POLYCENTER Security Compliance Manager for Digital_UNIX_and_ULTRIX_______________________ Installation Guide Order Number: AA-PM74D-TE May 1996 This guide describes how to install POLYCENTER Security Compliance Manager (CM) for Digital UNIX and POLYCENTER Security CM for ULTRIX. Revision Information: This revised guide supersedes the POLYCENTER Security Compliance Manager for DEC OSF/1 AXP and ULTRIX Installation Guide. Operating System: Digital UNIX Version 2.0 to Version 4.0 or ULTRIX Version 4.0 and higher. Software Version: POLYCENTER Security CM for Digital UNIX, Version 2.5 and POLYCENTER Security CM for ULTRIX, Version 2.4. Digital Equipment Corporation Maynard, Massachusetts __________________________________________________________ First Printing, July 1992 Revised, May 1996 The information in this document is subject to change without notice and should not be construed as a commitment by Digital Equipment Corporation. Digital Equipment Corporation assumes no responsibility for any errors that may appear in this document. Possession, use, dissemination, or duplication of the software described in this documentation is authorized only pursuant to a valid written license from Digital or the third-party owner of the software copyright. No responsibility is assumed for the use or reliability of software or equipment that is not supplied by Digital Equipment Corporation. Digital Equipment Corporation makes no representations that the interconnection of its products in the manner described in this document will not infringe existing or future patent rights, nor do the descriptions contained in this document imply the granting of licenses to make, use, or sell equipment or software in accordance with the description. © Digital Equipment Corporation 1992, 1996. All Rights Reserved. Printed in Ireland. The following are trademarks of Digital Equipment Corporation: AXP, DECinspect, DEC, DECnet, DECstation, DECsystem, DECsupport, Digital, MicroVAX, OpenVMS, POLYCENTER, TK, ULTRIX, VAX, VAXserver, VAXstation, and the DIGITAL logo. AIX and IBM are registered trademarks of International Business Machines Corporation. Hewlett-Packard, HP, and HP-UX are registered trademarks of Hewlett-Packard Company. OSF and OSF/1 are registered trademarks of the Open Software Foundation, Inc. NFS, Solaris, and Sun are registered trademarks of Sun Microsystems, Inc. UNIX is a registered trademark in the United States and other countries, licenced exclusively through X/Open Company Ltd. All other trademarks and registered trademarks are the property of their respective holders. This document was prepared using VAX DOCUMENT Version 2.1. ________________________________________________________________ Contents Preface.................................................. vii 1 Preparing to Install POLYCENTER Security CM 1.1 Checking the Media Software Distribution Kit.......................................... 1-1 1.2 Installation Procedure Requirements.......... 1-1 1.2.1 Privileges Needed for Installation....... 1-2 1.2.2 Hardware Requirements.................... 1-2 1.2.3 Software Requirements.................... 1-2 1.2.4 Disk Space Requirements.................. 1-4 1.2.5 Special Requirements..................... 1-6 1.3 Backing Up the System Disk................... 1-7 1.4 Allowing Unprivileged Users to Run POLYCENTER Security CM.................................. 1-7 1.5 License Management Facility Support.......... 1-8 1.6 Configuring POLYCENTER Security CM........... 1-9 1.6.1 Using POLYCENTER Security CM as a Local Testing Tool............................. 1-9 1.6.2 Using POLYCENTER Security CM as Part of a Network Testing Tool..................... 1-9 2 Installing POLYCENTER Security CM 2.1 Installing POLYCENTER Security CM on a Local Disk......................................... 2-1 2.2 Installing POLYCENTER Security CM Using the DMS Utility.................................. 2-4 2.2.1 Installing POLYCENTER Security CM into a DMS Server Area.......................... 2-5 2.2.2 Configuring POLYCENTER Security CM on the DMS Client Systems....................... 2-8 iii 2.3 Installing POLYCENTER Security CM Using the RIS Utility.................................. 2-9 2.3.1 Installing POLYCENTER Security CM into a RIS Server Area.......................... 2-9 2.3.2 Configuring POLYCENTER Security CM on the RIS Client Systems....................... 2-14 2.4 Mounting POLYCENTER Security CM from an NFS Server....................................... 2-14 2.4.1 Tasks to Perform on the NFS Server....... 2-15 2.4.2 Tasks to Perform on Each NFS Client...... 2-16 2.5 Reinstalling POLYCENTER Security CM.......... 2-18 2.6 Deinstalling POLYCENTER Security CM.......... 2-18 2.6.1 Deinstalling POLYCENTER Security CM on a Local Disk............................... 2-18 2.6.2 Deinstalling POLYCENTER Security CM on a DMS Server Area.......................... 2-21 2.7 Unmounting POLYCENTER Security CM from an NFS Server....................................... 2-24 2.7.1 Tasks to Perform on Each NFS Client...... 2-25 2.7.2 Tasks to Perform on the NFS Server....... 2-25 2.8 Stopping the Installation.................... 2-26 3 After Installing POLYCENTER Security CM 3.1 Using Release Notes.......................... 3-1 3.2 Starting the Inspect Daemon.................. 3-2 3.3 Running the Installation Verification Procedure.................................... 3-3 3.4 Modifying or Creating System Startup Files and Configuration Files...................... 3-4 3.4.1 Modifying the /etc/rc.local File on ULTRIX Systems........................... 3-5 3.4.2 Creating a Link to the /sbin/init.d/inspectd File on Digital UNIX Systems..................... 3-6 3.4.3 Modifying the /etc/services File......... 3-6 3.4.4 Modifying the /etc/inetd.conf File....... 3-6 3.5 Error Recovery............................... 3-7 iv A Sample Installation A.1 Sample Installation.......................... A-1 A.2 Sample IVP................................... A-7 B Files Modified and Installed by POLYCENTER Security CM B.1 Files Modified by the Installation........... B-1 B.2 Files Installed by the Installation ......... B-2 Glossary Index Tables 1-1 Required Subsets......................... 1-3 1-2 Optional Subsets......................... 1-3 1-3 POLYCENTER Security CM Subsets........... 1-4 1-4 Subset Sizes (Kilobytes Required)........ 1-5 B-1 Files Modified by the Installation....... B-1 B-2 Directories That the Installation Creates on a VAX ULTRIX System................... B-2 B-3 Directories That the Installation Creates on a RISC ULTRIX System.................. B-3 B-4 Directories That the Installation Creates on a Digital UNIX System................. B-5 B-5 Files Installed in the /usr/bin Directory................................ B-6 B-6 Files Installed in the bin Directory..... B-8 B-7 Files Installed in the doc Directory..... B-9 B-8 Files Installed in the /usr/man/man8 or in the /usr/opt/SOA250/man Directory..... B-9 B-9 Files Installed in the /usr/etc/subsets Directory on ULTRIX Systems.............. B-10 B-10 Files Installed in the /usr/.smdb. Directory on Digital UNIX Systems........ B-12 B-11 Files Installed in the database Directory................................ B-14 v B-12 Files Installed in the dict Directory.... B-16 B-13 Files Installed in the files Directory... B-16 B-14 Files Installed in the isl Directory..... B-20 B-15 Files Installed in the program Directory................................ B-20 vi ________________________________________________________________ Preface This guide describes how to install POLYCENTER [TM] Security Compliance Manager (CM) for Digital UNIX[R] (formerly DEC OSF/1[R]) and POLYCENTER Security CM for ULTRIX[TM]. Audience The audience for this guide is system managers who manage Digital UNIX and ULTRIX systems. Structure of This Guide This guide is divided into three chapters, two appendixes, a glossary, and an index: o Chapter 1 describes the operating system and hardware requirements for a POLYCENTER Security CM installation and the related procedures that you complete before installing POLYCENTER Security CM. o Chapter 2 describes the installation procedure. o Chapter 3 describes the postinstallation procedures that you can perform after installing POLYCENTER Security CM. o Appendix A contains a sample listing of the POLYCENTER Security CM installation. o Appendix B describes the files that the POLYCENTER Security CM installation modifies and installs on the system. o The Glossary defines some important terms used in this guide. vii Associated Documents The following documents contain more information about POLYCENTER Security CM: o POLYCENTER Security Compliance Manager for UNIX Systems User's Guide - This document describes how to use POLYCENTER Security CM on AIX[R], Digital UNIX, HP- UX[R], SunOS, Solaris[R] 2, and ULTRIX systems. o POLYCENTER Security Compliance Manager for AIX, HP-UX, SunOS, and Solaris Installation Guide - This document describes how to install POLYCENTER Security CM on AIX, HP-UX, SunOS, and Solaris 2 systems. o POLYCENTER Security Compliance Manager for OpenVMS User's Guide - This document describes how to use POLYCENTER Security CM on OpenVMS[TM] systems. o POLYCENTER Security Compliance Manager for OpenVMS Installation Guide - This document describes how to install POLYCENTER Security CM on OpenVMS systems. Related Documents See the following documents for information that is related to POLYCENTER Security CM: o POLYCENTER Security Reporting Facility for OpenVMS User's Guide-This document provides information about managing the security status tokens that POLYCENTER Security CM generates. o ULTRIX Security Guide for Administrators-This document describes the tasks and the considerations associated with managing system security in an ULTRIX environment. o ULTRIX Guide to Server Setup-This document describes how to set up a server processor to provide specific services to registered clients. o ULTRIX Guide to Diskless Management Services-This document describes how to install and maintain a diskless server area using the diskless management services utility. viii o ULTRIX Guide to Remote Installation Services-This document describes how to install and maintain a diskless server area using the remote installation services utility. o ULTRIX Version 4.0 Guide to Software Licensing- This document describes how to register the product authorization keys (PAKs) for POLYCENTER Security CM. Conventions The following conventions are used in this guide: __________________________________________________________ Convention____Description_________________________________ Note A note contains information that is of special importance to the reader. Caution A caution contains information to prevent damage to the equipment. Monospace Monospace type indicates both system type displays and user input. It also indicates literal strings in text. UPPERCASE The Digital UNIX and ULTRIX operating and systems differentiate between lowercase lowercase and uppercase characters. You must type literal strings exactly as they appear in text and examples. Uppercase characters in operation names indicate the characters that you can enter to choose that operation. boldface Boldface type in examples indicates user type input. Boldface type in text indicates the first instance of terms defined either in the text, in the glossary, or both. italic type Italic type emphasizes important informa- tion, indicates variables, and indicates the complete titles of manuals. % The percent sign (%) indicates the Digital UNIX and ULTRIX unprivileged user prompt. # The number sign (#) indicates the Digital UNIX and ULTRIX root account prompt. ix __________________________________________________________ Convention____Description_________________________________ Ctrl/x Ctrl/x indicates that you hold down the Ctrl key while you press another key (indicated here by x). [ ] In format descriptions, brackets indicate optional elements. You can choose none, one, or all of the options. nn nnn.nnn A space character separates digits in nn numerals with 5 or more digits. For example, 10 000 equals ten thousand. n.nn A period in numerals signals the decimal point indicator. For example, 1.75 equals one and three-fourths. POLYCENTER The term POLYCENTER Security CM for Digital Security CM UNIX refers to the POLYCENTER Security CM for Digital for Digital UNIX software. UNIX POLYCENTER The term POLYCENTER Security CM for ULTRIX Security CM refers to the POLYCENTER Security CM for for ULTRIX ULTRIX software. POLYCENTER The term POLYCENTER Security CM refers to Security CM both the POLYCENTER Security CM for Digital UNIX and the POLYCENTER Security CM for ULTRIX software. DECnet The term DECnet refers to the DECnet[TM] ______________networking_software.________________________ x 1 ________________________________________________________________ Preparing to Install POLYCENTER Security CM This chapter describes the information that you need when preparing to install POLYCENTER Security CM. This chapter contains information on the following: o Checking the media software distribution kit o Installation procedure requirements o Backing up the system disk o Allowing unprivileged users to run POLYCENTER Security CM o License Management Facility (LMF) support o Configuring POLYCENTER Security CM 1.1 Checking the Media Software Distribution Kit Use the Bill of Materials (BOM) to check the contents of the software distribution kit. The kit includes this installation guide and either a TK[TM]50, a 9-track magnetic tape, or a CD-ROM. 1.2 Installation Procedure Requirements The installation takes between 2 and 15 minutes to complete, depending on the system configuration. A Remote Installation Service (RIS) client installation can take longer, depending on the level of activity on the network. Preparing to Install POLYCENTER Security CM 1-1 Preparing to Install POLYCENTER Security CM 1.2.1 Privileges Needed for Installation You must have superuser privileges to install POLYCENTER Security CM. 1.2.2 Hardware Requirements The following table describes the hardware required to install POLYCENTER Security CM: __________________________________________________________ Operating_System______Hardware_Requirements_______________ Digital UNIX Any Alpha processor that is capable of running the correct version of the Digital UNIX operating system. ULTRIX One of the following: o DECstation[TM] o DECsystem[TM] o MicroVAX[TM] o VAX o VAXstation[TM] o VAXserver[TM] __________________________________________________________ 1.2.3 Software Requirements To run POLYCENTER Security CM, the following software must be installed on the system: o One of the following operating systems: - ULTRIX (Version 4.0 or higher) - Digital UNIX (Version 2.0 to Version 4.0) o reference page software This is necessary only if you want to install the POLYCENTER Security CM reference pages. 