altiris - Symantec SSL Certificates Support

altiris - Symantec SSL Certificates Support
ALTIRIS®
Agent 6.2 for UNIX, Linux and Mac
Help
Notice
Altiris® Agent 6.2 for UNIX, Linux and Mac
© 2006 Altiris, Inc. All rights reserved.
Document Date: December 1, 2006
Information in this document: (i) is provided for informational purposes only with respect to products of Altiris or its subsidiaries (“Products”),
(ii) represents Altiris' views as of the date of publication of this document, (iii) is subject to change without notice (for the latest
documentation, visit our Web site at www.altiris.com/Support), and (iv) should not be construed as any commitment by Altiris. Except as
provided in Altiris' license agreement governing its Products, ALTIRIS ASSUMES NO LIABILITY WHATSOEVER AND DISCLAIMS ANY EXPRESS
OR IMPLIED WARRANTIES RELATING TO THE USE OF ANY PRODUCTS, INCLUDING WITHOUT LIMITATION, WARRANTIES OF FITNESS FOR A
PARTICULAR PURPOSE, MERCHANTABILITY, OR INFRINGEMENT OF ANY THIRD-PARTY INTELLECTUAL PROPERTY RIGHTS. Altiris assumes no
responsibility for any errors or omissions contained in this document, and Altiris specifically disclaims any and all liabilities and/or obligations
for any claims, suits or damages arising in connection with the use of, reliance upon, or dissemination of this document, and/or the
information contained herein.
Altiris may have patents or pending patent applications, trademarks, copyrights, or other intellectual property rights that relate to the
Products referenced herein. The furnishing of this document and other materials and information does not provide any license, express or
implied, by estoppel or otherwise, to any foregoing intellectual property rights.
No part of this document may be reproduced, stored in a retrieval system, or transmitted in any form or by any means without the express
written consent of Altiris, Inc.
Customers are solely responsible for assessing the suitability of the Products for use in particular applications or environments. Products are
not intended for use in medical, life saving, life sustaining, critical control or safety systems, or in nuclear facility applications.
*All other names or marks may be claimed as trademarks of their respective companies.
Altiris Agent for UNIX, Linux and Mac Help
2
Contents
Chapter 1: Introduction to the Altiris® Agent for UNIX, Linux and Mac . . . . . . . . . . . . . 5
Altiris Agent Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Altiris Agent Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Altiris Agent Architecture. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Chapter 2: Setup and Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
UNIX and Linux Client Computer Requirements . . . . . .
Supported Operating Systems . . . . . . . . . . . . . . .
Hardware Requirements . . . . . . . . . . . . . . . . . . .
Macintosh Client Computer Requirements . . . . . . . . . .
Supported Operating Systems . . . . . . . . . . . . . . .
Hardware Requirements . . . . . . . . . . . . . . . . . . .
Installing the Altiris Agent to Notification Server . . . . .
Configuring the Altiris Agent . . . . . . . . . . . . . . . . . . .
Location of the Altiris Agent Settings . . . . . . . . . .
UNIX, Linux and Mac Agent Configuration . . . . . . .
Software Delivery Settings . . . . . . . . . . . . . . . . .
Network Discovery . . . . . . . . . . . . . . . . . . . . . . . . . .
Installing the Altiris Agent to Client Computers . . . . . .
Altiris Agent Push Installation . . . . . . . . . . . . . . .
Agent Installation Settings. . . . . . . . . . . . . . .
SSH Key Generator. . . . . . . . . . . . . . . . . . . .
CSV File Template . . . . . . . . . . . . . . . . . . . .
Modify a .CSV File. . . . . . . . . . . . . . . . . . . . .
Import a .CSV File . . . . . . . . . . . . . . . . . . . .
Altiris Agent Pull Installation . . . . . . . . . . . . . . . .
Altiris Agent Manual Installation . . . . . . . . . . . . . .
Altiris Agent Installation Logs. . . . . . . . . . . . . . . .
.....
.....
.....
.....
.....
.....
.....
.....
.....
.....
.....
.....
.....
.....
.....
.....
.....
.....
.....
.....
.....
.....
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
. 8
. 9
. 9
. 9
10
10
10
10
11
11
14
15
16
16
18
22
23
23
24
25
26
30
Chapter 3: Directories, Files, Links, and Processes . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Links. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Files and Processes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Chapter 4: Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Altiris Agent Installation Errors. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Push Agent Installation Errors . . . . . . . . . . . . . . . . . . . . . . . . . . .
General Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Push Installation Failing. . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Push Installation Hanging . . . . . . . . . . . . . . . . . . . . . . . . . . .
Push Installation Not Working using HTTPS . . . . . . . . . . . . . . .
Problem Installing to Custom Directories using Red Hat 8 . . . . . . . .
Package Server Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Agent Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Altiris Agent Installation Errors. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Issues when Uninstalling the Altiris Agent for UNIX, Linux and Mac . . . .
Troubleshooting Network Problems . . . . . . . . . . . . . . . . . . . . . . . . . . .
TCP/IP Validation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
SSH and Telnet Validation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Altiris Agent for UNIX, Linux and Mac Help
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
36
36
36
37
37
37
37
38
38
38
40
40
40
41
3
Domain Name System (DNS) Validation
HTTP Communication Validation . . . . . .
Additional Troubleshooting Tips . . . . . . . . .
Using the log file . . . . . . . . . . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
42
43
43
44
Appendix . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Sample client.conf file. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Index. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Altiris Agent for UNIX, Linux and Mac Help
4
Chapter 1
Introduction to the Altiris® Agent for UNIX,
Linux and Mac
The Altiris® Notification Server™ software is the core component for managing your
infrastructure systems. Altiris suites and solutions plug-in to the Notification Server
architecture, providing you with the tools needed to monitor hardware and software,
install software packages and file updates, collect inventory, manage resources, and
more.
The Altiris Agent is the software component that establishes communication between
the Notification Server and each computer. Notification Server uses the Altiris Agent to
gather different types of information from each client computer, depending on which
solution you have installed. The collected data is then sent to Notification Server’s
centralized database where you can view, print, and create custom reports. Data
collection can also be automated through the use of scheduled tasks.
The Altiris Agent is deployed from the Notification Server to client computers, and it
must be installed before enabling other Altiris products for UNIX, Linux and Mac
computers.
Altiris Agent Features
The Altiris Agent is the base agent that establishes communications between the
Notification Server and UNIX, Linux or Mac computers. By default, the base agent
includes the Software Delivery components needed to receive software delivery
packages at client computers. However, if you are using Altiris® Inventory Solution® for
UNIX, Linux or Mac, you must deploy the agent components that will plug-in to the base
agent. This lets you collect inventory data from all client computers and store the data in
Notification Server’s centralized database.
The Altiris Agent is deployed from the Notification Server to all client computers and
must be installed before enabling other Altiris products for UNIX, Linux or Mac.
The Altiris Agent for Mac is a Macintosh universal binary for Intel and PowerPC support.
Altiris Agent Documentation
The following documentation is available for the Altiris Agent for UNIX, Linux and Mac.
Altiris Agent for UNIX, Linux and Mac Help: This help describes how to deploy and
configure the Altiris Agent for UNIX, Linux and Mac.
Altiris product documentation is available in Microsoft HTML Help (.CHM) and Adobe
Acrobat (.PDF) formats. By default, documentation files are installed in the following
directory:
C:\Program Files\Altiris\Notification Server\NSCap\Help
Altiris Agent for UNIX, Linux and Mac Help
5
You can access documentation from the Altiris Console by clicking the following icons in
the upper-right corner of the Altiris Console:
Access the contextual online help by clicking the online help icon.
Access an index of all help by clicking the index icon.
Release Notes: The documents Altiris Agent for UNIX and Linux Release Notes and
Altiris Agent for Mac Release Notes contain a list of the known issues in this version of
the product. It also contains any last-minute information that did not make it into the
main documentation. Release Notes are available at the Altiris Knowledgebase (http://
kb.altiris.com).
Altiris Information Resources
Source
What information it
includes
Where you can find it
Altiris
Knowledgebase
Comprehensive collection of
articles, incidents, and issues
for Altiris solutions.
http://kb.altiris.com/
Altiris Juice,
an online magazine
for users
Best Practices, tips and tricks,
and articles for users of Altiris
solutions.
http://www.altiris.com/
juice/
Online Forums
Forums for Altiris solutions
and suites.
http://forums.altiris.com/
Documentation
and Release
Notes
Information about new
features, update instructions,
and known issues for each
release.
http://www.altiris.com/
support/documentation.
Altiris Agent Architecture
The Altiris Agent contains program objects to manage the functionality between each
UNIX, Linux or Mac client computer and the Notification Server. The following base
objects are included in the Altiris Agent:
Plug-in Manager
Scheduler
Communication and Security
Policy Management
Event Queuing
Package Management
The Altiris Agent is designed so that other solutions (such as Altiris® Software Delivery
Solution™ and Altiris® Inventory Solution®) can deploy their agents, plugging in to the
base agent.
If you want to use Inventory Solution, you must deploy the agent components from the
Altiris Console before you can start using the product. The following graphic shows how
the solutions plug-in to the Altiris Agent.
Altiris Agent for UNIX, Linux and Mac Help
6
The solution agent files reside on each client UNIX, Linux and Mac computer and then
run their assigned jobs when a notification policy is received, indicating that some
function must be run.
Altiris Agent for UNIX, Linux and Mac Help
7
Chapter 2
Setup and Installation
The Altiris Agent is a necessary software component that is designed to work with the
Software Delivery Solution and Inventory Solution. This is the core agent that
establishes the connection between the Notification Server and each discovered client
computer. The Altiris solutions have additional agents that plug-in to this core agent,
adding functionality specific to each solution’s capabilities.
This section will help you download, configure, and install the Altiris Agent for UNIX,
Linux and Mac. Notification Server must be installed before you proceed.
The setup and installation chapter consists of the following topics:
UNIX and Linux Client Computer Requirements (page 8)
Macintosh Client Computer Requirements (page 9)
Installing the Altiris Agent to Notification Server (page 10)
Configuring the Altiris Agent (page 10)
Network Discovery (page 15)
Installing the Altiris Agent to Client Computers (page 16)
UNIX and Linux Client Computer Requirements
If you are running client computers not listed in the Supported Operating Systems table,
you can still run a legacy version of the Altiris Agent with this version of the Altiris Agent
for UNIX and Linux installed on the Notification Server, but without support for the new
features of this release.
Altiris Agent for UNIX, Linux and Mac Help
8
Supported Operating Systems
The following table is a list of operating systems that are supported by the Altiris Agent
for UNIX and Linux. All client computers must be running one of the supported systems.
Operating System
Hardware
Version
HP-UX
HP-PA
11, 11i, 11i v2
HP-UX
IA-64
11i v2
IBM AIX
Power-PC /
RS6000
4.3.3, 5.1, 5.2, 5.3
Red Hat Linux
x86
7.2, 7.3, 8, 9
Red Hat Enterprise
Linux
x86
2.1, 3, 4, 3 (x86_64), 4 (x86_64)
Sun Solaris
Sparc
7, 8, 9, 10
Sun Solaris
x86
10, 10 (x86_64)
SUSE Linux
x86
8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 9.3, 10.0,
10.1, 10.0 (x86_64), 10.1 (x86_64)
SUSE Linux Enterprise
Server
x86
8, 9, 10, 9 (x86_64), 10 (x86_64)
SUSE Linux Enterprise
Desktop
x86
10, 10 (x86_64)
VMware ESX Server*
x86
2.5, 3.0
* Computers running the VMware ESX Server operating system cannot be used as
Package Servers.
Hardware Requirements
Hardware
Description
Disk Space
5-20 MB
RAM
5-15 MB
Macintosh Client Computer Requirements
If you are running client computers listed in the Supported Operating Systems table,
you can run Software Delivery Solution 6.1 SP1 for Mac and Inventory Solution 6.2 for
Mac with the Altiris Agent 6.2 for Mac.
Altiris Agent for UNIX, Linux and Mac Help
9
Supported Operating Systems
The following table is a list of operating systems that are supported by the Altiris Agent
for Mac. All client computers must be running one of the supported systems.
