scm51 install
TRANSCRIPT
5/11/2018 Scm51 Install - slidepdf.com
http://slidepdf.com/reader/full/scm51-install 1/90
Tivoli ® Security Compliance Manager
Installation Guide: All Components
Version 5.1
GC32-1
5/11/2018 Scm51 Install - slidepdf.com
http://slidepdf.com/reader/full/scm51-install 3/90
Tivoli ® Security Compliance Manager
Installation Guide: All Components
Version 5.1
GC32-1
5/11/2018 Scm51 Install - slidepdf.com
http://slidepdf.com/reader/full/scm51-install 4/90
NoteBefore using this information and the product it supports, read the information in “Notices,” on page 71.
First Edition (May 2004)
This edition applies to version 5, release 1, modification 0 of IBM Tivoli Security Compliance Manager (productnumber 5724-F82) and to all subsequent releases and modifications until otherwise indicated in new editions.
© Copyright International Business Machines Corporation 2003, 2004. All rights reserved.US Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contractwith IBM Corp.
5/11/2018 Scm51 Install - slidepdf.com
http://slidepdf.com/reader/full/scm51-install 6/90
Logging during installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67Frequently asked questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
Invalid DB2 user ID and password given during install . . . . . . . . . . . . . . . . . . . 68Entered wrong DB2 password during server start . . . . . . . . . . . . . . . . . . . . . 68Deselected create database now box by mistake . . . . . . . . . . . . . . . . . . . . . . 68Forgot Tivoli Security Compliance Manager administrator password . . . . . . . . . . . . . . . 68Forgot Tivoli Security Compliance Manager administrator ID. . . . . . . . . . . . . . . . . . 69Forgot to reset UMASK before installation on UNIX-based or Linux platforms . . . . . . . . . . . . 69Used double-byte characters for my administrator user ID and/or password . . . . . . . . . . . . 69Forgot to select stash password during install and server will not start . . . . . . . . . . . . . . 69Selected stash password during install and server will not start . . . . . . . . . . . . . . . . . 70
Appendix. Notices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71Trademarks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
iv Tivoli Security Compliance Manager: Installation Guide: All Components
5/11/2018 Scm51 Install - slidepdf.com
http://slidepdf.com/reader/full/scm51-install 7/90
Preface
The IBM® Tivoli® Security Compliance Manager Installation Guide: All Components book explains how to install and configure the IBM Tivoli Security Compliance
Manager software.
Tivoli Security Compliance Manager is a data collection service that gathers andstores a wide variety of information from multiple participating systems.Information types can include any data on a system, such as operating systemversions, software patch levels, and security-related data. System and securityadministrators can use the Tivoli Security Compliance Manager service to monitorspecific data checkpoints on any given machine (or group of machines).
Who should read this book
The target audience for this installation guide includes:
vSecurity administrators
v System administrators
Readers should be familiar with:
v TCP/IP
v DB2 Relational databases
v Security management, including authentication and authorization
What this book contains
This document contains the following chapters:
v Chapter 1, “Installation overview,” on page 1 describes the prerequisites forTivoli Security Compliance Manager.
v Chapter 2, “Installing the Tivoli Security Compliance Manager server,” on page 7describes how to install the server.
v Chapter 3, “Installing the Tivoli Security Compliance Manager client,” on page25 describes how to install the client.
v Chapter 4, “Installing the Tivoli Security Compliance Manager administrationutilities,” on page 37 describes how to install the administration utilities, whichinclude the administration console and the administration command lineinterface.
v Chapter 5, “Using the Tivoli Security Compliance Manager database utilities,” onpage 45 describes how to use the database utilities to configure the Tivoli
Security Compliance Manager DB2 database. This step is automaticallyperformed during a server install.
v Chapter 6, “Uninstalling Tivoli Security Compliance Manager,” on page 55describes how to remove any of the Tivoli Security Compliance Manager systemcomponents.
v Chapter 7, “After the installation has completed,” on page 63 describes what todo immediately after you have completed the installation.
v Chapter 8, “Alternate installation methods,” on page 65 describes how to installin silent mode using a response file to provide input or in console mode.
© Copyright IBM Corp. 2003, 2004 v
5/11/2018 Scm51 Install - slidepdf.com
http://slidepdf.com/reader/full/scm51-install 8/90
v Chapter 9, “Troubleshooting,” on page 67 describes solutions for problems thatyou might encounter during the installation of Tivoli Security ComplianceManager.
Publications
Read the descriptions of the IBM Tivoli Security Compliance Manager library, the
prerequisite publications, and the related publications to determine whichpublications you might find helpful. After you determine the publications youneed, refer to the instructions for accessing publications online.
IBM Tivoli Security Compliance Manager libraryThe publications in the IBM Tivoli Security Compliance Manager library are:
v IBM Tivoli Security Compliance Manager Installation Guide: All Components(GC32-1592-00)
Explains how to install and configure Tivoli Security Compliance Managersoftware.
v IBM Tivoli Security Compliance Manager Installation Guide: Client Component
(GC32-1593-00)Explains how to install and configure the Tivoli Security Compliance Managerclient component software.
v IBM Tivoli Security Compliance Manager Administration Guide (SC32-1594-00)
Explains how to manage and configure Tivoli Security Compliance Managerservices using the administration console.
v IBM Tivoli Security Compliance Manager Collector Development Guide (SC32-1595-00)
Explains how to design and implement custom Tivoli Security ComplianceManager collectors.
v IBM Tivoli Security Compliance Manager Warehouse Enablement Pack, Version 1.1Implementation Guide for Tivoli Data Warehouse, Version 1.2 (SC32-1596-00)
Explains how to integrate Tivoli Security Compliance Manager with Tivoli®
DataWarehouse.
v IBM Tivoli Security Compliance Manager Release Notes (GI11-4695-00)
Provides late-breaking information, such as software limitations, workarounds,and documentation updates.
Related publicationsThis section lists publications related to the Tivoli Security Compliance Managerlibrary.
The Tivoli Software Library provides a variety of Tivoli publications such as whitepapers, datasheets, demonstrations, redbooks, and announcement letters. The Tivoli
Software Library is available on the Web at:http://www.ibm.com/software/tivoli/library/
The Tivoli Software Glossary includes definitions for many of the technical termsrelated to Tivoli software. The Tivoli Software Glossary is available, in English only,from the Glossary link on the left side of the Tivoli Software Library Web pagehttp://www.ibm.com/software/tivoli/library/
IBM DB2 Universal Database™
IBM® DB2® Universal Database is required when using Tivoli Security ComplianceManager. Additional information about DB2 can be found at:
vi Tivoli Security Compliance Manager: Installation Guide: All Components
5/11/2018 Scm51 Install - slidepdf.com
http://slidepdf.com/reader/full/scm51-install 9/90
http://www.ibm.com/software/data/db2/
Accessing publications onlineThe publications for this product are available online in Portable Document Format(PDF) or Hypertext Markup Language (HTML) format, or both in the Tivolisoftware library: http://www.ibm.com/software/tivoli/library
To locate product publications in the library, click the Product manuals link on theleft side of the library page. Then, locate and click the name of the product on theTivoli software information center page.
Product publications include release notes, installation guides, user’s guides,administrator’s guides, and developer’s references.
Note: To ensure proper printing of PDF publications, select the Fit to page check box in the Adobe Acrobat Print window (which is available when you clickFile → Print).
Accessibility
Accessibility features help a user who has a physical disability, such as restrictedmobility or limited vision, to use software products successfully. You can useassistive technologies to hear and navigate the product documentation. You alsocan use the keyboard instead of the mouse to operate some features of thegraphical user interface.
Tivoli technical training
For Tivoli technical training information, refer to the IBM Tivoli Education Website: http://www.ibm.com/software/tivoli/education.
Contacting software supportBefore contacting IBM Tivoli Software Support with a problem, refer to the IBMTivoli Software Support site by clicking the Tivoli support link at the followingWeb site: http://www.ibm.com/software/support/
If you need additional help, contact software support by using the methodsdescribed in the IBM Software Support Guide at the following Web site:http://techsupport.services.ibm.com/guides/handbook.html
The guide provides the following information:
v Registration and eligibility requirements for receiving support
v Telephone numbers, depending on the country in which you are located
v A list of information you should gather before contacting customer support
Conventions used in this book
This reference uses several conventions for special terms and actions and foroperating system-dependent commands and paths.
Typeface conventionsThe following typeface conventions are used in this reference:
Preface vii
5/11/2018 Scm51 Install - slidepdf.com
http://slidepdf.com/reader/full/scm51-install 10/90
Bold Lowercase commands or mixed case commands that are difficult todistinguish from surrounding text, keywords, parameters, options,names of Java classes, and objects are in bold.
Italic Variables, titles of publications, and special words or phrases thatare emphasized are in italic.
Monospace Code examples, command lines, screen output, file and directory
names that are difficult to distinguish from surrounding text,system messages, text that the user must type, and values forarguments or command options are in monospace.
Operating system differencesThis book uses the UNIX convention for specifying environment variables and fordirectory notation. When using the Windows command line, replace $variable with%variable% for environment variables and replace each forward slash (/) with a
backslash (\) in directory paths. If you are using the bash shell on a Windowssystem, you can use the UNIX conventions.
viii Tivoli Security Compliance Manager: Installation Guide: All Components
5/11/2018 Scm51 Install - slidepdf.com
http://slidepdf.com/reader/full/scm51-install 11/90
Chapter 1. Installation overview
This chapter lists the supported operating systems, prerequisites, and disk andmemory requirements for IBM Tivoli Security Compliance Manager. It also
suggests important things you should consider before you begin the productinstallation.
Supported operating systems
The following tables list the supported operating systems for the Tivoli SecurityCompliance Manager server, client, collectors, and administration utilities.
Note: Unless otherwise noted, for Linux systems only Intel, IA32 is supported.
