What changes does the Discover-DNCA RPM make to the DNCA server
Question
What changes does the Discover-DNCA RPM make to the Unica Discover Network Capture Application server?
Answer
You
can install DNCA into a directory other than the default
of /usr/local/dncauser
.
The package creates the log file directory, which is /var/log/Discover
by
default, if it does not exist. It was /usr/local/dncauser/logs
in
earlier versions.
- When you upgrade from an old installation that contains a nonempty
/usr/local/dncauser/logs
directory, the package uses the existing/usr/local/dncauser/logs
directory instead of/var/log/Discover
. This behavior is intended to avoid surprising the user by leaving old log files in the old directory (/usr/local/dncauser/logs
) and writing new log files to the new default (/var/log/Discover
). - This check for
/usr/local/dncauser/logs
is independent of the installation prefix that is chosen for installation for upgrade. So if you install DNCA into/opt/Discover
, the package still looks for a nonempty directory/usr/local/dncauser/logs
.
The package performs the following file operations:
- Create the following SSL self-signed certificate files in
/usr/local/dncauser/etc
. The package creates them automatically as a convenience for installations that do not provide their own SSL certificates:/usr/local/dncauser/etc/Discover-DNCA.crt /usr/local/dncauser/etc/Discover-DNCA.key /usr/local/dncauser/etc/Discover-tts.crt /usr/local/dncauser/etc/Discover-tts.key /usr/local/dncauser/etc/Discover-tts.pem /usr/local/dncauser/etc/Discover-web.crt /usr/local/dncauser/etc/Discover-web.key
Note:- The Discover-DNCA files are currently unused and are reserved for future use.
- The Discover-web files are used by the default
httpd.conf
for the web console. - The Discover-tts files are provided for convenience in configuring SSL connections with the Discover Transport Service.
- The
/usr/local/dncauser/etc
directory is normally writable by root and the capture user,dncauser
.
- Install crontab file:
/etc/cron.d/Discover
. The crontab file schedules the execution ofDiscover cron
as userroot
. - Install the following initialization scripts in
/etc/init.d
:Discover-DNCA
,Discover-startup
. - Create the
capture.log
file in thelogfile
directory if the file does not exist.
The package performs the following actions that modify directories and files outside of the installation prefix:
- Create group dncauser if it does not exist.
- Create user dncauser if it does not exist. Note: This user is created without a password that is assigned to it, so you cannot log in with that account by default. Security risks are minimal; the dncauser user can only start and own the Discover processes. Depending on your enterprise security requirements, you can assign a password to the dncauser user from the root user.
- Set
/usr/local/dncauser/bin/listend
and/usr/local/dncauser/bin-debug/listend
as setuid root (required for listend to open eth devices for packet sniffing; drops down to user dncauser after you open the eth devices). - Remove PHP session files in
/tmp
. These files are assumed to be PHP session files for the DNCA web console. - Update
/etc/syslog.conf
(if needed) to ensure that it contains an entry for facility local0 to filecapture.log
in thelogfile
directory. - Restart syslogd to reload its configuration and use any changes
that are made to
/etc/syslog.conf
.