Operating System
Hardware
Version
Mac OS X
G3, G4, G5
10.2.8 and above,
Server 10.2.8 and above
Mac OS X
Intel
10.4
Hardware Requirements
Hardware
Description
Disk Space
35 MB
RAM
15 MB
Installing the Altiris Agent to Notification Server
When installed from the Solution Center, the Altiris Agent for UNIX and Linux will
automatically be installed with either of the following solutions:
„
Inventory Solution for UNIX and Linux
„
Software Delivery Solution for UNIX and Linux
When installed from the Solution Center, the Altiris Agent for Mac will automatically be
installed with either of the following solutions:
„
Inventory Solution for Mac
„
Software Delivery Solution for Mac
Notes
z
Solution downgrade is not supported.
z
If, for some reason, the SQL database, used by the Notification Server, is offline or
unavailable during the solution installation, you will need to reconfigure the solution,
when the SQL database becomes available. To reconfigure, from the Control Panel >
Add/Remove programs, select Altiris Agent for UNIX and Linux (Altiris Agent for
Mac), and click Change. In the Install Wizard, run “Repair”.
Configuring the Altiris Agent
The Altiris Agent has certain settings that need consideration before you deploy the
Altiris Agent to client computers. These settings can be changed directly in the Altiris
Console.
When installed on a client computer, the Altiris Agent receives configuration settings
defined in the default configuration policies All UNIX Computers (excluding ‘Package
Servers’) or All Macintosh Computers (excluding Legacy 6.0 Agents).
The Altiris Agent configuration section includes the following topics:
Altiris Agent for UNIX, Linux and Mac Help
10
Location of the Altiris Agent Settings (page 11)
UNIX, Linux and Mac Agent Configuration (page 11)
Software Delivery Settings (page 14)
Location of the Altiris Agent Settings
There are two separate locations where settings for the Altiris Agent can be defined:
z
The All UNIX Computers (excluding ‘Package Servers’) or All Macintosh Computers
(excluding Legacy 6.0 Agents) policy under the Configuration tab, Configuration
> Altiris Agent > Altiris Agent Configuration
z
The Altiris Agent Installation item under the Configuration tab, Configuration >
Altiris Agent > Altiris Agent Rollout
There are some settings that can be configured in both places. Examples: Logging
settings, the “Use Domain” option, the “Enable NIC Error” option, and the “Enforce host
verification for HTTPS connection” option.
The settings are independent of each other, so be careful to configure them similarly.
The settings from the Altiris Agent Installation item are used first when the Altiris Agent
is installed. After installation, the Altiris Agent receives settings from the Notification
Server as defined by the All UNIX Computers (excluding ‘Package Servers’) or All
Macintosh Computers (excluding Legacy 6.0 Agents) configuration policy. The settings in
the All UNIX Computers (excluding ‘Package Servers’) or All Macintosh Computers
(excluding Legacy 6.0 Agents) policy would then be used overwriting the settings used
during installation.
Example: In the Altiris Agent Installation item, you may have the “Enable NIC Error”
option selected, but in the All UNIX Computers (excluding ‘Package Servers’) or All
Macintosh Computers (excluding Legacy 6.0 Agents) policy it may not be selected. When
the Altiris Agent is installed, the “Enable NIC Error” option would be enabled. However,
as soon as the first configuration is received by the client computer, the “Enable NIC
Error” option would be disabled overwriting the original settings.
For information about the All UNIX Computers (excluding ‘Package Servers’) policy or
the All Macintosh Computers (excluding Legacy 6.0 Agents) policy, see UNIX, Linux and
Mac Agent Configuration (page 11). For information about the rollout settings, see
Agent Installation Settings (page 18).
UNIX, Linux and Mac Agent Configuration
The Altiris Agent Settings policy contains several categories of settings: General, UNIX
Agent Configuration, UNIX Software Delivery (if Software Delivery Solution for UNIX and
Linux is installed), Macintosh Agent Configuration, Macintosh Software Delivery (if
Software Delivery Solution for Mac is installed), Interaction, Package Multicast, and
Advanced Settings.
Notes
z
The All UNIX Computers (excluding ‘Package Servers’) policy will only be available if
the Altiris Agent for UNIX and Linux is installed and the All Macintosh Computers
(excluding Legacy 6.0 Agents) policy will only be available if the Altiris Agent for Mac
is installed. You will see both if both solutions are installed on the Notification
Server.
Altiris Agent for UNIX, Linux and Mac Help
11
z
Both policies (All UNIX Computers (excluding ‘Package Servers’) and All Macintosh
Computers) have UNIX and Mac configuration settings. Only settings that
correspond to that policy are used. Example: In the All UNIX Computers (excluding
‘Package Servers’) policy, the Mac settings are ignored.
The following table details the data fields and definitions for the settings you must
provide in the UNIX Agent Configuration or Macintosh Agent Configuration tabview.
Field
Logging
Definition
Altiris Log Directory
This is the directory where error
log files will be written.
Altiris Log Name
Name of the log that will record
errors or failures as the Altiris
Agent is deployed.
Altiris Log Size
Maximum size of the error log file
(0 - means infinite growth of error
log size).
Altiris Logging Level:
z
Error
Least verbose logging level, only
errors will be output to the log.
z
Warning
Medium level of logging, errors and
some informational messages are
output.
z
Info
Detailed level, more debugging
information is output to the log.
Syslog Logging Level:
Note
The Altiris Agent for UNIX, Linux and Mac integrates with
syslog using ident “altiris” and facility “LOG_USER”.
Network and SSL
Certificates
Altiris Agent for UNIX, Linux and Mac Help
z
None
No messages are sent to the
system log.
z
Error
As above but for the syslog
z
Warning
As above but for the syslog
z
Info
As above but for the syslog
Enable NIC Error
If set this will return the string
“Namserv Error” in the basic
Inventory TCPIP class, DNS server
3 field, when the computer has an
inconsistent name and IP address
in the DNS. In other words, the
reported IP address for the
machine (based on its name) is not
an IP address used by the
machine.
12
Field (Continued)
Definition
Enforce host certificate
is in CA
When set, the local certificate
authority is used to validate the
host for all HTTPS connections. The
CA must be defined using the
following field.
Name of the CA
certificates file
When enforce host certificate is
enabled, this field specifies the full
path to the file containing one or
more CA certificates in PEM
(Base64 encoded) format, which
will be used for host validation.
Enforce host verification
for HTTPS connection
This specifies that the UNIX
computer will only communicate
with a host using HTTPS, if that
host’s name matches the name in
the host’s certificate.
Use HTTPS for Agent
communication
wherever possible
This specifies that the Altiris Agent
will always try to use an HTTPS://
prefix even if the actual URL has
HTTP://.
This can be useful if the
Notification Server was installed in
HTTP mode
and all the created jobs already
have an HTTP:// prefix, and after
that you change the Notification
Server to HTTPS mode. All HTTP://
URLs will automatically be
converted to HTTPS://.
If this check box is selected and
the Notification Server is actually in
HTTP mode, then the Altiris Agent
will fall back to HTTP after an
unsuccessful attempt to use
HTTPS, so it will not affect the
Altiris Agent connectivity but may
affect performance.
Computer
Information
Return the following
information as computer
name
Select to have the client computer
report a DNS name or the local
computer name.
Return the following
information as computer
domain
Select to have the client computer
report an empty string or its DNS
domain name.
To configure the Altiris Agent settings
1.
From the Altiris Console, click the Configuration tab.
2.
In the left pane, select Configuration > Altiris Agent > Altiris Agent
Configuration.
Altiris Agent for UNIX, Linux and Mac Help
13
3.
Click either All UNIX Computers (excluding ‘Package Servers’) or All
Macintosh Computers (excluding Legacy 6.0 Agents).
4.
By default, the General tab appears and the policy is set to Enabled. Clear the
check box if you do not want to send the policy to client computers right away.
5.
Click the All (UNIX or Macintosh) Computers link to change the applied to
collection. The Collection Selector page opens with a list of collections and systems.
Select the check box next to each collection or system where you want this policy to
apply.
6.
If needed, review and change the Agent Basic Settings.
7.
If needed, review and change the Download and Execute Options.
8.
If needed, review and change the Bandwidth/Throttling settings.
9.
If needed, review and change the Disabled Period and Blockout Type settings.
10. Click the UNIX or Macintosh Agent Configuration tab.
11. Enter the values for the Logging and Network and SSL Certificates sections. For
details, see UNIX, Linux and Mac Agent Configuration (page 11).
12. Click the Advanced Settings tab.
13. If needed, review and change the Alternate URL for accessing Notification Server.
14. If needed, in the Tickle / Power Management section, select the check box to enable
power management on the Altiris Agents. This setting enables the tickle feature on
the UNIX, Linux and Mac agents allowing them to be notified of tasks immediately
and controlled by the Power Management functions.
Note
Wake on LAN function is not supported by the Altiris Agent for UNIX, Linux and Mac,
but all other Power Management functions are.
15. Click Apply.
Software Delivery Settings
This section is important if you have Software Delivery Solution installed on the
Notification Server. There can be, depending on the solutions installed, a UNIX Software
Delivery or a Macintosh Software Delivery tab on the Altiris Agent Settings page. This
page is where you will enter the “nice” priority for launching programs of software
delivery packages that are deployed from the Notification Server to UNIX, Linux and Mac
computers. For more information, see the Altiris Software Delivery Solution for UNIX,
Linux and Mac Help. The settings are the same for either tab. The following screenshot
shows the UNIX Software Delivery tab.
Altiris Agent for UNIX, Linux and Mac Help
14
To configure the Software Delivery agents
1.
From the Altiris Console, click the Configuration tab.
2.
In the left pane, select Configuration > Altiris Agent > Altiris Agent
Configuration
3.
Depending on which agents you want to configure, click either the All UNIX
Computers (excluding ‘Package Servers’) or All Macintosh Computers
(excluding Legacy 6.0 Agents).
4.
Click the UNIX or Macintosh Software Delivery tab.
5.
Enter the values for the “nice” settings.
Network Discovery
You can now discover all UNIX, Linux and Mac computers on the network by using a
special utility called Altiris® Network Discovery. You can go to the Altiris Web site to
download the software, and then install it to the Notification Server. The utility scans the
network based on IP address ranges or seed devices.
Network Discovery is the easiest way to identify large numbers of computers making it
possible to use the push installation to deploy the Altiris Agent for UNIX, Linux or Mac.
Network Discovery can also scan subnets for computers that respond on the SSH port so
that computers can be easily found.
Note
Some UNIX computers might be added twice to the Notification Server database. This
occurs when the NetBEUI protocol is used, for example, if Samba Server is running on
the computers. To prevent Network Discovery from creating double entries, in the Altiris
Console, select Configuration > Solution Settings > Network Discovery >
Network Discovery Settings and clear the NetBIOS Devices and Other/TCPIP Devices
check boxes.
Altiris Agent for UNIX, Linux and Mac Help
15
Installing the Altiris Agent to Client Computers
Before you start using solutions to manage the client computers from the Notification
server, you must deploy the Altiris Agent to each client computer.
You can use the following methods of installing the Altiris Agent to UNIX, Linux or Mac
client computers:
Agent Push Installation - This method is initiated from Notification Server’s Altiris
Console. You can choose to install one computer at a time or install multiple computers
in one session. The configuration settings you enter can be saved and used for future
installations. See Altiris Agent Push Installation (page 16).
Agent Pull Installation - This method requires a person, with root or root equivalent
access rights, to log on to the computer needing the Altiris Agent. The user will go to a
specific URL and pull the Altiris Agent from the Notification Server. See Altiris Agent Pull
Installation (page 25).
Agent Manual Installation - The Altiris Agent can be installed manually on a client
computer. This lets you download the files to a computer and copy them to any
removable media, which can then be installed to a computer in a lab or test
environment. See Altiris Agent Manual Installation (page 26).
Should any problem occur during installation, you can view installation logs to diagnose
the problem. For more information, see Altiris Agent Installation Logs (page 30).
Notes
z
The Altiris Agent downgrade is not supported.
z
On computers running AIX or Mac operating systems, the Altiris Agent for UNIX,
Linux and Mac can only be installed into the default location. For AIX, this is because
package relocations are not supported. Even if a different location is specified, the
default is used.
z
Installation scripts may fail to run on the computers where command-line aliases
are used.
