The SecurityExpressions and the AuditExpress agent uses port 9002 by default, how can I change this port?

Answer

 This information covers the agent for both SecurityExpressions and AuditExpress.

Background

By default, the Security Expressions (SE) console and distributed Windows^Tm  and Unix agents communicate via SSL over port 9002.  If necessary, you can customize the ports that are used within your environment for this communication.  You would generally need to do this if your firewall were blocking the default port and you did not want to configure an exception, or if you had a port conflict with another application.

This document explains how you change the port used by Security Expressions and the agent software.  It assumes that you already have the Security Expressions console and the agent software installed.  For more information on installing Security Expressions Agents, see the on-line help or the document titled, Installing the Unix Agent.

Procedure

The method by which you can change the default port used by the SE console to communicate with a distributed agent is to add a specific registry key to the workstation on which the console is installed.  You then need to ensure that the agent is started with the appropriate start up flags to tell it to listen on the correct port.

To accomplish this, do the following:

1.      On the workstation where SE is installed, go to the following registry key container:

HKEY_LOCAL_MACHINE\SOFTWARE\Altiris\Security Management\SecurityExpressions\Options

2.      Create a new DWORD entry called UsePort.

3.      Set the value of the object to the port number that you wish to use. Next time you start Security Expressions, it will attempt to connect to agent based targets on this port.

4.      Next, you need to edit the way the agent starts by specifying a specific port number.  For the windows agent, find the following registry entry for the agent:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SEAGENT\ImagePath

5.      Change the value of this entry from:

"C:\WINDOWS\system32\SEAGENT.EXE" –service

to,

"C:\WINDOWS\system32\SEAGENT.EXE" –service –port <port num>

where <port num> is the port you would like the agent to listen on.

6.      Start and stop the agent service.

7.      For the Unix agent, you need to edit the init script that starts the agent so that the port is explicitly specified.  If you followed the normal install procedure, find the file:  /etc/init.d/pedagent.

8.      From the /etc/init.d directory, stop the agent by executing the command ./pedagent stop.

9.      Edit the seagent file and change the line that reads:

/usr/sbin/pedagent&

to,

/usr/sbin/pedagent –port <port num> &

where <portnum> is the port you would like the agent to listen on.

10.  Restart the agent by executing the command ./pedagent start.