronic support.
Select and Premium services provide more features and benefits than the
Standard service. Contact Client Services at clientservices@iss.net if
you do not know the level of support your organization has selected.
Hours of support The following table provides hours for Technical Support at the Americas
and other locations:
Location Hours
Americas 24 hours a day
All other Monday through Friday, 9:00 A.M. to 6:00 P.M. during their
locations local time, excluding IBM ISS published holidays
Note: If your local support office is located outside the
Americas, you may call or send an email to the Americas
office for help during off-hours.
Table 1: Hours for technical support

Preface
Contact information The following table provides electronic support information and
telephone numbers for technical support requests:
Regional Electronic Support Telephone Number

Office
North America Connect to the MYISS Standard:

section of our Web site: (1) (888) 447-4861 (toll free)
www.iss.net (1) (404) 236-2700
Select and Premium:
Refer to your Welcome Kit or
call your Primary Designated
Contact for this information.
Latin America support@iss.net (1) (888) 447-4861 (toll free)

(1) (404) 236-2700
Europe, Middle support@iss.net (44) (1753) 845105

East, and Africa
Asia-Pacific, support@iss.net (1) (888) 447-4861 (toll free)

Australia, and (1) (404) 236-2700
the Philippines
Japan support@isskk.co.jp Domestic: (81) (3) 5740-4065
Table 2: Contact information for technical support

Chapter 1
Introduction to RealSecure
Server Sensor
Overview
Introduction This chapter describes RealSecure Server Sensor. This chapter contains
useful information to help you as you deploy and install your sensor.
In this chapter This chapter contains the following topics:
Topic Page
About RealSecure Server Sensor 12
Installation Programs and Utilities 13
Deployment Suggestions 14

About RealSecure Server Sensor

Introduction RealSecure Server Sensor monitors traffic to and from a single server. In
addition to detecting intrusions, the sensor can also prevent intrusions by
blocking network packets. The sensor can also identify attacks destined
for active services on the protected host.
Management Manage RealSecure Server Sensor with SiteProtector Version 2.0, Service
Pack 5.2 or later.
Server sensor RealSecure Server Sensor has the following attributes:

overview
● detects both network and system events
● detects events at the application layer
● detects events before they reach the IP stack
● monitors traffic to and from the host it is installed on
● prevents intrusions
● extends validation and response options with Fusion Scripting
Reference For more information about sensor features and how to configure them to
optimize the protection the sensor offers, see the IBM RealSecure Server
Sensor Policy Guide, Version 7.0.

Installation Programs and Utilities
Installation Programs and Utilities

Introduction You can obtain the RealSecure Server Sensor installation program from
the IBM Internet Security Systems Web site or from the IBM Internet
Security Systems CD.
System The System Requirements document contains the most current

requirements information about memory, processor speed, hard drive space, and other
hardware and software requirements. The System Requirements
document is located on the IBM ISS Web site at:
http://documents.iss.net/literature/RealSecure/
Server_Sensor_System_Requirements.pdf
Installation RealSecure server sensor has installation programs for the following
programs operating systems:
● Windows
● Solaris
● HP-UX
● AIX
Utility programs RealSecure Server Sensor also uses utilities that run like installation
programs to serve the following purposes:
● distribute public cryptographic keys

● restore archived private cryptographic keys
● select cryptographic authentication keys
Note: For information about installing these utilities, contact Technical

Support.

Deployment Suggestions
Introduction Install a sensor on any file server that contains critical data. Common
locations for sensors are as follows:
● on Internet Information Server (IIS) or Apache Web servers

● on important Windows or Unix servers
● on Windows domain servers or Unix NIS servers
● on host systems with critical data
● on hosts to monitor remote Unix syslogs or Windows event logs
On important When installed on important servers associated with vital applications or

servers data files, the sensor monitors security-sensitive activities on the critical
hosts.
On Windows Windows domain servers and Unix NIS servers are typically the
domain or Unix NIS repository for important user account files and other important
servers configuration data. The sensor monitors activity on these critical data
stores.
On host systems When installed on systems with sensitive data, you can use the sensor to
with critical data detect changes in host configuration, unusual administrator activity, or
attempts to access important files.
On hosts to monitor RealSecure Server Sensor can run on Windows hosts and on Unix hosts.
remote logs To monitor Unix hosts where the sensors cannot run locally, you can
either forward the host’s syslog files to a Windows agent or use the
remote monitoring feature built into the Unix subsystem on a host
running a sensor.
Caution: When you forward syslogs or read them remotely, the syslog
information is sent in clear text. Use an encrypted VPN tunnel or a secure
channel if you plan to forward syslogs or read syslogs remotely.

Chapter 2
Upgrading RealSecure Server

Sensor
Overview
Introduction If you have an earlier version of RealSecure Server Sensor installed, you
can upgrade to a version 7.0 sensor. This chapter provides the procedures
for how to upgrade sensors and policies to version 7.0.
Note: You cannot upgrade earlier versions of server sensor to version 7.0
for the HP-UX platform or for the AIX platform. RealSecure Server Sensor
version 7.0 is the first server sensor designed to run on the HP-UX and
AIX platforms.
Topic Page
Upgrading Sensors Remotely 16
Upgrading Sensors Manually 18
Upgrading Policies 19

Upgrading Sensors Remotely

Introduction This topic describes the prerequisites to upgrading an earlier version
sensor. This topic also describes where to find upgrade packages and
how to upgrade a sensor remotely.
Upgrading with If you have version 6.5 sensors installed, you can use SiteProtector to
management remotely upgrade your sensors to version 7.0. If you have a sensor
components version earlier than 6.5 installed, you must upgrade your sensor to
version 6.5 before you can use SiteProtector to upgrade to version 7.0.
Reference: For information about remotely upgrading sensors using

SiteProtector, see the SiteProtector Help.
Prerequisites for If you are upgrading a 6.x sensor remotely, you must do the following:
6.x sensors
● upgrade SiteProtector to version 2.0, Service Pack 5.2 or later
Reference: For more information, see the SiteProtector Installation
Guide.
● upgrade version 6.0 and 6.0.1 sensors to version 6.5
● locate the upgrade package as follows:
■ from the SiteProtector Deployment Manager
■ from the IBM ISS Web site at the following location:
http://www.iss.net/download/
■ on the IBM Internet Security Systems Product CD in the
/updates/RealSecure directory
Prerequisite for When you upgrade RealSecure Server Sensor for Solaris you must stop
Solaris server and then restart the server to complete the upgrade. Before you begin the
sensors upgrade, choose a time when it is most convenient to stop and restart the
server.
Upgrades and Web If you are using the Web server monitoring component of server sensor,
server components and the Web server is not installed in the default location, then the
upgrade process cannot configure the monitoring component during the
upgrade. You must manually configure the monitoring component after
the upgrade is complete. For more information on how to manually

Upgrading Sensors Remotely
configure the Web server monitoring component, see the IBM RealSecure
Server Sensor Policy Guide.
Procedure To remotely upgrade a sensor:
1. Manage the sensor you want to upgrade.

Reference: For information about how to manage a sensor, look up
“managing, sensors” in the Help.
2. Right-click the sensor.
A pop-up menu lists command options.
3. Select X-Press or product update.
The Update Installer window opens.
4. Select the location of the upgrade package.
5. Select Upgrade or Service Release.
6. Click Next.
The Available updates box lists the updates available for this sensor.
7. Select the update you want, and then click Next.
The Strong Encryption Export Agreement window opens.
8. Read the agreement, select Yes, and then click OK.
The update program downloads the update, and then prompts you
to continue.
9. Click Continue.
10. Click Yes.
After a few seconds, the component status changes to “Unknown.”
When the upgrade is complete, the component status changes to
Active.
Solaris sensors: If you are upgrading a RealSecure Server Sensor for
Solaris, the system must shut down and restart before the installation
can be completed.

Upgrading Sensors Manually

Introduction If you chose not to use the remote upgrade feature, you can upgrade a
sensor manually.
Upgrading sensors To manually upgrade sensors to version 7.0, you must uninstall any
previous versions of the sensor, and then install the new version.
References: For instructions on uninstalling a sensor, see Chapter 9,

"Uninstalling a Sensor". For installation instructions, see the appropriate
installation chapter in this guide.

Upgrading Policies
Upgrading Policies
Introduction This topic describes the following:
● policy versions that are compatible with 7.0 server sensors

● policy upgrade issues
Note: You cannot upgrade earlier version policies for use with
RealSecure Server Sensor version 7.0 on the HP-UX or AIX platforms.
Policy compatibility Table 3 defines sensor and policy compatibility.
Important: If you apply a later version of a policy to an earlier version of

a sensor (for example, a 7.0 policy to a 6.5 sensor), then the 6.5 sensor
cannot use new signatures contained in the 7.0 policy, and the sensor will
generate errors that notify you of the discrepancy.
Sensor version... accepts policy versions...
5.5 5.5
5.5.1 5.5.1
5.5.2 5.5.1, 5.5.2, 5.5
6.0 5.5, 6.0
6.0.1 (Windows only) 6.0.1 (Windows only)
6.5 5.5, 5.5.1, 5.5.2, 6.0.1, 6.5
7.0 6.5, 7.0
Table 3: Policies and sensor compatibility
Upgrading a custom Use the policy editor to import a version 6.5 custom policy to a version 7.0
version 6.5 policy server sensor.
Solaris policies: For existing signatures, the sensor preserves any

dynamic block settings. New signatures use a default setting of 1800
seconds.
Windows policies: In server sensor version 6.5, you configured dynamic

blocking at the signature level. In server sensor version 7.0, you can

configure dynamic blocking at the sensor level or at the signature level.

When you import a version 6.5 policy to a version 7.0 sensor, the
signature level dynamic block configuration is imported as a signature
level dynamic block configuration.
Note: If dynamic blocking is enabled at the sensor level in the version 7.0
sensor, the sensor level setting overrides the signature level setting.
Reference For information about importing policies, see the SiteProtector Help.

Chapter 3
Before You Install RealSecure

Server Sensor
Overview
Introduction This chapter provides important information you should know before
you install RealSecure Server Sensor.
Topic Page
Prerequisite Checklist 23
Sensor Naming Conventions 25
Unhardening the Operating System 26
Using Authentication 27
Automatically Importing Authentication Keys 29
Customizing Encryption 31
Archiving Private Keys 34
Administering Public Authentication Keys 35
Support for Non-English Windows Applications and Characters 36
Installing Multiple Sensors on a System 39
Enabling C2 Audit for AIX Platforms 40
Enabling C2 Audit for HP-UX Platforms 41

Topic Page
Increasing the Size Limits for Per Process Memory on HP-UX 42

Platforms
Enabling the Basic Security Module (BSM) on Solaris Platforms 43
Protecting an Apache Web Server 44

Prerequisite Checklist
Prerequisite Checklist
Introduction This topic provides a checklist of prerequisites you should consider
before you install RealSecure Server Sensor.
Prerequisites table The following table describes the prerequisite tasks you must perform
before you install a server sensor:
Task Description Reference
Obtain a license file SiteProtector Installation

Guide
Create a naming convention for “Sensor Naming

sensors Conventions” on page 25
Unharden the operating system “Unhardening the Operating

System” on page 26
Uninstall any previously installed Chapter 9, "Uninstalling a

versions of server sensor Sensor"
Decide if you will automatically import “Automatically Importing

authentication keys Authentication Keys” on
page 29
Install new encryption software, if “Customizing Encryption” on

needed page 31
Verify that the latest encryption “Customizing Encryption” on

Service Pack is installed page 31
Determine public key administrators “Administering Public

Authentication Keys” on
page 35
Configure the system appropriately for “Support for Non-English

use with non-English characters or a Windows Applications and
non-English Windows operating Characters” on page 36
system
Review the requirements for installing “Installing Multiple Sensors

multiple sensors on one system on a System” on page 39
Table 4: Prerequisites to installing server sensor

Task Description Reference
Enable C2Audit (AIX and HP-UX “Enabling C2 Audit for AIX

platforms only) Platforms” on page 40
“Enabling C2 Audit for HP-UX
Platforms” on page 41
Increase memory (HP-UX platforms “Increasing the Size Limits for

only) Per Process Memory on HP-
UX Platforms” on page 42
Enable the Basic Security Module “Enabling the Basic Security

(Solaris platforms only) Module (BSM) on Solaris
Platforms” on page 43
Gather information required to “Protecting an Apache Web

complete the installation if you plan to Server” on page 44
protect an Apache Web Server
Plan your installation for a time when it

is convenient to restart your system
(certain installation options may not
require a system restart, but most do).
Table 4: Prerequisites to installing server sensor (Continued)

Sensor Naming Conventions
Sensor Naming Conventions

Introduction A sensor naming convention helps you to identify sensors on the
Console. For example, you may want a sensor name to indicate whether a
sensor is inside or outside the firewall, or to indicate that it is located in a
specific department.
Caution: Sensor names can contain only alphanumeric characters and

underscores; they must also not exceed 100 characters in length.
Naming a sensor Assign a name to the sensor or accept the default name when you are
installing the sensor. You cannot rename a sensor after you install it, so it
is important to establish a logical naming convention before you deploy
your sensors. To rename a sensor, you must uninstall, and then reinstall
the sensor.
Example: The following naming convention categorizes sensors by

physical and geographical location and also identifies their host name:
● nyc_dmz_hostname1
● nyc_int_hostname2
● atl_dmz_hostname3
● atl_int_hostname4

Unhardening the Operating System

Introduction The installation program cannot write critical files and registry keys to a
hardened or locked-down operating system because you cannot write to
locked files and registry keys.
Action Before you install the sensor, IBM ISS recommends that you unharden the
operating system and then reharden the system after the installation
completes.

Using Authentication
Using Authentication
Introduction Authentication is a process by which one component proves its identity
to another component. Authentication occurs when components establish
communication connections. Authentication uses a public/private key
pair created by a cryptographic provider. This method of authentication
is secure because each component must identify itself to the other
components before sensitive security data is sent. The authentication
process does not negatively impact the performance of your system.
Authentication and For authentication, event collectors must have the public authentication
public/private keys key of the Console, and sensors must have the public authentication keys
of Consoles and event collectors. You send the public keys to each
component’s system in one of the following ways:
● using the automatic key import option

Reference: For more information, see “Automatically Importing
Authentication Keys” on page 29.
● manually copying them
Reference: For more information, see “Configuring Authentication
Manually” on page 95.
Private keys are stored securely on the system where the key pairs were
generated.
Reference: For more information about key management, see

“Administering Public Authentication Keys” on page 35.
Key names The installation program saves public keys in the Keys subdirectory of
each component. Console keys start with sp_con. Sensor and event
collector keys start with rs_eng.
Cryptographic Cryptographic providers provide the means for creating the public/
providers private key pairs. When you install a sensor, you should select a
cryptographic provider and use authentication.

