To Install the SCSP Agent on RHEL5.x Without sysklogd

book

Article ID: 181494

calendar_today

Updated On:

Products

Critical System Protection

Issue/Introduction

 

Resolution

1.  As root, setup the environment prior to install by entering the following commands:
  # touch /etc/scsp-check-bypass
  # export INST_PARMS="--nodeps"
 
2.  Run the SCSO agent binary:
  # ./agent64-linux-rhel5.bin.5.2.9.670.bin

2a. The system should return the following messages:
 
Checking Required Package Dependencies...

ERROR: The minimum required packages for SCSP are not installed. In order for SCSP to function properly, the following missing packages must be installed:

 > sysklogd              System logging and kernel message trapping daemons.

Please install these packages before proceeding.

WARNING: /etc/scsp-check-bypass detected. Bypassing installer checks may lead to unpredictable results.

...

Extracting /var/tmp/SYMCcsp4147/SYMCcsp-5.2.9.670.linux.rpm ...

Validating RPM File: /var/tmp/SYMCcsp4147/SYMCcsp-5.2.9.670.linux.rpm ...

Running native package installation
--> rpm -v --nodeps -i --prefix /opt/Symantec/scspagent /var/tmp/SYMCcsp4147/SYMCcsp-5.2.9.670.linux.rpm

Installing SCSP Agent package SYMCcsp-5.2.9-670 ...
Preparing packages for installation...
SYMCcsp-5.2.9-670

The Symantec Critical System Protection Agent has been successfully installed
************************

3.  Once installed, additional configuration may be needed to support syslog-ng in order to set the correct source in the configuration entry added by the IDS daemon.
    a.  Open /etc/syslog-ng/syslog-ng.conf and search for ^source, if it is defined as "src", no change is required, otherwise a change is required to the IDS daemon to correctly filter the syslog-ng system events. 
For example:
       # grep ^source /etc/syslog-ng/syslog-ng.conf
           source s_sys {

    b. Edit /opt/Symantec/scspagent/IDS/system/LocalAgent.ini, uncomment and change the line "Syslog NG Source" to the correct source  (e.g.  "Source NG Source=s_sys"). 
    c. Restart the IDS daemon with the following command:
        # /etc/init.d/sisidsagent restart