Symantec Enterprise Security Manager Installation Guide

Transcription

Symantec Enterprise SecurityManager Installation GuideVersion 6.0

Symantec Enterprise Security ManagerInstallation GuideThe software described in this book is furnished under a license agreement and may beused only in accordance with the terms of the agreement.Documentation version 6.0PN: 10132731Copyright noticeCopyright 1998–2003 Symantec Corporation.All Rights Reserved.Any technical documentation that is made available by Symantec Corporation is thecopyrighted work of Symantec Corporation and is owned by Symantec Corporation.NO WARRANTY. The technical documentation is being delivered to you AS-IS andSymantec Corporation makes no warranty as to its accuracy or use. Any use of thetechnical documentation or the information contained therein is at the risk of the user.Documentation may include technical or other inaccuracies or typographical errors.Symantec reserves the right to make changes without prior notice.No part of this publication may be copied without the express written permission ofSymantec Corporation, 20330 Stevens Creek Blvd., Cupertino, CA 95014.TrademarksSymantec, the Symantec logo, and LiveUpdate are U.S. registered trademarks of SymantecCorporation. Symantec Enterprise Security Architecture, Symantec Enterprise SecurityManager, Symantec Incident Manager, Symantec Security Response, and SymantecVulnerability Assessment are trademarks of Symantec Corporation.Other brands and product names that are mentioned in this manual may be trademarks orregistered trademarks of their respective companies and are hereby acknowledged.Printed in the United States of America.10 9 8 7 6 5 4 3 2 1

Technical supportAs part of Symantec Security Response, the Symantec Global Technical Supportgroup maintains support centers throughout the world. The Technical Supportgroup’s primary role is to respond to specific questions on product feature/function, installation, and configuration, as well as to author content for ourWeb-accessible Knowledge Base. The Technical Support group workscollaboratively with the other functional areas within Symantec to answer yourquestions in a timely fashion. For example, the Technical Support group workswith Product Engineering as well as Symantec Security Response to provideAlerting Services and Virus Definition Updates for virus outbreaks and securityalerts.Symantec technical support offerings include: A range of support options that gives you the flexibility to select the rightamount of service for any size organization Telephone and Web support components that provide rapid response andup-to-the-minute information Upgrade insurance that delivers automatic software upgrade protection Content Updates for virus definitions and security signatures that ensurethe highest level of protection Global support from Symantec Security Response experts, which isavailable 24 hours a day, 7 days a week worldwide in a variety of languagesAdvanced features, such as the Symantec Alerting Service and TechnicalAccount Manager role, that offer enhanced response and proactive securitysupportPlease visit our Web site for current information on Support Programs. Thespecific features that are available may vary based on the level of supportpurchased and the specific product that you are using. Licensing and registrationIf the product that you are implementing requires registration and/or a licensekey, the fastest and easiest way to register your service is to access theSymantec licensing and registration site at www.symantec.com/certificate.Alternatively, you may go to t the product that you wish to register, and from the Product Home Page,select the Licensing and Registration link.Contacting Technical SupportCustomers with a current support agreement may contact the TechnicalSupport group by phone or online at www.symantec.com/techsupp.Customers with Platinum support agreements may contact Platinum TechnicalSupport by the Platinum Web site at www-secure.symantec.com/platinum/.

When contacting the Technical Support group, please have the following: Product release level Hardware information Available memory, disk space, NIC information Operating system Version and patch level Network topology Router, gateway, and IP address information Problem description Error messages/log files Troubleshooting performed prior to contacting Symantec Recent software configuration changes and/or network changesCustomer ServiceTo contact Enterprise Customer Service online, go to www.symantec.com, selectthe appropriate Global Site for your country, then choose Service and Support.Customer Service is available to assist with the following types of issues: Questions regarding product licensing or serialization Product registration updates such as address or name changes General product information (features, language availability, local dealers) Latest information on product updates and upgrades Information on upgrade insurance and maintenance contracts Information on Symantec Value License Program Advice on Symantec's technical support options Nontechnical presales questions Missing or defective CD-ROMs or manuals

