How do I verify how VigilEnt Security Agent for Unix is configured to start? (NETIQKB23983)

  • Document ID:7723983
  • Creation Date:02-Feb-2007
  • Modified Date:05-Nov-2007
    • Micro Focus Products:
      Secure Configuration Manager

Resolution

goal
How do I verify how VigilEnt Security Agent for Unix is configured to start?

fact
VigilEnt Security Agent for Unix 2.X

fact
VigilEnt Security Agent for Unix 3.X

fact
VigilEnt Security Agent for Unix 4.0

fact
VigilEnt Security Agent for Unix 5.0

fix

To identify how the agent is configured to start, verify the following:

inittab: Type more on /etc/inittab and look for entries such as the examples below:

uags:3:once:/etc/init.d/uagent start >/dev/null 2>&1
uvss:3:once:/etc/init.d/uvserv start >/dev/null 2>&1

If the inittab option was selected to start detectd (the default option), the following line is appended to /etc/inittab:

dtds:3:once:/etc/init.d/detectd start >/dev/null 2>&1

rclink: The installer places a symbolic link in /etc/rc3.d that points to uvserv, uagent, and detectd in the /etc/init.d directory. For example, an ls of the rc3.d directory may show the symbolic link to detectd like this:

lrwxrwxrwx 1 root other 19 Mar 28 07:52
S91detectd -> /etc/init.d/detectd

(x)inetd: If 'use inetd' was selected (or xinetd in newer versions of Linux) in SNAIC (or while running the install.sh script), the installer modifies /etc/(x)inetd.conf file to start the services on demand. This is the default start method for uagent and uvserv; however, the (x)inetd option does not exist for detectd (the detect daemon needs to run at all times in order to be able to parse system events and compare them to the rule set).

The modifications to /etc/(x)inetd.conf look like the following:

uagent stream tcp nowait root\

  • /usr/vsau31/pentasafe//bin/uagentd uagentd
  • uvserv stream tcp nowait root\
  • /usr/vsau31/pentasafe//vsau/bin/uvservd uvservd

    • Where is the operating system type?

    In Linux, the /etc/xinetd.conf file will also have a line that points to the directory where the scripts that start uagent and uvserv reside.

    It should look similar to the following line:

    includedir /etc/pentasafe

    In this scenario, the persistent (x)inetd process that runs on the server initiates either uvserv or uagent when VigilEnt Security Manager or the VigilEnt Security Agent for Unix Interface send requests for reports or actions, then exits the agent when the reports or actions are finished.



    Additional Information

    Formerly known as NETIQKB23983