1-2 Preparing to Install POLYCENTER Security CM Preparing to Install POLYCENTER Security CM ________________________Note ________________________ Although the subsets listed in the following subsections may be present on the system, they may not be installed. These subsets must be installed before you can install POLYCENTER Security CM. _____________________________________________________ Required Operating System Subsets Table 1-1 lists the required operating system subsets for RISC ULTRIX, VAX ULTRIX, and Digital UNIX. Table_1-1_Required_Subsets________________________________ Operating_System______Subsets_____________________________ RISC ULTRIX UDTBASExxx, UDTINETxxx VAX ULTRIX ULTBASExxx, ULTINETxxx Digital_UNIX__________OSFBASExxx,_OSFINETxxx______________ where xxx denotes the version of the operating system, for example 421 denotes version 4.21. Optional Reference Page Subsets Table 1-2 lists the operating system subsets required to install the optional POLYCENTER Security CM reference pages on RISC ULTRIX, VAX ULTRIX, and Digital UNIX systems. Table_1-2_Optional_Subsets________________________________ Operating_System______Subsets_____________________________ RISC ULTRIX UDTMANxxx VAX ULTRIX ULTMANxxx Digital_UNIX__________OSFMANOSxxx_________________________ where xxx denotes the version of the operating system, for example 421 denotes version 4.21. Preparing to Install POLYCENTER Security CM 1-3 Preparing to Install POLYCENTER Security CM 1.2.4 Disk Space Requirements To determine the disk space requirements, follow these steps: 1. Choose the subsets that you want to install. Table 1-3 lists the subsets for RISC ULTRIX, VAX ULTRIX, and Digital UNIX systems. Table_1-3_POLYCENTER_Security_CM_Subsets________________________ RISC ULTRIX VAX ULTRIX Digital System System UNIX System Title_______________Identifier______Identifier______Identifier__ POLYCENTER SURBASE240 SUVBASE240 SOABASE250 Security CM Base System POLYCENTER SURMAN240 SUVMAN240 SOAMAN250 Security CM Manual Pages___________________________________________________________ 2. Calculate the disk space required for the subsets that you want to load. Table 1-4 lists the disk space requirements for the Digital UNIX, RISC ULTRIX, and VAX ULTRIX subsets. 1-4 Preparing to Install POLYCENTER Security CM Preparing to Install POLYCENTER Security CM Table_1-4_Subset_Sizes_(Kilobytes_Required)_____________________ Subset Kilobytes Subset_Title__________Identifier__Directory_____________Required POLYCENTER Security SURBASE240 /usr/kits/SUR240 2900 CM for ULTRIX Base System (RISC) /usr/var/kits/SUR240 500 Installation Files SURBASE240 /usr/etc/subsets 150 POLYCENTER Security SURMAN240 /usr/man/man8 10 CM for ULTRIX Manual Pages (RISC) --- Total: 3560 POLYCENTER Security SUVBASE240 /usr/kits/SUV240 2400 CM for ULTRIX Base System (VAX) /usr/var/kits/SUV240 500 Installation Files SUVBASE240 /usr/etc/subsets 150 POLYCENTER Security SUVMAN240 /usr/man/man8 10 CM for ULTRIX Manual Pages (VAX) --- Total: 3060 POLYCENTER Security SOABASE250 /usr/opt/SOA250 2800 CM for Digital UNIX Base System /var/opt/SOA250 1210 Installation Files SOABASE250 /usr/.smdb. 150 POLYCENTER Security SOAMAN250 /usr/opt/SOA250/man 12 CM for Digital UNIX Manual Pages --- ___________________________________________Total:_______4172____ Preparing to Install POLYCENTER Security CM 1-5 Preparing to Install POLYCENTER Security CM ________________________Note ________________________ For installations into a diskless environment, the disk space requirements that are specified in Table 1-4 for the /usr/var/kits filesystem on ULTRIX or the /var/opt filesystem on Digital UNIX apply to both the root area and each client area. The disk space requirements for the /usr/kits filesystem on ULTRIX and the /usr/opt filesystem on Digital UNIX apply only to the root area. _____________________________________________________ 3. Make sure that there is enough free space on the disk where these files will reside. To determine whether you have enough free disk space to install POLYCENTER Security CM, log in to the system where you intend to install POLYCENTER Security CM and enter the following command: # df The system responds with a display similar to the following: Filesystem Total kbytes kbytes % Mounted on kbytes used free used /dev/ra0a 15311 6155 7625 45% / barney:/cdrom 274583 139261 107864 56% /cd/barney barney:/stuff 274447 124415 122588 50% /stuff barney:/project 396255 244331 112299 69% /project This display indicates that there is sufficient disk space to install POLYCENTER Security CM on the root filesystem. 1.2.5 Special Requirements When you want to install POLYCENTER Security CM subsets from the RIS server area of a remote system, first check with the site system administrator to make sure that the following conditions are satisfied: o A POLYCENTER Security CM kit is installed in the RIS server area and is available for use 1-6 Preparing to Install POLYCENTER Security CM Preparing to Install POLYCENTER Security CM o The system is registered as a RIS client If POLYCENTER Security CM subsets are available to you on a RIS server system, you must know the name of that system to start the installation procedure. 1.3 Backing Up the System Disk Digital[TM] recommends that you back up the system disk before installing software. Use the backup procedures that are established at your site. See the Digital UNIX or the ULTRIX documentation set for information on how to back up a system disk. 1.4 Allowing Unprivileged Users to Run POLYCENTER Security CM By default only the superuser and members of the system group have the privileges required to run POLYCENTER Security CM. If you want to allow unprivileged users to run POLYCENTER Security CM, you must carry out the following steps before you start the installation: 1. Edit the /etc/group file and create a unique group, for example, inspect. 2. Include all users who need to run POLYCENTER Security CM in the unique group that you create. When you run the installation procedure it prompts you to enter the name of the group that you created. It then changes the group ownership of the POLYCENTER Security CM files in the following directories and their subdirectories to this group: o /var/opt/SOA250 and /usr/opt/SOA250 on Digital UNIX systems o /usr/var/kits/SUV240 and /usr/kits/SUV240 on VAX ULTRIX systems o /usr/var/kits/SUR240 and /usr/kits/SUR240 on RISC ULTRIX systems Preparing to Install POLYCENTER Security CM 1-7 Preparing to Install POLYCENTER Security CM ________________________Note ________________________ After installing POLYCENTER Security CM, you can use the POLYCENTER Security CM Setup Utility to change the group or to specify a different group of unprivileged users. See the POLYCENTER Security Compliance Manager for UNIX Systems User's Guide for information on how to use the POLYCENTER Security CM Setup Utility. _____________________________________________________ 1.5 License Management Facility Support POLYCENTER Security CM includes support for the License Management Facility (LMF). You must register a License Product Authorization Key (PAK) in the License Database (LDB) before you use POLYCENTER Security CM on a newly licensed node. If you ordered the license and media together, the PAK may be shipped with the kit. If you did not, the PAK is shipped separately to the location specified on your license order. If you are installing POLYCENTER Security CM as an update on a node that is licensed for this software, you have completed the PAK registration requirements. ______________________ Caution ______________________ You must register the PAK before installing POLYCENTER Security CM. _____________________________________________________ Register the PAK as follows: 1. Log in as a superuser. 2. At the superuser prompt, edit an empty PAK template using the lmf register command and include all the information on the PAK: # lmf register 1-8 Preparing to Install POLYCENTER Security CM Preparing to Install POLYCENTER Security CM For more information on using the License Management Facility, see the Guide to Software License Management or the lmf(8) reference page. 1.6 Configuring POLYCENTER Security CM Before installing POLYCENTER Security CM, you must decide whether you want to use the POLYCENTER Security Reporting Facility (SRF). You have the following two options: o Use POLYCENTER Security CM as a local testing tool (the POLYCENTER Security CM software does not communicate with POLYCENTER SRF). o Use POLYCENTER Security CM as part of a network testing tool (the POLYCENTER Security CM software communicates with POLYCENTER SRF). 1.6.1 Using POLYCENTER Security CM as a Local Testing Tool When you use POLYCENTER Security CM as a local testing tool, it generates a report after each inspection and sends it to you by electronic mail. It does not generate a token when you execute the Required Inspector. See Section 1.6.2 for more information on tokens. When you use POLYCENTER Security CM in this configuration you can check, modify, and correct security-specific settings on the system. However, the system is excluded from the global view of network security that POLYCENTER SRF provides. 1.6.2 Using POLYCENTER Security CM as Part of a Network Testing Tool To use POLYCENTER Security CM as part of a network testing tool, you must also use POLYCENTER SRF. POLYCENTER SRF is a software application designed to collect and store coded security-status messages, called tokens. Designated users can access the stored data to monitor the security compliance of AIX, Digital UNIX, HP-UX, OpenVMS Alpha, OpenVMS VAX, Solaris 2, SunOS, or ULTRIX nodes on the network. Preparing to Install POLYCENTER Security CM 1-9 Preparing to Install POLYCENTER Security CM When you use POLYCENTER Security CM in this way, it generates a report after each inspection. When you execute the Required Inspector, it generates a report and also generates a token. POLYCENTER Security CM sends the token to the node where POLYCENTER SRF is installed (POLYCENTER SRF node). When you use POLYCENTER Security CM with POLYCENTER SRF you must choose how POLYCENTER Security CM sends the tokens to the POLYCENTER SRF node before you begin the installation procedure. You have the following options: o Send tokens to the POLYCENTER SRF node using a passthru server (inspectpassd) You can choose this option if DECnet is not installed on the system. If DECnet is not installed, you must use the Transmission Control Protocol/Internet Protocol [TCP/IP]). Nodes that do not use DECnet can communicate directly with the POLYCENTER SRF node only if the version of POLYCENTER SRF installed on the system is Version 2.1 or higher. If you are using a passthru server, POLYCENTER Security CM sends the tokens to the passthru server node. The passthru server node uses DECnet to forward the tokens to the POLYCENTER SRF node. o Send tokens directly to the POLYCENTER SRF node If the version of POLYCENTER SRF installed on your system is lower than Version 2.1, then this option is available only to Digital UNIX and ULTRIX nodes that have DECnet installed. POLYCENTER Security CM uses DECnet to send tokens directly to the POLYCENTER SRF node. If the version of POLYCENTER SRF installed on your system is Version 2.1 or higher, then POLYCENTER Security CM uses TCP/IP to send tokens directly to the POLYCENTER SRF node. o Install POLYCENTER Security CM as a passthru server This option is available only to nodes that are running both TCP/IP and DECnet. When you install POLYCENTER Security CM as a passthru server, it uses DECnet to send tokens directly to the POLYCENTER SRF node. The passthru server can also forward tokens sent by other nodes that have specified it as a passthru server. See 1-10 Preparing to Install POLYCENTER Security CM Preparing to Install POLYCENTER Security CM Section 2.1 for information on configuring the system as a passthru server. Figure 1-1 shows example configurations that use POLYCENTER SRF. Preparing to Install POLYCENTER Security CM 1-11 2 ________________________________________________________________ Installing POLYCENTER Security CM This chapter describes how to install POLYCENTER Security CM. It gives information on the following: o Installing POLYCENTER Security CM on a local disk o Installing POLYCENTER Security CM using the DMS utility o Installing POLYCENTER Security CM using the RIS utility o Mounting POLYCENTER Security CM from an NFS[R] server o Reinstalling POLYCENTER Security CM o Deinstalling POLYCENTER Security CM o Unmounting POLYCENTER Security CM from an NFS server o Stopping the installation 2.1 Installing POLYCENTER Security CM on a Local Disk This section describes how to install POLYCENTER Security CM on a local disk. A local disk is a disk that belongs to the system on which you install POLYCENTER Security CM. To install POLYCENTER Security CM on a local disk, follow these steps: 1. Do one of the following, depending on the media you are using: o Load the tape into the tape drive. o Load the CD-ROM into the CD-ROM drive. 2. Log in and become the superuser. 3. If a previous version of POLYCENTER Security CM is installed on the system, deinstall that version before starting this procedure. Installing POLYCENTER Security CM 2-1 Installing POLYCENTER Security CM See Section 2.6 for information on deinstalling POLYCENTER Security CM. 2-2 Installing POLYCENTER Security CM Installing POLYCENTER Security CM 4. If you are installing from a CD-ROM, mount the CD-ROM by entering a command similar to the following: # mount -r /dev/rz4c /mnt 5. Enter a setld command with the -l load option and the name of the device or directory containing the POLYCENTER Security CM subsets. For example: o # setld -l /dev/rmt0h installs POLYCENTER Security CM for ULTRIX from tape o # setld -l /mnt/kit installs POLYCENTER Security CM for Digital UNIX from the distribution CD-ROM o # setld -l /mnt/soa250/kit installs POLYCENTER Security CM for Digital UNIX from the Digital UNIX Software Products Library CD-ROM The system displays the following menu: *** Enter Subset Selections *** The subsets listed below are optional: 1) POLYCENTER Security CM Base (RISC) 2) POLYCENTER Security CM Man Pages 3) All of the Above 4) None of the Above 5) Exit without installing subsets Enter your choice(s): 6. Enter the number corresponding to the menu item that you want to install. Menu item 3 installs all the components of POLYCENTER Security CM. If you specify more than one number, separate each number with a space. POLYCENTER Security CM displays a prompt similar to the following, asking you to confirm your choice: You are installing the following subsets: POLYCENTER Security CM Base (RISC) POLYCENTER Security CM Man Pages Is this correct? (y/n): Installing POLYCENTER Security CM 2-3 Installing POLYCENTER Security CM 7. Enter y to confirm your choice. Enter n to return to the menu. If you enter y and have satisfied the following conditions, the installation procedure displays informational messages and a prompt: o You have superuser privileges o You have selected the appropriate subsets for the system type, either Digital UNIX, RISC ULTRIX, or VAX ULTRIX o You have installed the prerequisite software If you do not satisfy these conditions, the installa- tion procedure displays an error message. If you have satisfied the conditions, the installation procedure continues and provides all the information required to successfully install POLYCENTER Security CM. Appendix A contains sample POLYCENTER Security CM installations. 