1. As root, setup the environment prior to install by entering the following commands:
# touch /etc/scsp-check-bypass
# export INST_PARMS="--nodeps"
2. Run the SCSO agent binary:
# ./agent64-linux-rhel5.bin.5.2.9.670.bin
2a. The system should return the following messages:
ERROR: The minimum required packages for SCSP are not installed. In order for SCSP to function properly, the following missing packages must be installed:
> sysklogd System logging and kernel message trapping daemons.
Please install these packages before proceeding.
WARNING: /etc/scsp-check-bypass detected. Bypassing installer checks may lead to unpredictable results.
...
Extracting /var/tmp/SYMCcsp4147/SYMCcsp-5.2.9.670.linux.rpm ...
Validating RPM File: /var/tmp/SYMCcsp4147/SYMCcsp-5.2.9.670.linux.rpm ...
Running native package installation
--> rpm -v --nodeps -i --prefix /opt/Symantec/scspagent /var/tmp/SYMCcsp4147/SYMCcsp-5.2.9.670.linux.rpm
Installing SCSP Agent package SYMCcsp-5.2.9-670 ...
Preparing packages for installation...
SYMCcsp-5.2.9-670
The Symantec Critical System Protection Agent has been successfully installed
************************
3. Once installed, additional configuration may be needed to support syslog-ng in order to set the correct source in the configuration entry added by the IDS daemon.
a. Open /etc/syslog-ng/syslog-ng.conf and search for ^source, if it is defined as "src", no change is required, otherwise a change is required to the IDS daemon to correctly filter the syslog-ng system events.
For example:
# grep ^source /etc/syslog-ng/syslog-ng.conf
source s_sys {
b. Edit /opt/Symantec/scspagent/IDS/system/LocalAgent.ini, uncomment and change the line "Syslog NG Source" to the correct source (e.g. "Source NG Source=s_sys").
c. Restart the IDS daemon with the following command:
# /etc/init.d/sisidsagent restart