From chapter 12 of Sentinel Install Guide 5.1.1.0

Uninstalling the Software

Uninstalling Sentinel, Agent Manager and Advisor

Uninstall for Solaris

Starting the Sentinel uninstaller for Solaris

3.cd to:

$ESEC_HOME/_uninst

4.Enter:

./uninstall.bin

Uninstall for Windows

Using the Sentinel Windows Uninstaller

1.Login as an Administrator.

2.Stop the Sentinel Server.

3.Select ‘Start->Program Files->e-Security->Uninstall e-Security 5.x’

Follow the screen prompts. Select which applications to uninstall:

·Database

·Communication Server (message bus)

·Advisor

·Base Sentinel Services

·Correlation

·DAS

·Agent Service (Agent Manager)

·SentinelControl Center

·Sentinel Database Manager (SDM)

·HP OpenView Service Desk

·Remedy Integration

Uninstalling Using Control Panel

To uninstall e-Security Windows applications

1.Click Start > Programs > Settings > Control Panel > Add/Remove Programs

2.Click e-Security 5.x.

3.Follow the prompts. It will prompt you select which application to uninstall. Select which applications you wish to uninstall.

Post-Uninstall

Uninstall leaves a few files on the machine, you will have to manually delete the files after uninstalling Sentinel 5. You may have to delete the $ESEC_HOME or %ESEC_HOME% directory and all sub-directories. For Advisor, you may want to delete your attack and alert folders used for your Advisor data files.

Some files that are left behind are:

·Sentinel log files

·Wizard log files

·DAS log files

·Agent Manager log files

Sometimes after un-installation, system settings remain. Go to Appendix A for procedures on how to manually remove remaining system settings.

Appendix A– Manual Cleanup of Previous Installations

When performing a clean installation of e-Security, it is HIGHLY recommended that you perform all of the following steps to make sure there are no files or system settings remaining from a previous installation of e-Security that could cause the new clean installation to fail. Perform the following steps for every machine you are performing a clean installation on BEFORE executing the installer.

Solaris

Manual Cleanup of e-Security on Solaris

1.Login as root.

2.Make sure that all e-Security processes are not running.

3.Remove contents of /opt/esecurityXX (or wherever the e-Security software was installed)

4.Remove the following files in the /etc/rc3.d directory:

§S98sentinel

§S99wizard

5.Remove the following files in the /etc/rc0.d directory:

§K01wizard

§K02sentinel

6.Remove the following files in the /etc/init.d directory:

§sentinel

§wizard

7.Remove the following files from /usr/local/bin:

§restart_wizard.sh

§stop_wizard.sh

§start_wizard.sh

8.Clean up installshield references in /var/sadm/pkg. Remove the following files from the /var/sadm/pkg directory:

§All files that begin with IS (IS* on the command line)

§All files that begin with ES (ES* on the command line)

§All files that begin with MISCwp (MISCwp* on the command line)

9.Remove the esecadm user (and home dir) and esec group (make sure no one is logged in as the esecadm user before performing this step)

§Run: userdel -r esecadm

§Run: groupdel esec

10.Remove Installshield section of /etc/profile, /etc/.login

11.Remove the /InstallShield directory, if one exists.

12.Remove the e-Security Oracle database by following the instructions in the section "Manual Cleanup of e-Security Oracle database on Solaris”.

13.Restart the operating system.

Manual Cleanup of e-Security Oracle database on Solaris

1. As oracle user, stop Oracle Listener:
   • Run: lsnrctl stop
2. Stop e-Security database:
   • Change to the Oracle user
   • Set the ORACLE_SID environment variable to the name of your e‑Security database instance (usually ESEC).
   • Run: sqlplus '/ as sysdba'
   • At sqlplus prompt, run: shutdown immediate
3. Remove entry for e-Security database in the file /var/opt/oracle/oratab
4. Remove init.ora (usually initESEC.ora) file from the directory $ORACLE_HOME/dbs.
5. Remove entries for your e-Security database from the following files in the $ORACLE_HOME/network/admin directory:
   • tnsnames.ora
   • listener.ora
6. Delete the database data files from the location you chose to install them.

Windows

Manual Cleanup of e-Security on Windows

1. Delete the folder C:\Program Files\Common Files\InstallShield\Universal and all of its contents.
2. Delete the old e-Security installation folder (e.g.- C:\Program Files\esecurity5.0).
3. Delete the following environment variables (if they exist) by right-clicking on My Computer, selecting the Properties, clicking on the Advanced tab, then clicking on the Environment Variables button:
   • ESEC_HOME
   • ESEC_VERSION
   • ESEC_JAVA_HOME
   • ESEC_CONF_FILE
   • WORKBENCH_HOME
4. Remove any entries in the Path environment variable that point to a previous installation.

CAUTION:Be careful to only remove paths to old e-Security installations. Removing other entries in the Path can result in your system not functioning properly.

5. Delete all e-Security shortcuts from the Desktop.
6. Delete the shortcut folder Start > Programs > e-Security from the Start menu.
7. Remove the e-Security Microsoft SQL Server database by following the instructions in the section "Manual Cleanup of e-Security Microsoft SQL Server database on Windows”.
8. Restart the operating system.

Manual Cleanup of e-Security Microsoft SQL Server database on Windows

1. Open Microsoft SQL Server Enterprise Manager and connect to the SQL Server instance where you’ve installed your e-Security database.
2. Expand the Database tree and locate your e-Security database.
3. For each of the ESEC and ESEC_WF databases (or whatever name you gave your database during installation), right-click on the database and select"Delete”.
4. When prompted, select "Yes” to delete the database.