How to install SCSP agent on Windows, UNIX and Solaris

Article:TECH190162  |  Created: 2012-06-01  |  Updated: 2012-08-26  |  Article URL http://www.symantec.com/docs/TECH190162
Article Type
Technical Solution



Issue



You would like to know how to install SCSP agent on Windows, UNIX and Solaris.


Solution



Overview

  1. How to install Windows agent,
  2. How to install UNIX agent,
  3. How to install Solaris agent,
  4. Agent status after installation,
  5. How to change the configuration of an agent.

Descriptive steps

The installation of the CSP agent is quite easy to perform on all platforms. However, there are a few prerequisites before installing.

For all operating systems, the port 443 and 2222 must be opened for the agent to register and communicate with the Management Server.

List of CSP agent installation files:

1) How to install Windows agent:

To see the list of supported Windows Operating Systems, refer to the SCSP_Platform_Feature_Matrix.pdf.

There is a single installation file for Windows agent which is the agent.exe file.

a. Export the agent.exe file and the agent-cert.ssl file (agent certificate) on the Windows server,

b. Double click the agent.exe to start the installation:

c. Specify the agent name and enable/disable IPS:

d. Specify the Primary Management Server Hostname/IP address as well as the location of the agent-cert.ssl file:

e. Review the CSP agent configuration:

f. Complete the installation process.

Note: A restart of the Windows Server is required if IPS is set to Enabled.

2) How to install UNIX agent:

To see the list of supported UNIX Operating Systems, refer to the SCSP_Platform_Feature_Matrix.pdf.

Prerequisite: Disable SELinux/AppArmor/TrustedAIX prior installing.

a. Export the agent-<UNIX>-<platform>.bin file and the agent-cert.ssl file (agent certificate) on the UNIX server.

Note: In this example, the binary and certificate files have been placed in the /tmp folder.

b. Run the binary file to start the agent installation.

c. Accept the Agreement.

d. Specify the Primary Management Server Hostname/IP address, the certificate path and the agent name.

e. Review the CSP agent configuration.

f. Complete the installation process.

Note: A restart of the UNIX Server is required if IPS is set to Enabled.

3) How to install Solaris agent:

To see the list of supported Solaris Systems, refer to the SCSP_Platform_Feature_Matrix.pdf.

Prerequisite: Disable Kerberos prior installing.

a. Export the agent-solarisXX-<platform>.bin file and the agent-cert.ssl file (agent certificate) on the Solaris server,

Note: In this example, the binary and certificate files have been placed in the /tmp folder.

b. Change the permissions for the binary file:

c. Run the binary file to start the agent installation:

d. Accept the Agreement:

e. Specify the Primary Management Server Hostname/IP address, the certificate path and the agent name:

f. Review the CSP agent configuration and press ENTER to complete the installation:

Note: A restart of the Solaris Server is required if IPS is set to Enabled.

4) Agent status after installation:

After the installation, the CSP agent shows up in the SCSP Management Console as Online. However, from the Pevention View tab, the agent displays the status "Pending restart" as shown below as long as the agent has not been restarted:

After the restart of the agent, the "Pending restart" status is replaced by the crossed shield icon, status "Unprotected":

This icon indicate that IPS is well enabled with the default "sym_win_null_sbp".

However, if IPS has been disabled during the installation of the agent, the agent shows the status

5) How to review/change the configuration of an agent:

Windows agents

The sisipsconfig is located in C:\Program Files\Symantec\Critical System Protection\Agent\IPS\bin and can be run as Administrator and Standard user. 

Example:

sisipsconfig -test

UNIX and Solaris agents

The sisipsconfig.sh is located in /opt/Symantec/scspagent/IPS/ and it is required to SU sisips user from root to use the tool.

Example:

./sisipsconfig.sh -test

Some of the most useful commands:

-t (-test) to test the connection from the agent to the Management Server.

-view to see the current settings of the agent.

-c (-certfile) to replace the agent certificate file.

-forcereg to force the agent to re-register with the Managemtn Server.

For more details on the Agent Configuration Tool and its commands, refer to the article "How to use the SCSP Agent Configuration Tool"


Attachments

SCSP_Platform_Feature_Matrix.pdf (376 kBytes)


Article URL http://www.symantec.com/docs/TECH190162


Terms of use for this information are found in Legal Notices