Altiris Agent Push Installation
Using the push method, you can install the Altiris Agent to one single computer, or
multiple client computers, all at once. The Configuring the Altiris Agent (page 10) lets
you configure the communication and authentication settings, which can be saved and
used to install multiple client computers. These settings establish the communication
protocol and the login authentication for the client computers.
The following steps are performed during the push process.
1.
The Notification Server attempts to connect to the target computer through SSH. If
this protocol fails, the Notification Server will try telnet. Both protocols support
logon with either privileged or unprivileged user accounts and multiple passwords.
2.
When connection is established, the Notification Server determines the client
computer’s operating system and environment.
3.
A platform-specific push-install script is being launched on the client computer by
the Notification Server. The script creates a directory structure on the client
computer and attempts to download the aex-bootstrap utility from the Notification
Altiris Agent for UNIX, Linux and Mac Help
16
Server using SCP/SFTP protocol. If it fails, the script launches curl. If curl cannot be
found, it searches for wget. If the wget command is not present on the client
computer, the script transfers the aex-bootstrap.Z.uu archive using dd command
and uses uudecode to convert it to a native format.
4.
The .aex-agent-install-config.xml file containing all Altiris Agent installation settings
is downloaded to the client computer.
5.
The aex-bootstrap script is executed and the connection is closed.
6.
The aex-bootstrap pulls the rest of the Altiris Agent from the Notification Server and
configures the Altiris Agent with settings from the .aex-agent-install-config.xml.
7.
When the Altiris Agent runs for the first time, it collects basic inventory and posts it
to the Notification Server.
8.
The Altiris Agent gets assigned tasks and policies from the Notification Server.
Notes
z
If you push the Altiris Agent to a computer that already has the same or higher
version installed, the installation will be cancelled and “Cancelled” will appear in the
job status.
z
When doing a push installation, you must use a default command-line prompt.
Customized prompts containing colors or multiple lines may cause installation to
fail.
z
Please be sure that the root and non-privileged account prompts are different from
each other. If they are the same, installation may fail.
z
Please use SSH to install the Altiris Agent. Telnet is an insecure protocol because all
data is transmitted, including passwords, without any encryption. Someone can
capture your password from the network. We recommend using telnet ONLY if you
can't use SSH.
z
SSH protocol version 1 with ChallengeResponseAuthentication enabled is not
supported. To use SSH protocol version 1, ChallengeResponseAuthentication must
be switched off and PasswordAuthentication switched on.
z
It is not possible to push install the Altiris Agent to the client computer from
different Altiris Consoles at the same time.
z
Do not use non-ASCII characters in the files and directories names, when
configuring the Agent Installation Settings.
To perform a push install of the Altiris Agent
1.
From the Altiris Console, click the Configuration tab.
2.
In the left pane, select Configuration > Altiris Agent > Altiris Agent Rollout >
Altiris Agent Installation.
3.
Dependent on what type of client you wish to install, click either the Install Altiris
UNIX Agent or the Install Altiris Macintosh Agent tab.
4.
To specify a single client computer, enter the IP address or the hostname of the
client computer, and then click Add.
5.
(Optional) To specify multiple client computers, do one of the following:
Altiris Agent for UNIX, Linux and Mac Help
17
„
Use the Select Computers option:
a. Click Select Computers.
b. Select the computers you want to deploy the Altiris Agent to from the dropdown list. For information on computer discovery, see the Altiris Notification
Server Help.
„
Enter multiple client computer information using a .CSV file. For more
information, see CSV File Template (page 23).
„
Add computers one at a time. See step 4 above.
6.
If you have entered user accounts and passwords to log on to client computers,
either through the Altiris Agent Configuration or by importing a .CSV data file, click
the Install Settings button. This button will open a new window where you can
configure installation settings for all clients before you install the Altiris Agent
package files (see Agent Installation Settings on page 18).
7.
Select the number of Simultaneous tasks. This lets you select how many
installations will run simultaneously.
8.
Select the client computers that you wish to install to.
9.
Click the Install Altiris Agent button to push the Altiris Agent to all selected client
computers.
10. Click View Remote Connection Logs to view the client connection logs. For more
information, see Altiris Agent Installation Logs (page 30).
11. Click Apply. This will save the settings you entered, including client computer’s
hostnames and IP addresses, in the Install Altiris UNIX Agent or Macintosh tabview.
Agent Installation Settings
The Install Settings page lets you configure the communication and authentication
settings that can be saved and used to install multiple client computers. These settings
establish the communication protocol and the login authentication for the client
computers.
Apply these settings to:
You can apply settings to all or individual computers by selecting the Single computer
or All computers in the list radio buttons.
Altiris Agent for UNIX, Linux and Mac Help
18
Connection and Authentication Tab
There are several possible ways to connect to client computers. The following table
describes connection and authentication options.
Try Connect
through SSH using
SSH Key
Authorization
Using this method, the administrator can generate a SSH key (using a
native SSH key generator or Altiris SSH key generation module) and
use the SSH key to authorize a SSH connection to UNIX and Linux
computers. For more information about the SSH Key Generator, see
SSH Key Generator (page 22).
SSH Key File
Choose the SSH private key file.
SSH Key
Password
If the SSH key file was generated with a password,
then enter the appropriate password. If there is no
password, leave it blank.
SSH Key Type
Choose the type of SSH Key encoding.
Generate New
SSH Key
Clicking on this link opens the dialog for SSH key
generation. It generates SSH private and public
key.
Try Connect
through SSH using
SSH Password
Authorization
Using this method, the administrator can authorize SSH connections
using non- and privileged user passwords (or a multiple password list).
Try Connect
through Telnet if
SSH is unreachable
Using this method, the administrator can authorize a Telnet
connections using non- and privileged user password (or a multiple
password list).
SSH Port
Administrator can specify port, which uses the
definite computer’s SSH server.
Login Prompt
This section defines the login prompt, used in
Telnet connection dialog. This can be customized, if
Telnet server uses custom login prompt.
Password
Prompt
This section defines the password prompt, used in
Telnet connection dialog. This can be customized, if
Telnet server uses custom password prompt.
Telnet Port
Administrator can specify port, which uses the
definite computer’s Telnet server.
Login and
Password
This section is used to define non- and privileged user’s credentials for
SSH and/or Telnet connections.
Privileged Account
The name of the privileged user, which has privileges to install and use
system programs (by default, root)
Privileged Account
Password
Password for privileged user login. If no password needed, leave it
blank.
Privileged Account
Prompt
Prompt, used in command line. To add some more, use comma as
delimiter. (by default, #)
Altiris Agent for UNIX, Linux and Mac Help
19
Use Privileged
Account Multiple
Password
This section is used to list multiple privileged users’ name and
passwords. It can be used if there is a pack of computers with different
privileged passwords. (Warning: multiple passwords are not encrypted
in this section)
Prompts
Login first using
unprivileged user
Prompt, used in command line. To add some more,
use comma as delimiter. (by default, #)
This section is used to configure non-privileged users that have limited
privileges.
User Login
The name of the non-privileged user that has
limited privileges.
User Password
Password for non-privileged user login. If no
password needed, leave it blank.
User Prompt
The prompt used in command line. To add more,
use a comma as a delimiter. (by default, $,>)
Use User
Multiple
Passwords
You can list multiple non-privileged users’ name
and passwords. It can be used if there is a pack of
computers with different non-privileged
passwords. Warning: Multiple passwords are not
encrypted in this section.
Prompts
Prompt, used in command line. To add some more,
use comma as delimiter. (by default, $,>)
Login Timeout
Administrator can specify how long the connection module should try
to connect to computers.
Command Timeout
Administrator can specify how long the connection module should wait
for a reply from commands, executed during push install.
Upload Speed
This option can be used to define the speed that install packages will be
uploaded to client computers. This can be useful on a slow broadband
connection with a large number of computers. You can also use this if
push installations are failing (see Push Installation Failing on page 37).
Automatically
Discover OS Type
This option lets the push install detect the OS type.
Manually Select OS
Type
If the administrator is sure of the version of clients’ OS, then the
appropriate OS type can be selected manually.
Agent Settings Tab
You can customize the Altiris Agent settings on this page. Note that there are several
settings that can be customized only during installation. The following table describes
the items on this page.
Directories
Altiris Agent for UNIX, Linux and Mac Help
This section contains information about directories where the Altiris
Agent will be installed. The administrator can customize these settings.
Installation
Directory
The directory where the Altiris Agent is going to
be installed.
Links Directory
The directory where links to the Altiris Agent’s
executable binaries will be placed.
20
Logging
Temporary files
Directory
The directory where temporary files will be
placed.
Guid file
Directory
The directory where the Guid file is placed.
Guid file Name
The name of the Guid file that contains
identification Guid line.
Directory for
Event Queue
The directory where SWD events are queued to
be sent to Notification Server.
Directory for
Tasks
The directory where internal information about
every task is placed.
Directory for
Packages
The directory where all SWD packages are
downloaded.
Directory for
SWD Status
The directory where registry entries about all
SWD packages are stored.
This section defines log settings. These settings may be changed later
on the client settings page.
Altiris Log
Directory
This is the directory where error log files will be
written.
Altiris Log Name
Name of the log that will record errors or failures
as the Altiris Agent is deployed.
Altiris Log Size
Maximum size of the error log file (0 - means
infinite growth of error log size).
Altiris Logging
Level
Error - Least verbose logging level, only errors
will be output to the log.
Warning - Medium level of logging, errors and
some informational messages are output.
Info - Detailed level, more debugging information
is output to the log.
Syslog Logging
Level
None - No messages are sent to the system log.
Error - Least verbose logging level, only errors
will be output to the log.
Warning - Medium level of logging, errors and
some informational messages are output.
Info - Detailed level, more debugging information
is output to the log.
Note
The Altiris Agent for UNIX, Linux and Mac
integrates with syslog using ident “altiris” and
facility “LOG_USER”.
Network
This section specifies the communication settings between the
Notification Server and the Altiris Agents.
Use NS IP
Address
Altiris Agent for UNIX, Linux and Mac Help
Switch it on in order to use IP address on
Notification Server instead of DNS name.
21
Altiris Agent
Execution
Use Domain
To use fully qualified DNS name - not only host
name, but also domain name (e.g. not myserver,
but myserver.domain.com).
Enable NIC Error
If set, this will return the string “Namserv Error”
in the basic Inventory TCPIP class, DNS server 3
field, when the computer has an inconsistent
name and IP address in the DNS. In other words,
the reported IP address for the machine (based
on its name) is not an IP address used by the
machine.
Enforce host
certificate is in
CA
When set, the local certificate authority is used
to validate the host connected to for all HTTPS
connection. The CA must be defined using the
following field.
Name of the CA
certificates file
When enforce host cert is specified, this field
specifies a file is prepared using OpenSSH to
contain the local CA.
This section defines the behavior of the Altiris Agent during and after
installation.
Run Level
Administrator can specify at which run levels the
Altiris Agent will work.
Upgrade
Upgrades a previous version of the Altiris Agent
and migrates most configuration settings. If the
box is unchecked, the Altiris Agent will be
reinstalled and configured with the settings
supplied on the Agent Settings tab.
Start
Starts the Altiris Agent right after the
installation.
Allow to execute
the programs by
unprivileged user
If the box is checked, then non-privileged user
can execute the Altiris Agent’s tasks and custom
inventories.
Agent Details Tab
Administrator can customize the Altiris Agent’s details on this page. Note that these
details can be customized only at installation.
Install XML Tab
You can save the installation .XML file and send it to the client computer in order to
install the Altiris Agent manually.
SSH Key Generator
The following table provides information about the SSH Key Generator.
Key Files Folder
This is the folder used to store generated key files.
Private Key File
Name
This is the key file name. The generated private and public keys
will have this name but will have different extensions. Public key
will have *.pub.sk extension while private key will have *.sk
Altiris Agent for UNIX, Linux and Mac Help
22
Passphrase
Enter a passphrase if you want to protect a private key.
Encryption Type
You can select what type of key the SSH Key Generator will
generate. DSA and RSA keys are currently supported.
Public Key Type
You can select the key format. Supported formats are SSH for
commercial SSH implementations and OpenSSH for open source
implementations.
Bits Count
You can select the number of bits for the key.
Note
OpenSSH RSA keys with bits count lower than 768 are rejected by
most UNIX systems.
