Data Loss Prevention

 View Only
  • 1.  Unix Filesystem Scanning

    Posted Nov 13, 2012 02:23 PM

    I'm trying to do a unix filesystem scan (RedHat ES 4) using 11.6.  I've installed the scan tool,  setup a discover target and started the target scan,  then started the FileSystemScanner_Console command.  Nothing seems to be happening though.

     

    My console just shows:

    Nov 13, 2012 1:53:07 PM com.vontu.autonomy.controller.ScannerController main
    INFO: starting ScannerController with args: ./../config/ScannerController.properties
    Nov 13, 2012 1:53:09 PM com.vontu.autonomy.controller.ScannerController cleanWorkingDir
    INFO: cleaning working directory: /opt/FileSystemScanner/bin/Clean
    Nov 13, 2012 1:53:13 PM com.vontu.autonomy.controller.ScannerController logReader
    INFO:

    Nov 13, 2012 1:53:15 PM com.vontu.autonomy.controller.ContentCollectorController start
    INFO: starting ContentCollectorController
    Nov 13, 2012 1:53:15 PM com.vontu.autonomy.controller.ProcessWrapper start
    INFO: starting ProcessWrapper; command = /opt/FileSystemScanner/scanner/VontuFileSystemScanner.exe; image name = VontuFileSystemScanner.exe
     

    All the processes seem to be running:

    root     30458 19398  0 13:52 pts/147  00:00:00 /bin/sh /usr/local/bin/FileSystemScanner_Console
    root     30504 30458  0 13:52 pts/147  00:00:00 /opt/FileSystemScanner/jre/bin/java -Dinstall4j.jvmDir=/opt/FileSystemScanner/jre -Dexe4j.moduleName=/opt/FileSystemScanner/bin/FileSystemScanner_Console -Djava.util.logging.config.file=./../config/ScannerControllerLogging.properties -Di4j.vmov=true -Di4j.vmov=true -Di4j.vmov=true -Di4j.vmov=true -Di4j.vmov=true -classpath /opt/FileSystemScanner/.install4j/i4jruntime.jar:/opt/FileSystemScanner/lib/jar/discoverconnectorcontroller.jar com.install4j.runtime.Launcher launch com.vontu.autonomy.controller.ScannerController false false   true true false  true true 0 0  20 20 Arial 0,0,0 8 500 version 11.6 20 40 Arial 0,0,0 8 500 -1 ./../config/ScannerController.properties
    root     30948 30504  0 13:53 pts/147  00:00:06 /opt/FileSystemScanner/scanner/VontuFileSystemScanner.exe

    I've validated that port 8090 is opening and listening on the Discover server and that I can connect to it from the redhat box.

    The scan started over 20 minutes ago and I've had no activity since.  Can anyone help shead some light on this for me?  Where should I be looking for why it's stalled?  I don't see updates to any of the files or logs under /opt/FileSystemScanner since the scan started.



  • 2.  RE: Unix Filesystem Scanning

    Posted Dec 06, 2012 01:40 AM

     

    Hi Joe,
    Please refer below you will get some idea to resolve the issue
     
    The following remote Windows systems can be scanned:
    ■ Windows 2000
    ■ Windows 2003, 32-bit
    ■ Windows XP, 32-bit
    The following Linux file systems can be scanned:
    ■ x86 32-bit, Red Hat Enterprise Linux AS 4
     

     

    File systems on UNIX systems can also be scanned using the SFTP protocol. This
    protocol provides a method similar to share-based file scanning, instead of using
    the File System Scanner. Contact Symantec Professional Services for details.
     
    The File System Scanner must be installed on the computer with the file system
    you want to scan.
    On Linux, AIX, and Solaris, the root user must install the scanner.If a user other than the one who installed the scanner wants to run it, permissions must be changed. On Linux, AIX, and Solaris, appropriate permissions must be given to the directories and files.
     
    To install the file system scanner
     
    1 On the computer with the file system to scan, download or copy (as binary) the relevant installation file to a temporary directory. The file is located in the
     
    DLPDownloadHome\Symantec_DLP_11_Win\Scanners or
    DLPDownloadHome/Symantec_DLP_11_Lin/Scanners directory, where
    DLPDownloadHome is the name of the directory in which you unzipped the
    Symantec Data Loss Prevention software.The file is one of the following file names:
     
    ■ FileSystemScanner_Unix_11.0.sh (for Linux systems)

     



  • 3.  RE: Unix Filesystem Scanning

    Posted Jan 23, 2013 07:03 PM
    Hi All, i am basically facing the same issue while scanning AIX and HPUX boxes using the DLP scanner solutioin. The DLP 11.6.1 Admin guide clearly states "File systems on UNIX systems can also be scanned using the SFTP protocol. This protocol provides a method similar to share-based file scanning, instead of using the File System Scanner. Contact Symantec Professional Services for details." But there is no documentation available to get this done. SFTP is the most basic and commonly used method of file acces and symantec should be helping their customers to get this implemented. Any help in this regard will be appreciated.