How do I install the Vigilent Security Agent for WebServer Detect/Prevent Plug-In for iPlanet? (NETIQKB32183)

  • 7732183
  • 02-Feb-2007
  • 08-Sep-2008

Resolution

goal
How do I install the VigilEnt Security Agent for WebServer Detect/Prevent Plug-In for iPlanet?

fact
VigilEnt Security Agent for WebServers 3.0

fact
VigilEnt Security Agent for WebServers 3.1.1

fact

Netscape iPlanet



fix

The installDetectiPlanet.bat script enables the Detect/Prevent component on an iPlanet system by installing the logging service used by Detect/Prevent for high-speed, optionally encrypted and non-repudiated logging, adjusting service dependencies to start the logging service before iPlanet and automates two edits to
the iPlanet configuration located in the config subdirectory of the iPlanet installation.


Enabling Detect/Prevent Functionality for iPlanet

  1. From a cmd.exe window, change to the <install_folder\IDS\bin> directory.
  2. Run the installDetectiPlanet.bat file. If the script reports that the configuration information was not entered during the initial installation, take the following corrective actions:
    1. Copy the original script to a backup - copy installDetectiPlanet.bat to installDetectiPlanet-
      save.bat
      .
    2. Open installDetectiPlanet.bat in a text editor - notepad installDetectiPlanet.bat
    3. If necessary, change the text on the line containing set INSTALL_DIRECTORY= to the install_folder directory (by default, c:\Program Files\PentaSafe\ VSAforWebServers) - set INSTALL_DIRECTORY=c:\Program Files\PentaSafe\VSAforWebServers.
    4. If necessary, change the text on the line containing set CONFIG_FILE= to the path of the iPlanet obj.conf configuration file - set CONFIG_FILE=c:\Netscape\Server4\server name\config\obj.conf where server name is the directory containing the server configuration.
    5. If necessary, change the text on the line containing set SVCNAME= to the name of the iPlanet service name (usually the value of the Server ID attribute located in the magnus.conf file) - set SVCNAME=${IPLANET_SERVER_ID}.
    6. Rerun installDetectiPlanet.bat.
  3. Restart iPlanet from the administrative server web interface.

Manual Edits fro Non-Standard obj.conf Files

For non-standard obj.conf files, the following edits may need to be made manually:

  1. Add the following lines (near the other init directives) to obj.conf:
    (for the SunOne, init directives are configured in the magnus.conf file.)
    • Init fn="load-modules" shlib="install_folder/IDS/bin/ VSAforiPlanet.dll"
      funcs="vsa_initialize,vsa_check_auth_trans,vsa_check_name
      _trans,vsa_check_path_check,vsa_check_object_type,vsa_che
      ck_add_log,vsa_check_error shlib_flags=(global|now)"
    • Init fn="vsa_initialize" rule_file="install_folder/IDS/servers/VSAforiPlanet/
      config/VSAforiPlanet.xml"
  2. Add the following lines as the first directives of the default object (right after <Object
    name=default>):
    • AuthTrans fn="vsa_check_auth_trans"
    • PathCheck fn="vsa_check_path_check"
    • AddLog fn="vsa_check_add_log"


The default install directory is c:\Program Files\PentaSafe\VSAforWebServers on the Windows platform.



note
To manually remove Detect/Prevent from the iPlanet configuration, run the removeDetectiPlanet.bat script, make the modifications described in step 2(5) - step 2(6) as necessary. Restart iPlanet as described in step 3 above.


Additional Information

Formerly known as NETIQKB32183