-
Installing Management Center for IDS Sensors 1.2 and Monitoring Center for Security 1.2
-
Preface
-
Product Overview
-
Installing, Upgrading, and Uninstalling IDS MC and Security Monitor on Windows
-
Installing, Upgrading, and Uninstalling IDS MC and Security Monitor on Solaris
-
Preparing to Use IDS MC and Security Monitor
-
Troubleshooting
-
Bootstrapping an IDS Sensor Running Cisco Intrusion Detection System Version 3.x Software
-
Initializing an IDS Sensor Running Cisco Intrusion Detection System Version 4.0 Software
-
Index
-
Table of Contents
Installing, Upgrading, and Uninstalling IDS MC and Security Monitor on SolarisSystem Requirements
Installing IDS MC and Security Monitor
Upgrading Existing Installations
Upgrading from IDS MC 1.1 to 1.2
Upgrading from Security Monitor 1.1 to 1.2
Upgrading from Security Monitor 1.1 to both IDS MC and Security Monitor 1.2
Upgrading from IDS MC 1.1 to both IDS MC and Security Monitor 1.2
Troubleshooting the Installation on Solaris
Installing, Upgrading, and Uninstalling IDS MC and Security Monitor on Solaris
This chapter describes how to install IDS MC and Security Monitor on the Sun Solaris operating system. It contains the following sections:
System Requirements
IDS MC and Security Monitor are components of the VPN/Security Management Solution (VMS). CiscoWorks Common Services 2.2 is required for IDS MC and Security Monitor to work. CiscoWorks Common Services 2.2 provides the CiscoWorks Server base components and software developed to support IDS MC and Security Monitor, including the necessary software libraries and packages. For more information, see Installation and Setup Guide for CiscoWorks Common Services 2.2 (Includes CiscoView 5.5) on Solaris.
 |
Note For information about all bundle features and their requirements, see CiscoWorks VPN/Security Management Solution Quick Start Guide. |
You can install IDS MC 1.2 and Security Monitor 1.2 from the VMS bundle CDs on Solaris. Table 3-1 shows the server requirements for Solaris systems.
Table 3-1 Server Requirements for Solaris
|
| 1 Solaris SPARC station or Sun Ultra 10 is the minimum hardware requirement. 2 Virtual Memory should be twice the Main Memory size. |
To verify the amount of available disk space in each of the specified partitions and directories, enter:
where directory is the partition or directory for which you want to check the available disk space.
Installing IDS MC and Security Monitor
This section describes how to install IDS MC and Security Monitor. You can install either IDS MC or Security Monitor, or you can install both.
|
Note For optimal performance, we recommend that you install IDS MC and Security Monitor on separate servers. |
This procedure assumes that you have already installed CiscoWorks Common Services 2.2.
To install IDS MC and/or Security Monitor, follow these steps:
Step 1 As root, mount the Monitoring Center for Security and Management Center for IDS Sensors CD into the CD-ROM using either of the following methods:
 |
Caution If you install the application from a remote mount point, network inconsistencies may cause installation errors. |
Step 2 Run the installation program.
where remotedir is the remote location where the CD-ROM is mounted.
The following message appears:
Press Enter to read the license agreement.
The following message appears at the end of the license agreement:
Do you accept all the terms of the preceding License Agreement? (y/n) [y]
Step 3 Enter y to accept the license and proceed with the installation.
Enter n to deny and stop the installation.
Step 4 Select one of the following:
Step 5 Select one of the items using its number or enter q to quit.
Step 6 Enter the IDS MC/Security Monitor Database Password and confirm it.
Step 7 If you select IDS Management Center (1), enter the following details:
Step 8 If you select Security Monitor (2), enter the following postoffice setting information:
If you select IDS Management Center + Security Monitor (3), you should enter the Host IP address twice—once for setting the IP address of the host system and again when entering postoffice settings.
During installation, a warning message is displayed if the /etc/system file is modified for tuning system parameters. You should reboot the system for the changes to the /etc/system file to take effect. If you do not reboot the system, IDS MC and Security Monitor may not work as expected.
You should enable and configure syslogd service for IDS_Receiver to receive syslog events from remote hosts.
