Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
0 Installation Guide
COPYRIGHT
Copyright 2010 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means without the written permission of McAfee, Inc., or its suppliers or affiliate companies.
TRADEMARK ATTRIBUTIONS
AVERT, EPO, EPOLICY ORCHESTRATOR, FOUNDSTONE, GROUPSHIELD, INTRUSHIELD, LINUXSHIELD, MAX (MCAFEE SECURITYALLIANCE EXCHANGE), MCAFEE, NETSHIELD, PORTALSHIELD, PREVENTSYS, SECURITYALLIANCE, SITEADVISOR, TOTAL PROTECTION, VIRUSSCAN, WEBSHIELD are registered trademarks or trademarks of McAfee, Inc. and/or its affiliates in the US and/or other countries. McAfee Red in connection with security is distinctive of McAfee brand products. All other registered and unregistered trademarks herein are the sole property of their respective owners.
License Attributions
For a complete list of third-party license attributions, see the license.txt file. This file is included at the root of the product download zip file and, in default installations, at: C:\Program Files\McAfee\<Product>
Contents
Using this guide ..............................................................................................5 Audience..................................................................................................5 Type conventions ......................................................................................6 Where to find documentation ............................................................................6 Downloading manuals from the McAfee ServicePortal ....................................6 McAfee GTI Proxy ............................................................................................8 GTI Proxy ................................................................................................8 GTI Proxy Appliance ..................................................................................8 System Requirements ......................................................................................9 Pre Installation Tasks..................................................................................... 10 Uninstalling GTI Server for ePO from managed nodes .................................. 10 Uninstalling GTI Server Appliance for ePO from managed nodes ................... 10 Removing GTI Server Appliance for ePO deployment package....................... 11 Removing GTI Server for ePO deployment package ..................................... 11 Removing GTI Server Appliance extension ................................................. 12 Removing GTI Server extension ................................................................ 12 Removing GTI Server Appliance from the System Tree ................................ 12 Installing GTI Proxy Appliance ........................................................................ 14 Deploying VMware Image ........................................................................ 14 Configure Network Settings ...................................................................... 14 Configuring Time zone ............................................................................. 16 Configuring the Date and Time ................................................................. 17 Installing McAfee Agent for Linux on GTI Proxy Appliance ............................ 17 Determining the Agent wake-up communication port................................... 18 Determining the Agent-to-server communication port ................................. 18 Installing GTI Proxy ....................................................................................... 19 Installing GTI Proxy Package .................................................................... 19 Deploying GTI Proxy Appliance plugin ........................................................ 19 Deploying GTI Proxy Agent plugin on managed nodes ................................. 20 Check GTI Proxy Appliance installed packages ............................................ 20 Uninstalling GTI Proxy ................................................................................... 22 Uninstall GTI Proxy Appliance plugin.......................................................... 22 Uninstalling GTI Proxy Agent from managed nodes ..................................... 22 Uninstall GTI Proxy package ..................................................................... 23 Restarting and shutting down GTI Proxy Appliance ............................................ 25 Restarting the GTI Proxy Appliance ........................................................... 25 Shut down the GTI Proxy Appliance ........................................................... 25 Configuring GTI Proxy Appliance ..................................................................... 26 Adding a GTI Proxy Appliance ................................................................... 26 Configuring GTI Cloud Server ................................................................... 27 Configuring tiered GTI Proxy Appliance access ............................................ 28 Configuring Performance Log Purging and Archiving .................................... 29 Configuring Performance Data Collection Interval ........................................ 30 Configuring GTI Proxy Agent........................................................................... 31 Configuring fallback servers for managed nodes ......................................... 31 Configuring fallback servers for sets of managed nodes ............................... 32 GTI Proxy Appliance Diagnostics ..................................................................... 34 Check General DNS Access....................................................................... 34 Check Resolution to GTI Servers in the Cloud ............................................. 34 Check GTI lookups from GTI Proxy Appliance ............................................. 35 Check GTI lookups using GTI Proxy Appliance ............................................ 35 Check appliance status using GTI Proxy Appliance....................................... 35 GTI Proxy Diagnostics .................................................................................... 37 Check GTI Proxy Agent managed nodes ..................................................... 37 Check GTI Proxy Agent configuration on managed nodes ............................. 37 Check GTI Proxy Appliance managed nodes ............................................... 38
Check GTI Proxy Appliance status ............................................................. 38 Check GTI Proxy Appliance configuration ................................................... 38 Reinstall McAfee Agent for Linux on GTI Proxy Appliance ............................. 39 Start GTI Proxy Appliance plugin ............................................................... 40 Start McAfee Agent for Linux .................................................................... 40
Preface
Using this guide
This guide helps network administrators install McAfee GTI Proxy software. It contains an overview of the product technology, concepts and architecture, as well as a detailed description of steps to install the McAfee GTI Proxy components. The guide includes these topics: Introduction and system components Installing McAfee GTI Proxy Configuring McAfee GTI Proxy Diagnostics and Trouble Shooting McAfee GTI Proxy
Audience
The information in this guide is intended primarily for two audiences: Security officers who are responsible for determining sensitive and confidential data and defining the corporate policy for protecting the companys intellectual property. Network administrators who are responsible for implementing and enforcing the corporate policy for protecting the companys intellectual property.
