POLYCENTER Security Intrusion Detector for OpenVMS_______________________________________ Installation Guide Order Number: AA-PQ5DB-TE This manual contains instructions for installing POLYCENTER Security ID on the OpenVMS VAX and OpenVMS AXP operating systems. Revision/Update Information: This is a new manual. Operating System and Version: OpenVMS Version 6.1 or higher. Software Version: POLYCENTER Security Intrusion Detector for OpenVMS Version 1.2 Digital Equipment Corporation Maynard, Massachusetts __________________________________________________________ March 1995 The information in this document is subject to change without notice and should not be construed as a commitment by Digital Equipment Corporation. Digital Equipment Corporation assumes no responsibility for any errors that may appear in this document. Possession, use, dissemination, or duplication of the software described in this documentation is authorized only pursuant to a valid written license from Digital or the third-party owner of the software copyright. No responsibility is assumed for the use or reliability of software or equipment that is not supplied by Digital Equipment Corporation. Digital Equipment Corporation makes no representations that the interconnection of its products in the manner described in this document will not infringe existing or future patent rights, nor do the descriptions contained in this document imply the granting of licenses to make, use, or sell equipment or software in accordance with the description. © Digital Equipment Corporation 1995. All Rights Reserved. The following are trademarks of Digital Equipment Corporation: OpenVMS, VAX, AXP, DEC, Digital, POLYCENTER, ULTRIX, and the DIGITAL logo. OSF and OSF/1 are registered trademarks of the Open Software Foundation, Inc. Sun and SunOS are registered trademarks of Sun Microsystems, Inc. All other trademarks and registered trademarks are the property of their respective holders. This document was prepared using VAX DOCUMENT Version 2.1. ________________________________________________________________ Contents Preface.................................................. v 1 Preparing to Install POLYCENTER Security Intrusion Detector 1.1 Introduction................................. 1-1 1.2 In this Chapter.............................. 1-1 1.3 Before You Start............................. 1-2 1.4 Accessing the Online Release Notes........... 1-2 1.5 Installation Procedure Requirements.......... 1-2 1.6 User Account Quotas and Privileges........... 1-2 1.7 OpenVMS License Management Facility.......... 1-4 1.8 Invoking VMSINSTAL........................... 1-4 1.9 Listener Mailboxes........................... 1-5 2 Installing POLYCENTER Security Intrusion Detector 2.1 Introduction................................. 2-1 2.2 In this Chapter.............................. 2-1 2.3 Aborting the Installation.................... 2-2 2.4 Step-by-Step Installation of POLYCENTER Security ID.................................. 2-2 2.5 Installing POLYCENTER Security ID on an OpenVMS Cluster System....................... 2-8 iii 3 After the Installation 3.1 Introduction................................. 3-1 3.2 In this Chapter.............................. 3-1 3.3 Changing Audit Event Settings................ 3-2 3.4 Invoking POLYCENTER Security ID Software..... 3-2 3.5 Creating POLYCENTER Security ID Listener Mailboxes.................................... 3-3 3.6 Running the Installation Verification Procedure Separately......................... 3-3 3.7 Error Conditions............................. 3-4 3.8 Maintenance Updates.......................... 3-5 3.9 Determining and Reporting Problems........... 3-6 A Sample Installation B POLYCENTER Security ID Files Index Tables 1-1 Process Quotas on an Account running POLYCENTER Security ID................... 1-3 iv ________________________________________________________________ Preface This manual describes how to install POLYCENTER[TM] Security Intrusion Detector (POLYCENTER Security ID) on the OpenVMS[TM] VAX[TM] and OpenVMS [TM] AXP[TM] operating systems. Audience This manual is for system managers who are responsible for installing POLYCENTER Security ID software. Keep this manual with your distribution kit. You will need it to install maintenance updates or to re-install the software. Associated Documents The following document contains more information about POLYCENTER Security ID: POLYCENTER Security Intrusion Detector for OpenVMS User's Guide. This document provides an overview of the system and describes how to configure it to best effect. For information about special features and limitations of this release, see the Release Notes located in the file SYS$HELP:RID012.RELEASE_NOTES. For information on reporting problems about POLYCENTER Security ID software, see Section 3.9. v Conventions The following conventions are used in this manual: ________________________________________________________________ Convention_______Description____________________________________ Note A note contains information that is of special importance to the reader. Monospace type Monospace type indicates