How to Use Custom Site Templates and Definitions supporting Corporate look-and-feel

l 10.3 1.0 Installation Auditing and and Configuration Monitoring HP-UX Guide How to Use Custom Site Templates and Definitions supporting Corporate look-and-feel

2010 Quest Software, Inc. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described in this guide is furnished under a software license or nondisclosure agreement. This software may be used or copied only in accordance with the terms of the applicable agreement. No part of this guide may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying and recording for any purpose other than the purchaser s personal use without the written permission of Quest Software, Inc. The information in this document is provided in connection with Quest products. No license, express or implied, by estoppel or otherwise, to any intellectual property right is granted by this document or in connection with the sale of Quest products. EXCEPT AS SET FORTH IN QUEST'S TERMS AND CONDITIONS AS SPECIFIED IN THE LICENSE AGREEMENT FOR THIS PRODUCT, QUEST ASSUMES NO LIABILITY WHATSOEVER AND DISCLAIMS ANY EXPRESS, IMPLIED OR STATUTORY WARRANTY RELATING TO ITS PRODUCTS INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. IN NO EVENT SHALL QUEST BE LIABLE FOR ANY DIRECT, INDIRECT, CONSEQUENTIAL, PUNITIVE, SPECIAL OR INCIDENTAL DAMAGES (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, BUSINESS INTERRUPTION OR LOSS OF INFORMATION) ARISING OUT OF THE USE OR INABILITY TO USE THIS DOCUMENT, EVEN IF QUEST HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Quest makes no representations or warranties with respect to the accuracy or completeness of the contents of this document and reserves the right to make changes to specifications and product descriptions at any time without notice. Quest does not make any commitment to update the information contained in this document. If you have any questions regarding your potential use of this material, contact: Quest Software World Headquarters LEGAL Dept 5 Polaris Way Aliso Viejo, CA 92656 e-mail: info@quest.com Refer to our Web site (www.quest.com) for regional and international office information. TRADEMARKS AccessManager, Active Administrator, ActiveDL, ActiveGroups, ActiveRoles, AKONIX, Benchmark Factory, Big Brother, BOX & WAVE Design, BridgeAccess, BridgeAutoEscalate, BridgeSearch, BridgeTrak, ChangeAuditor, ChangeManager, CI Discovery, DataFactory, Defender, Deploy the Whole Desktop, Desktop Authority, Directory Analyzer, DirectoryExpert, DS Analyzer, DS Expert, Embargo, Enterprise Security Explorer, Enterprise Security Reporter, File System Auditor, Foglight, GPOAdmin, Help Desk Authority, InstantAssist, IntelliProfile, InTrust, itoken, J.CLASS and Design, JClass, Jint, JProbe, Kemma Software, Knowledge Xpert and Design, LiteSpeed, LiveReorg, LogAdmin, MessageStats, Move Mailbox Manager, MultSess, NBSpool, NetBase, NETPRO, PASSGO, PassGo Technologies (and design), Password Reset Manager, Patch Authority, PerformaSure, POINT, CLICK, DONE!, PowerGUI, Privilege Authority, Q.DESIGNER and Design, Quest, Quest Central, Quest Software, Quest Software and Design, Quest Software logo, ReportAdmin, RestoreAdmin, SCRIPTLOGIC, SCRIPTLOGIC (and Design), Secure Copy, Security Explorer, Security Lifecycle Map, SelfServiceAdmin, SharePlex, Spotlight, SQL Navigator, SQL TURBO, SQL TURBO and Design, SQL Watch, SQLAB, STAT, StealthCollect, T.O.A.D, Tag and Follow, TOAD, TOAD WORLD, vautomator, vconverter, vecoshell, VESI, vfoglight, VINTELA, VIZIONCORE, Vizioncore Automation Suite, Vizioncore vessentials, vmigrator, vranger, vspotlight, vtoad, WebDefender, Webthority, XRT are trademarks and registered trademarks of Quest Software, Inc in the United States of America and other countries. For a complete list of Quest Software s trademarks, please see http://www.quest.com/legal/trademark-information.aspx. Other trademarks and registered trademarks are property of their respective owners. Quest InTrust Updated October 29, 2010 Software version 10.3

CONTENTS Introduction... 3 Setup...4 Requirements...4 Installation... 4 Data Sources... 4 Gathering Policies... 5 Import Policies... 5 Consolidation Policies... 5 Tasks... 6 Rules... 6 Reports... 6 Other...7 Getting Started... 8 Agent Setup... 8 Step 1: Install the Agent... 9 Step 2: Establishing a Connection with the Server... 9 Configuring Syslog... 11 Configuring HP-UX Audit log... 11 InTrust Configuration... 11 Data Sources... 11 Auditing, Reporting, and Real-Time Monitoring... 14 Use Scenarios... 15 Syslog Configuration Monitoring... 15 Tracking Security Incidents... 15 Appendix A. Data Collected from Audit Log... 16 Appendix B. InTrust Reports for HP-UX... 18 About Quest Software, Inc.... 19 Contacting Quest Software... 19 Contacting Quest Support... 19 Third Party Contributions... 20 i

Auditing and Monitoring HP-UX Introduction InTrust has built-in auditing and real-time monitoring support for HP-UX. Support for this system is implemented in the HP-UX Knowledge Pack, which enables InTrust to work with HP-UX Syslog, text logs, and audit log. The following table shows what you can audit and monitor on HP-UX: DATA SOURCE GATHERING REAL-TIME MONITORING Syslog messages X X Text logs of any format X Configuration file modification X X HP-UX audit logs X 3

Quest InTrust 10.3 Setup Requirements InTrust 10.0 or later HP-UX 11.11, 11.23, or 11.31 For HP-UX 11.11, the following is also required: HP-UX patches: PHCO_27049 s700_800 11.11 audit(5) man page patch PHCO_27704 s700_800 11.11 audisp(1m) cumulative patch PHCO_27752 s700_800 11.11 audevent(1m) cumulative patch PHCO_33758 s700_800 11.11 login(1) cumulative patch PHCO_35732 s700_800 11.11 ugm cumulative patch PHCO_36465 s700_800 11.11 passwd(1) cumulative patch PHKL_32126 s700_800 11.11 audit subsystem cumulative patch PHNE_36211 s700_800 11.11 r-commands cumulative mega-patch PHSS_33035 s700_800 11.11 ld(1) and linker tools cumulative patch (if operating on PA-RISC architecture) Additional HP-UX software: Secure_Shell.SECURE_SHELL A.04.40.010 or later Installation The HP-UX Knowledge Pack must be installed to enable HP-UX support in InTrust. The HP-UX Knowledge Pack is an option available during InTrust server installation. The following is a list of included objects. Data Sources HP-UX Syslog HP-UX Audit Log HP-UX Account Monitoring HP-UX Text file monitoring 4

Auditing and Monitoring HP-UX Gathering Policies HP-UX Syslog: Security: Common Syslog Security Events HP-UX Syslog: Security: Failed Logins HP-UX Syslog: Security: Successful Logins HP-UX: Security: SU Activity HP-UX: Security: Reboots HP-UX: All Syslog Messages HP-UX: Login/logoff from Audit Log HP-UX Audit Log: Process execution HP-UX Audit Log: Failed file access HP-UX: All Events from Audit Log HP-UX Audit Log: Account management HP-UX Audit Log: Audit management HP-UX: Account monitoring HP-UX: Text file monitoring HP-UX: Security: Common Audit Log Security Events HP-UX: Audit Log: Administrative activity Import Policies HP-UX: Security: Common Syslog Security Events HP-UX: All Syslog messages HP-UX: Security: Failed logins HP-UX: Security: Successful logins HP-UX: Security: su activity HP-UX: Security: Reboots HP-UX: Logins/logouts from Audit Log HP-UX: Process execution events from Audit Log HP-UX: Audit Log: Failed file access HP-UX: All events from Audit Log HP-UX: Account monitoring HP-UX: Text file monitoring HP-UX: Security: Common Audit Log Security Events HP-UX: Audit Log: Administrative activity HP-UX: Audit Log: Account management HP-UX: Audit Log: Audit management Consolidation Policies HP-UX logs consolidation HP-UX logs consolidation for the last month 5

Quest InTrust 10.3 Tasks Rules HP-UX Syslog - daily collection of common security events HP-UX Audit Log - daily collection of common security events HP-UX configuration changes daily collection HP-UX weekly reporting 'su root' succeeded Multiple failed logins Login authentication failed Failed 'su' attempt Successful login by root User account created User account removed Group created Group removed User added to the group User removed from the group Syslog.conf file modified Text file modified Reports User Activity HP-UX login statistics HP-UX user logons HP-UX failed login attempts HP-UX multiple failed login attempts HP-UX process execution All HP-UX syslog events Administrative Activity Account Management HP-UX User management HP-UX Group management HP-UX Group membership management System configuration management HP-UX configuration files modifications HP-UX Audit control 6

Auditing and Monitoring HP-UX Other "HP-UX hosts" site "HP-UX: security" real-time monitoring policy To install the Knowledge Pack, launch InTrust setup on the InTrust server, and select the corresponding option. The reporting server you use must have the same reports that are available in the Knowledge Pack that you install on the InTrust server. For that, install the HP-UX Report Pack on the reporting server you want to use for preparing HP-UX-related reports. 7

Quest InTrust 10.3 Getting Started The following sections explain the steps you need to take to set up HP-UX auditing and monitoring, as follows: 1. Install the InTrust agent on each HP-UX host. 2. Adjust the configuration of Syslog, if necessary. 3. Complete the configuration in InTrust Manager. Agent Setup InTrust agents are required for all InTrust auditing and real-time monitoring activities on HP-UX computers. Before you can audit or monitor such computers, you must do the following: 1. Install the agent. 2. Make the InTrust server aware of the agent and set up agent-to-server communication security. All agent setup procedures must be performed manually on HP-UX computers. Installing an agent does not make it usable by the server, but only prepares it (unpacks installation files, starts services, etc.). Please make sure that you establish a connection with the desired server. When planning where to install the agent, consider that it requires at least 260 megabytes of disk space (280MB recommended). In addition, make sure that you have enough disk space for the event cache, which is located in /var/intrust by default. You can change the location by editing the agent.ini file located in the directory where you install the agent. If you want to make agent configuration changes, you must complete them before you establish a connection with the InTrust server. To diagnose disk space usage, you can use the Agent-side backup failure and Agent-side backup failure resolved rules. Although these rules monitor all kinds of backup failures, the most common reason for a failure is lack of disk space. Uninstalling the agent does not automatically unregister it from InTrust servers. So, you should disconnect agent from each InTrust server it communicates with, for details see the Disconnecting the Agent from the Server section below. 8

Auditing and Monitoring HP-UX Step 1: Install the Agent To install the agent, complete the following steps: 1. Log in to the target computer. 2. Copy the adcscm_package.hpux_parisc.depot package to a local folder on the target computer. This file is located in <InTrust_installation_folder>\InTrust\Server\ADC\Agent\ hpux_parisc on the InTrust server, where it is put during HP-UX Knowledge Pack setup. If you use a protocol with text and binary modes for copying (for example, FTP), make sure the mode is set to binary before the copying starts. 3. Start SAM, and use the Software Management Install Software to Local Host item to set up the agent. The default installation directory is /usr/local/adc. After the installation, the agent will be started automatically. To uninstall the agent from the HP-UX computer, use the Software Management Remove Local Host Software item in SAM. The name of the package is ADCAgent. Step 2: Establishing a Connection with the Server To establish a connection between an agent and an InTrust server, log on to the computer where the agent is installed using the root account and run the following command in the directory that contains the agent:./adcscm -add ServerName Port [password] where: ServerName specifies the InTrust Server to which you bind the agent. This may be the NetBIOS name, FQDN, or IP address. Port specifies the port number at which the server listens to the requests coming from the agent (that is the same as the listening port you specified for the InTrust server during setup); the default port number is 900. Password is the password for initial agent-server authentication; it is required if the Use authentication option is enabled on the InTrust server (see the Authentication section below).by default this password is the same as the organization password supplied during InTrust Server installation; you can change the agent installation password in InTrust server properties. If you want to use an empty password, supply empty quotation marks ( ). If authentication is disabled on the InTrust server, do not specify any password. Disconnecting the Agent from the Server To disconnect the agent from the InTrust server, run the following command on the HP- UX computer where the agent is installed:./adcscm -remove ServerName Port 9

Quest InTrust 10.3 Authentication The authentication process is two-sided (both server-side and agent-side) and based on the Secure Remote Password (SRP) protocol. In addition to authenticating clients to the server securely, the SRP exchanges a cryptographically-strong symmetric key as a byproduct of successful authentication, which enables the two parties to communicate steadily. After initial authentication is successfully performed, the authentication password will automatically be changed every week to secure communication between server and agents. The symmetric key is changed every hour. For manually installed agents, you first have to specify the password on the server. By default, this is the organization password you specified during setup. The authentication mechanism will use this password only when establishing connection for the first time; then this password will be changed regularly. If you want to use a password other than the default, take the following steps: 1. In Quest InTrust Manager Configuration Servers, right-click the server name and select Properties. 2. On the Agent tab, select Use authentication and supply a new password for initial authentication. 3. Provide this password to the agent by using the following command on the HP-UX computer where the agent is installed:./adcscm -add ServerName Port Password Encryption Replace Password with the password that you specified in Step 2. You can select to encrypt data communicated between the agent and the server (encryption uses 3DES with a 168-bit key). By default, encryption is enabled. To enable or disable encryption manually 1. In InTrust Manager, open the properties of the server to which the agent reports. 2. On the Agent tab, select or clear the Use encryption check box. 3. Click Apply and close the dialog box. Registering an Agent Alias on the Server After the connection is established, you can register the agent access name (alias) that the server will use to communicate with the agent. Run the following command on the HP-UX computer where the agent resides:./adcscm -register ServerName Port Alias Replace Alias with the agent name that the server will use for communication with the agent. Agent names must be unique within the scope of an InTrust server. 10

Auditing and Monitoring HP-UX If you want to change the alias, unregister the current alias first. To do that, run the following command on the HP-UX computer where the agent resides:./adcscm -unregister ServerName Port Alias where Alias is the current agent s name. After that, register the new name as described above. You can view agent names and aliases in an agent s properties dialog box in InTrust Manager. Configuring Syslog Syslog is an important logging facility in HP-UX. Syslog functionality is provided by the syslogd daemon, which accepts messages from various sources that support logging, and either writes these messages to files or passes them on to other hosts in the network. The InTrust agent processes the message flow before it arrives at syslogd's input. However, the agent catches only the local messages; it does not catch messages redirected from other computers over the network. Therefore, do not rely on syslogd s message redirection feature if you audit and monitor Syslog with InTrust. InTrust support for the HP-UX Syslog depends on local messages. It is up to you how you configure syslogd logging. This configuration does not affect the operation of the InTrust agent, which provides all the Syslog data that InTrust accepts. Configuring HP-UX Audit log The HP-UX audit system does not require additional configuration for the InTrust agent to work with the audit log. The agent is aware of the two current binary audit log files. Note that if you change the locations of the audit log files, the agent will no longer work with the old files, which may still contain important data. InTrust Configuration After you have taken all the necessary configuration steps on the target HP-UX hosts, the InTrust Manager snap-in takes over all auditing and real-time monitoring operations. This section describes HP-UX-specific settings that are not explained in the other InTrust documentation. Data Sources The HP-UX Syslog and HP-UX Audit Log data sources represent the HP-UX audit trails. The "HP-UX Text File Monitoring" and HP-UX Account Monitoring data sources work with files that are not audit trails. 11

Quest InTrust 10.3 HP-UX Syslog Syslog auditing and real-time monitoring is based on the flow of data intended for the syslogd daemon. The HP-UX Syslog data source is used to analyze the data flow and capture only the necessary portions of it. This data source uses a list of regular expressions. When the data source is working, it applies the expressions, in the order specified, to each message. The order of the regular expressions matters because message processing stops as soon as the message matches one of the expressions. When parsing takes place, pairs of parentheses are used in regular expressions to break messages up into numbered fields. For example, the following regular expression: ^(.{15}) ((?:[[:digit:]][[:alpha:]])?):?([-[:alnum:]_.]+) (su): ((\+) ([[:alnum:]\?]+) (.*)-(.*)) matches the following message: Mar 5 19:19:02 6E:spb9460 su: + 2 user2-root The result is an event with the following fields: FIELD NAME FIELD NUMBER FIELD CONTENTS Computer <3> spb9460 Description <5> + 4 user2-root Event Source <4> su Insertion String #1 <5> + 4 user2-root Insertion String #11 <9> root Insertion String #12 <7> 4 Insertion String #14 <2> 6E Insertion String #8 <8> user2 The last regular expression in the predefined data source is designed to match any message. This ensures that the message is not lost. The result of this regular expression is an event where the Description and Insertion String #1 fields both contain the descriptive part of the message, if a descriptive part is present. It is not recommended that you modify predefined regular expressions in the data source. These expressions are required for the reports that come with the HP-UX Knowledge Pack. These reports will ignore any data resulting from the use of custom regular expressions. If you create a custom Syslog data source with your own regular expressions, make sure you use customized reports based on the data that these regular expressions help capture. Including a lot of complex regular expressions in the data source may slow down Syslog processing significantly. 12

Auditing and Monitoring HP-UX HP-UX Audit Log In InTrust Manager, the HP-UX Audit log is represented by the HP-UX Audit Log data source. Use this data source in any gathering, consolidation and import policies that need to work with Audit log data. For information about the format of the resulting event records, see Appendix A. Text File-Monitoring Data Sources The HP-UX Account Monitoring and HP-UX Text File Monitoring scripted data sources are designed to parse specified files. Real-time monitoring rules use these data sources to monitor the files for changes. These scripted data sources are not designed for general-purpose auditing and monitoring of text-based logs. They should be used only on configuration files that preferably do not exceed 100 kilobytes. To collect large text-based logs, use Custom Text Log Events data sources, as described in the Auditing Custom Logs with Quest InTrust document. To specify the file paths, edit the appropriate parameters of the data sources. For example, to monitor the /etc/hosts.allow and /etc/hosts.deny files, take the following steps: 1. Open the properties of the HP-UX Text File Monitoring data source. 2. On the Parameters tab, select the TextFiles parameter and click Edit. 3. Supply /etc/hosts.allow and /etc/hosts.deny in the dialog box that appears. Similarly, you can edit the UsersFile and GroupsFile parameters of the HP-UX account monitoring data source if the location of the passwd and groups files differs from the default on your HP-UX hosts. Monitoring the passwd and groups files makes sense if your HP-UX environment does not use a directory solution. With a directory in place, information in these files is not important or representative. Script Event Provider Data Sources InTrust provides an additional option to create a custom data source using the Script Event Provider. This functionality allows to create a script that starts with pre-set frequency. Under some conditions that are specified in this script, events are generated and then passed to the InTrust agent. Events are stored in the agent's backup cache. From there, the events can be captured by the gathering or real-time monitoring engine. You can specify the following in the script: what information is stored and how it is ordered in certain events, what conditions are required for event generation. 13

Quest InTrust 10.3 To create a custom data source with Script Event Provider 1. Right-click the Configuration Data Sources node and select New Data Source. 2. In the New Data Source Wizard, select the Script Event Provider data source type. 3. On the Script step select the script language and enter your script text using XML editor. 4. On the same step specify a frequency of the script running. 5. Complete the remaining steps. Auditing, Reporting, and Real-Time Monitoring HP-UX auditing, reporting, and real-time monitoring is similar to working with any other system supported by InTrust. There is only one important difference that refers to active scheduling of the InTrust tasks. For information see the warning note below. An active schedule is required to make the agent cache events. If the schedule is disabled, no events are stored. All data sources described above except "HP-UX Audit Log" use event caching, so it is recommended that you use at least one task for the cache-enabled data sources that run regularly. If you want to gather data only on demand, you must still enable the schedule for your task or tasks, but set it to a point in the future or in the past. Caching is not used for the "HP-UX Audit Log" data source, so you do not need an active schedule just to gather audit log data. The other HP-UX auditing, reporting and real-time monitoring operations do not have special requirements, and you can perform them as described in the InTrust User Guide. 14

Auditing and Monitoring HP-UX Use Scenarios This chapter describes typical situations in a production environment and outlines how InTrust helps handle them. For information about specific procedures, such as creating tasks and jobs or activating rules, see the InTrust User Guide. Syslog Configuration Monitoring Suppose you use a finely-tuned Syslog audit policy in your environment. Your audit configuration has proven efficient and reliable, and you do not want anyone but a few trusted administrators to be able to change it. Even so, you want to know immediately if the audit policy is modified in any way. Use InTrust real-time monitoring capabilities to enable immediate notification. Syslog audit configuration is defined in the syslog.conf file, so the solution in this case is to monitor this file with InTrust and send an alert whenever the file is modified. Enable the Syslog.conf file modified rule and supply the appropriate file paths as the rule's parameter. Tracking Security Incidents You want to receive daily information about possible security issues in your environment, such as brute force attack attempts. You can achieve this by scheduling gathering and reporting jobs with InTrust. Take the following vdsteps: 1. Make sure that syslogd is running. 2. Create an InTrust task that gathers Syslog events from the appropriate site (gathering job) and builds reports based on the gathered data (reporting job).the resulting reports are stored in the local folder that is specified during InTrust installation (for details, see the Specifying reporting settings section in the InTrust Installation and Configuration Guide). 3. A good report for this scenario is HP-UX Multiple failed login attempts. It is up to you whether you want to store the gathered data in an InTrust repository. You can also include a notification job to get notified of task completion. 4. Schedule the task to run every morning at a convenient time. 15

Quest InTrust 10.3 Appendix A. Data Collected from Audit Log This section describes the format that Audit log data is stored in. Native tools are used for converting Audit log to text, and the text entries are transformed into event records for the repository or audit database. Each event record has a fixed number of fields, which are described in the following table. These fields are always present, even if their values are empty. FIELD EventID EventType UserName Description Insertion String 1 Insertion String 2 Insertion String 3 Insertion String 4 Insertion String 5 Insertion String 6 Insertion String 7 Insertion String 8 DETAILS Event ID Success (0x0008) or failure (0x0010) The user that generated the event The body of the event Process ID (PID) Parent process ID (PPID) Audit ID (AID) ID assigned to the initiator account by the audit system and found in all events that this account generates Real UID (RUID) UID of the user that initially logged into the system Real GID (RGID) GID of the user that initially logged into the system Effective UID (EUID) UID of the initiator account at the time of the event; the effective UID may have changed since the user initially logged in Effective GID (EGID) GID of the initiator account at the time of the event; the effective GID may have changed since the user initially logged in Number of the TTY device where the event was generated 16

Auditing and Monitoring HP-UX FIELD Insertion String 9 DETAILS String description of the event Insertion String 10 String description of the real GID (specified by Insertion String 5) Insertion String 11 String description of the effective GID (specified by Insertion String 7) 17

Quest InTrust 10.3 Appendix B. InTrust Reports for HP-UX This section briefly lists the categories of predefined InTrust reports that can be generated on event data collected from HP-UX computers: User activity Administrative Activity: Account Management System configuration management For a complete list of reports and report descriptions, refer to the InTrust 10.3 Reports for HP-UX HTML document. 18

Auditing and Monitoring HP-UX About Quest Software, Inc. Quest simplifies and reduces the cost of managing IT for more than 100,000 customers worldwide. Our innovative solutions make solving the toughest IT management problems easier, enabling customers to save time and money across physical, virtual and cloud environments. For more information about Quest go to www.quest.com. Contacting Quest Software Phone 949.754.8000 (United States and Canada) Email info@quest.com Mail Quest Software, Inc. World Headquarters 5 Polaris Way Aliso Viejo, CA 92656 USA Web site www.quest.com Please refer to our Web site for regional and international office information. Contacting Quest Support Quest Support is available to customers who have a trial version of a Quest product or who have purchased a Quest product and have a valid maintenance contract. Quest Support provides unlimited 24x7 access to SupportLink, our self-service portal. Visit SupportLink at http://support.quest.com/ From SupportLink, you can do the following: Retrieve thousands of solutions from our online Knowledgebase Download the latest releases and service packs Create, update and review Support cases View the Global Support Guide for a detailed explanation of support programs, online services, contact information, and policy and procedures. The guide is available at: http://support.quest.com. 19

Quest InTrust 10.3 Third Party Contributions Quest InTrust, version 10.3 contains some third party components (listed below). Copies of their licenses may be found at http://www.quest.com/legal/third-party-licenses.aspx. COMPONENT LICENSE OR ACKNOWLEDGEMENT boost 1.32.0 Boost License version 1.0 CLucene 0.9 Apache version 1.1 This product includes software developed by the Apache Software Foundation (http://www.apache.org.) expat 1.95.5 MIT flex 2.5.4, 2.5.25, 2.5.27 flex 2.5.25/27 GNU standard C++ class library 3* GPL 2.0 with the "runtime exception" libdes 4.01 libdes 1.0 Net-SNMP 5.0.3 Net-SNMP OpenSSL 0.9.6g OpenSSL 1.0 This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/) SpiderMonkey 1.5* Netscape Public License ("NPL") 1.1 Stanford SRP 1.7.5 Stanford SRP This product includes software developed by Tom Wu and Eugene Jhong for the SRP Distribution (http://srp.stanford.edu/). This product uses the "Secure Remote Password' cryptographic authentication system developed by Tom Wu (tjw@cs.stanford.edu). ZLib 1.1.4 zlib 1.2.3 Copyright 1995-2005 Jean-loup Gailly and Mark Adler * a copy of the source code for this component is available at http://rc.quest.com. License agreement texts are provided in the Third Party Licenses HTML document. 20