Generate New
button
Click this button to generate a new key and save it with the
specified name.
Public Key
Displays the Public Key in a text box so that you can copy and
paste it to an e-mail. For example, you can send it to a UNIX
administrator.
CSV File Template
This template will help you enter values needed to deploy the Altiris Agent for UNIX,
Linux and Mac to multiple clients, even if the logon account and password varies. The
.CSV file is a comma delimited text file that includes the computers names (DNS
resolvable) or IP address of the client computer where you want to deploy the Altiris
Agent. The column header of the .CSV template indicates the data required and valid
responses allowed. Each line in the .CSV file represents the data elements that will be
imported into the install table for each computer.
To access the .CSV file template
1.
From the Altiris Console, click the Configuration tab.
2.
In the left pane, select Configuration > Altiris Agent > Altiris Agent Rollout >
Altiris Agent Installation.
3.
Click the Install Altiris UNIX Agent or Install Altiris Macintosh Agent tab.
4.
Right-click on the CSV file template link (upper-right corner of the page), and then
select Save Target As.
5.
Navigate to a directory location and save the CSVTemplate.csv file.
Modify a .CSV File
Enter the information for each computer you want to install the Altiris Agent on.
Notes
z
It is not required to use all the fields. You can use only the fields needed, such as
computer name, root name, root password, and so on.
z
The .CSV file format (field separator) must meet regional settings of the server. For
English, use a comma “,” as a field separator. For Russian, German, Spanish, and
other regional settings, use a semicolon “;”.
Altiris Agent for UNIX, Linux and Mac Help
23
To modify a .CSV file
1.
Open the saved .CSV template file in a spreadsheet or text editor.
2.
Enter the values for each field using the .CSV data notes listed in the table below.
3.
Save (as comma delimited file) and exit the file.
CSV Field
Note
String headings
The string headings (Name, Telnet Flags, Root Name, Root
Password, etc.) must be preserved in the .CSV file.
Notification Server uses this information.
Name
(computer name or IP
Address)
You can use an IP address or the computer name. If you
use an IP address, do not enclose the address in quotation
marks. Example: 10.65.2.34.
Telnet Flags
(sshkey;sshpwd;telnet
;multiroot;su;multiuse
r)
If you enter more than one item, put all items in one set of
quotation marks and separate the items by a semicolon.
Example: “telnet;multiroot”.
All ‘Prompt’ sections
If you enter more than one item, put all items in one set of
quotation marks and separate the items by a comma.
Example: “$,>,@”.
Multi user names for
Non- and Privileged
Users
Specify each name separated by a space. Example: user
root guest.
Multi passwords for
Non- and Privileged
Users
Passwords should be separated by a semicolon. Example:
PasWRD1;pASwrd2.
Upload Speed
(slow;medium;fast).
Only one speed should be specified. If the value is
incorrect, then the default setting is used.
RunLevel
Separate values by a semicolon. Example: rc1;rc2;rc3;rc5.
Note
Pay attention to the separators and hints provided in the template file. For example, the
RunLevel values must be separated by semicolons and not commas.
Import a .CSV File
After you have entered the data for multiple client computers following the .CSV
template, you must import the file on the Altiris Agent Installation page of the Altiris
Console. All the computer information you entered in the .CSV file will be used by the
install process to deploy the Altiris Agent for UNIX, Linux and Mac to clients that will be
managed by Notification Server.
To import a .CSV file
1.
From the Altiris Console, click the Configuration tab.
2.
In the left pane, select Configuration > Altiris Agent > Altiris Agent Rollout >
Altiris Agent Installation.
3.
Click the Install Altiris UNIX Agent tab.
Altiris Agent for UNIX, Linux and Mac Help
24
4.
Click Import computers from a selected file.
5.
Navigate to the directory where the .CSV file is located, select the file, and then click
Open. The data in the file will import into the window on the page.
6.
Click Apply.
Altiris Agent Pull Installation
You can install the Altiris Agent on a single computer by going to the physical location of
the computer and pulling the Altiris Agent from Notification Server through HTTP or
HTTPS. The Notification Server administrator can e-mail the URL, which tells the UNIX
administrator where to retrieve the Altiris Agent package from.
For this method of installing the Altiris Agent to work correctly at client UNIX, Linux or
Mac computers, Notification Server and the Altiris Agent must be installed and
configured on the Notification Server computer.
To pull the Altiris Agent
1.
From the Altiris Console, click the Configuration tab.
2.
In the left pane, select Configuration > Altiris Agent > Altiris Agent Rollout >
Altiris Agent Installation.
3.
For UNIX or Linux clients, click the Install Altiris UNIX Agent tab. For Mac clients,
click the Install Altiris Macintosh Agent tab.
4.
Select a platform from the Select Platform drop-down list.
5.
Note the URL of the download page displayed in the text box. This is the URL that
you will need to access from the target UNIX, Linux or Mac computer. Click the
Show me this page link to view the Manual Instructions page now.
Tip
Copy the URL from the text box and paste it in an e-mail or use other method to
provide the instructions to the UNIX administrator for pulling down and installing the
Altiris Agent. The UNIX administrator receiving this information will access the
Manual Instructions page URL from the UNIX, Linux or Mac client computer and pull
the Altiris Agent.
6.
Login to the target computer as a root or a root equivalent user. Open a browser and
enter the URL that links to the Manual Instructions page for the appropriate
platform. The online instructions will guide you through each step of the manual
install process.
Altiris Agent for UNIX, Linux and Mac Help
25
7.
Right-click the Click here to download the compressed aex-bootstrap.Z file
link and select Save link as from the browser’s menu. Choose a temporary
directory to save the bootstrap program; save it as aex-bootstrap.Z or aexbootrap.gz (for Linux). Then follow the instructions below to install the Altiris Agent:
a.
Using the command-line interface, navigate to the directory where you saved
the aex-bootstrap.Z (aex-bootstrap.gz) file. Unpack the file with the command
uncompress aex-bootstrap.Z (gunzip aex-bootstrap.gz for Linux).
b.
(Optional) Use the command chmod u+x aex-bootstrap to ensure the aexbootstrap can be executed.
c.
Run the command ./aex-bootstrap ns.mycompany.com, where
ns.mycompany.com is the hostname or IP address of the Notification Server.
Note

If the Notification Server is configured to work with a non-default port, you
must provide the full URL.
Example:
./aex-bootstrap https://ns.mycompany.com:3476

At the instructions page, there is a pre-defined set of commands that will
start the Altiris Agent installation, even if the UNIX administrator does not
know the Notification Server’s name. You can copy the command from the
Bootstrap command and server name text box and paste it into the
command-line interface.
When the aex-bootstrap command is run, the program will connect to the Notification
Server and download the full Altiris Agent package, which will pass execution to the
agent-update script in the package.
The agent-update script will then install, configure, and start the Altiris Agent. If the
aex-bootstrap program cannot contact the Notification Server, it will schedule itself to
run again.
Altiris Agent Manual Installation
You can manually install the Altiris Agent for UNIX, Linux or Mac to a client computer. To
install the Altiris Agent you must log on to the client computer with administrative
privileges. First, you need to copy the Altiris Agent installation files to the client UNIX,
Linux or Mac computer. Installation files can be downloaded from the Notification Server
or redistributed on a removable media, such as a floppy disk, CD-ROM, or any other
media type that can be read and shared between the Notification Server and the client.
To download installation files from the Notification Server
1.
From the target UNIX computer, access the http://<nsname>/Altiris/NS/NSCap/
Bin/Unix/Agent/<platform> directory on the Notification Server using a web
browser.
2.
Download either the bootstrap file or the compressed agent and agent-upgrade files
to a directory on the client computer.
Altiris Agent for UNIX, Linux and Mac Help
26
To distribute installation files using removable media
1.
Copy either the bootstrap file or the compressed agent and agent-upgrade files on
to any form of removable media.
2.
Go to the target UNIX computer where you want to manually install the files, and
then copy the files into a directory or run them from the media.
To manually install the Altiris Agent using aex-bootstrap
1.
Login to the target computer as root or a root equivalent user.
2.
Navigate to the directory where you saved the aex-bootstrap.Z (aex-bootstrap.gz)
file. Unpack the aex-bootstrap.Z file with the command uncompress aexbootstrap.Z (gunzip bootstrap.gz for Linux).
3.
(Optional) Use the command chmod u+x aex-bootstrap to ensure the aexbootstrap can be executed.
4.
Run the command ./aex-bootstrap ns.mycompany.com, where
ns.mycompany.com is the hostname or IP address of the Notification Server that
you will connect to.
Note
If the Notification Server is configured to work with a non-default port, you must
provide the full URL.
Example:
./aex-bootstrap https://ns.mycompany.com:3476
Additional aex-bootstrap options
Command: ./aex-bootstrap [options]
Usage: aex-bootstrap [NS|URL] [-test] [-dir <dir>] [-speedlimit <N>] [-onefile]
Version 2.0.
This program will get all files required for the Altiris Agent installation from the
Notification Server into the specified directory. It can also be used to download a file
from a URL. When started without Notification Server/URL argument, the configuration
must be provided in an .XML file present in the same directory or at one of the standard
locations.
Arguments:
z
NS|URL: Name of the Notification Server, URL of a package or file. If notification
server is configured to work with a non-default port, you must provide the full URL.
Example:
https://ns.mycompany.com:3476
Optional commands:
z
-test: Output version.
z
-dir <dir>: Specify the agent installation directory.
z
-speedlimit <N>: Limit download to N Kbytes/sec.
z
-onefile: URL is for a single file, download to current directory, no other action.
Altiris Agent for UNIX, Linux and Mac Help
27
To manually install using the agent-upgrade script
If you do not want to use the bootstrap program, download the Altiris Agent native
package and the agent-upgrade script. Execute the agent-upgrade script (for more
options use the parameter -h) to install the Altiris Agent.
To manually install the Altiris Agent using native package
1.
When you install the Altiris Agent for UNIX and Linux using the native package, you
will have to tell the installer how to configure the Altiris Agent after installation.
There are three ways to do that:
„
In the Altiris Console, on the Altiris Agent Installation page, modify Install
Settings and save the settings in the form of .aex-agent-install-config.xml file
(See Agent Installation Settings on page 18).
On the client computer, place the .aex-agent-install-config.xml and the native
package (aex-nsclt-x.y.z.i386.rpm for Linux) together in the same folder. The
suggested folders are as follows:

package install directory (/opt/altiris/notification/nsagent/ by default)

/tmp

/var

/opt/altiris
If you use a different folder, you must export the AEXCLIENT_CONFIG_XML_DIR
variable (use "export" command in bash, "setenv" in csh) before package
installation to specify configuration file location.
„
Export and use the environment variables to configure the Altiris Agent without
the .aex-agent-install-config.xml file:

AEX_INSTALL_NSNAME: URL of the Notification Server.
Example: AEX_INSTALL_NSNAME=https://ns.mycompany.com:3476

AEX_INSTALL_RUNLEVELS: the list of runlevels, when the Altiris service
should start. Example: AEX_INSTALL_RUNLEVELS=3,5

AEX_INSTALL_AUTOSTART: autostart flag. If set to "yes", the Altiris Agent
will start after installation and configuration. Example:
AEX_INSTALL_AUTOSTART=yes
These three variables will be used only if .aex-agent-install-config.xml is not
found.
„
2.
If you do not provide any configuration data, you still can run a native package
installation, but you will have to run the aex-configure binary after installation
to configure the Altiris Agent manually (See An example of aex-configure dialog
on page 29).
Install the package. For example, the Altiris Agent for UNIX and Linux can be
installed on a Linux computer using the following command line:
rpm -ihv aex-nsclt-x.y.z.i386.rpm
Notes
„
If you are using rpm to relocate the installation, you must use the whole prefix.
Example: rpm -ihv aex-nsclt-x.y.z.i386.rpm --relocate /opt/
altiris/notification/nsagent=/opt/custom/location
Altiris Agent for UNIX, Linux and Mac Help
28
„
For the environment variables to be used correctly on a HP-UX, add the “-x
ask= true” option to the command line.
