From: Mohr James (james.mohrelaxy.com)
Date: Tue Nov 18 2003 - 06:11:31 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Avi!

Thanks for all of the tips. I probably would have missed a couple. I still have one question. You said:

*reattached the sensor from the old Site protector by "unregistered
software" before killing the old machine.

So, in the Site Protector console, I go into each group and select the sensor tab. When I right-click an asset (one of our machines), there is a menu entry "Unregister Software". Is that correct? What exactly is this process ("Unregister Software") doing. I looked through some of the doc and the knowledge base, but I couldn't find any details.

Also, do I need to stop the sensor first before I unregister it? The way I understand it, if I stop the sensor, then it stops collecting data (logical). I am hoping that it works like other tools and simply queues the data if it cannot connect to the server.

The KeyAdministrator in the "iss.access" file is different on several different machines:

[\Roles\KeyAdministrator\nts-app-21.datacenter.de\];
[\Roles\KeyAdministrator\nts-app-21\];
[\Roles\KeyAdministrator\nts-app-21_administrator\];

On one machine we have all of the following three entries:

[\Roles\KeyAdministrator\10.2.28.54_administrator\];
[\Roles\KeyAdministrator\nts-app-21_administrator\];
[\Roles\KeyAdministrator\nts-app-21\];

Unless the entry is "nts-app-21" (not "nts-app-21_administrator") we get the following errors in /var/adm/messages:

Access Denied: User nts-app-21 is not in the role KeyAdministrator.

My understanding is that the form is MACHINE_ADMINUSER, so nts-app-21_administrator should be correct. However, what **seems** to be happening is that the app server is just sending the hostname without an user, so the sensor machines does not allow acces if the KeyAdministrator is set to "nts-app-21_administrator". However, if KeyAdministrator is set to just "nts-app-21", then it works.

I would love to clear this problem before the re-installation.

Thanks in advance!

Regards,

Jim Mohr

-----Ursprüngliche Nachricht-----
Von: Avi G [mailto:avi_ghotmail.com]
Gesendet: Montag, 17. November 2003 17:45
An: Mohr James
Cc: ISSForumiss.net
Betreff:

Hi Jim Mohr,

I hade the same problem before,

reinstalling SP on new machine with the same name with new database its ok
but:
you will have to install new application server as wall (you cent use your
old one).
*don't forget to export your policies before killing the old SP (even you
can find them on the sensor as "current.policy)
*same for the response files.
*reattached the sensor from the old Site protector by "unregistered
software" before killing the old machine.
*the keys will be different so you will need to export them to your sensors
manually.
*you will need to modify "iss.access " under "ISS\issDaemon" folder for the
new administration accounts.
the fast way is to reinstall the sensors.

don't try to restore the old database it will not work -
when you installing site protector (application server) its create user
named "IssApp", the password for this user created randomly and cannot be
modified.
so the password for this account in the old database is different from the
new one (ISS answer).

don't forget large disk space for Site Protector Database

Best Regards

-----Original Message-----
From: issforum-adminiss.net [mailto:issforum-adminiss.net] On Behalf Of
Mohr James
Sent: Monday, November 17, 2003 10:45 AM
To: ISSForumiss.net
Subject: AW: [ISSForum] Re-installing the SiteProtector Server

i Robert!

Thank you very much for your reply. I really appreaciate it.

The current state is that the DB is full and we can no longer work. I cannot
even purge 10 minutes worth od data! Therefore, our plan it to do a fresh
install on a completely new machine. Since the server is no longer useable,
I do not see any problem with simply stopping it in it's current state and
re-installing from scratch on a different machine (using the same name). In
that case, it would seem like the only thing missing would be the sensor
configuration and the keys. However, I am so this that a "newbie" knows more
than I do. Therefore, I would really, really appreaciate some more details
about what things to do and look out for when re-installing. Thanks!

Best Regards,

Jim Mohr

-----Ursprüngliche Nachricht-----
Von: Robert Nieuwhof [mailto:RNieuwhofnos.com]
Gesendet: Freitag, 14. November 2003 19:05
An: Mohr James
Betreff: RE: [ISSForum] Re-installing the SiteProtector Server

This is a VERY bad plan. You will be in a bad situation if this is your
plan. Registry entries must be completely hacked, on the SP Server and all
of the sensors, Keys will be all messed up too. Better off creating a
backup, or ghost of the server, downing it, and then doing a fresh install.

-----Original Message-----
From: Mohr James [mailto:james.mohrelaxy.com]
Sent: Thursday, November 13, 2003 11:36 PM
To: ISSForumiss.net
Subject: [ISSForum] Re-installing the SiteProtector Server

Hi All!

We are going to start from scratch with the Site Protector server by first
re-installing everything. The problem is that we cannot simply stop the
other server then re-install it. So we are planning to install it on a
completely new machine. Then afterwards, shut down the old server, then
rename the new server. The question is what will happen with the ISS
datenbank when we rename it???

The there is the issue of the keys. There is a KB article "How can I
preserve my encryption keys when reinstalling SiteProtector?" which
describes this issue, but it refers to Site Protector version 1. Is this
still valid?

Does anyone have some valid procedures or even tips about re-installing.

Is there anything in the documentation that describes the process of
re-installing a server. I have looked through the KB, but only found a few
references. I would really appreciate a shove in the right direction (or
even some "hand holding").

Best regards and thanks to everyone for their help so far!

Jim Mohr

ELAXY Brokerage & Trading GmbH & Co KG _________________________________
James Mohr Systembetrieb Am Hofbräuhaus 1 96450 Coburg
Germany
Fon +49 (0) 95 61.55 43.0
Fax +49 (0) 95 61.55 43.302
E-Mail: james.mohrelaxy.com
---------------------------------------
"Be more concerned with your character than with your reputation. Your
character is what you really are while your reputation is merely what others
think you are." --
John Wooden
---------------------------------------
Be sure to visit the Linux Tutorial: http://www.linux-tutorial.info

_______________________________________________
ISSForum mailing list
ISSForumiss.net

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo

"PostmasterSiteHelp.org" made the following
annotations on 11/14/2003 10:04:59 AM
------------------------------------------------------------------------------
This email, including any attached files, is confidential and is for the
sole use of the individual or entity for whom it is intended. This email
represents the originator?s personal views and opinions, which do not
necessarily reflect those of this Company. If you are not the intended
recipient of this email, be advised that you have received this email in
error. Any use, dissemination, forwarding, printing, or copying of this
email is strictly prohibited and may be subject to legal sanction. If you
have received this email in error, please immediately notify
postmastersitehelp.org .

This email and any attachments have been scanned for viruses and are
believed to be free of any virus or defect that might affect any computer
system into which it is received. However, it is the responsibility of the
recipient to ensure that it is virus free and no responsibility or liability
is accepted by this Company for loss or damage arising from its use.

==============================================================================

_______________________________________________
ISSForum mailing list
ISSForumiss.net

_________________________________________________________________
STOP MORE SPAM with the new MSN 8 and get 2 months FREE*
http://join.msn.com/?page=features/junkmail

_______________________________________________
ISSForum mailing list
ISSForumiss.net

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]