RSA enVision NIC SFTP Shell Script File Transfer

RSA enVision NIC SFTP Shell Script File Transfer

Use the nicsftpagent.sh shell script to transfer text-based log data from UNIX
systems. This script takes data slices from active log files, but only transfers the new
data each time the script runs. Schedule the script in cron to run as often as you want
log data sent to RSA enVision. The script uses the FTP, SFTP, or SCP protocols to
transfer the data. All connections are initiated from the system to enVision. The script
creates small files to track what data has been processed. These tracking files are
removed when the original log file is removed.
This script has been tested by RSA on Solaris 10 and Red Hat Enterprise Linux 4.

Important: You must use OpenSSH version 4.4p1 or later.

There are two tasks to configure nicsftpagent.sh to work with enVision:

• Task I: Configure nicsftpagent.sh
• Task II: Configure RSA enVision to Receive the Log Files

Task I: Configure nicsftpagent.sh

The server administrator must complete the following tasks to download and install
the nicsftpagent script on the server. The nicsftpagent.sh script extracts data from the
log files, and transfers the data to enVision using FTP, SFTP, or SCP.
1. Go to https://knowledge.rsasecurity.com, and log on to RSA SecurCare Online.
2. Click Products.
3. Select enVision Secure FTP Agent from the RSA enVision section.
4. Select the release you want.
5. Click Secure FTP Agent to download the secure FTP agent, and click Unix NIC
FTP Agent to download the nicsftpagent.sh file.
6. Set execute permissions on nicsftpagent.sh. For example, run this command:
755 /usr/local/nic/nicsftpagent.sh
7. Complete the options described in the following table to modify the user
configuration section of the nicsftpagent.sh script, and save the changes to the
script. Optionally, you can make these changes in a configuration file.

Set Option Description

SILENT= True or False Controls the informational output from the script as it
runs. When scheduled in cron, this should be set to
silent. Some cron configurations send output to the
owner's account for each run. In silent mode, only
errors are shown.

ENVISION= Name or IP address The name or IP address of your enVision appliance.

1
 RSA enVision NIC SFTP Shell Script File Transfer

Set Option Description

DATA_DIRECTORY= Directory path The local source for the log data.

ENVISION_DIRECTORY= Directory path The destination folder, installdir\ftp_files.

NIC_DIRECTORY= Directory path A local folder used to store configuration files and
status tracking information.

TRANSFER_METHODD FTP, SFTP, or SCP • FTP = File Transfer Protocol

• SFTP=Secure File Transfer Protocol
• SCP=Secure Copy Protocol

FILESPEC= File mask matching the log files to be processed by

the script.

FTP Settings

USERNAME= anonymous

PASSWORD= anonymous

SFTP and SCP Settings

USERNAME= nic_sshd Default setting for SSH daemon on enVision system.

IDENTITY= File path Location of the private key used to connect to

enVision. For instructions on generating keys, see
RSA enVision NIC SFTP Agent Configuration.

Configuration Script Information

All configuration settings can be loaded using a configuration file that is separate from
the script. This file should contain one setting and value per line. The configuration
file must be located in the directory assigned by NIC_DIRECTORY in the shell script
or in the path of the shell calling the script.
The NIC_ DIRECTORY can be overridden in the configuration file, although the shell
script will try to use its own NIC_DIRECTORY setting to open the configuration file.
For example, a configuration file could contain the following information:
ENVISION=10.10.30.26
TRANSFER_METHOD=FTP
ENVISION_DIRECTORY=SOLARIS_BSM_10.10.30.87
USERNAME=anonymous
PASSWORD=anonymous
SILENT=true

2
 RSA enVision NIC SFTP Shell Script File Transfer

Task II: Configure RSA enVision to Receive the Log Files

To configure enVision to receive the log files:
1. On the UNIX system, follow these steps to generate the public/private key pair:
a. Verify that you are logged on as root.
b. Run the command: ssh-keygen -b 1024 -t rsa.
This command creates ~/.ssh/id_rsa in OpenSSH format (the format enVision
uses). If your UNIX machine creates IETF SECSH format by default, you
must run ssh-keygen -f ~/.ssh/id_rsa.pub -i to convert it.
2. To copy the key to the enVision appliance, follow these steps:
a. Copy the file id_rsa.pub that you created in the preceding step to the
installdir\bin folder on your enVision appliance.

Important: The entire key must be on a single line.

b. Open a command prompt and change directories to the installdir\bin folder.

c. Type:
add_winsshd_key.bat id_rsa.pub
3. On the UNIX system follow these steps to add the enVision appliance to the list of
known hosts:
a. Verify that you are logged on as root.
b. To add the enVision appliance to the list of known hosts, run the command
sftp -o IdentityFile=~/.ssh/id_rsa nic_sshd@1.2.3.4, where 1.2.3.4 is the IP
address of the enVision appliance that will be collecting the data.
c. When the following prompt appears, type yes:
The authenticity of host '1.2.3.4 (1.2.3.4)' can't be established.DSA key
fingerprint is xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:
Are you sure you want to continue connecting (yes/no)?

3
 RSA enVision NIC SFTP Shell Script File Transfer

© 2010 RSA Security Inc. All rights reserved.

April 2010

Trademarks
RSA and the RSA logo are registered trademarks of RSA Security Inc. in the United
States and/or other countries. For the most up-to-date listing of RSA trademarks, go to
www.rsa.com/legal/trademarks_list.pdf. EMC is a registered trademark of EMC
Corporation. All other goods and/or services mentioned are trademarks of their
respective companies.