Changing If you want to change the cryptographic provider after you install the
cryptographic sensor, uninstall and then reinstall the sensor with the new settings.
providers
Note: If an event collector and a sensor reside on the same computer, you
must uninstall and then reinstall both components. You only need to
uninstall the SiteProtector Console if you need to change the
cryptographic providers for the Console.
Connections that If you do not use authentication, any device that uses the IBM ISS
are not protocol can monitor a component. The Console or event collector uses
authenticated the public/private key pair that was created when you installed them,
and they send the public key to any component they communicate with;
however, the component does not verify the identity of the Console or
event collector. The sensor automatically accepts the public keys on a per-
session basis.

Automatically Importing Authentication Keys
Automatically Importing Authentication Keys

Automatic When you install a component you can automatically import an
authentication key authentication key from the Console. When you select the auto-import
import option, the sensor receives the initial authentication key over a standard
network connection initiated from the Console. The installation program
imports only the Console’s public keys. Unless you use the Deployment
Manager to automatically distribute authentication keys, you must
manually copy the public keys of other components, such as event
collectors, to the sensors.
Caution: If you use the automatic key import option and the sensor
receives its first connection from an unknown user, then the public key
from the unknown user’s Console is copied to the sensor. When a known
user tries to copy public keys to the sensor, a warning message indicates
that a key already exists, and the known user's keys are not copied to the
sensor.
Auto-import and When an event collector and a sensor reside on the same computer, the
multiple auto-import feature is enabled for both components.
components
Requirements For auto-import to work correctly, you must do the following:
● If you are installing the event collector on the same system as

SiteProtector, then you must install SiteProtector, and then enable the
Automatic Key Import option.
● Install all the sensors or event collectors on the computer and enable
the Automatic Key Import option during the installation.
● Install all the components that will reside on a single computer before
you connect to any of the sensors, event collectors, or other
components.
● After the installation is complete, connect to any sensor or event
collector on the computer that uses the Deployment Manager.
Installing If you install a component with the auto-import option, connect to the
components after component, and then later install a second component, you must
first connection manually copy the authentication keys to the second component before
you can manage or monitor it.

Reference: For more information about manually copying keys, see

“Configuring Authentication Manually” on page 95.
Recommendation IBM ISS recommends that you configure the sensor on a network
segment that is protected from unauthorized network access until the
initial public key has been imported by the Console. After you connect to
the sensor for the first time, verify that only the appropriate users have
access to the sensor.

Customizing Encryption
Introduction IBM ISS software uses a proprietary communication protocol to secure
the information passed among components (Consoles, event collectors,
and sensors). This protocol relies on encryption provided through one or
more built-in providers or external Cryptographic Service Providers
(CSPs), such as Microsoft RSA. During the installation process, you make
choices that concern cryptographic providers and how the encryption
algorithms are configured. You can change these settings at any time after
you install the IBM ISS software.
Reference: For more information, see “Changing Encryption Providers”

on page 99.
Encryption custom During the installation, you can customize the encryption settings in the
options following ways:
● Choose (from a list of available providers on your system) the

provider that you want a particular component to use.
● Arrange the providers in order of preference. This determines which
provider the sensor attempts to use first.
● Customize any default encryption algorithms or key strengths.
Important: You must select common encryption algorithms and keys
for the Console and for each sensor and event collector. If you do not,
the components will not be able to communicate with each other. If
you make a change in the default settings, make a note of it so that
you can apply the same algorithms or keys to the other components.
Encryption keys At the end of the installation process, the program generates a public/
private encryption key pair for each provider you selected. These keys are
used to encrypt and decrypt a symmetric encryption key passed between
components, and to let other components authenticate the one you just
installed, if you authenticated the new one.
Reference: For more information about setting up authentication using

these public keys, see “Using Authentication” on page 27.

Rules for The following rules apply to configuring cryptographic providers during
configuring the installation:
encryption during
installation ● The option to customize cryptographic providers is available only in
the custom sensor installation program.
● The option to configure cryptographic providers is always available
during the Console installation.
● The first time you install a sensor or an event collector, you have the
option to enable automatic import of the authentication key and
select cryptographic providers and the authentication strength.
● After you install the first sensor or event collector, all other sensors or
event collectors have the same authentication strength, cryptographic
providers, and auto import setting as the first sensor or event
collector that you installed.
Microsoft RSA SiteProtector supports the Microsoft RSA Base, Strong, or Enhanced
encryption Cryptographic Providers to encrypt communication between
components (Console, sensors, and event collectors). The providers
typically offer RSA public/private key encryption at 512, 1024, 1536, or
2048 bit strengths.
These providers may also offer symmetric encryption using DES, DESX,
2-key Triple DES, Triple DES, RC2, and RC4 algorithms. The RC2 and
RC4 algorithms typically support 40, 56, or 128 bit key strengths.
Cryptographic hash algorithms typically include MD2, MD4, MD5, and
SHA-1. The choices that appear depend on your operating system level,
service pack, and browser installation.
Enabling RSA IBM ISS recommends using RSA authentication for configurations that
authentication include version 7.0 server sensors. If RSA 1536 authentication is not
enabled on the Console, the system prompts you to add an RSA provider.
If you are installing the Console or the event collector for the first time,
you should install at least one RSA provider when you install the Console
so that the Console can communicate with the sensor.
Preferred Although Certicom encryption is available for earlier versions of

cryptographic components, RSA is the preferred cryptographic provider for
provider

components and for version 7.0 server sensor configurations. Certicom

encryption will not be available in future releases of the software.
Note: Server sensor version 7.0, Service Release 4.1 for HP-UX platforms,
server sensor version 7.0, Service Release 4.4 for Windows platforms,
server sensor version 7.0, Service Release 4.3 for Solaris platforms, and
server sensor version 7.0, Service Release 4.1 for AIX platforms support
only RSA authentication.
Reference: For more information about provider availability and

capability, see the Microsoft Web site. You must complete any provider
upgrades or installations before you install the server sensor software.
Encryption and US Encryption technologies are restricted by U.S. export laws. These
laws technologies cannot be exported or re-exported to certain countries.
Reference: For more information about U.S. export laws, see the
Commercial Encryption section of the Bureau of Export Administration’s
Web site at:
http://www.bis.doc.gov

Archiving Private Keys

Introduction If the cryptographic provider's private key is damaged or destroyed, and
you have an archived copy, use the Restore Cryptographic Private Keys
utility to retrieve the archived copy.
Important: The installation program can only archive private keys when
it creates them; it cannot archive existing private keys. The option to
archive private keys is not available with the automated installation.
If you do not have If the private key becomes damaged or destroyed, and you do not have
an archived copy of an archived copy of the key, IBM ISS recommends that you reinstall the
the key component that has the damaged key to create a new private/public key
pair. Then, before authenticated communication can occur, you must
copy the new public key to other components.
Reference: For more information, see “Restoring Archived Private Keys”

on page 97.

Administering Public Authentication Keys
Administering Public Authentication Keys

Introduction Key management allows you to manage and distribute public
authentication keys. Using key management, you can specify one or more
users as key administrators. A key administrator is a user who has rights
to manage public authentication keys remotely from the Console.
Important: At least one user must have key administrator rights to use
the Deployment Manager.
Key administrators A key administrator can maintain daemon roles, which is an access list of
users with special privileges that the issDaemon maintains. The list
identifies users as computername_username. Daemon roles include Key
Administrator.
Setting up a key For a Windows sensor, you must set up at least one key administrator
administrator during the installation process or enable auto-import during the
(Windows) installation process (the first person to connect to the sensor gains key
administrator rights).
Reference: For more information about using the automatic key import
option, see “Automatically Importing Authentication Keys” on page 29.
Setting up a key For a Unix sensor, you should set up a key administrator during the
administrator (Unix) installation process, if this option is available for the installation option
you chose. If you do not set up a key administrator during the installation
process, you can add an administrator from the command line.

Support for Non-English Windows Applications and

Characters
Non-English RealSecure Server Sensor has been tested on non-English versions of
versions of Windows, including French, Japanese, German, and Spanish. However,
Windows the software is most thoroughly tested on English versions of Windows,
and IBM ISS recommends that you use the English version of Windows.
Foreign characters If you need to use foreign characters for other applications on the
for other programs computer that is running a sensor, IBM ISS recommends that you
configure Windows to support your location and language instead of
installing the non-English version of Windows.
Foreign characters If you change your locale settings, sensor names, directories, or user
names, any other character-based name must use English characters or
numbers.
Caution: Using foreign characters can cause sensors or other components

to malfunction.
Reference For more information about system locales, see the Microsoft Web site at:
http://msdn.microsoft.com/library/
Localizing the US To configure the US English version of Windows NT 4.0 to support your
English version of system locale:
Windows NT 4.0
1. From the taskbar, select Start→Settings→Control Panel.
The Control Panel window appears.
2. Double-click the Regional Settings icon.
The Regional Settings Properties window appears.
3. From the Regional Settings tab, select a language from the list.
4. Select the Set as system default locale check box, and then click
Apply.
5. Click OK.
The system applies the language’s default code page and associated
fonts to your system.

Support for Non-English Windows Applications and Characters
6. Do the display settings need to be adjusted?

■ If yes, go to Step 7.
■ If no, go to Step 11.
7. From the Control Panel window, double-click the Display icon.
The Display Properties window opens.
8. Select the Appearance tab, and then select a font size.
9. Click Apply.
10. Click OK to quit the Display Properties window.
11. From the Regional Setting Properties window, select the Input
Locales tab.
12. Click Add.
The Add Input Locale window appears.
13. Select the language from the list, and then click OK.
The Input Locales tab appears.
14. In the Default input locale field, click Set as Default.
The system sets the language as the default input locale.
15. In the Switch Locales field, select the shortcut key combinations for
switching between input locales.
16. Select the Enable indicator on taskbar check box, and then click OK.
17. Click Apply.
The Regional Properties window closes.
18. Restart the system.
The system locale changes take effect.
Localizing the US To configure the US English version of Windows 2000 to support your
English version of system locale:
Windows 2000 and
2003 1. From the taskbar, select Start→Settings→Control Panel.
The Control Panel window appears.
2. Double-click Regional Options.
The Regional Options Properties window appears.
3. From the Regional Options tab, select a language from the list.

4. Select the Set default check box.

The Select System Locale window appears.
5. Click OK, and then click Apply.
6. Click OK.
The system applies the language’s default code page and associated
fonts to your system.
7. Do the display settings need to be adjusted?
■ If yes, go to Step Step 8.
8. From the Control Panel window, double-click the Display icon.
The Display Properties window opens.
9. Select the Appearance tab, and then select a font size.
10. Click Apply.
11. Click OK to quit the Display Properties window.
12. From the Regional Setting Properties window, select the Input
Locales tab.
13. Click Add.
The Add Input Locale window opens.
14. Select the language from the list, and then click OK.
The Input Locales tab appears.
15. In the Installed input locales field, click Set as Default.
The system sets the language as the default input locale.
16. In the Hot keys for input locales field, select the shortcut key
combinations for switching between input locales.
17. Select the Enable indicator on taskbar check box, and then click OK.
18. Click Apply.
The Regional Properties window closes.
The system locale changes take effect.

Installing Multiple Sensors on a System
Installing Multiple Sensors on a System

Introduction You should install RealSecure Server Sensor on all your important
servers, including computers that are running network sensors.
Server sensor If you install a RealSecure Server Sensor and a RealSecure Network
installation sensor on the same computer, you must install server sensor using the
configuration custom installation option and you must disable the network monitoring
component of the server sensor.

Enabling C2 Audit for AIX Platforms

Introduction Before you can use the C2 auditing feature for sensors running on an AIX
operating system, you must enable C2 auditing on the system.
Enabling C2 audit To enable C2 audit:
1. Log on using a superuser account, such as root.

2. Type the following command:
audit start
Disabling C2 audit To disable C2 audit:

audit shutdown

Enabling C2 Audit for HP-UX Platforms
Enabling C2 Audit for HP-UX Platforms

Introduction Before you can use the C2 auditing feature for sensors running on an
HP-UX operating system, you must enable C2 auditing on the system.
Procedure To enable C2 audit:

/usr/lbin/tsconvert
vi /etc/rc.config.d/auditing
3. Assign the following values to the listed variables:
Variable Value Example
AUDITING 1
PRI_AUDFILE <primary audit log file name> /.secure/etc/audfile1
PRI_SWITCH <max log file size in KB> 1000
SEC_AUDFILE <secondary audit log file name> /.secure/etc/audfile2
SEC_SWITCH <max log file size in KB> 1000
4. Restart the auditing service.