Example: swinstall -x ask=true -s /aex-nsclt.x.y.z.depot '*'
„
On Solaris, create a special response file listing the above mentioned variables:
AEX_INSTALL_NSNAME=https://ns.mycompany.com:3476
AEX_INSTALL_RUNLEVELS=1,2
AEX_INSTALL_AUTOSTART=no
Add the option “-r” and the path to the response file to the command line.
Example:
pkgadd -d aex-nsclt-x.y.z-sol-sparc -r /full/path/to/
response.file
An example of aex-configure dialog
In some cases (fist-time install with no configuration file) the Altiris Agent may require
manual configuration. To configure manually, go to the Altiris Agent's bin directory and
execute aex-configure with -iconfigure parameter. The following example shows the aexconfigure dialog on a UNIX computer.
[root /opt/altiris/notification/nsagent/bin]# ./aex-configure iconfigure
Altiris Agent for UNIX and Linux Configuration utility.
Using interactive configuration, cancel with Ctrl-C.
Please answer the following questions.
Defaults are in brackets. To accept a default just press enter.
Name or IP of Notification Server? If your server uses HTTPS or a
non-default port, it is necessary to specify the full URL.
Example:
https://www.yourdomain.com:8083 ():
The directory the Agent package has been installed to? (/opt/
altiris/notification/nsagent):
Allow program execution by unprivileged users? (yes):
Which Run levels should the agent be installed in? (rc2;rc3;rc5):
In which directory should the Agent's log file be stored? (/opt/
altiris/notification/nsagent/var):
What should the name of the Agent's log file be? (aex-client.log):
What should be the maximum size, in kilobytes, of the Agent's log
file? (256):
What level of logging should be used for the Agent's log file
(error,warning,info,debug,dbgverbose,devnote)? (Error):
What level of logging should be used for the system log file
(none,error,warning,info)? (None):
Directory to use, which should be in the PATH, to create links to
the Agent's binaries? (/usr/bin):
Altiris Agent for UNIX, Linux and Mac Help
29
Temporary directory for the Agent's use? (/tmp):
Agent's event queue directory (default recommended)? (/opt/
altiris/notification/nsagent/var/queue):
Agent's tasks directory (default recommended)? (/opt/altiris/
notification/nsagent/var/tasks):
Do you want the Agent started after configuration? (yes):
The administrator can enter custom values or press Enter to leave default settings.
Altiris Agent Installation Logs
You can use the following methods to read the Altiris Agent’s installation reports:
z
On the Agent Installation page in the Altiris Console, there is a View Remote
Connection Logs button. This opens a dialog where you can view push-installation
logs.
z
In the Altiris Agent installation directory on the client computer, you can find a file
aex-nsclt-install.log. There is information about the procedures executed by aexbootstrap and aex-configure during the Altiris Agent setup.
z
On the Reports tab, there is a section “Altiris Agent Installation Status Reports “.
Reports in this section show the status of the Altiris Agent installation.
Altiris Agent for UNIX, Linux and Mac Help
30
Chapter 3
Directories, Files, Links, and Processes
Several files are installed onto the client system, which are used by the Altiris Agent and
the other solutions. The information in this section will help you understand the
directories, files, and processes that accompany this product.
The Altiris Agent can be installed to any directory you want on the client computer
(except for AIX and Mac); however, Altiris recommends installing to the default directory
location. This install location is the base directory where all binaries, libraries,
configuration files, and log files are stored. If you install to a custom directory, it is
possible to customize the install, var, queue, and the binary directories.
Throughout this document, any time the reference “the Agent’s bin directory” is made, it
refers to the subdirectory of the Altiris Agent’s base directory, located at /opt/altiris/
notification/nsagent/bin for UNIX and /Applications/Utilities/Altiris/NSAgent/.bin for
Mac.
Additionally, a number of symbolic links are created in /usr/bin. All these links start with
the characters “aex-” and include key executables that may need to be accessed from
the command line.
The following table is a summary of the directories that get created and the function
they serve.
File Locations for UNIX and Linux
File Description
/.../nsagent
Default base directory for the Altiris
Agent.
/.../nsagent/bin
Altiris Agent binaries and scripts.
/.../nsagent/etc
Directory where configuration files are
kept.
/.../nsagent/lib
Directory where libraries are stored.
/.../nsagent/var
Directory where log files and downloaded
packages and jobs are stored, as well as
collected inventory data.
/.../nsagent/var/packages/{GUID}
Directory, which contains common
information about packages assigned to
software delivery tasks.
/.../nsagent/var/queue
Directory where jobs are stored to be
processed.
/.../nsagent/var/swd
Directory where software delivery
information is stored.
File Locations for Mac
File Description
/.../NSAgent
Default base directory for the Altiris
Agent.
/.../NSAgent/.bin
Altiris Agent binaries and scripts.
Altiris Agent for UNIX, Linux and Mac Help
31
File Locations for Mac
File Description
/.../NSAgent/.etc
Directory where configuration files are
kept.
/.../NSAgent/.lib
Directory where libraries are stored.
/.../NSAgent/.var
Directory where log files, downloaded
packages and jobs are stored, as well as
collected inventory data.
/.../NSAgent/.var/packages/{GUID}
Directory, which contains common
information about packages assigned to
software delivery tasks.
/.../NSAgent/.var/queue
Directory where jobs are stored to be
processed.
/.../NSAgent/.var/swd
Directory where software delivery
information is stored.
Quick Links
Links (page 32)
Files and Processes (page 32)
Links
Links to the Altiris Agent executables are created in /usr/bin and point to files in the
Agent’s “bin” directory. The links allow executables that may be run at the shell level by
a user, administrator, or the operating system to be found using a normal PATH setting.
Links will always be in the format “/usr/bin/aex-*”. Other agents installed, like the
Inventory Agent, may also create links.
Files and Processes
The following is a list of files and their function or significance.
Note
Binaries on UNIX and Linux have extension .bin and on Mac they have extension –bin.
For each binary, a corresponding launching script is created.
Filename
Directory
Type of File
Function
.aex-uninstall.mac
Altiris Agent
Basedir/bin
Script
A special script, which acts as a low-level
uninstaller for the Altiris Agent package. It stops
the agent, removes the agent files and the agent
package receipt in /Library/Receipts.
Note: Mac only
aex-clientconfigupdate.so
Altiris Agent
Basedir/bin
Altiris Agent for UNIX, Linux and Mac Help
Component
This component is responsible for translating
configuration XML items into settings in the
client.conf file.
32
Filename (Continued)
Directory
Type of File
Function
aex-clientevent.so
Altiris Agent
Basedir/bin
Component
This component is responsible for creating and
sending events to the Notification Server. The
events are wrapped in XML to identify where they
came from. They are queued for when the
Notification Server is not available.
aex-clienttransport.so
Altiris Agent
Basedir/bin
Component
This component is responsible for providing low
level communication services through HTTPS,
HTTP, and FTP for event sending and policy and
package retrieval.
aex-configure.bin
Altiris Agent
Basedir/bin
Executable
Used by the install process to initially configure
the agent settings and can be used later to
manually reconfigure the settings.
aex-diagnostics.bin
Altiris Agent
Basedir/bin
Executable
This utility lists the status of the agent
components. This is primarily used for internal
self-diagnosis. There is a script (same file name
but with no extension) that provides environment
variables for this executable.
aex-env
Altiris Agent
Basedir/bin
Script
Used by other processes to setup environment
variables for correct execution of agent functions.
aex-helper.bin
Altiris Agent
Basedir/bin
Executable
The agent configuration and management utility.
aex-httpdintegration.so
Altiris Agent
Basedir/bin
Component
The component responsible for integration with
Apache web server (not used on Mac).
aex-invconfigagent.so
Altiris Agent
Basedir/bin
Component
This component is responsible for processing XML
policy for the Inventory Agent.
aex-machineid.so
Altiris Agent
Basedir/bin
Component
This component is responsible for gathering
information for basic inventory.
aex-mkmanifest.bin
Altiris Agent
Basedir/bin
Executable
This utility is used to create manifest files for
Software Delivery packages. There is a script
(same file name but with no extension) that
provides environment variables for this
executable.
aex-nsmanager.so
Altiris Agent
Basedir/bin
Component
This component is responsible for managing
Notification Server URLs.
aex-ntracker.so
Altiris Agent
Basedir/bin
Component
This component is responsible for sending
notifications between agent components.
aex-pkgdelivery.so
Altiris Agent
Basedir/bin
Component
This component is responsible for package
delivery from Notification Server and/or Package
Servers.
Altiris Agent for UNIX, Linux and Mac Help
33
Filename (Continued)
Directory
Type of File
Function
aex-pluginmanager.bin
Altiris Agent
Basedir/bin
Executable
The aex-pluginmanager is the key operating
process for the Altiris Agent and without it,
nothing works. It is responsible for loading/
unloading other components and provides the
communication framework and configuration
access for the other components. There is a script
(same file name but with no extension) that
provides environment variables for this
executable.
aex-policymanager.so
Altiris Agent
Basedir/bin
Component
This component is responsible for managing
policies, reloading them from the Notification
Server as required, and notifying other
components about changes in the policies.
aex-refreshpolicies.bin
Altiris Agent
Basedir/bin
Executable
This is used to immediately reload policies from
the Notification Server. There is a script (same file
name but with no extension) that provides
environment variables for this executable.
aex-sendbasicinv.bin
Altiris Agent
Basedir/bin
Executable
This utility is used to immediately send basic
inventory to the Notification Server. There is a
script (same file name but with no extension) that
provides environment variables for this
executable.
aex-swdapm.bin
Altiris Agent
Basedir/bin
Executable
This utility lists the currently available Software
Delivery tasks for the agent and allows it to run
any of them manually. There is a script (same file
name but with no extension) that provides
environment variables for this executable.
aex-swdclientagent.so
Altiris Agent
Basedir/bin
Component
This component is responsible for managing
Software Delivery tasks, including scheduling and
execution.
aextaskbrowserevents.so
Altiris Agent
Basedir/bin
Component
The component responsible for integration of
ATQB (Altiris Task Queue Browser) and agent
service on the client.
Note: Mac only
aex-taskscheduler.so
Altiris Agent
Basedir/bin
Component
This component is responsible for managing all
scheduled tasks. This includes periodic refreshing
of policies and execution of active Software
Delivery tasks.
aex-tickleagent.so
Altiris Agent
Basedir/bin
Component
This component is responsible for listening to the
instant messages from the console.
aex-uninstall
Altiris Agent
Basedir/bin
Script
Uninstall script for the Altiris Agent. This script
will also uninstall all dependent solutions.
Altiris Task Queue.app
Altiris Agent
Basedir
Executable
The client-side UI for executing tasks and viewing
their status (Mac only).
Altiris Agent for UNIX, Linux and Mac Help
34
Filename (Continued)
Directory
Type of File
Function
killem
Altiris Agent
Basedir/bin
Script
This command is similar to kill or killall but not
the same. However, this depends on the script
'whose' to be on the system and in the PATH. It
uses that to build the list of pids to send a signal
to. This allows the user to specify any pattern that
can be found in the ps -ef output that they want
to send the signal to.
pkg-rollout
Altiris Agent
Basedir/bin
Script
Roll out software delivery packages: extract
archive files and install native Apple packages.
Note: Mac only
rcscript
Altiris Agent
Basedir/bin
Script
This is a script that starts, stops, restarts, and
returns the status of the agent.
wait_for_proc
Altiris Agent
Basedir/bin
Script
Used to wait for a process to either enter or exit
the process table.
whose
Altiris Agent
Basedir/bin
Script
This is a reworked version of the usual whose
command.
Altiris Agent for UNIX, Linux and Mac Help
35
Chapter 4
Troubleshooting
This section will help you to resolve issues that may occur after the Altiris Agent has
been deployed to UNIX, Linux or Mac client computers. Most troubleshooting issues that
could occur usually deal with the installation of the agents that are deployed from the
Altiris Console and networking problems.
The troubleshooting chapter includes the following topics:
Altiris Agent Installation Errors (page 36)
Package Server Problems (page 38)
Agent Settings (page 38)
Altiris Agent Installation Errors (page 38)
Issues when Uninstalling the Altiris Agent for UNIX, Linux and Mac (page 40)
Troubleshooting Network Problems (page 40)
Additional Troubleshooting Tips (page 43)
Altiris Agent Installation Errors
If you are trying to install the Altiris Agent, you can receive errors depending on the
situation and condition under which you are trying to perform this task. This section
details some known errors and steps to eliminate them as you proceed installing the
Altiris Agent to target computers.
