Scm51 Install Client

Tivoli Security Compliance Manager
Version 5.1
Installation Guide: Client Component
GC32-1593-00
Tivoli Security Compliance Manager
Version 5.1
Installation Guide: Client Component
GC32-1593-00
Note Before using this information and the product it supports, read the information in Notices, on page 29.
First Edition (May 2004) This edition applies to version 5, release 1, modification 0 of IBM Tivoli Security Compliance Manager (product number 5724-F82) and to all subsequent releases and modifications until otherwise indicated in new editions. Copyright International Business Machines Corporation 2003, 2004. All rights reserved. US Government Users Restricted Rights Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
Contents
Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . v
Who should read this book . . . . . . . . . What this book contains . . . . . . . . . . Publications . . . . . . . . . . . . . . IBM Tivoli Security Compliance Manager library . Related publications . . . . . . . . . . Accessing publications online . . . . . . . Accessibility . . . . . . . . . . . . . . Tivoli technical training . . . . . . . . . . Contacting software support . . . . . . . . Conventions used in this book . . . . . . . . Typeface conventions . . . . . . . . . . Operating system differences . . . . . . . v v v v . . . . . . . . . . . . . . . . . . . . . vi . . . . . . . . . . . . . . . . . . . . . vi . . . . . . . . . . . . . . . . . . . . . vii . . . . . . . . . . . . . . . . . . . . . vii . . . . . . . . . . . . . . . . . . . . . vii . . . . . . . . . . . . . . . . . . . . . vii . . . . . . . . . . . . . . . . . . . . . vii . . . . . . . . . . . . . . . . . . . . . vii . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Chapter 1. Installation overview . . . . . . . . . . . . . . . . . . . . . . . . . 1

Supported operating systems . Software prerequisites . . . Disk and memory requirements Disk and memory requirements CD Layout . . . . . . . . . . . . . . . . . . . . . . . . . for client and collectors . for proxy relay. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 2 2 3 3
Chapter 2. Installing the Tivoli Security Compliance Manager client . . . . . . . . . . 5

Before you begin . . . . . . . . . . . . . . Using the InstallShield MultiPlatform Package to Install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 . 5
Chapter 3. Uninstalling Tivoli Security Compliance Manager. . . . . . . . . . . . . 17

Before you begin . . . . . . . . . . . . . . Using the InstallShield MultiPlatform package to uninstall Console mode Uninstallation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 . 17 . 22
Chapter 4. Alternate installation methods . . . . . . . . . . . . . . . . . . . . . 25

Silent install . . . . . Console mode installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 . 26
Chapter 5. Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Installing with an alternate temporary directory . Files left in temporary directory . . . . . . Logging during installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 . 27 . 27
Appendix. Notices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Trademarks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33 Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Copyright IBM Corp. 2003, 2004
iii
iv
Tivoli Security Compliance Manager: Installation Guide: Client Component
Preface
The IBM Tivoli Security Compliance Manager Installation Guide: Client Component book explains how to install and configure the IBM Tivoli Security Compliance Manager client software. Tivoli Security Compliance Manager is a data collection service that gathers and stores a wide variety of information from multiple participating systems. Information types can include any data on a system, such as operating system versions, software patch levels, and security-related data. System and security administrators can use the Tivoli Security Compliance Manager service to monitor specific data checkpoints on any given machine (or group of machines).
Who should read this book

The target audience for this installation guide includes: v Security administrators v System administrators
What this book contains

This document contains the following chapters: v Chapter 1, Installation overview, on page 1 describes the prerequisites for Tivoli Security Compliance Manager. v Chapter 2, Installing the Tivoli Security Compliance Manager client, on page 5 describes how to install the client. v Chapter 3, Uninstalling Tivoli Security Compliance Manager, on page 17 describes how to remove any of the Tivoli Security Compliance Manager system components. v Chapter 4, Alternate installation methods, on page 25 describes how to install in silent mode using a response file to provide input or in console mode. v Chapter 5, Troubleshooting, on page 27 describes solutions for problems that you might encounter during the installation of Tivoli Security Compliance Manager.
Publications
Read the descriptions of the IBM Tivoli Security Compliance Manager library, the prerequisite publications, and the related publications to determine which publications you might find helpful. After you determine the publications you need, refer to the instructions for accessing publications online.
IBM Tivoli Security Compliance Manager library