system displays. It also indicates literal strings in text. Boldface type Boldface type in examples indicates user input. Italic type Italic type emphasizes important information, indicates variables, and indicates complete titles of manuals. $ The dollar sign ($) indicates the DCL prompt. Ctrl/x Ctrl/x indicates that you hold down the Ctrl key while you press another key (indicated here by x). x A lowercase italic x indicates the generic use of a letter. For example, xxx indicates any combination of three alphabetic characters. In examples, a key name enclosed in a box indicates that you press that key. [ ] In the installation procedure, defaults appear in brackets. In format descriptions, brackets indicate optional elements. ( ) In format descriptions, parentheses delimit the parameter or argument list. UPPERCASE Words in uppercase indicate a command, the name of a file, the name of a file protection code, or a system privilege. lowercase In format descriptions, words in lowercase indicate parameters or arguments to be specified by the user. Vertical ellipsis points indicate the omission . of information from an example or command . format. The information is omitted because it ____.____________is_not_important_to_the_topic_being_discussed._ vi Note Your comments and suggestions help us to improve the quality of our publications. Please send your comments to the following electronic mail address: comments@galvia.enet.dec.com Thank you for your assistance. vii 1 ________________________________________________________________ Preparing to Install POLYCENTER Security Intrusion Detector 1.1 Introduction This chapter describes what you need to do before you install POLYCENTER Security ID onto your system. You should read and understand it before you begin to install your new software. 1.2 In this Chapter This Chapter contains the following sections: o Before You Start o Accessing the Online Release Notes o Installation Procedure Requirements o User Account Quotas and Privileges o OpenVMS License Management Facility o Invoking VMSINSTAL o Listener Mailboxes Preparing to Install POLYCENTER Security Intrusion Detector 1-1 Preparing to Install POLYCENTER Security Intrusion Detector 1.3 Before You Start Your bill of materials (BOM) and indented bills report (BIL) specify the number and contents of your media. Be sure to check the contents of your kit against this information. If your kit is damaged, or if you find that parts of it are missing, call your Digital representative. 1.4 Accessing the Online Release Notes POLYCENTER Security ID provides online Release Notes. The prompt to display or print the Release Notes during the installation appears when you invoke VMSINSTAL with the OPTIONS N parameter. To obtain the Release Notes after the installation, type or print the file SYS$HELP:RID012.RELEASE_NOTES. Online help also directs you to the Release Notes file. After the installation, type: $ HELP RID RELEASE_NOTES 1.5 Installation Procedure Requirements The POLYCENTER Security ID installation takes about 10 to 15 minutes, depending on the type of media and your system configuration. Before installing POLYCENTER Security ID, you must have the following privileges and resources: o SETPRV privileges, or WORLD and SYSPRV privileges o A minimum of 2500 blocks of free disk space during installation; 5000 blocks are used after installation. 1.6 User Account Quotas and Privileges An account must have the RID$SECURITY_MANAGER rights identifiers to use POLYCENTER Security ID. The account must also have TMPMBX and NETMBX privileges, and the requirements listed in Table 1-1. 1-2 Preparing to Install POLYCENTER Security Intrusion Detector Preparing to Install POLYCENTER Security Intrusion Detector Table 1-1 Process Quotas on an Account running POLYCENTER __________Security_ID_____________________________________ VMSINSTAL Process_Quota______Required_Minimum_Value____Values_______ ASTLM 48 24 BIOLM 18 18 BYTLM 32768 18000 DIOLM 18 18 ENQLM 2000 30 FILLM 40 20 PGFLQUOTA 10000 - PRCLM 2 - TQELM 10 - WSDEF______________300_______________________-____________ Use the OpenVMS Authorize Utility (AUTHORIZE) to compare the current values of these quotas with the requirements for POLYCENTER Security ID. For example, the account used in the following example is the SYSTEM account: $ SET DEFAULT SYS$SYSTEM $ RUN AUTHORIZE UAF>SHOW SYSTEM To change the values of these quotas, use the OpenVMS Authorize Utility's MODIFY command. For more information, see the OpenVMS System Management Utilities Reference Manual. Also the following SYSGEN values should be set: PQL_DENQLM - 600 PQL_DPGFLQUOTA - 10000 PQL_DPGFLQUOTA - 10000 The above parameters are dynamic so they can be changed without needing to reboot your system. Preparing to Install POLYCENTER Security Intrusion Detector 1-3 Preparing to Install POLYCENTER Security Intrusion Detector 1.7 OpenVMS License Management Facility You must use the OpenVMS License Management Facility (LMF) to register your POLYCENTER Security ID software license. You must register POLYCENTER Security ID. The license registration information you need is contained in the