After the installation is completed, Daemon Manager starts.
|
Note Error messages or warning messages appear if the required and recommended Solaris patches are not present on your system. Before running Security Monitor and IDS MC, download and install the most recent recommended patches from http://www.sunsolve.sun.com . |
If errors occurred during installation, check the installation log file: /var/tmp/ciscoinstall.log. Each installation appends to this file.
Upgrading Existing Installations
There are five different upgrade scenarios, described in the following sections:
Upgrading from IDS MC and Security Monitor 1.1 to 1.2
To upgrade from IDS MC and Security Monitor 1.1 to 1.2:
Step 1 As root, mount the Monitoring Center for Security and Management Center for IDS Sensors CD into the CD-ROM using either of the following methods:
|
Caution If you install the application from a remote mount point, network inconsistencies may cause installation error. |
Step 2 Run the installation program.
where remotedir is the remote location where the CD-ROM is mounted.
The following message appears:
Press Enter to read the license agreement.
The following message appears at the end of the license agreement:
Do you accept all the terms of the preceding License Agreement? (y/n) [y]
Step 3 Enter y to accept the license and proceed with the installation.
Enter n to deny and stop the installation.
Upgrade proceeds and the installation is completed.
Upgrading from IDS MC 1.1 to 1.2
To upgrade from IDS MC 1.1 to 1.2:
Step 1 As root, mount the Monitoring Center for Security and Management Center for IDS Sensors CD into the CD-ROM using either of the following methods:
|
Caution If you install the application from a remote mount point, network inconsistencies may cause installation errors. |
Step 2 Run the installation program.
where remotedir is the remote location where the CD-ROM is mounted.
The following message appears:
Press Enter to read the license agreement.
The following message appears at the end of the license agreement:
Do you accept all the terms of the preceding License Agreement? (y/n) [y]
Step 3 Enter y to accept the license and proceed with the installation.
Step 4 Enter 1.
Upgrade proceeds and the installation is completed.
Upgrading from Security Monitor 1.1 to 1.2
To upgrade from Security Monitor 1.1 to 1.2:
Step 1 As root, mount the Monitoring Center for Security and Management Center for IDS Sensors CD into the CD-ROM using either of the following methods:
|
Caution If you install the application from a remote mount point, network inconsistencies may cause installation errors. |
Step 2 Run the installation program.
where remotedir is the remote location where the CD-ROM is mounted.
The following message appears:
Press Enter to read the license agreement.
The following message appears at the end of the license agreement:
Do you accept all the terms of the preceding License Agreement? (y/n) [y]
Step 3 Enter y to accept the license and proceed with the installation.
Step 4 Enter 1.
Upgrade proceeds and the installation is completed.
Upgrading from Security Monitor 1.1 to both IDS MC and Security Monitor 1.2
When you upgrade Security Monitor 1.1 to 1.2, you have the option of installing IDS MC 1.2 at the same time. To upgrade from Security Monitor 1.1 to IDS MC and Security Monitor 1.2, follow these steps:
Step 1 As root, mount the Monitoring Center for Security and Management Center for IDS Sensors CD into the CD-ROM using either of the following methods:
|
Caution If you install the application from a remote mount point, network inconsistencies may cause installation errors. |
Step 2 Run the installation program.
where remotedir is the remote location where the CD-ROM is mounted.
The following message appears:
Step 3 Press Enter to read the license agreement.
The following message appears at the end of the license agreement:
Do you accept all the terms of the preceding License Agreement? (y/n) [y]
Step 4 Enter y to accept the license and proceed with the installation.
Step 5 Enter 2.
Upgrade proceeds and the installation is completed.
Upgrading from IDS MC 1.1 to both IDS MC and Security Monitor 1.2
When you upgrade IDS MC 1.1 to 1.2, you have the option of installing Security Monitor 1.2 at the same time. To upgrade from IDS MC 1.1 to IDS MC and Security Monitor 1.2:
Step 1 As root, mount the Monitoring Center for Security and Management Center for IDS Sensors CD into the CD-ROM using either of the following methods:
|
Caution If you install the application from a remote mount point, network inconsistencies may cause installation errors. |
Step 2 Run the installation program.
where remotedir is the remote location where the CD-ROM is mounted.
