Introduction
Security Analysis Solution (SAS) expects requires connectivity to various locations on the Internet to the for configuration information it uses. If you have a SMP server (Notification Server) that does not have access to internet then by default SAS will not function. This document describes a manual procedure to get your system up and running for this "off-internet" scenarioif it does not have connectivity to the Internet.
Errors during Initial Configuration
When installing SAS using SIM, the initial configuration starts a number of download tasks. These will fail causing errors in log that can be ignored. The errors look like the following:
...
Source: Arellia.SMP.SecurityAnalysis.TaskManagement.ServerTasks.ImportScapContentDataSources.OnExecute
Description: Exception caught in task Register: MITRE Oval Definitions - Recently Modified (721d1095-5241-4a2d-992f-6745a0f1f739) processing resource MITRE Oval Definitions - Recently Modified (1fe03854-1fcf-4e53-94a7-ea56e132f4e9)( Exception Details: System.Exception: Exception downloading file C:\ProgramData\Arellia\ScapContent\MITRE-Oval-Definitions-Recently-Modified_MITRE Oval Definitions - Recently Modified (1fe03854-1fcf-4e53-94a7-ea56e132f4e9)\MITRE-Oval-Definitions-Recently-Modified.xml from http://oval.mitre.org/repository/data/LatestDefinitionDownload?type=modified&Range=DAY0_TO_7&Class=0. ---> System.Net.WebException: The remote name could not be resolved: 'oval.mitre.org'
The Checklist
Running the console and choosing the Profiles tab will take you to the Download Profiles view. It will look like the following:
...
Optional - Copy arellia-checklist-1.3.xml (Either download from http://portal.arellia.com/data/scap/arellia-checklist-1.3.xml or get from the program data folder - %ProgramData%\Arellia\ScapChecklists - from a system that does have connectivity) to %ProgramData%\Arellia\ScapChecklists and choose Try Again and you'll then see the list of available checklists. This page when "off-internet" is only useful in that it shows you the URLs of the profile content you can take note of and use on a system having internet access to download various zip and xml files. See later under "Importing Profiles".
Default Content
There are a number of SCAP Data Sources that are registered by default. You need to download these on a system with internet access, copy them to correct folders on the SMP server, and re-run the registration tasks (that failed during initial configuration as described above).
...
- Use the SCAP Data Source Update Summary report to confirm they have been registered. At the time of writing this there are 16 data sources.
- The following is a direct link to the report - modify the host name as required.
- http://localhost/Altiris/ArelliaConsoles/SecurityManager.aspx#/Reports/56e76749-b12e-45f8-af58-05a10e9d7721
Importing Profiles
The download profiles page shows the links but they will fail to import. You need to perform the downloads on a system that does have internet access and then copy the downloaded files to a location accessible from your Arellia Console. Once the files are available you then use the Import Profile action on the Profiles tab (bottom left). Choose the profile content file and import.
...