TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems!
----------------------------------------------------------------------------
Ok, here's how it's done.
Way 1. When you install the original console, ARCHIVE the private keys to a
floppy and make copies of the public key files to the same floppy. THEN
GUARD THAT FLOPPY WITH YOUR LIFE! When you have to replace a damaged or
missing console, go ahead and install on a CPU with the SAME HOST NAME and
SAME USER ACCOUNT and then restore the archived keys when offered the chance
during RS COnsole Installation. When the new console authenticates with the
keys that ARE ALREADY ON THE ENGINE, then the engine believes that the new
console IS the old console and EVERYBODY'S HAPPY!
Way 2. OOPS! I didn't archive the keys, the host name is different, the
user name is different, my console computer died, crashed, etc. Go to the
NETWORK Sensor and log in locally (We did tell you that the Network Sensor
should be PHYSICALLY secured, right? And that there should be only ONE
active account, the RENAMED Administrator with a REALLY GOOD PASSWORD,
right?), find a file under \program files\iss\realsecure x.x called
DAEMON.POLICY. Open that file in notepad, find the line identifying the
Master Console (hint...it'll look something like "Master Console =S
hostname_username;". CAREFULLY replace the "hostname_username" with the NEW
Master Console's host and user name, MAKING VERY SURE TO PRESERVE FORMATTING
AND CASE!!! Stop the RealSecure Daemon in Control Panel Services, then
restart the daemon service, which will cause it to reread the daemon.policy
file. Now log on to the new Master Console, monitor the sensor, and you'll
notice that your menu line "Set Console as Master Controller" will NOT be
checked. Click on the menu choice and it will become checked, as the Sensor
updates the console. This way ASSUMES that you have placed a copy of the new
Master COnsole's public authentication key in the proper location on the
Network Sensor.
Since each sensor is responsible for remembering its master, breaking the
connection, as Stephen suggested", WILL NOT WORK. The only ways to change
RS Master Console are the two above AND using the original Console to
relinquish status, then the FIRST CONSOLE THAT ASKS will become the new
master. But that's the gooey way.
James R Lindley
Anomaly Detection Xpert
X-Force Surveillance and Reconnaissance Group
Special Operations Group
Managed Security Services
Internet Security Systems Inc
Vox: 678-443-6323
Fax: 678-443-6482
An unquenchable thirst for Pierian Waters.
Internet Security Systems - The Power To Protect.
-----Original Message-----
From: Michael Wilson [mailto:[EMAIL PROTECTED]]
Sent: Thursday, August 24, 2000 4:25 PM
To: Norton.Stephen
Cc: [EMAIL PROTECTED]
Subject: RE: Changing Master Console Monitor
TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any
problems!
----------------------------------------------------------------------------
Stephen,
That's what I thought, and what the documentation says. However,
when we tried this, it didn't work. Very confusing; the network sensor
insisted that it was still under the control of a non-existent machine.
-Mike Wilson
-Sr. Security Specialist
-UNIFIED Technologies
-Troy, NY
On Thu, 24 Aug 2000, Norton.Stephen wrote:
> Stopping and restarting the network engines will also relinquish Master
> Console status. The console is authenticated to the sensor through a
secure
> channel. Anything that breaks that authenticated connection will
relinquish
> the MC status.
>
>
> Stephen P. Norton
> Franchise Tax Board
> [EMAIL PROTECTED]
>
>
> -----Original Message-----
> From: Michael Wilson [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, August 24, 2000 12:26 PM
> To: [EMAIL PROTECTED]
> Subject: RE: Changing Master Console Monitor
>
>
>
> TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message
to
> [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any
> problems!
>
----------------------------------------------------------------------------
>
>
> More interesting to me is the question of how you fix things if,
> for example, you have a master console assigned, but then that machine
> goes away for whatever reason, without backups. If you can't go and
> relinquish properly, then what? I imagine that this is the situation
> under discussion - otherwise he probably would have already tried to
> release it.
> I've got a situation like this at a customer site. In this case,
> it's immaterial, since we're doing a complete reinstall of the probes
> for other reasons anyway, but I'm curious to know how to make a probe
> release it's master without having the master available to make the
> request.
>
> -Mike Wilson
> -Sr. Security Specialist
> -UNIFIED Technologies
> -Troy, NY
>
> On Thu, 24 Aug 2000, Norton.Stephen wrote:
>
> >
> > TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message
> to
> > [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any
> problems!
> >
>
----------------------------------------------------------------------------
> >
> > The message indicates another console ('hostname') has obtained Master
> > Controller status. This is granted by the sensors on a first-come,
> > first-served basis. If you want your console to be the designated
Master
> > Controller, you will need to go to the 'hostname' console and relinquish
> the
> > Master Controller status, then go back to your console and re-add the
> > network engine. If you are only monitoring the engine, and not making
any
> > configuration changes, you shouldn't need Master Controller status.
> >
> >
> > Stephen P. Norton
> > Franchise Tax Board
> > [EMAIL PROTECTED]
>