Product Authorization Key (PAK) that is shipped with POLYCENTER Security ID. The PAK is a paper certificate that contains information about the license needed to run a particular piece of software. During the installation, you are asked if you have registered the POLYCENTER Security ID license and loaded the appropriate authorization key. You must register and load your license for POLYCENTER Security ID before you start the installation in order to run the Installation Verification Procedure (IVP) and use the software. To register a license, first log into the system manager's account, SYSTEM. You then have two alternative ways to perform the registration: o Invoke the SYS$UPDATE:OpenVMSLICENSE.COM procedure. When it prompts you for information, respond with data from your Product Authorization Key (PAK). o Issue the LICENSE REGISTER DCL command with the appropriate qualifiers that correspond to information on the PAK. For complete information on using LMF, see the License Management Utility Manual in the OpenVMS documentation set. 1.8 Invoking VMSINSTAL To start the POLYCENTER Security ID installation, log into a privileged account such as the SYSTEM account, and invoke the VMSINSTAL command procedure. Use the following syntax: $ @SYS$UPDATE:VMSINSTAL RID012 device-name OPTIONS N Where device-name is the name of the device that contains the distribution media. For example, dka400 is the device name for CD-ROM 0. 1-4 Preparing to Install POLYCENTER Security Intrusion Detector Preparing to Install POLYCENTER Security Intrusion Detector OPTIONS N is an optional parameter that indicates that you want to be prompted to display or print the Release Notes. Digital strongly recommends that you include the OPTIONS N parameter and read the Release Notes before proceeding with the installation. VMSINSTAL has several other options; for information, see the OpenVMS System Manager's Manual. Note that VMSINSTAL uses slightly different messages, depending on the version of OpenVMS you are running. When you invoke VMSINSTAL, it checks whether: o You are logged into the SYSTEM account. Digital recommends that you install software from the system manager's account with your default device and directory set to SYS$UPDATE. o You have adequate quotas for installation o There are no other users logged into the system If VMSINSTAL detects any of these conditions, it gives you the opportunity to stop the installation procedure by asking whether or not you want to continue. If you want to stop the installation, press Return. If you do not supply the first two parameters, VMSINSTAL prompts you for the product and device names. If you want to be prompted for the product and device names and to display or print the Release Notes, type: $ @SYS$UPDATE:VMSINSTAL 1.9 Listener Mailboxes To receive audit event messages, POLYCENTER Security ID must create an Audit Server listener mailbox. See the POLYCENTER Security Intrusion Detector for OpenVMS User's Guide for more detailed information on creating listener mailboxes. Preparing to Install POLYCENTER Security Intrusion Detector 1-5 2 ________________________________________________________________ Installing POLYCENTER Security Intrusion Detector 2.1 Introduction This section contains excerpts from the installation procedure and explains each step. Defaults appear in brackets throughout the installation procedure. 2.2 In this Chapter This chapter contains the following sections: o Aborting the installation o Step-by-Step installation of POLYCENTER Security ID o Installing POLYCENTER Security ID on an OpenVMS cluster system Installing POLYCENTER Security Intrusion Detector 2-1 Installing POLYCENTER Security Intrusion Detector 2.3 Aborting the Installation To abort the installation procedure at any time, press Ctrl/Y. When you press Ctrl/Y, the installation procedure deletes all files it has created up to that point and then returns you to the DCL prompt. If you want to retry the installation procedure after pressing Ctrl/Y, you must proceed from step 2. 2.4 Step-by-Step Installation of POLYCENTER Security ID This section contains excerpts from the POLYCENTER Security ID installation procedure as it appears on the screen, and provides explanatory text. Appendix A shows a sample installation procedure. Step 1: Log in to a privileged account Set your default device and directory to SYS$UPDATE as follows: Username: SYSTEM Password: $ SET DEFAULT SYS$UPDATE Step 2: Invoke VMSINSTAL The following is displayed: $ @SYS$UPDATE:VMSINSTAL RID012 [DEVICE] OPTIONS N OpenVMS AXP Software Product Installation Procedure V6.1 It is 23-FEB-1995 at 14:52. Enter a question mark (?) at any time for help. * Are you satisfied with the backup of your system disk [YES]? The following products will be processed: RID V1.2 Beginning installation of RID V1.2 at 14:52 %VMSINSTAL-I-RESTORE, Restoring product save set A ... Release Notes included with this kit are always copied to SYS$HELP. Additional Release Notes Options: 2-2 Installing POLYCENTER Security Intrusion Detector Installing POLYCENTER Security Intrusion Detector 1. Display Release Notes 2. Print Release Notes 3. Both 