Table 1. Server
Operating system Level Patch/maintenance level
AIX®
5.1 No fix pack requiredAIX 5.2 No fix pack required
Windows® 2000 Server Latest fix pack level
Sun Solaris 2.8 Latest fix pack level
Sun Solaris 2.9 Latest fix pack level
SUSE Linux EnterpriseServer
8 Latest fix pack level
Table 2. Clients, collectors, and proxy relay
Operating system Level Patch/maintenance level
AIX 5.1 Latest cumulative patchesAIX 5.2 Latest cumulative patches
HP-UX 11.0 Latest cumulative patches
HP-UX 11i Latest cumulative patches
Red Hat Linux 6.2 Latest cumulative patches
Red Hat Linux 7.0 Latest cumulative patches
Red Hat Linux 7.1 Latest cumulative patches
Red Hat Linux 7.2 Latest cumulative patches
Red Hat Linux 7.3 Latest cumulative patches
Red Hat Linux 8.0 Latest cumulative patches
Red Hat Linux 9.0 Latest cumulative patches
Sun Solaris 2.6 Latest cumulative patches
Sun Solaris 2.7 Latest cumulative patches
Sun Solaris 2.8 Latest cumulative patches
Sun Solaris 2.9 Latest cumulative patches
Windows NT® 4.0 Server Latest service pack andsecurity roll up package
© Copyright IBM Corp. 2003, 2004 1
5/11/2018 Scm51 Install - slidepdf.com
http://slidepdf.com/reader/full/scm51-install 12/90
Table 2. Clients, collectors, and proxy relay (continued)
Operating system Level Patch/maintenance level
Windows NT 4.0 Workstation Latest service pack andsecurity roll up package
Windows 2000 Server Latest service pack andsecurity roll up package
Windows 2000 Advanced Server Latest service pack andsecurity roll up package
Windows 2000 Professional Latest service pack andsecurity roll up package
Windows XP Professional Latest service pack andsecurity roll up package
Windows 2003 Server Standard Edition andEnterprise Edition
Latest service pack andsecurity roll up package
Red Hat Enterprise Linux 2.1 Latest cumulative patches
Red Hat Enterprise LinuxAdvanced Server
3.0 (see note below) Latest cumulative patches
Red Hat Enterprise Linux forzSeries
3.0 Latest cumulative patches
Red Hat Enterprise Linux foriSeries or pSeries
3.0 Latest cumulative patches
Red Hat Enterprise Linux forzSeries
7.2 Latest cumulative patches
Red Hat Enterprise LinuxAdvanced Server
2.1 Latest cumulative patches
SUSE LINUX 7.0 Latest cumulative patches
SUSE LINUX EnterpriseServer
8 Latest cumulative patches
SUSE LINUX EnterpriseServer for zSeries
8 Latest cumulative patches
SUSE LINUX EnterpriseServer for iSeries or pSeries
8 Latest cumulative patches
Note: The Red Hat Enterprise Linux Advanced Server 3.0 platform can only beinstalled using the console mode in Japanese. Please see “Console modeinstallation” on page 66 for more information on how to perform a consolemode install.
Table 3. Administration console
Operating system Level Patch/maintenance level
Windows 2000 Professional Latest service pack andsecurity roll up package
Windows XP Professional Latest service pack andsecurity roll up package
Table 4. Administration command line interface
Operating system Level Patch/maintenance level
AIX 5.1 Latest cumulative patches
2 Tivoli Security Compliance Manager: Installation Guide: All Components
5/11/2018 Scm51 Install - slidepdf.com
http://slidepdf.com/reader/full/scm51-install 13/90
Table 4. Administration command line interface (continued)
Operating system Level Patch/maintenance level
AIX 5.2 Latest cumulative patches
Windows 2000 Professional Latest service pack andsecurity roll up package
Windows 2000 Server Latest service pack andsecurity roll up package
Windows 2000 Advanced Server Latest service pack andsecurity roll up package
Windows XP Professional Latest service pack andsecurity roll up package
Sun Solaris 2.8 Latest cumulative patches
Sun Solaris 2.9 Latest cumulative patches
HP-UX 11 Latest cumulative patches
HP-UX 11i Latest cumulative patches
SUSE LINUX Enterprise
Server
8 Latest cumulative patches
Red Hat Linux 9 Latest cumulative patches
Red Hat Enterprise LinuxAdvanced Server
3.0 Latest cumulative patches
Red Hat Enterprise Linux foriSeries or pSeries
3.0 Latest cumulative patches
SUSE LINUX EnterpriseServer for iSeries or pSeries
8 Latest cumulative patches
Software prerequisites
All UNIX-based and Linux systems must have full X Windows (X11) support inplace for the installation to run correctly, regardless of whether or not the systemcontains a graphics card. See the installation media for the system’s operatingsystem to install X Windows (X11).
The following table lists the software prerequisites for the server.
Table 5. Server software prerequisites
Operating system Requirements
AIX 5.1 DB2 7.2 or 8.1
AIX 5.2 DB2 7.2 or 8.1
Windows 2000 Server DB2 7.2 or 8.1
Sun Solaris 2.8 DB2 7.2 or 8.1
Sun Solaris 2.9 DB2 7.2 or 8.1
SUSE LINUX Enterprise Server 8 for IA32 DB2 7.2 or 8.1
The Tivoli Security Compliance Manager 5.1 product package includes DB2 8.1.
The following table lists the software prerequisites for the HP-UX client andcommand line interface.
Chapter 1. Installation overview 3
5/11/2018 Scm51 Install - slidepdf.com
http://slidepdf.com/reader/full/scm51-install 14/90
Table 6. Client, collectors, and proxy relay software prerequisites
Operating system Requirements
HP-UX 11.0, 11i Java Runtime Environment (JRE) 1.3.1
Processor and memory requirements for server
The following table lists the processor and memory requirements for the server.
Table 7. Server processor and memory requirements
Type of Tivoli SecurityCompliance ManagerDeployment
Processor Memory Requirements
Small (1–500 clients) 1 512 MB RAM
Medium (501–2500 clients) 2 512 MB RAM
Large (2501–10,000 clients) 2–4 2–4 GB RAM
You need 5 MB of disk space to install the server package.
Disk and memory requirements for client and collectors
The following table lists the disk and memory requirements for the Tivoli SecurityCompliance Manager client and collectors.
Table 8. Disk and memory requirements for Tivoli Security Compliance Manager client
Client Platform Disk Requirementsfor InstallationDirectory
Disk Requirementsfor TemporaryDirectory
MemoryRequirements
AIX 64 MB 45 MB 75 MB RAM
HP-UX 64 MB 6 MB 75 MB RAM
Linux 64 MB 46 MB 75 MB RAM
Solaris 64 MB 65 MB 75 MB RAM
Windows 64 MB 44 MB 75 MB RAM
Note: The HP-UX platform values in the table are much smaller than the otherplatform values because the Java Runtime Environment is not packagedwith the HP-UX client.
Disk and memory requirements for proxy relay
The following table lists the disk and memory requirements for the Tivoli SecurityCompliance Manager client with the proxy relay collector.
Table 9. Disk and memory requirements for Tivoli Security Compliance Manager proxy relay
Client Platform Disk Requirementsfor InstallationDirectory
Disk Requirementsfor TemporaryDirectory
MemoryRequirements
AIX 64 MB 45 MB 256 MB RAMminimum, 512 MBRAM recommended
4 Tivoli Security Compliance Manager: Installation Guide: All Components
5/11/2018 Scm51 Install - slidepdf.com
http://slidepdf.com/reader/full/scm51-install 15/90
Table 9. Disk and memory requirements for Tivoli Security Compliance Manager proxy
relay (continued)
Client Platform Disk Requirementsfor InstallationDirectory
Disk Requirementsfor TemporaryDirectory
MemoryRequirements
HP-UX 64 MB 6 MB 256 MB RAMminimum, 512 MBRAM recommended
Linux 64 MB 46 MB 256 MB RAMminimum, 512 MBRAM recommended
Solaris 64 MB 65 MB 256 MB RAMminimum, 512 MBRAM recommended
Windows 64 MB 44 MB 256 MB RAMminimum, 512 MBRAM recommended
Note: The HP-UX platform values in the table are much smaller than the otherplatform values because the Java Runtime Environment is not packagedwith the HP-UX client.
Disk and memory requirements for administration utilities
The following table lists the disk and memory requirements for the administrationconsole.
Table 10. Disk and memory requirements for Tivoli Security Compliance Manager
administration console
AdministrationConsole Platform
Disk Requirementsfor Installation
Directory
Disk Requirementsfor Temporary
Directory
MemoryRequirements
Windows 64 MB 42 MB 128 MB RAMminimum, 256 MBRAM recommended
The following table lists the disk and memory requirements for the command lineinterface.
Table 11. Disk and memory requirements for Tivoli Security Compliance Manager command
line interface
Command LineInterface Platform
Disk Requirementsfor Installation
Directory
Disk Requirementsfor Temporary
Directory
MemoryRequirements
AIX 64 MB 45 MB 256 MB RAMminimum, 512 MBRAM recommended
HP-UX 64 MB 6 MB 256 MB RAMminimum, 512 MBRAM recommended
Linux 64 MB 46 MB 256 MB RAMminimum, 512 MBRAM recommended
Chapter 1. Installation overview 5
5/11/2018 Scm51 Install - slidepdf.com
http://slidepdf.com/reader/full/scm51-install 16/90
Table 11. Disk and memory requirements for Tivoli Security Compliance Manager command
line interface (continued)
Command LineInterface Platform
Disk Requirementsfor InstallationDirectory
Disk Requirementsfor TemporaryDirectory
MemoryRequirements
Solaris 64 MB 65 MB 256 MB RAMminimum, 512 MBRAM recommended
Windows 64 MB 44 MB 256 MB RAMminimum, 512 MBRAM recommended
Note: The HP-UX platform values in the table are much smaller than the otherplatform values because the Java Runtime Environment is not packagedwith the HP-UX client.
CD Layout
The Tivoli Security Compliance Manager 5.1 CD contains the following files anddirectories:
v /policies/Network_AIX.pol
v /policies/System_AIX.pol
v /policies/Network_Windows.pol
v /policies/System_Windows.pol
v scm_aix
v scm_hp11
v scm_linux
v scm_linux390
v scm_linuxppc
v scm_solaris
v scm_win32.exe
v scminstall.jar
The scm_aix, scm_hp11, scm_linux, scm_linux390, scm_linuxppc, scm_solaris,scm_win32.exe and scminstall.jar are the InstallShield executables and .jar fileneeded to install Tivoli Security Compliance Manager.
6 Tivoli Security Compliance Manager: Installation Guide: All Components
5/11/2018 Scm51 Install - slidepdf.com
http://slidepdf.com/reader/full/scm51-install 17/90
Chapter 2. Installing the Tivoli Security Compliance Managerserver
You can install the Tivoli Security Compliance Manager server on the platformslisted in “Supported operating systems” on page 1. The installation program is anInstallShield MultiPlatform package. When you install the server, theadministration utilities and database configuration utility are automaticallyincluded. The administration utilities includes the administration console, theadministration command line interface, and the proxy relay collector.Administration and usage information for the proxy relay, including configuration,can be found in the IBM Tivoli Security Compliance Manager Administration Guide.