Type conventions
This guide uses these type conventions: Bold Condensed Words from the interface, including options, menus, buttons, and dialog boxes. The path of a folder or program; a code sample; text that the user types exactly, as in a command at the system prompt. Emphasis for a new term; book and chapter titles. Emphasis. Words from the product interface Angle brackets enclose a generic or replaceable term. Supplemental information, like an alternate method of accessing an option. Suggestions and recommendations. Important advice to protect your computer system, enterprise, software installation, or data. Important advice to prevent bodily harm when using a hardware product.
Courier
Warning
2 3 4
McAfee documentation provides the information you need during each phase of product implementation, from installing a new product to maintaining existing ones. Depending on the product, additional documents might also be available. After a product is released, information regarding the product is entered into the online KnowledgeBase, available through the McAfee ServicePortal.
Installation
Before, during, and after installing the product Release Notes Installation Guide
Setup
Maintenance
GTI Proxy
GTI Proxy is a combination of two ePO products, which is delivered as a single zip file GTI Proxy.zip. One is GTI Proxy, which configures VSE nodes on the enterprise network to communicate with specified GTI Proxy Appliance instances for resolving GTI system lookups. Another is GTI Proxy Appliance, which communicates with and manages the GTI Proxy Appliance machine on the enterprise network. The services it offers are Configuring the GTI Proxy Appliance to setup GTI cloud servers, managing specified Log files (Pull/Purge) on the server, managing the GTI Proxy process for querying its Status and also performing operations like Start, Stop etc. Along with this it provides reporting information on the GTI Proxy Appliance performance in the form of different graphs and charts.
Caching of GTI lookup Tiered support for multiple GTI Proxy Appliance configuration on the Enterprise network
System Requirements
Prerequisites of GTI Proxy Appliance: Item VMWare Convertor VMware Requirements Disk Memory CPU Prerequisites of GTI Proxy: McAfee ePolicy Orchestrator 4.5 VMware Converter Standalone 4.0.x VMware OVF Tool VMware Workstation 7.x VMware Workstation 6.x VMware Player 3.x VMware Server 1.x VMware Server 2.x VMware ESXi 4.0 VMware vCenter Server 2.5
Prerequisites of GTI Proxy Agent managed nodes: McAfee Agent 4.5 McAfee VirusScan Enterprise 8.7 or later with DAT release version 5884 or later and 5400 Engine or later
Prerequisites of GTI Proxy Appliance managed nodes: McAfee Agent 4.5 for Linux
This chapter describes the tasks to be performed, in case the RTS Version of the McAfee GTI Proxy (formerly know as McAfee GTI Server) is installed previously. The RTS Version must be uninstalled before installing Version 1.0 on the system.
Task For option definitions, click ? in the interface. 1. Log on to the ePolicy Orchestrator server as an administrator. 2. Select Menu | Systems | System Tree | Client Tasks, select the required group in the System Tree, then select Actions | New Task. The Client Task Builder wizard appears. 3. In the Description page, type a Name for the task, Notes (optional), select the Type as Product Deployment, then click Next. 4. In the Configuration page, select Target Platforms as Windows, Products and components as GTI_ SERVER for ePO 1.0.0, Action as Remove. Select an appropriate Language, then click Next. 5. Schedule the task to run immediately or as required, then click Next to view a summary of the task. 6. Review the summary of the task, then click Save. 7. Send an agent wake-up call.
10
Task For option definitions, click ? in the interface. 1. Log on to the ePolicy Orchestrator server as an administrator. 2. Select Menu | Systems | System Tree | Client Tasks, select the required group in the System Tree, then select Actions | New Task. The Client Task Builder wizard appears. 3. In the Description page, type a Name for the task, Notes (optional), select the Type as Product Deployment, then click Next. 4. In the Configuration page, select Target Platforms as Linux, Products and components as GTI_ SERVER_APPLIANCE for ePO 1.0.0, Action as Remove. Select an appropriate Language, then click Next. 5. Schedule the task to run immediately or as required, then click Next to view a summary of the task. 6. Review the summary of the task, then click Save. 7. Send an agent wake-up call.