1 and 2 4. None of the above * Select option [2]: * Do you want to continue the installation [NO]? yes %VMSINSTAL-I-RELMOVED, Product's Release Notes have been moved to SYS$HELP. Copyright Digital Equipment Corporation, 1992,1995 All Rights Reserved. -- POLYCENTER Security Intrusion Detector for OpenVMS -- Installation of Version V1.2 Copyright (c) Digital Equipment Corporation, 1992,1995 All Rights Reserved. Unpublished rights reserved under the copyright laws of the United States. The software contained on this media is proprietary to and embodies the confidential technology of Digital Equipment Corporation. Possession, use, duplication or dissemination of the software and media is authorized only pursuant to a valid written license from Digital Equipment Corporation. RESTRICTED RIGHTS LEGEND Use, duplication, or disclosure by the U.S. Government is subject to restrictions as set forth in Subparagraph (c)(1)(ii) of DFARS 252.227-7013, or in FAR 52.227-19, as applicable. Installing POLYCENTER Security Intrusion Detector for OpenVMS and running the Installation Verification Procedure (IVP) requires approximately 5 to 15 minutes, depending on your system configuration and the distribution media you are using. Step 3: Select IVP option The following question is displayed: * Do you want to run the IVP after the installation [YES] ? Installing POLYCENTER Security Intrusion Detector 2-3 Installing POLYCENTER Security Intrusion Detector The Installation Verification Procedure (IVP) runs tests to check whether the installation procedure was successful. Press Return to run the IVP after the installation. If you do not want to run the IVP, type No in response to the prompt. Step 4: Respond to License Registration Queries POLYCENTER Security ID supports the OpenVMS License Management Facility (LMF). The installation procedure displays license information about your product and then asks if you have registered and loaded your authorization key for POLYCENTER Security ID. 2-4 Installing POLYCENTER Security Intrusion Detector Installing POLYCENTER Security Intrusion Detector The following is an example of such information: Product: INSPECT-ID Producer: DEC Version: 1.2 Release Date: 14-MAR-1995 * Does this product have an authorization key registered and loaded? (Y) If you have not registered and loaded your authorization key, you must answer NO to this question. You have to register and load your product authorization key to successfully complete the installation. If you have not done so, you should stop the installation, register and load your product authorization key, and then restart the installation. Step 5: Decide on System Startup The installation procedure enables the installer to choose how POLYCENTER Security ID will initially be started. The choices are: 1. To be started manually by the installer entering the following command after the installation: $ @SYS$STARTUP:RIDSTARTUP 2. To be automatically started from the account under which this installation is occurring. Also, the installer should be aware that for POLYCENTER Security ID to be started automatically after a system re- boot, you need to place the command line @SYS$STARTUP:RIDSTARTUP in the SYS$STARTUP_VMS.COM FILE. This installation will not modify an existing account. After this installation you should update the account where parameters are different. This also applies if you choose to start automatically under this (installing) account as follows: * Press RETURN to continue: Do you want to Installing POLYCENTER Security Intrusion Detector 2-5 Installing POLYCENTER Security Intrusion Detector 1) Start Manually after the installation. 2) Automatically start from this account. 3) Exit this installation. * Which option do you want [1]: * Is this option (1) correct [YES]? Step 6: Read informational messages The POLYCENTER Security ID installation procedure produces a number of messages that report on the progress of the installation. The installation checks to see if POLYCENTER Security ID software is running on any other node and attempts to shut down the POLYCENTER Security ID application as follows: This installation will now check if OPCOM is active on all cluster nodes Please ignore any error messages that might be displayed. %SYSMAN-I-ENV, current command environment: Clusterwide on local cluster Username SYSTEM will be used on nonlocal nodes %SYSMAN-I-OUTPUT, command execution on node NODE_X This installation will now attempt to shut down POLYCENTER Security ID if it is already active on any node. Please ignore any error messages that might be displayed. Step 7: Select the POLYCENTER Security ID directory The POLYCENTER Security ID software depends upon its own directory system to operate. The next response requests the location of this directory and then informs you that all POLYCENTER Security ID files can be found under this directory tree. The POLYCENTER Security ID software depends upon a specific subdirectory structure for its operation. In response to the following question, enter a location where these directories should reside. All files used or created while running the POLYCENTER Security ID software will reside in subdirectories of the location you specify. . . . 