The publications in the IBM Tivoli Security Compliance Manager library are: v IBM Tivoli Security Compliance Manager Installation Guide: All Components (GC32-1592-00) Explains how to install and configure Tivoli Security Compliance Manager software. v IBM Tivoli Security Compliance Manager Installation Guide: Client Component (GC32-1593-00)
Explains how to install and configure the Tivoli Security Compliance Manager client component software. IBM Tivoli Security Compliance Manager Administration Guide (SC32-1594-00) Explains how to manage and configure Tivoli Security Compliance Manager services using the administration console. IBM Tivoli Security Compliance Manager Collector Development Guide (SC32-1595-00) Explains how to design and implement custom Tivoli Security Compliance Manager collectors. IBM Tivoli Security Compliance Manager Warehouse Enablement Pack, Version 1.1 Implementation Guide for Tivoli Data Warehouse, Version 1.2 (SC32-1596-00) Explains how to integrate Tivoli Security Compliance Manager with Tivoli Data Warehouse. IBM Tivoli Security Compliance Manager Release Notes (GI11-4695-00) Provides late-breaking information, such as software limitations, workarounds, and documentation updates.
Related publications
This section lists publications related to the Tivoli Security Compliance Manager library. The Tivoli Software Library provides a variety of Tivoli publications such as white papers, datasheets, demonstrations, redbooks, and announcement letters. The Tivoli Software Library is available on the Web at: http://www.ibm.com/software/tivoli/library/ The Tivoli Software Glossary includes definitions for many of the technical terms related to Tivoli software. The Tivoli Software Glossary is available, in English only, from the Glossary link on the left side of the Tivoli Software Library Web page http://www.ibm.com/software/tivoli/library/
IBM DB2 Universal Database

IBM DB2 Universal Database is required when using Tivoli Security Compliance Manager. Additional information about DB2 can be found at: http://www.ibm.com/software/data/db2/
Accessing publications online

The publications for this product are available online in Portable Document Format (PDF) or Hypertext Markup Language (HTML) format, or both in the Tivoli software library: http://www.ibm.com/software/tivoli/library To locate product publications in the library, click the Product manuals link on the left side of the library page. Then, locate and click the name of the product on the Tivoli software information center page. Product publications include release notes, installation guides, users guides, administrators guides, and developers references. Note: To ensure proper printing of PDF publications, select the Fit to page check box in the Adobe Acrobat Print window (which is available when you click File Print).
vi
Accessibility
Accessibility features help a user who has a physical disability, such as restricted mobility or limited vision, to use software products successfully. You can use assistive technologies to hear and navigate the product documentation. You also can use the keyboard instead of the mouse to operate some features of the graphical user interface.
Tivoli technical training

For Tivoli technical training information, refer to the IBM Tivoli Education Web site: http://www.ibm.com/software/tivoli/education.
Contacting software support

Before contacting IBM Tivoli Software Support with a problem, refer to the IBM Tivoli Software Support site by clicking the Tivoli support link at the following Web site: http://www.ibm.com/software/support/ If you need additional help, contact software support by using the methods described in the IBM Software Support Guide at the following Web site: http://techsupport.services.ibm.com/guides/handbook.html The guide provides the following information: v Registration and eligibility requirements for receiving support v Telephone numbers, depending on the country in which you are located v A list of information you should gather before contacting customer support
Conventions used in this book

This reference uses several conventions for special terms and actions and for operating system-dependent commands and paths.
Typeface conventions
The following typeface conventions are used in this reference: Bold Lowercase commands or mixed case commands that are difficult to distinguish from surrounding text, keywords, parameters, options, names of Java classes, and objects are in bold. Variables, titles of publications, and special words or phrases that are emphasized are in italic. Code examples, command lines, screen output, file and directory names that are difficult to distinguish from surrounding text, system messages, text that the user must type, and values for arguments or command options are in monospace.
Italic Monospace
Operating system differences

This book uses the UNIX convention for specifying environment variables and for directory notation. When using the Windows command line, replace $variable with %variable% for environment variables and replace each forward slash (/) with a backslash (\) in directory paths. If you are using the bash shell on a Windows system, you can use the UNIX conventions.
Preface
vii
viii
Chapter 1. Installation overview

This chapter lists the supported operating systems, prerequisites, and disk and memory requirements for IBM Tivoli Security Compliance Manager. It also suggests important things you should consider before you begin the product installation.
Supported operating systems