Note: Do not attempt to run the administration console on unsupported platforms.Doing so may have unintended consequences on your Tivoli SecurityCompliance Manager installation.
Before you beginBefore you install the server:
v If you are reinstalling the server, stop the server before you attempt to reinstallit. See “Using the InstallShield MultiPlatform package to uninstall” on page 55for more information.
v The default installation directories are /opt/IBM/SCM directory on UNIX-basedplatforms and Linux platforms, and in the C:\Program Files\IBM\SCM directoryon Windows.
v For UNIX-based platforms and Linux platforms, the installation directory shouldnot be on the root file system. If the /opt directory is located in the root filesystem, consider one of the following options:
– Create a separate file system for /opt (the optimum solution).
– Create a separate file system for /opt/IBM or /opt/IBM/SCM
– Create a symbolic link from /opt to /usr/opt
– Create a symbolic link from /opt/IBM or /opt/IBM/SCM to some other filesystem (perhaps /usr/opt/IBM or /usr/opt/IBM/SCM).
The /opt directory is often a part of the root file system. Causing the root filesystem to fill up might impact other applications, including the operating systemitself. Changing the mount point does not remove the possibility of filling up afile system, but it does reduce the impact to other applications that are runningon the system. It localizes a file system problem to Tivoli Security ComplianceManager.
v
DB2 must be installed prior to installing Tivoli Security Compliance Managerserver. Consider making a separate file system for the DB2 database that is to beused by the server. This might be necessary if the server encounters DB2 errorsindicating that there is not enough space to store Tivoli Security ComplianceManager data. Creating a separate file system does not remove the possibility offilling up a file system but it does reduce the impact to other applications thatare using DB2 and using the file system that DB2 uses by default. If the filesystem has an error, it will be easier to isolate the problem to Tivoli SecurityCompliance Manager.
– A DB2 8.1 database may either be on the server machine, or on a remotemachine. In order to use a DB2 8.1 database on a remote machine, you will
© Copyright IBM Corp. 2003, 2004 7
5/11/2018 Scm51 Install - slidepdf.com
http://slidepdf.com/reader/full/scm51-install 18/90
need to place a copy of the db2java.zip and the db2jcc.jar files onto yourIBM Tivoli Security Compliance Manager server machine. These files must belocated in the same directory on the IBM Tivoli Security Compliance Managerserver. You will need to provide the fully-qualified directory path to thedb2java.zip file during install.
– A DB2 7.2 database may either be on the server machine, or on a remotemachine. In order to use a DB2 7.2 database on a remote machine, you willneed to place a copy of the db2java.zip file onto your IBM Tivoli SecurityCompliance Manager server machine. You will need to provide thefully-qualified directory path to the db2java.zip file during install.
v You need to know the DB2 instance ID and password.
v For UNIX-based and Linux systems, you must be logged on as the user ID root.
v For installations on UNIX-based or Linux platforms, set the umask to 022 for theTivoli Security Compliance Manager files to be installed with the correctpermissions for operations. If the umask is set to another value, the install willcomplete but the product will not run.
v For more information on alternative installation methods, including silent andconsole mode installations, see Chapter 8, “Alternate installation methods,” on
page 65.Additional server installation requirements are listed on the Welcome panel of theinstallation program.
Using the InstallShield MultiPlatform package to install
Tivoli Security Compliance Manager uses the InstallShield MultiPlatform (ISMP)tool for installation. Through the use of ISMP, a Java-based installation tool, acommon look and feel for installation is provided regardless of your operatingsystem. Configuration questions are provided by the installation, and a simpleconfiguration is performed during installation to get you up and running quickly.
When you use ISMP to install the Tivoli Security Compliance Manager server, youwill follow these steps regardless of your operating system:
1. Run the installation executable. The list of the platform-specific installationexecutables is located in Chapter 1, “Installation overview,” on page 1. Astartup window for the Java Virtual Machine, JVM, is displayed while the
JVM is loaded.
2. The Language Selection window is displayed. Select a language for theinstallation. Click OK.
Figure 1. Language Selection
8 Tivoli Security Compliance Manager: Installation Guide: All Components
5/11/2018 Scm51 Install - slidepdf.com
http://slidepdf.com/reader/full/scm51-install 19/90
3. The installation Welcome window is displayed. This window lists all therequired information for each Tivoli Security Compliance Managercomponent; use the scroll bar to display the required information for thecomponent you will be installing. Click Next.
4. The software license agreement is displayed. Accept the agreement and clickNext to continue.
Figure 2. Installation Welcome window
Chapter 2. Installing the Tivoli Security Compliance Manager server 9
5/11/2018 Scm51 Install - slidepdf.com
http://slidepdf.com/reader/full/scm51-install 20/90
5. The Installation Directory Location window is displayed. The Tivoli SecurityCompliance Manager server code is installed in the /opt/IBM/SCM directory onUNIX–based platforms and Linux platforms, and in the C:\ProgramFiles\IBM\SCM directory on Windows. Enter a different installation location inthis window if you do not want to use the default directory. Click Next.
Note: If you have already installed another Tivoli Security Compliance
Manager component, or are reinstalling the server, the InstallationDirectory Location window will not be displayed. The installationprogram will automatically install the server to the same location as thepreviously installed components.
Figure 3. Installation Directory Location window
10 Tivoli Security Compliance Manager: Installation Guide: All Components
5/11/2018 Scm51 Install - slidepdf.com
http://slidepdf.com/reader/full/scm51-install 21/90
6. The System Component Selection window is displayed. After the systemcomponent selection window opens, you will be able to continue yourinstallation based on the system component you have selected. Select IBMTivoli Security Compliance Manager Server and click Next.
Note: The IBM Tivoli Security Compliance Manager Database Configurationutility is automatically included with the server installation. After the
server installation has completed, a separate database configuration stepis not required.
Figure 4. System Component Selection window — Server
Chapter 2. Installing the Tivoli Security Compliance Manager server 11
5/11/2018 Scm51 Install - slidepdf.com
http://slidepdf.com/reader/full/scm51-install 22/90
7. The Server E-mail Configuration window is displayed. Enter the SMTP e-mailserver host name that will be used by Tivoli Security Compliance Manager tosend e-mail notifications, and the e-mail address to send the notifications to.The e-mail address will be used as the From: field in the e-mail notificationsent by the Tivoli Security Compliance Manager server. Click Next tocontinue.
Figure 5. Server E-mail Configuration window
12 Tivoli Security Compliance Manager: Installation Guide: All Components
5/11/2018 Scm51 Install - slidepdf.com
http://slidepdf.com/reader/full/scm51-install 23/90
8. The Server Communication Configuration window is displayed. Enter theserver and client connection ports, and click Next. The server connection portdisplayed on this window is the port used for communications with theadministration console and with the administration command line interface.
Figure 6. Server Communication Configuration window
Chapter 2. Installing the Tivoli Security Compliance Manager server 13
5/11/2018 Scm51 Install - slidepdf.com
http://slidepdf.com/reader/full/scm51-install 24/90
9. The Server Security Configuration window is displayed.
a. Enter the fully qualified host name of the server machine for the systemname for the certificate, and the password to be used for the masterkeystore and a separate password to be used for the server keystore. Thesepasswords must be at least six characters in length.
b. Select the check box to stash the server keystore password and enable the
server to start automatically after installation has completed; if you do notselect the box you will have to manually start the server and then enterthe server keystore password.
Additionally on Windows systems, if you choose not to store the serverkeystore password, the server service will not be installed as a Windowsserver. As a result, the server will not start automatically when theWindows machine is started. Instead, you will need to use the jacservercommand to start the server, and then you will be prompted for the serverkeystore password before launching the server.
Click Next to continue the installation.
Note: The master keystore password is used to generate the keystore.
Figure 7. Server Security Configuration window
14 Tivoli Security Compliance Manager: Installation Guide: All Components
5/11/2018 Scm51 Install - slidepdf.com
http://slidepdf.com/reader/full/scm51-install 25/90
10. The Database Location window is displayed.
v To use a database on the server machine, select The database is on thelocal machine, click Next, and continue onto the next step.
v To use a database on a remote machine, select The database is remote,click Next, and continue onto Step 13 on page 19
Figure 8. Database Location window
Chapter 2. Installing the Tivoli Security Compliance Manager server 15
5/11/2018 Scm51 Install - slidepdf.com
http://slidepdf.com/reader/full/scm51-install 26/90
11. The Database Configuration window is displayed. A slightly different windowis displayed on Windows platforms as opposed to UNIX-based or Linuxplatforms.
v For Windows platforms, enter the following information:
– The DB2 user ID and password.
– The location of the .jar or .zip file that contains the DB2 JDBC driver.
Click the Browse button to navigate to the location of the .jar or .zipfile, or enter the location manually. The typical location for this file is:C:\Program Files\IBM\SQLLIB\java\db2java.zip
– The name of the DB2 JDBC driver. A default DB2 JDBC driver name isdisplayed.
– The URL to use for database connectivity. Leave the default for a localdatabase, and see your DB2 administrator for a remote database. Seeyour DB2 documentation for more information on how to configure
JDBC for DB2.
– Click Next to continue the installation and continue onto Step 12 on page18.
Figure 9. Database Configuration window — Windows Platform
16 Tivoli Security Compliance Manager: Installation Guide: All Components
5/11/2018 Scm51 Install - slidepdf.com
http://slidepdf.com/reader/full/scm51-install 27/90
v For UNIX-based and Linux platforms, enter the following information:
– The DB2 user ID and password.
– The location to create the DB2 database. If this field is left blank, theinstallation will use the default location of the database instance IDhome. If a location is specified in this field, that location will be used asthe location of the database.
– Select the check box to create the DB2 database as part of the serverinstallation. See the note in the next step for more details on the functionof the check box.
– Click Next to continue the installation and continue onto Step 15 on page22.
Figure 10. Database Configuration window — UNIX-based Platforms
Chapter 2. Installing the Tivoli Security Compliance Manager server 17
5/11/2018 Scm51 Install - slidepdf.com
http://slidepdf.com/reader/full/scm51-install 28/90
12. A second Database Configuration window is displayed for Windowsplatforms. Select the check box to create the DB2 database as part of the serverinstallation. If you choose to not create the database as part of the serverinstallation, then the installation program will bypass the creation of thedatabase. Click Next to continue the installation and continue onto Step 15 onpage 22.