Increasing the Size Limits for Per Process Memory on

HP-UX Platforms
Introduction You must increase the size limits for per process memory so that the
sensor operates correctly.
Kernel parameters Increase per process memory size limits by configuring the following
to configure kernel parameters:
● maxdsiz
● maxssiz
● maxtsiz
Procedure To configure the kernel parameters:

2. Type the appropriate command for each kernel parameter listed
above, as follows:
■ for HP-UX versions earlier than 11.23, type:
usr/sbin/kmtune -s <parameter_name>=0x10000000
■ for HP-UX version 11.23, type:
usr/sbin/kctune -s <parameter_name>=0x10000000

Enabling the Basic Security Module (BSM) on Solaris Platforms
Enabling the Basic Security Module (BSM) on Solaris

Platforms
Introduction The Solaris BSM provides additional security features that are not
supplied in standard UNIX. RealSecure Server Sensor can use
information gathered by the BSM to ensure system integrity and security
policy compliance. Without the BSM enabled, the sensor cannot detect
certain security events.
Enabling the Basic To enable the BSM:

Security Module
(BSM) 1. Log on using a superuser account, such as root.
2. Type the following command to run the BSM script and enable the
BSM at startup:
/etc/security/bsmconv
/etc/telinit 6
The system goes into multi-user mode.
Note: You must restart the system before the changes to the BSM
configuration take effect. Running the bsmconv script disables the
Volume Manager, so after you have enabled the BSM, you must
manually re-enable the Volume Manager or have the sensor
installation script do it for you.
Reference: See the SunSHIELD Basic Security Module Guide for more
information about the BSM. You can access this guide on the Sun Web site
at the following location:
http://docs.sun.com/
?q=SunSHIELD+Basic+Security+Module+Guide

Protecting an Apache Web Server

Introduction If you plan to protect an Apache Web Server, you must know the
following information to complete the installation process:
● name and location of the httpd executable and the httpd.conf file
● whether the modssl module is enabled
Note: RealSecure Server Sensor for HP-UX platforms does not inspect
SSL-encrypted HTTP traffic.
Location of files For more information about the location of the httpd executable and the
httpd.conf file, see your Apache user documentation.
Modssl module For more information about the modssl module, see your Apache user
documentation.
Additional The Apache Web Server must support Dynamic Shared Object (DSO).
requirement

Chapter 4
Installing on a Windows Platform
Overview
Introduction This chapter describes the sensor installation procedures for Windows
environments.
Important Before you install the sensor, be sure you read Chapter 3, "Before You
Install RealSecure Server Sensor", which starts on page 21. Chapter 3
identifies prerequisites you must meet to ensure a successful installation.
Topic Page
Installation Options 46
Unpackaging the Installation Files 48
Typical Installation 50
Custom Installation 52
Automated Installation 56
Silent Installation 58
Working with Cryptographic Providers During a Windows 62

Installation
Archiving Private Keys 64

Installation Options
Installation Install the sensor for Windows platforms using one of the following
methods methods:
● typical installation
● custom installation
● automated installation
Typical installation If you do not plan to do any advanced configuration during the sensor
installation process, use the typical installation option.
A typical installation uses the following default settings:
Option Default Setting
Network monitoring Enabled

component
Enforce audit policy Disabled

When enabled, and audit-related signatures are
enabled in the sensor policy, enforces the default
audit policy, which provides the best protection for
your system using recommendations from IBM ISS.
Blocking Disabled
When enabled, and you apply a predefined policy
other than Blank_Windows.policy, blocks suspicious
traffic using recommendations from IBM ISS.
Sensor name server_sensor_1
Server sensor directory C:\Program Files\ISS\issSensors\server_sensor_1
ISSDaemon directory C:\Program Files\ISS\issDaemon
Key management No key administrators
Cryptographic provider RSA Built-In Provider, Strong Encryption Version
Automatic key import Disabled
SSL monitoring Enabled
Table 5: Default installation settings

Option Default Setting
Restart WWW Enabled

Publishing Service
Table 5: Default installation settings (Continued)
Custom installation If the settings for the typical installation do not meet your needs, use the
Custom installation option.
Automated If you intend to install RealSecure Server Sensor on more than one
installation computer and all the sensors will have the same settings, use the
Automated installation option. With this option, you respond to
installation questions, save these responses to a response file, and then
use the response file when you install other sensors. The Automated
installation option allows you to install many sensors without having to
monitor the each installation.
Silent installation You can suppress the display of the installation prompts when you install
server sensor. With this option, you use a response file in silent mode to
specify the responses to installation questions as the sensor is installed.

Unpackaging the Installation Files

Introduction If you download the installation package from the Web site, you must
unpackage the files before you can install the sensor.
Unpackaging The following table lists the ways to unpackage the installation files:
options
For this type of To unpackage to... Reference
installation...
Typical or a temporary directory See “Unpackaging files to

Custom and install the sensor temporary directory and installing
immediately the sensor immediately” on
page 48.
Typical or a custom directory and See “Unpackaging files to specific

Custom install the sensor directory and installing the sensor
immediately immediately” on page 48.
Automated or a custom directory and See “Unpackaging files to specific

Silent install the sensor at a directory without installing the
later time sensor” on page 49.
Table 6: Options for unpackaging installation files
Unpackaging files to To unpackage the server sensor installation files:

temporary directory
and installing the 1. Download the packaged file.
sensor immediately 2. Double-click the packaged file.
Note: This will extract the files and begin the installation process.
Reference: See “Typical Installation” on page 50 or “Custom
Installation” on page 52.

specific directory
and installing the 1. Select StartÆ Run.
sensor immediately
2. In the Run window, change the command line in the Open box to:
“full_path_to_installation_package” -p
3. Click OK.

Unpackaging the Installation Files
4. Type the path or browse to the directory where the installation

package should be unpackaged to.
5. Click Next.
Note: This will extract the files and begin the installation process.

specific directory
without installing 1. Select StartÆ Run.
the sensor
“full_path_to_installation_package” -p
3. Click OK.
4. Type the path or browse to the directory where the installation
package should be unpackaged to.
5. Click Next.
6. Click Cancel.
The installation files are unpackaged to the location you specified
without installing the sensor.
Reference: See “Automated Installation” on page 56 or “Silent

Typical Installation
Introduction The typical installation option uses default settings to quickly install the
sensor.
Reference: For a list of the default settings, see Table 5, “Default

installation settings” on page 46.
Procedure To install a sensor on a Windows platform:
Important: The Typical installation option installs the SSL traffic

monitoring component. As part of the installation process, the
WWWPublishing Service is restarted.
1. Run the RealSecureServerSensor70_SR4_4.exe file.

The Welcome window opens.
2. Click Next.
The License Agreement window opens.
3. Read the text, and then click I Accept.
The Readme window opens.
4. Read the text, and then click Next.
The Setup Types window opens.
5. Click Typical.
6. If you are notified of pending file operations, do one of the following:
■ Click Yes to abort the installation, restart the system, and then
resume the installation.
■ Click No to continue the installation process.
Note: If you continue the installation process while there are
pending file operations, the installation will continue but files with
pending operations may be renamed or deleted when the system is
next restarted due to the pending operation.

7. Continue through the installation questions. Use the following table

as a guide:
Setting Option
Automatic Key Select Allow Auto-Import to send the initial

Import authentication key from the Console over a standard
network connection.
Important: You must select this option if SiteProtector is
using authentication.
Reference: For more information, see “Automatically
Importing Authentication Keys” on page 29.
Public Key Do one of the following:

Administrators • Type the IP address of the Console computer, and
then click Add.
• Type the name for the Console computer’s Public Key
Administrator, and then click Add.
Use the format computername_username
Important: IBM ISS recommends that you add at least
one key administrator at this time. If you do not add an
administrator now, you must reinstall the component to
set up a key administrator.
8. Click Finish.

Custom Installation
Introduction Use the custom installation option to install specific components and to
change default settings.
Procedure To install a sensor using a custom configuration:
1. Run the RealSecureServerSensor70_SR4_4.exe file.

2. Click Next.
The License Agreement window opens.
3. Read the text, and then click I Accept.
The Readme window opens.
4. Read the text, and then click Next.
The Setup Types window opens.
5. Click Custom.
The Select Components window opens.
as a guide:
Setting Option
Network monitoring Click Next to install the network monitoring

component component of the sensor.
Pending file If you are notified of pending file operations, do one

operations of the following:
• Click Yes to abort the installation, restart the
system, and then resume the installation.
• Click No to continue the installation process.
Note: If you continue the installation process
while there are pending file operations, the
installation will continue but files with pending
operations may be renamed or deleted when
the system is next restarted due to the pending
operation.

Custom Installation
Setting Option
Enforce Audit Policy Select the Enforce Audit Policy check box.
Important: If you do not enforce an audit policy,
the sensor will not monitor the system for important
events such as login, startup, shutdown, registry
access, and file access events.
Note: When you enable EAP and apply a policy
that has audit-related signatures enabled, the
sensor provides the best protection for your system
using recommendations from IBM ISS.
Blocking Select the Enable Blocking check box to have the

sensor block suspicious traffic immediately after
the installation ends.
Note: This option is only available if you are using
the network monitoring capabilities of the server
sensor. If you select this option, the sensor blocks
suspicious traffic immediately upon installation
Sensor name Type a custom name for the sensor.

Note: Use only alphanumeric characters with
underscores for sensor names.
Installation directory Select an installation directory.

(sensor) Important: IBM ISS recommends that you accept
the default location so that the setup program can
locate important files that may have been installed
previously. The default location is C:\Program
Files\ISS\issSensors\sensor_name
Installation directory Select an installation directory.

(daemon) Important: IBM ISS recommends that you accept
the default location C:\Program
Files\ISS\issDaemon
Authentication Mode Select Next to use authentication to secure com-

munication between the sensor and the Console.
Important: IBM ISS recommends that you use
authentication to prevent unauthorized users from
controlling and potentially hiding attacker activity.
Reference: For information about authentication,
see “Using Authentication” on page 27.

Setting Option
Automatic Key Import Select Allow Auto-Import to send the initial

authentication key from the Console over a stan-
dard network connection.
Important: You must select this option if
SiteProtector is using authentication.
Reference: For more information, see “Automati-
cally Importing Authentication Keys” on page 29.
Public Key Do one of the following:

Administrators • Type the IP address of the Console computer,
and then click Add.
• Type the name for the Console computer’s
Public Key Administrator, and then click Add.
Important: IBM ISS recommends that you add at
least one key administrator at this time. If you do
not add an administrator now, you must reinstall
the component to set up a key administrator.
Cryptographic Add, change, or delete cryptographic providers.

providers References: For more information, see “Custom-
izing Encryption” on page 31 and “Working with
Cryptographic Providers During a Windows Instal-
lation” on page 62.
Monitoring SSL Select Install SSL traffic monitoring component

traffic to have server sensor monitor traffic directed
through SSL-encrypted HTTP streams on systems
running Internet Information Services.
the network monitoring capabilities of the sensor.
Important: You must restart the WWW Publishing
Service before this component can protect your
system. Restart the service automatically as part
of the installation process by selecting the Restart
the WWW Publishing Service check box, or
restart the service manually at a later time.

Custom Installation
Setting Option
Archive private keys To archive a copy of the cryptographic provider’s

private key for this installation, specify the location
for the archive copy and a passphrase to encrypt
the copy.
Note: The passphrase must be a minimum of
seven characters in length.
Reference: For more information, see “Archiving
Private Keys” on page 64.
7. Click Finish.

Automated Installation
Introduction You can use the Autorecord and Autoinstall features to automatically
install a sensor.
Important: The automated installation does not provide the option to

archive private keys.
Benefits The Autorecord and Autoinstall features are useful when you want to
install RealSecure Server Sensor on multiple systems.
Autorecord In Autorecord mode, you can save your responses to the installation
program prompts in a response file as you install a sensor. You can edit
the response file as desired for use on systems configured differently from
the original system. You can also manually create a response file that
includes the desired responses.
Autoinstall In Autoinstall mode, you can use the response file you created in
Autorecord mode to install sensors on other systems. The Autoinstall
feature reads your responses to installation prompts from the response
file instead of requiring you to respond to the installation prompts.
Process overview To install a sensor using the automated installation feature, you must do
the following:
Task Operation Reference
1 Obtain the installation See “Unpackaging the Installation Files”

package on page 48.
2 Unpackage the installation See “Unpackaging files to specific

package directory without installing the sensor” on
page 49.
3 Create an automated See “Generating a response file” on

installation response file page 57.
4 Install the sensor See “Installing sensor with an automated

installation response file” on page 57.
Table 7: Tasks in the silent installation process

Generating a To generate a response file:

response file
1. Locate the installation file Setup.exe in the directory where you
unpackaged the installation files.
2. From the Start menu, select StartÆ Run.
3. In the Run window, change the command in the Open box to:
“full_path_to_file\Setup.exe” -p
full_path_to_response_file\response_file_name.rsp
Example: “d:\ServerSensor\Windows\Setup.exe” -p
c:\temp\my_auto_inst_file.rsp
4. Click OK.
5. Respond to the installation prompts.
Installing sensor To install a sensor with an automated installation response file:

with an automated
installation 1. Locate the installation file Setup.exe in the directory where you
response file unpackaged the installation files.
“full_path_to_file\Setup.exe” -g
full_path_to_response_file\response_file_name.rsp
Example: “d:\ServerSensor\Windows\Setup.exe” -g
c:\temp\my_auto_inst_file.rsp
4. Click OK.
5. Check the autoinstall log to ensure the installation was successful.
Autoinstall log file The installation program generates a log file in the Windows directory
that contains error and other messages related to the automated
installation. Always check this file for error messages after you complete
an automated installation. The default log file name indicates the date
and time of the installation and follows the following format:
RealSecure_Server_Sensor_7.0_SR4.4_xx-xx-
2006_xx_xx_xx_install.xml

Silent Installation
Introduction You can use the automated installation feature with InstallShield’s Silent
Install feature to suppress the display of the installation prompts when
you install a sensor.
Process overview To install a sensor using the silent installation feature, you must do the
following:
1 Obtain the installation package See “Unpackaging the

Installation Files” on
page 48.
2 Unpackage the installation package See “Unpackaging files to

specific directory without
installing the sensor” on
page 49.
3 Create an automated installation response See “Generating a

file response file” on page 57.
Note: IBM ISS provides a response file,
server_sensor_typical.rsp, for a
Typical installation on English versions of
Windows.
4 Note: Only complete this task if you want See “Task 4: Configuring
to configure a key administrator before you communication with
use the server_sensor_typical.rsp SiteProtector before silent
response file to install a sensor. installation” on page 59.
Configure communication with
SiteProtector, before silent installation of
the sensor, by defining a key administrator.
5 Install a sensor using the Silent Install See “Task 5: Installing

feature server sensor silently” on
page 59.

Silent Installation
6 Note: Only complete this task if you did not See “Task 6: Configuring
configure a key administrator before you communication with
used the server_sensor_ SiteProtector after silent
typical.rsp response file to install a installation” on page 60.
sensor.
Configure communication with
SiteProtector, after silent installation of the
sensor, by defining a key administrator.
Task 4: Configuring To configure communication with SiteProtector:

communication with
SiteProtector 1. Open the server_sensor_typical.rsp file located in the directory
before silent where you unpackaged the installation package.
installation
2. Add the following lines
[KeyAdministrators]
KeyAdministrator_1=xxx.xxx.xxx.xxx
Where xxx.xxx.xxx.xxx is the IP address of the SiteProtector
system.
3. Save the file, and then close the file.
Task 5: Installing To install server sensor silently:

server sensor
silently 1. Locate the installation file Setup.exe in the directory where you
unpackaged the installation files.
3. In the Run window, type the following:
“full_path_to_file\Setup.exe” -g
full_path_to_response_file\response_file_name.rsp -s
Example: “d:\ServerSensor\Windows\Setup.exe” -g
c:\temp\my_auto_inst_file.rsp -s

Task 6: Configuring To configure communication with SiteProtector:

communication with
SiteProtector after 1. Open the Services window.
silent installation
2. Double-click the issDaemon service.
3. Click Stop to stop the sensor.
4. Open the iss.access file located in the issDaemon directory.
5. Add the following lines below the [\Roles\KeyAdministrator\] line:
[\Roles\KeyAdministrator\xxx.xxx.xxx.xxx\]
[\Roles\KeyAdministrator\SiteProtector_Hostname\]
Where xxx.xxx.xxx.xxx is the IP address of the SiteProtector
system, and SiteProtector_Hostname is the hostname of the
SiteProtector system.
6. Save the file, and then close the file.
7. In the Services window, double-click the issDaemon service.
8. Click Start to start the sensor.
The silently installed sensor begins communicating with
SiteProtector.
Silent install log file When you install a sensor using the silent installation option, the
installation program generates a log file called setup.log. You can find
the setup.log file in the directory where the setup.ini is located. You
can specify an alternate silent install log file location using the -f2 switch.
The following shows the contents of the setup.log file for a successful
silent installation:
[InstallShield Silent]
Version=v6.00.000
File=Log File
[ResponseResult]
ResultCode=0
[Application]
Name=RealSecure Server Sensor 7.0 SR4.4
Version=7.0
Company=ISS
Lang=0009

Silent Installation
Silent install log file After you install a sensor using the silent installation option, check the
result codes silent install log file setup.log to see if the setup succeeded. Table 9 lists
the possible result codes and their meanings:
Result Code Meaning
0 Success
-1 General error
-2 Invalid mode
-3 Required data not found in the Setup.iss file
-4 Not enough memory available
-5 File does not exist
-6 Cannot write to the response file
-7 Unable to write to the log file
-8 Invalid path to the InstallShield Silent response file
-9 Not a valid list type (string or number)
-10 Data type is invalid
-11 Unknown error during setup
-12 Dialog boxes are out of order
-51 Cannot create the specified folder
-52 Cannot access the specified file or folder
-53 Invalid option selected
Table 9: Silent mode return codes

Working with Cryptographic Providers During a

Windows Installation
Introduction Cryptographic providers encrypt communications between the Console
and sensors, the Console and the event collector, and the event collector
and sensors. Encrypting communications secures the information that is
passed between these components.
Background For more information about setting up encryption, see “Customizing

Encryption” on page 31. For more information about changing
cryptographic providers after you have installed a component, see
“Restoring Archived Private Keys” on page 97.
Adding a provider To add a provider during installation:
1. In the Cryptographic Providers window, click Add.

2. Select a provider from the list of providers installed on your system.
Note: Add the RSA 1536 provider if it does not appear in the list.
3. Click OK.
Changing default To change the default algorithms during installation:

algorithms for the
provider 1. Click Add to add the provider to customize.
2. Clear the Use algorithm defaults box.
The Configure Algorithms window opens.
3. Choose an algorithm for each of the three categories.
4. Click OK.
Important: You must use the same algorithm for the Console and
each sensor. If you do not, the components cannot communicate with
one another.

Working with Cryptographic Providers During a Windows Installation
Deleting a provider To delete a cryptographic provider during a Windows-based installation:
1. Select the provider that you do not want the Console to use.
2. Click Delete.
Note: If you delete a provider by mistake, click Add to add it back to
the list. Deleting a provider does not delete the public/private key
pair associated with that provider configuration. If you later add the
provider back to your configuration, the system uses the existing key
pair rather than generating a new key pair.


Introduction Use the Archive Private keys window to archive a copy of the
cryptographic provider’s private key that was created during installation.
Important: The setup program can only archive private keys when it
creates them; it cannot archive existing private keys.
Benefit If you archive a copy of the private key, you can recover the private key if
it becomes damaged or destroyed. The archived copy of the private key is
encrypted and passphrase protected.
If you choose not to If the private key becomes damaged or destroyed and you do not have an
archive the private archived copy of the key, you must reinstall the component that has the
key damaged key to create a new private/public key pair, and then copy the
new public key to other components.
Reference: For more information, see “Restoring Archived Private Keys”

on page 97.
Archiving the To archive the private key during installation:

private key
1. Select the Archive the private keys check box.
2. Use the default location, or type a location in the Save the key files in
this folder field.
3. Type a passphrase in the Passphrase box.
4. Type the passphrase in the Confirm box.
5. Click Next.
Bypass archiving To bypass archiving during installation:
1. Clear the Archive the private keys check box.

2. Click Next.
3. Click Next.
The Start Copying Files window opens.

4. Do the settings need to be adjusted?

■ If yes, click Back and adjust the settings as needed.
■ If no, click Next.
The installation program reviews the bindings settings and displays a
message that the bindings review is complete.
5. Click OK.


Chapter 5
Installing on a Solaris Platform
Overview
Introduction This chapter describes the sensor installation procedures for Solaris
environments.
Note: The installation package for RealSecure Server Sensor for Solaris
includes all enhancements released with Service Release 4.3. When you
install RealSecure Server Sensor for Solaris, the sensor will show as a
version 7.0 sensor with Service Release 4.3 applied.
Limitation RealSecure Server Sensor for Solaris platforms monitors activity on

software that is part of the Trusted Computer Base (TCB). If you allow
users to access the sensor with non-TCB software, such as Secure Shell
(SSH) and GNU’s su, the sensor cannot monitor the user’s activity.
Topic Page

Installation options You can install the sensor on a Solaris platform using one of the following
options:
● typical
● custom
● automated
Container support RealSecure Server Sensor for Solaris, Service Release 4.3 supports
Containers on Solaris 10; however, if you install the sensor on non-global
zones, the network monitoring component will not be installed.
Typical installation If you do not need to customize any sensor installation settings, use the
default settings provided by the Typical installation option.
Option Setting
Installation directory /opt/ISS
Blocking Disabled
other than Blank_Solaris.policy, blocks suspicious

enabled in the sensor policy, enforces the default audit
policy, which provides the best protection for your
system using recommendations from IBM ISS.
Table 10: Typical installation settings

Option Setting
Network monitoring Global Zone

component Enabled
Installs the network monitoring component.
Non-Global Zone
Disabled
Does not install the network monitoring component.
Apache server Enabled

monitoring Checks for Apache Web server, prompts for Apache
files, and installs the Apache monitoring component.
Table 10: Typical installation settings (Continued)
Custom installation If you need to customize any installation settings, use the Custom
installation option.
monitor each installation.

sensor.
Reference: For a list of the default settings, see Table 10, “Typical
Prerequisite The installation package for RealSecure Server Sensor for Solaris is stored
in a tar file. Before you can install a server sensor, you must untar this file
using the following command:
tar -xvf ServerSensor.tar
Procedure To install a sensor on a Solaris platform:

2. Copy the installation package to your local drive.
3. Type ./pkgISSXssinstall.sh, and then press ENTER.
4. Press ENTER to install all the files that are in the package.
5. Type y to read the license agreement.
6. Type y to accept the license agreement.
7. Type y to install the sensor with the default parameters.
as a guide:
Setting Option
Full path to the Type the full path to the Apache program file you want to
Apache httpd protect, and then press ENTER.
program file
Full path to the Type the full path to the Apache configuration file you want
Apache to protect, and then press ENTER.
httpd.conf file
9. Restart the computer.

Custom Installation
Custom Installation
Prerequisite The installation package is stored in a tar file. Before you can install a
sensor, you must untar this file using the following command:
Procedure To install a sensor using a custom configuration:

3. Type ./pkgISSXssinstall.sh, and then press ENTER.
The installation package opens.
4. Press ENTER to install the package.
7. Type n to install the sensor with custom parameters.
as a guide:
Setting Option
Installation directory Do one of the following:

• Press ENTER to use the default directory
(/opt/ISS).
• Type the path to the directory you want to use.
Note: The sensor creates a symlink from /opt/
ISS to the custom directory you specify.

Note: Use only alphanumeric characters with under-
scores for sensor names.

Setting Option
Automatically import Type y to have the sensor receive the initial

authentication key authentication key over a standard network
connection initiated from the console.
Important: SiteProtector users must select this
option if using authentication.
Reference: For more information, see “Automati-
cally Importing Authentication Keys” on page 29.
Key management Type y to set up key administrators.

Note: You can set up more than one key administra-
tor. Use the format computername_username or
computername.
BSM auditing If BSM auditing is not enabled, do one of the follow-

ing:
• Type y to continue the installation with BSM
auditing disabled.
Note: If the BSM is not enabled, the sensor
cannot detect certain security events.
• Type n to exit the installation program.
Reference: See “Enabling the Basic Security
Module (BSM) on Solaris Platforms” on page 43.
Enforce audit policy Type y to enable enforce audit policy (EAP).

Note: When you enable EAP, and audit-related sig-
natures are enabled in the sensor policy, the sensor
enforces the default audit policy, which provides the
best protection for your system using recommenda-
tions from IBM ISS.
Network monitoring Type y to install the network monitoring component

component of the sensor.
Enable blocking Type y to have the sensor block suspicious traffic

immediately after the installation ends.
the network monitoring capabilities of the sensor. If
you select this option, the sensor blocks suspicious
traffic immediately upon installation using recom-
mendations from IBM ISS.

Custom Installation
Setting Option
Full path to the Type the full path to the Apache program file you
Apache httpd pro- want to protect, and then press ENTER.
gram file
Full path to the Type the full path to the Apache configuration file you
Apache httpd.conf want to protect, and then press ENTER.
file

Introduction You can install RealSecure Server Sensor on Solaris systems automatically
if you use pkgask to generate a response file and use an admin file to
suppress the run package setup scripts confirmation request from
the pkgadd command.
Process overview The following table outlines the process for completing an automated
installation of the sensor:
Task Description
1 Untar the installation package.
2 Generate a response file.
3 Create an admin file.
4 Install the sensor.
Task 1: Untar the The installation package is stored in a tar file. Before you can install the
installation package sensor, you must untar this file.
Untarring the To untar the installation package:

package
● Run the following command:
Task 2: Generate a The pkgask command runs the request script for a package and stores the
response file information necessary to install the package. The request script is similar
to pkgadd, but no files are installed.
Important: You cannot generate a response file on a system that already

has a sensor installed.


response file
1. Run the following command:
pkgask -d full_path_and_name_of_installation_image -r
full_path_to_response_file
Example: pkgask -d /tmp/Sensor/pkgISSXss -r /tmp/
ssResponse
Task 3: Create an An admin file contains installation parameters for the Solaris package
admin file administration commands. You must use an admin file to install a sensor
because the installation package contains shell scripts that are run with
superuser (or root) permissions. To run pkgadd non-interactively for a
package that has installation scripts, you must specify an admin file, and
then turn off these checks.
The admin file should contain, at a minimum, the following line:
action=nocheck
Task 4: Install the After you have created the response and admin files, you can run pkgadd
sensor non- in a non-interactive mode to install sensors on identical systems.
interactively
Installing a sensor To install a sensor using the response file:

pkgadd -n -r full_path_to_response_file -a full_path_to_
admin_file -d full_path_and_name_of_installation_image
all
Note: If you have to use two lines to enter this command, then type a
backslash (\) at the end of the first line so that the shell does not
create new lines.
Example: pkgadd -n -r /tmp/ssResponse -a /tmp/rs_admin \
-d /tmp/Sensor/pkgISSXss all


Chapter 6
Installing on an AIX Platform
Overview
Introduction This chapter describes the sensor installation procedures for AIX
environments.
Note: The installation package for RealSecure Server Sensor for AIX
install RealSecure Server Sensor for AIX, the sensor will show as a version
7.0 sensor with Service Release 4.1 applied.
identifies prerequisites you must meet to ensure a successful server sensor
installation.
Topic Page

Installation You can install the sensor on an AIX platform using one of the following
methods options:
● typical
● custom
● automated
LPAR support RealSecure Server Sensor for AIX, Service Release 4.1 supports LPAR on
AIX 5.1, 5.2 and 5.3.
Option Setting
Blocking Disabled
other than Blank_AIX.policy, blocks suspicious traffic


Option Setting

component Installs the network monitoring component.
Table 11: Typical installation settings (Continued)
monitor each installation.

Introduction The typical installation option uses default settings to quickly install
Server Sensor.
Note: You can install only one sensor on a computer that runs on an AIX
platform.
Installing a server To install a sensor on an AIX platform:

sensor
3. Type ./ServerSensor-AIX-7-0.shar, and then press ENTER.
The program completes the installation and removes all temporary
files created during the installation.

Custom Installation
Custom Installation
Installing a sensor To install a sensor on an AIX platform:

3. Type ./ServerSensor-AIX-7-0.shar, and then press ENTER.
7. Continue through the installation. Use the following table as a guide:
Setting Option
Installation Do one of the following:

directory • Press ENTER to use the default (/opt/ISS).
Important: If the opt/ISS directory already exists,
the system backs it up and renames it /opt/ISS.bak.
• Type the path to the directory you want to use.
Note: The sensor creates a symlink from /opt/ISS to
the custom directory you specify.
Important: If the /custom path/ISS directory already
exists, the system backs it up and renames it
/custom path/ISS.bak.
The custom path cannot be a sub-directory of
/opt/ISS.
Sensor name Type y, and then type a custom name for the sensor.
Note: The sensor creates a symlink from the custom
sensor name you specify to /path/ISS/issSensors/
server_sensor_1.

Setting Option
Automatically Type y to have the sensor receive the initial

import authentication key over a standard network connection
authentication initiated from the console.
key Important: SiteProtector users must select this option if
using authentication.
Reference: For more information, see “Automatically
Importing Authentication Keys” on page 29.
Key manage- Do one of the following:

ment • Type the IP address of the Console computer.
• Type the name for the Console computer’s Public Key
Administrator.
Important: You should add at least one key
administrator at this time. If you do not add an
administrator now, you must reinstall the component to
set up a key administrator.
Enforce audit Type y to enable enforce audit policy (EAP).

policy Note: When you enable EAP, and audit-related signa-
tures are enabled in the sensor policy, the sensor
enforces the default audit policy, which provides the best
protection for your system using recommendations from
IBM ISS.
Network moni- Type y to install the network monitoring component of the

toring compo- sensor.
nent
Enable blocking Type y to have the sensor block suspicious traffic

immediately after the installation ends.
Note: This option is only available if you are using the
network monitoring capabilities of the sensor. If you
select this option, the sensor blocks suspicious traffic
immediately upon installation using recommendations
from IBM ISS.

Introduction You can automatically install a sensor on an AIX platform using the
Automated Installation option.
Restriction You can install only one sensor on a computer that runs on an AIX
platform.
Process overview The following table outlines the process for completing an automated
installation:
Task Description
1 Generate a response file.
2 Install the sensor non-interactively.
Task 1: Generate a You can save your responses to the installation program prompts in a
response file response file. You can then use that response file to install other sensors
without having to monitor each installation.
Important: You cannot generate a response file on a system that already

has a sensor installed.

response file
./ServerSensor-AIX-7-0.shar -c response_filename
Example: ./ServerSensor-AIX-7-0.shar -c Response
Note: The response file name cannot start with a hyphen (-).

Task 2: Install the After you create the response file, you can install sensors on other
sensor systems using the response file. When you use the response file to install
a sensor, you do not need to respond to the installation prompts each time
you install a sensor.
Installing a sensor To install the sensor using the response file:

./ServerSensor-AIX-7-0.shar -r response_filename
Example: ./ServerSensor-AIX-7-0.shar -r Response
Note: The response _filename is the name of the response file you
created in the previous task.

Chapter 7
Installing on an HP-UX Platform
Overview
Introduction This chapter describes the sensor installation procedures for HP-UX
environments.
Note: The installation package for RealSecure Server Sensor for HP-UX
install RealSecure Server Sensor for HP-UX, the sensor will show as a
version 7.0 sensor with Service Release 4.1 applied.
Topic Page

Installation You can install the sensor on an HP-UX platform using one of the
methods following options:
● typical
● custom
● automated
A typical installation uses the following default settings installation:
Option Setting

component Installs the network monitoring component.
Blocking Disabled
other than Blank_HP-UX.policy, blocks suspicious


monitor the each installation.

sensor.
Prerequisite The files needed to complete the installation process are stored in a
compressed file. Before you install a sensor, open the installation package
using the gunzip command.
Restriction You can only install one sensor on a computer that runs on an HP-UX
platform.
Procedure To install a sensor on an HP-UX platform:

3. Type full path and name of installation image.
Note: The full path to the installation image is the location and file
name of the sensor installation file.
Example: # /usr/sbin/swinstall -s full_path_and_name_of
_installation_image -x ask=as_needed ISSXss
The license agreement appears.
6. Type y to restart the system.
Note: The sensor inserts itself as a shim into the communication
stack; because of operating system restrictions, you must restart the
system before the sensor can operate effectively.

Custom Installation
Custom Installation
Prerequisite The files needed to complete the installation process are stored in a
compressed file. Before you install a sensor, open the installation package
using the gunzip command.
Restriction You can only install one sensor on a computer that runs on an HP-UX
platform.
Procedure To install a sensor on an HP-UX platform:

3. Type full path and name of installation image.
Note: The full path to the install image is the location and file name
of the server sensor installation file.
Example: # /usr/sbin/swinstall -s full_path_and_name_of
_installation_image -x ask=as_needed ISSXss
The license agreement appears.
as a guide:
Setting Option
Enforce audit policy Type y to enable enforce audit policy (EAP).

Note: When you enable EAP, and audit-related
signatures are enabled in the sensor policy, the
sensor enforces the default audit policy, which
provides the best protection for your system

Setting Option
Network monitoring Type y to install the network monitoring

component component of the sensor.
Enable blocking Type y to have the sensor block suspicious

traffic immediately after the installation ends.
Note: This option is only available if you are
using the network monitoring capabilities of the
sensor. If you select this option, the sensor
blocks suspicious traffic immediately upon
installation using recommendations from IBM
ISS.
Automatically import Type y to have the sensor receive the initial

authentication key authentication key over a standard network
connection initiated from the console.
Important: SiteProtector users must select this
option if using authentication.
Reference: For more information, see
“Automatically Importing Authentication Keys”
on page 29.

Key management Type y to set up key administrators.

Note: You can set up more than one key
administrator. Use the format
computername_username.
Restart the computer The sensor inserts itself as a shim into the
automatically communication stack; because of operating
system restrictions, you must restart the system
before the sensor can operate effectively. Do
one of the following:
• Type y to automatically restart the server as
part of the installation process.
• Type n, restart the server, and then start the
sensor.

Introduction You can install RealSecure Server Sensor on HP-UX systems
automatically if you use the swask command. The swask command does
the following:
● generates a catalog that contains a response file

● places swinstall in non-interactive mode
About catalogs A catalog is a directory that contains files that store installation
parameters for HP-UX administration commands. One of these files
contains responses to questions asked by the request script for an HP-UX
package. The swask command generates this file together with the
remainder of the catalog.
About the swask The swask command runs the request script for a package and stores the
command information necessary to install the package. The request script operates
similarly to swinstall to install the package, but does not actually install
files.

response file
swask -s full_path_and_name_of_installation_image -c
full_path_to_catalog -x ask=true ISSXss
Example: swask -s /temp/RealSecure/ServerSensor.depot -c
/var/temp/ServerSensor.depot -x ask=true ISSXss
Non-interactive After you create a catalog using swask, you can run swinstall in non-
installation interactive mode.
Running swinstall To run swinstall non-interactively:

non-interactively


swinstall -s full_path_and_name_of_installation_image -c
full_path_to_catalog ISSXss
Example:
swinstall -s /temp/RealSecure/ServerSensor.depot -c /var/

temp/ServerSensor.depot ISSXss

Chapter 8
After You Install RealSecure

Server Sensor
Overview
Introduction After you install a sensor, there are certain tasks you must complete
before you begin to configure your sensor to protect your server.
Reference: For general information about setting up sensors to work

with SiteProtector, see the SiteProtector Configuration Guide.
Topic Page
Allowing Communication Between RealSecure Server Sensor and 94

SiteProtector
Configuring Authentication Manually 95
Restoring Archived Private Keys 97
Changing Encryption Providers 99
Adding Key Administrators 101
Starting and Stopping Sensors 102
Monitoring Local Syslog Events 104
Restarting the Apache Web Server 105
Testing the Sensor 106

Allowing Communication Between RealSecure Server

Sensor and SiteProtector
Introduction If you install RealSecure Server Sensor for Windows on a system that is
running ISA Server, ISA Server blocks communication between the
sensor and SiteProtector.
Allowing To allow communication between the sensor and SiteProtector, you must
communication configure the ISA server to allow incoming connections to port 2998 and
port 902.

Configuring Authentication Manually
Configuring Authentication Manually

Introduction If you did not enable the automatic authentication key import option for
all your components, then you must copy the authentication keys
manually.
Purpose After you install a sensor or event collector on a remote system, the
component must have one or more of the Console’s public authentication
keys and one or more of the event collector’s authentication keys before
the component and the Console can communicate.
Reference: For more information about how authentication works, see

“Using Authentication” on page 27.
About the Keys Each component has its own Keys directory. This directory contains the
directory component’s public authentication keys after installation and must
contain the public authentication key of any component that is
authenticated.
Location of The following table lists the location of authentication keys:

authentication keys
Component Platform Key location
Console n/a \Program Files\ISS\SiteProtector\Application

Server\keys\RSA\sp_con_machine name_
length.PubKey1
—and—
\Program Files\ISS\SiteProtector\Application
Server\keys\CerticomNRA\sp_con_machine
name_length.PubKey2
Event n/a \Program Files\ISS\SiteProtector\Event
collector Collector\Keys\RSA\rs_eng_machine
name_length.PubKey1
—and—
\Program Files\ISS\SiteProtector\Event
Collector\Keys\CerticomNRA\rs_eng_machine
name_length.PubKey2
Table 13: Location of authentication keys

Component Platform Key location
Sensor Windows \Program Files\ISS\issSensors\sensor

name\Keys\RSA\rs_eng_machine
name_length.PubKey
—and—
\Program Files\ISS\issSensors\sensor name\
Keys\
CerticomNRA\rs_eng_machine
name_length.PubKey2
Unix /opt/ISS/issSensors/sensor name/Keys/RSA/

rs_eng_machine name_length.PubKey1
—and—
/opt/ISS/issSensors/sensor name/Keys/
CerticomNRA/rs_eng_machine
name_length.PubKey2
Table 13: Location of authentication keys (Continued)

1. Unix sensors do not use 1024 bit RSA encryption keys, therefore, you do not need to
copy these keys to the RSA directory.
2. Although Certicom encryption is available for backward compatibility, it will not be
supported in future releases.
Which keys go You must copy the public authentication keys of the following
where components:
● copy Console keys to the event collector and to the sensors

● copy event collector keys to the sensors

Restoring Archived Private Keys
Restoring Archived Private Keys

Introduction If you installed a component on a Windows platform, you had the option
to archive your private keys at the end of the installation process. Unix
installations do not provide this option.
Uses for archived If you archived your keys, you can use the archived copy to restore your
keys system, if, for example:
● the hardware on which you installed a component is damaged, and

must load it onto a new computer
● the Windows Registry is corrupted and your private keys are
inaccessible.
Prerequisites Before you restore the archived private keys:
● Contact Technical Support for a copy of the Key Management utility.

● Locate a copy of the archived keys.
● Install the same providers the previous Console used.
Important: The archived copy of the private key is encrypted and

protected with a passphrase. You must have the passphrase to restore the
archived private key.
Restore The Restore Cryptographic Private Keys utility allows you to restore
Cryptographic private keys.
Private Keys utility
Procedure To restore archived private keys:
1. Double–click setup.exe to access the Utilities setup program.

2. Select Restore cryptographic private keys.
The Restoring the Archived Private Key window opens.
3. Type the path of the folder where the archived key is stored in the Get
the key files from the directory field, or click Browse to search for
the folder.

4. Type the passphrase in the Passphrase field.

5. Type the passphrase in the Confirm field.
6. Click Next.
After the restore process completes, the setup program terminates. If
the setup program was unsuccessful in restoring the keys, it reports
an error. Possible causes of failure include corrupted private key
archives, incorrect passphrase, or different key names.
Unable to restore If you are unable to restore your private keys from their archives, you
archived private must reinstall the management Console and generate new public/private
keys keys.
Important: Reinstalling the Console generates new cryptographic keys.

You must distribute the new public keys to all sensors that you manage
from this Console.

Changing Encryption Providers
Changing Encryption Providers

Introduction To change the cryptographic provider for a sensor or an event collector,
you must uninstall and then reinstall the component with the new
settings.
Available daemon Available daemon encryption providers and corresponding algorithms

encryption are as follows:
providers
Provider Algorithms
Microsoft Enhanced 1536 Exch:RSA_KEYX/1536

Secret:3DES/168
Hash:SHA1/160
Microsoft Enhanced 1024 Exch:RSA_KEYX/1024

Secret:RC4/128
Hash:SHA1/160
ISS ECNRA Exch:EC_KEYX/239

Secret:DESX/168
Hash:SHA1/160
Table 14: Daemon encryption providers and algorithms
Changing the To change to RSA encryption:

cryptographic
provider on UNIX 1. Stop the sensor using one of the following commands:
platforms ■ on Solaris systems, type /etc/init.d/realsecure stop
■ on AIX systems, type /opt/ISS/issSensors/sensor_name/
realsecure stop
■ on HP-UX systems, type /sbin/init.d/realsecure stop
2. In the /opt/ISS/issDaemon/ directory, run the crypto_setup.sh shell
script.
3. Select the RSA provider.
4. In the /opt/ISS/issSensors/sensor_name directory, run the
crypto_setup.sh shell script.

5. Select the RSA provider.

6. Start the sensor using the following command:
■ on Solaris systems, type /etc/init.d/realsecure start
■ on AIX systems, type /opt/ISS/issSensors/sensor_name/
realsecure start
■ on HP-UX systems, type /sbin/init.d/realsecure start
Changing the To change to RSA encryption on Windows platforms:

cryptographic
provider on Prerequisite: Obtain the IBM ISS Key Management 7.0 utility from the
Windows platforms Download Center (http://www.iss.net/download).
1. Copy the Key Management utility to any location on the system

where a sensor is installed.
2. In Services, stop the issDaemon.
3. Double-click Setup.exe to run the utility.
4. Click Next until the screen with the option for Utilities and Create
Cryptographic Keys appears.
5. Select Utilities, select Create Cryptographic Keys, and then clear all
other options.
6. Click Next.
7. Type the path to the sensor directory.
Note: The default location is c:\Program Files\ISS\issSensors\
server_sensor_1
8. Select Managed Component.
9. Verify that the cryptographic providers on the next screen are RSA
1024, RSA 1536, or both.
10. Click Next.
11. Click Next.
12. Archive your keys.
13. Click Next.
The system generates new keys.

Adding Key Administrators
Adding Key Administrators

Introduction To allow a user to transfer authentication keys or other files to and from
sensors, the user must have key administrator status.
General procedure You can add a key administrator to a sensor from the Console if you
selected at least one key administrator when you installed the sensor.
Key administrators When you designate a key administrator for one component, that
and multiple administrator automatically becomes the key administrator for any other
sensors component installed on the same computer.
Reference For information about using the Console to add a key administrator, see
the SiteProtector Help.
Windows For Windows-based sensors, you must set up at least one key
administrator during the installation process or enable auto-import
during installation (the first person to connect to the sensor gains key
administrator rights).
Unix If you did not configure a key administrator during the installation
process, you can use a script from the command line to add a key
administrator later. Run the keyadmin_setup.sh command in the /opt/
ISS/issDaemon/ directory

Starting and Stopping Sensors

Introduction You can start and stop sensors from the Console or at the computer where
the sensor is installed. This topic describes how to start the sensors
manually from the computer on which the sensor is installed.
Reference: For information about starting or stopping the sensor using

the Console, see the SiteProtector Help.
Starting and To start or stop a sensor running on a Windows platform:

stopping a sensor
on Windows 1. Open the Services window.
2. Double-click the issDaemon service.
3. Do one of the following:
■ Click Start to start the sensor
■ Click Stop to stop the sensor
Starting a sensor To start a sensor running on a Solaris platform:

on Solaris
● Restart the system.
The sensor starts when the system starts.
● Type the following command:
/etc/init.d/realsecure start
Stopping a sensor To stop a sensor running on a Solaris platform:

on Solaris
/etc/init.d/realsecure stop
Starting a sensor To start a sensor running on an HP-UX platform:

on HP-UX
/sbin/init.d/realsecure start

Starting and Stopping Sensors
Stopping a sensor To stop a sensor running on an HP-UX platform:

on HP-UX
/sbin/init.d/realsecure stop
Starting a sensor To start a sensor running on an AIX platform:

on AIX
/opt/ISS/issSensors/sensor_name/realsecure start
Stopping a sensor To stop a sensor running on an AIX platform:

on AIX
/opt/ISS/issSensors/sensor_name/realsecure stop

Monitoring Local Syslog Events

Introduction Before the sensor can monitor for local syslog events, you must configure
the syslog.conf file.
Procedure To configure the syslog.conf file:
1. Open the syslog configuration file, /etc/syslog.conf, using a text

editor.
Example: vi /etc/syslog.conf
2. Add the following line:
*.info /path/messages_file
This line of text identifies the path to your syslog file. The default
path is /var/adm/messages.
Example: *.info /var/adm/messages
3. To use the new syslog.conf file, do one of the following:
■ on HP-UX and Solaris systems, type the following commands to
restart the syslog daemon, syslogd:
/etc/init.d/syslog stop
/etc/init.d/syslog start
■ on AIX systems, type the following commands to restart the syslog
daemon, syslogd:
startsrc -s syslogd
stopsrc -s syslogd
■ type the following command to have the syslog daemon reread the
syslog.conf file:
kill -HUP syslogd_process_id

Restarting the Apache Web Server
Restarting the Apache Web Server

Introduction If you are using the sensor to protect an Apache Web Server, you must
restart the Web server to finish configuration of the Web server
monitoring component.

Testing the Sensor

Introduction After you apply a policy to a sensor, you should be able to monitor
network activity from the Console. Depending on the behavior of the
network, data may not appear on the Console immediately.
Testing the sensor If you have applied a policy and started sensors, but no information
appears on the Console, test the sensor by logging in or by changing the
audit policies.
Running a network If you have an Internet Scanner or Enterprise Scanner available, run a
scan scan against the system where the sensor is located. The sensor should
send alerts that indicate the system is being accessed.
Reference: For more information about sensor settings, see the RealSecure
Server Sensor Policy Guide.

Chapter 9
Uninstalling a Sensor
Overview
Introduction This chapter provides the procedures needed to uninstall RealSecure
Server Sensor from your system.
Topic Page
Uninstalling a Sensor from a Windows Platform 108
Uninstalling a Sensor from a Solaris Platform 109
Uninstalling a Sensor from an HP-UX Platform 110
Uninstalling a Sensor from an AIX Platform 111
Uninstalling Upgrades 112

Uninstalling a Sensor from a Windows Platform

SiteProtector and If you installed the sensor on the same computer as SiteProtector, do not
RealSecure server uninstall the sensor until you are ready to uninstall SiteProtector.
sensor
Procedure To uninstall a sensor from a Windows system:
Important: As part of the uninstallation process, IIS must be restarted to

unregister the SSL traffic monitoring component.
1. In the Add/Remove Programs utility, select the sensor you want to

uninstall.
2. Click Add/Remove.
The InstallShield Wizard window opens, and then the Question
window opens.
3. Click Yes to uninstall this component.
The RealSecure Setup window opens.
4. Click No to continue the uninstallation process.
5. Click Yes to restart IIS and continue the uninstallation process.
6. Does the system detect shared files?
The Install Wizard Complete window opens.
7. Click Yes to delete the shared file or click No to leave the shared file
on the computer.
8. Do you want to keep the uninstall log created by this uninstallation?
■ If no, select Do not keep the uninstall log file.
9. Do you want to keep the keys used by this sensor?
■ If no, select Do not keep the keys used by this sensor.
10. Click Finish.

Uninstalling a Sensor from a Solaris Platform
Uninstalling a Sensor from a Solaris Platform

Introduction This topic provides information about uninstalling a sensor from a Solaris
system.
Important: If you installed the sensor in a non-default directory,

uninstalling the sensor removes the directory from your system.
Uninstalling the To uninstall a sensor from a Solaris system:

sensor
2. Type the following command to remove the sensor:
pkgrm ISSXss
The uninstallation program asks you to confirm the removal.
3. Type y to confirm.
Note: You may see a message that indicates dependencies with the
global zone; you can safely ignore this message as the uninstallation
process will not remove any shared files.
4. Restart the Solaris system.
The uninstallation is complete.
Remove the Manually remove the installation package, ServerSensor.tar file and
installation package its associated package files.

Uninstalling a Sensor from an HP-UX Platform

Introduction This topic provides information about uninstalling a sensor from an
HP-UX system.
Procedure To uninstall a sensor from an HP-UX system:
1. Log in using a superuser account, such as root.

# /usr/sbin/swremove ISSXss
3. To uninstall the network monitoring component, restart the
computer.

Uninstalling a Sensor from an AIX Platform
Uninstalling a Sensor from an AIX Platform

Introduction This topic provides information about uninstalling a sensor from an AIX
system.
Procedure To remove a sensor from an AIX system:
1. Log in using a superuser account, such as root.

# installp -u ISSXss
3. If auditing was enabled when you uninstalled the sensor, you must
restart the auditing feature to completely uninstall the sensor.
Remove the Manually remove the installation package, ServerSensor-AIX-7-

installation package 0.shar file.

Uninstalling Upgrades
Uninstalling a You cannot uninstall a full remote upgrade installed on a sensor using the
remote upgrade Console. To uninstall the upgrade, you must uninstall the sensor, and
then reinstall the correct sensor version.

Chapter 10
Troubleshooting
Overview
Introduction The chapter describes several techniques for troubleshooting issues you
may come across as you install a sensor.
Topic Page
No Communication Between RealSecure Server Sensor for 114

Windows and SiteProtector
Error Messages 115
ISS Daemons 117
Remote Upgrades 118

No Communication Between RealSecure Server

Sensor for Windows and SiteProtector
Issue You are running ISA Server and you have configured communication
between RealSecure Server Sensor for Windows and SiteProtector, but
there is no communication between these components.
Background ISA Server blocks communication between RealSecure Server Sensor and
SiteProtector.
Solution Configure the ISA server to allow incoming connections to port 2998 and
port 902.

Error Messages
Error Messages
Introduction This topic describes error messages you may encounter and what you can
do to resolve them.
Deployment Wizard If you encounter errors as you run the Deployment Wizard, you cannot
errors click Finish to close the wizard. To continue, do one of the following:
● read the error text, and then fix the error

● click Cancel.
The system saves all settings and changes you made.
Sensor All sensors should have a single management address that is used by all
management Consoles and event collectors. If a sensor is managed at multiple IP
errors addresses, an error message may occur that says the sensor is not being
managed by the event collector. This error occurs when the IP address
used by the event collector for a sensor is different from the IP address
used by the Console to manage that same sensor.
Connecting to When you monitor a sensor in the Console, it may take 60 seconds or
sensors takes too longer before you see a “connected” status in the Event Status column.
long This is because there are two connections. The event collector must be
connected to the sensor, and the Console must be connected to the event
collector.
After you add a sensor to an event collector, you must wait for the
following:
● The event collector to connect to the sensor. If this connection fails for
some reason and you are monitoring the event collector, an
EventCollector_Error message appears.
● The Console to connect to the event collector that is monitoring the
sensor. If this connection fails for some reason, an error message
appears in the Event Status column of the Managed Assets window
of the Console.
If errors occur with either of these connections, the event collector and the
Console periodically attempt to reconnect the components. Because the
retry logic for one connection is not synchronous with the retry logic for

the other connection, it can sometimes take as long as one or two minutes
before the sensor is reconnected and you see events.

ISS Daemons
ISS Daemons
Introduction For troubleshooting purposes, you may need to manually start or stop the
issDaemon.
Definition: ISS The issDaemon is a component that manages the following:

daemon
● commands from the Console
● the connection between components, such as the communication
between an event collector and a sensor
Managing daemons On a Windows system, you can manage the daemon through the
on a Windows Windows Services Control Panel.
system
Reference: For a detailed procedure, see “Starting and Stopping Sensors”
on page 102.
Managing daemons On Solaris systems, you can manage the daemon using the following
on Solaris systems commands:
/etc/init.d/realsecure start
/etc/init.d/realsecure stop
Managing daemons On HP-UX systems, you can manage the daemon using the following
on HP-UX systems commands:
/sbin/init.d/realsecure start
/sbin/init.d/realsecure stop
Managing daemons On an AIX system, you can manage the daemon using the following
on an AIX system commands:

Remote Upgrades
Introduction This topic describes some of the error messages that you may receive
when you upgrade a sensor remotely, and how you can resolve the errors.
Signature error The sensor cannot monitor signatures that are included in the upgrade
messages until you apply a policy that contains the new signatures. The sensor
issues warnings if the current policy does not support the new signatures.
Reference: For more information about applying a policy, refer to

“applying policies” in the SiteProtector Help.
Policy and control If you receive the following error message after you upgrade, you must
channel error stop managing the sensor, and then start managing the sensor again to
messages correct the problem:
The sensors current policy file was not successfully

transferred when the control channel was opened and
therefore it is not available to the application. This is
usually due to a problem reading the file from the sensor
after opening the control channel. It can also be due to the
fact that after a fresh install there is not current policy
file until the sensor is started if this is the case then
Start the sensor. [ID=0xc72c0026]

Index
a b
administering public authentication keys 35 Basic Security Module
algorithms (encryption) 31 enabling 43
alphanumeric characters 25 Bureau of Export Administration’s Web
Apache 14, 105 page 33
archiving private keys 34, 64, 97
authentication 27–28
AIX, SR 4.1 33
changing 99
HP-UX, SR 4.1 33
public/private keys 27, 95
Solaris, SR 4.3 33
c
Windows, SR 4.4 33 characters, foreign 36
authentication keys console
console 95 authentication keys 95
event collector 95 containers 68
location of 95 cryptographic providers 32, 62
sensor 96 changing 99
automated installation CSPs, See cryptographic providers
AIX 83 customizing encryption 31
HP-UX 91
Solaris 74
Windows 56
d
automatic import of authentication keys
prerequisite 29
daemons
cryptographic providers 32
starting and stopping 117
troubleshooting 117
damaged private key 34

Index
f
default installation settings
AIX 78
HP-UX 86
Solaris 68
foreign characters 36
Windows 46
forwarding syslogs 14
deployment
French Windows 36
sensors 14, 25
wizard 115
destroyed private key 34
domain servers 14
domestic countries, as defined by the US
government 33 g
generating
response files for AIX 83
e response
response
response
files
files
files
for
for
for
HP-UX 91
Solaris 75
Windows 57
enabling
Basic Security Module 43
RSA encryption 32
encryption
algorithms 31
changing 99
i
customizing 31
IBM Internet Security Systems
export laws 33
technical support 9
See Also RSA 32
Web site 9
event collector
importing policies 19
authentication keys 95
increasing per process memory on HP-UX 42
error messages 115–116
installation
eventlog 14
automated
events
AIX 83
monitoring syslog 104, 119
HP-UX 91
export laws 33
Solaris 74
Windows 56
default settings
AIX 78
HP-UX 86
Solaris 68
Windows 46
prerequisites checklist 23

Index
m
installing multiple sensors
prerequisite 39
international versions of Windows 36
Internet Information Server 14
monitoring
syslog events 104
j
Japanese Windows 36
n
naming sensors 25
network monitoring
and Solaris containers 68
k NIS 14
key administrator 35
p
keyadmin_setup.sh 101
keys
See Also authentication keys or license file
Keys directory 95
passphrase 97
location of 95–96
pkgrm 109
policies
importing 19
prerequisite
l automatic import of authentication keys

enabling BSM on Solaris 43
enabling C2 auditing on AIX 40
29
license file 23 enabling C2 auditing on HP-UX 41

locales 36 increasing per process memory on HP-
localizing Windows UX 42
prerequisite 36 installing multiple sensors 39
localizing Windows 36
protecting an Apache web server 44
sensor naming convention 25
unharden the operating system 26
upgrading 16

Index
private key sensors

archiving 34, 64 authentication keys 96
damaged 34 enabling C2 audit on HP-UX 41
destroyed 34 error messages 115–116
restoring 97 naming 25
private keys 27 renaming 25
protecting an Apache web server starting and stopping 102
prerequisite 44 testing 106
protocol (IBM ISS) 31 troubleshooting 115–116
providers, See cryptographic providers upgrading 15–19
public authentication keys where to install 14, 25
administering 35 silent installation 58
naming convention 27 configure SiteProtector communication 59–
rs_eng 27 60
sp_con 27 installing sensor 59
public keys 27, 29 log file 60
copying to daemon components 95 log file result codes 61
SiteProtector communication 94
Solaris containers 68
sp_con
public authentication keys 27
r Spanish Windows 36
starting
daemons 117
renaming sensors 25 sensors 102
restoring archived private keys 97 stopping
rs_eng daemons 117
public authentication keys 27 sensors 102
RSA encryption 32 strong encryption
enabling 32 and export laws 33
syslog events
monitoring 104, 119
syslogs 14
s
system locales 36
system requirements 13
sensor
testing 106
sensor naming convention
prerequisite 25

Index
t w
technical support, IBM Internet Security Web site, IBM Internet Security Systems 9
Systems 9 Windows
testing sensor installation 106 automated installation 56
testing sensors 106 Windows, international versions of 36
troubleshooting
daemons 117
Deployment Wizard 115
event collector error messages 115–116
sensor error messages 115–116
sensors 106
SiteProtector communication 114
u
U.S. export laws 33
underscores 25
unharden the operating system
prerequisite 26
uninstalling
AIX components 111
HP-UX components 110
Solaris components 109
Windows components 108
upgrading
policies 19
prerequisite 16
sensors 15–19

Index

Internet Security Systems, Inc., an IBM Company
Software License Agreement
BY INSTALLING, ACTIVATING, COPYING OR OTHERWISE USING THIS SOFTWARE PRODUCT, YOU AGREE TO ALL
OF THE PROVISIONS OF THIS ISS SOFTWARE LICENSE AGREEMENT ("LICENSE"). EXCEPT AS MAY BE MODI-
FIED BY AN APPLICABLE LICENSE NOTIFICATION THAT ACCOMPANIES, PRECEDES, OR FOLLOWS THIS
LICENSE, AND AS MAY FURTHER BE DEFINED IN THE USER DOCUMENTATION ACCOMPANYING THE SOFTWARE
PRODUCT, YOUR RIGHTS AND OBLIGATIONS WITH RESPECT TO THE USE OF THIS SOFTWARE PRODUCT ARE
AS SET FORTH BELOW. IF YOU ARE NOT WILLING TO BE BOUND BY THIS LICENSE, RETURN ALL COPIES OF
THE SOFTWARE PRODUCT, INCLUDING ANY LICENSE KEYS, TO ISS WITHIN FIFTEEN (15) DAYS OF RECEIPT
FOR A FULL REFUND OF ANY PAID LICENSE FEE. IF THE SOFTWARE PRODUCT WAS OBTAINED BY DOWNLOAD,
YOU MAY CERTIFY DESTRUCTION OF ALL COPIES AND ANY LICENSE KEYS IN LIEU OF RETURN.
"ISS" is Internet Security Systems, Inc., an IBM Company.
"Software" is the following, including the original and all whole or partial copies: 1) machine-readable instructions and data,
2) components, 3) audio-visual content (such as images, text, recordings, or pictures), 4) related license materials, and 5)
license use documents or keys, and documentation.
1. License - The Software is provided in object code and is licensed, not sold. Upon your payment of the applicable fees and ISS' delivery
to you of the applicable license notification, Internet Security Systems, Inc., an IBM Company ("ISS") grants to you as the only end user
("Licensee") a nonexclusive and nontransferable, limited license for the accompanying Software, for use only on the specific network con-
figuration, for the number and type of devices, and for the time period ("Term") that are specified in ISS' quotation and Licensee's pur-
chase order, as accepted by ISS. If no Term is specified in the applicable ISS quotation or Licensee purchase order, the license shall be
deemed perpetual. ISS limits use of Software based upon the number of nodes, users and/or the number and type of devices upon which
it may be installed, used, gather data from, or report on, depending upon the specific Software licensed. A device includes any network
addressable device connected to Licensee's network, including remotely, including but not limited to personal computers, workstations,
servers, routers, hubs and printers. A device may also include ISS hardware (each an "Appliance") delivered with pre-installed Software
and the license associated with such shall be a non-exclusive, nontransferable, perpetual (unless otherwise specified in the applicable
ISS quotation or Licensee purchase order), limited license to use such pre-installed Software only in conjunction with the ISS hardware
with which it is originally supplied. Except as provided in the immediately preceding sentence, Licensee may reproduce, install and use
the Software on multiple devices, provided that the total number and type are authorized by ISS. Licensee may make a reasonable num-
ber of backup copies of the Software solely for archival and disaster recovery purposes.
In connection with certain Software products, ISS licenses security content on a subscription basis for a Term. Content subscriptions are
licensed pursuant to this License based upon the number of protected nodes or number of users. Security content is regularly updated
and includes, but is not limited to, Internet content (URLs) and spam signatures that ISS classifies, security algorithms, checks, decodes,
and ISS' related analysis of such information, all of which is owned and copyrighted by ISS and considered ISS confidential information
and intellectual property. Security content may only be used in conjunction with the applicable Software in accordance with this License.
The use or re-use of such content for commercial purposes is prohibited.
Licensee's access to the security content is through an Internet update using the Software. In addition, unknown URLs may be
automatically forwarded to ISS through the Software, analyzed, classified, entered into ISS' URL database and provided to Licensee as
security content updates at regular intervals. ISS' URL database is located at an ISS facility or as a mirrored version on Licensee's
premises. Any access by Licensee to the URL database that is not in conformance with this License is prohibited. Upon expiration of the
security content subscription Term, unless Licensee renews such content subscription, Licensee shall implement appropriate system
configuration modifications to terminate its use of the content subscription. Except for a perpetual license, upon expiration of the license
Term, Licensee shall cease using the Software and certify return or destruction of it upon request.
2. Migration Utilities - For Software ISS markets or sells as a Migration Utility, the following shall apply. Provided Licensee holds a valid license to the Software to
which the Migration Utility relates (the "Original Software"), ISS grants to Licensee as the only end user a nonexclusive and nontransferable, limited license to
the Migration Utility and the related documentation ("Migration Utility") for use only in connection with Licensee's migration of the Original Software to the
replacement software, as recommended by ISS in the related documentation. The Term of this License is for as long as Licensee holds a valid license to the
applicable Original Software. Licensee may reproduce, install and use the Migration Utility on multiple devices in connection with its migration from the Original
Software to the replacement software. Licensee shall implement appropriate safeguards and controls to prevent unlicensed use of the Migration Utility. Licensee
may make a reasonable number of backup copies of the Migration Utility solely for archival and disaster recovery purposes.
3. Third-Party Products - Use of third party product(s) supplied hereunder, if any, will be subject solely to the manufacturer's terms and conditions that will be pro-
vided to Licensee upon delivery. ISS will pass any third party product warranties through to Licensee to the extent ISS is authorized to do so. If ISS supplies Lic-
ensee with Crystal Decisions Runtime Software, then the following additional terms apply:
Licensee agrees not to alter, disassemble, decompile, translate, adapt or reverse-engineer the Runtime Software or the report file (.RPT)
format, or to use, distribute or integrate the Runtime Software with any general-purpose report writing, data analysis or report delivery
product or any other product that performs the same or similar functions as Crystal Decisions' product offerings;
Licensee agrees not to use the Runtime Software to create for distribution a product that converts the report file (.RPT) format to an
alternative report file format used by any general-purpose report writing, data analysis or report delivery product that is not the property
of Crystal Decisions;
Licensee agrees not to use the Runtime Software on a rental or timesharing basis or to operate a service bureau facility for the benefit
of third-parties unless Licensee first acquires an Application Service Provider License from Crystal Decisions;
CRYSTAL DECISIONS AND ITS SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESS, OR IMPLIED, INCLUDING WITHOUT
LIMITATION THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NONINFRINGEMENT
OF THIRD PARTY RIGHTS. CRYSTAL DECISIONS AND ITS SUPPLIERS SHALL HAVE NO LIABILITY WHATSOEVER UNDER
THIS AGREEMENT OR IN CONNECTION WITH THE RUNTIME SOFTWARE.
In this Section 3 "Runtime Software" means the Crystal Reports software and associated documentation supplied by ISS and any
updates, additional modules, or additional software provided by Crystal Decisions in connection therewith; it includes Crystal Decisions'
Design Tools, Report Application Server and Runtime Software, but does not include any promotional software or other software products
provided in the same package, which shall be governed by the online software license agreements included with such promotional
software or software product.
4. Beta License - If ISS is providing Licensee with the Software, security content and related documentation, and/or an Appliance as a part of an alpha or beta
test, the following terms of this Section 4 additionally apply and supersede any conflicting provisions herein or any other license agreement accompanying, con-
tained or embedded in the subject prototype product or any associated documentation. ISS grants to Licensee a nonexclusive, nontransferable, limited license
to use the ISS alpha/beta software program, security content, if any, Appliance and any related documentation furnished by ISS ("Beta Products") for Licensee's
evaluation and comment (the "Beta License") during the Test Period. ISS' standard test cycle, which may be extended at ISS' discretion, extends for sixty (60)
days, commencing on the date of delivery of the Beta Products (the "Test Period"). Upon expiration of the Test Period or termination of the Beta License, Lic-
ensee shall, within thirty (30) days, return to ISS or destroy all copies of the beta Software, and shall furnish ISS written confirmation of such return or destruc-
tion upon request. If ISS provides Licensee a beta Appliance, Licensee agrees to discontinue use of and return such Appliance to ISS upon ISS' request and
direction. If Licensee does not promptly comply with this request, ISS may, in its sole discretion, invoice Licensee in accordance with ISS' current policies.
Licensee will provide ISS information reasonably requested by ISS regarding Licensee's experiences with the installation and operation
of the Beta Products. Licensee agrees that ISS shall have the right to use, in any manner and for any purpose, any information gained as
a result of Licensee's use and evaluation of the Beta Products. Such information shall include but not be limited to changes, modifications
and corrections to the Beta Products. Licensee grants to ISS a perpetual, royalty-free, non-exclusive, transferable, sublicensable right
and license to use, copy, display, perform, make derivative works of and distribute any report, test result, suggestion or other item
resulting from Licensee's evaluation of its installation and operation of the Beta Products.
LICENSEE AGREES NOT TO EXPORT BETA PRODUCTS DESIGNATED BY ISS IN ITS BETA PRODUCT DOCUMENTATION AS NOT
YET CLASSIFIED FOR EXPORT TO ANY DESTINATION OTHER THAN THE U.S. AND THOSE COUNTRIES ELIGIBLE FOR EXPORT
UNDER THE PROVISIONS OF 15 CFR § 740.17(A) (SUPPLEMENT 3), CURRENTLY CANADA, THE EUROPEAN UNION,
AUSTRALIA, JAPAN, NEW ZEALAND, NORWAY, AND SWITZERLAND.
If Licensee is ever held or deemed to be the owner of any copyright rights in the Beta Products or any changes, modifications or
corrections to the Beta Products, then Licensee hereby irrevocably assigns to ISS all such rights, title and interest and agrees to execute
all documents necessary to implement and confirm the letter and intent of this Section. Licensee acknowledges and agrees that the Beta
Products (including its existence, nature and specific features) constitute Confidential Information as defined in Section 18. Licensee
further agrees to treat as Confidential Information all feedback, reports, test results, suggestions, and other items resulting from
Licensee's evaluation and testing of the Beta Products as contemplated in this License. With regard to the Beta Products, ISS has no
obligation to provide support, maintenance, upgrades, modifications, or new releases. However, ISS agrees to use commercially
reasonable efforts to correct errors in the Beta Products and related documentation within a reasonable time, and will provide Licensee
with any corrections it makes available to other evaluation participants. The documentation relating to the Beta Products may be in draft
form and will, in many cases, be incomplete. Owing to the experimental nature of the Beta Products, Licensee is advised not to rely
exclusively on the Beta Products for any reason. LICENSEE AGREES THAT THE BETA PRODUCTS AND RELATED
DOCUMENTATION ARE BEING DELIVERED "AS IS" FOR TEST AND EVALUATION PURPOSES ONLY WITHOUT WARRANTIES OR
INDEMNITIES OF ANY KIND, INCLUDING WITHOUT LIMITATION ANY IMPLIED WARRANTIES OF NONINFRINGEMENT,
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. LICENSEE ACKNOWLEDGES AND AGREES THAT THE BETA
PRODUCT MAY CONTAIN DEFECTS, PRODUCE ERRONEOUS AND UNINTENDED RESULTS AND MAY AFFECT DATA NETWORK
SERVICES AND OTHER MATERIALS OF LICENSEE. LICENSEE'S USE OF THE BETA PRODUCT IS AT THE SOLE RISK OF
LICENSEE. IN NO EVENT WILL ISS BE LIABLE TO LICENSEE OR ANY OTHER PERSON FOR DAMAGES, DIRECT OR INDIRECT,
OF ANY NATURE, OR EXPENSES INCURRED BY LICENSEE. LICENSEE'S SOLE AND EXCLUSIVE REMEDY SHALL BE TO
TERMINATE THE BETA PRODUCT LICENSE BY WRITTEN NOTICE TO ISS.
5. Evaluation License - If ISS is providing Licensee with the Software, security content and related documentation on an evaluation trial basis at no cost, such
license Term is 30 days from installation, unless a longer period is agreed to in writing by ISS. ISS recommends using Software and security content for evalua-
tion in a non-production, test environment. The following terms of this Section 5 additionally apply and supersede any conflicting provisions herein. Licensee
agrees to remove or disable the Software and security content from the authorized platform and return the Software, security content and documentation to ISS
upon expiration of the evaluation Term unless otherwise agreed by the parties in writing. ISS has no obligation to provide support, maintenance, upgrades, mod-
ifications, or new releases to the Software or security content under evaluation. LICENSEE AGREES THAT THE SOFTWARE, SECURITY CONTENT AND
RELATED DOCUMENTATION ARE BEING DELIVERED "AS IS" FOR TEST AND EVALUATION PURPOSES ONLY WITHOUT WARRANTIES OR INDEMNI-
TIES OF ANY KIND, INCLUDING WITHOUT LIMITATION ANY IMPLIED WARRANTIES OF NONINFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A
PARTICULAR PURPOSE. IN NO EVENT WILL ISS BE LIABLE TO LICENSEE OR ANY OTHER PERSON FOR DAMAGES, DIRECT OR INDIRECT, OF ANY
NATURE, OR EXPENSES INCURRED BY LICENSEE. LICENSEE'S SOLE AND EXCLUSIVE REMEDY SHALL BE TO TERMINATE THE EVALUATION
LICENSE BY WRITTEN NOTICE TO ISS.
6. Covenants - ISS reserves all intellectual property rights in the Software, security content and Beta Products. Licensee agrees: (i) the Software, security content
and/or Beta Products is owned by ISS and/or its licensors, and is protected by copyright laws and international treaty provisions; (ii) to take all reasonable pre-
cautions to protect the Software, security content or Beta Product from unauthorized access, disclosure, copying or use; (iii) not to modify, adapt, translate,
reverse engineer, decompile, disassemble, or otherwise attempt to discover the source code of the Software, security content or Beta Product; (iv) not to use
ISS trade names or trademarks; (v) to reproduce all of ISS' and its licensors' copyright notices on any copies of the Software, security content or Beta Product;
and (vi) not to transfer, lease, assign, sublicense, or distribute the Software, security content or Beta Product or make it available for timesharing, service bureau,
managed services offering, or on-line use.
7. Support and Maintenance - Depending upon what maintenance programs Licensee has purchased, ISS will provide maintenance, during the period for which
Licensee has paid the applicable maintenance fees, in accordance with its prevailing Maintenance and Support Policy that is available at http://docu-
ments.iss.net/maintenance_policy.pdf. Any supplemental Software code or related materials that ISS provides to Licensee as part of
any support and maintenance service are to be considered part of the Software and are subject to the terms and conditions of this License, unless otherwise
specified.
8. Limited Warranty - The commencement date of this limited warranty is the date on which ISS provides Licensee with access to the Software. For a period of
ninety (90) days after the commencement date or for the Term (whichever is less), ISS warrants that the Software or security content will conform to material
operational specifications described in its then current documentation. However, this limited warranty shall not apply unless (i) the Software or security content is
installed, implemented, and operated in accordance with all written instructions and documentation supplied by ISS, (ii) Licensee notifies ISS in writing of any
nonconformity within the warranty period, and (iii) Licensee has promptly and properly installed all corrections, new versions, and updates made available by ISS
to Licensee. Furthermore, this limited warranty shall not apply to nonconformities arising from any of the following: (i) misuse of the Software or security content,
(ii) modification of the Software or security content, (iii) failure by Licensee to utilize compatible computer and networking hardware and software, or (iv) interac-
tion with software or firmware not provided by ISS. If Licensee timely notifies ISS in writing of any such nonconformity, then ISS shall repair or replace the Soft-
ware or security content or, if ISS determines that repair or replacement is impractical, ISS may terminate the applicable licenses and refund the applicable
license fees, as the sole and exclusive remedies of Licensee for such nonconformity. THIS WARRANTY GIVES LICENSEE SPECIFIC LEGAL RIGHTS, AND
LICENSEE MAY ALSO HAVE OTHER RIGHTS THAT VARY FROM JURISDICTION TO JURISDICTION. ISS DOES NOT WARRANT THAT THE SOFTWARE
OR THE SECURITY CONTENT WILL MEET LICENSEE'S REQUIREMENTS, THAT THE OPERATION OF THE SOFTWARE OR SECURITY CONTENT WILL
BE UNINTERRUPTED OR ERROR-FREE, OR THAT ALL SOFTWARE OR SECURITY CONTENT ERRORS WILL BE CORRECTED. LICENSEE UNDER-
STANDS AND AGREES THAT THE SOFTWARE AND THE SECURITY CONTENT ARE NO GUARANTEE AGAINST UNSOLICITED E-MAILS, UNDESIR-
ABLE INTERNET CONTENT, INTRUSIONS, VIRUSES, TROJAN HORSES, WORMS, TIME BOMBS, CANCELBOTS OR OTHER SIMILAR HARMFUL OR
DELETERIOUS PROGRAMMING ROUTINES AFFECTING LICENSEE'S NETWORK, OR THAT ALL SECURITY THREATS AND VULNERABILITIES, UNSO-
LICITED E-MAILS OR UNDESIRABLE INTERNET CONTENT WILL BE DETECTED OR THAT THE PERFORMANCE OF THE SOFTWARE AND SECURITY
CONTENT WILL RENDER LICENSEE'S SYSTEMS INVULNERABLE TO SECURITY BREACHES. THE REMEDIES SET OUT IN THIS SECTION 8 ARE THE
SOLE AND EXCLUSIVE REMEDIES FOR BREACH OF THIS LIMITED WARRANTY.
9. Warranty Disclaimer - EXCEPT FOR THE LIMITED WARRANTY PROVIDED ABOVE, THE SOFTWARE AND SECURITY CONTENT ARE EACH PROVIDED
"AS IS" AND ISS HEREBY DISCLAIMS ALL WARRANTIES AND INDEMNITIES, BOTH EXPRESS AND IMPLIED, INCLUDING IMPLIED WARRANTIES
RESPECTING MERCHANTABILITY, TITLE, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE. LICENSEE EXPRESSLY ACKNOWL-
EDGES THAT NO REPRESENTATIONS OTHER THAN THOSE CONTAINED IN THIS LICENSE HAVE BEEN MADE REGARDING THE GOODS OR SER-
VICES TO BE PROVIDED HEREUNDER, AND THAT LICENSEE HAS NOT RELIED ON ANY REPRESENTATION NOT EXPRESSLY SET OUT IN THIS
LICENSE.
10. Limitation of Liability - Circumstances may arise where, because of a default on ISS' part or other liability, Licensee is entitled to recover damages from ISS. In
each such instance, regardless of the basis on which Licensee may be entitled to claim damages from ISS, (including fundamental breach, negligence, misrep-
resentation, or other contract or tort claim), ISS is liable for no more than 1) damages for bodily injury (including death) and damage to real property and tangible
personal property and 2) the amount of any other actual direct damages up to the charges for the Software or security content that is the subject of the claim.
This limitation of liability also applies to ISS' licensors and suppliers. It is the maximum for which they and ISS are collectively responsible.
UNDER NO CIRCUMSTANCES IS ISS, ITS LICENSORS OR SUPPLIERS LIABLE FOR ANY OF THE FOLLOWING, EVEN IF
INFORMED OF THEIR POSSIBILITY: LOSS OF, OR DAMAGE TO, DATA; SPECIAL, INCIDENTAL, OR INDIRECT DAMAGES, OR FOR
ANY ECONOMIC CONSEQUENTIAL DAMAGES; OR LOST PROFITS, BUSINESS, REVENUE, GOODWILL, OR ANTICIPATED
SAVINGS. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF INCIDENTAL OR CONSEQUENTIAL
DAMAGES, SO THE ABOVE LIMITATION OR EXCLUSION MAY NOT APPLY TO LICENSEE.
11. Termination - Licensee may terminate this License at any time by notifying ISS in writing. All rights granted under this License will terminate immediately, with-
out prior written notice from ISS, at the end of the Term of the License, if not perpetual. If Licensee fails to comply with any provisions of this License, ISS may
immediately terminate this License if such default has not been cured within ten (10) days following written notice of default to Licensee. Upon termination or
expiration of a license for Software, Licensee shall cease all use of such Software, including Software pre-installed on ISS hardware, and destroy all copies of
the Software and associated documentation. Termination of this License shall not relieve Licensee of its obligation to pay all fees incurred prior to such termina-
tion and shall not limit either party from pursuing any other remedies available to it.
12. General Provisions - This License, together with the identification of the Software and/or security content, pricing and payment terms stated in the applicable
ISS quotation and Licensee purchase order (if applicable) as accepted by ISS, constitute the entire agreement between the parties respecting its subject matter.
Standard and other additional terms or conditions contained in any purchase order or similar document are hereby expressly rejected and shall have no force or
effect. If Licensee has not already downloaded the Software, security content and documentation, then it is available for download at
http://www.iss.net/download/. All ISS hardware with pre-installed Software and any other products not delivered by download are delivered
f.o.b. origin. Both Licensee and ISS consent to the application of the laws of the State of New York to govern, interpret, and enforce all of Licensee's and ISS'
rights, duties, and obligations arising from, or relating in any manner to, the subject matter of this License, without regard to conflict of law principles. The United
Nations Convention on Contracts for the International Sale of Goods does not apply. Both Licensee and ISS irrevocably waive any right to a jury trial. If any part
of this License is found void or unenforceable, it will not affect the validity of the balance of the License, which shall remain valid and enforceable according to its
terms. This License may only be modified in writing signed by an authorized officer of ISS.
13. Notice to United States Government End Users - Licensee acknowledges that any Software and security content furnished under this License is commercial
computer software and any documentation is commercial technical data developed at private expense and is provided with RESTRICTED RIGHTS. Any use,
modification, reproduction, display, release, duplication or disclosure of this commercial computer software by the United States Government or its agencies is
subject to the terms, conditions and restrictions of this License in accordance with the United States Federal Acquisition Regulations at 48 C.F.R. Section 12.212
and DFAR Subsection 227.7202-3 and Clause 252.227-7015 or applicable subsequent regulations. Contractor/manufacturer is Internet Security Systems, Inc.,
6303 Barfield Road, Atlanta, GA 30328, USA.
14. Export and Import Compliance - Each party will comply with applicable import and export control laws and regulations, including those of the United States
that prohibit or limit export for certain uses or to certain end users. Many ISS Software products include encryption and export outside of the United States or
Canada is strictly controlled by U.S. laws and regulations. ISS makes its current export classification information available at http://www.iss.net/export. Please
contact ISS' Sourcing and Fulfillment for export questions relating to the Software or security content (fulfillment@iss.net). Licensee understands that the forego-
ing obligations are U.S. legal requirements and agrees that they shall survive any term or termination of this License.
15. Authority - Because the Software is designed to test or monitor the security of computer network systems and may disclose or create problems in the operation
of the systems tested, Licensee and the persons acting for Licensee represent and warrant that: (a) they are fully authorized by the Licensee and the owners of
the computer network for which the Software is licensed to enter into this License and to obtain and operate the Software in order to test and monitor that com-
puter network; (b) the Licensee and the owners of that computer network understand and accept the risks involved; and (c) the Licensee shall procure and use
the Software in accordance with all applicable laws, regulations and rules.
16. Disclaimers - Licensee acknowledges that some of the Software and security content is designed to test the security of computer networks and may disclose or
create problems in the operation of the systems tested. Licensee further acknowledges that neither the Software nor security content is fault tolerant or designed
or intended for use in hazardous environments requiring fail-safe operation, including, but not limited to, aircraft navigation, air traffic control systems, weapon
systems, life-support systems, nuclear facilities, or any other applications in which the failure of the Software and security content could lead to death or per-
sonal injury, or severe physical or property damage. ISS disclaims any implied warranty of fitness for High Risk Use. Licensee accepts the risk associated with
the foregoing disclaimers and hereby waives all rights, remedies, and causes of action against ISS and releases ISS from all liabilities arising therefrom.
17. Confidentiality - "Confidential Information" means all information proprietary to a party or its suppliers that is marked as confidential. Each party acknowledges
that during the term of this Agreement, it will be exposed to Confidential Information of the other party. The obligations of the party ("Receiving Party") which
receives Confidential Information of the other party ("Disclosing Party") with respect to any particular portion of the Disclosing Party's Confidential Information
shall not attach or shall terminate when any of the following occurs: (i) it was in the public domain or generally available to the public at the time of disclosure to
the Receiving Party, (ii) it entered the public domain or became generally available to the public through no fault of the Receiving Party subsequent to the time of
disclosure to the Receiving Party, (iii) it was or is furnished to the Receiving Party by a third party having the right to furnish it with no obligation of confidentiality
to the Disclosing Party, or (iv) it was independently developed by the Receiving Party by individuals not having access to the Confidential Information of the Dis-
closing Party. The Receiving Party agrees not to disclose or use any Confidential Information of the Disclosing Party in violation of this License and to use Con-
fidential Information of the Disclosing Party solely for the purposes of this License. Upon demand by the Disclosing Party and, in any event, upon expiration or
termination of this License, the Receiving Party shall return to the Disclosing Party all copies of the Disclosing Party's Confidential Information in the Receiving
Party's possession or control and destroy all derivatives and other vestiges of the Disclosing Party's Confidential Information obtained or created by the Disclos-
ing Party. All Confidential Information of the Disclosing Party shall remain the exclusive property of the Disclosing Party, provided however that the Receiving
Party may use in its business activities the ideas, concepts and know-how contained in the Disclosing Party's Confidential Information which are retained in the
memories of the Receiving Party's employees who have had access to the Confidential Information under this License.
18. Compliance - From time to time, ISS may request Licensee to provide a certification that the Software and security content is being used in accordance with the
terms of this License. If so requested, Licensee shall verify its compliance and deliver its certification within forty-five (45) days of the request. The certification
shall state Licensee's compliance or non-compliance, including the extent of any non-compliance. ISS may also, at any time, upon thirty (30) days prior written
notice, at its own expense appoint a nationally recognized software use auditor, to whom Licensee has no reasonable objection, to audit and examine use and
records at Licensee offices during normal business hours, solely for the purpose of confirming that Licensee's use of the Software and security content is in
compliance with the terms of this License. ISS will use commercially reasonable efforts to have such audit conducted in a manner such that it will not unreason-
ably interfere with the normal business operations of Licensee. If such audit should reveal that use of the Software or security content has been expanded
beyond the scope of use and/or the number of authorized devices or Licensee certifies such non-compliance, ISS shall have the right to charge Licensee the
applicable current list prices required to bring Licensee in compliance with its obligations hereunder with respect to its current use of the Software and security
content. In addition to the foregoing, ISS may pursue any other rights and remedies it may have at law, in equity or under this License.
19. Data Protection - Licensee confirms that it is solely responsible for ensuring that any processing and security obligations comply with applicable data protection
laws. Licensee contact information shall not be considered personal information processed on Licensee's behalf.
20. Miscellaneous - Except for any payment obligations, neither Licensee nor ISS is responsible for failure to fulfill any obligations due to causes beyond its control.
This License will not create any right or cause of action for any third party, nor will ISS be responsible for any third party claims against Licensee except, as per-
mitted by the Limitation of Liability section above, for bodily injury (including death) or damage to real or tangible personal property for which ISS is legally liable.
Nothing in this License affects any statutory rights of consumers that cannot be waived or limited by contract. Licensee agrees to allow ISS to store and use Lic-
ensee's contact information, including names, phone numbers, and e-mail addresses, anywhere they do business. Such information will be processed and used
in connection with our business relationship, and may be provided to contractors, Business Partners, and assignees of ISS for uses consistent with their collec-
tive business activities, including communicating with Licensee (for example, for processing orders, for promotions, and for market research). Neither Licensee
nor ISS will bring a legal action under this License more than two years after the cause of action arose unless otherwise provided by local law without the possi-
bility of contractual waiver or limitation.
Revised: February 14, 2007

Rs Svrsensor Ig 7.0

Загружено:

Сведения о документе

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Rs Svrsensor Ig 7.0

Загружено:

Авторское право:

Доступные форматы

IBM RealSecure

IBM Internet Security Systems

All Rights Reserved.

Chapter 1: Introduction to RealSecure Server Sensor

Chapter 2: Upgrading RealSecure Server Sensor

Chapter 3: Before You Install RealSecure Server Sensor

IBM RealSecure Server Sensor Installation Guide, Version 7.0 3

Chapter 4: Installing on a Windows Platform

Chapter 5: Installing on a Solaris Platform

Chapter 6: Installing on an AIX Platform

Chapter 7: Installing on an HP-UX Platform

Chapter 8: After You Install RealSecure Server Sensor

4 IBM Internet Security Systems

Chapter 9: Uninstalling a Sensor

Chapter 10: Troubleshooting

IBM RealSecure Server Sensor Installation Guide, Version 7.0 5

6 IBM Internet Security Systems

Audience This guide is intended for system administrators responsible for

Note the following:

● The installation package for RealSecure Server Sensor for Windows

IBM RealSecure Server Sensor Installation Guide, Version 7.0 7

How to Use Server Sensor Documentation

Related publications For additional information, see the following publications:

● RealSecure Server Sensor Policy Guide

8 IBM Internet Security Systems

Getting Technical Support

Support levels IBM ISS offers three levels of support:

Americas 24 hours a day

Table 1: Hours for technical support

IBM RealSecure Server Sensor Installation Guide, Version 7.0 9

Regional Electronic Support Telephone Number

North America Connect to the MYISS Standard:

Latin America support@iss.net (1) (888) 447-4861 (toll free)

Europe, Middle support@iss.net (44) (1753) 845105

Asia-Pacific, support@iss.net (1) (888) 447-4861 (toll free)

Japan support@isskk.co.jp Domestic: (81) (3) 5740-4065

Table 2: Contact information for technical support

10 IBM Internet Security Systems

In this chapter This chapter contains the following topics:

About RealSecure Server Sensor 12

Installation Programs and Utilities 13

IBM RealSecure Server Sensor Installation Guide, Version 7.0 11

About RealSecure Server Sensor

Server sensor RealSecure Server Sensor has the following attributes:

12 IBM Internet Security Systems

Installation Programs and Utilities

System The System Requirements document contains the most current

● distribute public cryptographic keys

Note: For information about installing these utilities, contact Technical

IBM RealSecure Server Sensor Installation Guide, Version 7.0 13

● on Internet Information Server (IIS) or Apache Web servers

On important When installed on important servers associated with vital applications or

14 IBM Internet Security Systems

Upgrading RealSecure Server

In this chapter This chapter contains the following topics:

Upgrading Sensors Remotely 16

Upgrading Sensors Manually 18

IBM RealSecure Server Sensor Installation Guide, Version 7.0 15

Upgrading Sensors Remotely

Reference: For information about remotely upgrading sensors using

16 IBM Internet Security Systems

Procedure To remotely upgrade a sensor:

1. Manage the sensor you want to upgrade.

Obtain a license file SiteProtector Installation

Create a naming convention for “Sensor Naming

Unharden the operating system “Unhardening the Operating

Uninstall any previously installed Chapter 9, "Uninstalling a

Decide if you will automatically import “Automatically Importing

Install new encryption software, if “Customizing Encryption” on

Verify that the latest encryption “Customizing Encryption” on

Determine public key administrators “Administering Public

Configure the system appropriately for “Support for Non-English

Review the requirements for installing “Installing Multiple Sensors

Enable C2Audit (AIX and HP-UX “Enabling C2 Audit for AIX

Increase memory (HP-UX platforms “Increasing the Size Limits for

Enable the Basic Security Module “Enabling the Basic Security

Gather information required to “Protecting an Apache Web

Plan your installation for a time when it