The following table lists the supported operating systems for the Tivoli Security Compliance Manager client software. See IBM Tivoli Security Compliance Manager Installation Guide: All Components for information on installing other components. Note: Unless otherwise noted, for Linux systems only Intel, IA32 is supported.
Table 1. Clients, collectors, and proxy relay Operating system AIX AIX HP-UX HP-UX Red Hat Linux Red Hat Linux Red Hat Linux Red Hat Linux Red Hat Linux Red Hat Linux Red Hat Linux Sun Solaris Sun Solaris Sun Solaris Sun Solaris Windows NT Windows NT Windows 2000 Windows 2000 Windows 2000 Windows XP Windows 2003
Level 5.1 5.2 11.0 11i 6.2 7.0 7.1 7.2 7.3 8.0 9.0 2.6 2.7 2.8 2.9 4.0 Server 4.0 Workstation Server Advanced Server Professional Professional Server Standard Edition and Enterprise Edition
Patch/maintenance level Latest cumulative patches Latest cumulative patches Latest cumulative patches Latest cumulative patches Latest cumulative patches Latest cumulative patches Latest cumulative patches Latest cumulative patches Latest cumulative patches Latest cumulative patches Latest cumulative patches Latest cumulative patches Latest cumulative patches Latest cumulative patches Latest cumulative patches Latest service pack and security roll up package Latest service pack and security roll up package Latest service pack and security roll up package Latest service pack and security roll up package Latest service pack and security roll up package Latest service pack and security roll up package Latest service pack and security roll up package
Table 1. Clients, collectors, and proxy relay (continued) Operating system Red Hat Enterprise Linux Red Hat Enterprise Linux Advanced Server Level 2.1 3.0 (see note below) Patch/maintenance level Latest cumulative patches Latest cumulative patches Latest cumulative patches Latest cumulative patches Latest cumulative patches Latest cumulative patches Latest cumulative patches Latest cumulative patches Latest cumulative patches Latest cumulative patches
Red Hat Enterprise Linux for 3.0 zSeries Red Hat Enterprise Linux for 3.0 iSeries or pSeries Red Hat Enterprise Linux for 7.2 zSeries Red Hat Enterprise Linux Advanced Server SUSE LINUX SUSE LINUX Enterprise Server SUSE LINUX Enterprise Server for zSeries SUSE LINUX Enterprise Server for iSeries or pSeries 2.1 7.0 8 8 8
Note: The Red Hat Enterprise Linux Advanced Server 3.0 platform can only be installed using the console mode in Japanese. Please see Console mode installation on page 26 for more information on how to perform a console mode install.
Software prerequisites
All UNIX-based and Linux systems must have full X Windows (X11) support in place for the installation to run correctly, regardless of whether or not the system contains a graphics card. See the installation media for the systems operating system to install X Windows (X11). The following table lists the software prerequisites for the HP-UX client.
Table 2. Client, collectors, and proxy relay software prerequisites Operating system HP-UX 11.0, 11i Requirements Java Runtime Environment (JRE) 1.3.1
Disk and memory requirements for client and collectors

The following table lists the disk and memory requirements for the Tivoli Security Compliance Manager client and collectors.
Table 3. Disk and memory requirements for Tivoli Security Compliance Manager client Client Platform Disk Requirements for Installation Directory 64 MB 64 MB Disk Requirements for Temporary Directory 45 MB 6 MB Memory Requirements 75 MB RAM 75 MB RAM
AIX HP-UX
Table 3. Disk and memory requirements for Tivoli Security Compliance Manager client (continued) Client Platform Disk Requirements for Installation Directory 64 MB 64 MB 64 MB Disk Requirements for Temporary Directory 46 MB 65 MB 44 MB Memory Requirements 75 MB RAM 75 MB RAM 75 MB RAM
Linux Solaris Windows
Note: The HP-UX platform values in the table are much smaller than the other platform values because the Java Runtime Environment is not packaged with the HP-UX client.
Disk and memory requirements for proxy relay

The following table lists the disk and memory requirements for the Tivoli Security Compliance Manager client with the proxy relay collector.
Table 4. Disk and memory requirements for Tivoli Security Compliance Manager proxy relay Client Platform Disk Requirements for Installation Directory 64 MB Disk Requirements for Temporary Directory 45 MB Memory Requirements 256 MB RAM minimum, 512 MB RAM recommended 256 MB RAM minimum, 512 MB RAM recommended 256 MB RAM minimum, 512 MB RAM recommended 256 MB RAM minimum, 512 MB RAM recommended 256 MB RAM minimum, 512 MB RAM recommended
AIX
HP-UX
64 MB
6 MB
Linux
64 MB
46 MB
Solaris
64 MB
65 MB
Windows
64 MB
44 MB
Note: The HP-UX platform values in the table are much smaller than the other platform values because the Java Runtime Environment is not packaged with the HP-UX client.
CD Layout
The Tivoli Security Compliance Manager 5.1 CD contains the following files and directories: v /policies/Network_AIX.pol v /policies/System_AIX.pol v /policies/Network_Windows.pol v /policies/System_Windows.pol v scm_aix
Chapter 1. Installation overview
v v v v v v v
scm_hp11 scm_linux scm_linux390 scm_linuxppc scm_solaris scm_win32.exe scminstall.jar
The scm_aix, scm_hp11, scm_linux, scm_linux390, scm_linuxppc, scm_solaris, scm_win32.exe and scminstall.jar are the InstallShield executables and .jar file needed to install Tivoli Security Compliance Manager.
Chapter 2. Installing the Tivoli Security Compliance Manager client