2.2 Installing POLYCENTER Security CM Using the DMS Utility You can use the ULTRIX Diskless Management Services (DMS) utility to install POLYCENTER Security CM as follows: 1. Install POLYCENTER Security CM into a DMS server area 2. Configure POLYCENTER Security CM on each client ________________________Note ________________________ You cannot currently use the DMS utility to install POLYCENTER Security CM on Digital UNIX systems. _____________________________________________________ See the Guide to Diskless Management Services for more information on DMS. 2-4 Installing POLYCENTER Security CM Installing POLYCENTER Security CM 2.2.1 Installing POLYCENTER Security CM into a DMS Server Area When you install POLYCENTER Security CM into a DMS server area, you must install it into the /usr area on each client. You must install POLYCENTER Security CM on all the clients. You cannot install it selectively on some clients and not on others. DMS propagates the installed files that are private to each client system's /dlclientn area. DMS searches the entire /dlenvn area, ignoring the /usr area, and propagates the additional files to each client. To install POLYCENTER Security CM on the server system, follow these steps: 1. Log in and become the superuser. 2. Enter the following command: # /etc/dms The DMS Utility displays the following menu: DISKLESS MANAGEMENT SERVICES (DMS) UTILITY MENU a - Add Client Processor m - Modify Client Parameters r - Remove Client Processor l - List Registered Clients s - Show Products in Diskless Environments i - Install Software c - Create Diskless Area on Disk k - Kernel Rebuild or Copy e - Exit Enter your choice: 3. Enter i to install software. The DMS Utility displays the following messages and menu: The menu below offers you two software installation alternatives: 1) You can install an operating system to a new diskless area. 2) You can install additional software to an existing diskless area that already contains an operating system. Diskless Area Software Installation Menu: Installing POLYCENTER Security CM 2-5 Installing POLYCENTER Security CM 1 Install Operating System to New Area 2 Add Software to Existing Area 3 Return to Previous Menu Enter your choice: 4. Enter 2 to add software to an existing area. The DMS Utility displays the following messages: You have chosen to install additional software into an existing diskless environment. These are the available installation directories: 1. /dlenv0/root0.mips 2. /dlenv0/root0.vax Enter your choice: 5. Do one of the following: o If you are installing POLYCENTER Security CM on a RISC ULTRIX system, enter 1 at the Enter your choice prompt. o If you are installing POLYCENTER Security CM on a VAX ULTRIX system, enter 2 at the Enter your choice prompt. The DMS Utility displays the following message: Enter the device special name or mount point of the distribution media, for example, /dev/rmt0h: 6. Enter the input device name, for example, /dev/rmt0h:. The DMS Utility displays the following message and prompt: The product software will automatically be propagated to every registered client. Is this alright? (y/n): 7. Do one of the following: o To return to the DMS Utility Menu, enter n. o To allow all registered clients to have access to POLYCENTER Security CM, enter y. 2-6 Installing POLYCENTER Security CM Installing POLYCENTER Security CM The DMS Utility displays the following message and then begins the installation procedure: Working...Wed Feb 9 13:19:43 GMT 1994 The system displays the following menu: *** Enter Subset Selections *** The subsets listed below are optional: 1) POLYCENTER Security CM Base (RISC) 2) POLYCENTER Security CM Man Pages 3) All of the Above 4) None of the Above 5) Exit without installing subsets Enter your choice(s): 8. Enter the number corresponding to the menu item that you want to install. Menu item 3 installs all the components of POLYCENTER Security CM. If you specify more than one number, separate each number with a space. POLYCENTER Security CM displays a prompt similar to the following, asking you to confirm your choice: You are installing the following subsets: POLYCENTER Security CM Base (RISC) POLYCENTER Security CM Man Pages Is this correct? (y/n): 9. Enter y to confirm your choice. Enter n to return to the menu. After you enter this command, the installation procedure provides all the information required to successfully install POLYCENTER Security CM. Appendix A contains sample POLYCENTER Security CM installations. When the installation procedure is complete it displays the following message: Installing POLYCENTER Security CM 2-7 Installing POLYCENTER Security CM *************************************************************************** * * * POLYCENTER Security CM for ULTRIX is installed below/dlenv4/root0.vax. * * * * If this is a DMS installation, you must configure POLYCENTER Security * * * * CM for ULTRIX on your DMS _client_ system by entering the following * * command: * * * * # setld -c SUVBASE240 INSTALL * * * *************************************************************************** WARNING: If this is NOT a DMS installation, POLYCENTER Security CM cannot function correctly unless the necessary links and group and file protections are set up. Creating the following links: o /dlenv4/root0.vax/usr/bin/inspect o /dlenv4/root0.vax/usr/bin/inspectsetup Working...Wed Feb 7 13:25:04 GMT 1994 Propagating to barney ... 2.2.2 Configuring POLYCENTER Security CM on the DMS Client Systems After installing POLYCENTER Security CM into the server area, you must configure it on each client system as follows: 1. Configure the system to start the inspect daemon at system startup time by modifying the /etc/rc.local file. See Section 3.4.1 for information on how to modify this file. 2. Use the POLYCENTER Security CM Setup Utility to configure the token setup to send tokens to the appropriate SRF node. See the POLYCENTER Security Compliance Manager for UNIX Systems User's Guide for information on how to configure the token setup. 3. Run the installation verification procedure (IVP). See Section 3.3 for information on how to run the IVP. 2-8 Installing POLYCENTER Security CM Installing POLYCENTER Security CM 2.3 Installing POLYCENTER Security CM Using the RIS Utility You can use the Remote Installation Services (RIS) utility to install POLYCENTER Security CM by doing the following: 1. Installing POLYCENTER Security CM into a RIS server area 2. Configuring POLYCENTER Security CM on each client See the Guide to the Remote Installation Services for more information on the RIS Utility. 2.3.1 Installing POLYCENTER Security CM into a RIS Server Area To install POLYCENTER Security CM on the server system, follow these steps: 1. Log in and become the superuser. 2. Enter one of the following commands: o # /etc/ris on VAX ULTRIX and RISC ULTRIX systems o # /usr/sbin/ris on Digital UNIX systems The RIS Utility displays one of the following menus: o On VAX ULTRIX and RISC ULTRIX systems: REMOTE INSTALLATION SERVICES (RIS) MENU a - Add Client r - Remove Client s - Show Products in Remote Installation Environments m - Modify Client i - Install Software d - Delete Software e - Exit Enter your choice: o On Digital UNIX systems: *** RIS Utility Main Menu *** Installing POLYCENTER Security CM 2-9 Installing POLYCENTER Security CM a) - ADD a Client d) - DELETE software products i) - INSTALL software products l) - LIST registered clients m) - MODIFY a client r) - REMOVE a client s) - SHOW software products in remote installation environments x) - EXIT Enter your choice: 3. Enter i to install software. The RIS Utility displays messages and a menu similar to the following: The menu below offers you two software installation alternatives: 1) You can create a new area to serve either RISC or VAX clients by installing a software product. The ris utility automatically creates the new area. 2) You can install additional software to an existing area that serves either RISC or VAX clients. RIS Software Installation Menu: 1 Install Software to a New Area. 2 Add Software to an Existing Area. 3 Return to Previous Menu Enter your choice: 4. Enter 2 to add software to an existing area. The RIS Utility displays the following messages and prompt: o On VAX ULTRIX and RISC ULTRIX systems: You have chosen to add a new product into an existing environment. Select the remote installation environment: 1 /var/adm/ris/ris0.mips ULTRIX V4.0/ULTRIX WS V4.0 MANDATORY SUPPORTED (RISC) 2 /var/adm/ris/ris0.vax ULTRIX V4.0/ULTRIX WS V4.0 SUPPORTED (VAX) 2-10 Installing POLYCENTER Security CM Installing POLYCENTER Security CM Enter your choice: o On Digital UNIX systems: You have chosen to add a product to an existing environment. The existing environment is /var/adm/ris/ris0.alpha. 5. Do one of the following: o If you are installing POLYCENTER Security CM on a RISC ULTRIX system, enter 1 at the Enter your choice prompt. o If you are installing POLYCENTER Security CM on a VAX ULTRIX system, enter 2 at the Enter your choice prompt. o If you are installing POLYCENTER Security CM on a Digital UNIX system, you do not need to enter a choice. The RIS Utility displays the following message: Enter the device special file name or the path of the directory where the software is located, for example, /dev/rmt0h: 6. Enter the input device name, for example, /dev/rmt0h. The system displays the following menu: *** Enter Subset Selections *** The subsets listed below are optional: 1) POLYCENTER Security CM Base (RISC) 2) POLYCENTER Security CM Man Pages 3) All of the Above 4) None of the Above 5) Exit without installing subsets Enter your choice(s): 7. Enter the number corresponding to the menu item that you want to install. Menu item 3 installs all the components of POLYCENTER Security CM. If you specify more than one number, separate each number with a space. Installing POLYCENTER Security CM 2-11 Installing POLYCENTER Security CM POLYCENTER Security CM displays a prompt similar to the following, asking you to confirm your choice: You are installing the following subsets: POLYCENTER Security CM Base (RISC) POLYCENTER Security CM Man Pages Is this correct? (y/n): 8. Enter y to confirm your choice. Enter n to return to the menu. After you enter this command, the installation procedure provides all the information required to successfully install POLYCENTER Security CM. Appendix A contains sample POLYCENTER Security CM installations. When the installation procedure has installed the subsets, the RIS Utility displays the following message: Media extraction complete. The RIS Utility then displays the RIS Menu. 9. Repeat steps a to e for each RIS client on which you want to install POLYCENTER Security CM. a. Enter m at the Enter your choice prompt on the Remote Installation Services Menu. The RIS Utility displays the following messages and prompt: The following clients are available to modify: clienta clientb Enter the client processor's hostname: b. Enter the node name of the client that you want to modify at the Enter the client processor's hostname prompt. The RIS Utility displays the following message and prompt: Enter the client processor's hardware Ethernet address, for example, 08-00-2b-02-67-e1 [08-00-2b-14-ac-d1]: 2-12 Installing POLYCENTER Security CM Installing POLYCENTER Security CM c. Enter the client processor's hardware Ethernet address or press Return to choose the default value. The RIS Utility displays messages and a prompt similar to the following: The existing environment is /usr/var/adm/ris/ris0.mips. The client currently can install the following products from /usr/var/adm/ris/ris0.mips: 'POLYCENTER Security CM for ULTRIX Base (RISC)' 'POLYCENTER Security CM for ULTRIX Manual Pages ' Select one or more products for the client to install from /usr/var/adm/ris/ris0.mips: Product Description 1 'POLYCENTER Security CM for ULTRIX Base (RISC)' 2 'POLYCENTER Security CM for ULTRIX Manual Pages' Enter one or more choices, for example, 1 2: d. Enter the numbers corresponding to the products that you want to install at the Enter one or more choices, for example, 1 2 prompt. Separate each choice with a space. The RIS Utility displays a message similar to the following: You chose the following products: 1 'POLYCENTER Security CM for ULTRIX Base (RISC)' 2 'POLYCENTER Security CM for ULTRIX Manual Pages' Is that correct (y/n)? [y]: e. Enter y if the list is correct. If the list is not correct, enter n to return to step 4 and reenter the products. After modifying the client's records to include the list of products that you can install, the RIS Utility displays a message similar to the following: clienta has been modified. The installation procedure is now complete. Installing POLYCENTER Security CM 2-13 Installing POLYCENTER Security CM 2.3.2 Configuring POLYCENTER Security CM on the RIS Client Systems After installing POLYCENTER Security CM into the server area, you must configure it on each client system as follows: 1. Log in to the client system and become the superuser. 2. Enter the following command: % setld -l server: xxxBASEyyy xxxMANyyy where: o server is the name of the server on which POLYCENTER Security CM is installed. o xxx stands for the characters SOA on Digital UNIX systems, SUR on RISC ULTRIX systems, and SUV on VAX ULTRIX systems. o yyy stands for the characters 250 on Digital UNIX systems and the characters 240 on RISC ULTRIX and VAX ULTRIX systems. After you enter this command, the installation procedure provides all the information required to successfully install POLYCENTER Security CM. Appendix A contains sample POLYCENTER Security CM installations. 2.4 Mounting POLYCENTER Security CM from an NFS Server If you mount POLYCENTER Security CM from a Network File System (NFS) server, you need to install POLYCENTER Security CM only once (on the server) and then export it to each of the NFS clients. To be able to mount POLYCENTER Security CM from an NFS server, you must perform the tasks described in Section 2.4.1 and Section 2.4.2. 