Note:
The check box option allows you to customize your databaseconfiguration by not installing the database with the defaultconfiguration. The default database used by IBM Tivoli SecurityCompliance Manager is called JAC. The table definitions are includedin the file INSTDIR/sql/jac.sql. The commands to create the databaseand the local node alias, SCM, are included as comments in the jac.sqlfile. You can either create the database JAC and the SCM local node aliasusing DB2 commands prior to using jac.sql, or uncomment thestatements in jac.sql.
There are two other files in the INSTDIR/sql/ directory that are usedduring database configuration: groups_and_roles.sql and admin.sql.The file groups_and_roles.sql contains the default administrationgroup and role definitions. The file admin.sql contains the commandsused to create the administrator user ID.
Figure 11. Second Database Configuration window — Windows Platform
18 Tivoli Security Compliance Manager: Installation Guide: All Components
5/11/2018 Scm51 Install - slidepdf.com
http://slidepdf.com/reader/full/scm51-install 29/90
The db2 –tvf <filename> command can be used to execute thecommands contained in the .sql files. When creating a customdatabase configuration, you should create the database tables using thejac.sql file before using the other two .sql files.
The IBM Tivoli Security Compliance Manager Server connects to the JAC database or the SCM alias using the configuration parameters
specified during installation. The database configuration options areincluded in the INSTDIR/server/server.ini file. The configurationoptions contained in the server.ini file must be valid for any databasecustomization.
13. For installations that will use a remote database, the Database Configurationwindow is displayed. Enter the following information:
Note: Although the information requested is the same, the order in which theinformation is requested differs between Windows platforms andUNIX-based or Linux platforms. The windows that follow show theorder for Windows platforms.
v The DB2 user ID and password.
v The location of the .jar or .zip file that contains the DB2 JDBC driver.Click the Browse button to navigate to the location of the .jar or .zip file,or enter the location manually. The typical location for this file is:
– Windows: C:\Program Files\IBM\SQLLIB\java\db2java.zip
– UNIX-based or Linux platforms:/home/db2instl/sqllib/java/db2java.zip
v The name of the DB2 JDBC driver. A default DB2 JDBC driver name isdisplayed.
v The URL to use for database connectivity. Leave the default for a localdatabase, and see your DB2 administrator for a remote database. See yourDB2 documentation for more information on how to configure JDBC forDB2.
v Click Next to continue the installation.
Chapter 2. Installing the Tivoli Security Compliance Manager server 19
5/11/2018 Scm51 Install - slidepdf.com
http://slidepdf.com/reader/full/scm51-install 30/90
Figure 12. Database Configuration window
20 Tivoli Security Compliance Manager: Installation Guide: All Components
5/11/2018 Scm51 Install - slidepdf.com
http://slidepdf.com/reader/full/scm51-install 31/90
14. A Confirm Remote Database Exists window is displayed. This windowprompts you to check that the remote database exists and has been enabled touse the JDBC interface specified on the Database Configuration windows.Click Next to continue the installation and continue onto Step 16 on page 23.
Figure 13. Confirm Remote Database Exists window
Chapter 2. Installing the Tivoli Security Compliance Manager server 21
5/11/2018 Scm51 Install - slidepdf.com
http://slidepdf.com/reader/full/scm51-install 32/90
15. The Administrator User ID Configuration window is displayed. Enter theTivoli Security Compliance Manager system administrator user ID andpassword, and click Next. The user ID and password entered on this windowwill be used as the primary administrator for the administration console orthe command line interface. The passwords must be at least six characters inlength.
Note: All administrator user IDs and passwords must contain only single-bytecharacters for the installation to complete successfully. Once the
installation is complete, you may use the administration console tochange the administrator user ID and password to contain double-bytecharacters.
Figure 14. Administrator User ID Configuration window
22 Tivoli Security Compliance Manager: Installation Guide: All Components
5/11/2018 Scm51 Install - slidepdf.com
http://slidepdf.com/reader/full/scm51-install 33/90
16. The Installation Summary window is displayed. This window displays theinstallation location, the system components to be installed, and theinstallation size. Click Next to begin the installation process.
Figure 15. Installation Summary window
Chapter 2. Installing the Tivoli Security Compliance Manager server 23
5/11/2018 Scm51 Install - slidepdf.com
http://slidepdf.com/reader/full/scm51-install 34/90
17. An installation progress indicator will be displayed in place of the summarywindow. After the installation has completed, a results window is displayed.Click Finish to exit the installation.
18. After installation is complete, make sure to back up your server keys andkeystores. See the chapter on managing server keys and keystores in the IBMTivoli Security Compliance Manager Administration Guide for instructions onusing the administration console to create a back-up of the server keys andkeystores. In addition, refer to Chapter 7, “After the installation has
completed,” on page 63 for further post-installation recommendations.
Figure 16. Installation Results window
24 Tivoli Security Compliance Manager: Installation Guide: All Components
5/11/2018 Scm51 Install - slidepdf.com
http://slidepdf.com/reader/full/scm51-install 35/90
Chapter 3. Installing the Tivoli Security Compliance Managerclient
This chapter describes how to install the Tivoli Security Compliance Managerclient.
Before you begin
Before you install the client:
v If you are reinstalling the client, stop it before you attempt to reinstall it. See“Using the InstallShield MultiPlatform package to uninstall” on page 55 formore information.
v You will need the host name and port number of the Tivoli Security ComplianceManager server that the client will connect to.
v If you will install the client on a HP-UX system that is using Japanese as its
language, use the console mode installation or enter export LANG=C in yourcommand window prior to using the ISMP install. For more information on theconsole mode installation, see Chapter 8, “Alternate installation methods,” onpage 65.
v If you will install the client on a Linux for zSeries system or on a Linux for 390system, these systems do not come with a CD-ROM drive. You must load theCD on a workstation that has a CD-ROM and NFS mount it to the Linuxsystem, or FTP the scm_linux390 and scminstall.jar files to the Linux system.
v If you will install the client on a Linux for zSeries system, you must connect tothe Linux for zSeries installation file with a system that supports an X server, oruse the console mode when installing. See “Console mode installation” on page66 for more information on using the console mode install.
v
The Red Hat Enterprise Linux Advanced Server 3.0 platform can only beinstalled using the console mode in Japanese. Please see “Console modeinstallation” on page 66 for more information on how to perform a consolemode install.
v For installations on UNIX-based or Linux platforms, set the umask to 022 for theTivoli Security Compliance Manager files to be installed with the correctpermissions for operations. If the umask is set to another value, the install willcomplete but the product will not run.
v For more information on alternative installation methods, including silent andconsole mode installations, see Chapter 8, “Alternate installation methods,” onpage 65.
Additional client installation requirements are listed on the Welcome window ofthe installation program.
Using the InstallShield MultiPlatform Package to Install
Tivoli Security Compliance Manager uses the InstallShield MultiPlatform (ISMP)tool for installation on all supported client platforms. See Chapter 1, “Installationoverview,” on page 1 for a complete list of supported client platforms.
Through the use of ISMP, a Java-based installation tool, a common look and feelfor installation is provided regardless of your operating system. Configuration
© Copyright IBM Corp. 2003, 2004 25
5/11/2018 Scm51 Install - slidepdf.com
http://slidepdf.com/reader/full/scm51-install 36/90
questions are provided by the installation, and a simple configuration is performedduring installation to get you up and running quickly.
In addition to the regular product installation package, a stand-alone ISMP clientinstallation package is provided. This client-only installation is very similar to theregular product installation, but contains fewer screens. Differences between theregular and client-only installation packages are indicated throughout the
installation procedure.
When you use ISMP to install the Tivoli Security Compliance Manager client, youwill follow these steps regardless of your operating system:
1. Run the installation executable. The list of the platform-specific installationexecutables is located in Chapter 1, “Installation overview,” on page 1. Astartup window for the Java Virtual Machine, JVM, is displayed while the
JVM is loaded.
2. The Language Selection window is displayed. Select a language for theinstallation. Click OK.
Figure 17. Language Selection
26 Tivoli Security Compliance Manager: Installation Guide: All Components
5/11/2018 Scm51 Install - slidepdf.com
http://slidepdf.com/reader/full/scm51-install 37/90
3. The installation Welcome window is displayed. This window lists all therequired information for each Tivoli Security Compliance Managercomponent; use the scroll bar to display the required information for thecomponent you will be installing. Click Next.
Note: This window is not displayed in the client-only installation.
4. The software license agreement is displayed. Accept the agreement and clickNext to continue.
Figure 18. Installation Welcome window
Chapter 3. Installing the Tivoli Security Compliance Manager client 27
5/11/2018 Scm51 Install - slidepdf.com
http://slidepdf.com/reader/full/scm51-install 38/90
5. The Installation Directory Location window is displayed. The Tivoli SecurityCompliance Manager client code is installed in the /opt/IBM/SCM directory onUNIX-based platforms and the Linux platforms, and in the C:\ProgramFiles\IBM\SCM directory on Windows. Enter a different installation location inthis window if you do not want to use the default directory. Click Next.
Note: If you have already installed another Tivoli Security Compliance
Manager component, or are reinstalling the client, the InstallationDirectory Location window will not be displayed. The installationprogram will automatically install the client to the same location as thepreviously installed components.
Figure 19. Installation Directory Location window
28 Tivoli Security Compliance Manager: Installation Guide: All Components
5/11/2018 Scm51 Install - slidepdf.com
http://slidepdf.com/reader/full/scm51-install 39/90
6. The System Component Selection window is displayed. After the systemcomponent selection window opens, you will be able to continue yourinstallation based on the system component you have selected. Select IBMTivoli Security Compliance Manager Client and click Next.
Note: This window is not displayed in the client-only installation.
Figure 20. System Component Selection window — Client
Chapter 3. Installing the Tivoli Security Compliance Manager client 29
5/11/2018 Scm51 Install - slidepdf.com
http://slidepdf.com/reader/full/scm51-install 40/90
7. For client installations on the HP-UX platform, the Java Runtime Locationwindow is displayed. Enter the directory that contains the 1.3.1 JVM, and clickNext.
Figure 21. HP-UX Java Runtime Location window
30 Tivoli Security Compliance Manager: Installation Guide: All Components
5/11/2018 Scm51 Install - slidepdf.com
http://slidepdf.com/reader/full/scm51-install 41/90
8. The Client Communication Mode Configuration window is displayed. Enterthe client connection port, and the client communications mode. There are twocommunication modes:
Push A client that permits communication with the server to be initiated byeither the client or the server.
Pull A client that permits communication with the server to be initiated by
only the server.Defining a client as a push client permits communication with the server to beestablished by either the client or the server. In some network environments,however, inbound connections to the server might not be permitted. In thesecases, defining the client as a pull client forces the server to initiate allcommunications with the client. Pull clients are generally needed when theserver is located behind a firewall.