SYMANTEC SOFTWARE LICENSE AGREEMENTSymantec Enterprise Security ManagerSYMANTEC CORPORATION AND/OR ITSSUBSIDIARIES ("SYMANTEC") IS WILLING TOLICENSE THE SOFTWARE TO YOU AS ANINDIVIDUAL, THE COMPANY, OR THE LEGAL ENTITYTHAT WILL BE UTILIZING THE SOFTWARE(REFERENCED BELOW AS "YOU" OR "YOUR") ONLYON THE CONDITION THAT YOU ACCEPT ALL OF THETERMS OF THIS LICENSE AGREEMENT. READ THETERMS AND CONDITIONS OF THIS LICENSEAGREEMENT CAREFULLY BEFORE USING THESOFTWARE. THIS IS A LEGAL AND ENFORCEABLECONTRACT BETWEEN YOU AND THE LICENSOR. BYOPENING THIS PACKAGE, BREAKING THE SEAL,CLICKING THE "AGREE" OR "YES" BUTTON OROTHERWISE INDICATING ASSENTELECTRONICALLY, OR LOADING THE SOFTWARE,YOU AGREE TO THE TERMS AND CONDITIONS OFTHIS AGREEMENT. IF YOU DO NOT AGREE TOTHESE TERMS AND CONDITIONS, CLICK THE "I DONOT AGREE" OR "NO" BUTTON OR OTHERWISEINDICATE REFUSAL AND MAKE NO FURTHER USEOF THE SOFTWARE.1. License:The software and documentation that accompaniesthis license (collectively the "Software") is theproprietary property of Symantec or its licensors andis protected by copyright law. While Symanteccontinues to own the Software, You will have certainrights to use the Software after Your acceptance of thislicense. This license governs any releases, revisions, orenhancements to the Software that the Licensor mayfurnish to You. Except as may be modified by anapplicable Symantec license certificate, licensecoupon, or license key (each a "License Module") thataccompanies, precedes, or follows this license, and asmay be further defined in the user documentationaccompanying the Software, Your rights andobligations with respect to the use of this Software areas follows.You may:A. use that number of copies of the Software as havebeen licensed to You by Symantec under a LicenseModule. Permission to use the software to assessDesktop, Server or Network machines does notconstitute permission to make additional copies of theSoftware. If no License Module accompanies, precedes,or follows this license, You may make one copy of theSoftware you are authorized to use on a singlemachine.B. make one copy of the Software for archivalpurposes, or copy the Software onto the hard disk ofYour computer and retain the original for archivalpurposes;C. use the Software to assess no more than the numberof Desktop machines set forth under a License Module."Desktop" means a desktop central processing unit fora single end user;D. use the Software to assess no more than the numberof Server machines set forth under a License Module."Server" means a central processing unit that acts as aserver for other central processing units;E. use the Software to assess no more than the numberof Network machines set forth under a License Module."Network" means a system comprised of multiplemachines, each of which can be assessed over the samenetwork;F. use the Software in accordance with any writtenagreement between You and Symantec; andG. after written consent from Symantec, transfer theSoftware on a permanent basis to another person orentity, provided that You retain no copies of theSoftware and the transferee agrees to the terms of thislicense.You may not:A. copy the printed documentation whichaccompanies the Software;B. use the Software to assess a Desktop, Server orNetwork machine for which You have not been grantedpermission under a License Module;C. sublicense, rent or lease any portion of theSoftware; reverse engineer, decompile, disassemble,modify, translate, make any attempt to discover thesource code of the Software, or create derivative worksfrom the Software;D. use the Software as part of a facility management,timesharing, service provider, or service bureauarrangement;E. continue to use a previously issued license key ifYou have received a new license key for such license,such as with a disk replacement set or an upgradedversion of the Software, or in any other instance;F. continue to use a previous version or copy of theSoftware after You have installed a disk replacementset, an upgraded version, or other authorizedreplacement. Upon such replacement, all copies of theprior version must be destroyed;G. use a later version of the Software than is providedherewith unless you have purchased correspondingmaintenance and/or upgrade insurance or have

