What is the directory structure for VigilEnt Security Agent for VPN-1/FireWall-1 and what is contain (NETIQKB30614)

  • Document ID:7730614
  • Creation Date:02-Feb-2007
  • Modified Date:07-Jul-2008
    • Micro Focus Products:
      Secure Configuration Manager

Resolution

goal
What is the directory structure for VigilEnt Security Agent for VPN-1/FireWall-1 ?

fact
VigilEnt Security Agent for VPN-1/Firewall ? 1.0 Foreign Kit

fact
VigilEnt Security Agent for VPN-1/Firewall ? 1.0 Domestic Kit

fact
VigilEnt Security Agent for VPN-1/Firewall ? 1 1.1

fact
VigilEnt Security Agent for VPN-1/Firewall ? 1 1.1.1

fix

This section references all the files you need to be familiar with to use VigilEnt Security Agent for VPN-1/FireWall-1 (VSAF). There are other files, but most are only used for internal agent functionality. You may need to modify the files listed here to suit your needs. Files are laid-out in a directory structure as follows:

VSAF\bin Files

  • 'FILTER*' files
    These files are used for VigilEnt Security Manager audit reports, as filters to data passed-on by the OPSEC. Each file contains a filter command that will be added to the final compound command, when that filter is applied. In some cases, the filters may represent whole commands and may not be used in a compound way.
  • key (auto-generated during install)
    This file contains the License Key.
  • opsec_putkey(.exe)
    This executable is used to exchange authentication and encryption keys between Check Point management station and the agent, in cases when key exchange is used to facilitate OPSEC communication.
  • opsec_pull_cert(.exe)
    This executable is used to retrieve the P12 certificate from Check Point management station, in cases when certificates are used to facilitate OPSEC communication.
  • lc(.exe)
    This executable is used as a piped command filter to perform line counts.
  • pegrep(.exe)
    This executable is used as a piped command filter to perform pattern matching on specified Check Point OPSEC fields.
  • pesum(.exe)
    This executable is used as a piped command filter to perform data summarization by specified Check Point OPSEC fields.
  • psAudit(.exe)
    This executable is used to obtain Check Point Database objects (LDAP data) using OPSEC OMI API.
  • psDetect(.exe)
    This executable is used to obtain Check Point log data using OPSEC LEA API.
  • psSecure(.exe)
    This executable is used to add traffic block and alerts using OPSEC SAM API.
  • RUN.bat (Win32) / RUN.sh (Unix)
    This is a test/debug script that will run the agent in console mode. NOTE: When in console mode, the agent runs with the permissions of the user that ran it.
  • VSAF-I.bat
    This script will install and start the VSAF service in case the original installation failed. It is used in conjunction with the next script.
  • VSAF-U.bat
    This script will stop and remove the VSAF service. This is used in conjunction with the previous script.
  • log4j.properties
    Logging configuration file. See the section below on property files to find out more about this file.
  • vigilent.allow
    This file is used in backward-compatibility communications (with pre-series-4 components/consoles). Allows rudimentary access control by the IP of the console connecting to the agent.
  • (directory) lib
    Contains various binary files used to run the agent's various components and modules.

 

VSAF\conf Files

  • 'fw1*.conf' files
    These files are used as configuration files for OPSEC when obtaining individual VigilEnt Security Manager audit reports from the agent. Each file contains OPSEC LDAP entries and the associated display values.
  • opsec-lea.conf
    This file is used as OPSEC configuration file for OPSEC LEA (log retrieval) communications ('psDetect').
  • opsec-sam.conf
    This file is used as OPSEC configuration file for OPSEC SAM (traffic blocker) communications ('psSecure').
  • opsec-cpmi.conf
    This file is used as OPSEC configuration file for OPSEC CPMI (object and policy ccess) communications. This file is not used at.
    this time.
  • psDetect.conf
    This file is used to configure the translation between OPSEC field names and VSAF display titles in VigilEnt Security Manager reports.
  • psDetectL.conf
    Same as above, but used by VigilEnt Log Analyzer (VLA ) components to retrieve timestamps in UTC time format.
  • smtp.conf
    This is an e-mail alert configuration file used by some of the VigilEnt Security Manager reports. Entries are as follows: mail server, sender, recipient, content type ('Summary' or 'Full Content').
  • LogFileDirectory.txt
    This file contains the full path to Check Point's 'fw.logtrack' file (used by the agent's VLA component). Not used when integrating with Check Point Version NG and higher.
  • system.properties
    This file contains various system properties used by the agent's VLA (less) components.

VSAF\docs Files

  • User Guide.pdf
    VSA for VPN-1/FireWall-1 User Guide
  •  Installation Guide.pdf
    VSA for VPN-1/FireWall-1 Installation Guide
.


Additional Information

Formerly known as NETIQKB30614