This chapter describes how to install the Tivoli Security Compliance Manager client.
Before you begin

Before you install the client: v If you are reinstalling the client, stop it before you attempt to reinstall it. See Using the InstallShield MultiPlatform package to uninstall on page 17 for more information. v You will need the host name and port number of the Tivoli Security Compliance Manager server that the client will connect to. v If you will install the client on a HP-UX system that is using Japanese as its language, use the console mode installation or enter export LANG=C in your command window prior to using the ISMP install. For more information on the console mode installation, see Chapter 4, Alternate installation methods, on page 25. v If you will install the client on a Linux for zSeries system or on a Linux for 390 system, these systems do not come with a CD-ROM drive. You must load the CD on a workstation that has a CD-ROM and NFS mount it to the Linux system, or FTP the scm_linux390 and scminstall.jar files to the Linux system. v If you will install the client on a Linux for zSeries system, you must connect to the Linux for zSeries installation file with a system that supports an X server, or use the console mode when installing. See Console mode installation on page 26 for more information on using the console mode install. v The Red Hat Enterprise Linux Advanced Server 3.0 platform can only be installed using the console mode in Japanese. Please see Console mode installation on page 26 for more information on how to perform a console mode install. v For installations on UNIX-based or Linux platforms, set the umask to 022 for the Tivoli Security Compliance Manager files to be installed with the correct permissions for operations. If the umask is set to another value, the install will complete but the product will not run. v For more information on alternative installation methods, including silent and console mode installations, see Chapter 4, Alternate installation methods, on page 25. Additional client installation requirements are listed on the Welcome window of the installation program.
Using the InstallShield MultiPlatform Package to Install

Tivoli Security Compliance Manager uses the InstallShield MultiPlatform (ISMP) tool for installation on all supported client platforms. See Chapter 1, Installation overview, on page 1 for a complete list of supported client platforms. Through the use of ISMP, a Java-based installation tool, a common look and feel for installation is provided regardless of your operating system. Configuration
questions are provided by the installation, and a simple configuration is performed during installation to get you up and running quickly. In addition to the regular product installation package, a stand-alone ISMP client installation package is provided. This client-only installation is very similar to the regular product installation, but contains fewer screens. Differences between the regular and client-only installation packages are indicated throughout the installation procedure. When you use ISMP to install the Tivoli Security Compliance Manager client, you will follow these steps regardless of your operating system: 1. Run the installation executable. The list of the platform-specific installation executables is located in Chapter 1, Installation overview, on page 1. A startup window for the Java Virtual Machine, JVM, is displayed while the JVM is loaded. 2. The Language Selection window is displayed. Select a language for the installation. Click OK.
Figure 1. Language Selection
3. The installation Welcome window is displayed. This window lists all the required information for each Tivoli Security Compliance Manager component; use the scroll bar to display the required information for the component you will be installing. Click Next. Note: This window is not displayed in the client-only installation.
Figure 2. Installation Welcome window
4. The software license agreement is displayed. Accept the agreement and click Next to continue.
5. The Installation Directory Location window is displayed. The Tivoli Security Compliance Manager client code is installed in the /opt/IBM/SCM directory on UNIX-based platforms and the Linux platforms, and in the C:\Program Files\IBM\SCM directory on Windows. Enter a different installation location in this window if you do not want to use the default directory. Click Next. Note: If you have already installed another Tivoli Security Compliance Manager component, or are reinstalling the client, the Installation Directory Location window will not be displayed. The installation program will automatically install the client to the same location as the previously installed components.
Figure 3. Installation Directory Location window
6. The System Component Selection window is displayed. After the system component selection window opens, you will be able to continue your installation based on the system component you have selected. Select IBM Tivoli Security Compliance Manager Client and click Next. Note: This window is not displayed in the client-only installation.
Figure 4. System Component Selection window Client
7. For client installations on the HP-UX platform, the Java Runtime Location window is displayed. Enter the directory that contains the 1.3.1 JVM, and click Next.
Figure 5. HP-UX Java Runtime Location window
10
8. The Client Communication Mode Configuration window is displayed. Enter the client connection port, and the client communications mode. There are two communication modes: Push Pull A client that permits communication with the server to be initiated by either the client or the server.
A client that permits communication with the server to be initiated by only the server. Defining a client as a push client permits communication with the server to be established by either the client or the server. In some network environments, however, inbound connections to the server might not be permitted. In these cases, defining the client as a pull client forces the server to initiate all communications with the client. Pull clients are generally needed when the server is located behind a firewall. To install a push client, select Push and click Next. To install a pull client, select Pull, click Next, and proceed to Step 11 on page 14.
Figure 6. Client Communication Mode Configuration window
11
9. The Server Communication Configuration window is displayed. Enter the Tivoli Security Compliance manager server host name and connection port for server and client communications. Select the check box if the client has a dynamic IP address, or if the IP address or host name of the client changes frequently. Clear the check box if the client has a static IP address. Click Next to continue the installation.
Figure 7. Server Communication Configuration window
12
10. For DHCP clients, the Client DHCP Configuration window is displayed. You can enter an optional DHCP client alias, or the system will use a default alias of the client host name. Click Next to continue the installation.
Figure 8. Client DHCP Configuration window
13
11. The Installation Summary window is displayed. This window displays the installation location, the system components to be installed, and the installation size. Click Next to begin the installation process.
Figure 9. Installation Summary window
14
12. An installation progress indicator will be displayed in place of the summary window. After the installation has completed, a results window is displayed. Click Finish to exit the installation.
Figure 10. Installation Results window
15
16
Chapter 3. Uninstalling Tivoli Security Compliance Manager

