Tioli Security Compliance Manager Version 5.1 Tioli Risk Manager Adapter Guide
Tioli Security Compliance Manager Version 5.1 Tioli Risk Manager Adapter Guide
Note Before using this information and the product it supports, read the information in Notices, on page 7. First Edition (July 2004) This edition applies to ersion 5, release 1, modification 0 of IBM Tioli Security Compliance Manager (product number 5724-F82) and to all subsequent releases and modifications until otherwise indicated in new editions. Copyright International Business Machines Corporation 2004. All rights resered. US Goernment Users Restricted Rights Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
Contents Preface.................................... Who should read this book.............................. What this book contains............................... Publications................................... IBM Tioli Security Compliance Manager library...................... Related publications...............................i Accessing publications online............................i Accessibility................................... ii Contacting software support............................. ii Conentions used in this book............................. ii Typeface conentions............................... ii Operating system differences............................ ii Tioli Risk Manager Adapter for Tioli Security Compliance Manager......... 1 Adapter oeriew.................................1 Adapter distribution package..............................1 Installation....................................2 Software requirements...............................2 Before you install.................................2 Installation steps.................................2 Checking the installation...............................4 Uninstalling the adapter...............................4 Appendix. Notices............................... 7 Trademarks....................................9 Copyright IBM Corp. 2004 iii
i IBM Tioli Security Compliance Manager: Tioli Risk Manager Adapter Guide
Preface Who should read this book The IBM Tioli Security Compliance Manager Tioli Risk Manager Adapter Guide explains how to route compliance iolation information detected by IBM Tioli Security Compliance Manager to IBM Tioli Risk Manager. Tioli Risk Manager can be used to monitor your systems or to route iolation information to IBM Tioli Data Warehouse. Tioli Security Compliance Manager is a data collection serice that gathers and stores a wide ariety of information from multiple participating systems. Information types can include any data stored on a system, such as operating system ersions, software patch leels, and security-related data. System and security administrators can use the Tioli Security Compliance Manager serice to monitor specific data checkpoints on any gien machine (or group of machines). The target audience for this insert-book-type-here guide includes: System administrators Application specialists Security analysts IT planners Auditors What this book contains Publications This document contains the following chapters: Tioli Risk Manager Adapter for Tioli Security Compliance Manager, on page 1 This chapter proides information on installing, configuring, and uninstalling the Tioli Risk Manager adapter for Tioli Security Compliance Manager. Notices, on page 7 This appendix contains the legal notices and copyright information. Read the descriptions of the IBM Tioli Security Compliance Manager library, the prerequisite publications, and the related publications to determine which publications you might find helpful. After you determine the publications you need, refer to the instructions for accessing publications online. IBM Tioli Security Compliance Manager library The publications in the IBM Tioli Security Compliance Manager library are: IBM Tioli Security Compliance Manager Installation Guide: All Components (GC32-1592-00) Explains how to install and configure Tioli Security Compliance Manager software. IBM Tioli Security Compliance Manager Installation Guide: Client Component (GC32-1593-00) Copyright IBM Corp. 2004
Explains how to install and configure the Tioli Security Compliance Manager client component software. IBM Tioli Security Compliance Manager Administration Guide (SC32-1594-00) Explains how to manage and configure Tioli Security Compliance Manager serices using the administration console. IBM Tioli Security Compliance Manager Collector Deelopment Guide (SC32-1595-00) Explains how to design and implement custom Tioli Security Compliance Manager collectors. IBM Tioli Security Compliance Manager Warehouse Enablement Pack, Version 1.1 Implementation Guide for Tioli Data Warehouse, Version 1.2 (SC32-1596-00) Explains how to integrate Tioli Security Compliance Manager with Tioli Data Warehouse. IBM Tioli Security Compliance Manager Release Notes (GI11-4695-00) Proides late-breaking information, such as software