2-6 Installing POLYCENTER Security Intrusion Detector Installing POLYCENTER Security Intrusion Detector Step 8: Checking the POLYCENTER Security ID audit event messages The POLYCENTER Security ID software uses OpenVMS audit events to send messages in the event of an intrusion. The minimum set of Audits for POLYCENTER Security ID software to perform its tasks are listed below. The current event settings are stored as a command procedure in RID$IMAGES:RID$AUDIT_SETTINGS.COM. POLYCENTER Security ID uses the OpenVMS Audit events that are currently enabled on this system. However, these settings may not be optimal for POLYCENTER Security ID operation. The minimum set of Audit events for POLYCENTER Security ID to be effective is: ACL AUTHORIZATION BREAKIN=ALL LOGFAILURES=ALL ACCESS=(FAILURE=(ALL))/CLASS=FILE For further information, please consult the post-installation section of the POLYCENTER Security Intrusion Detector for OpenVMS Installation Guide. . . . If the installation procedure is successful, the new or modified files are moved to their target directories. Step 9: Observe the Installation Verification Procedure If you chose to run the IVP in step 4, VMSINSTAL now calls the IVP to verify that POLYCENTER Security ID was installed successfully. Beginning the POLYCENTER Security ID V1.2 Installation Verification Procedure. The Installation Verification Procedure for POLYCENTER Security ID V1.2 has completed successfully. Installing POLYCENTER Security Intrusion Detector 2-7 Installing POLYCENTER Security Intrusion Detector Step 10: Completion of installation When POLYCENTER Security ID installation is complete, the following is displayed: Installation of POLYCENTER Security ID V1.2 completed at 14:54 Adding history entry in VMI$ROOT:[SYSUPD]VMSINSTAL.HISTORY Creating installation data file: VMI$ROOT:[SYSUPD]RID012.VMI_DATA VMSINSTAL procedure done at 14:54 VMSINSTAL deletes or changes entries in the process symbol tables during the installation. Therefore, if you are going to continue using the system manager's account and you want to restore these symbols, you should log out and log in again. POLYCENTER Security ID starts automatically five minutes after the installation is complete. 2.5 Installing POLYCENTER Security ID on an OpenVMS Cluster System In general, you need to install POLYCENTER Security ID on only one node in an OpenVMS cluster system. However, if the OpenVMS cluster has more than one system disk, prepare to repeat the installation procedure on each system disk. 2-8 Installing POLYCENTER Security Intrusion Detector 3 ________________________________________________________________ After the Installation 3.1 Introduction This Chapter describes what you should do after installing POLYCENTER Security ID. It details some of the ways that you can configure POLYCENTER Security ID to make the best use of the software. For more detailed configuration advice, refer to the POLYCENTER Security Intrusion Detector User's Guide. 3.2 In this Chapter This Chapter contains the following sections: o Changing audit event settings o Invoking POLYCENTER Security ID software o Creating POLYCENTER Security ID listener mailboxes o Running the installation verification procedure separately o Error conditions o Maintenance updates o Determining and reporting problems After the Installation 3-1 After the Installation 3.3 Changing Audit Event Settings POLYCENTER Security ID uses OpenVMS Audit events to detect and report suspicious and hostile activity. POLYCENTER Security ID uses the OpenVMS audit events that are enabled at the time POLYCENTER Security ID is installed. Authorized security managers can change audit events using the SET AUDIT command. If an unauthorized user changes audit event settings, POLYCENTER Security ID restores the last settings made by an authorized security manager. For more information, refer to the POLYCENTER Security ID User's Guide. The following sample event settings may be similar to the settings contained in your file: $ SET AUDIT/AUDIT/ALARM/DISABLE=All $ SET AUDIT/AUDIT/ENABLE=( - ACL, - MOUNT, - AUTHORIZATION, - INSTALL, - BREAKIN=ALL - LOGIN=ALL, - LOGOUT=ALL, - access=(failure:(all))/class=FILE 3.4 Invoking POLYCENTER Security ID Software POLYCENTER Security ID is now installed and can be invoked by all users with the RID DCL command. The installation procedure modifies the DCL command table so that the RID command is recognized and processed. However, the previous command table is still in effect for those users who are currently logged in. All logged-in users who want to use the RID command must log out of the system and log in again. If you wish to start POLYCENTER Security ID, and it is residing on a single node, enter the command: $ @SYS$STARTUP:RID$STARTUP 3-2 After the Installation After the Installation If POLYCENTER Security ID is residing on a cluster, and you wish to start it up on all nodes simultaneously, enter the following command: $ SYS$SYSTEM:SYSMAN SYSMAN> SET ENVIRONMENT/CLUSTER SYSMAN> DO @SYS$STARTUP:RID$STARTUP SYSMAN> EXIT For POLYCENTER Security ID to be started automatically after a system reboot, you need to place the command line @SYS$STARTUP:RIDSTARTUP in the SYS$STARTUP_VMS.COM FILE. 3.5 Creating POLYCENTER Security ID Listener Mailboxes POLYCENTER Security ID can be placed anywhere in the audit chain, thus allowing other processes to access the audit server. POLYCENTER Security ID receives event messages from the Audit Server through an input mailbox. To enhance the flexibility of POLYCENTER Security ID in working with other applications, it is possible for you to define the logical name for the input mailbox. Further information on listener mailboxes can be found in the POLYCENTER Security Intrusion Detector for OpenVMS User's Guide. 