To install a push client, select Push and click Next. To install a pull client,select Pull, click Next, and proceed to Step 11 on page 34.
Figure 22. Client Communication Mode Configuration window
Chapter 3. Installing the Tivoli Security Compliance Manager client 31
5/11/2018 Scm51 Install - slidepdf.com
http://slidepdf.com/reader/full/scm51-install 42/90
9. The Server Communication Configuration window is displayed. Enter theTivoli Security Compliance manager server host name and connection port forserver and client communications.
Select the check box if the client has a dynamic IP address, or if the IP addressor host name of the client changes frequently. Clear the check box if the clienthas a static IP address.
Click Next to continue the installation.
Figure 23. Server Communication Configuration window
32 Tivoli Security Compliance Manager: Installation Guide: All Components
5/11/2018 Scm51 Install - slidepdf.com
http://slidepdf.com/reader/full/scm51-install 43/90
10. For DHCP clients, the Client DHCP Configuration window is displayed. Youcan enter an optional DHCP client alias, or the system will use a default aliasof the client host name. Click Next to continue the installation.
Figure 24. Client DHCP Configuration window
Chapter 3. Installing the Tivoli Security Compliance Manager client 33
5/11/2018 Scm51 Install - slidepdf.com
http://slidepdf.com/reader/full/scm51-install 44/90
11. The Installation Summary window is displayed. This window displays theinstallation location, the system components to be installed, and theinstallation size. Click Next to begin the installation process.
Figure 25. Installation Summary window
34 Tivoli Security Compliance Manager: Installation Guide: All Components
5/11/2018 Scm51 Install - slidepdf.com
http://slidepdf.com/reader/full/scm51-install 45/90
12. An installation progress indicator will be displayed in place of the summarywindow. After the installation has completed, a results window is displayed.Click Finish to exit the installation.
Figure 26. Installation Results window
Chapter 3. Installing the Tivoli Security Compliance Manager client 35
5/11/2018 Scm51 Install - slidepdf.com
http://slidepdf.com/reader/full/scm51-install 46/90
36 Tivoli Security Compliance Manager: Installation Guide: All Components
5/11/2018 Scm51 Install - slidepdf.com
http://slidepdf.com/reader/full/scm51-install 47/90
Chapter 4. Installing the Tivoli Security Compliance Manageradministration utilities
This chapter provides instructions on how to install the Tivoli Security ComplianceManager administration utilities, which includes the administration console, theadministration command line interface, and the proxy relay collector.Administration and usage information for the proxy relay, including configuration,can be found in the IBM Tivoli Security Compliance Manager Administration Guide.
Before you begin
If you are reinstalling the administration utilities, first stop any administrationapplication you are using before you attempt to reinstall. See “Using theInstallShield MultiPlatform package to uninstall” on page 55 for more information.
For installations on UNIX-based or Linux platforms, set the umask to 022 for the
Tivoli Security Compliance Manager files to be installed with the correctpermissions for operations. If the umask is set to another value, the install willcomplete but the product will not run.
For more information on alternative installation methods, including silent andconsole mode installations, see Chapter 8, “Alternate installation methods,” onpage 65.
Additional administration utilities installation requirements are listed on theWelcome window of the installation program.
Using the InstallShield MultiPlatform Package to Install
Tivoli Security Compliance Manager uses the InstallShield MultiPlatform (ISMP)tool for installation on all supported administration console and administrationcommand line interface platforms. See Chapter 1, “Installation overview,” on page1 for a complete list of supported administration console and administrationcommand line interface platforms. The administration console is only supported onWindows platforms, and will not be installed on non-Windows platforms duringan administration utilities installation.
Through the use of ISMP, a Java-based installation tool, a common look and feelfor installation is provided regardless of your operating system. Configurationquestions are provided by the installation, and a simple configuration is performedduring installation to get you up and running quickly.
When you use ISMP to install the Tivoli Security Compliance Manageradministration utilities, you will follow these steps regardless of your operatingsystem:
1. Run the installation executable. The list of the platform specific installationexecutable are located in Chapter 1, “Installation overview,” on page 1. Astartup window for the Java Virtual Machine, JVM, is displayed while the JVMis loaded.
2. The Language Selection window is displayed. Select a language for theinstallation. Click OK.
© Copyright IBM Corp. 2003, 2004 37
5/11/2018 Scm51 Install - slidepdf.com
http://slidepdf.com/reader/full/scm51-install 48/90
3. The installation Welcome window is displayed. This window lists all therequired information for each Tivoli Security Compliance Manager component;use the scroll bar to display the required information for the component youwill be installing. Click Next.
Figure 27. Language Selection
Figure 28. Installation Welcome window
38 Tivoli Security Compliance Manager: Installation Guide: All Components
5/11/2018 Scm51 Install - slidepdf.com
http://slidepdf.com/reader/full/scm51-install 49/90
4. The software license agreement is displayed. Accept the agreement and clickNext to continue.
5. The Installation Directory Location window is displayed. The Tivoli SecurityCompliance Manager administration utilities code is installed in the/opt/IBM/SCM directory on UNIX-based platforms and the Linux platforms, andin the C:\Program Files\IBM\SCM directory on Windows. Enter a differentinstallation location in this window if you do not want to use the defaultdirectory. Click Next.
Note: If you have already installed another Tivoli Security ComplianceManager component, or are reinstalling the administration console or thecommand line interface, the Installation Directory Location window willnot be displayed. The installation program will automatically install theadministration console or administration command line interface to thesame location as the previously installed components.
Figure 29. Installation Directory Location window
Chapter 4. Installing the Tivoli Security Compliance Manager administration utilities 39
5/11/2018 Scm51 Install - slidepdf.com
http://slidepdf.com/reader/full/scm51-install 50/90
6. The System Component Selection window is displayed. After the systemcomponent selection window opens, you will be able to continue yourinstallation based on the system component you have selected. Select IBMTivoli Security Compliance Manager Administration Utilities and click Next.
Figure 30. System Component Selection window – Administration Utilities
40 Tivoli Security Compliance Manager: Installation Guide: All Components
5/11/2018 Scm51 Install - slidepdf.com
http://slidepdf.com/reader/full/scm51-install 51/90
7. For administration utilities installations on the HP-UX platform, the JavaRuntime Location window is displayed. Enter the directory that contains the1.3.1 JVM, and click Next.
Figure 31. HP-UX Java Runtime Location window
Chapter 4. Installing the Tivoli Security Compliance Manager administration utilities 41
5/11/2018 Scm51 Install - slidepdf.com
http://slidepdf.com/reader/full/scm51-install 52/90
8. The Installation Summary window is displayed. This window displays theinstallation location, the system components to be installed, and the installationsize. Click Next to begin the installation process.
Figure 32. Installation Summary Window
42 Tivoli Security Compliance Manager: Installation Guide: All Components
5/11/2018 Scm51 Install - slidepdf.com
http://slidepdf.com/reader/full/scm51-install 53/90
9. An installation progress indicator will be displayed in place of the summarywindow. After the installation has completed, a results window is displayed.Click Finish to exit the installation.
Figure 33. Installation Results window
Chapter 4. Installing the Tivoli Security Compliance Manager administration utilities 43
5/11/2018 Scm51 Install - slidepdf.com
http://slidepdf.com/reader/full/scm51-install 54/90
44 Tivoli Security Compliance Manager: Installation Guide: All Components
5/11/2018 Scm51 Install - slidepdf.com
http://slidepdf.com/reader/full/scm51-install 55/90
Chapter 5. Using the Tivoli Security Compliance Managerdatabase utilities
This chapter describes how to use the Tivoli Security Compliance Managerdatabase utilities to configure the Tivoli Security Compliance Manager DB2database. The database utility is provided to configure DB2 databases that wereinstalled after the Tivoli Security Compliance Manager server was installed.
Before you begin
Before you use the database utilities:
v DB2 must be installed prior to installing Tivoli Security Compliance Manager.Consider making a separate file system for the DB2 database that is to be used
by the server. A separate file might be necessary if the server encounters DB2errors indicating that there is not enough space to store Tivoli SecurityCompliance Manager data. Creation of a separate file does not remove the
possibility of filling up a file system but it does reduce the impact to otherapplications that are using DB2 and using the file system that DB2 uses bydefault. If the file system has an error, it will be easier to isolate the problem toTivoli Security Compliance Manager.
v A DB2 8.1 database may either be on the server machine, or on a remotemachine. In order to use a DB2 8.1 database on a remote machine, you will needto place a copy of the db2java.zip and the db2jcc.jar files onto your IBM TivoliSecurity Compliance Manager server machine. These files must be located in thesame directory on the server, and you will need to provide the fully-qualifieddirectory path to the db2java.zip file during install.
v A DB2 7.2 database may either be on the server machine, or on a remotemachine. In order to use a DB2 7.2 database on a remote machine, you will need
to place a copy of the db2java.zip file onto your IBM Tivoli SecurityCompliance Manager server machine. You will need to provide thefully-qualified directory path to the db2java.zip file during install.
v You need to know the DB2 instance ID and password
v For UNIX-based and Linux systems, you must be logged on as the user ID root.
v For installations on UNIX-based or Linux platforms, set the umask to 022 for theTivoli Security Compliance Manager files to be installed with the correctpermissions for operations. If the umask is set to another value, the install willcomplete but the product will not run.
v For more information on alternative installation methods, including silent andconsole mode installations, see Chapter 8, “Alternate installation methods,” onpage 65.
Additional database utilities requirements are listed on the Welcome window ofthe installation program.
© Copyright IBM Corp. 2003, 2004 45
5/11/2018 Scm51 Install - slidepdf.com
http://slidepdf.com/reader/full/scm51-install 56/90
Using the InstallShield MultiPlatform package to run the database
utilities
Tivoli Security Compliance Manager uses the InstallShield MultiPlatform (ISMP)tool to run the database utilities. Through the use of ISMP, a Java-based installationtool, a common look and feel for installation is provided regardless of your
operating system. Configuration questions are provided by the installation, and asimple configuration is performed during installation to get you up and runningquickly.
When you use ISMP to run the Tivoli Security Compliance Manager databaseutilities, you will follow these steps regardless of your operating system:
1. Run the installation executable. The list of the platform-specific installationexecutables is located in Chapter 1, “Installation overview,” on page 1. Astartup window for the Java Virtual Machine, JVM, is displayed while the
JVM is loaded.