limitations, workarounds, and documentation updates. Related publications This section lists publications related to the Tioli Security Compliance Manager library. The Tioli Software Library proides a ariety of Tioli publications such as white papers, datasheets, demonstrations, redbooks, and announcement letters. The Tioli Software Library is aailable on the Web at: http://www.ibm.com/software/tioli/library/ The Tioli Software Glossary includes definitions for many of the technical terms related to Tioli software. The Tioli Software Glossary is aailable, in English only, from the Glossary link on the left side of the Tioli Software Library Web page http://www.ibm.com/software/tioli/library/ IBM DB2 Uniersal Database IBM DB2 Uniersal Database is required when using Tioli Security Compliance Manager. Additional information about DB2 can be found at: http://www.ibm.com/software/data/db2/ Accessing publications online The publications for this product are aailable online in Portable Document Format (PDF) or Hypertext Markup Language (HTML) format, or both in the Tioli software library: http://www.ibm.com/software/tioli/library To locate product publications in the library, click the Product manuals link on the left side of the library page. Then, locate and click the name of the product on the Tioli software information center page. Product publications include release notes, installation guides, user s guides, administrator s guides, and deeloper s references. Note: To ensure proper printing of PDF publications, select the Fit to page check box in the Adobe Acrobat Print window (which is aailable when you click File Print). i IBM Tioli Security Compliance Manager: Tioli Risk Manager Adapter Guide
Accessibility Contacting software support Accessibility features help a user who has a physical disability, such as restricted mobility or limited ision, to use software products successfully. With this product, you can use assistie technologies to hear and naigate the interface. You also can use the keyboard instead of the mouse to operate all features of the graphical user interface. Before contacting IBM Tioli Software Support with a problem, refer to the IBM Tioli Software Support site by clicking the Tioli support link at the following Web site: http://www.ibm.com/software/support/ If you need additional help, contact software support by using the methods described in the IBM Software Support Guide at the following Web site: http://techsupport.serices.ibm.com/guides/handbook.html The guide proides the following information: Conentions used in this book Registration and eligibility requirements for receiing support Telephone numbers, depending on the country in which you are located A list of information you should gather before contacting customer support This reference uses seeral conentions for special terms and actions and for operating system-dependent commands and paths. Typeface conentions The following typeface conentions are used in this reference: Bold Italic Monospace Lowercase commands or mixed case commands that are difficult to distinguish from surrounding text, keywords, parameters, options, names of Jaa classes, and objects are in bold. Variables, titles of publications, and special words or phrases that are emphasized are in italic. Code examples, command lines, screen output, file and directory names that are difficult to distinguish from surrounding text, system messages, text that the user must type, and alues for arguments or command options are in monospace. Operating system differences This book uses the UNIX conention for specifying enironment ariables and for directory notation. When using the Windows command line, replace $ariable with %ariable% for enironment ariables and replace each forward slash (/) with a backslash (\) in directory paths. If you are using the bash shell on a Windows system, you can use the UNIX conentions. Preface ii
iii IBM Tioli Security Compliance Manager: Tioli Risk Manager Adapter Guide
Tioli Risk Manager Adapter for Tioli Security Compliance Manager Adapter oeriew This chapter describes the Tioli Risk Manager adapter for IBM Tioli Security Compliance Manager, including installation and configuration instructions. The Tioli Risk Manager Adapter for Tioli Security Compliance Manager uses the JDBC type proided by the Tioli Risk Manager eent monitor to monitor a Tioli Security Compliance Manager database for policy snapshot iolations. To proide a simple table for this purpose, a new database table iew called scm_rma.io_alert is created. This table iew is based on tables in the jac_sys schema. This iew proides a record of unsuppressed iolations for policy snapshots. The adapter is comprised of three parts: Adapter distribution package The database changes needed to create the new scm_rma.io_alert iew on the database serer The configuration file changes and additions on the Tioli Risk Manager serers where alerts are receied and correlated The configuration file changes and additions on the systems where the adapter runs The Tioli Risk Manager Adapter for Tioli Security Compliance Manager is distributed as an archie file in both zip and tar format. The archie file contains the files listed in Table 1. Table 1. Files proided in the adapter archie file client/itscmrma.zip File name Contains the following two files: Description eentmonitor.properties Customized properties file used by the Tioli Risk Manager Eent Monitor Configuration Wizard to configure an instance of the eent manager to monitor the Tioli Security Compliance Manager database table scm_rma.io_alert. itscm.xml The Tioli Security Compliance Manager eent definition file. serer/itscm.baroc serer/itscm_stanzas_categories.xml sql/scmrma.sql The baroc file that defines the ITSCM_PolViolation eent class to the Tioli Risk Manager serer. The file that defines the SECPOLVIOLATION category. The stanza contained in this file is added to the categories.xml file during installation and configuration. The file that contains the SQL statements needed to modify the database used by Tioli Security Compliance Manager to create the scm_rma.io_alert iew. Copyright IBM Corp. 2004 1
Installation This section describes the steps required to install, configure, check, and uninstall the adapter. Software requirements The Tioli Risk Manager Adapter for Tioli Security Compliance Manager is supported on the same platforms as the Tioli Risk Manager client. A Tioli Risk Manager Version 4.2 serer or distributed correlation serer must be aailable. Before you install The following software must be installed on the system where the adapter is to be installed: The Tioli Risk Manager Version 4.2 client A suitable JDBC drier for the IBM DB2 database product being used by Tioli Security Compliance Manager The Tioli Risk Manager Eent Monitor Configuration Wizard The wizard can be downloaded from the Tioli Risk Manager Adapter Web site. Installation steps Installation of the Tioli Risk Manager Adapter for Tioli Security Compliance Manager requires: 1. Modifying the Tioli Security Compliance Manager database 2. Configuring the Tioli Risk Manager serer 3. Configuring the Tioli Risk Manager client on page 3 Modifying the Tioli Security Compliance Manager database On the system where the DB2 database serer used by Tioli Security Compliance Manager is installed, or from a system that has access to the DB2 database serer, perform the following steps: 1. Copy the sql/scmrma.sql file from the adapter archie file to the system. 2. Log in using the user ID and password associated with the DB2 instance that owns the Tioli Security Compliance Manager tables. 3. Run the following command as the DB2 user: db2 -tf scmrma.sql Running the SQL script creates the scm_rma.io_alert database iew used by the Tioli Risk Manager Adapter for Tioli Security Compliance Manager. Note: If changes are made to the definitions of any of the jac_sys tables used by the scm_rma.io_alert iew, the iew must be dropped and then created again. Configuring the Tioli Risk Manager serer On each Tioli Risk Manager serer that is to receie alerts from the adapter: 1. On UNIX systems, source the Tioli Risk Manager enironment file:. /etc/tioli/rma_eif_en.sh 2. Copy the serer/itscm.baroc file from the adapter archie file to the $RMHOME/RISKMGR/etc/baroc directory on the Tioli Risk Manager serer system. 3. Make a backup copy of the $RMHOME/RISKMGR/etc/categories.xml file. 2 IBM Tioli Security Compliance Manager: Tioli Risk Manager Adapter Guide
4. Using a text editor, insert the lines contained in the serer/itscm_stanzas_categories.xml file from the adapter archie file into the $RMHOME/RISKMGR/etc/categories.xml file. The lines that are added must be within the <categories> stanza before the </categories> tag. 5. Make a backup copy of the $RMHOME/RISKMGR/etc/riskmgr_baroc.lst file. 6. Using a text editor, add the following line to the $RMHOME/RISKMGR/etc/riskmgr_baroc.lst file: itscm.baroc 7. If you are configuring the Tioli Risk Manager eent serer to receie Tioli Security Compliance Manager alerts, then configure the Tioli Enterprise Console rule base using the instructions proided in the Tioli Risk Manager documentation. 8. Restart the Tioli Risk Manager agent. Configuring the Tioli Risk Manager client Before installing the adapter, perform the following steps. 1. On UNIX systems, source the Tioli Risk Manager enironment file:. /etc/tioli/rma_eif_en.sh 2. Run the following command to store an obfuscated ersion of your database password in a file: $RMHOME/RISKMGR/bin/wrmstashpw $RMHOME/RISKMGR/etc/itscmDB.pwd your_password This preents the password from being stored in the Tioli Risk Manager configuration files in clear text. If you omit this step, you must specify the password later when using the Tioli Risk Manager Eent Monitor Configuration Wizard. The password that is entered in the wizard is stored in clear text in the configuration files. To install the adapter: 1. Stop the Tioli Risk Manager agent. 2. Run the Tioli Risk Manager Eent Monitor Configuration Wizard. Windows launch.bat UNIX and Linux launch.sh 3. On the Select Manual Configuration or Import from Archie panel, select Typical Configuration. 4. On the Typical Configuration Import from Archie panel, enter the location of the Tioli Risk Manager Adapter for Tioli Security Compliance Manager ZIP file in the Archie File field and click Next. This is the client/itscmrma.zip file from the adapter archie file. 5. Enter the appropriate data for the JDBC configuration on the JDBC Table panel. This includes modifying the JDBC Drier and JDBC URL fields as needed, replacing HOSTNAME with the fully qualified name of the database serer used by Tioli Security Compliance Manager. Specify the DB2 instance ID in the JDBC Username field. Specify the name of the password file (itscmdb.pwd in the example preiously) in the JDBC Password File field. Click Next. Note: Specifying an actual password on this panel results in the password being stored in the configuration files in clear text. 6. After the wizard installs the adapter files and updates the Tioli Risk Manager agent configuration, click Finish. Tioli Risk Manager Adapter for Tioli Security Compliance Manager 3
Checking the installation Uninstalling the adapter 7. Modify the $RMHOME/RISKMGR/etc/rmclasspath.conf file to add the library files needed by your JDBC drier. The JDBC Drier proided by DB2 requires the following files: DB2 Version 8.1 DB2INSTDIR/jaa/db2jaa.zip DB2INSTDIR/jaa/db2jcc.jar DB2 Version 7.2 DB2INSTDIR/jaa12/db2jaa.zip 8. Verify that the $RMHOME/RISKMGR/etc/itscmjdbc.xml file that was created by the Tioli Risk Manager Eent Monitor Configuration Wizard has the correct host name, user ID, and password file for your DB2 database serer, and that the URL connection string is correct for the JDBC drier that is being used. Correct any problems. 9. Restart the Tioli Risk Manager agent. To erify that the Tioli Risk Manager Adapter for Tioli Security Compliance Manager has been properly installed and configured: 1. Check that the Tioli Risk Manager agent is running. 2. Create a snapshot with one or more iolations. 3. Verify that the correct eents were registered on the Tioli Risk Manager serer. To uninstall the Tioli Risk Manager Adapter for Tioli Security Compliance Manager: 1. Stop the Tioli Risk Manager agent. 2. Open a command prompt and change to the following directory: RM_INST_DIR/RISKMGR/etc 3. Replace the rmagent.xml file with the preiously saed ersion. If multiple changes hae been made to the file since the adapter was originally added, you can simply remoe the connector and source stanzas associated with this adapter. Those stanzas are similar to the following: <connector> <from name="itscm"/> <to name="summarization"/> </connector> <source name="itscm" class="com.tioli.riskmanager.agent.transports.receiers.rmamonitorreceier"> <set key="rma_conf" alue="/opt/riskmgr/etc/itscm.conf"/> </source> 4. Remoe the other files used by the adapter. UNIX and Linux rm itscm* Windows del itscm* This command remoes the following files: 4 IBM Tioli Security Compliance Manager: Tioli Risk Manager Adapter Guide
itscm.conf itscm.pos itscm.xml itscmjdbc.xml itscmdb.pwd 5. Optionally, if no other Tioli Risk Manager adapters are using JDBC, remoe the JDBC library file path names from the $RMHOME/RISKMGR/rmclasspath.conf file. If you are uncertain, do not modify the file. 6. Restart the Tioli Risk Manager agent. Tioli Risk Manager Adapter for Tioli Security Compliance Manager 5
6 IBM Tioli Security Compliance Manager: Tioli Risk Manager Adapter Guide
Appendix. Notices This information was deeloped for products and serices offered in the U.S.A. IBM may not offer the products, serices, or features discussed in this document in other countries. Consult your local IBM representatie for information on the products and serices currently aailable in your area. Any reference to an IBM product, program, or serice is not intended to state or imply that only that IBM product, program, or serice may be used. Any functionally equialent product, program, or serice that does not infringe any IBM intellectual property right may be used instead. Howeer, it is the user s responsibility to ealuate and erify the operation of any non-ibm product, program, or serice. IBM may hae patents or pending patent applications coering subject matter described in this document. The furnishing of this document does not gie you any license to these patents. You can send license inquiries, in writing, to: IBM Director of Licensing IBM Corporation 500 Columbus Aenue Thornwood, NY 10594 U.S.A For license inquiries regarding double-byte (DBCS) information, contact the IBM Intellectual Property Department in your country or send inquiries, in writing, to: IBM World Trade Asia Corporation Licensing 2-31 Roppongi 3-chome, Minato-ku Tokyo 106, Japan The following