3.6 Running the Installation Verification Procedure Separately The Installation Verification Procedure (IVP) is usually run during installation. If you want to run the IVP separately to ensure the integrity of installed files if system problems occur, use: $ @SYS$TEST:RID$IVP If the IVP fails for any reason, the following messages are displayed: The POLYCENTER Security ID V1.2 Installation Verification Procedure failed. %VMSINSTAL-E-IVPFAIL, The IVP for POLYCENTER Security ID V1.2 has failed. After the Installation 3-3 After the Installation 3.7 Error Conditions If the installation procedure fails for any reason, a message like the one following is displayed: %VMSINSTAL-E-INSFAIL, The installation of POLYCENTER Security ID V1.2 has failed. 3-4 After the Installation After the Installation An error during the installation can occur if one or more of the following conditions exist: o operating system version is incorrect. o quotas necessary for successful installation are insufficient. See Section 1.6. o process quotas required by VMSINSTAL are incorrect. See Section 1.6. o the OpenVMS HELP library is currently in use. o the product was either registered incorrectly or not registered. For descriptions of the error messages generated by these conditions, see the OpenVMS System Messages and Recovery Procedures Reference Manual, your processor-specific installation or operations guide, or the OpenVMS License Management Utility Manual. If you are notified that any of these conditions exist, you should take the appropriate action as described in the message. You may need to change a system parameter or increase an authorized quota value. If the installation fails, you must restart the instal- lation procedure from step 2. If the installation fails due to an IVP failure, contact a Digital field service representative. 3.8 Maintenance Updates Digital may periodically issue maintenance updates of POLYCENTER Security ID. Each update has an installation kit. You should install this kit as described in this manual or in any documentation that may accompany the maintenance update. Each time a maintenance update is released, the version number changes. For example, if the current version is 1.0, the version number of the first maintenance update will be 1.1. In addition, each maintenance update includes new Release Notes. The Release Notes describe the changes made to POLYCENTER Security ID since the previous release. After the Installation 3-5 After the Installation The update Release Notes are provided on line. You should read the Release Notes when you first install POLYCENTER Security ID. They are also accessible any time after the product is installed. To locate the Release Notes after POLYCENTER Security ID is installed, display or print the file SYS$HELP:RID012.RELEASE_NOTES, or type: $ HELP RID RELEASE_NOTES 3.9 Determining and Reporting Problems If an error occurs while you are using POLYCENTER Security ID and you believe that the error is caused by a problem with POLYCENTER Security ID, take one of the following actions: o If you purchased POLYCENTER Security ID within the past 90 days and you think the problem is caused by a software error, you can submit a Software Performance Report (SPR). o If you have a Basic or DECsupport Software Agreement, you should call your Customer Support Center. With these services, you receive telephone support that provides high-level advisory and remedial assistance. For more information, contact your local Digital representative. o If you have a Self-Maintenance Software Agreement, you can submit a Software Performance Report (SPR). If you find an error in the POLYCENTER Security ID documentation, please send mail with details of the error to: comments@galvia.enet.dec.com Thank you for your assistance. 