2-14 Installing POLYCENTER Security CM Installing POLYCENTER Security CM 2.4.1 Tasks to Perform on the NFS Server You must perform the following tasks on the NFS server: 1. Install POLYCENTER Security CM. 2. Create a directory for each client by entering a command similar to the following: # mkdir /inspect/var/client_name where client_name is the name of an NFS client. 3. Copy the database and associated files into each of the client directories that you created in Step 1. POLYCENTER Security CM does not support shared databases. If you do not create a separate copy of the POLYCENTER Security CM database and associated files, then information in the database may be overwritten and corrupted. Enter one of the following commands for each client to copy the database and associated files into the appropriate directory: o # cp -rp /var/opt/SOA250/* /inspect/var/client_name on Digital UNIX systems o # cp -rp /usr/var/kits/SUV240/* /inspect/var/client_ name on VAX ULTRIX systems o # cp -rp /usr/var/kits/SUR240/* /inspect/var/client_ name on RISC ULTRIX systems where client_name is the name of an NFS client. 4. Add entries similar to the following to the /etc /exports file to enable each client to mount the server's filesystems containing the database and associated files for that client: /inspect/var/client_name -r=0 client_name where client_name is the name of an NFS client. You must add a similar entry for each client because you need to export each database directory that you created in Section 2.4.1 to the appropriate client. Installing POLYCENTER Security CM 2-15 Installing POLYCENTER Security CM 5. Add an entry similar to one of the following to the /etc/exports file, to enable each client to mount the server's filesystems containing the executable images and associated files for all of the clients: o /usr/opt/SOA250 -r=0 client1 client2... on Digital UNIX systems o /usr/kits/SUR240 -r=0 client1 client2... on RISC ULTRIX systems o /usr/kits/SUV240 -r=0 client1 client2... on VAX ULTRIX systems where client1 client2... is a list of NFS clients separated by spaces. This entry allows you to export the POLYCENTER Security CM executable images to all clients that have the same system type. 2.4.2 Tasks to Perform on Each NFS Client Log in to each client and do the following: 1. Enter one of the following commands to create a directory for the database and associated files: o # mkdir /var/opt/SOA250 on Digital UNIX systems o # mkdir /usr/var/kits/SUV240 on ULTRIX VAX systems o # mkdir /usr/var/kits/SUR240 on ULTRIX RISC systems 2. Enter one of the following commands to mount the database and associated files from the server: o # mount -t nfs server_name:/inspect/var/client_name /var/opt/SOA250 on Digital UNIX systems o # mount -t nfs server_name:/inspect/var/client_name /usr/var/kits/SUV240 on ULTRIX VAX systems o # mount -t nfs server_name:/inspect/var/client_name /usr/var/kits/SUR240 on ULTRIX RISC systems where: o server_name is the name of the NFS server o client_name is the name of an NFS client. 2-16 Installing POLYCENTER Security CM Installing POLYCENTER Security CM 3. On each client, enter one of the following commands to make a directory for the executable images and associated files: o # mkdir /usr/opt/SOA250 on Digital UNIX systems o # mkdir /usr/kits/SUV240 on VAX ULTRIX systems o # mkdir /usr/kits/SUR240 on RISC ULTRIX systems 4. On each client, enter one of the following commands to mount the executable images and associated files from the server: o # mount -t nfs server_name:/usr/opt/SOA250 /usr/opt /SOA250 on Digital UNIX systems o # mount -t nfs server_name:/usr/kits/SUV240 /usr /kits/SUV240 on VAX ULTRIX systems o # mount -t nfs server_name:/usr/kits/SUR240 /usr /kits/SUR240 on RISC ULTRIX systems where server_name is the name of the NFS server. 5. Enter one of the following commands to create links to the appropriate executable image: o # ln -s /usr/opt/SOA250/bin/inspect /usr/bin/inspect on Digital UNIX systems o # ln -s /usr/kits/SUV240/bin/inspect /usr/bin /inspect on VAX ULTRIX systems o # ln -s /usr/kits/SUR240/bin/inspect /usr/bin /inspect on RISC ULTRIX systems 6. Enter one of the following commands to create links to the appropriate script: o # ln -s /usr/opt/SOA250/bin/inspectsetup /usr/bin /inspectsetup on Digital UNIX systems o # ln -s /usr/kits/SUV240/bin/inspect /usr/bin /inspectsetup on VAX ULTRIX systems o # ln -s /usr/kits/SUR240/bin/inspectsetup /usr/bin /inspectsetup on RISC ULTRIX systems Installing POLYCENTER Security CM 2-17 Installing POLYCENTER Security CM 7. Start the inspect daemon. See Section 3.2 for information on starting the inspect daemon. ________________________Note ________________________ The token configuration on each NFS client will be the same as on the NFS server. Use the POLYCENTER Security CM Setup Utility to change the token con- figuration. See the POLYCENTER Security Compliance for UNIX Systems User's Guide for more information on the POLYCENTER Security CM Setup Utility. _____________________________________________________ 2.5 Reinstalling POLYCENTER Security CM You can reinstall POLYCENTER Security CM at any time. However, when you reinstall POLYCENTER Security CM, you lose all of the inspectors in the database. If you want to maintain these inspectors, deinstall POLYCENTER Security CM and save the database before reinstalling it. 2.6 Deinstalling POLYCENTER Security CM Before installing a new version of POLYCENTER Security CM, you must deinstall the old version and save the inspectors that you created. When you install the new version, the inspectors are then automatically restored. This section describes how to deinstall POLYCENTER Security CM from the following types of systems: o Systems with POLYCENTER Security CM installed on a local disk, including systems in RIS server areas o Systems in DMS server areas (ULTRIX only) 2.6.1 Deinstalling POLYCENTER Security CM on a Local Disk Follow these steps to deinstall POLYCENTER Security CM on a local disk: 1. Enter the following command at the superuser prompt: # setld -d xxxBASEyyy xxxMANyyy 2-18 Installing POLYCENTER Security CM Installing POLYCENTER Security CM where: o xxx stands for the characters SOA on Digital UNIX systems, SUR on RISC ULTRIX systems, and SUV on VAX ULTRIX systems. o yyy stands for the characters 250 on Digital UNIX systems and 240 on RISC ULTRIX systems and on VAX ULTRIX systems. The deinstallation procedure responds with a message and prompt similar to the following: Deleting POLYCENTER Security CM for Digital UNIX Man Pages (SOAMAN250). Deleting POLYCENTER Security CM for Digital UNIX Base (SOABASE250). You can save the POLYCENTER Security CM database. When you reinstall POLYCENTER Security CM, you can access the inspectors in this database. Do you want to save the POLYCENTER Security CM database? (y/n) [y]: 2. Enter y if you want to save the POLYCENTER Security CM database. Enter n if you do not want to save the POLYCENTER Security CM database. If you enter y, the deinstallation procedure displays messages that are similar to the following: Saving database ./var/opt/SOA250/database ... saving ./var/opt/SOA250/database/root_Default_File_Permissions_V1 ... saving ./var/opt/SOA250/database/root_Practical_UNIX_Security_V1 ... saving ./var/opt/SOA250/database/root_Example_Required_Inspector_V1 ... saving ./var/opt/SOA250/database/diu_index_V1 ... saving ./var/opt/SOA250/database/diu_config.required_V1 ... saving ./var/opt/SOA250/database/diu_crc.inspect_V1 ... saving ./var/opt/SOA250/database/diu_crc.system_V1 Modifications made to system files during installation will now be undone. Removing /sbin/rc3.d/S77inspectd ... Removing /sbin/init.d/inspectd ... Installing POLYCENTER Security CM 2-19 Installing POLYCENTER Security CM This procedure will modify the file /etc/services automatically, or you can choose to modify it yourself afterwards. The automatic modification involves removing the lines added automatically during installation. If you choose to modify the file yourself, you will be given instructions below. This change is non-intrusive. In other words, if no modifications were made at installation -- if, for example, you chose not to have your local /etc/services file updated because this file is distributed -- then no changes will be made now, even if you answer y to the following question (although a backup copy of /etc/services will still be made). Do you want the installation procedure to automatically modify the file /etc/services? (y/n) [y]: 3. Enter y if you want to automatically modify the /etc /services file. Enter n if you do not want to automatically modify this file. If you enter y, the deinstallation procedure displays messages that are similar to the following: Modifying /etc/services ... ... saving copy in /etc/services.sav1 This procedure will modify the file /etc/inetd.conf automatically, or you can choose to modify it yourself afterwards. The automatic modification involves removing the lines added automatically during installation. If you choose to modify the file yourself, you will be given instructions below. This change is non-intrusive. In other words, if no modifications were made at installation -- if, for example, you chose not to have your local /etc/inetd.conf file updated because this file is distributed -- then no changes will be made now, even if you answer y to the following question (although a backup copy of /etc/inetd.conf will still be made). Do you want the installation procedure to automatically modify the file /etc/inetd.conf? (y/n) [y]: 2-20 Installing POLYCENTER Security CM Installing POLYCENTER Security CM 4. Enter y if you want to automatically modify the /etc /inetd.conf file. Enter n if you do not want to automatically modify this file. If you enter y, the deinstallation procedure displays messages that are similar to the following: Modifying /etc/inetd.conf ... ... saving copy in /etc/inetd.conf.sav1 Restarting the inetd daemon. The following processes are running: root 339 1 0.0 18:57:03 ?? 6:19.79 /usr/opt/SOA250/bin/inspectd Do you want to kill them? (y/n) [y]: Deleting "POLYCENTER Security CM for Digital UNIX Base (Alpha)" (SOABASE250). Removing directory /usr/opt/SOA250 Removing link /usr/bin/inspect Removing link /usr/bin/inspectsetup 2.6.2 Deinstalling POLYCENTER Security CM on a DMS Server Area This section describes how to deinstall POLYCENTER Security CM on a DMS server area. You can deinstall POLYCENTER Security CM from either a DMS client, the DMS server, or from both clients and servers. To completely deinstall POLYCENTER Security CM on a DMS server area, you must deinstall it from all the clients, then deinstall it from the server. This section includes information on the following: o Deinstalling POLYCENTER Security CM on a DMS client o Deinstalling POLYCENTER Security CM on the DMS server This section is relevant on ULTRIX systems only. Deinstalling POLYCENTER Security CM on a DMS Client To deinstall POLYCENTER Security CM on a DMS client, follow these steps: 1. Enter the following command at the superuser prompt: # setld -c xxxBASE240 DELETE Installing POLYCENTER Security CM 2-21 Installing POLYCENTER Security CM where xxx stands for the letters SUR on RISC ULTRIX systems and the letters SUV on VAX ULTRIX systems. The deinstallation procedure responds with a message and prompt similar to the following: Configuring SUVBASE240 You can save the POLYCENTER Security CM database. When you reinstall POLYCENTER Security CM, you can access the inspectors in this database. Do you want to save the POLYCENTER Security CM database? (y/n) [y]: 2. Enter y if you want to save the database. Enter n if you do not want to save the POLYCENTER Security CM database. If you enter y, the deinstallation procedure displays messages that are similar to the following: Saving database ./usr/var/kits/SUV240/database ... saving ./usr/var/kits/SUV240/database/root_Default_File_Permissions_V1 ... saving ./usr/var/kits/SUV240/database/root_Practical_UNIX_Security_V1 ... saving ./usr/var/kits/SUV240/database/root_Required_Inspector_sav3 ... saving ./usr/var/kits/SUV240/database/diu_index_sav1 ... saving ./usr/var/kits/SUV240/database/diu_config.required_V1 ... saving ./usr/var/kits/SUV240/database/diu_crc.inspect_V1 ... saving ./usr/var/kits/SUV240/database/diu_crc.system_V1 Modifications made to system files during installation will now be undone. This procedure will modify the file /etc/rc.local automatically, or you can choose to modify it yourself afterwards. The automatic modification involves removing the lines added automatically during installation. If you choose to modify the file yourself, you will be given instructions below. This change is non-intrusive. In other words, if no modifications were made at installation -- if, for example, you chose not to have your local /etc/rc.local file updated because this file is distributed -- then no changes will be made now, even if you answer y to the following question (although a backup copy of /etc/rc.local will still be made). Do you want the installation procedure to automatically modify the file /etc/rc.local? (y/n) [y]: y 2-22 Installing POLYCENTER Security CM Installing POLYCENTER Security CM 3. Enter y if you want to automatically modify the etc /rc.local file. Enter n if you do not want to automatically modify this file. If you enter y, the deinstallation procedure displays messages that are similar to the following: Modifying /etc/rc.local ... ... saving copy in /etc/rc.local.sav1 This procedure will modify the file /etc/services automatically, or you can choose to modify it yourself afterwards. The automatic modification involves removing the lines added automatically during installation. If you choose to modify the file yourself, you will be given instructions below. This change is non-intrusive. In other words, if no modifications were made at installation -- if, for example, you chose not to have your local /etc/services file updated because this file is distributed -- then no changes will be made now, even if you answer y to the following question (although a backup copy of /etc/services will still be made). Do you want the installation procedure to automatically modify the file /etc/services? (y/n) [y]: y 4. Enter y if you want to automatically modify the etc /services file. Enter n if you do not want to automatically modify this file. If you enter y, the deinstallation procedure displays messages that are similar to the following: Modifying /etc/services ... ... saving copy in /etc/services.sav1 Installing POLYCENTER Security CM 2-23 Installing POLYCENTER Security CM Deinstalling POLYCENTER Security CM on the DMS Server To deinstall POLYCENTER Security CM on the DMS server, follow these steps: 1. Enter the following command at the superuser prompt (use SURBASE240 on RISC systems): # setld -D /dlenv4/root0.vax -d SUVBASE240 The deinstallation procedure then displays messages that are similar to the following while it deinstalls POLYCENTER Security CM: Deleting POLYCENTER Security CM for ULTRIX Base (VAX) (SUVBASE240). Removing directory /dlenv4/root0.vax/usr/kits/SUV240 Removing directory /dlenv4/root0.vax/usr/var/kits/SUV240 POLYCENTER Security CM for ULTRIX is now deinstalled. Removing link /dlenv4/root0.vax/usr/bin/inspect Removing link /dlenv4/root0.vax/usr/bin/inspectsetup 2. Delete the following line from the file /dlenvn /rootn.mips/usr/diskless/prodesc or from /dlenvn /rootn.vax/usr/diskless/prodesc: 'POLYCENTER Security CM' This line may be different, depending on the version of POLYCENTER Security CM for ULTRIX installed on the system. POLYCENTER Security CM is now deinstalled from the DMS server area. 2.7 Unmounting POLYCENTER Security CM from an NFS Server To unmount POLYCENTER Security CM from the NFS server, you must perform the tasks described in Section 2.7.1 and in Section 2.7.2. 