otherwise separately acquired the right to use suchlater version;H. use, if You received the software distributed onmedia containing multiple Symantec products, anySymantec software on the media for which You havenot received a permission in a License Module; norI. use the Software in any manner not authorized bythis license.2. Content Updates:Certain Software utilize content that is updated fromtime to time (including but not limited to the followingSoftware: antivirus software utilize updated virusdefinitions; content filtering software utilize updatedURL lists; some firewall software utilize updatedfirewall rules; and vulnerability assessment productsutilize updated vulnerability data; these updates arecollectively referred to as "Content Updates"). Youshall have the right to obtain Content Updates for anyperiod for which You have purchased maintenance,except for those Content Updates that Symantec electsto make available by separate paid subscription, or forany period for which You have otherwise separatelyacquired the right to obtain Content Updates.Symantec reserves the right to designate specifiedContent Updates as requiring purchase of a separatesubscription at any time and without notice to You;provided, however, that if You purchase maintenancehereunder that includes particular Content Updates onthe date of purchase, You will not have to pay anadditional fee to continue receiving such ContentUpdates through the term of such maintenance even ifSymantec designates such Content Updates asrequiring separate purchase. This License does nototherwise permit the licensee to obtain and useContent Updates.3. Limited Warranty:Symantec warrants that the media on which theSoftware is distributed will be free from defects for aperiod of sixty (60) days from the date of delivery of theSoftware to You. Your sole remedy in the event of abreach of this warranty will be that Symantec will, atits option, replace any defective media returned toSymantec within the warranty period or refund themoney You paid for the Software. Symantec does notwarrant that the Software will meet Your requirementsor that operation of the Software will be uninterruptedor that the Software will be error-free.TO THE MAXIMUM EXTENT PERMITTED BYAPPLICABLE LAW, THE ABOVE WARRANTY ISEXCLUSIVE AND IN LIEU OF ALL OTHERWARRANTIES, WHETHER EXPRESS OR IMPLIED,INCLUDING THE IMPLIED WARRANTIES OFMERCHANTABILITY, FITNESS FOR A PARTICULARPURPOSE, AND NONINFRINGEMENT OFINTELLECTUAL PROPERTY RIGHTS. THISWARRANTY GIVES YOU SPECIFIC LEGAL RIGHTS.YOU MAY HAVE OTHER RIGHTS, WHICH VARY FROMSTATE TO STATE AND COUNTRY TO COUNTRY.4. Disclaimer of Damages:SOME STATES AND COUNTRIES, INCLUDINGMEMBER COUNTRIES OF THE EUROPEAN ECONOMICAREA, DO NOT ALLOW THE LIMITATION OREXCLUSION OF LIABILITY FOR INCIDENTAL ORCONSEQUENTIAL DAMAGES, SO THE BELOWLIMITATION OR EXCLUSION MAY NOT APPLY TOYOU.TO THE MAXIMUM EXTENT PERMITTED BYAPPLICABLE LAW AND REGARDLESS OF WHETHERANY REMEDY SET FORTH HEREIN FAILS OF ITSESSENTIAL PURPOSE, IN NO EVENT WILLSYMANTEC BE LIABLE TO YOU FOR ANY SPECIAL,CONSEQUENTIAL, INDIRECT, OR SIMILARDAMAGES, INCLUDING ANY LOST PROFITS OR LOSTDATA ARISING OUT OF THE USE OR INABILITY TOUSE THE SOFTWARE EVEN IF SYMANTEC HAS BEENADVISED OF THE POSSIBILITY OF SUCH DAMAGES.IN NO CASE SHALL SYMANTEC'S LIABILITY EXCEEDTHE PURCHASE PRICE FOR THE SOFTWARE. Thedisclaimers and limitations set forth above will applyregardless of whether or not You accept the Software.5. U.S. Government Restricted Rights:RESTRICTED RIGHTS LEGEND. All Symantec productsand documentation are commercial in nature. Thesoftware and software documentation are "CommercialItems," as that term is defined in 48 C.F.R. section2.101, consisting of "Commercial Computer Software"and "Commercial Computer Software Documentation,"as such terms are defined in 48 C.F.R. section 252.2277014(a)(5) and 48 C.F.R. section 252.227-7014(a)(1),and used in 48 C.F.R. section 12.212 and 48 C.F.R.section 227.7202, as applicable. Consistent with 48C.F.R. section 12.212, 48 C.F.R. section 252.227-7015,48 C.F.R. section 227.7202 through 227.7202-4, 48C.F.R. section 52.227-14, and other relevant sections ofthe Code of Federal Regulations, as applicable,Symantec's computer software and computer softwaredocumentation are licensed to United StatesGovernment end users with only those rights asgranted to all other end users, according to the termsand conditions contained in this license agreement.Manufacturer is Symantec Corporation, 20330 StevensCreek Blvd., Cupertino, CA 95014, United States ofAmerica.