The following message appears:
Press Enter to read the license agreement.
The following message appears at the end of the license agreement:
Do you accept all the terms of the preceding License Agreement? (y/n) [y]
Step 3 Enter y to accept the license and proceed with the installation.
Step 4 Enter 2.
Upgrade proceeds and the installation is completed.
Uninstalling IDS MC and Security Monitor
This section describes how to uninstall IDS MC and Security Monitor on Solaris. You can uninstall either IDS MC or Security Monitor, or you can uninstall both.
To uninstall IDS MC or Security Monitor, or both, follow these steps:
Use the uninstall script to remove IDS MC and Security Monitor files and settings.
|
Caution You must use the uninstall script to remove the product. If you try to remove IDS MC or Security Monitor or any of their components manually, you may damage your system. |
To uninstall IDS MC and/or Security Monitor:
Step 1 As root, enter the following commands to start the uninstall script:
where /opt/CSCOpx is the default installation directory.
The following list of components appears:
Enter the number corresponding to the uninstall option you require or press q to quit. You can select more than one component; if you do, use commas to separate the numbers corresponding to the components.
The uninstall script lets you confirm whether you want to uninstall each selected component.
Step 2 Enter y to confirm the uninstallation of the selected component or components.
|
Note The /etc directory contains all system file changes. The uninstall messages are written to the /var/tmp/ciscouninstall.log file. |
After the uninstall is complete, the following message appears:
Troubleshooting the Installation on Solaris
This section provides troubleshooting information for IDS MC and Security Monitor on Solaris. It contains the following sections:
Understanding IDS MC and Security Monitor Installation Messages
Table 3-2 shows installation messages, their probable causes, and possible solutions.
Table 3-2 Installation Messages
Frequently Asked Questions (FAQs)
The following FAQs will help you with troubleshooting while installing IDS MC and Security Monitor on Solaris:
- How does the Monitoring Center receive syslog events from concerned devices?
- Can I configure the log file from which the receiver reads events?
- How can I prune the log file from which the receiver reads events?
- Running the IDS MC utilities (IdsPruning, RxSyslogConf, etc) throws errors. What do I do?
- After stopping the daemons, IDS MC processes do not release the semaphores. What do I do?
- Can I use SSH keys for IDS MC Config Transaction?
Q. How does the Monitoring Center receive syslog events from concerned devices?
A. IDS MC does not listen on UDP port 514 to capture syslog events. It relies on the unix syslogd service to capture the events.
The installation of Security Monitor will configure the /etc/syslog.conf to redirect the relevant events to a log file. Security Monitor reads the events from the log file. The syslogd service should be enabled and configured to receive events from remote hosts.
Q. Can I configure the log file from which the receiver reads events?
A. Yes. You can configure the log file. Use the utility RxSyslogConf, which is available in /opt/CSCOpx/MDC/bin/ids directory as follows:
RxSyslogConf -c<filename with fullpath>
The utility will configure the /etc/syslog.conf file also, so that the syslogd service can dump the events in the new log file.
Q. How can I prune the log file from which the receiver reads events?
A. Use the command RxSyslogConf -p. Do not edit the file manually.
Q. Running the IDS MC utilities (IdsPruning, RxSyslogConf, etc) throws errors. What do I do?
A. The environment settings need to be set to run the MC utilities. Source the profile scripts available in /opt/CSCOpx/MDC/bin/ids/ directory (ids.cshrc for csh and ids.profile for ksh,sh) before running the utilities.
Q. After stopping the daemons, IDS MC processes do not release the semaphores. What do I do?
A. If daemon manager could not terminate the IDS MC processes properly, the unwanted semaphores may still exist in the system. Run the script /opt/CSCOpx/MDC/bin/ids/rsema.sh to remove the stray semaphores. Do not run the script while IDS MC processes are running.
Q. Can I use SSH keys for IDS MC Config Transaction?
A. Yes. When adding a sensor to IDS MC, you need to provide the sensor password or passphrase for the public key communication. You need to generate the key using the script in the <Install Dir>/MDC/bin/ids/secure_comm directory.