Push Agent Installation Errors
This topic describes problems that you may encounter while deploying the Altiris Agent
to client computers.
General Issues
When using the push method to remotely install the Altiris Agent onto a UNIX, Linux or
Macintosh computer, there is potential for errors to occur. Common errors include typing
an incorrect user name or password, and not understanding the system prompts on
target computers. To minimize issues before installing the Altiris Agent, review the
following information:
z
System name or IP address
z
Root or root equivalent user name and password
z
If pushing the Altiris Agent from the Altiris Console, the system prompt for root or
root equivalent must already be known. If you are pushing to multiple computers,
you may want to use the multiple password and multiple prompt options in case the
user accounts and configurations are not consistent across computers.
z
If you are trying to connect to a client computer that does not allow root-level
access through SSH or Telnet, you must be able to enter a user name and password
Altiris Agent for UNIX, Linux and Mac Help
36
as a second account, which allows access to the computer. After accessing the
computer, the installation process will switch contexts to the root or root equivalent
account.
Push Installation Failing
In the case of a slow or overloaded network, the push installation to client computers
may fail to complete due to command timeout. If you experience this problem, you can
increase the Command Timeout value (see Command Timeout on page 20).
If you can’t successfully push the Altiris Agent, set the Upload Speed in Agent Settings
to SLOW (see Upload Speed on page 20). This might help if the server is busy and can't
serve client requests at full speed. If this still doesn't help, try the pull install method.
Push Installation Hanging
If the push installation fails during file download, try the following options:
z
Update the wget package. With RH 7.3, there is a bug that may cause it to hang
when working with HTTPS pages.
z
Rename wget to another name (or remove the wget location from PATH) and install
uudecode. By doing this, the push installation will not try to use wget and will use
the default pushing mechanism with uudecode.
z
Download aex-bootstrap or native package manually and perform a pull installation.
Push Installation Not Working using HTTPS
If the Notification Server’s IIS was configured to use HTTP when the Altiris Agent was
installed, and then the IIS is changed to use HTTPS, when you try to push the Altiris
Agent, the push installation will try to use HTTP and may fail. Restart the Altiris service
or restart the Notification Server computer, and the push installation will work correctly.
Problem Installing to Custom Directories using Red Hat 8
The Altiris Agent for UNIX and Linux uses pure native packaging. This means that
install/uninstall/upgrade tasks are performed by RPM on Linux. In Red Hat 8, the RPM
manager does not allow the relocation of packages so you cannot install packages into a
custom directory (only to the default directory that was configured during the RPM
package creation).
If you need to install to a custom location, you will need to update your RPM manager
from the Red Hat site.
If you need to upgrade the 5.6 Agent on Red Hat 8 that is installed to a custom location,
make a software delivery job (while 5.6 solutions are installed), with an updated rpm in
the package, run the job on the client computers, and then you can upgrade clients
without problems.
Altiris Agent for UNIX, Linux and Mac Help
37
Package Server Problems
Altiris Agent for UNIX, Linux and Mac Requires IIS on Windows
Package Server
You may have a problem where the Altiris Agent is not getting packages from a package
server. With Notification Server 6.0 you can use a Windows computer as a package
server even if it does not have IIS installed. The Altiris Agent for UNIX, Linux and Mac
requires IIS whereas Windows clients do not. If a package server is installed,
Notification Server will no longer deliver packages, but will require all client computers
to get them from the package server. If no package server has IIS, then UNIX, Linux
and Mac client computers will not be able to get packages.
aex-bootstrap Can’t Use Package Servers
During the Altiris Agent setup, the aex-bootstrap is downloaded directly from the
Notification Server to the client computer using a script, then aex-bootstrap downloads
agent package and installs it. The aex-bootstrap cannot be downloaded, nor can it
download packages from a package server; it can only use the Notification Server.
Agent Settings
It is possible to create and use two or more agent configuration policies that are
delivered to a client computer. If there are two or more configuration policies for a given
computer or group of computers, it is not possible to control which policy and settings
will be applied first/last. Because of this, it is best to configure only one agent
configuration policy for a particular group of client computers so that they will receive
only one configuration policy.
Altiris Agent Installation Errors
The following table lists possible errors and the reasons for encountering such errors
during the Altiris Agent installation process.
To view Altiris Agent installation errors
1.
From the Altiris Console, click the Configuration tab.
2.
In the left pane, select Configuration > Altiris Agent > Altiris Agent Rollout >
Altiris Agent Installation.
3.
For UNIX or Linux clients, click the Install Altiris UNIX Agent tab. For Mac clients,
click the Install Altiris Macintosh Agent tab.
4.
Click the View Remote Connection Logs button.
5.
Double-click the computer entry that you want to view.
Altiris Agent for UNIX, Linux and Mac Help
38
Remote Connection Log
Possible Reasons
Connect (SSH, Telnet) has Failed
z
The password is incorrect.
Computer suse-ten-one(192.168.0.1)
might be switched off.
z
The firewall is blocking the connection.
z
SSH or Telnet services are not running
or not installed.
z
SSH or Telnet services are listening on a
non-default port.
z
Login timeout is too small.
z
Computer is not powered on.
z
Operating System is not running.
z
Computer is not running a UNIX, Linux
or Mac Operating System.
z
Computer with this IP does not exist.
Connect (SSH Key) has Failed
z
Computer suse-ten-one(192.168.0.1)
might be switched off.
SSH service is not running or not
installed.
z
SSH service is listening on a non-default
port.
z
The target computer is not configured to
use SSH key authorization.
z
SSH key password is incorrect.
z
Root logins are not allowed through
telnet.
z
The password is not correct.
z
Login timeout value is too small.
z
Command timeout value is too small.
z
The target computer is using an
unsupported command-line prompt.
z
The command-line prompt on the target
computer does not match the prompt
specified on the Push Install Settings
page.
You may also need to check the
credentials supplied, the firewall rules
on the computer and its SSH or telnet
configuration.
You may also need to check the
credentials supplied, the firewall rules
on the computer and its SSH or telnet
configuration.
Welcome to SUSE LINUX 10.1 (i586) Kernel 2.6.16.13-4-default (1).
suse-ten-one login: root
Password:
Login incorrect
suse-ten-one login:
Connection terminated because of
inactivity for X seconds.
Altiris Agent for UNIX, Linux and Mac Help
39
Issues when Uninstalling the Altiris Agent for UNIX,
Linux and Mac
When installing the Altiris Agent for UNIX and Linux, you can specify different paths for
packages directory, temporary directory, and the events directory. During an
uninstallation, only the directory where the Altiris Agent itself was installed is removed,
and not the others.
Example:
During the installation you may use /fisc/altiris/unixagent as the installation directory.
For SWD packages you may use the /var/mypacks directory. For the queue you may use
the /var/spool/altirisev location.
When uninstalled, only the /fisc/altiris/unixagent will be removed and all others will
remain. They are not deleted because some files in the /var directory may be sharing
these folders, and deleting these files would make the computer unable to boot at all.
Troubleshooting Network Problems
The benefit of a remote management product is that the server and managed computer
systems communicate on a regular basis. If communications are impeded or
inaccurately setup, then the management application cannot run as designed. The
network protocols to check are as follows:
z
TCP/IP Validation (page 40)
z
SSH and Telnet Validation (page 41)
z
Domain Name System (DNS) Validation (page 42)
z
HTTP Communication Validation (page 43)
TCP/IP Validation
Verify that the Notification Server can communicate with the client computer over TCP/
IP by using the “ping” utility.
To verify TCP/IP is working correctly
1.
From the Notification Server computer, select Start > Run.
2.
In the Open text box, type cmd, and then click OK. The command session page
appears.
3.
From the command line, type “ping xxx.xxx.xxx.xxx”, where xxx.xxx.xxx.xxx
is the IP address of the target UNIX computer, and then press Enter. This will ping
the IP address of the computer, which tests the network connection. You could
receive one of the following messages:
„
“Reply from the host” - Indicates a valid TCP/IP route.
„
“Destination unreachable” - Indicates a bad configuration of TCP/IP or no
response from the host.
„
“Request timed out” - Indicates a bad configuration of TCP/IP or no
response from the host.
Altiris Agent for UNIX, Linux and Mac Help
40
SSH and Telnet Validation
Push installation of the Altiris Agent for UNIX, Linux and Mac is performed through a
SSH or Telnet connection.
To verify SSH or Telnet is working correctly
1.
Connect to the target computer from the Notification Server computer using a SSH
utility, such as Putty, or use “telnet” command-line utility.
To connect using Telnet:
a.
From the Notification Server computer, click Start > Run to open a command
session.
b.
In the Open text box, type “cmd”, and click OK. The command session window
appears.
c.
From the command line, type “telnet xxx.xxx.xxx.xxx”, where
xxx.xxx.xxx.xxx is the IP address of the target computer, and then press Enter.
If you get an error then the SSH or Telnet may be disabled on the target computer,
a firewall may be blocking the connection, or the computer may be switched off.
2.
Log on to the target computer by typing the privileged user name (root) and
password.
If SSH or Telnet does not allow root access, do the following:
a.
Log on using a non-privileged user name and password, and then note the
system prompt for that user.
Example:
[yourprompt]>
The last character “>” is used to determine the non-privileged user during push
installation. In the Altiris Console, verify that this character is present in the
User Prompt field, on the Push Install Settings dialog.
3.
b.
From the command line, type “su root” or “su <root equivalent user
name>”, and press Enter.
c.
Type the password, and press Enter.
Note the system prompt for root. Usually it ends with a “#” character. In the Altiris
Console, verify that this character is present in the Privileged Account Prompt field,
on the Push Install Settings dialog.
Note
Be sure that the last character of the privileged user command-line prompt, which is
usually a “#”, is different from the last character of the non-privileged user prompt,
otherwise the push installation script will not be able to log on using the unprivileged
user and installation will fail.
If you can log on and the prompts match those specified in the Push Install Settings
dialog, the push installation should succeed.
Altiris Agent for UNIX, Linux and Mac Help
41
Domain Name System (DNS) Validation
DNS resolution is required if hostnames are used in the configuration of the Altiris
Agent. The “Server-1” variable, from the client.conf configuration file located in /opt/
altiris/notification/nsagent/etc directory, indicates the hostname of the Notification
Server. A failure can occur if the DNS server cannot resolve the hostname into an IP
address.
To verify DNS is configured
1.
On the target UNIX computer with the Altiris Agent installed, log on using a root or
root equivalent user name and password.
2.
From the command-line interface, type “/opt/altiris/notification/
nsagent/bin/aex-helper info ns” to determine if hostnames are being used
in the configuration of the Altiris Agent. The output result can be:
„
An IP address - “172.15.3.2”.
If the output is an IP address, DNS is not used for communication with the
Notification Server, and no further action is required; however, you should verify
that this is the IP of the Notification Server.
3.
„
A hostname - “ns”.
„
A Fully Qualified Domain Name - “ns.mycompany.com”.
If the output is a hostname or Fully Qualified Domain Name (FQDN), verify that you
can ping the Notification Server. From the command line, type “ping
ns.mycompany.com”, where ns.mycompany.com is the hostname of the
Notification Server, exactly as returned by aex-helper command in the previous
step.
„
If the ping succeeds, the DNS resolution works. If you can see an IP address in
the command output, verify that the IP address being pinged is the IP of the
Notification Server. The Altiris Agent should be able to communicate with the
Notification Server.
„
If you get an error, like “ping: unknown host ns.mycompany.com”,
proceed to the next step.
4.
From the command line, type “nslookup ns.mycompany.com”, where the
ns.mycompany.com is the hostname of the Notification Server. The output should
reflect the DNS server being queried, the hostname you entered, and the IP address
that is registered with the DNS server. If DNS query returns an error, check the
contents of the /etc/resolv.conf file. This determines which DNS servers your
computer is configured to communicate with and the list of domains to search when
resolving a hostname. Ping the DNS server to see if you get a response.
5.
If it is not possible to configure the DNS name resolution at this time, as a
temporary solution, add the following line at the end of the /etc/hosts files on the
target UNIX computer:
172.15.3.2 ns.mycompany.com ns
where “172.15.3.2” is the IP, “ns.mycompany.com” is the FQDN, and “ns” is the
hostname of the Notification Server.