3-6 After the Installation A ________________________________________________________________ Sample Installation This appendix provides a sample installation procedure: Username: SYSTEM Password: Welcome to OpenVMS AXP (TM) Operating System, Version V6.1 on node XXXXXX Last interactive login on Monday, 9-JAN-1995 20:57:06.52 Last non-interactive login on Monday, 9-JAN-1995 20:57:22.67 $ @SYS$UPDATE:VMSINSTAL RID012 [DEVICE] OPTIONS N OpenVMS AXP Software Product Installation Procedure V6.1 It is 23-FEB-1995 at 14:52. Enter a question mark (?) at any time for help. * Are you satisfied with the backup of your system disk [YES]? The following products will be processed: RID V1.2 Beginning installation of RID V1.2 at 14:52 %VMSINSTAL-I-RESTORE, Restoring product save set A ... Release Notes included with this kit are always copied to SYS$HELP. Additional Release Notes Options: 1. Display Release Notes 2. Print Release Notes 3. Both 1 and 2 4. None of the above * Select option [2]: * Do you want to continue the installation [NO]? yes %VMSINSTAL-I-RELMOVED, Product's Release Notes have been moved to SYS$HELP. Copyright Digital Equipment Corporation, 1992,1995 All Rights Reserved. Sample Installation A-1 Sample Installation -- POLYCENTER Security Intrusion Detector for OpenVMS -- Installation of Version V1.2 Copyright (c) Digital Equipment Corporation, 1992,1995 All Rights Reserved. Unpublished rights reserved under the copyright laws of the United States. The software contained on this media is proprietary to and embodies the confidential technology of Digital Equipment Corporation. Possession, use, duplication or dissemination of the software and media is authorized only pursuant to a valid written license from Digital Equipment Corporation. RESTRICTED RIGHTS LEGEND Use, duplication, or disclosure by the U.S. Government is subject to restrictions as set forth in Subparagraph (c)(1)(ii) of DFARS 252.227-7013, or in FAR 52.227-19, as applicable. Installing POLYCENTER Security Intrusion Detector for OpenVMS and running the Installation Verification Procedure (IVP) requires approximately 5 to 15 minutes, depending on your system configuration and the distribution media you are using. * Do you want to run the IVP after the installation [YES]? Product: INSPECT-ID Producer: DEC Version: 1.2 Release Date: 14-MAR-1995 * Does this product have an authorization key registered and loaded? y You may set up POLYCENTER Security ID to start as follows 1) To start manually after installation. 2) To automatically start from the account under which this installation is occurring. This installation will not modify an existing account. After this installation you should update the account where parameters are different. This also applies if you choose to start automatically under this (installing) account. A-2 Sample Installation Sample Installation * Press RETURN to continue: Do you want to 1) Start Manually after the installation. 2) Automatically start from this account. 3) Exit this installation. * Which option do you want [1]: * Is this option (1) correct [YES]? This installation will now check if OPCOM is active on all cluster nodes Please ignore any error messages that might be displayed. %SYSMAN-I-ENV, current command environment: Clusterwide on local cluster Username SYSTEM will be used on nonlocal nodes %SYSMAN-I-OUTPUT, command execution on node NODE_1 This installation will now attempt to shut down POLYCENTER Security ID if it is already active on any node. Please ignore any error messages that might be displayed. %SYSMAN-I-ENV, current command environment: Clusterwide on local cluster Username SYSTEM will be used on nonlocal nodes %SYSMAN-I-OUTPUT, command execution on node NODE_1 The POLYCENTER Security ID software depends upon a specific subdirectory structure for its operation. In response to the following question, enter a location where these directories should reside. All files used or created while running the POLYCENTER Security ID software will reside in subdirectories of the location you specify. *** NOTE *** It is recommended that these directories should *NOT* be placed within the system directory tree (that is, SYS$SYSROOT:[*...]). * Where should the directories be placed [SYS$SYSDEVICE:[RID]]: * Is SYS$SYSDEVICE:[RID] correct [YES]? The logical name "RID$ROOT" points to the POLYCENTER Security ID subdirectory structure created with this installation. Sample Installation A-3 Sample Installation POLYCENTER Security ID uses the OpenVMS Audit events that are currently enabled on this system. However, these settings may not be optimal for POLYCENTER Security ID operation. The minimum set of Audits for POLYCENTER Security ID to be effective is: ACL AUTHORIZATION BREAKIN=ALL LOGFAILURES=ALL LOGIN=ALL ACCESS=(FAILURE:(ALL))/CLASS=FILE For further information, please consult the post-installation section of the POLYCENTER Security Intrusion Detector for OpenVMS Installation Guide. * Press RETURN to continue: During its operation, POLYCENTER Security ID will notify all registered security managers of all significant events occurring on your system. In addition, a distribution list RID$DATABASE:RID$DISTRIBUTION.DIS may be used to specify additional users (not security managers) who are to receive such mail messages. This file is initially empty, and may be edited at any time by a security manager. * Press RETURN to continue: POLYCENTER Security ID maintains a list of users who are authorized to perform POLYCENTER Security ID operations. This list will now be created and will contain just SYSTEM and the current username (if not SYSTEM). Additional users may be added to or deleted from this list by authorized security managers after installation. * Press RETURN to continue: No further information is