Sentinel: How to configure Advisor behind a Proxy server

  • 3267490
  • 02-Nov-2006
  • 26-Apr-2012

Environment

Microsoft Windows Server 2003 Standard Edition
Microsoft Windows 2000 Server
RedHat Linux
Solaris 9

Situation

How to setup Advisor behind a Proxy server?

Resolution

Advisor configuration needs to be updated to be able to connect to the Advisor server through a proxy server for feed downloads. This could involve adding up to 4 new properties to each "container.xml” file that Advisor uses. If the proxy server does not require authentication, we just need to add the proxy server’s host and port information. If it requires authentication, we need two additional properties – username and password for the proxy server. (Currently, we only support BasicAuthentication. Supporting DigestAuthentication will require code changes)

  1. Install Advisor in "Direct Connection” mode. Since the current installer does not support connection through a proxy server, the authentication check done by the installer will fail, but continue with the installation anyway.

  1. cd to %ESEC_HOME%\sentinel\config

  1. Edit alertcontainer.xml and add the following lines to the section named"DownloadComponent”

proxy_host">proxyHost

proxy_port">proxyPort

If the proxy server requires authentication, also add the following properties after the above properties

proxy_username">proxyUser

proxy_password" />

(Replace proxyHost, proxyPort etc with the actual values)

  1. Repeat step 3 for attackcontainer.xml.

  1. If the proxy server does not require authentication, go to step 9.

  1. Download proxy_passwd_update file

  1. Copy the fileproxy_passwd_update.batto %ESEC_HOME%\sentinel\bin

  1. cd to %ESEC_HOME%\sentinel\config and run this tool to update the Advisor container files with the proxy user password.

"%ESEC_HOME%\sentinel\bin\proxy_passwd_update.bat” proxyPasswd

where proxyPasswd is the proxy password for the user

  1. Verify that alertcontainer.xml and attackcontainer.xml now contain the encrypted proxy password.

  1. Run advisor.bat to download and process Advisor data.

  1. Monitor %ESEC_HOME%\sentinel\log\Advisor_0.0.log and %ESEC_HOME%\sentinel\log\advisor.log to verify that Advisor can connect through the proxy server.