paragraph does not apply to the United Kingdom or any other country where such proisions are inconsistent with local law: INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THIS PUBLICATION AS IS WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Some states do not allow disclaimer of express or implied warranties in certain transactions, therefore, this statement may not apply to you. This information could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein; these changes will be incorporated in new editions of the publication. IBM may make improements and/or changes in the product(s) and/or the program(s) described in this publication at any time without notice. Any references in this information to non-ibm Web sites are proided for conenience only and do not in any manner sere as an endorsement of those Web sites. The materials at those Web sites are not part of the materials for this IBM product and use of those Web sites is at your own risk. IBM may use or distribute any of the information you supply in any way it beliees appropriate without incurring any obligation to you. Copyright IBM Corp. 2004 7
Licensees of this program who wish to hae information about it for the purpose of enabling: (i) the exchange of information between independently created programs and other programs (including this one) and (ii) the mutual use of the information which has been exchanged, should contact: IBM Corporation 2Z4A/101 11400 Burnet Road Austin, TX 78758 USA Such information may be aailable, subject to appropriate terms and conditions, including in some cases, payment of a fee. The licensed program described in this information and all licensed material aailable for it are proided by IBM under terms of the IBM Customer Agreement, IBM International Program License Agreement, or any equialent agreement between us. Customers are responsible for ensuring their own compliance with arious laws such as the Graham-Leach-Bliley Act, the Sarbanes-Oxley Act, and the Health Insurance Portability and Accountability Act. It is the customer s sole responsibility to obtain adice of competent legal counsel as to the identification and interpretation of any releant laws that may affect the customer s business and any actions the customer may need to take to comply with such laws. IBM does not proide legal, accounting or auditing adice, or represent or warrant that its products or serices will ensure that customer is in compliance with any law. Any performance data contained herein was determined in a controlled enironment. Therefore, the results obtained in other operating enironments may ary significantly. Some measurements may hae been made on deelopment-leel systems and there is no guarantee that these measurements will be the same on generally aailable systems. Furthermore, some measurement may hae been estimated through extrapolation. Actual results may ary. Users of this document should erify the applicable data for their specific enironment. Information concerning non-ibm products was obtained from the suppliers of those products, their published announcements or other publicly aailable sources. IBM has not tested those products and cannot confirm the accuracy of performance, compatibility or any other claims related to non-ibm products. Questions on the capabilities of non-ibm products should be addressed to the suppliers of those products. All statements regarding IBM s future direction or intent are subject to change or withdrawal without notice, and represent goals and objecties only. This information contains examples of data and reports used in daily business operations. To illustrate them as completely as possible, the examples include the names of indiiduals, companies, brands, and products. All of these names are fictitious and any similarity to the names and addresses used by an actual business enterprise is entirely coincidental. If you are iewing this information softcopy, the photographs and color illustrations may not appear. 8 IBM Tioli Security Compliance Manager: Tioli Risk Manager Adapter Guide
Trademarks The following terms are trademarks or registered trademarks of International Business Machines Corporation in the United States, other countries, or both: DB2 DB2 Uniersal Database IBM IBM logo Tioli Tioli logo Tioli Enterprise Console Microsoft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation in the United States, other countries, or both. Jaa and all Jaa-based trademarks and logos are trademarks or registered trademarks of Sun Microsystems, Inc. in the United States and other countries. Linux is a trademark of Linus Toralds in the United States, other countries, or both. UNIX is a registered trademark of The Open Group in the United States and other countries. Other company, product, and serice names may be trademarks or serice marks of others. Appendix. Notices 9
10 IBM Tioli Security Compliance Manager: Tioli Risk Manager Adapter Guide
Printed in USA