Altiris Agent for UNIX, Linux and Mac Help
42
Note
If you have Package Servers on your network, you need to add a hostname-toaddress mapping for each Package Server to the /etc/hosts file, otherwise the Altiris
Agent cannot download software delivery packages.
HTTP Communication Validation
UNIX data is posted to the Notification Server through HTTPS or HTTP. One way to test
that the Internet Information Services (IIS) on the Notification Server is responding to a
HTTP post request, is to investigate the response from the IIS server.
Note
If the environment variables all_proxy, ftp_proxy and http_proxy are set to a proxy
server that cannot reach the Notification Server you can get the following message
“HTTP attempt returned -2147413111 ‘Failed to connect to the specified URL, <URL>’”.
Either do not use the proxy server or make sure that the proxy server can access
Notification Server.
To verify HTTP is working correctly
1.
On the UNIX computer, in a command console (shell), run the following command:
“telnet xxx.xxx.xxx.xxx 80” (where xxx.xxx.xxx.xxx is the IP address of the
Notification Server and 80 is the port utilized by HTTP).
The responses will be one of the following:
„
„
“Connection Refused” - The IP address (xxx.xxx.xxx.xxx) is not
listening on port 80 (no HTTP services), which means there is a problem with
IIS.
“Connected to xxx.xxx.xxx.xxx” - The server is listening on port 80 and
is waiting for further instructions.
2.
If you received the “Connected to...” message, type the command:
“GET http://xxx.xxx.xxx.xxx/Altiris/” (where xxx.xxx.xxx.xxx is the IP
address of the Notification Server)
The return response from the IIS server can vary; however, in most cases you will
receive one of the responses listed below, along with lots of data. The first line
returned after the “GET” command is where to look for the response.
„
“HTTP/1.1 200 OK” - The system is listening and responding. The page
requested exists and the requestor has the appropriate rights to get access.
„
“HTTP/1.1 401 Access Denied” - This means that either the page does not exist
or that the requestor does not have the appropriate permissions to access the
page. This would necessitate investigation of the IIS server and services on the
Notification Server for resolution.
Additional Troubleshooting Tips
When applicable, the following steps can help to determine where problems may be
happening.
Altiris Agent for UNIX, Linux and Mac Help
43
Using the log file
There is a log file called aex-client.log where information is logged as different processes
run and have output. When troubleshooting, there is a way to view the log in real-time
as you are trying to narrow down any problems.
The first thing to do is to make sure that “debug_level” is set to “devnote” and
"debug_file_size" is set to "0" in the client.conf. This will provide as much information as
possible on what is happening on the system at any given time. Restart the Altiris Agent
by running "./rcscript restart" in the Altiris Agent's bin directory to make sure that new
debug log settings will take effect.
Note
When contacting support you may be asked to provide a log produced by the Altiris
Agent. The log file can be quite large, and it is preferred to note at what time the
problem has occurred. This way the problem can be located with less effort.
For UNIX and Linux, the default location of the log file is
/opt/altiris/notification/nsagent/var
For Macintosh, the default location of the log file is
/Applications/Utilities/Altiris/NSAgent/.var
The log file name and paths are also configurable in the Altiris Agent Configuration
Settings.
To view the log in real time, from the UNIX command line run the command:
tail -f
/opt/altiris/notification/nsagent/var/aex-client.log
This will output to the screen any log entries as they occur. From another console screen
(or session), you could then run any of the utilities and watch their output to see what is
occurring.
Altiris Agent for UNIX, Linux and Mac Help
44
Appendix
The client.conf file contains the configuration settings for the Altiris Agent for UNIX,
Linux and Mac. The client.conf file is installed to a subdirectory of the default location for
the Altiris Agent install. The directory where client.conf is located (/opt/altiris/
notification/nsagent/etc in the case of a default installation on UNIX and Linux) is the
central repository of all configuration settings for the Altiris Agent and for any
subagents, such as the Software or Inventory Agents.
At installation time, the Altiris Agent installer will modify settings in the client.conf file
specific to your installation. For example, the installer will set the “installdir” value
in the “[Notification Servers]” section.
While this information is important to understand, most of the elements in the this file
are now available through the user interface. It is recommended that you use the Altiris
Console to navigate to the configuration pages that you want to change and limit editing
the client.conf file.
Sample client.conf file
The sample file below is the same as the client.conf file installed to your UNIX computer
although it is highlighted to help you easily find the descriptions for each section. The
text in italics denotes description, while the bold denotes the beginning of each section.
Caution
Watch for sections that specify “DO NOT EDIT” as editing these sections will interfere
with internal program function.
client.conf
# This is the NS Agent primary configuration file.
# This file is broken into sections, delimited by the section
headings enclosed in square brackets. Comment lines begin with a
'#'. Values with (readonly) in the description, are written by the
Agent and should not be edited. Values with (NS-Specified) in the
description are replaced with values from policies, and can be
changed for all UNIX Computers using the NS console GUI. Values
used internaly are marked "DO NOT EDIT". Values which contain the
string "%installdir%" in the right hand side, will have the
"%installdir%" string replaced with the actual value of the
installdir value. "installdir" is the only value that works in such
a way. This file contains the configuration settings for both the
Agent and SWD and Inventory Solutions.
[Version]
Altiris Agent for UNIX, Linux and Mac Help
45
# (readonly) Agent's version
# (readonly) Agent major version.
agent_major=6
# (readonly) Agent minor version.
agent_minor=2
# (readonly) Agent build version.
agent_build=1302
# (readonly) NS major version, detected by the agent.
ns_major=6
# (readonly) NS minor version, detected by the agent.
ns_minor=0
# (readonly) NS build version, detected by the agent.
ns_build=6074
[Configuration]
# The Configuration section contains the main settings used by the
Agent and solutions.
# The directory the Agent is installed to.
installdir=/opt/altiris/notification/nsagent
# The location to be used for temp files.
tmpdir=/tmp
# The location where the links to the agent executables are
created; should be in the PATH of users.
bindir=/usr/bin
# DO NOT EDIT. The Scenario GUID used for sending basic inventory.
scenario_guid_basicinv=BasicInventory
# The location where the UNIX Computer's GUID (assigned by the NS)
is stored.
guid_guid_file=/opt/altiris/notification/nsagent/etc/host.GUID
# Location where the Inventory Solution's collector finds the
output of the inventory agents and where regular events are queued.
event_queue_dir=/opt/altiris/notification/nsagent/var/queue
# This is the file extension used for NS events in the queue
directory.
event_file_extension=.nse
# Task Scheduler storage path.
task_storage_path=/opt/altiris/notification/nsagent/var/tasks
Altiris Agent for UNIX, Linux and Mac Help
46
# Task Scheduler file extension.
task_file_extension=.nst
# Package Delivery storage path.
package_storage_path=/opt/altiris/notification/nsagent/var/
packages
# Package Delivery behavior during package download. Set to 1 to
disable detection of the server with the best throughput when
several package servers are available on the network. If set to 1 a
package server will be chosen randomly.
package_disable_server_pings=0
# Package Delivery interval between package integrity checks (in
minutes). If set to a value less than 9 minutes, then 9 will be
used."
package_refresh_interval=1440
# Package Delivery interval between package removal checks (in
minutes). If set to a value less than 5 minutes, then 5 will be
used.
package_check_removed_packages_interval=30
# How many download attempts for each package will Package Delivery
perform until download is successful. Set to zero to specify
unlimited attempts.
package_max_total_tries=0
# How long Package Delivery will continue attempting to download a
package, when the download fails. 2 weeks by default, (in minutes)
package_max_total_tries_time=20160
# How long Package Delivery waits between download attempts (in
minutes).
package_retry_delay=3
# package_retry_delay will be multiplied by this factor on each
next download attempt. So in the case of an initial 3 minute delay,
the delays between attempts will become 6, 12, 24, minutes, up to
the maximum below.
package_retry_delay_factor=2
# The maximum value for delay between unsuccesfull downloads (in
minutes).
package_max_retry_delay=120
# The number of packages simultaneously downloaded.
package_simultaneous_downloads=5
# Software Delivery Agent storage path.
swd_storage_path=/opt/altiris/notification/nsagent/var/swd
# Directory used for log storage etc.
var=/opt/altiris/notification/nsagent/var
Altiris Agent for UNIX, Linux and Mac Help
47
# (NS specified) Location of the Agent's log file.
debug_output=/opt/altiris/notification/nsagent/var/aex-client.log
# Layout of the Agent's log message. The logged message is printed
according to the specified format, where:
# %d - the timestamp of the message
# %l - the level (priority) of the message
# %L - the name of the logger produced the message
# %f - the full name of the logger produced the message
# %m - the text of the message
# %s - source code location produced the message
# %t - the thread ID produced the message
# %p - the process ID
# %P - the parent process ID
# %q - the name of the process
# %% - the single percent sign
debug_file_layout=%l %d
%p
%t
%q::%L > %m
# (NS specified) Maximum size of the Agent's log files in
Kilobytes. The value specified by this parameter describe the total
size of main Agent's log file and also the size of backup copies.
debug_file_size=0
# The number of backup copies of the main log file.
debug_backup_copies=5
# (NS specified) Logging level for the agent. Possible values, from
least to most logging, are ERROR, WARNING, INFO, DEBUG, DBGVERBOSE
and DEVNOTE.
debug_level=devnote
# (NS specified) Logging level for the agent to the system log.
Possible values, from least to most logging, are NONE, ERROR,
WARNING, INFO.
syslog_level=None
# (NS specified) If true, the Agent will try downloading all http
URLs as https first. Once the agent gets its first policy list,
this value will be set to whatever specified in the NS Console.
use_https=False
# (readonly) Value set (on startup) to the detected OS Locale
os_locale=C
# In order to specify different runlevels, you will have to
reconfigure the agent.
# (readonly) run-levels, on which the Agent should start
runlevels_start=2 3 5
Altiris Agent for UNIX, Linux and Mac Help
48
# (readonly) run-levels, on which the Agent should stop
runlevels_stop=0 1 4 6
# Directory to which the policy XML files are cached.
policies_cache_dir=/opt/altiris/notification/nsagent/var
# If set to 1, the Agent will use domain values in /etc/resolv.conf
to report the Unix computer's domain.
basicinv_use_resolv_conf=1
# Value set in DNS Server number 3 if a DNS error is detected (i.e.
if no NIC has the IP returned by resolving the hostname of the Unix
computer)
basicinv_ip_error_return_value=
# DO NOT EDIT. GUID for basic Inventory
basicinv_policy_guid=BasicInventory
# (NS specified) Defines what is to be reported as host name:
computername or hostname - computer name on Mac and hostname on
Linux and UNIX (default); DNS - hostname part of the DNS-resolved
name of the computer.
basicinv_report_hostname=hostname
# (NS specified) Defines what is to be reported as domain name:
empty - an empty string (default); DNS - domain name part of the
DNS-resolved name of the computer.
basicinv_report_domain=DNS
agent_start_time=1159386540
[Client Transport]
# This section specifies various communication settings.
# Transport timeout in seconds. If a server fails to respond within
the specified time, the connection resets.
transport_timeout=60
# This setting specifies the base URL used to communicate with an
NS. The value "%server% in the URL should be left as is because it
is internally substituted by the Agent.
ns_url_format=http://%server%/Altiris/
# Relative location of the NS page used to process events on an NS.
ns_postevent_page=NS/Agent/PostEvent.asp
# Relative location of the NS page used by the Agent to get a GUID
for the UNIX Computer.
ns_createresource_page=UnixAgent/CreateResource.aspx
# Relative location of the NS page used by the Agent to obtain
policies.