required from you to complete this installation. Creating the POLYCENTER Security ID subdirectory structure. A-4 Sample Installation Sample Installation %VMSINSTAL-I-SYSDIR, This product creates system disk directory SYS$SYSDEVICE:[RID]. %VMSINSTAL-I-SYSDIR, This product creates system disk directory SYS$SYSDEVICE:[RID.IMAGES]. %VMSINSTAL-I-SYSDIR, This product creates system disk directory SYS$SYSDEVICE:[RID.LOGS]. %VMSINSTAL-I-SYSDIR, This product creates system disk directory SYS$SYSDEVICE:[RID.DATABASE]. %VMSINSTAL-I-SYSDIR, This product creates system disk directory SYS$SYSDEVICE:[RID.SCRATCH]. %SYSMAN-I-ENV, current command environment: Clusterwide on local cluster Username SYSTEM will be used on nonlocal nodes %SYSMAN-I-OUTPUT, command execution on node NODE_1 If POLYCENTER Security ID will run under the account which executes the system startup procedure, then in order for the POLYCENTER Security ID environment to be defined after each system boot, add the following line to your STARTUP procedure: $ @SYS$STARTUP:RID$STARTUP.COM If POLYCENTER Security ID will run under its own account and you wish to have it automatically started by the system startup procedure, then in in order for the POLYCENTER Security ID environment to be defined after each system boot, add the following lines to your STARTUP procedure for each node: $ IF F$GETSYI("NODENAME") .EQS. "" THEN - SUBMIT/QUEUE=/USER= - SYS$STARTUP:RID$STARTUP.COM/NOPRINT/LOG=RID$LOGS:RID$STARTUP.LOG In order for the POLYCENTER Security ID environment to be shut down in a controlled manner on system shutdown, add the following line to your SHUTDOWN procedure: $ RID SHUTDOWN %VMSINSTAL-I-MOVEFILES, Files will now be moved to their target directories... Copyright Digital Equipment Corporation, 1992,1995 All Rights Reserved. -- POLYCENTER Security Intrusion Detector for OpenVMS -- Installation of Version V1.2 Beginning the POLYCENTER Security Intrusion Detector V1.2 Installation Verification Procedure. Sample Installation A-5 Sample Installation Copyright (c) Digital Equipment Corporation, 1992,1995 All Rights Reserved. Unpublished rights reserved under the copyright laws of the United States. The software contained on this media is proprietary to and embodies the confidential technology of Digital Equipment Corporation. Possession, use, duplication or dissemination of the software and media is authorized only pursuant to a valid written license from Digital Equipment Corporation. RESTRICTED RIGHTS LEGEND Use, duplication, or disclosure by the U.S. Government is subject to restrictions as set forth in Subparagraph (c)(1)(ii) of DFARS 252.227-7013, or in FAR 52.227-19, as applicable. The Installation Verification Procedure for POLYCENTER Security Intrusion Detector V1.2 has completed successfully. Installation of POLYCENTER Security ID V1.2 completed at 14:54 Adding history entry in VMI$ROOT:[SYSUPD]VMSINSTAL.HISTORY Creating installation data file: VMI$ROOT:[SYSUPD]RID012.VMI_DATA VMSINSTAL procedure done at 14:54 A-6 Sample Installation B ________________________________________________________________ POLYCENTER Security ID Files The installation adds the following POLYCENTER Security ID files to your system: RID$IMAGES:RID$SET.EXE RID$IMAGES:RID$SEND.EXE RID$IMAGES:RID$DELETE.EXE RID$IMAGES:RID$MONITOR.EXE RID$IMAGES:RID$SHUTDOWN.EXE RID$IMAGES:RID$INTERFACE.EXE RID$IMAGES:RID$DETECTOR.EXE RID$IMAGES:RID$CREATE_MBX.EXE RID$IMAGES:RID$DELETE_MBX.EXE RID$IMAGES:RID$INTERFACE.COM RID$IMAGES:RID$DETECTOR.COM RID$IMAGES:RID$AUDIT_SETTINGS.COM The following files are supplied on first installation, or when an existing POLYCENTER Security ID database is to be ignored: RID$DATABASE:RID$DISTRIBUTION.DIS RID$IMAGES:RID$MGR_SETTINGS.COM RID$DATABASE:SETUP.DAT The following logicals are created during installation: RID$ROOT RID$IMAGES RID$DATABASE RID$LOGS RID$SCRATCH RID$TOKEN_OBJECT RID$VERSION All log files can be found in RID$LOGS. POLYCENTER Security ID Files B-1 ________________________________________________________________ Index A__________________________ L__________________________ Audit events License changing settings, 3-2 See PAK minimum, 2-7 License Management Facility Authorize Utility using, 1-3 See LMF License Product E__________________________ Authorization Key Error conditions, 3-4 See PAK License registration, 1-4 F__________________________ Listener mailbox Files creating, 3-3 added by installation, LMF, 1-3, 2-4 Log files B-1 created during installation, B-1 I__________________________ Logicals Installation created during aborting, 2-2 installation, B-1 files, B-1 logicals, B-1 M__________________________ on VAXcluster, 2-8 Maintenance updates, 3-5 requirements, 1-2 Messages, 2-6 sample, A-1 verifying, 2-7 O IVP, 2-3 ___________________________ running separately, 3-3 OPTIONS N, 1-5 Index-1 required, 1-2 P__________________________ PAK, 1-4 R__________________________ POLYCENTER Security ID Registration invoking, 3-2 license, 1-4 Privilege Release Notes required, 1-2 Accessing, 1-2 Problems reporting, 3-6 V__________________________ Q VMSINSTAL ___________________________ invoking, 1-4 Quotas Index-2