6. Export Regulation:Export or re-export of this Software is governed by thelaws and regulations of the United States and importlaws and regulations of certain other countries.Export or re-export of the Software to any entity notauthorized by, or that is specified by, the United StatesFederal Government is strictly prohibited.7. General:If You are located in North America or Latin America,this Agreement will be governed by the laws of theState of California, United States of America.Otherwise, this Agreement will be governed by thelaws of England and Wales. This Agreement and anyrelated License Module is the entire agreementbetween You and Symantec relating to the Softwareand: (i) supersedes all prior or contemporaneous oralor written communications, proposals, andrepresentations with respect to its subject matter; and(ii) prevails over any conflicting or additional terms ofany quote, order, acknowledgment, or similarcommunications between the parties. This Agreementshall terminate upon Your breach of any termcontained herein and You shall cease use of anddestroy all copies of the Software. The disclaimers ofwarranties and damages and limitations on liabilityshall survive termination. Software anddocumentation is delivered Ex Works California,U.S.A. or Dublin, Ireland respectively (ICC INCOTERMS2000). This Agreement may only be modified by aLicense Module that accompanies this license or by awritten document that has been signed by both Youand Symantec. Should You have any questionsconcerning this Agreement, or if You desire to contactSymantec for any reason, please write to: (i) SymantecCustomer Service, 555 International Way, Springfield,OR 97477, U.S.A., (ii) Symantec Authorized ServiceCenter, Postbus 1029, 3600 BA Maarssen, TheNetherlands, or (iii) Symantec Customer Service, 1Julius Ave, North Ryde, NSW 2113, Australia.

ContentsTechnical supportChapter 1Before you installOrganizing network resources . 13Grouping computers into domains . 14Organizing NetWare/NDS contexts . 15Applying security policies . 18Mapping a formulated policy . 18Correlating checks with security modules . 19Addressing platform-specific vulnerabilities . 19Applying the Symantec ESM default policies . 21Implementing security operations . 22Piloting Symantec ESM at one location . 22Rolling out Symantec ESM . 26Chapter 2Installing Symantec ESM managers and agents on WindowsBefore you install . 31System requirements . 32Operating requirements . 32Policy run disk space . 33CPU utilization . 34Scalability parameters . 34Installing . 35Installing Symantec ESM on a local computer . 35Silently installing Symantec ESM on a local computer . 39Installing a Symantec ESM agent on a remote computer . 42Post-installation tasks . 44Registering a Symantec ESM agent on a local computer . 44Reregistering Symantec ESM agents to a manager . 45Changing LiveUpdate on a local computer . 47Upgrading an older version of Symantec ESM . 48Changing a Symantec ESM agent port . 51Uninstalling Symantec ESM from a local computer . 52

10 ContentsChapter 3Installing Symantec ESM managers and agents on UNIXBefore you install . 53System requirements . 54Operating requirements . 54Policy run disk space . 56CPU utilization . 56Scalability parameters . 56Installing . 57Installing Symantec ESM on a local computer . 57Using the command line options to install Symantec ESM . 61Installing Symantec ESM using Solaris PKGADD . 66Installing a Symantec ESM agent on a remote computer . 68Post-installation tasks .

symantec enterprise security manager symantec corporation and/or its subsidiaries ("symantec") is willing to license the software to you as an individual, the company, or the legal entity that will be utilizing the software (referenced below as "you" or "your") only on the condition th