How to modify your BASH profile in a RHEL environment to make managing DLP more user friendly.
Profile to Modify:
~/.bash_profile - Use this profile to modify the user specific profile
~/.bashrc - Use this profile to modify the global profile that would apply to ALL users.
- To modify this profile, simply open the file in the editor of your choice (nano ~/.bashrc).
First, we recommend exporting the following lines for an Enforce Server, you may need to update your paths/names for your environment...
ORACLE_HOME is required, JAVA_HOME is not required, but is recommended, JAVA_HOME should be set for both Enforce and for Detection Servers. ORACLE_SID and LD_LIBRARY_PATH are related to Oracle, and while they should not be required, we do sometimes find that they need to be set, for a Detection Server these would not be necessary. The final export is for the PATH variable. Java should be placed first, so it is detecting the correct version in case you have multiple versions installed. Then Oracle should be set next, then the standard RHEL variables. The order for the PATH variable is important as that is also the order of execution where each path will be checked.
The next two items are related to modifying the BASH profile, this makes it easier to get in and make modifications and reload your profile. I highly recommend including these options...
alias editprofile='nano ~/.bashrc'
alias reloadprofile='source ~/.bashrc'
Next time you wish to edit the profile you can now simply enter "editprofile" in the command line and it will automatically pull up the file. I show "nano" as the editor in the above command, but you can use any text editor such as "vi" if preferred. After any changes are made to the profile, you need to reload the profile before they take effect. With these commands setup you can simply enter "reloadprofile" and it will reload the profile for you and your commands are now immediately ready to be executed.
The next series of items are specifically related to DLP, and may need to be adjusted for the version you are on...
alias dlpinstallers='cd /DLPInstallers'
alias dlphome='cd /opt/Symantec/DataLossPrevention/EnforceServer/15.8.00000/Protect'
alias dlpconfig='cd /opt/Symantec/DataLossPrevention/EnforceServer/15.8.00000/Protect/config'
alias dlptomcat='cd /opt/Symantec/DataLossPrevention/EnforceServer/15.8.00000/Protect/tomcat'
alias dlplogs='cd /var/log/Symantec/DataLossPrevention/EnforceServer/15.8.00000'
alias dlpincidents='cd /var/Symantec/DataLossPrevention/ServerPlatformCommon/15.8.00000/incidents'
alias dlpkeystore='cd /var/Symantec/DataLossPrevention/EnforceServer/15.8.00000/keystore'
alias dlplicense='cd /var/Symantec/DataLossPrevention/EnforceServer/15.8.00000/license'
These are commonly accessed locations, that you can now simply call by keyword instead of having to remember specific paths. 'dlpinstallers' is the temporary location where you download all of the installer packages when preparing to install or upgrade your environment. This helps make the installation and upgrade process a little easier. Entering 'dlphome' will take you to the protect directory, or you can use 'dlpconfig' to take you straight to the config directory, etc... As you can see many of these paths are version specific, after an upgrade, simply update these paths as necessary so they are pointing to the correct version.
Here we can see that a simple key command will send us to completely different locations, making it much easier to navigate where you need within DLP.
The next set of alias's are for the services, to make checking, stopping, starting, and restarting the services much easier to work with. No need to manually stop/start services, or to run a script, simply call the necessary command...
alias dlpservices='service --status-all | grep Symantec\ DLP'
alias dlpstop='service SymantecDLPDetectionServerControllerService stop;service SymantecDLPIncidentPersisterService stop;service SymantecDLPManagerService stop;service SymantecDLPNotifierService stop'
alias dlpstart='service SymantecDLPNotifierService start;service SymantecDLPManagerService start;service SymantecDLPIncidentPersisterService start;service SymantecDLPDetectionServerControllerService start'
alias dlprestart='service SymantecDLPNotifierService restart;service SymantecDLPManagerService restart;service SymantecDLPIncidentPersisterService restart;service SymantecDLPDetectionServerControllerService restart'
The first thing to note is that these commands should work for any version between 15.5 - 15.8. These will probably also work with 16.0, but I have not tested these specifically on 16.0 at this time.
'dlpservices' will show you the current status of the DLP Services...
'dlpstop' will obviously stop all of the services in the correct order...
'dlpstart' will start all services in the correct order...
'dlprestart' will restart all of the services...
Below is a screenshot of the ~/.bash_profile from one of my labs to show you an example of what this might look like...