Installation Instructions For Verify

Home | Products | Verify for your DMZ | Installation Instructions

Installation Instructions For Verify

These instructions are provided to guide you through the initial installation process.

1. Download Client

Download the VeirfyWizard file to the machine you wish to use as your reference device. This machine should be one that you use to create standard builds, a UAT machine, or the designated "master" in a cluster of machines.

2. Unpack Client

Extract the VerifyWizard file. You may extract the file to any location on the reference machine.

3. Run Client Configuration Wizard

Run the VerifyWizard executable file to start the Verify Configuration Wizard. Complete the steps provided by the wizard.

Step 1:	This step creates a simple policy that will verify the application you select form the provided list. The list is platform specific. You will be provided options for IIS 4, IIS 5,or IIS 6 if you are using Windows or you will be provided options for Websphere, Apache HTTP Server, or Apache Tomcat. The wizard uses pre-defined polices for common commercial applications. You can use the ETS Management Console to create a broader, more comprehensive policy for verifying your machines. Additionally, SignaCert Customer Engineers can provide detailed training or assist you with creating an appropriate policy.
Step 2:	Captures a snapshot of the reference machine based on the specified policy. This snapshot is submitted to the ETS Management Console for comparison with DMZ machine scans performed later. This is a required step.
Step 3:	This step allows you to specify the frequency for scanning DMZ machines, hourly or daily. This step is optional.
Step 4:	This step creates redistributable file based on the wizard results.

4. Approve Snapshot

You will need to log into the ETS Management Console to approve the snapshot, allowing it to be published for use as a reference.

Step 1:

Use the ETS Management console link and the credentials provided to logon

Step 2:

Navigate to Submissions-->Browse

Step 3:

Check the box next to the most recent item displayed and press the approve button to publish the snapshot

5. Test Client

Test the client to prove that it is operational by running the VerifyNow.bat file. Results are can be viewed in one of two ways.

You can view the results locally by opening either the results.xml and report.html file . If you are running windows, the report.html file will launch automatically. If you are using another platform you will need to examine the results.xml file.

You can also view results in the ETS Management Console. However, if this is your first verification, you will likely not detect any deviations and no results will be recorded in the ETS.

If you want to see what deviations look like in the ETS Management Console, simply add a file, remove a file, or modify a file associated with the application you specified above. Run the VerifyNow.bat file to complete a verification. Looking at the results.xml or report.html file will show you immediately what deviations were recorded. Additionally, a link to the ETS Management Console report is provided in the report.html file .

6. Deploy to DMZ Device

Copy the VerifyWizard file to the machines you want to verify in your DMZ and extract. If you created a scheduled task or cron job it will run automatically. If you want to test the deployment immediately, you can use the VerifyNow.bat command.

7. Optional Settings

You can specify a message to be sent to you with each scan using the settings below. Modify the signaclient.properties file that is in the signaclient directory to send an automated alert.

SNMP

Specify the target SNMP server (DNS or IP address), SNMP port, and the SNMP community string.

snmp.serverName=
snmp.serverPort=162
snmp.communityString=public

Syslog

Specify syslog parameters. By default the client logs to the localhost on the default syslog port with all standard fields.

syslog.serverName=localhost
syslog.serverPort=514

If includePRI is true, severity level and facility code will be sent to the syslog daemon.

syslog.includePRI=true

Severity must be set to a number between 0 and 7 (inclusive), or one of the following values: panic, alert, critical, error, warning, notice, info, debug.

syslog.severity=error

The facility must be set to a number between 0 and 23 (inclusive), or one of the following values: kernel, user, mail, daemon, auth, syslog, lpr, news, uucp, cron, local0, local1, local2, local3, local4, local5, local6, local7

syslog.facility=local0

syslog.includeTimestamp=true

If myhostname is set, the given hostname will be reported to the syslog daemon. Otherwise, no hostname will be reported. Most syslog daemons will fill in the hostname automatically if no hostname is reported.

syslog.myhostname=

If tag is set, the given string will be prepended to the body of all syslog messages. This is often used to identify the application from which the syslog message originates. Use \u0020 to include a space between the tag and the body message.

syslog.tag=signacert_ts\u0020

Specify the format of the message. If not specified, a default will be used similar to the sample format below. The following string will be replaced within the actual syslog message:

syslog.format=verification detected ${added} added, ${modified} modified, and ${removed} removed elements

NT Application event log

The event source must be set to identify the source of the message.

eventlog.source=SignaClient

Specify the default severity level. Valid values are info, warn, error.

eventlog.severity=error

Specify the format of the event. If not specified, a default will be used similar to the sample format below. The following string will be replaced within the actual event log description:

eventlog.format=verification detected ${added} added, ${modified} modified, and ${removed} removed elements

Email

Specify your SMTP server (DNS name or IP address).

email.serverName=homer

Specify SMTP port (defaults to 25).

email.serverPort=25

Specify the origination e-mail address

[email protected]

Specify the destination e-mail addresses (comma-delimited)

[email protected]

Specify the email subject

email.subject=Verification Results ${added} added, ${modified} modified, and ${removed} removed elements

>" align="bottom" border="0" height="7" width="9"/>Verify Overview
>" align="bottom" border="0" height="7" width="9"/>How It Works
>" align="bottom" border="0" height="7" width="9"/>Deployment Process
>" align="bottom" border="0" height="7" width="9"/>Technical Specifications
>" align="bottom" border="0" height="7" width="9"/>Technical Support
>" align="bottom" border="0" height="7" width="9"/>Pricing

SignaCert Verify
Early Access Program

We’re providing early access to SignaCert Verify and are looking for customers who need to prove that systems running in their DMZ are very tightly controlled. Sign up today.

>> Sign up!