2-24 Installing POLYCENTER Security CM Installing POLYCENTER Security CM 2.7.1 Tasks to Perform on Each NFS Client You must perform the following tasks on each NFS client: 1. Stop the inspect daemon. 2. Enter the following commands to remove the links to the executable image and script on the server: # rm /usr/bin/inspect # rm /usr/bin/inspectsetup 3. Enter one of the following commands to unmount one of the server's filesystems: o # umount /var/opt/SOA250 on Digital UNIX systems o # umount /usr/var/kits/SUV240 on VAX ULTRIX systems o # umount /usr/var/kits/SUR240 on RISC ULTRIX systems 4. Enter one of the following commands to unmount the remaining server's filesystem: o # umount /usr/opt/SOA250 on Digital UNIX systems o # umount /usr/kits/SUV240 on VAX ULTRIX systems o # umount /usr/kits/SUR240 on RISC ULTRIX systems 2.7.2 Tasks to Perform on the NFS Server You must perform the following tasks on the NFS server: 1. Enter the following commands for each client to remove the client copy of the POLYCENTER Security CM database and associated files, if you do not want to save these files: # rm -r /inspect/var/client_name where client_name is the name of an NFS client. You must repeat this command for each client. 2. Deinstall POLYCENTER Security CM from the NFS server. See Section 2.6 for information on how to deinstall POLYCENTER Security CM. Installing POLYCENTER Security CM 2-25 Installing POLYCENTER Security CM 2.8 Stopping the Installation You can stop the installation procedure by pressing Ctrl/C. However, the files created up to this point are not automatically deleted. To remove these files, enter commands similar to the following: o On Digital UNIX systems: # rm -rf /usr/opt/SOA250 # rm -rf /var/opt/SOA250 # rm /usr/bin/inspect # rm /usr/bin/inspectsetup o On ULTRIX VAX systems: # rm -rf /usr/kits/SUV240 # rm -rf /usr/var/kits/SUV240 # rm /usr/bin/inspect # rm /usr/bin/inspectsetup o On ULTRIX RISC systems: # rm -rf /usr/kits/SUR240 # rm -rf /usr/var/kits/SUR240 # rm /usr/bin/inspect # rm /usr/bin/inspectsetup 2-26 Installing POLYCENTER Security CM 3 ________________________________________________________________ After Installing POLYCENTER Security CM This chapter describes the actions that you can perform after you install POLYCENTER Security CM. It gives information on the following: o Using release notes o Starting the inspect daemon o Running the installation verification procedure (IVP) o Modifying or creating system startup files and configuration files o Error recovery 3.1 Using Release Notes POLYCENTER Security CM provides online release notes. Digital strongly recommends that you read the release notes before using the product. The release notes may contain information about changes to the application. The release notes in ASCII format are located in the following file: o /usr/opt/SOA250/doc/inspect250.release_notes on Digital UNIX systems o /usr/kits/SUR240/doc/inspect240.release_notes on RISC ULTRIX systems o /usr/kits/SUV240/doc/inspect240.release_notes on VAX ULTRIX systems After Installing POLYCENTER Security CM 3-1 After Installing POLYCENTER Security CM 3.2 Starting the Inspect Daemon If you did not start the inspect daemon during the installation procedure, you can start it now. You must start the inspect daemon before running the IVP. If you do not start it, then the IVP fails. To start the inspect daemon, follow these steps: 1. Log in and become the superuser. 2. Enter the following command to run the POLYCENTER Security CM Setup Utility: # inspectsetup The POLYCENTER Security CM Setup Utility then displays a menu and prompt similar to the following: POLYCENTER Security Compliance Manager for ULTRIX Setup Utility s - Start the Inspect Daemon d - Display the Inspect Daemon Status t - List the Token Setup c - Configure the Token Setup i - Import the Required Inspector x - Export the Required Inspector m - Maintain the CRC database v - Run the Installation Verification Procedure g - Specify POLYCENTER Security CM Group l - Regenerate Symbolic Links to inspect Directories e - Exit Enter your choice: 3. Enter s to start the inspect daemon. If the inspect daemon is not running, the Setup Utility starts it, displaying the following message: Starting the inspect daemon (inspectd)... If the inspect daemon is running, the Setup Utility displays a message and prompt similar to the following: 3-2 After Installing POLYCENTER Security CM After Installing POLYCENTER Security CM The following processes are running: 7593 p1 I 0:00 /usr/kits/SUR240/bin/inspectd Do you want to kill them? (y/n) [y]: 4. Enter n to return to the menu without stopping the processes listed. Enter y to stop these processes and restart the inspect daemon. If you enter y, the Setup Utility displays the following message as it starts the inspect daemon: Starting the inspect daemon (inspectd)... 3.3 Running the Installation Verification Procedure If you did not run the IVP during the installation procedure, you can use the POLYCENTER Security CM Setup Utility to run the IVP independently to verify that you have installed the software correctly. To run the IVP, follow these steps: 1. Log in and become the superuser. 2. Enter the following command to run the POLYCENTER Security CM Setup Utility: # inspectsetup The POLYCENTER Security CM Setup Utility then displays a menu and prompt similar to the following: POLYCENTER Security Compliance Manager for ULTRIX Setup Utility s - Start the Inspect Daemon d - Display the Inspect Daemon Status t - List the Token Setup c - Configure the Token Setup i - Import the Required Inspector x - Export the Required Inspector m - Maintain the CRC database v - Run the Installation Verification Procedure l - Regenerate Symbolic Links to inspect Directories g - Specify POLYCENTER Security CM Group e - Exit Enter your choice: After Installing POLYCENTER Security CM 3-3 After Installing POLYCENTER Security CM 3. Enter v to run the IVP. The POLYCENTER Security CM Setup Utility runs the IVP. The IVP performs the following actions: o Checks that all POLYCENTER Security CM files are present o Checks that the inspect daemon is running o Creates a test inspector o Executes the test inspector o Deletes the test inspector You may also want to run the IVP after a system failure to ensure that users can access POLYCENTER Security CM. Appendix A contains sample POLYCENTER Security CM IVP listings. 3.4 Modifying or Creating System Startup Files and Configuration Files Some system startup files and configuration files must be modified or created before you can use POLYCENTER Security CM. The installation procedure allows you to decide whether you want to automatically modify or create the following files: o /etc/rc.local You must modify this file to configure the system to start the inspect daemon on ULTRIX systems at system startup time. o /sbin/rc3.d/S77inspectd You must create a link from this file to the /sbin /init.d/inspectd file to configure the system to start the inspect daemon on Digital UNIX systems at startup time. o /etc/services You must modify this file if you want to send tokens to POLYCENTER Security CM SRF using TCP/IP or if you want the system to be configured as a passthru server. o /etc/inetd.conf 3-4 After Installing POLYCENTER Security CM After Installing POLYCENTER Security CM You must modify this file if you want the system to be configured as a passthru server. You will typically choose to modify or create these files at installation time. However, in some cases you may not want to modify the files automatically. The following are examples of cases where you may want to modify the files after installation: o If the file you want to modify is distributed from a server machine, you must modify the file on the server and then redistribute the modified file. o If the installation procedure adds the relevant lines to the /etc/rc.local file on ULTRIX systems at a location in the file from which they will not be executed, you must edit the /etc/rc.local file and move the lines to the correct location. The following sections describe how to modify or create the relevant system startup files and configuration files after installing POLYCENTER Security CM. 3.4.1 Modifying the /etc/rc.local File on ULTRIX Systems To configure the system to start the inspect daemon at system startup time on ULTRIX systems, edit the /etc /rc.local file and add the following lines: # # %INSPECTSTART% # POLYCENTER Security Compliance Manager (CM) daemon # if test -f dir_location/bin/inspectd; then /bin/echo 'starting inspectd' >/dev/console dir_location/bin/inspectd > /dev/console 2>&1 & fi # %INSPECTEND% where dir_location denotes one of the following: o /usr/kits/SUV240 on VAX ULTRIX systems o /usr/kits/SUR240 on RISC ULTRIX systems After Installing POLYCENTER Security CM 3-5 After Installing POLYCENTER Security CM 3.4.2 Creating a Link to the /sbin/init.d/inspectd File on Digital UNIX Systems To configure the system to start the inspect daemon at system startup time on Digital UNIX systems, create a link from the /sbin/rc3.d/S77inspectd file to the /sbin/init.d /inspectd file by entering the following command: ln -s /sbin/init.d/inspectd /sbin/rc3.d/S77inspectd 3.4.3 Modifying the /etc/services File To configure the system to send tokens to POLYCENTER Security CM SRF, edit the /etc/services file and add one of the following lines: o inspectpassd 6002/tcp # POLYCENTER SRF passthru server Add this line if you want to send tokens to POLYCENTER SRF using a passthru server. o inspectsrfd 6002/tcp # POLYCENTER SRF node Add this line if you want to send tokens to POLYCENTER SRF using the TCP/IP protocol. See Section 1.6.2 for more information on when you can use the TCP/IP protocol and when you must use a passthru server. 3.4.4 Modifying the /etc/inetd.conf File To configure the system as a passthru server, edit the /etc/inetd.conf file and add the following on a single line: inspectpassd stream tcp nowait dir_location/bin/inspectpassd inspectpassd -dnet POLYCENTER_SRF_nodename INSPECT$SERV where: o dir_location stands for one of the following: - /usr/opt/SOA250 on Digital UNIX systems - /usr/kits/SUV240 on VAX ULTRIX systems - /usr/kits/SUR240 on RISC ULTRIX systems 3-6 After Installing POLYCENTER Security CM After Installing POLYCENTER Security CM o POLYCENTER_SRF_nodename is the name of the POLYCENTER SRF node. 3.5 Error Recovery If an error occurs while using POLYCENTER Security CM and you believe the error is caused by a problem with POLYCENTER Security CM, take one of the following actions: o If you have a basic or DECsupport[TM] Software Agreement, call the Customer Support Center (CSC). The CSC provides telephone support for high-level advisory and remedial assistance. o If you have a Self-Maintenance Software Agreement, you can submit a Software Performance Report (SPR). o If you purchased POLYCENTER Security CM within the last 90 days and you think the problem is caused by a software error, you can submit an SPR. If you find an error in the POLYCENTER Security CM documentation, fill out and submit one of the Reader's Comments forms at the back of the document containing the error. Include the section and page number where the error occurred. After Installing POLYCENTER Security CM 3-7 A ________________________________________________________________ Sample Installation This appendix contains sample listings of a POLYCENTER Security CM installation. It also contains listings of the POLYCENTER Security CM IVP. This appendix contains listings for the following: o Sample installation o Sample IVP A.1 Sample Installation This section includes a sample installation. The sample installation is on a system running the Digital UNIX operating system. The sample installation has the following characteristics: o It loads the POLYCENTER Security CM Base subsets and the POLYCENTER Security CM Man Pages subsets. o It configures POLYCENTER Security CM so that it communicates directly with the POLYCENTER SRF node. o It starts the inspect daemon. o It runs the IVP. The sample installation follows: Sample Installation A-1 Sample Installation # setld -l . The subsets listed below are optional: There may be more optional subsets than can be presented on a single screen. If this is the case, you can choose subsets screen by screen or all at once on the last screen. All of the choices you make will be collected for your confirmation before any subsets are installed. 