Upgrading Script Lookup Plugins for version 11.6 on Linux-based systems

book

Article ID: 159430

calendar_today

Updated On:

Products

Data Loss Prevention Enforce

Issue/Introduction

Script Lookup Plugins may not be automatically upgraded when you upgrade an Linux-based Enforce Server to Data Loss Prevention version 11.6. The plugins do not appear in the Enforce Server administration console after upgrade.

Resolution

Follow these steps to manually upgrade a Script Lookup Plugin on a Linux-based 11.6 DLP system to the Enforce Server administration console.

1. Log on to the Enforce Server using the System Administrator credentials.

2. Navigate to System >  Lookup Plugins in the Enforce Server administration console.

3. Select New Plugin > Script from the drop-down menu.

4. Enter a Name and Description for the plugin at the New Script Lookup Plugin page:

5. Enter the Script Command.

Copy the value for the script.1.command property from the file <Installation Directory>\Protect\config\ScriptLookup.properties to the Script Command field.

For example, if the property is script.1.command=python then enter the value python in the Script Command field.

6. Enter the Arguments.

Copy the value for the script.1.custom.args property  from the file <Installation Directory>\Protect\config\ScriptLookup.properties to the Arguments field.

For example, if the property is script.1.custom.args=-u,/opt/<Installation Directory>/Protect/plugins/simple.py then enter the value -u,/opt/<Installation Folder>/Protect/plugins/simple.py in the Arguments field.

7. Enable standard input (stdin).

Select (check) this option if the property stdin.filtering.enabled in the file <Installation Directory>\Protect\config\ScriptLookup.properties is set to true.

8. Enable standard output (stdout).

Select (check) this option if the property stdout.filtering.enabled in the file <Installation Directory>\Protect\config\ScriptLookup.properties is set to true.

9. Enable protocol filtering.

Select (check) this option if the property protocol.filtering.enabled in the file <Installation Directory>\Protect\config\ScriptLookup.properties is set to true. Then, select each protocol from the available protocols list based on the protocols specified in the "protocols.allow" property of the same file.

For example, if property protocols.allow=SMTP,FTP,HTTP,NNTP then select each of these protocols from the list.

10. Enable credentials.

Select (check) this option if the property "credentials.enabled" in the file \Vontu\Protect\config\ScriptLookup.properties is set to true. Then, enter the value for the Credentials File Path field from the value of the credentials.file.path property in the same file.

For example, if credentials.file.path=../config/ScriptLookupPassword.properties then enter the value ../config/ScriptLookupPassword.properties in the Credentials File Path field.

11. Click Save to save the upgraded Script Lookup Plugin.

Verify that the system displays a message indicating that the configuration was successfully saved.

12. Enable and test the plugin.

See the Symantec Data Loss Prevention 11.6 Administration Guide for details.

13. Repeat these steps for any other Script Lookup Plugin present in the ScriptLookup.properties file that is not automatically upgraded to the 11.6 Linux-based Enforce Server.

For example, if the file <Installation Directory>\Protect\config\ScriptLookup.properties has more than one script plugin, create a new plugin and repeat these steps using the property values for that plugin from the file. For example, if script.2.command=c:/data/simpleScript.bat create a new plugin and enter c:/data/simpleScript.bat in the Script Command field. Likewise, enter the script.2.custom.args value in the Arguments field and so forth.