2. The Language Selection window is displayed. Select a language for theinstallation. Click OK.
Figure 34. Language Selection
46 Tivoli Security Compliance Manager: Installation Guide: All Components
5/11/2018 Scm51 Install - slidepdf.com
http://slidepdf.com/reader/full/scm51-install 57/90
3. The installation Welcome window is displayed. This window lists all therequired information for each Tivoli Security Compliance Managercomponent; use the scroll bar to display the required information for thecomponent you will be installing. Click Next.
4. The software license agreement is displayed. Accept the agreement and clickNext to continue.
Figure 35. Installation Welcome window
Chapter 5. Using the Tivoli Security Compliance Manager database utilities 47
5/11/2018 Scm51 Install - slidepdf.com
http://slidepdf.com/reader/full/scm51-install 58/90
5. The Installation Directory Location window is displayed. The Tivoli SecurityCompliance Manager server code is installed in the /opt/IBM/SCM directory onUNIX-based and Linux platforms, and in the C:\Program Files\IBM\SCMdirectory on Windows. Enter a different installation location in this window ifyou do not want to use the default directory. Click Next.
Note: If you have already installed another Tivoli Security Compliance
Manager component, the Installation Directory Location window willnot be displayed. The installation program will automatically install thedatabase configuration utilities to the same location as the previouslyinstalled components.
Figure 36. Installation Directory Location window
48 Tivoli Security Compliance Manager: Installation Guide: All Components
5/11/2018 Scm51 Install - slidepdf.com
http://slidepdf.com/reader/full/scm51-install 59/90
6. The System Component Selection window is displayed. After the systemcomponent selection window opens, you will be able to continue yourinstallation based on the system component you have selected. Select IBMTivoli Security Compliance Manager Database Configuration and click Next.
Figure 37. System Component Selection window – Database Configuration
Chapter 5. Using the Tivoli Security Compliance Manager database utilities 49
5/11/2018 Scm51 Install - slidepdf.com
http://slidepdf.com/reader/full/scm51-install 60/90
7. The Database Configuration window is displayed. Enter the followinginformation:
v The DB2 user ID and password.
v The location of the .jar or .zip file that contains the DB2 JDBC driver.Click the Browse button to navigate to the location of the .jar or .zip file,or enter the location manually. The default location for this file is:
– Windows: C:\Program Files\IBM\SQLLIB\java\db2java.zip– UNIX–based platforms: /home/db2inst1/sqllib/java/db2java.zip
v The name of the DB2 JDBC driver. A default DB2 JDBC driver name isdisplayed.
v The URL to use for database connectivity. Leave the default for a localdatabase, and see your DB2 administrator for a remote database. See yourDB2 documentation for more information on how to configure JDBC forDB2.
Click Next to continue the installation.
Figure 38. Database Configuration window
50 Tivoli Security Compliance Manager: Installation Guide: All Components
5/11/2018 Scm51 Install - slidepdf.com
http://slidepdf.com/reader/full/scm51-install 61/90
8. A second Database Configuration window is displayed. Select the check boxto create the DB2 database.
This option allows you to customize your database configuration by notinstalling the database with the default configuration. The default databaseused by IBM Tivoli Security Compliance Manager is called JAC. The tabledefinitions are included in the file INSTDIR/sql/jac.sql. The commands tocreate the database and the local node alias, SCM, are included as comments inthe jac.sql file. You can either create the database JAC and the SCM local nodealias using DB2 commands prior to using jac.sql, or uncomment thestatements in jac.sql.
There are two other files in the INSTDIR/sql/ directory that are used duringdatabase configuration: groups_and_roles.sql and admin.sql. The filegroups_and_roles.sql contains the default administration group and roledefinitions. The file admin.sql contains the commands used to create theadministrator user ID.
The db2 –tvf <filename> command can be used to execute the commandscontained in the .sql files. When creating a custom database configuration,you should create the database tables using the jac.sql file before using theother two .sql files.
The IBM Tivoli Security Compliance Manager Server connects to the JACdatabase or the SCM alias using the configuration parameters specified duringinstallation. The database configuration options are included in theINSTDIR/server/server.ini file. The configuration options contained in theserver.ini file must be valid for any database customization.
Figure 39. Second Database Configuration window
Chapter 5. Using the Tivoli Security Compliance Manager database utilities 51
5/11/2018 Scm51 Install - slidepdf.com
http://slidepdf.com/reader/full/scm51-install 62/90
9. The Administrator User ID Configuration window is displayed. Enter theTivoli Security Compliance Manager system administrator user ID andpassword, and click Next. The password must be at least six characters inlength.
Note: All administrator user IDs and passwords must contain only single-bytecharacters for the installation to complete successfully. Once the
installation is complete, you may use the Administration Console tochange the administrator user ID and password to contain double-bytecharacters.
Figure 40. Administrator User ID Configuration window
52 Tivoli Security Compliance Manager: Installation Guide: All Components
5/11/2018 Scm51 Install - slidepdf.com
http://slidepdf.com/reader/full/scm51-install 63/90
10. The Installation Summary window is displayed. This window displays theinstallation location, the system components to be installed, and theinstallation size. Click Next to begin the installation process.
Figure 41. Installation Summary window
Chapter 5. Using the Tivoli Security Compliance Manager database utilities 53
5/11/2018 Scm51 Install - slidepdf.com
http://slidepdf.com/reader/full/scm51-install 64/90
11. An installation progress indicator will be displayed in place of the summarywindow. After the installation has completed, a results window is displayed.Click Finish to exit the installation.
Figure 42. Installation Results window
54 Tivoli Security Compliance Manager: Installation Guide: All Components
5/11/2018 Scm51 Install - slidepdf.com
http://slidepdf.com/reader/full/scm51-install 65/90
Chapter 6. Uninstalling Tivoli Security Compliance Manager
This chapter describes how to uninstall the system components of Tivoli SecurityCompliance Manager.
Before you begin
If you intend to uninstall your Tivoli Security Compliance Manager server andthen reinstall it and have your existing clients communicate without needing to bereinstalled, you must keep the keystore files currently being used for client-servercommunication. See the chapter on managing server keys and keystores in the IBMTivoli Security Compliance Manager Administration Guide for instructions on using theadministration console to create a backup copy of the server keys and keystores.
Using the InstallShield MultiPlatform package to uninstall
Tivoli Security Compliance Manager uses the InstallShield MultiPlatform (ISMP)tool for uninstallation on all system component supported platforms. SeeChapter 1, “Installation overview,” on page 1 for a complete list of systemcomponent supported platforms.
Through the use of ISMP, a Java-based installation tool, a common look and feelfor uninstallation is provided regardless of your operating system.
To uninstall any Tivoli Security Compliance Manager system component, use thefollowing steps:
1. Navigate to the uninstallation directory and run the uninstallation executable.The path to the platform specific uninstallation executables follows:
v UNIX-based platforms and Linux platforms: /opt/IBM/SCM/_uninst
v Windows platforms: C:\Program Files\IBM\SCM\_uninst
A startup window for the Java Virtual Machine, JVM, is displayed while the JVM is loaded.
2. The Language Selection window is displayed. Select a language for theinstallation. Click OK.
Figure 43. Language Selection
© Copyright IBM Corp. 2003, 2004 55
5/11/2018 Scm51 Install - slidepdf.com
http://slidepdf.com/reader/full/scm51-install 66/90
3. The Uninstallation Welcome window is displayed. Click Next.
Figure 44. Uninstallation Welcome window
56 Tivoli Security Compliance Manager: Installation Guide: All Components
5/11/2018 Scm51 Install - slidepdf.com
http://slidepdf.com/reader/full/scm51-install 67/90
4. The Uninstallation Selection window is displayed. All installed Tivoli SecurityCompliance Manager system components are listed, and preselected, in thiswindow. Select the Tivoli Security Compliance Manager system components touninstall and click Next.
Note: This window is not displayed in the client-only installation.
5. If you select to uninstall the server, the Confirm Keystore Deletion window isdisplayed.
If you intend to reinstall the server and have your existing clients communicatewithout needing to be reinstalled, you must keep the keystore files currently
being used for client-server communication. See the chapter on managingserver keys and keystores in the IBM Tivoli Security Compliance Manager Administration Guide for instructions on using the administration console tocreate a backup of the server keys and keystores.
Select the check box to delete the client server communication keystore file ifyou have a back-up copy or you do not intend to reinstall the server. Deselectthe check box to leave the two files, server.jksand master.jks, in theINSTDIR/server/keystores directory and uninstall the server. Click Next tocontinue.
Figure 45. Uninstallation Selection window
Chapter 6. Uninstalling Tivoli Security Compliance Manager 57
5/11/2018 Scm51 Install - slidepdf.com
http://slidepdf.com/reader/full/scm51-install 68/90
6. The Uninstallation Summary window is displayed. This window displays thedirectory location that the system components will be uninstalled from and thesystem components to be uninstalled. Click Next to begin the uninstallationprocess.
Figure 46. Uninstallation Summary window
58 Tivoli Security Compliance Manager: Installation Guide: All Components
5/11/2018 Scm51 Install - slidepdf.com
http://slidepdf.com/reader/full/scm51-install 69/90
7. A progress indicator will be displayed in place of the summary window. Afterthe uninstallation has completed, a results window is displayed. Click Next.
Figure 47. Uninstallation Results window
Chapter 6. Uninstalling Tivoli Security Compliance Manager 59
5/11/2018 Scm51 Install - slidepdf.com
http://slidepdf.com/reader/full/scm51-install 70/90
8. The uninstall wizard might require you to restart your computer to completethe uninstallation process. Click Finish to exit the uninstallation program.
Note: The uninstallation process on HP-UX systems will display a Next optionon the final uninstallation panel instead of a Finish option. Selecting theNext option will complete the uninstall.
Console mode Uninstallation
In addition to running the launcher executable, there are other methods of startingthe uninstallation that also might be useful. This section describes the way to startthe uninstallation program using a Java command with the –console option.Command examples are shown as if you have first used a cd (change directory)command to change to the /opt/IBM/SCM/_uninst directory on UNIX–based andLinux platforms, or to the C:\Program Files\IBM\SCM\_uninst directory onWindows.
To bypass the launcher executable and run the uninstallation in the non-graphicalmode, run the Java command with the –console option. An example of the Javacommand using the –console option follows:
For UNIX–based and Linux platforms: uninstaller.bin -consoleFor Windows: uninstaller.exe -console
This example starts the uninstallation in the non-graphical mode. If you arerunning the uninstallation from a remote host, use the non-graphical mode. Theuninstallation program does not run correctly with some window managers whenrun remotely.