1) POLYCENTER Security CM for Digital UNIX Base (alpha) Or you may choose one of the following options: 2) ALL of the above 3) CANCEL selections and redisplay menus 4) EXIT without installing any subsets Enter your choices or press RETURN to redisplay menus. Choices (for example, 1 2 4-6):2 You are installing the following optional subsets: POLYCENTER Security CM for Digital UNIX Base (Alpha) Is this correct? (y/n):y Checking file system space required to install selected subsets: File system space checked OK. 1 subset(s) will be installed. Loading 1 of 1 subset(s).... COPYRIGHT (c) 1993-1996 BY DIGITAL EQUIPMENT CORPORATION. ALL RIGHTS RESERVED. This software is furnished under a license and may be used and copied only in accordance with the terms of such license and with the inclusion of the above copyright notice. This software or any other copies thereof may not be provided or otherwise made available to any other person. No title to and ownership of the software is hereby transferred. The information in this software is subject to change without notice and should not be construed as a commitment by Digital Equipment Corporation. A-2 Sample Installation Sample Installation Press Return to continue: You can stop the installation procedure at any time by pressing Ctrl/C (by holding down the Ctrl key while you press the C key). If you stop the installation procedure, however, files which have been installed up to that time will NOT automatically be removed. See the POLYCENTER Security Compliance Manager for Digital UNIX and ULTRIX Installation Guide for information on how to deinstall POLYCENTER Security CM for Digital UNIX POLYCENTER Security Compliance Manager for Digital UNIX, V2.5 (SOABASE250) Installation Procedure This installation should take between 5 and 15 minutes to complete, depending on the system configuration. POLYCENTER Security CM includes support for the Digital UNIX License Management Facility (LMF). You must register a License Product Authorization Key (License PAK) in the License Database (LDB) before you use POLYCENTER Security CM on a newly-licensed node. If you ordered the license and media together, the License PAK may be shipped with the kit. If you did not, the License PAK is shipped separately to the location specified on your license order. If you are installing POLYCENTER Security CM as an update on a node that is licensed for this software, you have completed the License PAK registration requirements. See the POLYCENTER Security CM for Digital UNIX and ULTRIX Installation Guide for information on registering a license under Digital UNIX. Have you loaded the POLYCENTER Security CM License PAK? (y/n) [y]:y By default, only the superuser (root) and members of the group system have the privileges required to run POLYCENTER Security CM. If you want to allow unprivileged users to run POLYCENTER Security CM follow these steps: 1. Create a unique group, for example inspect 2. Include all users who want to run POLYCENTER Security CM in the inspect group This procedure then changes the group of the POLYCENTER Security CM files to the group you select. Sample Installation A-3 Sample Installation NOTE: You must have already created the unique group from outside this procedure. If you have not done so, you will be given an opportunity to exit from this procedure. Do you want to allow users other than root and members of the group system run POLYCENTER Security CM? (y/n) [n]:n You have chosen to allow only root and members of the group system run POLYCENTER Security CM. POLYCENTER Security CM for Digital UNIX Base (alpha) Copying from . (disk) Verifying 1 of 1 subset(s) installed successfully. Creating the following links: o /usr/bin/inspect o /usr/bin/inspectsetup Configuring "POLYCENTER Security CM for Digital UNIX Base (alpha)" (SOABASE250) To configure your system to start the inspect daemon at system startup time, the file /sbin/init.d/inspectd will be created, and a link will be created from this file to /sbin/rc3.d/S77inspectd Creating /sbin/init.d/inspectd... Do you want the inspect daemon to be started automatically on reboot? (y/n) [y]:y Creating a link from /sbin/init.d/inspectd to /sbin/rc3.d/S77inspectd ... Including files in ./var/opt/SOA250/database into new database. This may take a few minutes ... The POLYCENTER Security CM inspect daemon can send the results of the Required Inspector (a token) to a specified node (the POLYCENTER SRF node). Communication with the POLYCENTER SRF node may be over TCP/IP if the version of POLYCENTER SRF installed on that node is V2.1 or later. Otherwise, this system must have a DECnet connection to the POLYCENTER SRF node. In this case, if this system does not have DECnet installed, you can send the token to the designated POLYCENTER SRF node via a passthru server, which is running both DECnet and TCP/IP. A system may be configured as a passthru server when POLYCENTER Security CM is installed on it or by selecting this script. A-4 Sample Installation Sample Installation The following figure shows the possible configurations: +------+ +--------+ |NODE_A|------------------- DECnet ------------------->|SRF NODE| +------+ +--------+ +------+ +--------+ |NODE_A|------------------- TCP/IP ------------------->|SRF NODE| +------+ +--------+ (V2.1 or later) +------+ +------+ +--------+ |NODE_A|------ TCP/IP ----->|NODE_B|----- DECnet ----->|SRF NODE| +------+ +------+ +--------+ (passthru server) +------+ +------+ +--------+ |NODE_B|------ TCP/IP ----->|NODE_A|----- DECnet ----->|SRF NODE| +------+ +-->+------+ +--------+ | (this node configured +------+ | as a passthru server) |NODE_C|------ TCP/IP --+ +------+ How do you wish to communicate with the POLYCENTER SRF node? 1) Send tokens directly to the POLYCENTER SRF node over DECnet 2) Send tokens directly to the POLYCENTER SRF node over TCP/IP 3) Send tokens to a passthru server over TCP/IP 4) Configure this node as a passthru server 5) Do not send tokens to a POLYCENTER SRF node Enter your choice:1 You must now enter the node name of the POLYCENTER SRF node to which POLYCENTER Security CM sends tokens using DECnet. This node name must be defined in the DECnet database. If the node name is not defined in the DECnet database, you will be prompted to enter its node address. Enter the POLYCENTER SRF node name [No default]:barney The POLYCENTER SRF node name is "barney". Is this correct? (y/n) [y]: y Sample Installation A-5 Sample Installation POLYCENTER Security CM inspectors are executed by a process called the inspect daemon. The following prompt asks you if you want to start the inspect daemon. You can start the inspect daemon now, or you can start it after you complete the installation. --------------------------< NOTE >------------------------------ The Installation Verification Procedure fails if the inspect daemon is not running on the system. ---------------------------------------------------------------- Enter y in response to the following prompt if you want to start the inspect daemon now. Enter n if you do not want to start the inspect daemon now. If you enter n, the installation procedure displays the command that you must enter to start the inspect daemon after the installation has completed. Do you want to start the inspect daemon now? (y/n) [y]: y Starting inspectd *************************************************************************** * * * POLYCENTER Security CM for Digital UNIX V2.5 (SOABASE250) installation * * is complete. * * * *************************************************************************** Do you want to start the Installation Verification Procedure (IVP) after the installation? (y/n) [y]: y POLYCENTER Security CM for Digital UNIX Base (alpha) (SOABASE250) COPYRIGHT (c) 1993-1996 BY DIGITAL EQUIPMENT CORPORATION. ALL RIGHTS RESERVED. This software is furnished under a license and may be used and copied only in accordance with the terms of such license and with the inclusion of the above copyright notice. This software or any other copies thereof may not be provided or otherwise made available to any other person. No title to and ownership of the software is hereby transferred. A-6 Sample Installation Sample Installation The information in this software is subject to change without notice and should not be construed as a commitment by Digital Equipment Corporation. *************************************************************************** * * * Beginning the POLYCENTER Security CM for Digital UNIX, V2.5 * * (SOABASE250) Installation Verification Procedure. * * * *************************************************************************** For the most up to date information on this product, please read the release notes in: /usr/opt/SOA250/doc/inspect250.release_notes A.2 Sample IVP The following sample IVP shows an IVP that is run separately from the installation procedure: *************************************************************************** * * *Beginning the POLYCENTER Security CM for ULTRIX (SURBASE240) Installation* * Verification Procedure. * * * *************************************************************************** Checking that SURBASE240 is installed on this system... Checking that all POLYCENTER Security CM files are present... The inspect daemon is running... Creating the test inspector, ivp_test1... Successfully created the test inspector... Sample Installation A-7 Sample Installation Inspector, ivp_test1, has started executing... Inspect daemon finished executing the test inspector... Deleting the test inspector... *************************************************************************** * * *POLYCENTER Security CM for ULTRIX (SURBASE240)IVP completed successfully.* * * * End of POLYCENTER Security CM for ULTRIX (SURBASE240) IVP. * * * *************************************************************************** A-8 Sample Installation B ________________________________________________________________ Files Modified and Installed by POLYCENTER Security CM This appendix lists the files that the POLYCENTER Security CM installation modifies and installs on the system. In some cases, the file specification depends on the subsets that you load on the system. B.1 Files Modified by the Installation Table B-1 lists the files that the installation modifies and describes the modification. Table_B-1_Files_Modified_by_the_Installation______________ File_____________Modification_____________________________ /etc/rc.local The installation adds the POLYCENTER Security CM autostartup to this file (ULTRIX only). /sbin/init.d The installation creates this file /inspectd and makes a link from the /sbin/rc3.d /S77inspectd file to this file (Digital UNIX only). /etc/services The installation adds the inspectpassd service to this file+. /etc/inetd.conf The installation adds an entry for the inspectpassd service to this file+. +The_installation_modifies_this_file_only_if_you_configure the system to be a passthru server or if you configure the system to use a passthru server. __________________________________________________________ Files Modified and Installed by POLYCENTER Security CM B-1 Files Modified and Installed by POLYCENTER Security CM B.2 Files Installed by the Installation This section describes the files that the POLYCENTER Security CM installation installs on the system. Table B-2 describes the directories that the installation creates on a VAX ULTRIX system. Table B-2 Directories That the Installation Creates on a __________VAX_ULTRIX_System_______________________________ Directories______________Description______________________ /usr/kits/SUV240 Contains the POLYCENTER Security CM executable images (top-level directory). /usr/kits/SUV240/bin Contains the POLYCENTER Security CM executable images. /usr/kits/SUV240/doc Contains the release notes and information on the sample inspectors supplied with POLYCENTER Security CM. /usr/kits/SUV240/help Contains the POLYCENTER Security CM online help files. /usr/var/kits/SUV240 Contains the POLYCENTER Security CM dynamic data (top-level directory). /usr/var/kits/SUV240 Contains the POLYCENTER Security /database CM database. /usr/var/kits/SUV240 Contains the sample dictionaries /dict supplied with POLYCENTER Security CM. /usr/var/kits/SUV240 Contains files of files for use /files with supplied inspectors. (continued on next page) B-2 Files Modified and Installed by POLYCENTER Security CM Files Modified and Installed by POLYCENTER Security CM Table B-2 (Cont.) Directories That the Installation __________________Creates_on_a_VAX_ULTRIX_System__________ Directories______________Description______________________ /usr/var/kits/SUV240 Contains sample Inspector /isl Specification Language (ISL) files. These files were used to create the sample inspectors supplied with POLYCENTER Security CM. /usr/var/kits/SUV240 Contains the POLYCENTER Security /lockdown CM lockdown data. /usr/var/kits/SUV240 Contains the POLYCENTER Security /log CM log data. /usr/var/kits/SUV240 Contains the sample programs and /program scripts supplied with POLYCENTER Security CM. /usr/var/kits/SUV240 Contains the POLYCENTER Security /report CM report data. /usr/var/kits/SUV240 Contains temporary files created /tmp_____________________by_POLYCENTER_Security_CM._______ Table B-3 describes the directories that the installation creates on a RISC ULTRIX system. Table B-3 Directories That the Installation Creates on a __________RISC_ULTRIX_System______________________________ Directories______________Description______________________ /usr/kits/SUR240 Contains the POLYCENTER Security CM executable images (top-level directory). /usr/kits/SUR240/bin Contains the POLYCENTER Security CM executable images. (continued on next page) Files Modified and Installed by POLYCENTER Security CM B-3 Files Modified and Installed by POLYCENTER Security CM Table B-3 (Cont.) Directories That the Installation __________________Creates_on_a_RISC_ULTRIX_System_________ Directories______________Description______________________ /usr/kits/SUR240/doc Contains the release notes and information on the sample inspectors supplied with POLYCENTER Security CM. /usr/kits/SUR240/help Contains the POLYCENTER Security CM online help files. /usr/var/kits/SUR240 Contains the POLYCENTER Security CM dynamic data (top-level directory). /usr/var/kits/SUR240 Contains the POLYCENTER Security /database CM database. /usr/var/kits/SUR240 Contains the sample dictionaries /dict supplied with POLYCENTER Security CM. /usr/var/kits/SUR240 Contains files of files for use /files with supplied inspectors. /usr/var/kits/SUR240 Contains sample Inspector /isl Specification Language (ISL) files. These files were used to create the sample inspectors supplied with POLYCENTER Security CM. /usr/var/kits/SUR240 Contains the POLYCENTER Security /lockdown CM lockdown data. /usr/var/kits/SUR240 Contains the POLYCENTER Security /log CM log data. /usr/var/kits/SUR240 Contains the sample programs and /program scripts supplied with POLYCENTER Security CM. /usr/var/kits/SUR240 Contains the POLYCENTER Security /report CM report data. (continued on next page) B-4 Files Modified and Installed by POLYCENTER Security CM Files Modified and Installed by POLYCENTER Security CM Table B-3 (Cont.) Directories That the Installation __________________Creates_on_a_RISC_ULTRIX_System_________ Directories______________Description______________________ /usr/var/kits/SUR240 Contains temporary files created /tmp_____________________by_POLYCENTER_Security_CM._______ Table B-4 describes the directories that the installation creates on a Digital UNIX system. Table B-4 Directories That the Installation Creates on a __________Digital_UNIX_System_____________________________ Directories______________Description______________________ /usr/opt/SOA250 Contains the POLYCENTER Security CM executable images (top-level directory). /usr/opt/SOA250/bin Contains the POLYCENTER Security CM executable images. /usr/opt/SOA250/doc Contains the release notes and information on the sample inspectors supplied with POLYCENTER Security CM. /usr/opt/SOA250/help