Warning | ||
---|---|---|
| ||
This topic needs review. And there are outstanding items in the text (such as how to source a set of default content). |
Introduction
Security If you don't have Internet connectivity on the machine you're using to install and configure Security Analysis Solution (SAS) expects connectivity to various locations on the Internet to the configuration information it uses. If you have a SMP server (Notification Server) that does not have access to internet then by default SAS will not function. This document describes a manual procedure to get your system up and running for this "off-internet" scenario, then follow the instructions in this document to get up and running.
Errors during
...
initial configuration
When installing you install SAS using SIM, the initial configuration starts a number of download tasks. These will fail causing errors in log such as the following:on a machine that is not connected to the Internet, resulting in log errors like the following:
Source: Arellia.SMP.SecurityAnalysis.Resources.ScapContentResource.DownloadFromSource
Description: Exception downloading file C:\ProgramData\Arellia\ScapContent\nvdcve-2.0-2002-2006_NVD CVE v2.0 - 2002-2006 (98a6f6d7-aa55-4536-be45-86de0725726e)\nvdcve-2.0-2002-2006.zip from http://portal.arellia.com/data/scap/nvdcve-2.0-2002-2006.zip.( Exception Details: System.Net.WebException: The remote name could not be resolved: 'portal.arellia.com'
at System.Net.WebClient.DownloadFile(Uri address, String fileName)
at Arellia.SMP.SecurityAnalysis.Resources.ScapContentResource.DownloadFromSource() )
Source: Arellia.SMP.SecurityAnalysis.TaskManagement.ServerTasks.ImportScapContentDataSources.OnExecute
Description: Exception caught in task Register: MITRE Oval Definitions - Recently Modified (721d1095-5241-4a2d-992f-6745a0f1f739) processing resource MITRE Oval Definitions - Recently Modified (1fe03854-1fcf-4e53-94a7-ea56e132f4e9)( Exception Details: System.Exception: Exception downloading file C:\ProgramData\Arellia\ScapContent\MITRE-Oval-Definitions-Recently-Modified_MITRE Oval Definitions - Recently Modified (1fe03854-1fcf-4e53-94a7-ea56e132f4e9)\MITRE-Oval-Definitions-Recently-Modified.xml from http://oval.mitre.org/repository/data/LatestDefinitionDownload?type=modified&Range=DAY0_TO_7&Class=0. ---> System.Net.WebException: The remote name could not be resolved: 'oval.mitre.org'
The Checklist
Running the console and choosing the Profiles tab will take you to the Download Profiles view. It will look like the following:
Copy arellia-checklist-1.3.xml to %ProgramData%\Arellia\ScapChecklists and choose Try Again and you'll then see the list of available checklists. This page when "off-internet" is only useful in that it This error message shows you the URLs of the profile content that you can take note of and use access on a system having internet access connected machine to download various .zip and .xml files. See later under "Importing Profiles".
Default Content
There are also a number of default SCAP Data Sources data sources that are registered by default. You need to source must download these on a system with internet accessmachine that is connected to the Internet, copy them to the correct folders on the SMP serverAMS, and then re-run the registration tasks ( that failed during the initial configuration as described above)previously.
...
If downloading the content manually, get the content (typically .zip files) from the locations specified above and carry to the TMS. Then unzip to the %ProgramData%\Arellia\ScapContent. The zipped content will create its own folder under the ScapContent folder and place any files and sub-folders in that directory.
Tip | |
---|---|
|
...
| |
Most content comes from external sites to Arellia; typically nist.gov. The checklist and some of the CVE data comes from portal.arellia.com. This can be seen by searching arellia-checklist-1.4.xml for portal.arellia.com. |
- Re-run each of the "Register: XXX tasksUpdate tasks" by right clicking on each of the failed task runs and choosing Start Now. There are 10 of these tasks to run. See the following screen shot showing where these tasks can be found.
- Use the SCAP Data Source Update Summary report to confirm they have been registered. At the time of writing this there are 16 data sources.
- The following is a direct link to the report - modify the host name as required.
- http://localhost/Altiris/ArelliaConsoles/SecurityManager.aspx#Ams/SecurityManager#/Reports/56e76749-b12e-45f8-af58-05a10e9d7721
Importing Profiles
Running the console and choosing the Profiles tab will take you to the Download Profiles view. It will look like the following:
The download profiles page shows the links but they will fail to import. You need to perform the downloads on a system that does have internet access and then copy the downloaded files to a location accessible from your Arellia Console. Once the files are available you then use the Import Profile action on the Profiles tab (bottom left). Choose the profile content file and import.
- Work There is in progress to make a view available from on online portal that shows the same links. This link will be a page on the Arellia Data Portal that shows these links. See View Arellia Checklist. Or you can go direct to the various official sites. (links to be provided).
- To set expectations - profile imports can take a while, whether connected to the internet or not - on the order of an hour for a handful of profiles.
To install arellia-checklist-1.4.xml, either download it from http://portal.arellia.com/data/scap/arellia-checklist-1.4.xml, or download it on a machine that is connected to the Internet and then copy it from the program data folder C:\inetpub\wwwroot\Ams\App_Data\SAS\ScapChecklists. Then click Try Again and you'll see the list of available checklists.