11
12
13
Note This document does not provide detailed information about installing or using ePolicy Orchestrator or VMware software. See the VMware and McAfee ePolicy Orchestrator product documentation for more information.
14
Note At any time use the Cancel options to abort the task. Task 1. Log on to the GTI Proxy Appliance as the user gtip.
2. Type in the command sudo /usr/sbin/system-config-network, then press Enter. 3. Select Edit a device params, then press Enter. 4. Select eth0 (eth0), then press Enter. 5. Select Use DHCP. 6. Select OK, then press Enter. 7. Select Save, then press Enter. 8. Select Edit DNS configuration, then press Enter. 9. Select Hostname. 10. Type in the Hostname.Domain from the prerequisites. 11. Select OK, then press Enter. 12. Select Save&Quit, then press Enter. 13. Type in the command sudo /sbin/shutdown r now, then press Enter. The GTI Proxy Appliance will restart with the changes applied.
Note At any time use the Cancel options to abort the task.
15
Task 1. Log on to the GTI Proxy Appliance as the user gtip. 2. Type in the command sudo /usr/sbin/system-config-network, then press Enter. 3. Select Edit a device params, then press Enter. 4. Select eth0 (eth0), then press Enter. 5. Deselect Use DHCP. 6. Type in the Static IP from the prerequisites, then press Enter. 7. Type in the Netmask from the prerequisites, then press Enter. 8. Type in the Default gateway IP from the prerequisites, then press Enter. 9. Select OK, then press Enter. 10. Select Edit DNS configuration, then press Enter. 11. Select Hostname. 12. Type in the Hostname.Domain from the prerequisites. 13. Type in the DNS Servers from the prerequisites. 14. Select OK, then press Enter. 15. Select Save&Quit, then press Enter. 16. Type in the command sudo /sbin/shutdown r now, then press Enter. The GTI Proxy Appliance will restart with the changes applied.
Task 1. Log on to the GTI Proxy Appliance as the user gtip. 2. Type in the command sudo /usr/local/sbin/configure_ma.sh, then press Enter. 3. Type the ePO server IP address and the Agent-to-server communication port, separated with a colon (IP:port) on the prompt Provide IP Address and port of ePO server, then press Enter. 4. The McAfee Agent installer is downloaded from ePO server and McAfee Agent is installed on GTI Proxy Appliance. 5. In case the system firewall is not running, a prompt appears asking for whether the firewall needs to be started or not. Type y on the prompt Firewall is off. Do you want to turn it on, then press Enter. 6. Next, the default Agent wake-up communication port is shown.
17
7. Type the Agent wake-up communication port on the prompt Enter new port if it is different on ePO if it is different from the default shown above, then press Enter. Otherwise, just press Enter. 8. Wait until the first ASCI happens. 9. The port is configured and the GTI Proxy Appliance is now managed through ePO. 10. Type logout, then press Enter. The User gtip is logged out of the GTI Proxy Appliance.
18
19
Task For option definitions, click ? in the interface. 1. Log on to the ePolicy Orchestrator server as an administrator. 2. Select Menu | Systems | System Tree | Client Tasks, select the required group in the System Tree, then click Actions | New Task. The Client Task Builder wizard appears. 3. In the Description page, type a Name for the task, Notes (optional), select the Type as Product Deployment, then click Next. 4. In the Configuration page, select Target Platforms as Linux, Products and components as GTI Proxy Appliance 1.0.0, Action as Install. Select an appropriate Language, then click Next. 5. Schedule the task to run immediately or as required, then click Next to view a summary of the task. 6. Review the summary of the task, click Save. The task is added to the list of client tasks for the selected group and any group that inherits the task. 7. Send an agent wake-up call.
20
2. Type the command rpm -q mfegtiproxy and then press enter. 3. The installed GTI Proxy Appliance package is shown with the current version. 4. Type logout, then press Enter. The User gtip is logged out of the GTI Proxy Appliance.
21
6. Review the summary of the task, then click Save. 7. Send an agent wake-up call.
23
2.
Select Menu | Software | Extensions. Select the GTI Proxy extension group; it will list two extensions namely GTI Proxy Agent and GTI Proxy Appliance.
3.