Contains the POLYCENTER Security CM online help files. /var/opt/SOA250 Contains the POLYCENTER Security CM dynamic data (top-level directory). /var/opt/SOA250 Contains the POLYCENTER Security /database CM database. /var/opt/SOA250/dict Contains the sample dictionaries supplied with POLYCENTER Security CM. /var/opt/SOA250/files Contains files of files for use with supplied inspectors. (continued on next page) Files Modified and Installed by POLYCENTER Security CM B-5 Files Modified and Installed by POLYCENTER Security CM Table B-4 (Cont.) Directories That the Installation __________________Creates_on_a_Digital_UNIX_System________ Directories______________Description______________________ /var/opt/SOA250/isl Contains sample Inspector Specification Language (ISL) files. These files were used to create the sample inspectors supplied with POLYCENTER Security CM. /var/opt/SOA250 Contains the POLYCENTER Security /lockdown CM lockdown data. /var/opt/SOA250/log Contains the POLYCENTER Security CM log data. /var/opt/SOA250/program Contains the sample programs and scripts supplied with POLYCENTER Security CM. /var/opt/SOA250/report Contains the POLYCENTER Security CM report data. /var/opt/SOA250/tmp Contains temporary files created _________________________by_POLYCENTER_Security_CM._______ Table B-5 describes the files that the installation installs in the /usr/bin directory. Table_B-5_Files_Installed_in_the_/usr/bin_Directory_______ File__________Description_________________________________ inspect Provides a link to /usr/kits/SUV240/bin /inspect on VAX ULTRIX systems, to /usr /kits/SUR240/bin/inspect on RISC ULTRIX systems and to /usr/opt/SOA250/bin/inspect on Digital UNIX systems. This file allows the user to enter POLYCENTER Security CM commands without specifying the path. (continued on next page) B-6 Files Modified and Installed by POLYCENTER Security CM Files Modified and Installed by POLYCENTER Security CM Table B-5 (Cont.) Files Installed in the /usr/bin __________________Directory_______________________________ File__________Description_________________________________ inspectsetup Provides a link to /usr/kits/SUV240/bin/inspectsetup on VAX ULTRIX systems, to /usr/kits/SUR240/bin/inspectsetup on RISC ULTRIX systems, and to /usr/opt/SOA250/bin/inspectsetup on Digital UNIX systems. This file allows the user to invoke the POLYCENTER Security CM Setup ______________Utility_without_specifying_the_path.________ Files Modified and Installed by POLYCENTER Security CM B-7 Files Modified and Installed by POLYCENTER Security CM Table B-6 describes the files that the installation installs in one of the following directories: o /usr/kits/SUV240/bin on VAX ULTRIX systems o /usr/kits/SUR240/bin on RISC ULTRIX systems o /usr/opt/SOA250/bin on Digital UNIX systems Table_B-6_Files_Installed_in_the_bin_Directory____________ File________________Description___________________________ diu_crc An executable file run by the Setup Utility when you choose to maintain the CRC database. diu_wakeup The executable image that POLYCENTER Security CM uses to wake up the inspect daemon. inspectd The inspect daemon executable image. inspectpassd The passthru server executable image. inspect The user interface executable image. inspectsetup The POLYCENTER Security CM Setup Utility shell script. startinspectd The executable image that starts the inspect daemon at system boot time. This file is installed on Digital UNIX ____________________only._________________________________ The installation installs a large number of files in the /usr/kits/SUV240/help directory on VAX ULTRIX systems, in the /usr/kits/SUR240/help directory on RISC ULTRIX systems and in the /usr/opt/SOA250/help directory on Digital UNIX systems. These files contain the text for the POLYCENTER Security CM online help. Table B-7 describes the files that the installation installs in one of the following directories: o /usr/kits/SUV240/doc on VAX ULTRIX systems o /usr/kits/SUR240/doc on RISC ULTRIX systems B-8 Files Modified and Installed by POLYCENTER Security CM Files Modified and Installed by POLYCENTER Security CM o /usr/opt/SOA250/doc on Digital UNIX systems Table_B-7_Files_Installed_in_the_doc_Directory____________ File____________________Description_______________________ inspect240.release_ The release notes for the notes POLYCENTER Security CM utility (ULTRIX only). inspect250.release_ The release notes for the notes POLYCENTER Security CM utility (Digital UNIX only). Practical_UNIX_ The file that contains information Security.doc about the Practical UNIX Security ________________________inspector.________________________ Table B-8 describes the files that the installation installs in the /usr/man/man8 directory on VAX ULTRIX and RISC ULTRIX systems and in the /usr/opt/SOA250/man directory on Digital UNIX systems. Table B-8 Files Installed in the /usr/man/man8 or in the __________/usr/opt/SOA250/man_Directory___________________ File________________Description___________________________ inspectd.8 The reference pages for the inspect daemon. inspect.8 The reference pages for POLYCENTER Security CM. inspectsetup.8 The reference pages for the POLYCENTER ____________________Security_CM_Setup_Utility.____________ Files Modified and Installed by POLYCENTER Security CM B-9 Files Modified and Installed by POLYCENTER Security CM Table B-9 describes the files that the installation installs in the /usr/etc/subsets directory on VAX ULTRIX and RISC ULTRIX systems. Table B-9 Files Installed in the /usr/etc/subsets __________Directory_on_ULTRIX_Systems_____________________ File________________Description___________________________ xxxBASE240.ctrl Contains the following information about the xxxBASE240 subset: o Subset control information from the key file o Media information o Lists of dependencies o Flags o Descriptions xxxBASE240.inv Contains the following information about the xxxBASE240 subset: o File attribute information o File size information o The dot-relative path name of each file in the subset xxxBASE240.lk Marks the xxxBASE240 subset, indicating that it has been installed on the system, and lists the dependent subsets. xxxBASE240.scp Contains the subset control program for the xxxBASE240 subset. (continued on next page) B-10 Files Modified and Installed by POLYCENTER Security CM Files Modified and Installed by POLYCENTER Security CM Table B-9 (Cont.) Files Installed in the /usr/etc/subsets __________________Directory_on_ULTRIX_Systems_____________ File________________Description___________________________ xxxMAN240.ctrl Contains the following information about the xxxMAN240 subset: o Subset control information from the key file o Media information o Lists of dependencies o Flags o Descriptions xxxMAN240.inv Contains the following information about the xxxMAN240 subset: o File attribute information o File size information o The dot-relative path name of each file in the subset xxxMAN240.lk Marks the xxxMAN240 subset, indicating that it has been installed on the system, and lists the dependent subsets. xxxMAN240.scp Contains the subset control program ____________________for_the_xxxMAN240_subset._____________ where xxx denotes the following: o The characters UDT on RISC systems running ULTRIX o The characters ULT on VAX systems running ULTRIX Files Modified and Installed by POLYCENTER Security CM B-11 Files Modified and Installed by POLYCENTER Security CM Table B-10 describes the files that the installation installs in the /usr/.smdb. directory on Digital UNIX systems. Table B-10 Files Installed in the /usr/.smdb. Directory ___________on_Digital_UNIX_Systems________________________ File________________Description___________________________ OSFBASE250.ctrl Contains the following information about the OSFBASE250 subset: o Subset control information from the key file o Media information o Lists of dependencies o Flags o Descriptions OSFBASE250.inv Contains the following information about the OSFBASE250 subset: o File attribute information o File size information o The dot-relative path name of each file in the subset OSFBASE250.lk Marks the OSFBASE250 subset, indicating that it has been installed on the system, and lists the dependent subsets. OSFBASE250.scp Contains the subset control program for the OSFBASE250 subset. (continued on next page) B-12 Files Modified and Installed by POLYCENTER Security CM Files Modified and Installed by POLYCENTER Security CM Table B-10 (Cont.) Files Installed in the /usr/.smdb. ___________________Directory_on_Digital_UNIX_Systems______ File________________Description___________________________ OSFMAN250.ctrl Contains the following information about the OSFMAN250 subset: o Subset control information from the key file o Media information o Lists of dependencies o Flags o Descriptions OSFMAN250.inv Contains the following information about the OSFMAN250 subset: o File attribute information o File size information o The dot-relative path name of each file in the subset OSFMAN250.lk Marks the OSFMAN250 subset, indicating that it has been installed on the system, and lists the dependent subsets. OSFMAN250.scp Contains the subset control program ____________________for_the_OSFMAN250_subset._____________ Files Modified and Installed by POLYCENTER Security CM B-13 Files Modified and Installed by POLYCENTER Security CM Table B-11 describes the files that the installation installs in one of the following directories: o /usr/var/kits/SUV240/database on VAX ULTRIX systems o /usr/var/kits/SUR240/database on RISC ULTRIX systems o /var/opt/SOA250/database on Digital UNIX systems Table_B-11_Files_Installed_in_the_database_Directory______ File________________________Description___________________ diu_block_file A file that manages the locking of the diu_index file. diu_config.required The file that contains configuration information on the Required Inspector. diu_crc.inspect The file that contains the inspect CRC database. diu_crc.system The file that contains the system CRC database. diu_index The file that contains the POLYCENTER Security CM database locks and inspector names. diu_token.conf The file that contains data for handling tokens. root_Default_File_ The Default File Permissions Permissions inspector. This file is not installed on Digital UNIX systems. root_Example_Required_ The Example Required Inspector Inspector. root_Practical_UNIX_ The Practical UNIX Security Security____________________inspector.____________________ ________________________Note ________________________ See the POLYCENTER Security Compliance Manager for UNIX Systems User's Guide for more information on B-14 Files Modified and Installed by POLYCENTER Security CM Files Modified and Installed by POLYCENTER Security CM inspector files and files of files. _____________________________________________________ Files Modified and Installed by POLYCENTER Security CM B-15 Files Modified and Installed by POLYCENTER Security CM Table B-12 describes the files that the installation installs in one of the following directories: o /usr/var/kits/SUV240/dict on VAX ULTRIX systems o /usr/var/kits/SUR240/dict on RISC ULTRIX systems o /var/opt/SOA250/dict on Digital UNIX systems Table_B-12_Files_Installed_in_the_dict_Directory__________ File______________________Description_____________________ diu_words A dictionary file used by some __________________________test_primitives.________________ Table B-13 describes the files that the installation installs in one of the following directories: o /usr/var/kits/SUV240/files on VAX ULTRIX systems o /usr/var/kits/SUR240/files on RISC ULTRIX systems o /var/opt/SOA250/files on Digital UNIX systems Table_B-13_Files_Installed_in_the_files_Directory_________ File________________________Description___________________ audit_files.list The file that contains a list of the file protections that are recommended for use on auditing files. batch_access_files.list The file that contains a list of the file protections that are recommended for use on batch access files. crash_dump_files.list The file that contains a list of the file protections that you must use on crash dump files. (continued on next page) B-16 Files Modified and Installed by POLYCENTER Security CM Files Modified and Installed by POLYCENTER Security CM Table_B-13_(Cont.)_Files_Installed_in_the_files_Directory_ File________________________Description___________________ cron_files.list The file that contains a list of the file protections that you must use on scheduled administrative command files. default_file_system.list The file that contains a list of default system files used by the inspectors. This file is not installed on Digital UNIX systems. device_files.list The file that contains a list of the file protections that you must use on device files. etc_files.list The file that contains a list of the file protections that are recommended for use on files in the /etc directory. file_protections.list The file that contains a list of the file protections that you must use on miscellaneous files. group_files.list The file that contains a list of the file protections that are recommended for use on group files. hdb_uucp_files.list The file that contains a list of the file protections that are recommended for use on the HoneyDanBer UUCP files. load_files.list The file that contains a list of the file protections that are recommended for use on the load files. (continued on next page) Files Modified and Installed by POLYCENTER Security CM B-17 Files Modified and Installed by POLYCENTER Security CM Table_B-13_(Cont.)_Files_Installed_in_the_files_Directory_ File________________________Description___________________ log_files.list The file that contains a list of the file protections that are recommended for use on the log, accounting, and auditing files. mail_aliases_files.list The file that contains a list of the file protections that are recommended for use on the mail aliases files. memory_files.list The file that contains a list of file protections that are recommended for use on the memory files. network_files.list The file that contains a list of file protections that are recommended for use on network files. no_world_write_devices.list The file that contains a list of file protections that are recommended for use on critical device files. no_world_write_system_ The file that contains a dirs.list list of file protections that you must use on some system directories. special_files.list The file that contains a list of file protections that are recommended for use on special files. subsets_files.list The file that contains a list of file protections that are recommended for use on software subset files. (continued on next page) B-18 Files Modified and Installed by POLYCENTER Security CM Files Modified and Installed by POLYCENTER Security CM Table_B-13_(Cont.)_Files_Installed_in_the_files_Directory_ File________________________Description___________________ system_dirs.list The file that contains a list of file protections that you must use on some system directories. system_files.list The file that contains a list of file protections that you must use on some system files. system_startup_files.list The file that contains a list of file protections that are recommended for use on system startup command scripts. user_account_files.list The file that contains a list of file protections that are recommended for use on user account files. user_mail_files.list The file that contains a list of file protections that are recommended for use on user mail files. utility_files.list The file that contains a list of file protections that are recommended for use on utilities that access memory files. uucp_files.list The file that contains a list of file protections that are recommended for use on UUCP ____________________________files.________________________ Files Modified and Installed by POLYCENTER Security CM B-19 Files Modified and Installed by POLYCENTER Security CM Table B-14 describes the files that the installation installs in one of the following directories: o /usr/var/kits/SUV240/isl on VAX ULTRIX systems o /usr/var/kits/SUR240/isl on RISC ULTRIX systems o /var/opt/SOA250/isl on Digital UNIX systems Table_B-14_Files_Installed_in_the_isl_Directory___________ File______________________Description_____________________ Default_File_Permissions.isle ISL file used to create the Default File Permissions inspector. This file is not installed on Digital UNIX systems. Practical_UNIX_ The ISL file used to create Security.isl the Practical UNIX Security inspector. Example_Required_ The ISL file used to create the Inspector.isl_____________Example_Required_Inspector._____ Table B-15 describes the files that the installation installs in one of the following directories: o /usr/var/kits/SUV240/program on VAX ULTRIX systems o /usr/var/kits/SUR240/program on RISC ULTRIX systems o /var/opt/SOA250/program on Digital UNIX systems Table_B-15_Files_Installed_in_the_program_Directory_______ File________________________Description___________________ curr_dir_in_root_path An example script that checks that the current directory is not defined in root's PATH variable. (continued on next page) B-20 Files Modified and Installed by POLYCENTER Security CM Files Modified and Installed by POLYCENTER Security CM Table B-15 (Cont.) Files Installed in the program ___________________Directory______________________________ File________________________Description___________________ exports_nosuid An example script that checks that entries in the /etc /exports file are not exported with the nosuid option. genlist An example script that generates a list of files for use with the file_of_files test primitive. dormant_accounts An example script that checks for accounts specified in the /etc/passwd file that have not been used for a specified number of days. exports_readonly An example script that checks that the /etc/exports file exports filesystems with the file protection set to read only. mount_option An example script that checks for entries in the File System Table file that are remote filesystems and are not mounted with the specified ____________________________option._______________________ Files Modified and Installed by POLYCENTER Security CM B-21 ________________________________________________________________ Glossary This glossary defines some of the important terms used in this guide. client A processor that accesses software subsets that are on a server. You do not load media on the client processor to install software products. Instead, you enter a command and the installation software transfers the software subsets from the server, via the network, to the system disk. customized inspector A collection of tests and options that you define to analyze a system's settings. DECnet Digital networking software that runs on nodes in both local and wide-area networks. inspect daemon A process that co-ordinates POLYCENTER Security CM actions. The inspect daemon runs each inspector's tests according to the inspector's Start time and Resubmit interval options and generates the relevant output. After the inspect daemon is started, it runs continually on the system, sleeping while inactive, and waking up when it must perform actions. Glossary-1 inspectors A collection of tests and options that analyze a system's settings. POLYCENTER Security CM runs inspectors periodically to detect security weaknesses and recommend ways to improve the system security. There are two types of inspector: the Required Inspector and customized inspectors. inspection The process of running an inspector. NFS Network File System. Software produced by Sun Microsystems, Inc. It allows different computers to share files over the network. A version of NFS is supplied with most versions of UNIX[R]. options A collection of settings that determine how the inspect daemon runs an inspector. Each inspector has an options list. The Required Inspector has more options than customized inspectors. passthru server The software that accepts tokens from POLYCENTER Security CM via TCP/IP and sends the tokens to a POLYCENTER SRF node via DECnet. POLYCENTER Security CM A Digital software product. POLYCENTER Security CM uses a set of user-defined security rules to detect security weaknesses and recommends ways to improve the system security on standalone and networked systems. POLYCENTER Security Compliance Manager See POLYCENTER Security CM. POLYCENTER Security Reporting Facility for OpenVMS See POLYCENTER SRF. Glossary-2 POLYCENTER SRF POLYCENTER SRF for OpenVMS. Digital software that extracts data from tokens and stores the data in a relational database, from which designated users can gain a global view of inspection results. POLYCENTER Security CM sends tokens to POLYCENTER SRF. POLYCENTER SRF node The POLYCENTER SRF node is the node that is specified during the POLYCENTER Security CM installation procedure as the location of the POLYCENTER SRF for OpenVMS software. POLYCENTER Security CM sends tokens to the POLYCENTER SRF node. reference page A page from a reference manual that you can display on the screen using the man command. It is also known as a manual page. report A textual account of the results of an inspection. Users receive reports via electronic mail. Reports are also stored as files on the system that ran the inspection. Required Inspector A collection of tests and options that you can define. It compares the system's settings with the requirements of your organization's security rules. There is only one Required Inspector (identified by its name). It is the only inspector that creates tokens. server A processor that provides an area from which clients can access software subsets. The server can be any Digital supported processor that has the software subset that contains support for the installed maintenance operations protocol (MOP). Glossary-3 subsystem A part of the hierarchical structure that the database uses to store inspectors. A subsystem can contain one or more test collections. An inspector can contain one or more subsystems. superuser The root account. Superuser has a user ID of zero (0). system search path Root's PATH environment variable that controls where the shell searches for the commands. It consists of a sequence of directories through which the operating system searches. TCP/IP Transmission Control Protocol/Internet Protocol (TCP/IP) is a collection of network protocols that are standard with UNIX operating systems. test A part of the hierarchical structure that the database uses to store inspectors. A test contains one test primitive and that test primitive's parameters. A test collection contains one or more tests. test collection A part of the hierarchical structure that the database uses to store inspectors. A test collection contains one or more tests. A subsystem contains one or more test collections. test primitive A test with associated parameters that analyzes one setting of the system. POLYCENTER Security CM includes a number of test primitives. These test primitives allow you to create your own inspectors. Glossary-4 token A coded security status message that contains the inspection results of the Required Inspector. POLYCENTER Security CM sends tokens to the POLYCENTER SRF node after running the Required Inspector. Glossary-5 ________________________________________________________________ Index B Customized inspector, 1-9 ___________________________ Backing up the system disk, D__________________________ 1-7 Daemon C inspect, 3-2 ___________________________ DECnet, 1-10 Client DECstation, 1-2 deinstalling on a DMS DECsystem, 1-2 client, 2-21 Deinstallation procedure diskless management on a DMS client, 2-21 services, 2-8, 2-21 on a DMS server area, installing on a DMS 2-21, 2-24 client, 2-8 on a local disk, 2-18 installing on a RIS Deinstalling client, 2-14 retaining inspectors, remote installation 2-18 services, 2-14 df command, 1-6 Command Digital UNIX df, 1-6 reference page software inst, 3-3 subsets, 1-3 lmf, 1-8 required subsets, 1-3 rm, 2-26 version required, 1-2 setld, 2-2, 2-14, 2-18, Disk 2-21, 2-24 installing on a local Configuration disk, 2-1 POLYCENTER Security, 1-9 Disk space Ctrl/C determining requirements, using, 2-26 1-4 Customer Support Center, requirements, 1-4 3-7 requirements for subsets, 1-4 Index-1 Diskless environment, 1-5 Diskless management H__________________________ services Hardware requirements, 1-2 client, 2-8, 2-21 server, 2-4, 2-21, 2-24 I__________________________ Distribution kit Inspect daemon, 3-2 checking contents, 1-1 IVP, 3-2 DMS client system starting deinstalling, 2-21 Setup Utility, 3-2 installing into, 2-8 inspectd DMS server area starting deinstalling, 2-21, 2-24 Setup Utility, 3-2 installing into, 2-4 Inspector Documentation customized, 1-9 reporting errors in, 3-7 required, 1-9 E Inspectors ___________________________ losing during Electronic mail, 1-9 reinstallation, 2-18 Error inspectsetup in documentation, 3-7 menu, 3-2, 3-3 Error recovery, 3-7 prompt, 3-2, 3-3 /etc/inetd.conf running the IVP, 3-3 modifying, 3-6 starting the inspect /etc/rc.local daemon, 3-2 modifying, 3-5 inst command /etc/services -verify option, 3-3 modifying, 3-6 Installation F files installed, B-2 ___________________________ files modified, B-1 File sample listing, A-1 rc.local, 2-8 Installation procedure File name into a DMS client system, release notes, 3-1 2-8 Files into a DMS server area, installed by the 2-4 installation, B-2 into a RIS client system, modified by the 2-14 installation, B-1 into a RIS server area, Filesystem 2-9 free disk space on, 1-6 on a local disk, 2-1 stopping, 2-26 Index-2 Installation requirements, Menu 1-1 Setup Utility, 3-2, 3-3 Installation Verification MicroVAX, 1-2 Procedure See also IVP N__________________________ IVP Network actions, 3-4 security, 1-9 inspect daemon, 3-2 testing, 1-9 running, 3-3 NFS client sample listings, A-7 installing on, 2-16 uses, 3-4 NFS server installing on, 2-15 K__________________________ mounting the POLYCENTER Key Security CM database, product authorization, 2-14 1-8 unmounting the POLYCENTER Security CM database, L__________________________ 2-24 License management facility Node passthru server, 1-10 , 1-8 POLYCENTER SRF node, 1-9 Links deleting files in P__________________________ symbolic links, 2-26 PAK, 1-8 Listings registering, 1-8 sample installation, A-1 Passthru server sample IVP, A-7 node, 1-10 LMF, 1-8 POLYCENTER Security CM registering the PAK, 1-8 enabling users, 1-7 lmf command, 1-8 POLYCENTER Security CM Local disk database deinstallation procedure, mounting from an NFS 2-18 server, 2-14 installing on, 2-1 unmounting from an NFS Logging in as superuser, 1-2 server, 2-24 POLYCENTER SRF, 1-9 M__________________________ node, 1-9 Mail Privileges electronic, 1-9 checking login privileges Media , 1-2 checking contents, 1-1 required, 1-2 Setup Utility, 1-7 superuser, 1-2 Index-3 Product Authorization Key, Requirements (cont'd) 1-8 reference page software Prompts subsets (RISC ULTRIX), setup utility, 3-2 1-3 Setup Utility, 3-3 reference page software R subsets (VAX ULTRIX), ___________________________ 1-3 rc.local file software, 1-2 modifying, 2-8 special, 1-6 Reference page software, time, 1-1 1-2 ULTRIX subsets (RISC), required subsets (Digital 1-3 UNIX), 1-3 ULTRIX subsets (VAX), 1-3 required subsets (RISC RIS client installation ULTRIX), 1-3 time requirements, 1-1 required subsets (VAX RIS client system ULTRIX), 1-3 installing into, 2-14 Reinstalling RIS server area losing inspectors, 2-18 installation conditions, Release notes 1-6 contents, 3-1 installing into, 2-9 file name, 3-1 requirements, 1-6 online, 3-1 RISC ULTRIX Remote installation reference page software services subsets, 1-3 client, 2-14 rm command, 2-26 server, 2-9 Running the IVP, 3-3 Report generated by inspectors, S__________________________ 1-9 Sample installation Required Inspector, 1-9 listing, A-1 Requirements Sample IVP determining disk space listings, A-7 requirements, 1-4 /sbin/init.d/inspectd Digital UNIX subsets, 1-3 Creating a link, 3-6 disk space, 1-4 Self-Maintenance Software disk space for subsets, Agreement, 3-7 1-4 Server for the installation, 1-1 deinstalling on a DMS hardware, 1-2 server area, 2-21, reference page software 2-24 subsets (Digital UNIX), 1-3 Index-4 Server (cont'd) Supported systems (cont'd) diskless management VAXserver, 1-2 services, 2-4, 2-21, VAXstation, 1-2 2-24 Symbolic links installing into a DMS deleting files in, 2-26 server area, 2-4 System disk installing into a RIS backing up, 1-7 server area, 2-9 System startup files passthru, 1-10 modifying, 3-4 remote installation Systems services, 2-9 supported, 1-2 setld command, 2-2, 2-14, T 2-18, 2-21, 2-24 ___________________________ Setup utility TCP/IP, 1-10 menu, 3-2, 3-3 Time requirements, 1-1 prompt, 3-2, 3-3 RIS client installation, starting the inspect 1-1 daemon, 3-2 Tokens, 1-9 Software kit checking contents, 1-1 U__________________________ Software Performance Report ULTRIX , 3-7 documentation set, 1-7 Software requirements required subsets (RISC), reference page software, 1-3 1-2 required subsets (VAX), Special requirements, 1-6 1-3 Subsets version required, 1-2 Digital UNIX, 1-3 Unprivileged users disk space requirements, enabling, 1-7 1-4 reference page software V (RISC ULTRIX), 1-3 ___________________________ reference page software VAX, 1-2 (VAX ULTRIX), 1-3 ULTRIX subsets, 1-3 ULTRIX (RISC), 1-3 VAX ULTRIX ULTRIX (VAX), 1-3 reference page software Superuser subsets, 1-3 logging in as, 1-2 VAXserver, 1-2 privilege, 1-2 VAXstation, 1-2 Supported systems DECstation, 1-2 DECsystem, 1-2 MicroVAX, 1-2 VAX, 1-2 Index-5