This chapter describes how to uninstall the system components of Tivoli Security Compliance Manager.
Before you begin

If you intend to uninstall your Tivoli Security Compliance Manager server and then reinstall it and have your existing clients communicate without needing to be reinstalled, you must keep the keystore files currently being used for client-server communication. See the chapter on managing server keys and keystores in the IBM Tivoli Security Compliance Manager Administration Guide for instructions on using the administration console to create a backup copy of the server keys and keystores.
Using the InstallShield MultiPlatform package to uninstall

Tivoli Security Compliance Manager uses the InstallShield MultiPlatform (ISMP) tool for uninstallation on all system component supported platforms. See Chapter 1, Installation overview, on page 1 for a complete list of system component supported platforms. Through the use of ISMP, a Java-based installation tool, a common look and feel for uninstallation is provided regardless of your operating system. To uninstall any Tivoli Security Compliance Manager system component, use the following steps: 1. Navigate to the uninstallation directory and run the uninstallation executable. The path to the platform specific uninstallation executables follows: v UNIX-based platforms and Linux platforms: /opt/IBM/SCM/_uninst v Windows platforms: C:\Program Files\IBM\SCM\_uninst A startup window for the Java Virtual Machine, JVM, is displayed while the JVM is loaded. 2. The Language Selection window is displayed. Select a language for the installation. Click OK.
Figure 11. Language Selection
17
3. The Uninstallation Welcome window is displayed. Click Next.
Figure 12. Uninstallation Welcome window
18
4. The Uninstallation Selection window is displayed. All installed Tivoli Security Compliance Manager system components are listed, and preselected, in this window. Select the Tivoli Security Compliance Manager system components to uninstall and click Next. Note: This window is not displayed in the client-only installation.
Figure 13. Uninstallation Selection window
5. If you select to uninstall the server, the Confirm Keystore Deletion window is displayed. If you intend to reinstall the server and have your existing clients communicate without needing to be reinstalled, you must keep the keystore files currently being used for client-server communication. See the chapter on managing server keys and keystores in the IBM Tivoli Security Compliance Manager Administration Guide for instructions on using the administration console to create a backup of the server keys and keystores. Select the check box to delete the client server communication keystore file if you have a back-up copy or you do not intend to reinstall the server. Deselect the check box to leave the two files, server.jksand master.jks, in the INSTDIR/server/keystores directory and uninstall the server. Click Next to continue.
19
6. The Uninstallation Summary window is displayed. This window displays the directory location that the system components will be uninstalled from and the system components to be uninstalled. Click Next to begin the uninstallation process.
Figure 14. Uninstallation Summary window
20
7. A progress indicator will be displayed in place of the summary window. After the uninstallation has completed, a results window is displayed. Click Next.
Figure 15. Uninstallation Results window
21
8. The uninstall wizard might require you to restart your computer to complete the uninstallation process. Click Finish to exit the uninstallation program. Note: The uninstallation process on HP-UX systems will display a Next option on the final uninstallation panel instead of a Finish option. Selecting the Next option will complete the uninstall.
Figure 16. Uninstallation System Restart window
Console mode Uninstallation

In addition to running the launcher executable, there are other methods of starting the uninstallation that also might be useful. This section describes the way to start the uninstallation program using a Java command with the console option. Command examples are shown as if you have first used a cd (change directory) command to change to the /opt/IBM/SCM/_uninst directory on UNIXbased and Linux platforms, or to the C:\Program Files\IBM\SCM\_uninst directory on Windows. To bypass the launcher executable and run the uninstallation in the non-graphical mode, run the Java command with the console option. An example of the Java command using the console option follows: For UNIXbased and Linux platforms: uninstaller.bin -console For Windows: uninstaller.exe -console This example starts the uninstallation in the non-graphical mode. If you are running the uninstallation from a remote host, use the non-graphical mode. The uninstallation program does not run correctly with some window managers when run remotely.
22
Note: The console mode uninstallation process on HP-UX systems will display a Next option on the final uninstallation panel instead of a Finish option. Selecting the Next option will complete the uninstall.
23
24
Chapter 4. Alternate installation methods

The Tivoli Security Compliance Manager InstallShield package provides the ability to perform a silent installation, or to install in console mode. The following sections provide details on both of these installation methods. You can install in silent mode using a response file to provide input.
Silent install
Note: Before you begin be aware that ISMP does not report any errors in silent mode. Therefore, if you type any of the options incorrectly, the installation will silently fail or respond unexpectedly. For example, if you are installing in /syslocal/tools/SCM and you were to type the command incorrectly, the component would still be installed and there would be no error message. The InstallShield MultiPlatform tool provides the capability to create a template file that contains all possible responses. The tool also provides a record option that allows you to record the responses given when installing a particular system. Response files created using these techniques can be used to perform silent installations. Note: When performing a silent install on a Windows system, the InstallShield program does not wait for the installation to complete before displaying an active command window. The install will still be in progress once the user prompt is displayed, so check to ensure that the installation is complete before using the command window. In the examples given in this section for the platform variables, substitute one of the following: scm_aix, scm_hp11, scm_linux, scm_linux390, scm_linuxppc, scm_solaris, scm_win32.exe To record a response file during an installation, enter the following command:
scm_platform -options-record filename
where filename is the path name of the file to which the recorded response data will be written. Note: Using the -options-record on the Solaris platform causes invalid error messages to be displayed. The options file that is created on Solaris can be used for silent installation. To generate a template file, enter the following command:
scm_platform -options-template filename
where filename is the path name of the file that the template response data will be written. When the template generation successfully completes, you will receive the following message:
Options file filename was successfully created
25
The template file that is created must be edited using a text editor as follows: v For options you want to set, remove the three comment characters (###) at the start of the option line. v Replace value with the appropriate value for each uncommented option. When you first perform a silent installation, use the -options-record option to generate a response file from an actual installation. This option allows you to familiarize yourself with the data variables that can be set and with the valid responses. After you are familiar with the data that must be provided in the response file, you might find the -options-template option, which provides a template file of all possible responses, to be useful. After you have created a response file with the desired data input, you can use that file in a subsequent silent installation. For example, to perform a silent installation enter the following command:
scm_platform -silent -options filename
where filename is the path name of the file that contains the response data to be used.
Console mode installation

In addition to running the launcher executable, there are other methods of starting the installation that also might be useful. This section describes the way to start the installation program using a Java command with the console option. Command examples are shown as if you have first used a cd (change directory) command to change to the directory where the Tivoli Security Compliance Manager CD is mounted. To bypass the launcher executable and run the installation in the non-graphical mode, run the Java command with the console option. An example of the Java command using the console option follows: scm_platform -console where platform is the installation executable platform. This example starts the installation in the non-graphical mode. If you are running the installation from a remote host, use the non-graphical mode. The installation program does not run correctly with some window managers when run remotely.
26
Chapter 5. Troubleshooting
This chapter describes problems that you might encounter as you install and configure Tivoli Security Compliance Manager and it provides some solutions to these problems.
Installing with an alternate temporary directory

The installation process can require a significant amount of temporary free space that is used to unpack and contain the bundled Java runtime environment and other installation files. Specific space requirements are documented in Chapter 1, Installation overview, on page 1. If the temporary directory on your system does not contain sufficient free space to perform the installation, you must change the directory that is used for temporary space to one that does contain sufficient space. Note: Before you install Tivoli Security Compliance Manager, the temporary directory must already exist; otherwise, the option is ignored. To install a system component using an alternate directory for temporary installation space, use the command: launcher_name -is:tempdir temp_dir where launcher_name is the name of the installation executable and temp_dir is the name of the directory that will be used to store temporary files.
Files left in temporary directory

Occasionally, InstallShield files are left in the temporary directory. This problem can occur if you use Ctrl+c to cancel out of an installation, or if the installation abnormally terminates. Canceling the installation can also result in errors being logged and files being left on the system. If you cancel an installation before it completes successfully, or an installation abnormally terminates, make sure to remove all files in the installation directory; the default installation location is the /opt/IBM/SCM directory on UNIXbased platforms and Linux platforms, and the C:\Program Files\IBM\SCM directory on Windows.
Logging during installation