Figure 48. Uninstallation System Restart window
60 Tivoli Security Compliance Manager: Installation Guide: All Components
5/11/2018 Scm51 Install - slidepdf.com
http://slidepdf.com/reader/full/scm51-install 71/90
Note: The console mode uninstallation process on HP-UX systems will display aNext option on the final uninstallation panel instead of a Finish option.Selecting the Next option will complete the uninstall.
Chapter 6. Uninstalling Tivoli Security Compliance Manager 61
5/11/2018 Scm51 Install - slidepdf.com
http://slidepdf.com/reader/full/scm51-install 72/90
62 Tivoli Security Compliance Manager: Installation Guide: All Components
5/11/2018 Scm51 Install - slidepdf.com
http://slidepdf.com/reader/full/scm51-install 73/90
Chapter 7. After the installation has completed
After you have installed the server, the client, and the administration console orcommand line interface or both, be sure to install the Tivoli Security Compliance
Manager collectors and policies from the product CD into a directory that theserver can read and write to. See the IBM Tivoli Security Compliance Manager Administration Guide for more information about using the collectors.
After you have installed Tivoli Security Compliance Manager, it is important toreview log space in DB2 to determine if you have adequate space for TivoliSecurity Compliance Manager logging requirements. You must have administratorauthority for DB2 to issue the following commands, which will enable you toreview the logging requirements and make changes, if necessary.
The values in the following commands are the minimum size needed for areasonably loaded system. If you are using a more heavily loaded system, you
might need to increase the log file size and or the number of log files.1. To see the current DB2 settings, issue the command: db2 get db cfg for JAC
2. To set the log file to 1000 4K pages, issue the command: db2 update db configfor JAC using LOGFILSIZ 1000
3. To set DB2 to use 30 circular log files, issue the command: db2 update dbconfig for JAC using LOGPRIMARY 30
4. After you make these changes, stop and then restart the server.
© Copyright IBM Corp. 2003, 2004 63
5/11/2018 Scm51 Install - slidepdf.com
http://slidepdf.com/reader/full/scm51-install 74/90
64 Tivoli Security Compliance Manager: Installation Guide: All Components
5/11/2018 Scm51 Install - slidepdf.com
http://slidepdf.com/reader/full/scm51-install 75/90
Chapter 8. Alternate installation methods
The Tivoli Security Compliance Manager InstallShield package provides the abilityto perform a silent installation, or to install in console mode. The following
sections provide details on both of these installation methods.
You can install in silent mode using a response file to provide input.
Silent install
Note: Before you begin be aware that ISMP does not report any errors in silentmode. Therefore, if you type any of the options incorrectly, the installationwill silently fail or respond unexpectedly. For example, if you are installingin /syslocal/tools/SCM and you were to type the command incorrectly, thecomponent would still be installed and there would be no error message.
The InstallShield MultiPlatform tool provides the capability to create a template filethat contains all possible responses. The tool also provides a record option thatallows you to record the responses given when installing a particular system.Response files created using these techniques can be used to perform silentinstallations.
Note: When performing a silent install on a Windows system, the InstallShieldprogram does not wait for the installation to complete before displaying anactive command window. The install will still be in progress once the userprompt is displayed, so check to ensure that the installation is complete
before using the command window.
In the examples given in this section for the platform variables, substitute one ofthe following: scm_aix, scm_hp11, scm_linux, scm_linux390, scm_linuxppc,scm_solaris, scm_win32.exe
To record a response file during an installation, enter the following command:
scm_ platform -options-record filename
where filename is the path name of the file to which the recorded response datawill be written.
Note: Using the -options-record on the Solaris platform causes invalid errormessages to be displayed. The options file that is created on Solaris can beused for silent installation.
To generate a template file, enter the following command:
scm_ platform -options-template filename
where filename is the path name of the file that the template response data will bewritten.
When the template generation successfully completes, you will receive thefollowing message:
Options file filename was successfully created
© Copyright IBM Corp. 2003, 2004 65
5/11/2018 Scm51 Install - slidepdf.com
http://slidepdf.com/reader/full/scm51-install 76/90
The template file that is created must be edited using a text editor as follows:
v For options you want to set, remove the three comment characters (###) at thestart of the option line.
v Replace value with the appropriate value for each uncommented option.
When you first perform a silent installation, use the -options-record option to
generate a response file from an actual installation. This option allows you tofamiliarize yourself with the data variables that can be set and with the validresponses. After you are familiar with the data that must be provided in theresponse file, you might find the -options-template option, which provides atemplate file of all possible responses, to be useful.
After you have created a response file with the desired data input, you can usethat file in a subsequent silent installation. For example, to perform a silentinstallation enter the following command:
scm_ platform -silent -options filename
where filename is the path name of the file that contains the response data to beused.
Console mode installation
In addition to running the launcher executable, there are other methods of startingthe installation that also might be useful. This section describes the way to start theinstallation program using a Java command with the –console option. Commandexamples are shown as if you have first used a cd (change directory) command tochange to the directory where the Tivoli Security Compliance Manager CD ismounted.
To bypass the launcher executable and run the installation in the non-graphicalmode, run the Java command with the –console option. An example of the Javacommand using the –console option follows:
scm_ platform -console
where platform is the installation executable platform.
This example starts the installation in the non-graphical mode. If you are runningthe installation from a remote host, use the non-graphical mode. The installationprogram does not run correctly with some window managers when run remotely.
66 Tivoli Security Compliance Manager: Installation Guide: All Components
5/11/2018 Scm51 Install - slidepdf.com
http://slidepdf.com/reader/full/scm51-install 77/90
Chapter 9. Troubleshooting
This chapter describes problems that you might encounter as you install andconfigure Tivoli Security Compliance Manager and it provides some solutions to
these problems.
Installing with an alternate temporary directory
The installation process can require a significant amount of temporary free spacethat is used to unpack and contain the bundled Java runtime environment andother installation files. Specific space requirements are documented in Chapter 1,“Installation overview,” on page 1.
If the temporary directory on your system does not contain sufficient free space toperform the installation, you must change the directory that is used for temporaryspace to one that does contain sufficient space.
Note: Before you install Tivoli Security Compliance Manager, the temporarydirectory must already exist; otherwise, the option is ignored.
To install a system component using an alternate directory for temporaryinstallation space, use the command:
launcher_name -is:tempdir temp_dir
where launcher_name is the name of the installation executable and temp_dir is thename of the directory that will be used to store temporary files.
Files left in temporary directory
Occasionally, InstallShield files are left in the temporary directory. This problemcan occur if you use Ctrl+c to cancel out of an installation, or if the installationabnormally terminates. Canceling the installation can also result in errors beinglogged and files being left on the system. If you cancel an installation before itcompletes successfully, or an installation abnormally terminates, make sure toremove all files in the installation directory; the default installation location is the/opt/IBM/SCM directory on UNIX–based platforms and Linux platforms, and theC:\Program Files\IBM\SCM directory on Windows.
Logging during installation
If an error occurs during the installation, then an installation log is automaticallygenerated. The log file, log.txt, will be placed into the installation locationdirectory. To perform an installation with additional logging, enter the followingcommand:
scm_ platform -log !fileName @ALL
where scm_ platform is one of the platform launchers for Tivoli SecurityCompliance Manager: scm_aix, scm_hp11, scm_linux, scm_linux390,scm_linuxppc, scm_solaris, scm_win32.exe. The @ALL parameter will log allinstallation events.
© Copyright IBM Corp. 2003, 2004 67
5/11/2018 Scm51 Install - slidepdf.com
http://slidepdf.com/reader/full/scm51-install 78/90
The ISMP installation program also stores information about the ISMP installedcomponents in a vital product data file called vpd.properties. This file is found invarious directories depending on the operating system, such as:
v Windows: %SystemRoot%\vpd.properties
v AIX: /usr/lib/objrepos/vpd.properties
v Linux: /root/vpd.properties
v HP-UX: /vpd.propertiesv Solaris: /vpd.properties
Frequently asked questions
The following section contains frequently asked installation troubleshootingquestions.
Invalid DB2 user ID and password given during installProblem: I entered an invalid DB2 user ID and password during install.
Solution: You can rerun the installation program by selecting the database
configuration option; this will recreate your database and tables. You will also haveto edit the INSTDIR/server/server.ini file to set the following values:
db.userid=<correct_userid_value>db.password=<correct_password_value>
where <correct_userid_value> is the valid DB2 user ID and<correct_password_value> is the valid DB2 password. You may enter the passwordas plain text, and it will be encrypted in the file for you.
Entered wrong DB2 password during server startProblem:I entered the wrong password for the DB2 user ID, and my server willnot start.
Solution: Edit the INSTDIR/server/server.ini file to correct the db.passwordvalue. You may enter the password as plain text, and when you start the server itwill be encrypted in the file for you.
Deselected create database now box by mistakeProblem: I deselected the check box to create the database as part of the serverinstallation, but I did not mean to.
Solution: Rerun the installation and select the database configuration option.Alternatively, you can edit the INSTALLDIR/sql/jac.sql file to uncomment the linesneeded to create the database and alias. See 8 on page 51 in the database
configuration chapter for more information.
Forgot Tivoli Security Compliance Manager administratorpassword
Problem: I forgot the password I entered for the Tivoli Security ComplianceManager administrator.
Solution: Contact IBM Tivoli Support for assistance.
68 Tivoli Security Compliance Manager: Installation Guide: All Components
5/11/2018 Scm51 Install - slidepdf.com
http://slidepdf.com/reader/full/scm51-install 79/90
Forgot Tivoli Security Compliance Manager administrator IDProblem: I forgot the user ID I entered for the Tivoli Security Compliance Manageradministrator.
Solution: Look in the file INSTDIR/sql/admin.sql.
Forgot to reset UMASK before installation on UNIX-based orLinux platformsProblem:I forgot to reset the UMASK parameter on my UNIX-based or Linuxmachine before beginning installation, and my commands will not run or arehaving problems executing wbindmsg.
Solution: Log in as the root user and use the chmod to change the command filepermissions and the INSTDIR/bin/wbindmsg file permissions. You may also need touse chmod on the /var/ibm/tivoli/common/HCV directory and its subdirectories.
Used double-byte characters for my administrator user IDand/or password
Problem:I entered an administrator ID and/or password that contains double-bytecharacters, and I can not log into my administration console.
Solution:Rerun the installation and select the database configuration option. Enteronly single-byte characters for the administrator ID and password.
Note: If you deselected the check box to create the database now, you can updateonly the affected tables as follows:
1. Use the db2 connect command to connect to the JAC database.
2. Use the db2 select userid command to select the administrator user IDfrom the jac_sys.users file.
3.
Use the db2 delete command to delete the administrator user ID fromthe jac_sys.users file where userid=<wrong_value>.
4. Use the db2 delete command to delete the administrator user IDpassword from the jac_sys.use_passwords file whereuserid=<wrong_value>.
5. Enter the following command:
db2 –tvf INSTDIR/sql/admin.sql
Forgot to select stash password during install and server willnot start
Problem: I deselected the stash password check box on the Server SecurityConfiguration window during installation, and my server fails to start when thesystem is rebooted.
Solution:Deselecting the stash password check box removes theserver.keystore.password value from the INSTDIR/server/server.ini file, butdoes not change the system entries to automatically start the server.
v To solve this problem on AIX systems, enter the following command:
rmitab ibmscmsrv
v To solve this problem on other UNIX-based systems, enter the followingcommands:
Chapter 9. Troubleshooting 69
5/11/2018 Scm51 Install - slidepdf.com
http://slidepdf.com/reader/full/scm51-install 80/90
cd /etcfind . | grep IBMSCMserver | xargs rm –f
v To solve this problem on a Windows system, enter the following command toremove the server as a Windows service:
scmserver –remove
Selected stash password during install and server will notstartProblem:I selected the stash password check box on the Server SecurityConfiguration window during installation, but my server does not automaticallystart when the system is rebooted.
Solution: Use the following steps to add the server to your system’s start upprocess:
Note: Make sure to replace the INSTDIR directory below with the directory whereyou installed Tivoli Security Compliance Manager.
v For AIX systems, enter the following command:
mkitab ibmscmsrv:2:once:INSTDIR/server/scmserver start 2>/dev/nullv For Solaris systems, make the following symbolic links:
ln –s INSTDIR/server/scmserver /etc/init.d/IBMSCMserverln –s INSTDIR/server/scmserver /etc/rc0.d/K10IBMSCMserverln –s INSTDIR/server/scmserver /etc/rc1.d/K10IBMSCMserverln –s INSTDIR/server/scmserver /etc/rc2.d/S99IBMSCMserverln –s INSTDIR/server/scmserver /etc/rcS.d/K10IBMSCMserver
v For Windows systems, enter the following command:
scmserver –install
v For Linux systems, make the following symbolic links:
ln –fs INSTDIR/server/scmserver /etc/init.d/IBMSCMserverln –fs ../IBMSCMserver /etc/init.d/rc0.d/K10IBMSCMserverln –fs ../IBMSCMserver /etc/init.d/rc1.d/K10IBMSCMserver
ln –fs ../IBMSCMserver /etc/init.d/rc2.d/S99IBMSCMserverln –fs ../IBMSCMserver /etc/init.d/rc3.d/S99IBMSCMserverln –fs ../IBMSCMserver /etc/init.d/rc4.d/S99IBMSCMserverln –fs ../IBMSCMserver /etc/init.d/rc5.d/S99IBMSCMserverln –fs ../IBMSCMserver /etc/init.d/rc6.d/K10IBMSCMserver
70 Tivoli Security Compliance Manager: Installation Guide: All Components
5/11/2018 Scm51 Install - slidepdf.com
http://slidepdf.com/reader/full/scm51-install 81/90
Appendix. Notices
This information was developed for products and services offered in the U.S.A.IBM may not offer the products, services, or features discussed in this document in
other countries. Consult your local IBM representative for information on theproducts and services currently available in your area. Any reference to an IBMproduct, program, or service is not intended to state or imply that only that IBMproduct, program, or service may be used. Any functionally equivalent product,program, or service that does not infringe any IBM intellectual property right may
be used instead. However, it is the user’s responsibility to evaluate and verify theoperation of any non-IBM product, program, or service.
IBM may have patents or pending patent applications covering subject matterdescribed in this document. The furnishing of this document does not give youany license to these patents. You can send license inquiries, in writing, to:
IBM Director of LicensingIBM Corporation500 Columbus AvenueThornwood, NY 10594U.S.A
For license inquiries regarding double-byte (DBCS) information, contact the IBMIntellectual Property Department in your country or send inquiries, in writing, to:
IBM World Trade Asia CorporationLicensing2-31 Roppongi 3-chome, Minato-kuTokyo 106, Japan
The following paragraph does not apply to the United Kingdom or any othercountry where such provisions are inconsistent with local law:INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THISPUBLICATION “AS IS” WITHOUT WARRANTY OF ANY KIND, EITHEREXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIEDWARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY OR FITNESSFOR A PARTICULAR PURPOSE. Some states do not allow disclaimer of express orimplied warranties in certain transactions, therefore, this statement may not applyto you.
This information could include technical inaccuracies or typographical errors.Changes are periodically made to the information herein; these changes will be
incorporated in new editions of the publication. IBM may make improvementsand/or changes in the product(s) and/or the program(s) described in thispublication at any time without notice.
Any references in this information to non-IBM Web sites are provided forconvenience only and do not in any manner serve as an endorsement of those Websites. The materials at those Web sites are not part of the materials for this IBMproduct and use of those Web sites is at your own risk.
IBM may use or distribute any of the information you supply in any way it believes appropriate without incurring any obligation to you.
© Copyright IBM Corp. 2003, 2004 71
5/11/2018 Scm51 Install - slidepdf.com
http://slidepdf.com/reader/full/scm51-install 82/90
Licensees of this program who wish to have information about it for the purposeof enabling: (i) the exchange of information between independently createdprograms and other programs (including this one) and (ii) the mutual use of theinformation which has been exchanged, should contact:
IBM Corporation2Z4A/101
11400 Burnet RoadAustin, TX 78758USA
Such information may be available, subject to appropriate terms and conditions,including in some cases, payment of a fee.
The licensed program described in this information and all licensed materialavailable for it are provided by IBM under terms of the IBM Customer Agreement,IBM International Program License Agreement, or any equivalent agreement
between us.
Any performance data contained herein was determined in a controlledenvironment. Therefore, the results obtained in other operating environments mayvary significantly. Some measurements may have been made on development-levelsystems and there is no guarantee that these measurements will be the same ongenerally available systems. Furthermore, some measurement may have beenestimated through extrapolation. Actual results may vary. Users of this documentshould verify the applicable data for their specific environment.
Information concerning non-IBM products was obtained from the suppliers ofthose products, their published announcements or other publicly available sources.IBM has not tested those products and cannot confirm the accuracy ofperformance, compatibility or any other claims related to non-IBM products.Questions on the capabilities of non-IBM products should be addressed to the
suppliers of those products.
All statements regarding IBM’s future direction or intent are subject to change orwithdrawal without notice, and represent goals and objectives only.
This information contains examples of data and reports used in daily businessoperations. To illustrate them as completely as possible, the examples include thenames of individuals, companies, brands, and products. All of these names arefictitious and any similarity to the names and addresses used by an actual businessenterprise is entirely coincidental.
If you are viewing this information softcopy, the photographs and colorillustrations may not appear.
Trademarks
The following terms are trademarks or registered trademarks of InternationalBusiness Machines Corporation in the United States, other countries, or both:
AIXDB2IBM
72 Tivoli Security Compliance Manager: Installation Guide: All Components
5/11/2018 Scm51 Install - slidepdf.com
http://slidepdf.com/reader/full/scm51-install 83/90
IBM logoTivoliTivoli logo
Microsoft, Windows, Windows NT, and the Windows logo are trademarks ofMicrosoft Corporation in the United States, other countries, or both.
Java and all Java-based trademarks and logos are trademarks or registeredtrademarks of Sun Microsystems, Inc. in the United States and other countries.
UNIX is a registered trademark of The Open Group in the United States and othercountries.
Other company, product, and service names may be trademarks or service marksof others.
Appendix. Notices 73
5/11/2018 Scm51 Install - slidepdf.com
http://slidepdf.com/reader/full/scm51-install 84/90
74 Tivoli Security Compliance Manager: Installation Guide: All Components
5/11/2018 Scm51 Install - slidepdf.com
http://slidepdf.com/reader/full/scm51-install 85/90
Glossary
collector. A software module that runs on a clientsystem and gathers data. This data is subsequently sent
to a server.
compliance query. An SQL query that extracts specificdata from the server database and returns a list ofclients that are in violation of specific securityrequirements.
delta table. A database table used for saving changeddata from subsequent runs of a collector.
disinherit. To remove actions from a role that wereoriginally copied from a template.
inherit. To copy actions to a role from a template.
policy. A set of one or more compliance queries usedto demonstrate the level of adherence to specificsecurity requirements.
policy bundle. A file containing the informationassociated with a policy, such as the compliancequeries, the collectors, and the associated schedules. Apolicy bundle permits the policy to be saved andsubsequently applied to other servers.
proxy relay. A special pull client that acts as a relay between the server and one or more clients. A proxyrelay is used to reach a limited number of clients thatare located behind a firewall, or that are in an
IP-address range that is not directly addressable by theserver.
pull client. A client that permits communication withthe server to be initiated by only the server.
push client. A client that permits communication withthe server to be initiated by either the client or theserver.
snapshot. The result of running all of the compliancequeries in a policy against a set of clients. A snapshotshows the number of violations and indicates whatclients are not adhering to the security requirements being tested by the compliance queries.
© Copyright IBM Corp. 2003, 2004 75
5/11/2018 Scm51 Install - slidepdf.com
http://slidepdf.com/reader/full/scm51-install 86/90
76 Tivoli Security Compliance Manager: Installation Guide: All Components
5/11/2018 Scm51 Install - slidepdf.com
http://slidepdf.com/reader/full/scm51-install 87/90
Index
Aaccessibility vii
administration utilities installation 37after installation 63alternate temporary installation directory 67
CCD layout 6client installation 25configuration
database 45console mode installation 66console mode uninstallation 60
Ddatabaseconfiguration 45
database utilities 45
Iinstallation
after completion 63console mode 66silent 65troubleshooting 67using an alternate temporary directory 67
installation prerequisites 1installing
administration utilities 37client 25server 7
InstallShield MultiPlatform uninstallation 55
Pproduct removal 55
Rreinstalling
administration utilities 37client 25
server 7related publications virunning database utilities 46
Sserver installation 7silent install
administration utilities 65client 65server 65
silent installation 65software prerequisites 1
Ttroubleshooting installation 67
Uuninstall
console mode 60InstallShield MutliPlatform 55
uninstalling 55
© Copyright IBM Corp. 2003, 2004 77
5/11/2018 Scm51 Install - slidepdf.com
http://slidepdf.com/reader/full/scm51-install 88/90
78 Tivoli Security Compliance Manager: Installation Guide: All Components