Scm51 Install

Tivoli Security Compliance Manager
Version 5.1
Installation Guide: All Components
GC32-1592-00
Tivoli Security Compliance Manager
Version 5.1
Installation Guide: All Components
GC32-1592-00
Note Before using this information and the product it supports, read the information in Notices, on page 71.
First Edition (May 2004) This edition applies to version 5, release 1, modification 0 of IBM Tivoli Security Compliance Manager (product number 5724-F82) and to all subsequent releases and modifications until otherwise indicated in new editions. Copyright International Business Machines Corporation 2003, 2004. All rights reserved. US Government Users Restricted Rights Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
Contents
Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . v
Who should read this book . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . v What this book contains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . v Publications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vi IBM Tivoli Security Compliance Manager library . . . . . . . . . . . . . . . . . . . . . . vi Related publications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vi Accessing publications online . . . . . . . . . . . . . . . . . . . . . . . . . . . . vii Accessibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vii Tivoli technical training . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vii Contacting software support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vii Conventions used in this book . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vii Typeface conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vii Operating system differences . . . . . . . . . . . . . . . . . . . . . . . . . . . . viii
Chapter 1. Installation overview . . . . . . . . . . . . . . . . . . . . . . . . . 1

Supported operating systems . . . . . . . . . . . Software prerequisites . . . . . . . . . . . . . Processor and memory requirements for server . . . . . Disk and memory requirements for client and collectors . . Disk and memory requirements for proxy relay. . . . . Disk and memory requirements for administration utilities . CD Layout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 3 4 4 4 5 6
Chapter 2. Installing the Tivoli Security Compliance Manager server. . . . . . . . . . 7

Before you begin . . . . . . . . . . . . . . Using the InstallShield MultiPlatform package to install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 . 8
Chapter 3. Installing the Tivoli Security Compliance Manager client . . . . . . . . . 25

Before you begin . . . . . . . . . . . . . Using the InstallShield MultiPlatform Package to Install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 . 25
Chapter 4. Installing the Tivoli Security Compliance Manager administration utilities . . 37

Before you begin . . . . . . . . . . . . . Using the InstallShield MultiPlatform Package to Install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37 . 37
Chapter 5. Using the Tivoli Security Compliance Manager database utilities . . . . . . 45

Before you begin . . . . . . . . . . . . . . . . . . . . Using the InstallShield MultiPlatform package to run the database utilities . . . . . . . . . . . . . . . . . . . . . . . . . . 45 . 46
Chapter 6. Uninstalling Tivoli Security Compliance Manager. . . . . . . . . . . . . 55

Before you begin . . . . . . . . . . . . . . Using the InstallShield MultiPlatform package to uninstall Console mode Uninstallation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55 . 55 . 60
Chapter 7. After the installation has completed . . . . . . . . . . . . . . . . . . 63 Chapter 8. Alternate installation methods . . . . . . . . . . . . . . . . . . . . . 65
Silent install . . . . . Console mode installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65 . 66
Chapter 9. Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
Installing with an alternate temporary directory . Files left in temporary directory . . . . . .
Copyright IBM Corp. 2003, 2004
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. 67 . 67
iii
Logging during installation . . . . . . . . . . . . . . . . . . Frequently asked questions . . . . . . . . . . . . . . . . . . Invalid DB2 user ID and password given during install . . . . . . . Entered wrong DB2 password during server start . . . . . . . . . Deselected create database now box by mistake . . . . . . . . . . Forgot Tivoli Security Compliance Manager administrator password . . . Forgot Tivoli Security Compliance Manager administrator ID . . . . . . Forgot to reset UMASK before installation on UNIX-based or Linux platforms Used double-byte characters for my administrator user ID and/or password Forgot to select stash password during install and server will not start . . Selected stash password during install and server will not start . . . . .
. . . . . . . . . . .
. . . . . . . . . . .
. . . . . . . . . . .
. . . . . . . . . . .
. . . . . . . . . . .
. . . . . . . . . . .
. . . . . . . . . . .
. . . . . . . . . . .
. . . . . . . . . . .
. . . . . . . . . . .
. . . . . . . . . . .
. . . . . . . . . . .
67 68 68 68 68 68 69 69 69 69 70
Appendix. Notices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Trademarks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75 Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
iv
Tivoli Security Compliance Manager: Installation Guide: All Components
Preface
The IBM Tivoli Security Compliance Manager Installation Guide: All Components book explains how to install and configure the IBM Tivoli Security Compliance Manager software. Tivoli Security Compliance Manager is a data collection service that gathers and stores a wide variety of information from multiple participating systems. Information types can include any data on a system, such as operating system versions, software patch levels, and security-related data. System and security administrators can use the Tivoli Security Compliance Manager service to monitor specific data checkpoints on any given machine (or group of machines).
Who should read this book

The target audience for this installation guide includes: v Security administrators v System administrators Readers should be familiar with: v TCP/IP v DB2 Relational databases v Security management, including authentication and authorization
What this book contains

This document contains the following chapters: v Chapter 1, Installation overview, on page 1 describes the prerequisites for Tivoli Security Compliance Manager. v Chapter 2, Installing the Tivoli Security Compliance Manager server, on page 7 describes how to install the server. v Chapter 3, Installing the Tivoli Security Compliance Manager client, on page 25 describes how to install the client. v Chapter 4, Installing the Tivoli Security Compliance Manager administration utilities, on page 37 describes how to install the administration utilities, which include the administration console and the administration command line interface. v Chapter 5, Using the Tivoli Security Compliance Manager database utilities, on page 45 describes how to use the database utilities to configure the Tivoli Security Compliance Manager DB2 database. This step is automatically performed during a server install. v Chapter 6, Uninstalling Tivoli Security Compliance Manager, on page 55 describes how to remove any of the Tivoli Security Compliance Manager system components. v Chapter 7, After the installation has completed, on page 63 describes what to do immediately after you have completed the installation. v Chapter 8, Alternate installation methods, on page 65 describes how to install in silent mode using a response file to provide input or in console mode.
v Chapter 9, Troubleshooting, on page 67 describes solutions for problems that you might encounter during the installation of Tivoli Security Compliance Manager.
Publications
Read the descriptions of the IBM Tivoli Security Compliance Manager library, the prerequisite publications, and the related publications to determine which publications you might find helpful. After you determine the publications you need, refer to the instructions for accessing publications online.
IBM Tivoli Security Compliance Manager library

The publications in the IBM Tivoli Security Compliance Manager library are: v IBM Tivoli Security Compliance Manager Installation Guide: All Components (GC32-1592-00) Explains how to install and configure Tivoli Security Compliance Manager software. v IBM Tivoli Security Compliance Manager Installation Guide: Client Component (GC32-1593-00) Explains how to install and configure the Tivoli Security Compliance Manager client component software. v IBM Tivoli Security Compliance Manager Administration Guide (SC32-1594-00) Explains how to manage and configure Tivoli Security Compliance Manager services using the administration console. v IBM Tivoli Security Compliance Manager Collector Development Guide (SC32-1595-00) Explains how to design and implement custom Tivoli Security Compliance Manager collectors. v IBM Tivoli Security Compliance Manager Warehouse Enablement Pack, Version 1.1 Implementation Guide for Tivoli Data Warehouse, Version 1.2 (SC32-1596-00) Explains how to integrate Tivoli Security Compliance Manager with Tivoli Data Warehouse. v IBM Tivoli Security Compliance Manager Release Notes (GI11-4695-00) Provides late-breaking information, such as software limitations, workarounds, and documentation updates.
Related publications
This section lists publications related to the Tivoli Security Compliance Manager library. The Tivoli Software Library provides a variety of Tivoli publications such as white papers, datasheets, demonstrations, redbooks, and announcement letters. The Tivoli Software Library is available on the Web at: http://www.ibm.com/software/tivoli/library/ The Tivoli Software Glossary includes definitions for many of the technical terms related to Tivoli software. The Tivoli Software Glossary is available, in English only, from the Glossary link on the left side of the Tivoli Software Library Web page http://www.ibm.com/software/tivoli/library/
IBM DB2 Universal Database

IBM DB2 Universal Database is required when using Tivoli Security Compliance Manager. Additional information about DB2 can be found at:
vi
http://www.ibm.com/software/data/db2/
Accessing publications online

The publications for this product are available online in Portable Document Format (PDF) or Hypertext Markup Language (HTML) format, or both in the Tivoli software library: http://www.ibm.com/software/tivoli/library To locate product publications in the library, click the Product manuals link on the left side of the library page. Then, locate and click the name of the product on the Tivoli software information center page. Product publications include release notes, installation guides, users guides, administrators guides, and developers references. Note: To ensure proper printing of PDF publications, select the Fit to page check box in the Adobe Acrobat Print window (which is available when you click File Print).
Accessibility
Accessibility features help a user who has a physical disability, such as restricted mobility or limited vision, to use software products successfully. You can use assistive technologies to hear and navigate the product documentation. You also can use the keyboard instead of the mouse to operate some features of the graphical user interface.
Tivoli technical training

For Tivoli technical training information, refer to the IBM Tivoli Education Web site: http://www.ibm.com/software/tivoli/education.
Contacting software support

Before contacting IBM Tivoli Software Support with a problem, refer to the IBM Tivoli Software Support site by clicking the Tivoli support link at the following Web site: http://www.ibm.com/software/support/ If you need additional help, contact software support by using the methods described in the IBM Software Support Guide at the following Web site: http://techsupport.services.ibm.com/guides/handbook.html The guide provides the following information: v Registration and eligibility requirements for receiving support v Telephone numbers, depending on the country in which you are located v A list of information you should gather before contacting customer support
Conventions used in this book

This reference uses several conventions for special terms and actions and for operating system-dependent commands and paths.
Typeface conventions
The following typeface conventions are used in this reference:
Preface
vii
Bold
Lowercase commands or mixed case commands that are difficult to distinguish from surrounding text, keywords, parameters, options, names of Java classes, and objects are in bold. Variables, titles of publications, and special words or phrases that are emphasized are in italic. Code examples, command lines, screen output, file and directory names that are difficult to distinguish from surrounding text, system messages, text that the user must type, and values for arguments or command options are in monospace.
Italic Monospace
Operating system differences

This book uses the UNIX convention for specifying environment variables and for directory notation. When using the Windows command line, replace $variable with %variable% for environment variables and replace each forward slash (/) with a backslash (\) in directory paths. If you are using the bash shell on a Windows system, you can use the UNIX conventions.
viii
Chapter 1. Installation overview

This chapter lists the supported operating systems, prerequisites, and disk and memory requirements for IBM Tivoli Security Compliance Manager. It also suggests important things you should consider before you begin the product installation.
Supported operating systems

The following tables list the supported operating systems for the Tivoli Security Compliance Manager server, client, collectors, and administration utilities. Note: Unless otherwise noted, for Linux systems only Intel, IA32 is supported.
Table 1. Server Operating system AIX AIX Windows 2000 Sun Solaris Sun Solaris SUSE Linux Enterprise Server

Level 5.1 5.2 Server 2.8 2.9 8
Patch/maintenance level No fix pack required No fix pack required Latest fix pack level Latest fix pack level Latest fix pack level Latest fix pack level
Table 2. Clients, collectors, and proxy relay Operating system AIX AIX HP-UX HP-UX Red Hat Linux Red Hat Linux Red Hat Linux Red Hat Linux Red Hat Linux Red Hat Linux Red Hat Linux Sun Solaris Sun Solaris Sun Solaris Sun Solaris Windows NT
Level 5.1 5.2 11.0 11i 6.2 7.0 7.1 7.2 7.3 8.0 9.0 2.6 2.7 2.8 2.9 4.0 Server
Patch/maintenance level Latest cumulative patches Latest cumulative patches Latest cumulative patches Latest cumulative patches Latest cumulative patches Latest cumulative patches Latest cumulative patches Latest cumulative patches Latest cumulative patches Latest cumulative patches Latest cumulative patches Latest cumulative patches Latest cumulative patches Latest cumulative patches Latest cumulative patches Latest service pack and security roll up package
Table 2. Clients, collectors, and proxy relay (continued) Operating system Windows NT Windows 2000 Windows 2000 Windows 2000 Windows XP Windows 2003 Red Hat Enterprise Linux Red Hat Enterprise Linux Advanced Server Level 4.0 Workstation Server Advanced Server Professional Professional Server Standard Edition and Enterprise Edition 2.1 3.0 (see note below) Patch/maintenance level Latest service pack and security roll up package Latest service pack and security roll up package Latest service pack and security roll up package Latest service pack and security roll up package Latest service pack and security roll up package Latest service pack and security roll up package Latest cumulative patches Latest cumulative patches Latest cumulative patches Latest cumulative patches Latest cumulative patches Latest cumulative patches Latest cumulative patches Latest cumulative patches Latest cumulative patches Latest cumulative patches
Red Hat Enterprise Linux for 3.0 zSeries Red Hat Enterprise Linux for 3.0 iSeries or pSeries Red Hat Enterprise Linux for 7.2 zSeries Red Hat Enterprise Linux Advanced Server SUSE LINUX SUSE LINUX Enterprise Server SUSE LINUX Enterprise Server for zSeries SUSE LINUX Enterprise Server for iSeries or pSeries 2.1 7.0 8 8 8
Note: The Red Hat Enterprise Linux Advanced Server 3.0 platform can only be installed using the console mode in Japanese. Please see Console mode installation on page 66 for more information on how to perform a console mode install.
Table 3. Administration console Operating system Windows 2000 Windows XP Level Professional Professional Patch/maintenance level Latest service pack and security roll up package Latest service pack and security roll up package
Table 4. Administration command line interface Operating system AIX Level 5.1 Patch/maintenance level Latest cumulative patches
Table 4. Administration command line interface (continued) Operating system AIX Windows 2000 Windows 2000 Windows 2000 Windows XP Sun Solaris Sun Solaris HP-UX HP-UX SUSE LINUX Enterprise Server Red Hat Linux Red Hat Enterprise Linux Advanced Server Level 5.2 Professional Server Advanced Server Professional 2.8 2.9 11 11i 8 9 3.0 Patch/maintenance level Latest cumulative patches Latest service pack and security roll up package Latest service pack and security roll up package Latest service pack and security roll up package Latest service pack and security roll up package Latest cumulative patches Latest cumulative patches Latest cumulative patches Latest cumulative patches Latest cumulative patches Latest cumulative patches Latest cumulative patches Latest cumulative patches Latest cumulative patches
Red Hat Enterprise Linux for 3.0 iSeries or pSeries SUSE LINUX Enterprise Server for iSeries or pSeries 8
Software prerequisites
All UNIX-based and Linux systems must have full X Windows (X11) support in place for the installation to run correctly, regardless of whether or not the system contains a graphics card. See the installation media for the systems operating system to install X Windows (X11). The following table lists the software prerequisites for the server.
Table 5. Server software prerequisites Operating system AIX 5.1 AIX 5.2 Windows 2000 Server Sun Solaris 2.8 Sun Solaris 2.9 SUSE LINUX Enterprise Server 8 for IA32 Requirements DB2 7.2 or 8.1 DB2 7.2 or 8.1 DB2 7.2 or 8.1 DB2 7.2 or 8.1 DB2 7.2 or 8.1 DB2 7.2 or 8.1
The Tivoli Security Compliance Manager 5.1 product package includes DB2 8.1. The following table lists the software prerequisites for the HP-UX client and command line interface.
Table 6. Client, collectors, and proxy relay software prerequisites Operating system HP-UX 11.0, 11i Requirements Java Runtime Environment (JRE) 1.3.1
Processor and memory requirements for server

The following table lists the processor and memory requirements for the server.
Table 7. Server processor and memory requirements Type of Tivoli Security Compliance Manager Deployment Small (1500 clients) Medium (5012500 clients) Large (250110,000 clients) Processor Memory Requirements
1 2 24
512 MB RAM 512 MB RAM 24 GB RAM
You need 5 MB of disk space to install the server package.
Disk and memory requirements for client and collectors

The following table lists the disk and memory requirements for the Tivoli Security Compliance Manager client and collectors.
Table 8. Disk and memory requirements for Tivoli Security Compliance Manager client Client Platform Disk Requirements for Installation Directory 64 MB 64 MB 64 MB 64 MB 64 MB Disk Requirements for Temporary Directory 45 MB 6 MB 46 MB 65 MB 44 MB Memory Requirements 75 MB RAM 75 MB RAM 75 MB RAM 75 MB RAM 75 MB RAM
AIX HP-UX Linux Solaris Windows
Note: The HP-UX platform values in the table are much smaller than the other platform values because the Java Runtime Environment is not packaged with the HP-UX client.
Disk and memory requirements for proxy relay

The following table lists the disk and memory requirements for the Tivoli Security Compliance Manager client with the proxy relay collector.
Table 9. Disk and memory requirements for Tivoli Security Compliance Manager proxy relay Client Platform Disk Requirements for Installation Directory 64 MB Disk Requirements for Temporary Directory 45 MB Memory Requirements 256 MB RAM minimum, 512 MB RAM recommended
AIX
Table 9. Disk and memory requirements for Tivoli Security Compliance Manager proxy relay (continued) Client Platform Disk Requirements for Installation Directory 64 MB Disk Requirements for Temporary Directory 6 MB Memory Requirements 256 MB RAM minimum, 512 MB RAM recommended 256 MB RAM minimum, 512 MB RAM recommended 256 MB RAM minimum, 512 MB RAM recommended 256 MB RAM minimum, 512 MB RAM recommended
HP-UX
Linux
64 MB
46 MB
Solaris
64 MB
65 MB
Windows
64 MB
44 MB
Disk and memory requirements for administration utilities

The following table lists the disk and memory requirements for the administration console.
Table 10. Disk and memory requirements for Tivoli Security Compliance Manager administration console Administration Console Platform Windows Disk Requirements for Installation Directory 64 MB Disk Requirements for Temporary Directory 42 MB Memory Requirements 128 MB RAM minimum, 256 MB RAM recommended
The following table lists the disk and memory requirements for the command line interface.
Table 11. Disk and memory requirements for Tivoli Security Compliance Manager command line interface Command Line Interface Platform AIX Disk Requirements for Installation Directory 64 MB Disk Requirements for Temporary Directory 45 MB Memory Requirements 256 MB RAM minimum, 512 MB RAM recommended 256 MB RAM minimum, 512 MB RAM recommended 256 MB RAM minimum, 512 MB RAM recommended
HP-UX
64 MB
6 MB
Linux
64 MB
46 MB
Table 11. Disk and memory requirements for Tivoli Security Compliance Manager command line interface (continued) Command Line Interface Platform Solaris Disk Requirements for Installation Directory 64 MB Disk Requirements for Temporary Directory 65 MB Memory Requirements 256 MB RAM minimum, 512 MB RAM recommended 256 MB RAM minimum, 512 MB RAM recommended
Windows
64 MB
44 MB
CD Layout
The Tivoli Security Compliance Manager 5.1 CD contains the following files and directories: v /policies/Network_AIX.pol v /policies/System_AIX.pol v /policies/Network_Windows.pol v /policies/System_Windows.pol v scm_aix v scm_hp11 v scm_linux v scm_linux390 v scm_linuxppc v scm_solaris v scm_win32.exe v scminstall.jar The scm_aix, scm_hp11, scm_linux, scm_linux390, scm_linuxppc, scm_solaris, scm_win32.exe and scminstall.jar are the InstallShield executables and .jar file needed to install Tivoli Security Compliance Manager.
Chapter 2. Installing the Tivoli Security Compliance Manager server

You can install the Tivoli Security Compliance Manager server on the platforms listed in Supported operating systems on page 1. The installation program is an InstallShield MultiPlatform package. When you install the server, the administration utilities and database configuration utility are automatically included. The administration utilities includes the administration console, the administration command line interface, and the proxy relay collector. Administration and usage information for the proxy relay, including configuration, can be found in the IBM Tivoli Security Compliance Manager Administration Guide. Note: Do not attempt to run the administration console on unsupported platforms. Doing so may have unintended consequences on your Tivoli Security Compliance Manager installation.
Before you begin

Before you install the server: v If you are reinstalling the server, stop the server before you attempt to reinstall it. See Using the InstallShield MultiPlatform package to uninstall on page 55 for more information. v The default installation directories are /opt/IBM/SCM directory on UNIX-based platforms and Linux platforms, and in the C:\Program Files\IBM\SCM directory on Windows. v For UNIX-based platforms and Linux platforms, the installation directory should not be on the root file system. If the /opt directory is located in the root file system, consider one of the following options: Create a separate file system for /opt (the optimum solution). Create a separate file system for /opt/IBM or /opt/IBM/SCM Create a symbolic link from /opt to /usr/opt Create a symbolic link from /opt/IBM or /opt/IBM/SCM to some other file system (perhaps /usr/opt/IBM or /usr/opt/IBM/SCM). The /opt directory is often a part of the root file system. Causing the root file system to fill up might impact other applications, including the operating system itself. Changing the mount point does not remove the possibility of filling up a file system, but it does reduce the impact to other applications that are running on the system. It localizes a file system problem to Tivoli Security Compliance Manager. v DB2 must be installed prior to installing Tivoli Security Compliance Manager server. Consider making a separate file system for the DB2 database that is to be used by the server. This might be necessary if the server encounters DB2 errors indicating that there is not enough space to store Tivoli Security Compliance Manager data. Creating a separate file system does not remove the possibility of filling up a file system but it does reduce the impact to other applications that are using DB2 and using the file system that DB2 uses by default. If the file system has an error, it will be easier to isolate the problem to Tivoli Security Compliance Manager. A DB2 8.1 database may either be on the server machine, or on a remote machine. In order to use a DB2 8.1 database on a remote machine, you will
v v v
need to place a copy of the db2java.zip and the db2jcc.jar files onto your IBM Tivoli Security Compliance Manager server machine. These files must be located in the same directory on the IBM Tivoli Security Compliance Manager server. You will need to provide the fully-qualified directory path to the db2java.zip file during install. A DB2 7.2 database may either be on the server machine, or on a remote machine. In order to use a DB2 7.2 database on a remote machine, you will need to place a copy of the db2java.zip file onto your IBM Tivoli Security Compliance Manager server machine. You will need to provide the fully-qualified directory path to the db2java.zip file during install. You need to know the DB2 instance ID and password. For UNIX-based and Linux systems, you must be logged on as the user ID root. For installations on UNIX-based or Linux platforms, set the umask to 022 for the Tivoli Security Compliance Manager files to be installed with the correct permissions for operations. If the umask is set to another value, the install will complete but the product will not run. For more information on alternative installation methods, including silent and console mode installations, see Chapter 8, Alternate installation methods, on page 65.
Additional server installation requirements are listed on the Welcome panel of the installation program.
Using the InstallShield MultiPlatform package to install

Tivoli Security Compliance Manager uses the InstallShield MultiPlatform (ISMP) tool for installation. Through the use of ISMP, a Java-based installation tool, a common look and feel for installation is provided regardless of your operating system. Configuration questions are provided by the installation, and a simple configuration is performed during installation to get you up and running quickly. When you use ISMP to install the Tivoli Security Compliance Manager server, you will follow these steps regardless of your operating system: 1. Run the installation executable. The list of the platform-specific installation executables is located in Chapter 1, Installation overview, on page 1. A startup window for the Java Virtual Machine, JVM, is displayed while the JVM is loaded. 2. The Language Selection window is displayed. Select a language for the installation. Click OK.
Figure 1. Language Selection
3. The installation Welcome window is displayed. This window lists all the required information for each Tivoli Security Compliance Manager component; use the scroll bar to display the required information for the component you will be installing. Click Next.
Figure 2. Installation Welcome window
4. The software license agreement is displayed. Accept the agreement and click Next to continue.
5. The Installation Directory Location window is displayed. The Tivoli Security Compliance Manager server code is installed in the /opt/IBM/SCM directory on UNIXbased platforms and Linux platforms, and in the C:\Program Files\IBM\SCM directory on Windows. Enter a different installation location in this window if you do not want to use the default directory. Click Next. Note: If you have already installed another Tivoli Security Compliance Manager component, or are reinstalling the server, the Installation Directory Location window will not be displayed. The installation program will automatically install the server to the same location as the previously installed components.
Figure 3. Installation Directory Location window
10
6. The System Component Selection window is displayed. After the system component selection window opens, you will be able to continue your installation based on the system component you have selected. Select IBM Tivoli Security Compliance Manager Server and click Next. Note: The IBM Tivoli Security Compliance Manager Database Configuration utility is automatically included with the server installation. After the server installation has completed, a separate database configuration step is not required.
Figure 4. System Component Selection window Server
11
7. The Server E-mail Configuration window is displayed. Enter the SMTP e-mail server host name that will be used by Tivoli Security Compliance Manager to send e-mail notifications, and the e-mail address to send the notifications to. The e-mail address will be used as the From: field in the e-mail notification sent by the Tivoli Security Compliance Manager server. Click Next to continue.
Figure 5. Server E-mail Configuration window
12
8. The Server Communication Configuration window is displayed. Enter the server and client connection ports, and click Next. The server connection port displayed on this window is the port used for communications with the administration console and with the administration command line interface.
Figure 6. Server Communication Configuration window
13
9. The Server Security Configuration window is displayed. a. Enter the fully qualified host name of the server machine for the system name for the certificate, and the password to be used for the master keystore and a separate password to be used for the server keystore. These passwords must be at least six characters in length. b. Select the check box to stash the server keystore password and enable the server to start automatically after installation has completed; if you do not select the box you will have to manually start the server and then enter the server keystore password. Additionally on Windows systems, if you choose not to store the server keystore password, the server service will not be installed as a Windows server. As a result, the server will not start automatically when the Windows machine is started. Instead, you will need to use the jacserver command to start the server, and then you will be prompted for the server keystore password before launching the server. Click Next to continue the installation. Note: The master keystore password is used to generate the keystore.
Figure 7. Server Security Configuration window
14
10. The Database Location window is displayed. v To use a database on the server machine, select The database is on the local machine, click Next, and continue onto the next step. v To use a database on a remote machine, select The database is remote, click Next, and continue onto Step 13 on page 19
Figure 8. Database Location window
15
11. The Database Configuration window is displayed. A slightly different window is displayed on Windows platforms as opposed to UNIX-based or Linux platforms. v For Windows platforms, enter the following information: The DB2 user ID and password. The location of the .jar or .zip file that contains the DB2 JDBC driver. Click the Browse button to navigate to the location of the .jar or .zip file, or enter the location manually. The typical location for this file is: C:\Program Files\IBM\SQLLIB\java\db2java.zip The name of the DB2 JDBC driver. A default DB2 JDBC driver name is displayed. The URL to use for database connectivity. Leave the default for a local database, and see your DB2 administrator for a remote database. See your DB2 documentation for more information on how to configure JDBC for DB2. Click Next to continue the installation and continue onto Step 12 on page 18.
Figure 9. Database Configuration window Windows Platform
16
v For UNIX-based and Linux platforms, enter the following information: The DB2 user ID and password. The location to create the DB2 database. If this field is left blank, the installation will use the default location of the database instance ID home. If a location is specified in this field, that location will be used as the location of the database. Select the check box to create the DB2 database as part of the server installation. See the note in the next step for more details on the function of the check box. Click Next to continue the installation and continue onto Step 15 on page 22.
Figure 10. Database Configuration window UNIX-based Platforms
17
12. A second Database Configuration window is displayed for Windows platforms. Select the check box to create the DB2 database as part of the server installation. If you choose to not create the database as part of the server installation, then the installation program will bypass the creation of the database. Click Next to continue the installation and continue onto Step 15 on page 22.
Figure 11. Second Database Configuration window Windows Platform
Note: The check box option allows you to customize your database configuration by not installing the database with the default configuration. The default database used by IBM Tivoli Security Compliance Manager is called JAC. The table definitions are included in the file INSTDIR/sql/jac.sql. The commands to create the database and the local node alias, SCM, are included as comments in the jac.sql file. You can either create the database JAC and the SCM local node alias using DB2 commands prior to using jac.sql, or uncomment the statements in jac.sql. There are two other files in the INSTDIR/sql/ directory that are used during database configuration: groups_and_roles.sql and admin.sql. The file groups_and_roles.sql contains the default administration group and role definitions. The file admin.sql contains the commands used to create the administrator user ID.
18
The db2 tvf <filename> command can be used to execute the commands contained in the .sql files. When creating a custom database configuration, you should create the database tables using the jac.sql file before using the other two .sql files. The IBM Tivoli Security Compliance Manager Server connects to the JAC database or the SCM alias using the configuration parameters specified during installation. The database configuration options are included in the INSTDIR/server/server.ini file. The configuration options contained in the server.ini file must be valid for any database customization. 13. For installations that will use a remote database, the Database Configuration window is displayed. Enter the following information: Note: Although the information requested is the same, the order in which the information is requested differs between Windows platforms and UNIX-based or Linux platforms. The windows that follow show the order for Windows platforms. v The DB2 user ID and password. v The location of the .jar or .zip file that contains the DB2 JDBC driver. Click the Browse button to navigate to the location of the .jar or .zip file, or enter the location manually. The typical location for this file is: Windows: C:\Program Files\IBM\SQLLIB\java\db2java.zip UNIX-based or Linux platforms: /home/db2instl/sqllib/java/db2java.zip v The name of the DB2 JDBC driver. A default DB2 JDBC driver name is displayed. v The URL to use for database connectivity. Leave the default for a local database, and see your DB2 administrator for a remote database. See your DB2 documentation for more information on how to configure JDBC for DB2. v Click Next to continue the installation.
19
Figure 12. Database Configuration window
20
14. A Confirm Remote Database Exists window is displayed. This window prompts you to check that the remote database exists and has been enabled to use the JDBC interface specified on the Database Configuration windows. Click Next to continue the installation and continue onto Step 16 on page 23.
Figure 13. Confirm Remote Database Exists window
21
15. The Administrator User ID Configuration window is displayed. Enter the Tivoli Security Compliance Manager system administrator user ID and password, and click Next. The user ID and password entered on this window will be used as the primary administrator for the administration console or the command line interface. The passwords must be at least six characters in length.
Figure 14. Administrator User ID Configuration window
Note: All administrator user IDs and passwords must contain only single-byte characters for the installation to complete successfully. Once the installation is complete, you may use the administration console to change the administrator user ID and password to contain double-byte characters.
22
16. The Installation Summary window is displayed. This window displays the installation location, the system components to be installed, and the installation size. Click Next to begin the installation process.
Figure 15. Installation Summary window
23
17. An installation progress indicator will be displayed in place of the summary window. After the installation has completed, a results window is displayed. Click Finish to exit the installation.
Figure 16. Installation Results window
18. After installation is complete, make sure to back up your server keys and keystores. See the chapter on managing server keys and keystores in the IBM Tivoli Security Compliance Manager Administration Guide for instructions on using the administration console to create a back-up of the server keys and keystores. In addition, refer to Chapter 7, After the installation has completed, on page 63 for further post-installation recommendations.
24
Chapter 3. Installing the Tivoli Security Compliance Manager client

This chapter describes how to install the Tivoli Security Compliance Manager client.
Before you begin

Before you install the client: v If you are reinstalling the client, stop it before you attempt to reinstall it. See Using the InstallShield MultiPlatform package to uninstall on page 55 for more information. v You will need the host name and port number of the Tivoli Security Compliance Manager server that the client will connect to. v If you will install the client on a HP-UX system that is using Japanese as its language, use the console mode installation or enter export LANG=C in your command window prior to using the ISMP install. For more information on the console mode installation, see Chapter 8, Alternate installation methods, on page 65. v If you will install the client on a Linux for zSeries system or on a Linux for 390 system, these systems do not come with a CD-ROM drive. You must load the CD on a workstation that has a CD-ROM and NFS mount it to the Linux system, or FTP the scm_linux390 and scminstall.jar files to the Linux system. v If you will install the client on a Linux for zSeries system, you must connect to the Linux for zSeries installation file with a system that supports an X server, or use the console mode when installing. See Console mode installation on page 66 for more information on using the console mode install. v The Red Hat Enterprise Linux Advanced Server 3.0 platform can only be installed using the console mode in Japanese. Please see Console mode installation on page 66 for more information on how to perform a console mode install. v For installations on UNIX-based or Linux platforms, set the umask to 022 for the Tivoli Security Compliance Manager files to be installed with the correct permissions for operations. If the umask is set to another value, the install will complete but the product will not run. v For more information on alternative installation methods, including silent and console mode installations, see Chapter 8, Alternate installation methods, on page 65. Additional client installation requirements are listed on the Welcome window of the installation program.
Using the InstallShield MultiPlatform Package to Install

Tivoli Security Compliance Manager uses the InstallShield MultiPlatform (ISMP) tool for installation on all supported client platforms. See Chapter 1, Installation overview, on page 1 for a complete list of supported client platforms. Through the use of ISMP, a Java-based installation tool, a common look and feel for installation is provided regardless of your operating system. Configuration
25
questions are provided by the installation, and a simple configuration is performed during installation to get you up and running quickly. In addition to the regular product installation package, a stand-alone ISMP client installation package is provided. This client-only installation is very similar to the regular product installation, but contains fewer screens. Differences between the regular and client-only installation packages are indicated throughout the installation procedure. When you use ISMP to install the Tivoli Security Compliance Manager client, you will follow these steps regardless of your operating system: 1. Run the installation executable. The list of the platform-specific installation executables is located in Chapter 1, Installation overview, on page 1. A startup window for the Java Virtual Machine, JVM, is displayed while the JVM is loaded. 2. The Language Selection window is displayed. Select a language for the installation. Click OK.
26
3. The installation Welcome window is displayed. This window lists all the required information for each Tivoli Security Compliance Manager component; use the scroll bar to display the required information for the component you will be installing. Click Next. Note: This window is not displayed in the client-only installation.
27
5. The Installation Directory Location window is displayed. The Tivoli Security Compliance Manager client code is installed in the /opt/IBM/SCM directory on UNIX-based platforms and the Linux platforms, and in the C:\Program Files\IBM\SCM directory on Windows. Enter a different installation location in this window if you do not want to use the default directory. Click Next. Note: If you have already installed another Tivoli Security Compliance Manager component, or are reinstalling the client, the Installation Directory Location window will not be displayed. The installation program will automatically install the client to the same location as the previously installed components.
28
6. The System Component Selection window is displayed. After the system component selection window opens, you will be able to continue your installation based on the system component you have selected. Select IBM Tivoli Security Compliance Manager Client and click Next. Note: This window is not displayed in the client-only installation.
Figure 20. System Component Selection window Client
29
7. For client installations on the HP-UX platform, the Java Runtime Location window is displayed. Enter the directory that contains the 1.3.1 JVM, and click Next.
Figure 21. HP-UX Java Runtime Location window
30
8. The Client Communication Mode Configuration window is displayed. Enter the client connection port, and the client communications mode. There are two communication modes: Push Pull A client that permits communication with the server to be initiated by either the client or the server.
A client that permits communication with the server to be initiated by only the server. Defining a client as a push client permits communication with the server to be established by either the client or the server. In some network environments, however, inbound connections to the server might not be permitted. In these cases, defining the client as a pull client forces the server to initiate all communications with the client. Pull clients are generally needed when the server is located behind a firewall. To install a push client, select Push and click Next. To install a pull client, select Pull, click Next, and proceed to Step 11 on page 34.
Figure 22. Client Communication Mode Configuration window
31
9. The Server Communication Configuration window is displayed. Enter the Tivoli Security Compliance manager server host name and connection port for server and client communications. Select the check box if the client has a dynamic IP address, or if the IP address or host name of the client changes frequently. Clear the check box if the client has a static IP address. Click Next to continue the installation.
Figure 23. Server Communication Configuration window
32
10. For DHCP clients, the Client DHCP Configuration window is displayed. You can enter an optional DHCP client alias, or the system will use a default alias of the client host name. Click Next to continue the installation.
Figure 24. Client DHCP Configuration window
33
34
35
36
Chapter 4. Installing the Tivoli Security Compliance Manager administration utilities

This chapter provides instructions on how to install the Tivoli Security Compliance Manager administration utilities, which includes the administration console, the administration command line interface, and the proxy relay collector. Administration and usage information for the proxy relay, including configuration, can be found in the IBM Tivoli Security Compliance Manager Administration Guide.
Before you begin

If you are reinstalling the administration utilities, first stop any administration application you are using before you attempt to reinstall. See Using the InstallShield MultiPlatform package to uninstall on page 55 for more information. For installations on UNIX-based or Linux platforms, set the umask to 022 for the Tivoli Security Compliance Manager files to be installed with the correct permissions for operations. If the umask is set to another value, the install will complete but the product will not run. For more information on alternative installation methods, including silent and console mode installations, see Chapter 8, Alternate installation methods, on page 65. Additional administration utilities installation requirements are listed on the Welcome window of the installation program.
Using the InstallShield MultiPlatform Package to Install

Tivoli Security Compliance Manager uses the InstallShield MultiPlatform (ISMP) tool for installation on all supported administration console and administration command line interface platforms. See Chapter 1, Installation overview, on page 1 for a complete list of supported administration console and administration command line interface platforms. The administration console is only supported on Windows platforms, and will not be installed on non-Windows platforms during an administration utilities installation. Through the use of ISMP, a Java-based installation tool, a common look and feel for installation is provided regardless of your operating system. Configuration questions are provided by the installation, and a simple configuration is performed during installation to get you up and running quickly. When you use ISMP to install the Tivoli Security Compliance Manager administration utilities, you will follow these steps regardless of your operating system: 1. Run the installation executable. The list of the platform specific installation executable are located in Chapter 1, Installation overview, on page 1. A startup window for the Java Virtual Machine, JVM, is displayed while the JVM is loaded. 2. The Language Selection window is displayed. Select a language for the installation. Click OK.
37
38
4. The software license agreement is displayed. Accept the agreement and click Next to continue. 5. The Installation Directory Location window is displayed. The Tivoli Security Compliance Manager administration utilities code is installed in the /opt/IBM/SCM directory on UNIX-based platforms and the Linux platforms, and in the C:\Program Files\IBM\SCM directory on Windows. Enter a different installation location in this window if you do not want to use the default directory. Click Next. Note: If you have already installed another Tivoli Security Compliance Manager component, or are reinstalling the administration console or the command line interface, the Installation Directory Location window will not be displayed. The installation program will automatically install the administration console or administration command line interface to the same location as the previously installed components.
39
6. The System Component Selection window is displayed. After the system component selection window opens, you will be able to continue your installation based on the system component you have selected. Select IBM Tivoli Security Compliance Manager Administration Utilities and click Next.
Figure 30. System Component Selection window Administration Utilities
40
7. For administration utilities installations on the HP-UX platform, the Java Runtime Location window is displayed. Enter the directory that contains the 1.3.1 JVM, and click Next.
Figure 31. HP-UX Java Runtime Location window
41
Figure 32. Installation Summary Window
42
43
44
Chapter 5. Using the Tivoli Security Compliance Manager database utilities

This chapter describes how to use the Tivoli Security Compliance Manager database utilities to configure the Tivoli Security Compliance Manager DB2 database. The database utility is provided to configure DB2 databases that were installed after the Tivoli Security Compliance Manager server was installed.
Before you begin

Before you use the database utilities: v DB2 must be installed prior to installing Tivoli Security Compliance Manager. Consider making a separate file system for the DB2 database that is to be used by the server. A separate file might be necessary if the server encounters DB2 errors indicating that there is not enough space to store Tivoli Security Compliance Manager data. Creation of a separate file does not remove the possibility of filling up a file system but it does reduce the impact to other applications that are using DB2 and using the file system that DB2 uses by default. If the file system has an error, it will be easier to isolate the problem to Tivoli Security Compliance Manager. v A DB2 8.1 database may either be on the server machine, or on a remote machine. In order to use a DB2 8.1 database on a remote machine, you will need to place a copy of the db2java.zip and the db2jcc.jar files onto your IBM Tivoli Security Compliance Manager server machine. These files must be located in the same directory on the server, and you will need to provide the fully-qualified directory path to the db2java.zip file during install. v A DB2 7.2 database may either be on the server machine, or on a remote machine. In order to use a DB2 7.2 database on a remote machine, you will need to place a copy of the db2java.zip file onto your IBM Tivoli Security Compliance Manager server machine. You will need to provide the fully-qualified directory path to the db2java.zip file during install. v You need to know the DB2 instance ID and password v For UNIX-based and Linux systems, you must be logged on as the user ID root. v For installations on UNIX-based or Linux platforms, set the umask to 022 for the Tivoli Security Compliance Manager files to be installed with the correct permissions for operations. If the umask is set to another value, the install will complete but the product will not run. v For more information on alternative installation methods, including silent and console mode installations, see Chapter 8, Alternate installation methods, on page 65. Additional database utilities requirements are listed on the Welcome window of the installation program.
45
Using the InstallShield MultiPlatform package to run the database utilities

Tivoli Security Compliance Manager uses the InstallShield MultiPlatform (ISMP) tool to run the database utilities. Through the use of ISMP, a Java-based installation tool, a common look and feel for installation is provided regardless of your operating system. Configuration questions are provided by the installation, and a simple configuration is performed during installation to get you up and running quickly. When you use ISMP to run the Tivoli Security Compliance Manager database utilities, you will follow these steps regardless of your operating system: 1. Run the installation executable. The list of the platform-specific installation executables is located in Chapter 1, Installation overview, on page 1. A startup window for the Java Virtual Machine, JVM, is displayed while the JVM is loaded. 2. The Language Selection window is displayed. Select a language for the installation. Click OK.
46
47
5. The Installation Directory Location window is displayed. The Tivoli Security Compliance Manager server code is installed in the /opt/IBM/SCM directory on UNIX-based and Linux platforms, and in the C:\Program Files\IBM\SCM directory on Windows. Enter a different installation location in this window if you do not want to use the default directory. Click Next. Note: If you have already installed another Tivoli Security Compliance Manager component, the Installation Directory Location window will not be displayed. The installation program will automatically install the database configuration utilities to the same location as the previously installed components.
48
6. The System Component Selection window is displayed. After the system component selection window opens, you will be able to continue your installation based on the system component you have selected. Select IBM Tivoli Security Compliance Manager Database Configuration and click Next.
Figure 37. System Component Selection window Database Configuration
49
7. The Database Configuration window is displayed. Enter the following information: v The DB2 user ID and password. v The location of the .jar or .zip file that contains the DB2 JDBC driver. Click the Browse button to navigate to the location of the .jar or .zip file, or enter the location manually. The default location for this file is: Windows: C:\Program Files\IBM\SQLLIB\java\db2java.zip UNIXbased platforms: /home/db2inst1/sqllib/java/db2java.zip v The name of the DB2 JDBC driver. A default DB2 JDBC driver name is displayed. v The URL to use for database connectivity. Leave the default for a local database, and see your DB2 administrator for a remote database. See your DB2 documentation for more information on how to configure JDBC for DB2. Click Next to continue the installation.
Figure 38. Database Configuration window
50
8. A second Database Configuration window is displayed. Select the check box to create the DB2 database. This option allows you to customize your database configuration by not installing the database with the default configuration. The default database used by IBM Tivoli Security Compliance Manager is called JAC. The table definitions are included in the file INSTDIR/sql/jac.sql. The commands to create the database and the local node alias, SCM, are included as comments in the jac.sql file. You can either create the database JAC and the SCM local node alias using DB2 commands prior to using jac.sql, or uncomment the statements in jac.sql. There are two other files in the INSTDIR/sql/ directory that are used during database configuration: groups_and_roles.sql and admin.sql. The file groups_and_roles.sql contains the default administration group and role definitions. The file admin.sql contains the commands used to create the administrator user ID. The db2 tvf <filename> command can be used to execute the commands contained in the .sql files. When creating a custom database configuration, you should create the database tables using the jac.sql file before using the other two .sql files. The IBM Tivoli Security Compliance Manager Server connects to the JAC database or the SCM alias using the configuration parameters specified during installation. The database configuration options are included in the INSTDIR/server/server.ini file. The configuration options contained in the server.ini file must be valid for any database customization.
Figure 39. Second Database Configuration window
51
9. The Administrator User ID Configuration window is displayed. Enter the Tivoli Security Compliance Manager system administrator user ID and password, and click Next. The password must be at least six characters in length. Note: All administrator user IDs and passwords must contain only single-byte characters for the installation to complete successfully. Once the installation is complete, you may use the Administration Console to change the administrator user ID and password to contain double-byte characters.
Figure 40. Administrator User ID Configuration window
52
53
54
Chapter 6. Uninstalling Tivoli Security Compliance Manager

This chapter describes how to uninstall the system components of Tivoli Security Compliance Manager.
Before you begin

If you intend to uninstall your Tivoli Security Compliance Manager server and then reinstall it and have your existing clients communicate without needing to be reinstalled, you must keep the keystore files currently being used for client-server communication. See the chapter on managing server keys and keystores in the IBM Tivoli Security Compliance Manager Administration Guide for instructions on using the administration console to create a backup copy of the server keys and keystores.
Using the InstallShield MultiPlatform package to uninstall

Tivoli Security Compliance Manager uses the InstallShield MultiPlatform (ISMP) tool for uninstallation on all system component supported platforms. See Chapter 1, Installation overview, on page 1 for a complete list of system component supported platforms. Through the use of ISMP, a Java-based installation tool, a common look and feel for uninstallation is provided regardless of your operating system. To uninstall any Tivoli Security Compliance Manager system component, use the following steps: 1. Navigate to the uninstallation directory and run the uninstallation executable. The path to the platform specific uninstallation executables follows: v UNIX-based platforms and Linux platforms: /opt/IBM/SCM/_uninst v Windows platforms: C:\Program Files\IBM\SCM\_uninst A startup window for the Java Virtual Machine, JVM, is displayed while the JVM is loaded. 2. The Language Selection window is displayed. Select a language for the installation. Click OK.
55
3. The Uninstallation Welcome window is displayed. Click Next.
Figure 44. Uninstallation Welcome window
56
4. The Uninstallation Selection window is displayed. All installed Tivoli Security Compliance Manager system components are listed, and preselected, in this window. Select the Tivoli Security Compliance Manager system components to uninstall and click Next. Note: This window is not displayed in the client-only installation.
Figure 45. Uninstallation Selection window
5. If you select to uninstall the server, the Confirm Keystore Deletion window is displayed. If you intend to reinstall the server and have your existing clients communicate without needing to be reinstalled, you must keep the keystore files currently being used for client-server communication. See the chapter on managing server keys and keystores in the IBM Tivoli Security Compliance Manager Administration Guide for instructions on using the administration console to create a backup of the server keys and keystores. Select the check box to delete the client server communication keystore file if you have a back-up copy or you do not intend to reinstall the server. Deselect the check box to leave the two files, server.jksand master.jks, in the INSTDIR/server/keystores directory and uninstall the server. Click Next to continue.
57
6. The Uninstallation Summary window is displayed. This window displays the directory location that the system components will be uninstalled from and the system components to be uninstalled. Click Next to begin the uninstallation process.
Figure 46. Uninstallation Summary window
58
7. A progress indicator will be displayed in place of the summary window. After the uninstallation has completed, a results window is displayed. Click Next.
Figure 47. Uninstallation Results window
59
8. The uninstall wizard might require you to restart your computer to complete the uninstallation process. Click Finish to exit the uninstallation program. Note: The uninstallation process on HP-UX systems will display a Next option on the final uninstallation panel instead of a Finish option. Selecting the Next option will complete the uninstall.
Figure 48. Uninstallation System Restart window
Console mode Uninstallation

In addition to running the launcher executable, there are other methods of starting the uninstallation that also might be useful. This section describes the way to start the uninstallation program using a Java command with the console option. Command examples are shown as if you have first used a cd (change directory) command to change to the /opt/IBM/SCM/_uninst directory on UNIXbased and Linux platforms, or to the C:\Program Files\IBM\SCM\_uninst directory on Windows. To bypass the launcher executable and run the uninstallation in the non-graphical mode, run the Java command with the console option. An example of the Java command using the console option follows: For UNIXbased and Linux platforms: uninstaller.bin -console For Windows: uninstaller.exe -console This example starts the uninstallation in the non-graphical mode. If you are running the uninstallation from a remote host, use the non-graphical mode. The uninstallation program does not run correctly with some window managers when run remotely.
60
Note: The console mode uninstallation process on HP-UX systems will display a Next option on the final uninstallation panel instead of a Finish option. Selecting the Next option will complete the uninstall.
61
62
Chapter 7. After the installation has completed

After you have installed the server, the client, and the administration console or command line interface or both, be sure to install the Tivoli Security Compliance Manager collectors and policies from the product CD into a directory that the server can read and write to. See the IBM Tivoli Security Compliance Manager Administration Guide for more information about using the collectors. After you have installed Tivoli Security Compliance Manager, it is important to review log space in DB2 to determine if you have adequate space for Tivoli Security Compliance Manager logging requirements. You must have administrator authority for DB2 to issue the following commands, which will enable you to review the logging requirements and make changes, if necessary. The values in the following commands are the minimum size needed for a reasonably loaded system. If you are using a more heavily loaded system, you might need to increase the log file size and or the number of log files. 1. To see the current DB2 settings, issue the command: db2 get db cfg for JAC 2. To set the log file to 1000 4K pages, issue the command: db2 update db config for JAC using LOGFILSIZ 1000 3. To set DB2 to use 30 circular log files, issue the command: db2 update db config for JAC using LOGPRIMARY 30 4. After you make these changes, stop and then restart the server.
63
64
Chapter 8. Alternate installation methods

The Tivoli Security Compliance Manager InstallShield package provides the ability to perform a silent installation, or to install in console mode. The following sections provide details on both of these installation methods. You can install in silent mode using a response file to provide input.
Silent install
Note: Before you begin be aware that ISMP does not report any errors in silent mode. Therefore, if you type any of the options incorrectly, the installation will silently fail or respond unexpectedly. For example, if you are installing in /syslocal/tools/SCM and you were to type the command incorrectly, the component would still be installed and there would be no error message. The InstallShield MultiPlatform tool provides the capability to create a template file that contains all possible responses. The tool also provides a record option that allows you to record the responses given when installing a particular system. Response files created using these techniques can be used to perform silent installations. Note: When performing a silent install on a Windows system, the InstallShield program does not wait for the installation to complete before displaying an active command window. The install will still be in progress once the user prompt is displayed, so check to ensure that the installation is complete before using the command window. In the examples given in this section for the platform variables, substitute one of the following: scm_aix, scm_hp11, scm_linux, scm_linux390, scm_linuxppc, scm_solaris, scm_win32.exe To record a response file during an installation, enter the following command:
scm_platform -options-record filename
where filename is the path name of the file to which the recorded response data will be written. Note: Using the -options-record on the Solaris platform causes invalid error messages to be displayed. The options file that is created on Solaris can be used for silent installation. To generate a template file, enter the following command:
scm_platform -options-template filename
where filename is the path name of the file that the template response data will be written. When the template generation successfully completes, you will receive the following message:
Options file filename was successfully created
65
The template file that is created must be edited using a text editor as follows: v For options you want to set, remove the three comment characters (###) at the start of the option line. v Replace value with the appropriate value for each uncommented option. When you first perform a silent installation, use the -options-record option to generate a response file from an actual installation. This option allows you to familiarize yourself with the data variables that can be set and with the valid responses. After you are familiar with the data that must be provided in the response file, you might find the -options-template option, which provides a template file of all possible responses, to be useful. After you have created a response file with the desired data input, you can use that file in a subsequent silent installation. For example, to perform a silent installation enter the following command:
scm_platform -silent -options filename
where filename is the path name of the file that contains the response data to be used.
Console mode installation

In addition to running the launcher executable, there are other methods of starting the installation that also might be useful. This section describes the way to start the installation program using a Java command with the console option. Command examples are shown as if you have first used a cd (change directory) command to change to the directory where the Tivoli Security Compliance Manager CD is mounted. To bypass the launcher executable and run the installation in the non-graphical mode, run the Java command with the console option. An example of the Java command using the console option follows: scm_platform -console where platform is the installation executable platform. This example starts the installation in the non-graphical mode. If you are running the installation from a remote host, use the non-graphical mode. The installation program does not run correctly with some window managers when run remotely.
66
Chapter 9. Troubleshooting
This chapter describes problems that you might encounter as you install and configure Tivoli Security Compliance Manager and it provides some solutions to these problems.
Installing with an alternate temporary directory

The installation process can require a significant amount of temporary free space that is used to unpack and contain the bundled Java runtime environment and other installation files. Specific space requirements are documented in Chapter 1, Installation overview, on page 1. If the temporary directory on your system does not contain sufficient free space to perform the installation, you must change the directory that is used for temporary space to one that does contain sufficient space. Note: Before you install Tivoli Security Compliance Manager, the temporary directory must already exist; otherwise, the option is ignored. To install a system component using an alternate directory for temporary installation space, use the command: launcher_name -is:tempdir temp_dir where launcher_name is the name of the installation executable and temp_dir is the name of the directory that will be used to store temporary files.
Files left in temporary directory

Occasionally, InstallShield files are left in the temporary directory. This problem can occur if you use Ctrl+c to cancel out of an installation, or if the installation abnormally terminates. Canceling the installation can also result in errors being logged and files being left on the system. If you cancel an installation before it completes successfully, or an installation abnormally terminates, make sure to remove all files in the installation directory; the default installation location is the /opt/IBM/SCM directory on UNIXbased platforms and Linux platforms, and the C:\Program Files\IBM\SCM directory on Windows.
Logging during installation

If an error occurs during the installation, then an installation log is automatically generated. The log file, log.txt, will be placed into the installation location directory. To perform an installation with additional logging, enter the following command:
scm_platform -log !fileName @ALL
where scm_platform is one of the platform launchers for Tivoli Security Compliance Manager: scm_aix, scm_hp11, scm_linux, scm_linux390, scm_linuxppc, scm_solaris, scm_win32.exe. The @ALL parameter will log all installation events.
67
The ISMP installation program also stores information about the ISMP installed components in a vital product data file called vpd.properties. This file is found in various directories depending on the operating system, such as: v Windows: %SystemRoot%\vpd.properties v AIX: /usr/lib/objrepos/vpd.properties v Linux: /root/vpd.properties v HP-UX: /vpd.properties v Solaris: /vpd.properties
Frequently asked questions

The following section contains frequently asked installation troubleshooting questions.
Invalid DB2 user ID and password given during install

Problem: I entered an invalid DB2 user ID and password during install. Solution: You can rerun the installation program by selecting the database configuration option; this will recreate your database and tables. You will also have to edit the INSTDIR/server/server.ini file to set the following values:
db.userid=<correct_userid_value> db.password=<correct_password_value>
where <correct_userid_value> is the valid DB2 user ID and <correct_password_value> is the valid DB2 password. You may enter the password as plain text, and it will be encrypted in the file for you.
Entered wrong DB2 password during server start

Problem:I entered the wrong password for the DB2 user ID, and my server will not start. Solution: Edit the INSTDIR/server/server.ini file to correct the db.password value. You may enter the password as plain text, and when you start the server it will be encrypted in the file for you.
Deselected create database now box by mistake

Problem: I deselected the check box to create the database as part of the server installation, but I did not mean to. Solution: Rerun the installation and select the database configuration option. Alternatively, you can edit the INSTALLDIR/sql/jac.sql file to uncomment the lines needed to create the database and alias. See 8 on page 51 in the database configuration chapter for more information.
Forgot Tivoli Security Compliance Manager administrator password

Problem: I forgot the password I entered for the Tivoli Security Compliance Manager administrator. Solution: Contact IBM Tivoli Support for assistance.
68
Forgot Tivoli Security Compliance Manager administrator ID

Problem: I forgot the user ID I entered for the Tivoli Security Compliance Manager administrator. Solution: Look in the file INSTDIR/sql/admin.sql.
Forgot to reset UMASK before installation on UNIX-based or Linux platforms

Problem:I forgot to reset the UMASK parameter on my UNIX-based or Linux machine before beginning installation, and my commands will not run or are having problems executing wbindmsg. Solution: Log in as the root user and use the chmod to change the command file permissions and the INSTDIR/bin/wbindmsg file permissions. You may also need to use chmod on the /var/ibm/tivoli/common/HCV directory and its subdirectories.
Used double-byte characters for my administrator user ID and/or password

Problem:I entered an administrator ID and/or password that contains double-byte characters, and I can not log into my administration console. Solution:Rerun the installation and select the database configuration option. Enter only single-byte characters for the administrator ID and password. Note: If you deselected the check box to create the database now, you can update only the affected tables as follows: 1. Use the db2 connect command to connect to the JAC database. 2. Use the db2 select userid command to select the administrator user ID from the jac_sys.users file. 3. Use the db2 delete command to delete the administrator user ID from the jac_sys.users file where userid=<wrong_value>. 4. Use the db2 delete command to delete the administrator user ID password from the jac_sys.use_passwords file where userid=<wrong_value>. 5. Enter the following command:
db2 tvf INSTDIR/sql/admin.sql
Forgot to select stash password during install and server will not start
Problem: I deselected the stash password check box on the Server Security Configuration window during installation, and my server fails to start when the system is rebooted. Solution:Deselecting the stash password check box removes the server.keystore.password value from the INSTDIR/server/server.ini file, but does not change the system entries to automatically start the server. v To solve this problem on AIX systems, enter the following command:
rmitab ibmscmsrv
v To solve this problem on other UNIX-based systems, enter the following commands:
Chapter 9. Troubleshooting
69
cd /etc find . | grep IBMSCMserver | xargs rm f
v To solve this problem on a Windows system, enter the following command to remove the server as a Windows service:
scmserver remove
Selected stash password during install and server will not start
Problem:I selected the stash password check box on the Server Security Configuration window during installation, but my server does not automatically start when the system is rebooted. Solution: Use the following steps to add the server to your systems start up process: Note: Make sure to replace the INSTDIR directory below with the directory where you installed Tivoli Security Compliance Manager. v For AIX systems, enter the following command:
mkitab ibmscmsrv:2:once:INSTDIR/server/scmserver start 2>/dev/null
v For Solaris systems, make the following symbolic links:

ln ln ln ln ln s s s s s INSTDIR/server/scmserver INSTDIR/server/scmserver INSTDIR/server/scmserver INSTDIR/server/scmserver INSTDIR/server/scmserver /etc/init.d/IBMSCMserver /etc/rc0.d/K10IBMSCMserver /etc/rc1.d/K10IBMSCMserver /etc/rc2.d/S99IBMSCMserver /etc/rcS.d/K10IBMSCMserver
v For Windows systems, enter the following command:

scmserver install
v For Linux systems, make the following symbolic links:

ln ln ln ln ln ln ln ln fs INSTDIR/server/scmserver /etc/init.d/IBMSCMserver fs ../IBMSCMserver /etc/init.d/rc0.d/K10IBMSCMserver fs ../IBMSCMserver /etc/init.d/rc1.d/K10IBMSCMserver fs ../IBMSCMserver /etc/init.d/rc2.d/S99IBMSCMserver fs ../IBMSCMserver /etc/init.d/rc3.d/S99IBMSCMserver fs ../IBMSCMserver /etc/init.d/rc4.d/S99IBMSCMserver fs ../IBMSCMserver /etc/init.d/rc5.d/S99IBMSCMserver fs ../IBMSCMserver /etc/init.d/rc6.d/K10IBMSCMserver
70
Appendix. Notices
This information was developed for products and services offered in the U.S.A. IBM may not offer the products, services, or features discussed in this document in other countries. Consult your local IBM representative for information on the products and services currently available in your area. Any reference to an IBM product, program, or service is not intended to state or imply that only that IBM product, program, or service may be used. Any functionally equivalent product, program, or service that does not infringe any IBM intellectual property right may be used instead. However, it is the users responsibility to evaluate and verify the operation of any non-IBM product, program, or service. IBM may have patents or pending patent applications covering subject matter described in this document. The furnishing of this document does not give you any license to these patents. You can send license inquiries, in writing, to: IBM Director of Licensing IBM Corporation 500 Columbus Avenue Thornwood, NY 10594 U.S.A For license inquiries regarding double-byte (DBCS) information, contact the IBM Intellectual Property Department in your country or send inquiries, in writing, to: IBM World Trade Asia Corporation Licensing 2-31 Roppongi 3-chome, Minato-ku Tokyo 106, Japan The following paragraph does not apply to the United Kingdom or any other country where such provisions are inconsistent with local law: INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THIS PUBLICATION AS IS WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Some states do not allow disclaimer of express or implied warranties in certain transactions, therefore, this statement may not apply to you. This information could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein; these changes will be incorporated in new editions of the publication. IBM may make improvements and/or changes in the product(s) and/or the program(s) described in this publication at any time without notice. Any references in this information to non-IBM Web sites are provided for convenience only and do not in any manner serve as an endorsement of those Web sites. The materials at those Web sites are not part of the materials for this IBM product and use of those Web sites is at your own risk. IBM may use or distribute any of the information you supply in any way it believes appropriate without incurring any obligation to you.
71
Licensees of this program who wish to have information about it for the purpose of enabling: (i) the exchange of information between independently created programs and other programs (including this one) and (ii) the mutual use of the information which has been exchanged, should contact: IBM Corporation 2Z4A/101 11400 Burnet Road Austin, TX 78758 USA Such information may be available, subject to appropriate terms and conditions, including in some cases, payment of a fee. The licensed program described in this information and all licensed material available for it are provided by IBM under terms of the IBM Customer Agreement, IBM International Program License Agreement, or any equivalent agreement between us. Any performance data contained herein was determined in a controlled environment. Therefore, the results obtained in other operating environments may vary significantly. Some measurements may have been made on development-level systems and there is no guarantee that these measurements will be the same on generally available systems. Furthermore, some measurement may have been estimated through extrapolation. Actual results may vary. Users of this document should verify the applicable data for their specific environment. Information concerning non-IBM products was obtained from the suppliers of those products, their published announcements or other publicly available sources. IBM has not tested those products and cannot confirm the accuracy of performance, compatibility or any other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products. All statements regarding IBMs future direction or intent are subject to change or withdrawal without notice, and represent goals and objectives only. This information contains examples of data and reports used in daily business operations. To illustrate them as completely as possible, the examples include the names of individuals, companies, brands, and products. All of these names are fictitious and any similarity to the names and addresses used by an actual business enterprise is entirely coincidental. If you are viewing this information softcopy, the photographs and color illustrations may not appear.
Trademarks
The following terms are trademarks or registered trademarks of International Business Machines Corporation in the United States, other countries, or both: AIX DB2 IBM
72
IBM logo Tivoli Tivoli logo Microsoft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation in the United States, other countries, or both. Java and all Java-based trademarks and logos are trademarks or registered trademarks of Sun Microsystems, Inc. in the United States and other countries. UNIX is a registered trademark of The Open Group in the United States and other countries. Other company, product, and service names may be trademarks or service marks of others.
Appendix. Notices
73
74
Glossary
collector. A software module that runs on a client system and gathers data. This data is subsequently sent to a server. compliance query. An SQL query that extracts specific data from the server database and returns a list of clients that are in violation of specific security requirements. delta table. A database table used for saving changed data from subsequent runs of a collector. disinherit. To remove actions from a role that were originally copied from a template. inherit. To copy actions to a role from a template. policy. A set of one or more compliance queries used to demonstrate the level of adherence to specific security requirements. policy bundle. A file containing the information associated with a policy, such as the compliance queries, the collectors, and the associated schedules. A policy bundle permits the policy to be saved and subsequently applied to other servers. proxy relay. A special pull client that acts as a relay between the server and one or more clients. A proxy relay is used to reach a limited number of clients that are located behind a firewall, or that are in an IP-address range that is not directly addressable by the server. pull client. A client that permits communication with the server to be initiated by only the server. push client. A client that permits communication with the server to be initiated by either the client or the server. snapshot. The result of running all of the compliance queries in a policy against a set of clients. A snapshot shows the number of violations and indicates what clients are not adhering to the security requirements being tested by the compliance queries.
75
76
Index A
accessibility vii administration utilities installation 37 after installation 63 alternate temporary installation directory 67
T
troubleshooting installation 67
U
uninstall console mode 60 InstallShield MutliPlatform uninstalling 55 55
C
CD layout 6 client installation 25 configuration database 45 console mode installation 66 console mode uninstallation 60
D
database configuration 45 database utilities 45
I
installation after completion 63 console mode 66 silent 65 troubleshooting 67 using an alternate temporary directory 67 installation prerequisites 1 installing administration utilities 37 client 25 server 7 InstallShield MultiPlatform uninstallation 55
P
product removal 55
R
reinstalling administration utilities 37 client 25 server 7 related publications vi running database utilities 46
S
server installation 7 silent install administration utilities client 65 server 65 silent installation 65 software prerequisites 1 65
77
78
Printed in USA
GC32-1592-00

Scm51 Install

Загружено:

Сведения о документе

Исходное описание:

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Scm51 Install

Загружено:

Авторское право:

Доступные форматы

Tivoli Security Compliance Manager

Installation Guide: All Components

Tivoli Security Compliance Manager

Installation Guide: All Components

Chapter 1. Installation overview . . . . . . . . . . . . . . . . . . . . . . . . . 1

Chapter 2. Installing the Tivoli Security Compliance Manager server. . . . . . . . . . 7

Chapter 3. Installing the Tivoli Security Compliance Manager client . . . . . . . . . 25

Chapter 4. Installing the Tivoli Security Compliance Manager administration utilities . . 37

Chapter 5. Using the Tivoli Security Compliance Manager database utilities . . . . . . 45

Chapter 6. Uninstalling Tivoli Security Compliance Manager. . . . . . . . . . . . . 55

Tivoli Security Compliance Manager: Installation Guide: All Components

Who should read this book

What this book contains

Copyright IBM Corp. 2003, 2004

IBM Tivoli Security Compliance Manager library

IBM DB2 Universal Database

Tivoli Security Compliance Manager: Installation Guide: All Components

Accessing publications online

Tivoli technical training

Contacting software support

Conventions used in this book

Operating system differences

Tivoli Security Compliance Manager: Installation Guide: All Components

Chapter 1. Installation overview

Supported operating systems

Level 5.1 5.2 Server 2.8 2.9 8

Copyright IBM Corp. 2003, 2004

Tivoli Security Compliance Manager: Installation Guide: All Components

Chapter 1. Installation overview

Processor and memory requirements for server

512 MB RAM 512 MB RAM 24 GB RAM

You need 5 MB of disk space to install the server package.

Disk and memory requirements for client and collectors

AIX HP-UX Linux Solaris Windows

Disk and memory requirements for proxy relay

Tivoli Security Compliance Manager: Installation Guide: All Components

Disk and memory requirements for administration utilities

Tivoli Security Compliance Manager: Installation Guide: All Components

Chapter 2. Installing the Tivoli Security Compliance Manager server

Before you begin

Using the InstallShield MultiPlatform package to install

Figure 1. Language Selection

Tivoli Security Compliance Manager: Installation Guide: All Components

Figure 2. Installation Welcome window

Chapter 2. Installing the Tivoli Security Compliance Manager server

Figure 3. Installation Directory Location window

Tivoli Security Compliance Manager: Installation Guide: All Components

Figure 4. System Component Selection window Server

Chapter 2. Installing the Tivoli Security Compliance Manager server

Figure 5. Server E-mail Configuration window

Tivoli Security Compliance Manager: Installation Guide: All Components

Figure 6. Server Communication Configuration window

Chapter 2. Installing the Tivoli Security Compliance Manager server

Figure 7. Server Security Configuration window

Tivoli Security Compliance Manager: Installation Guide: All Components

Figure 8. Database Location window

Chapter 2. Installing the Tivoli Security Compliance Manager server

Figure 9. Database Configuration window Windows Platform

Tivoli Security Compliance Manager: Installation Guide: All Components

Figure 10. Database Configuration window UNIX-based Platforms

Chapter 2. Installing the Tivoli Security Compliance Manager server

Figure 11. Second Database Configuration window Windows Platform

Tivoli Security Compliance Manager: Installation Guide: All Components