What changes does the Discover-DNCA RPM make to the DNCA server

Question

What changes does the Discover-DNCA RPM make to the Unica Discover Network Capture Application server?

Answer

You can install DNCA into a directory other than the default of /usr/local/dncauser.

The package creates the log file directory, which is /var/log/Discover by default, if it does not exist. It was /usr/local/dncauser/logs in earlier versions.

  • When you upgrade from an old installation that contains a nonempty /usr/local/dncauser/logs directory, the package uses the existing /usr/local/dncauser/logs directory instead of /var/log/Discover. This behavior is intended to avoid surprising the user by leaving old log files in the old directory (/usr/local/dncauser/logs) and writing new log files to the new default (/var/log/Discover).
  • This check for /usr/local/dncauser/logs is independent of the installation prefix that is chosen for installation for upgrade. So if you install DNCA into /opt/Discover, the package still looks for a nonempty directory /usr/local/dncauser/logs.

The package performs the following file operations:

  • Create the following SSL self-signed certificate files in /usr/local/dncauser/etc. The package creates them automatically as a convenience for installations that do not provide their own SSL certificates:
    
    /usr/local/dncauser/etc/Discover-DNCA.crt
    /usr/local/dncauser/etc/Discover-DNCA.key
    /usr/local/dncauser/etc/Discover-tts.crt
    /usr/local/dncauser/etc/Discover-tts.key
    /usr/local/dncauser/etc/Discover-tts.pem
    /usr/local/dncauser/etc/Discover-web.crt
    /usr/local/dncauser/etc/Discover-web.key
    
    
    Note:
    • The Discover-DNCA files are currently unused and are reserved for future use.
    • The Discover-web files are used by the default httpd.conf for the web console.
    • The Discover-tts files are provided for convenience in configuring SSL connections with the Discover Transport Service.
    • The /usr/local/dncauser/etc directory is normally writable by root and the capture user, dncauser.
  • Install crontab file: /etc/cron.d/Discover. The crontab file schedules the execution of Discover cron as user root.
  • Install the following initialization scripts in /etc/init.d: Discover-DNCA, Discover-startup.
  • Create the capture.log file in the logfile directory if the file does not exist.

The package performs the following actions that modify directories and files outside of the installation prefix:

  • Create group dncauser if it does not exist.
  • Create user dncauser if it does not exist.
    Note: This user is created without a password that is assigned to it, so you cannot log in with that account by default. Security risks are minimal; the dncauser user can only start and own the Discover processes. Depending on your enterprise security requirements, you can assign a password to the dncauser user from the root user.
  • Set /usr/local/dncauser/bin/listend and /usr/local/dncauser/bin-debug/listend as setuid root (required for listend to open eth devices for packet sniffing; drops down to user dncauser after you open the eth devices).
  • Remove PHP session files in /tmp. These files are assumed to be PHP session files for the DNCA web console.
  • Update /etc/syslog.conf (if needed) to ensure that it contains an entry for facility local0 to file capture.log in the logfile directory.
  • Restart syslogd to reload its configuration and use any changes that are made to /etc/syslog.conf.

References