What changes does the Discover-DNCA RPM make to the DNCA server

Question

What changes does the Discover-DNCA RPM make to the Unica Discover Network Capture Application server?

Answer

You can install DNCA into a directory other than the default of /usr/local/dncauser.

• See How do I install into a directory other than the default one.

The package creates the log file directory, which is /var/log/Discover by default, if it does not exist. It was /usr/local/dncauser/logs in earlier versions.

• When you upgrade from an old installation that contains a nonempty /usr/local/dncauser/logs directory, the package uses the existing /usr/local/dncauser/logs directory instead of /var/log/Discover. This behavior is intended to avoid surprising the user by leaving old log files in the old directory (/usr/local/dncauser/logs) and writing new log files to the new default (/var/log/Discover).
• This check for /usr/local/dncauser/logs is independent of the installation prefix that is chosen for installation for upgrade. So if you install DNCA into /opt/Discover, the package still looks for a nonempty directory /usr/local/dncauser/logs.

The package performs the following file operations:

• Create the following SSL self-signed certificate files in /usr/local/dncauser/etc. The package creates them automatically as a convenience for installations that do not provide their own SSL certificates:

  
  /usr/local/dncauser/etc/Discover-DNCA.crt
  /usr/local/dncauser/etc/Discover-DNCA.key
  /usr/local/dncauser/etc/Discover-tts.crt
  /usr/local/dncauser/etc/Discover-tts.key
  /usr/local/dncauser/etc/Discover-tts.pem
  /usr/local/dncauser/etc/Discover-web.crt
  /usr/local/dncauser/etc/Discover-web.key
  
  

  Note:

  • The Discover-DNCA files are currently unused and are reserved for future use.
  • The Discover-web files are used by the default httpd.conf for the web console.
  • The Discover-tts files are provided for convenience in configuring SSL connections with the Discover Transport Service.
  • The /usr/local/dncauser/etc directory is normally writable by root and the capture user, dncauser.
• Install crontab file: /etc/cron.d/Discover. The crontab file schedules the execution of Discover cron as user root.
• Install the following initialization scripts in /etc/init.d: Discover-DNCA, Discover-startup.
• Create the capture.log file in the logfile directory if the file does not exist.

The package performs the following actions that modify directories and files outside of the installation prefix:

• Create group dncauser if it does not exist.
• Create user dncauser if it does not exist.
  Note: This user is created without a password that is assigned to it, so you cannot log in with that account by default. Security risks are minimal; the dncauser user can only start and own the Discover processes. Depending on your enterprise security requirements, you can assign a password to the dncauser user from the root user.
• Set /usr/local/dncauser/bin/listend and /usr/local/dncauser/bin-debug/listend as setuid root (required for listend to open eth devices for packet sniffing; drops down to user dncauser after you open the eth devices).
• Remove PHP session files in /tmp. These files are assumed to be PHP session files for the DNCA web console.
• Update /etc/syslog.conf (if needed) to ensure that it contains an entry for facility local0 to file capture.log in the logfile directory.
• Restart syslogd to reload its configuration and use any changes that are made to /etc/syslog.conf.

References

• Installing the Network Capture Application