4. Click Remove link on GTI Proxy Appliance, to remove the extension from ePO. 5. Select Force removal, bypassing any checks or errors, then click OK.
4. Click Remove link on GTI Proxy Agent, to remove the extension from ePO. 5. Select Force removal, bypassing any checks or errors, then click OK.
24
25
Resolving GTI Requests using the GTI Servers in the Cloud Resolving GTI Requests using another GTI Proxy Appliance Following these tasks will change any previous configuration applied to the GTI Proxy Appliance.
26
double click on the server). The server is added to the select box in the right and is removed from the select box in the left. 6. To remove an already monitored GTI Proxy Appliance, in case its no longer required to be monitored using GTI Proxy Appliance from ePO. Select the server in the right side select box and click the second arrow button pointing towards left direction (or double click on the server). The server is removed from the right side select box and is added to the left side select box. 7. Once all the desired GTI Proxy Appliance are added or removed to or from the right side select box respectively, click on the Save button to save the GTI Proxy Appliance setup.
27
successful look up. SSL enabled GTI servers are listed in case SSL Option is chosen as Enabled. 9. The option Get from MA, looks up the GTI Cloud Server IPs automatically from the GTI Proxy Appliance (VMware). Click the button Get from MA after selecting this option. It populates the Forwarder IP List select box with the IPs after doing a successful look up. SSL enabled GTI servers are listed in case SSL Option is chosen as Enabled. 10. Click on the Configure button, to update the configuration changes to the GTI Proxy Appliance configuration file. 11. A success message in green saying, Configuration file updated successfully appears on the screen. 12. Restart GTI Proxy Appliance from the Status tab, for the configuration changes to take effect. Use the task Check GTI Proxy Appliance Status for getting the current GTI Proxy Appliance status and starting/restarting it. 13. Use the task Check GTI lookups using GTI Proxy Appliance to ensure GTI Proxy Appliance can perform GTI lookups, after successful configuration.
28
down list. This combo box does not show up, in case a single GTI Proxy Appliance is being monitored through ePO. 5. The last configuration is shown in case the GTI Proxy Appliance is already configured once. 6. Select the option Disabled for SSL Option. 7. Use the option Enter Forwarder IP to specify the GTI Proxy Appliance IPs. 8. Enter IPv4 IP address of the GTI Proxy Appliance, which this GTI Proxy Appliance is going to use to resolve GTI requests, in the text box provided for Forwarder IP List. Entering one IP at a time. 9. Click Add to IP List to add the specified IP to the list below it. 10. After the list is populated by manually entering the GTI Proxy Appliance IPs. The IPs can be ordered as desired by selecting the IP in the list and clicking on the up or down arrow key buttons. 11. Using the cross symbol button deletes selected IP from the list. 12. To edit an already added IP, select it and click on the Edit Selected IP button. Click Add to IP List to add the edited IP back to the list. 13. Click on the Configure button, to update the configuration changes to the GTI Proxy Appliance configuration file. 14. A success message in green saying, Configuration file updated successfully appears on the screen. 15. Restart GTI Proxy Appliance from the Status tab, for the configuration changes to take effect. Use the task Check GTI Proxy Appliance Status for getting the current GTI Proxy Appliance status and starting/restarting it. 16. Use the task Check GTI lookups using GTI Proxy Appliance to ensure GTI Proxy Appliance can perform GTI lookups, after successful configuration.
29
9. In Automate Type, choose Allow only max Records, if you want only a specified number of log records to be kept at any given time. 10. Specify the number of log records that you want to keep at any given time, in the Specifications, Maximum Records Allowed. 11. Choose Automate Type, as Schedule purge/archive of records, if you want to delete all the log records at a specified time. 12. In Specifications, choose Schedule Action as, Daily or Weekly. To delete all the performance logs Daily or Weekly once respectively. 13. In Actions, choose Purge in case the logs need to be purged completely. Choose Archive and Purge if you want to archive the log records in a flat file before purging. 14. If Archive and Purge is chosen in the Actions, specify the location to store the archive file in the Location to archive records text box. Specify a valid windows directory location here. 15. Click on the OK button to save the configuration for automating the Log Purge/Archiving.
30
31
1. Log on to the ePolicy Orchestrator server as an administrator. 2. Select Menu | Policy | Policy Catalog. 3. Select Product GTI Proxy Agent 1.0.0. 4. Click Edit Settings of My Default policy. 5. In Fallback Server text box type first few digits of the IPv4 address of the GTI Proxy Appliance, if the server is managed through ePO and also installed GTI Proxy Appliance plugin. The complete list of IPs starting with that digit appears as an Auto complete option. Choose one of the GTI Proxy Appliance IPs. Click on the Add to IP/hostname List button. Repeat this step to add multiple IPs. 6. Hostnames can also be added in the Fallback Server text box. Ensure that hostnames used can be resolved by the VSE Nodes onto which the policy is applied. 7. The value is added to the list below the text box. 8. Select a value in the list and click on the red color cross button to delete the value from the list. 9. Select a value in the list and click on the up or down arrow buttons to change the order of the values in the list. 10. Select a value in the list and click on the Edit Selected IP/hostname to edit a value in the list. 11. Click Save, to save the value(s) added into the list. 12. Send an agent wake-up call.
32
2. Select Menu | Systems | System Tree. 3. Select a group from the left for which you want to configure the fallback servers. 4. All the systems in that group is shown under the Systems tab. 5. Click on the Assigned Policies tab. 6. In the Product select GTI Proxy Agent 1.0.0. 7. The policy detail for GTI Proxy Agent is shown. 8. For the Category GTI Enterprise Settings, click on any assigned policy link under the column Policy. 9. The policy page for setting fallback server is shown. 10. In Fallback Server text box type first few digits of the IPv4 address of the GTI Proxy Appliance, if the server is managed through ePO and also installed GTI Proxy Appliance plugin. The complete list of IPs starting with that digit appears as an Auto complete option. Choose one of the GTI Proxy Appliance IPs. Click on the Add to IP /Hostname List button. Repeat this step to add multiple values. 11. Hostnames can also be added in the Fallback Server text box. Ensure that hostnames used can be resolved by the VSE Nodes onto which the policy is applied. 12. The value is added to the list below the text box. 13. Select a value in the list and click on the red color cross button to delete a value from the list. 14. Select a value in the list and click on the up or down arrow buttons to change the order of the values in the list. 15. Select a value in the list and click on the Edit Selected IP/Hostname to edit a value in the list. 16. Click Save, to save the value(s) added into the list. 17. Send an agent wake-up call.
33
34
4. Type logout, then press Enter. The User gtip is logged out of the GTI Proxy Appliance.
35
Task 1. Log on to the GTI Proxy Appliance as the user gtip. 2. Type in the command gtiproxy.init status, then press Enter. The status of the server is displayed. 3. Type logout, then press Enter. The User gtip is logged out of the GTI Proxy Appliance.
36
37
5. Clicking on the Green pie shows the list of managed nodes, where GTI Proxy is installed. 6. Click on a row to get the System Details for that particular node. 7. In GTI Proxy Agent section, click on the More link. 8. The value in the Fallback Server shows the IPs (comma separated) of GTI Proxy Appliance configured for that particular node.
38
Prerequisites For this task note the list of IPv4 addresses specified in the section Configuring GTI Cloud Servers. Task 1. Log on to the GTI Proxy Appliance as the user gtip. 2. Go to the directory /acs/gtip/gtiproxy/current/etc. 3. Open the file gtiproxy.cfg. This contains the GTI Cloud Server configurations. 4. Check whether the same IP and Cloud Access Mode are present as specified in the ePolicy Orchestrator. 5. Type logout, then press Enter. The User gtip is logged out of the GTI Proxy Appliance.
Task 1. Log on to the GTI Proxy Appliance as the user gtip. 2. Type in the command sudo /usr/local/sbin/configure_ma.sh, then press Enter. 3. Type y on the prompt Do you want to reinstall McAfee Agent[y/n], then press Enter. 4. Type the new ePO server IP address and the Agent-to-server communication port, separated with a colon (IP:port) on the prompt Provide IP Address and port of ePO server, then press Enter. 5. The McAfee Agent installer is downloaded from ePO server and McAfee Agent is installed in GTI Proxy Appliance. 6. In case the system firewall is not running, a prompt appears asking for whether the firewall needs to be started or not. Type y on the prompt Firewall is off. Do you want to turn it on, then press Enter. 7. Next, the default Agent wake-up communication port is shown.
39
8. Type the Agent wake-up communication port on the prompt Enter new port if it is different on ePO if it is different from the default shown above, then press Enter. Otherwise, just press Enter. 9. Wait until the first ASCI happens. 10. The port is configured and the GTI Proxy Appliance is now managed through the new ePO. 11. Type logout, then press Enter. The User gtip is logged out of the GTI Proxy Appliance.
7. Type logout, then press Enter. The User gtip is logged out of the GTI Proxy Appliance.
41