Altiris Agent for UNIX, Linux and Mac Help
49
ns_clientpolicies_page=NS/Agent/GetClientPolicies.aspx
# Relative location of the NS page used by the Agent to get package
information.
ns_packageinfo_page=NS/Agent/GetPackageInfo.aspx
# DO NOT EDIT. Post variable used in Event posting.
httppost_var_name=XML
# (NS specified) Max time after a blockout or start to wait before
commencing comms.
post_blockout_random_wait=0
# (NS specified) SSL setting that enables peer verification via
certificates on the host.
ssl_verify_peer=0
# (NS specified) SSL setting that enables host verification (host
matches host in remote cert).
ssl_verify_host=0
# (NS specified) SSL setting that specifies certificate file for
peer verification.
ssl_ca_info=
# (NS specified) SSL setting that specifies certificate directory
for peer verification.
ssl_ca_path=
# (NS specified) Settings for compression.
# Whether event compression is enabled (1 - enabled, 0 - disabled).
compression_enabled=true
# Event Size in kilobytes. Events over this size will be sent
compressed.
compression_eventsize=0
curr_post_blockout_wait=
lowwatermark=50000
blockout_use_utc=0
blockout_periods=
blockout_durations=
blockout_limits=
throttling_use_utc=0
throttling_periods=
throttling_durations=
throttling_limits=
Altiris Agent for UNIX, Linux and Mac Help
50
[Tickle]
# (NS specified) This section controls the Tickle(message listener)
feature.
# All values below are specified by the Policy XML.
enabled=true
tcpip_port=52028
multicast_group=224.0.255.135
multicast_port=52029
# These optional values (defaults indicated) control tickle
overload (all times in seconds).
# Time to pause when overload detected. Values less than 600 can
compromise tickle funcion.
overload_pause_time=600
# Time between two message considered close (10 secs).
overload_short_period=10
# Maximum number of close messages received in a row before
overload is triggered.
overload_short_max=10
# Time between messages considered long (10 mins).
overload_long_period=600
# Maximum number of long messages received in a row before overload
is triggered.
overload_long_max=10
[Event Queue]
# This section contains specific settings for the Event Queue of
the Agent.
# Queue backoff is used whenever events cannot be sent to the NS.
Backoff uses the "levelX-delay" and "levelX-retries" settings
(where X is the numbers 1,2,3,4 etc being the level of backoff) All
levels between 1 and X must be present for X to be used). All
values are in seconds. Default is every 60 seconds for forever (not
advisable). Once the last level is reached, it is used thereafter
regardless of its retries count setting.
# once per minute for 15 minutes
level1-delay=60
level1-retries=15
# once every five minutes for an hour
Altiris Agent for UNIX, Linux and Mac Help
51
level2-delay=250
level2-retries=12
# once every 30 minutes for 4 hours
level3-delay=1800
level3-retries=8
# once every 2 hours for 24 hours
level4-delay=7200
level4-retries=12
# once every 10 hours for ever
level5-delay=36000
level5-retries=1
# (readonly) This value is the current backoff level.
backoff_level=1
# (readonly) This indicates the number of failed attempts to
communicate with the NS.
retry_count=0
# Set hold_queue to 1 to stop sending events.
hold_queue=0
[MachineID]
# This section contains specific settings for the Machine
Identification of the Agent.
# Set the period in seconds for checking the connectivity of the
agent.
connectivity_check_period=300
# Set the number of last user logons for the primary user
determination.
primary_user_last_logons=60
# This value specifies which Apache directory is used for the
Package Server. This directory must have FollowSymLinks and some
other values defined in order to have the "Apache" role sent which
allows this machine to be a Package Server candidate. See the
Package Server docs for more details.
ps_integration_dir=Altiris/PS
# This value controls the sending of the Apache role for Package
Server Integration.
# "auto" (default) will check for Apache and check Apache
configuration. Other possibilities are "always" and "never".
ps_send_apache_role=auto
Altiris Agent for UNIX, Linux and Mac Help
52
connectivity_total_time=1
connectivity_lan_time=1
connectivity_wan_time=0
connectivity_none_time=0
[Notification Servers]
# This section lists the name/IP of the notification server where
the agent gets its policy XML from. This is used by the policy
manager, currently only the first server is used (in future that
will be the default server).
Server-1=ns.mycompany.com
[Object Manager]
# This section contains the Agent Object Manager specific settings.
IORFilePath=/opt/altiris/notification/nsagent/etc/om-ior
# This value, in minutes, specified how often the Object manager
checks to see which subagents have not been used and may be
unloaded.
checkperiod=1
[Agent Monitor]
# Maximum allowed time, in seconds, of the policies update process.
Set this value to 0 to disable monitoring of the policies update,
otherwise the minimum allowed value is one minute (default 15 min).
wait_policies_update=900
# This is the frequency, in seconds, at which the Monitor checks
the Agent. The minimum allowed value is one minute (this is the
default).
agent_checkup_interval=60
# This is the interval, in seconds, at which aex-diagnostics tool
is used to check the Agent. Set this value to 0 to disable
diagnostics checking, otherwise the minimum allowed value is one
minute (default is 30 min).
diagnostics_startup_interval=900
# Maximum time, in seconds, to allow for the diagnostic process.
Minimum allowed value is one minute (default is 3 min).
diagnostics_timeout=180
Altiris Agent for UNIX, Linux and Mac Help
53
[Policy Manager]
# (NS specified) This is the frequency, in seconds, at which the
Agent checks for new/changed policies.
policies_request_interval=60
# (NS specified) This is the interval, in seconds, at which basic
inventory is sent to the NS.
basicinv_send_interval=900
# (readonly) This is the last time, seconds since the epoch, basic
inventory was sent.
basicinv_last_sent=1159044550
# (readonly) This is the last time, seconds since the epoch,
policies were received.
policies_last_updated=1159044623
last_reschedule_int=60
ns.mycompany.com_hash=561A0B21652DC10832B780070F918562
[SWD]
# Values specific to the Software Delivery subagent.
# Location where SWD Packages are downloaded to. A directory will
be created for each package. Directories are named after the
Package GUIDs.
swd_temporary_dir=%installdir%/var/
# 'nice' value for the low priority setting of the SWD Ad page of
the NS
swd_lowpriority=9
# 'nice' value for the normal priority setting of the SWD Ad page
of the NS
swd_normalpriority=1
# 'nice' value for the high priority setting of the SWD Ad page of
the NS
swd_highpriority=-9
# 'nice' value for the very high priority setting of the SWD Ad
page of the NS
swd_veryhighpriority=-19
# (NS specified) Credentials to use when accessing packages (Empty
values indicate anonymous).
pkg_access_username=Adm4
pkg_access_password=C858rZDdLY=
Altiris Agent for UNIX, Linux and Mac Help
54
# The number of last outputs to save for an SWD task. Specify 0 to
disable saving outputs at all.
swd_max_output_history_length=1
swd_download_immediate=true
[Class Servers]
# DO NOT EDIT. This section, along with the section names in the
right hand side of this section (below) are used internally by the
Object Manager to map requests for a particular sub agent to the
server that implements it.
Altiris.AeXClientTransport=AeXClientTransport
Altiris.AeXNfySvrClientEvent=AeXNfySvrClientEvent
Altiris.AeXMachineID=AeXMachineID
Altiris.AeXPolicyManager=AeXPolicyManager
Altiris.AeXNSClientConfigUpdate=AeXNSClientConfigUpdate
Altiris.AeXTaskScheduler=AeXTaskScheduler
Altiris.SWD=AeXSWDClientAgent
Altiris.SWDAgent=AeXSWDClientAgent
Altiris.SWDTaskProcessor=AeXSWDClientAgent
Altiris.AeXPackageDelivery=AeXPackageDelivery
Altiris.AeXTickleAgent=AeXTickleAgent
Altiris.AeXNSManager=AeXNSManager
Altiris.InventorySettings=AeXInvConfigAgent
Altiris.HttpdIntegration=AeXHttpdIntegration
[AeXClientTransport]
exe=/opt/altiris/notification/nsagent/bin/aex-clienttransport.so
[AeXNfySvrClientEvent]
exe=/opt/altiris/notification/nsagent/bin/aex-clientevent.so
[AeXMachineID]
exe=/opt/altiris/notification/nsagent/bin/aex-machineid.so
[AeXPolicyManager]
exe=/opt/altiris/notification/nsagent/bin/aex-policymanager.so
Altiris Agent for UNIX, Linux and Mac Help
55
[AeXTaskScheduler]
exe=/opt/altiris/notification/nsagent/bin/aex-taskscheduler.so
[AeXSWDClientAgent]
exe=/opt/altiris/notification/nsagent/bin/aex-swdclientagent.so
[AeXNSClientConfigUpdate]
exe=/opt/altiris/notification/nsagent/bin/aexclientconfigupdate.so
[AeXPackageDelivery]
exe=/opt/altiris/notification/nsagent/bin/aex-pkgdelivery.so
[AeXTickleAgent]
exe=/opt/altiris/notification/nsagent/bin/aex-tickleagent.so
[AeXNSManager]
exe=/opt/altiris/notification/nsagent/bin/aex-nsmanager.so
[AeXInvConfigAgent]
exe=/opt/altiris/notification/nsagent/bin/aex-invconfigagent.so
[AeXHttpdIntegration]
exe=/opt/altiris/notification/nsagent/bin/aex-httpdintegration.so
[Static Agents]
# DO NOT EDIT. This section specifies the initial subagent startup
order.
Altiris.AeXTaskScheduler=AeXTaskScheduler
Altiris.AeXNfySvrClientEvent=AeXNfySvrClientEvent
Altiris.AeXPolicyManager=AeXPolicyManager
Altiris.AeXTickleAgent=AeXTickleAgent
[Unix Inventory]
Altiris Agent for UNIX, Linux and Mac Help
56
# (NS specified) Unix Inventory settings will be added here when
set by policies.
# Enable remote filesystems information
agentdisk_include_remote_fs=no
status_time_as_gmt=0
nis_objects_maxrows=50
agent_rpminfo_senddesciption=no
[Filescan Parameters]
# Location of Filescan parameters filled in by Policy XML
crcfileportion=2048
filemode=no
fstypesallowed=
fsexcludelist=nfs,autofs
donfsdirs=no
[Filescan Included Dirs]
# Location of included dirs filled in by Policy XML
dir0001=/bin
dir0002=/sbin
dir0003=/usr
dir0004=/lib
dir0005=/opt
[Filescan Excluded Dirs]
# Location of excluded dirs filled in by Policy XML
dir0001=/etc
[Httpd Integration]
# This section contains optional values used only when the Httpd
detection integrates with a different version of Apache than what
is desired. In general its best to leave these values as the
defaults (shown).
# Setting this value overrides any search for httpd(2), if set only
this value is used.
apache_exe_location=
Altiris Agent for UNIX, Linux and Mac Help
57
# Setting this value overrides any Apache compiled in or default
values. Can be used if the -f option has been used on Apache to
specify a different locaiton for the config file.
apache_config_location=
# When both https and http are available this specifies which of
the two will be used. In case of NS 6.0 SP3 or higher, the value of
this setting is specified by the NS.
integrate_with=https
# This setting defines the location relative to the package server
install where Apache auth files are kept.
authfiles_location=var/authfiles
# This setting specifies any variables passed to apache on the
command line. This is used when parsing the config file to
determine which <IfDefine> nodes are used. If missing or empty this
value is assumed to be "HAVE_SSL,SSL". Set value to "NONE" if the
Apache server is not running SSL and the SSL nodes need to be
skipped.
ifdefine_variables=HAVE_SSL,SSL
[Client Details]
# This section contains Client Details values reported in
Inventory.
SerialNumber=
AssetTag=
EmployeeID=
ContactName=
ContactPhone=
ContactEmail=
Location=
Department=
Descriptions=
Altiris Agent for UNIX, Linux and Mac Help
58
Index
A
O
aex-bootstrap 27
using with package servers 38
operating systems
supported UNIX systems 9, 10
agent
basic settings 14
configuration 11
deploying 16
settings 10
agent architecture 6
P
program objects 6
pull installation 25
push installation 16
agent files 32
S
B
SSH and Telnet Validation 40
bandwidth/throttling settings 14
C
certificates 13
client.conf 45
configuring agent 11
CSV file 23
SSH Key Generator 22
SSL Certificates 12
System Requirements
hardware requirements,
UNIX 9, 10
UNIX systems 8
T
TCP/IP Validation 40
D
troubleshooting 36, 36
deploying the agent 16
download the altiris agent for
UNIX 10
E
error log files 12, 21
F
files
agent 32
I
installation
pull 25
installaton
manual 26
Inventory Solution 6
L
log files 12, 21
N
Namserv Error 12
notification policy 7
Altiris Agent for UNIX, Linux and Mac Help
59
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertisement