Red Hat | NETWORK PROXY 5.3.0 - | Webwasher CSM 5.3 Installation Guide

Webwasher CSM 5.3 Installation Guide
Installation Guide
Webwasher® CSM Suite 5.3
I–WW–0406–EN
All Rights Reserved, Published and Printed in Germany
©2006 Secure Computing Corporation.
This document may not, in whole or in part, be copied, photocopied,
reproduced, translated, or reduced to any electronic medium or machine-readable form without prior consent
in writing from Secure Computing Corporation. Every effort has been made to ensure the accuracy of this
manual. However, Secure Computing Corporation, makes no warranties with respect to this documentation
and disclaims any implied warranties of merchantability and fitness for a particular purpose. Secure Computing Corporation shall not be liable for any error or for incidental or consequential damages in connection with
the furnishing, performance, or use of this manual or the examples herein. The information in this document
is subject to change without notice. Webwasher, MethodMix, AV PreScan, Live Reporting, Content Reporter,
ContentReporter, Real-Time Classifier are all trademarks or registered trademarks of Secure Computing Corporation in Germany and/or other countries. Microsoft, Windows NT, Windows 2000 are registered trademarks
of Microsoft Corporation in the United States and/or other countries. McAfee is a business unit of Network
Associates, Inc. CheckPoint, OPSEC, and FireWall-1 are trademarks or registered trademarks of CheckPoint
Software Technologies Ltd. or its affiliates. Sun and Solaris are trademarks or registered trademarks of Sun
Microsystems, Inc. in the United States and other countries. Squid is copyrighted by the University of California, San Diego. Squid uses some code developed by others. Squid is Free Software, licensed under the
terms of the GNU General Public License. NetCache is a registered trademark of Network Appliances, Inc.
in the United States and other countries. Linux is a registered trademark of Linus Torvalds. Other product
names mentioned in this guide may be trademarks or registered trademarks of their respective companies
and are the sole property of their respective manufacturers.
Secure Computing Corporation
Webwasher – A Secure Computing Brand
Vattmannstrasse 3, 33100 Paderborn, Germany
Phone: +49 (0) 5251 50054-0
Fax: +49 (0) 5251 50054-11
info@webwasher.com
www.webwasher.com
www.securecomputing.com
Webwasher Support in the UK
Phone: +44 (0) 870 460 4755
Contents
Chapter 1
1.1
1.2
1.2.1
1.2.2
1.2.3
1.3
........................................................................................
About This Guide ...........................................................................
System Requirements ....................................................................
Windows ......................................................................................
Solaris .........................................................................................
Linux ...........................................................................................
Downloading the Software ..............................................................
Introduction
1– 1
1– 1
1–
1–
1–
1–
1
1
2
2
1– 3
..................................................................... 2– 1
2.1 Silent Installation ........................................................................... 2– 2
2.2 Uninstalling on Windows ................................................................. 2– 2
Chapter 2
Installation on Windows
......................................................................... 3– 1
3.1 Uninstalling on Solaris .................................................................... 3– 2
Chapter 3
Installation on Solaris
...........................................................................
4.1 Alternative Installation on Debian ......................................................
4.2 Alternative Installation on SUSE .......................................................
4.3 Alternative Installation on Red Hat .....................................................
Chapter 4
4.4
Installation on Linux
4– 1
4– 2
4– 3
4– 3
Additional Configuration When Using the McAfee Anti Virus
Engine .........................................................................................
Debian ........................................................................................
SUSE ..........................................................................................
Red Hat .......................................................................................
4–
4–
4–
4–
4.5
Additional Configuration When Using SSL Scanner on SUSE
LINUX Enterprise Server .................................................................
4– 5
4.6
Uninstalling on Linux ......................................................................
4– 5
...........................................................................
Upgrading From Old Versions ..........................................................
Upgrading from 3.x ........................................................................
Upgrading from 4.x ........................................................................
License Requirements for NetCache Customers ..................................
Adding Additional Products ..............................................................
Activating Your License ...................................................................
5– 1
4.4.1
4.4.2
4.4.3
Chapter 5
5.1
5.1.1
5.1.2
5.1.3
5.2
5.3
Chapter 6
Appendix A
License Information
Important Files
5–
5–
5–
5–
4
4
4
4
1
1
1
2
5– 2
5– 2
................................................................................... 6– 1
Windows TCP/IP Installation Dialog
.................................................. A– 1
i
Chapter 1
Introduction
Thank you for selecting Webwasher as your company’s comprehensive filtering solution for enterprise-wide Content Security Management.
1.1
About This Guide
The goal of this guide is to assist you in quickly installing the Webwasher product of your choice. Assuming you meet or exceed the system requirements as
outlined in below, you can install Webwasher either on Windows (Chapter 2),
Solaris (Chapter 3) or Linux (Chapter 4) from a single binary. To activate your
license, please read Chapter 5.
The Webwasher User’s Guide, Online Help and Reference Guide offer
deeper insight about Webwasher’s features and functions. These guides are
available via the Web interface under “Manuals”, or via the Webwasher extranet.
1.2
System Requirements
Webwasher supports ICAP servers and the standalone HTTP proxy on Windows, Solaris and Linux. Please ensure that your equipment meets or exceeds
the system requirements listed below:
1.2.1
Windows
• Windows workstation
• 512 MB RAM (or more)
• Windows 2000/2003 Server
1–1
Introduction
• Standard Web browser
Note: Webwasher can also be installed and will run on Windows XP. There is,
however, no support offered for this type of configuration. When running Webwasher under this operating system, the maximum number of connections is
also restricted to an extent that impedes the reasonable use of multiple clients.
Because of similar restrictions for Windows 2000 Professional, it is also not
recommended to run Webwasher under this operating system.
1.2.2
Solaris
• Sun Ultra SPARC workstation
• 512 MB RAM (or more)
• Sun Solaris 8 or 9
• Standard Web browser
1.2.3
Linux
• Linux i586 workstation (Pentium class processor-compatible)
• 512 MB RAM (or more)
• Red Hat Enterprise Linux 3, SUSE Linux Enterprise Server 8, Debian
GNU/Linux 3.1
Note that UnitedLinux 1.0 x86 Service Pack 3 is needed for the SUSE Linux
Enterprise Server 8.
• Standard Web browser
Note: For Webwasher versions older than 5.3, Debian 3.0 can also be used,
and support is offered for this type of configuration.
Since there is a different kernel with Debian 3.0, and older library versions may
be used, it is not recommended to run Webwasher 5.3 or higher versions under
this operating system.
1–2
Introduction
1.3
Downloading the Software
A trial version of the Webwasher software can be downloaded from
http://www.webwasher.com.
A non-trial version can be downloaded from https://www.webwasher.com/extranet/
1–3
Chapter 2
Installation on Windows
The first step involves a straightforward installation of Webwasher. The Installation Wizard will guide you through and it is normally fine to accept all default
settings.
Follow these steps to install Webwasher as a server on Windows:
1. Start
the
installation
file
wwcsm<version number>-<build num-
ber>.exe.
2. A standard Installation Wizard appears, which will guide you through all
of the steps required. First, you need to accept the License Agreement.
3. Select the appropriate destination path.
4. Choose the start menu folder.
5. TCP/IP Parameters Prompt: A prompt window may appear, telling you
that some of your TCP/IP parameters are not configured for optimal server
performance (see the figure below). Should this prompt appear, please
read Appendix A for more details. If not, please continue with Step 6.
6. Install Webwasher as a service: After the installation process has finished
copying all the files to the destination path, it will present you with a final
screen where Webwasher CSM will be installed as a service by default.
This means that Webwasher will then be running at all times, even if no
one is logged onto the computer, acting as a system component. If you
choose to run Webwasher in the non-service or standalone mode, Webwasher will then act as an application and will need to be started and
stopped manually.
7. You can choose to view the Quick Configuration Guide upon “Finish”.
We recommend viewing this guide in order to learn how to access the Web
interface, change passwords, upload the appropriate product license key,
set up some one-time configurations, and learn how to test the filters and
antivirus engine.
8. If the Registry settings have been changed as in Step 5, the screen will
also suggest that a reboot of the system is required. If this option is selected, your system will be shut down immediately. The default here is to
let you reboot when appropriate.
9. After a successful installation, there should be a Webwasher folder in the
Start Menu.
2–1
Installation on Windows
2.1
Silent Installation
Webwasher can be installed silently on Windows, by using command line options for the installer, which allow you to answer all possible questions that
come up during the normal installation, plus the option to reboot if needed.
Enter the following command:
wwcsm<version number>-<build number>.exe /s /noreboot
/dest:"d:\apps\webwasher"
where
/s needs to be set to tell the installer to work in silent mode (no interaction
with the GUI).
/noreboot is optional. If not specified, the installer will do a reboot without
any notification if needed (e.g. if the service was running and files could not
be overwritten).
/dest is also optional and allows you to specify the destination directory where
Webwasher should be installed.
2.2
Uninstalling on Windows
On Windows, Uninstalling Webwasher can be done by selecting Webwasher
in the Add/Remove Programs menu of the Windows Control Panel, and then
clicking on the Change/Remove button.
Note: If Webwasher is running at this time, it will be closed, and if Webwasher
is installed as a service, it will be uninstalled. Uninstallation can be done at
any time without causing harm to your system. However, any log files still
remaining in the logs directory of the Webwasher directory will not be removed.
2–2
Chapter 3
Installation on Solaris
Follow these steps to install Webwasher as a server on a Solaris operating
system:
1. First, download the appropriate version for Solaris 8 or 9.
2. Locate the archive file:
webwasher-csm-{packet version number}-solaris-{build platform version}-sparc.tar.gz
where the packet version number is the version number combined
with the build number. For example: webwasher–csm–5.3.0-995–solaris–2.9–sparc.tar.gz
3. Unpack the Webwasher archive to your working directory with the following command:
cat {archive file name} | gunzip | tar xvf -
For example: cat webwasher–csm-5.3.0-995-solaris-2.9-sparc.tar.gz |
gunzip | tar xvf 4. You should now have the following six files in your current directory:
webwasher-csm.install
webwasher-csm.license
webwasher-csm.readme
webwasher-csm.remove
webwasher-csm.ss
webwasher-csm.sw
5. Run the install script from your current directory:
{current directory}/webwasher-csm.install
and answer the questions about the installation and license agreement.
Following this there is a series of configuration questions about user and
3–1
Installation on Solaris
group. In each case, to accept the default value (recommended), press
“Enter”.
where should webwasher be installed? (/opt/webwasher-csm)
which user should webwasher run as? (wwasher)
which group should webwasher run as? (wwasher)
Pressing return will allow the default group (wwasher) to be used. You
may also select another group. The script checks if this group exists, and
creates one if it does not.
6. The installation is now complete. The starting script “webwasher-com”
will then be available in /etc/init.d/, where starting, stopping and status
analyses are possible.
3.1
Uninstalling on Solaris
Go into /etc/software/. This directory is created by and specific to the package
manager used by Webwasher. Once in /etc/software/, uninstallation can be
done automatically by running the webwasher-csm.remove script.
3–2
Chapter 4
Installation on Linux
The following sections describe how to install Webwasher as a server on a
Linux operating system.
For a special issue concerning the capability module, see section 4.1. For
special information about using the McAfee antivirus engine on Linux, see 4.4.
To install Webwasher on Linux, complete the following steps:
1. First, download the appropriate version for Linux (e. g. Debian GNU/Linux
3.1, Red Hat Enterprise Linux 3.1 or SUSE LINUX Enterprise Server 8).
2. Locate the archive file:
webwasher-csm-{packet version number}-linux-{build distribution}-intel.tar.gz
where the packet version number is the version number combined with
the build distribution. For example: webwasher–csm–5.3–1000–debian3.1–intel-tar.gz
3. Unpack the Webwasher archive to your working directory with the following script:
tar xvzf {archive file name} | gunzip | tar xvf -
For example:
tel.tar.gz
tar xvzf webwasher-csm-5.3.0–1000–debian-3.1-in-
4. You should now have the following six files in your current directory:
webwasher-csm.install
webwasher-.cms.license
webwasher-csm.readme
webwasher-csm.remove
webwasher-csm.ss
webwasher-csm.sw
5. Run the install script from your current directory:
{current directory}/webwasher-csm.install
and answer the questions about the installation and license agreement.
Following this there are a series of configuration questions about user
4–1
Installation on Linux
and group. In each case, to accept the default value (recommended),
and press “Enter”.
where should webwasher be installed? (/opt/webwasher-csm)
which user should webwasher run as? (wwasher)
which group should webwasher run as? (wwasher)
The installation is now complete, and the ICAP server is running.
6. Now Webwasher should be installed and running, and waits for requests.
For an easy, alternate method of installing on Debian, SUSE, and Red
Hat, please refer to Sections 4.1, 4.2 and 4.3 accordingly.
4.1
Alternative Installation on Debian
When installing Webwasher on Debian, the following issue must be dealt with.
It was found under Debian 3.0, but could also occur with other distributions of
Linux.
Webwasher will not run if in the Linux kernel the capability module has not
been loaded and at the same time the CONFIG_SECURITY=Y flag is set.
To solve this problem:
• Load the capability module by configuring:
modprob capability
or:
• Set the flag mentioned above to a negative value:
CONFIG_SECURITY=N
To perform the installation procedure, complete the following steps:
1. Download your .deb package, e.g.
webwasher-csm-5.3.0-995-debian-3.1-intel.deb
2. Install it via
dpkg --install <DEBIAN PACKAGE>.deb
Webwasher will be installed in /opt/webwasher-csm.
4–2
Installation on Linux
3. The starting script “webwasher-csm” will then be available in /etc/init.d/,
where starting, stopping, and status analyses will be possible.
4.2
Alternative Installation on SUSE
1. Please download your .rpm package, e.g.
webwasher-csm-5.3.0-995-sles-8.0-intel.rpm
2. Install it via
rpm -ihv <RPM PACKAGE>.rpm
Webwasher will be installed in /opt/webwasher-csm.
3. The starting script “webwasher-csm” will then be available in /etc/init.d/,
where starting, stopping, and status analyses will be possible.
4.3
Alternative Installation on Red Hat
1. Please download your .rpm package, e.g.
webwasher-csm-5.3.0-995-rhel-3.0.rpm
2. Install it via
rpm -ihv <RPM PACKAGE>.rpm
Webwasher will be installed in /opt/webwasher-csm.
3. The starting script “webwasher-csm” will then be available in /etc/init.d/,
where starting, stopping, and status analyses will be possible.
4–3
Installation on Linux
4.4
Additional Configuration When Using the McAfee
Anti Virus Engine
In order to use the McAfee anti virus engine on Linux, special packages are
needed for Debian, Red Hat and SUSE:
4.4.1
Debian
Packages are available from the official Debian server:
http://archive.debian.org/dists/potato/main/binary-i386/oldlibs/libstdc++2.8_2.90.29-2.deb
You can install with the command:
dpkg --install <path_to_package>
Note: This package can also be installed on Woody and Sid.
4.4.2
SUSE
The package is called “compat”, and is available from the distribution
CD-ROM/source. You can install with YaST.
4.4.3
Red Hat
The package is called compat-libstdc++, and is available from the distribution
CD-ROM/source. The install command is rpm -i <path_to_package>
4–4
Installation on Linux
4.5
Additional Configuration When Using SSL
Scanner on SUSE LINUX Enterprise Server
The package is called “compat”, and is available from the distribution
CD-ROM/source. You can install with YaST.
4.6
Uninstalling on Linux
On Linux, you must go into /etc/software/. This directory is created by and
specific to the package manager used by Webwasher. Once in /etc/software/,
uninstallation can be done automatically by running the webwasher-csm.remove script.
4–5
Chapter 5
License Information
If you are installing a new license in order to upgrade an existing version of a
Webwasher product, please review the following sections about licensing and
upgrading before activating your license as described in section 5.3.
5.1
Upgrading From Old Versions
There are different upgrading procedures depending on which generation (3.x
or 4.x) of Webwasher product you are upgrading.
For upgrades from 4.x to 5.x, please see section 5.1.2 if you would like to
know more about the automatic migration. Upgrading from Webwasher 3.x is
not possible.
5.1.1
Upgrading from 3.x
Upgrading from Webwasher 3.x is not possible. Please de-install this version
first before you install Webwasher 5.x. You will also need to install a new license for Webwasher 5.x by going to the Webwasher extranet.
5.1.2
Upgrading from 4.x
Webwasher 5.x can be installed over an earlier version of Webwasher 4.x.
When updating an old Webwasher installation with a new Webwasher version,
Webwasher tries to take over as much of the old settings as possible. This
process is called migration. Due to setting changes (for example new settings,
removed, or renamed settings, etc.), this is not an easy task. However, Webwasher migrates old settings automatically. After a new Webwasher version
is installed and started for the first time, Webwasher detects the presence of
5–1
License Information
old settings and automatically migrates them. All changes are logged to the
file “logs/migration.log”. If the first start of Webwasher fails due to an unsuccessful migration, this log file gives you information about what went wrong.
Please note that all changes are undone if migration fails, to avoid having an
inconsistent state for configuration files. More details about configuration file
changes can be found in Chapter 2 of the Reference Guide.
5.1.3
License Requirements for NetCache Customers
For customers with NetCache version 5.2 and later, a special ICAP license is
needed to enable this feature on NetCache.
The NetCache ICAP license is: MOQPNOJ
5.2
Adding Additional Products
If you are expanding Webwasher 5.x by installing other products from the 5.x
family (such as adding Webwasher Anti Virus 5.x to an existing Webwasher
URL Filter 5.x product), you need only to activate a new license. Please see
section 5.3 for instructions about license activation.
5.3
Activating Your License
To activate your license, you will first need to access Webwasher’s platform-independent HTML Web interface. This interface can be accessed remotely via
a Web browser. You can also configure Webwasher’s Secure Administration
Shell (SSH) to access Webwasher via command line interface; please refer to
the User’s Guide of your product for more details about setting this up.
1. To access the Web interface when Webwasher is running on your local
computer configured to run on the default port, can be done by entering:
http://localhost:9090/conf
for HTTP connections, and
https://localhost:9091/conf
for HTTPS connections. For HTTPS connections, the Certificate Fingerprint (valid from May 29th, 2003 until May 28th, 2008) is:
5–2
License Information
49 7b 00 8C 72 2F D1 a9 cb fc 1b 6a e0 8d 6f 87 3a ec 5b cf
(sha1)
2. You can also enter http://-web.washer-/conf
3. A dialog box appears. Enter the temporary user name (admin) and password (webwasher). These can be changed by clicking on the “Change
Password” link in the navigation bar of the Home page.
4. Assuming you have already saved the new license file to the “conf” directory of your Webwasher installation directory (or other folder of your
choice), click on “License Information” and go to the Import License
section near the bottom of the page.
5. Click on “Browse” to select the location and name of the license file, select
“Open”.
6. Click on “Activate License”. Your license will be uploaded, and the message “The license was accepted” should appear in red. Selecting “OK”
will take you to the System Alerts page for further configuration; see the
Quick Configuration Guide for more details.
5–3
Chapter 6
Important Files
• /conf
— configuration files
— global.ini / global.conf (system configuration)
— default.ini / default.conf (default profile)
— <policy>.ini / <policy>.conf (all other profiles)
• UNIX: /lib/errors
— system error messages
— can be customized (see the Reference Guide)
• Windows: /conf/errors
— system error messages
— can be customized (see the Reference Guide)
• /doc
— documentation
• /logs
— log files
— can be accessed via Web interface
6–1
Appendix A
Windows TCP/IP Installation Dialog
During the installation process, a prompt window may appear indicating that
some of your TCP/IP parameters are not configured for optimal server performance (see the figure below). Should this prompt appear, please follow the
steps below:
Selecting Yes will change HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
in Windows registry by editing the following two keys:
MaxUserPort REG_DWORD Value=65000 (decimal) and
TcpTimedWaitDelay REG_DWORD Value=60 (decimal)
The first parameter controls the maximum port number used when a client
application requests any available user port from the system. The default value
is 5,000, where the default ports are between 1024 and 5000 (leaving 3,976
available ports).
The second parameter determines how long a closed port will wait until it is
reused.
When computers that run Windows NT clients use an excessive number of
ports (more than 3,976 at a time, as may be the case in larger enterprises),
A–1
Windows TCP/IP Installation Dialog
the number of ports may run out before the TCP/IP peer releases the closed
connections for reuse (which is by default 4 minutes), leaving clients unable to
create new connections to the server.
By selecting Yes, more ports (up to 65,000) will be used, and TIME_WAIT will
be reduced to 1 minute, and clients will then be able to access the server.
A–2
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertising