snare for windows custom msi v2 - symtrex inc. · 2017. 10. 6. · Â© intersect alliance...

of 17

© Intersect Alliance International Pty Ltd. All rights reserved worldwide. Intersect Alliance Pty Ltd shall not be liable for errors contained herein or for direct, or indirect damages in connection with the use of this material. No part ofthis work may be reproduced or transmitted in any form or by any means except as expressly permitted by Intersect Alliance International Pty Ltd. This doesnot include those documents and software developed under the terms of the open source General Public Licence, which covers the Snare agents and someother software. The Intersect Alliance logo and Snare logo are registered trademarks of Intersect Alliance International Pty Ltd. Other trademarks and trade names are marks'and names of their owners as may or may not be indicated. All trademarks are the property of their respective owners and are used here in an editorialcontext without intent of infringement. Specifications and content are subject to change without notice.

Snare for Windows Custom MSI v2.0

of 17

Table of Contents

1. Guide Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

2. Introduction to MSI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

3. Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

4. Installing WIX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

5. Creating the MSI package . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

6. Installing the MSI package using Group Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

7. About InterSect Alliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

Â© Intersect Alliance International Pty Ltd of 17

1. Guide Overview

This product uses the RSA Data Security, Inc. MD5 Message-Digest Algorithm. This product includes software developed bythe OpenSSL Project for use in the OpenSSL Toolkit. ( )http://www.openssl.org/

About this GuideThis guide provides administrators with the instructions to create a Windows MSI file, based on the required organizationalsecurity settings, using the freely available Windows Installer XML (WiX) toolset. This will allow you to remotely deploySnare Enterprise Agents for Windows with a customized configuration, using the Microsoft Installer (MSI).

Other guides that may be useful to read include:

User Guide to Snare Enterprise Agents for Windows.

http://www.openssl.org/


2. Introduction to MSI

The Windows Installer utility (MSI, formerly known as Microsoft Installer) is an application that allows MSI compliantapplications to be remotely deployed to workstations and servers that run the MSI service, without significant administratorintervention.

Snare agents do not come packaged as a MSI file by default, as the standard 'setup' executable offers significantly moreflexibility at this stage. However, organizations that wish to remotely deploy pre-configured Snare agents to workstations andservers, without physically moving from system to system, appreciate the functionality provided by MSI.

NoteThe MSI functionality with the Snare Enterprise Agent for Windows.is currently only available


3. Requirements

What you NeedThe latest executable file available from the Snare Secure Area at Snare Enterprise Agent for Windows https://www.intersectalliance.com

The MSI pack, available from the Snare Secure Area atMSI-2.0.zip, https://www.intersectalliance.comThe Windows Installer XML (WiX Toolset version 3.10) binaries, wix310-binaries.zip, available from http://wix.codeplex.com/releases/view/619491

Minimum RequirementsAdministrator-level access to the system.Windows 2003 (or later) system.At least 8 Megabytes of disk space on your system.

NoteVersion 2.0 of the MSI accepts the selection of Version 4 and Version 5 Snare Enterprise Agents for Windows. Thecreation of the MSI will not work with OpenSource Agents.

https://www.intersectalliance.com


https://www.intersectalliance.com/


http://wix.codeplex.com/releases/view/619491

http://wix.codeplex.com/releases/view/619491


1. 2.

3. 4.

5.

6.

4. Installing WIX

Perform the following to install WIX:

As Administrator, unzip the file to C:\Program Files\wix.wix310-binaries.zipStart the Control Panel, then navigate to . For Windows 2008 and above, click on System Advanced System Settings.Under the tab, click .Advanced Environment VariablesUnder , edit the variable and add . Use a semicolon as theSystem variables Path C:\Program Files\wixseparator.

Click until you are back to the Control Panel. On some later versions of Windows, you may have to log out and logOKback in again for the PATH environment variables to take effect.To check that the above procedures have worked, start a command prompt window and type:>candleIts usage will be displayed. If there are any errors then either the software has not been installed or the environmentvariables have not been set.

Troubleshooting

If your error dialog states then this indicates that the .NET"...application failed to initialize properly..."framework has not been installed. This will need to be installed for WIX to work.


1. 2.

3. 4.

a.

b.

c.

d. e.

5. Creating the MSI package

Perform the following to build the MSI.

Download, install and configure the latest agent on the machine you are building the MSI.Place a copy of the Snare .exe installer (e.g. SnareEnterpriseAgent-Windows-v4.3.6-SUPP-MultiArch.exe,SnareEnterpriseAgent-Windows-v5.x.x-multiArch.exe) into the location of the installed Snare directory, e.g. C:\ProgramFiles\Snare\.Unzip into the C:\Program Files\Snare\ (or wherever your Snare installation is located) directory.MSI-2.0.zipOpen a command prompt as administrator and from the location of the Snare installation type:> MakeSnareMSI.bat

You will be prompted with following:Select Windows agent configuration method. Select from:

Use configuration of local agent By default, the build process will export and use the settings of thelocally installed agent.Use configuration from an existing file Edit the template.inf in directory

Upgrade or Reinstall the target machine's agent? Select either Update or Reinstall, then click Enter:Upgrade This produces an MSI which installs a new agent, but leaves existing settings/objectivesunchanged.Reinstall This produces an MSI which installs a new agent, and resets settings/objectives to settings onthe MSI build machine.

Select installer exe to be added to the MSI. Any Snare executable files found will be listed. Select the .exe fileto add to the MSI represented by numerals. If only one file is found in the Snare installation folder then that filewill be listed. Click Enter.On completion, the message will print .MSI build of Snare<product name>.msi completed successfully The customized MSI is now available at C:\Program Files\Snare\SnareEnterpriseWindowsAgentsv .<version>

.msi


4.

e.

5.

Test the MSI.

To install the MSI, type the following from the command line: >msiexec /i SnareEnterpriseWindowsAgentsv5.0.0.msi

Upon execution you will see the following dialog box:

If the version of the Snare.msi detects an newer version of the agent it will not upgrade the software. Areinstall will always replace with the version that is being installed.

For systems running User Account Control (UAC), you will need to test the MSI from within a "Run asAdministrator" Command Prompt.


5.

6.

To include logging, on a deployment, (recommended for acceptance testing) type the following from the command line:>msiexec /l*v [logname].log /i [msiname].msi

To uninstall the MSI, type the following from the command line:

>msiexec /x SnareEnterpriseWindowsAgentsv5.0.0.msi

To ensure the agent is working correctly, check the page in the web UI of the Snare agent. If no eventsLatest Eventsappear in this window in a timely manner, check the agent configuration or run the agent in Debug Mode (instructionsbelow).

Debug Mode

To use the Debug Mode, from the command line of an administrative prompt execute the following commands

> net stop snare

> snarecore -c -d9

this command will send log to the console. Enter CTRL-C to end the debug log.

> net start snare

Ensure the MSI is tested before use in production networks.


6. Installing the MSI package using Group Policy

To install the MSI package over the network group policy may be used.

Add the Snare .msi package in your Domain

The instructions should be executed on the network domain controller. Snare{version number}.msi package must beplaced in a network share folder with read access.


1. a. b. c.

d.

e.

Start 'Group Policy Management' snapshot of MMC.Go to Start | Run window or shortcut 'Windows Key + R'.Type 'mmc' in run window and click .EnterFollowing screen will appear. This is from Windows 2008 R2 (other windows will have similar window).

Go to File | Add/Remove Snap-in. Select snap-in and select and click .Group Policy Management Add OK

In snap-in window, navigate to the folder.Group Policy Management Group Policy Objects


1.

e.

f.

g.

Right click on and select . The New GPO window will appear. Enter the name ofGroup Policy Objects Newyour MSI install, for example Snare Agent 4.2.3 (match the version of the agent you are using). Click .OK

Right click the newly created GPO (Snare Agent 4.2.3) and select . Group Policy Management Editor screenEditwill appear. Navigate to the option.Software Installation


1.

g.

h.

i. j.

Right click on and select | .Software Installation New Package...

From the file open window select your Snare{version number}.msi package from the network shared folder.After selecting the Snare .msi package, the following pop-up will appear.Deploy Software


1.

j.

k.

l.

m.

Select the option and click . It will add the .msi package for . Close the Assigned OK Software Installation Grou window.p Policy Management Editor

In snap-in window, right click on your domain name (under Domains) and selectGroup Policy Managementitem .Link an Existing GPO...

The window will appear. Select the recently created Snare Agent GPO and press OK.Select GPO


1.

m.

n.

1.

2. 3.

The snare{version number}.msi package is now added as software installation GPO in your domain.

Install the Snare Agent on Domain Computers

The next step is to run the group policy objects so that the .msi package can install the Snare agent on domaincomputers. Start the Command Prompt with administrative privileges and run the command gpupdate /force.

If you want to install the .msi package on the domain controller too then type to restart.YFor all domain computers, the Snare agent .msi GPO is active now and the Snare agent will be installed to eachcomputer on next system restart or log-in. It will show a screen similar to the following:


3.

4. Once complete the agent will be installed and the user login prompt will appear.


7. About InterSect Alliance

Intersect Alliance, part of the Prophecy International Holdings Group, is a team of leading information technology securityspecialists. In particular, Intersect Alliance are noted leaders in key aspects of IT Security, including host intrusion detection.Our solutions have and continue to be used in the most sensitive areas of Government and business sectors.

Intersect Alliance intend to continue releasing tools that enable users, administrators and clients worldwide to achieve agreater level of productivity and effectiveness in the area of IT Security, by simplifying, abstracting and/or solving complexsecurity problems.

Intersect Alliance welcomes and values your support, comments, and contributions. For more information on the EnterpriseAgents, Snare Server and other Snare products and licensing options, please contact us as follows:

The Americas Toll Free | +1 (800) 834 1060

Denver+1 (303) 771 2666 Asia Pacific

Adelaide Australia+61 8 8213 1200 Europe and the UK

+44 (797) 090 5011 Email [email protected]

Visit www.intersectalliance.com

http://www.intersectalliance.com

snare for windows custom msi v2 - symtrex inc. · 2017. 10. 6. · Â© intersect alliance...

Documents