If an error occurs during the installation, then an installation log is automatically generated. The log file, log.txt, will be placed into the installation location directory. To perform an installation with additional logging, enter the following command:
scm_platform -log !fileName @ALL
where scm_platform is one of the platform launchers for Tivoli Security Compliance Manager: scm_aix, scm_hp11, scm_linux, scm_linux390, scm_linuxppc, scm_solaris, scm_win32.exe. The @ALL parameter will log all installation events.
27
The ISMP installation program also stores information about the ISMP installed components in a vital product data file called vpd.properties. This file is found in various directories depending on the operating system, such as: v Windows: %SystemRoot%\vpd.properties v AIX: /usr/lib/objrepos/vpd.properties v Linux: /root/vpd.properties v HP-UX: /vpd.properties v Solaris: /vpd.properties
28
Appendix. Notices
This information was developed for products and services offered in the U.S.A. IBM may not offer the products, services, or features discussed in this document in other countries. Consult your local IBM representative for information on the products and services currently available in your area. Any reference to an IBM product, program, or service is not intended to state or imply that only that IBM product, program, or service may be used. Any functionally equivalent product, program, or service that does not infringe any IBM intellectual property right may be used instead. However, it is the users responsibility to evaluate and verify the operation of any non-IBM product, program, or service. IBM may have patents or pending patent applications covering subject matter described in this document. The furnishing of this document does not give you any license to these patents. You can send license inquiries, in writing, to: IBM Director of Licensing IBM Corporation 500 Columbus Avenue Thornwood, NY 10594 U.S.A For license inquiries regarding double-byte (DBCS) information, contact the IBM Intellectual Property Department in your country or send inquiries, in writing, to: IBM World Trade Asia Corporation Licensing 2-31 Roppongi 3-chome, Minato-ku Tokyo 106, Japan The following paragraph does not apply to the United Kingdom or any other country where such provisions are inconsistent with local law: INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THIS PUBLICATION AS IS WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Some states do not allow disclaimer of express or implied warranties in certain transactions, therefore, this statement may not apply to you. This information could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein; these changes will be incorporated in new editions of the publication. IBM may make improvements and/or changes in the product(s) and/or the program(s) described in this publication at any time without notice. Any references in this information to non-IBM Web sites are provided for convenience only and do not in any manner serve as an endorsement of those Web sites. The materials at those Web sites are not part of the materials for this IBM product and use of those Web sites is at your own risk. IBM may use or distribute any of the information you supply in any way it believes appropriate without incurring any obligation to you.
29
Licensees of this program who wish to have information about it for the purpose of enabling: (i) the exchange of information between independently created programs and other programs (including this one) and (ii) the mutual use of the information which has been exchanged, should contact: IBM Corporation 2Z4A/101 11400 Burnet Road Austin, TX 78758 USA Such information may be available, subject to appropriate terms and conditions, including in some cases, payment of a fee. The licensed program described in this information and all licensed material available for it are provided by IBM under terms of the IBM Customer Agreement, IBM International Program License Agreement, or any equivalent agreement between us. Any performance data contained herein was determined in a controlled environment. Therefore, the results obtained in other operating environments may vary significantly. Some measurements may have been made on development-level systems and there is no guarantee that these measurements will be the same on generally available systems. Furthermore, some measurement may have been estimated through extrapolation. Actual results may vary. Users of this document should verify the applicable data for their specific environment. Information concerning non-IBM products was obtained from the suppliers of those products, their published announcements or other publicly available sources. IBM has not tested those products and cannot confirm the accuracy of performance, compatibility or any other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products. All statements regarding IBMs future direction or intent are subject to change or withdrawal without notice, and represent goals and objectives only. This information contains examples of data and reports used in daily business operations. To illustrate them as completely as possible, the examples include the names of individuals, companies, brands, and products. All of these names are fictitious and any similarity to the names and addresses used by an actual business enterprise is entirely coincidental. If you are viewing this information softcopy, the photographs and color illustrations may not appear.
Trademarks
The following terms are trademarks or registered trademarks of International Business Machines Corporation in the United States, other countries, or both: AIX DB2 IBM
30
IBM logo Tivoli Tivoli logo Microsoft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation in the United States, other countries, or both. Java and all Java-based trademarks and logos are trademarks or registered trademarks of Sun Microsystems, Inc. in the United States and other countries. UNIX is a registered trademark of The Open Group in the United States and other countries. Other company, product, and service names may be trademarks or service marks of others.
Appendix. Notices
31
32
Glossary
collector. A software module that runs on a client system and gathers data. This data is subsequently sent to a server. compliance query. An SQL query that extracts specific data from the server database and returns a list of clients that are in violation of specific security requirements. delta table. A database table used for saving changed data from subsequent runs of a collector. disinherit. To remove actions from a role that were originally copied from a template. inherit. To copy actions to a role from a template. policy. A set of one or more compliance queries used to demonstrate the level of adherence to specific security requirements. policy bundle. A file containing the information associated with a policy, such as the compliance queries, the collectors, and the associated schedules. A policy bundle permits the policy to be saved and subsequently applied to other servers. proxy relay. A special pull client that acts as a relay between the server and one or more clients. A proxy relay is used to reach a limited number of clients that are located behind a firewall, or that are in an IP-address range that is not directly addressable by the server. pull client. A client that permits communication with the server to be initiated by only the server. push client. A client that permits communication with the server to be initiated by either the client or the server. snapshot. The result of running all of the compliance queries in a policy against a set of clients. A snapshot shows the number of violations and indicates what clients are not adhering to the security requirements being tested by the compliance queries.
33
34
Index A
accessibility vii alternate temporary installation directory 27
C
CD layout 3 client installation 5 console mode installation 26 console mode uninstallation 22
I
installation console mode 26 silent 25 troubleshooting 27 using an alternate temporary directory 27 installation prerequisites 1 installing client 5 InstallShield MultiPlatform uninstallation 17
P
product removal 17
R
reinstalling client 5 related publications vi
S
silent install administration utilities client 25 server 25 silent installation 25 software prerequisites 1 25
T
troubleshooting installation 27
U
uninstall console mode 22 InstallShield MutliPlatform uninstalling 17 17
35
36
Printed in USA
GC32-1593-00

Scm51 Install Client

Hochgeladen von

Dokumentinformationen

Originalbeschreibung:

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Scm51 Install Client

Hochgeladen von

Copyright:

Verfügbare Formate

Tivoli Security Compliance Manager

Installation Guide: Client Component

Tivoli Security Compliance Manager

Installation Guide: Client Component

Chapter 1. Installation overview . . . . . . . . . . . . . . . . . . . . . . . . . 1

Chapter 2. Installing the Tivoli Security Compliance Manager client . . . . . . . . . . 5

Chapter 3. Uninstalling Tivoli Security Compliance Manager. . . . . . . . . . . . . 17

Chapter 4. Alternate installation methods . . . . . . . . . . . . . . . . . . . . . 25

Copyright IBM Corp. 2003, 2004

Tivoli Security Compliance Manager: Installation Guide: Client Component

Who should read this book

What this book contains

IBM Tivoli Security Compliance Manager library

IBM DB2 Universal Database

Accessing publications online

Tivoli Security Compliance Manager: Installation Guide: Client Component

Tivoli technical training

Contacting software support

Conventions used in this book

Operating system differences

Tivoli Security Compliance Manager: Installation Guide: Client Component

Chapter 1. Installation overview

Supported operating systems

Copyright IBM Corp. 2003, 2004

Disk and memory requirements for client and collectors

Tivoli Security Compliance Manager: Installation Guide: Client Component

Linux Solaris Windows

Disk and memory requirements for proxy relay

scm_hp11 scm_linux scm_linux390 scm_linuxppc scm_solaris scm_win32.exe scminstall.jar

Tivoli Security Compliance Manager: Installation Guide: Client Component

Chapter 2. Installing the Tivoli Security Compliance Manager client

Before you begin

Using the InstallShield MultiPlatform Package to Install

Figure 1. Language Selection

Tivoli Security Compliance Manager: Installation Guide: Client Component

Figure 2. Installation Welcome window

Chapter 2. Installing the Tivoli Security Compliance Manager client

Figure 3. Installation Directory Location window

Tivoli Security Compliance Manager: Installation Guide: Client Component

Figure 4. System Component Selection window Client

Chapter 2. Installing the Tivoli Security Compliance Manager client

Figure 5. HP-UX Java Runtime Location window

Tivoli Security Compliance Manager: Installation Guide: Client Component

Figure 6. Client Communication Mode Configuration window

Chapter 2. Installing the Tivoli Security Compliance Manager client

Figure 7. Server Communication Configuration window

Tivoli Security Compliance Manager: Installation Guide: Client Component

Figure 8. Client DHCP Configuration window

Chapter 2. Installing the Tivoli Security Compliance Manager client

Figure 9. Installation Summary window

Tivoli Security Compliance Manager: Installation Guide: Client Component

Figure 10. Installation Results window

Chapter 2. Installing the Tivoli Security Compliance Manager client

Tivoli Security Compliance Manager: Installation Guide: Client Component

Chapter 3. Uninstalling Tivoli Security Compliance Manager

Before you begin

Using the InstallShield MultiPlatform package to uninstall

Figure 11. Language Selection

Copyright IBM Corp. 2003, 2004

3. The Uninstallation Welcome window is displayed. Click Next.

Figure 12. Uninstallation Welcome window

Tivoli Security Compliance Manager: Installation Guide: Client Component

Figure 13. Uninstallation Selection window