TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems!
----------------------------------------------------------------------------
-----BEGIN PGP SIGNED MESSAGE-----
The daemon rewrites daemon.policy when it shuts down. So you need to
stop the issdaemon first(using "/etc/init.d/realsecure stop" on
Solaris or the services control panel on NT). Edit the daemon.policy
and then restart the daemon.
- -----Original Message-----
From: Lindley, Jim (ISSAtlanta)
Sent: Thursday, August 24, 2000 5:57 PM
To: 'Michael Wilson'; Norton.Stephen
Cc: [EMAIL PROTECTED]
Subject: RE: Changing Master Console Monitor
TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your
message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any
problems!
- ------------------------------------------------------------------------
- ----
Ok, here's how it's done.
Way 1. When you install the original console, ARCHIVE the private
keys to a
floppy and make copies of the public key files to the same floppy.
THEN
GUARD THAT FLOPPY WITH YOUR LIFE! When you have to replace a damaged
or
missing console, go ahead and install on a CPU with the SAME HOST NAME
and
SAME USER ACCOUNT and then restore the archived keys when offered the
chance
during RS COnsole Installation. When the new console authenticates
with the
keys that ARE ALREADY ON THE ENGINE, then the engine believes that the
new
console IS the old console and EVERYBODY'S HAPPY!
Way 2. OOPS! I didn't archive the keys, the host name is different,
the
user name is different, my console computer died, crashed, etc. Go to
the
NETWORK Sensor and log in locally (We did tell you that the Network
Sensor
should be PHYSICALLY secured, right? And that there should be only
ONE
active account, the RENAMED Administrator with a REALLY GOOD PASSWORD,
right?), find a file under \program files\iss\realsecure x.x called
DAEMON.POLICY. Open that file in notepad, find the line identifying
the
Master Console (hint...it'll look something like "Master Console =S
hostname_username;". CAREFULLY replace the "hostname_username" with
the NEW
Master Console's host and user name, MAKING VERY SURE TO PRESERVE
FORMATTING
AND CASE!!! Stop the RealSecure Daemon in Control Panel Services,
then
restart the daemon service, which will cause it to reread the
daemon.policy
file. Now log on to the new Master Console, monitor the sensor, and
you'll
notice that your menu line "Set Console as Master Controller" will NOT
be
checked. Click on the menu choice and it will become checked, as the
Sensor
updates the console. This way ASSUMES that you have placed a copy of
the new
Master COnsole's public authentication key in the proper location on
the
Network Sensor.
Since each sensor is responsible for remembering its master, breaking
the
connection, as Stephen suggested", WILL NOT WORK. The only ways to
change
RS Master Console are the two above AND using the original Console to
relinquish status, then the FIRST CONSOLE THAT ASKS will become the
new
master. But that's the gooey way.
James R Lindley
Anomaly Detection Xpert
X-Force Surveillance and Reconnaissance Group
Special Operations Group
Managed Security Services
Internet Security Systems Inc
Vox: 678-443-6323
Fax: 678-443-6482
An unquenchable thirst for Pierian Waters.
Internet Security Systems - The Power To Protect.
- -----Original Message-----
From: Michael Wilson [mailto:[EMAIL PROTECTED]]
Sent: Thursday, August 24, 2000 4:25 PM
To: Norton.Stephen
Cc: [EMAIL PROTECTED]
Subject: RE: Changing Master Console Monitor
TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your
message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any
problems!
- ------------------------------------------------------------------------
- ----
Stephen,
That's what I thought, and what the documentation says. However,
when we tried this, it didn't work. Very confusing; the network
sensor
insisted that it was still under the control of a non-existent
machine.
- -Mike Wilson
- -Sr. Security Specialist
- -UNIFIED Technologies
- -Troy, NY
On Thu, 24 Aug 2000, Norton.Stephen wrote:
> Stopping and restarting the network engines will also relinquish
Master
> Console status. The console is authenticated to the sensor through
a
secure
> channel. Anything that breaks that authenticated connection will
relinquish
> the MC status.
>
>
> Stephen P. Norton
> Franchise Tax Board
> [EMAIL PROTECTED]
>
>
> -----Original Message-----
> From: Michael Wilson [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, August 24, 2000 12:26 PM
> To: [EMAIL PROTECTED]
> Subject: RE: Changing Master Console Monitor
>
>
>
> TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your
message
to
> [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any
> problems!
>
- ------------------------------------------------------------------------
- ----
>
>
> More interesting to me is the question of how you fix things if,
> for example, you have a master console assigned, but then that
machine
> goes away for whatever reason, without backups. If you can't go and
> relinquish properly, then what? I imagine that this is the
situation
> under discussion - otherwise he probably would have already tried to
> release it.
> I've got a situation like this at a customer site. In this case,
> it's immaterial, since we're doing a complete reinstall of the
probes
> for other reasons anyway, but I'm curious to know how to make a
probe
> release it's master without having the master available to make the
> request.
>
> -Mike Wilson
> -Sr. Security Specialist
> -UNIFIED Technologies
> -Troy, NY
>
> On Thu, 24 Aug 2000, Norton.Stephen wrote:
>
> >
> > TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your
message
> to
> > [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with
any
> problems!
> >
>
- ------------------------------------------------------------------------
- ----
> >
> > The message indicates another console ('hostname') has obtained
Master
> > Controller status. This is granted by the sensors on a
first-come,
> > first-served basis. If you want your console to be the designated
Master
> > Controller, you will need to go to the 'hostname' console and
relinquish
> the
> > Master Controller status, then go back to your console and re-add
the
> > network engine. If you are only monitoring the engine, and not
making
any
> > configuration changes, you shouldn't need Master Controller
status.
> >
> >
> > Stephen P. Norton
> > Franchise Tax Board
> > [EMAIL PROTECTED]
>
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5
iQCVAwUBOaajjYSi4VqTDp53AQEfuQP9FHmmCQKFbakbwX7hlp0SEhWVYhAU5Wf8
ijsKYA1GTA9Pp18NG50N43BR4Y1/gaMu9jiKY9Tvu3HKqIOdp/kJUzLvxKJ5oMEu
fe7FTtfTauNc7LRG6Jwy242uz1lXVU7whg7c665VSM4/h/ymsb4NhudGN94FBT1v
DJ+Bkfy9Pxw=
=Pf6D
-----END PGP SIGNATURE-----
