Basic Administration - Symantec DCS:SA

Guestbook

Show current configuration

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
# su - sisips -c "/opt/Symantec/sdcssagent/IPS/bin/sisipsconfigtool -v"
---------------------------------------------------------------------------
Agent Configuration Tool version 6.8.2.756
---------------------------------------------------------------------------

Server Host List - 192.168.233.105,192.168.233.106
Current Management Server - 192.168.233.105
Port - 443
Protocol - https
Failback Interval - 60 minutes
Utilities Service Port - 2323
CertFile - /opt/Symantec/sdcssagent/IPS/certs/keystore
Tracing - false
Force Retranslation - false
Prevention Feature - enabled

Update a new server agent-ssl certification

1
2
3
4
5
# su - sisips -c "/opt/Symantec/sdcssagent/IPS/bin/sisipsconfigtool -certfile /tmp/agent-cert.ssl"
---------------------------------------------------------------------------
Agent Configuration Tool version 6.8.2.756
---------------------------------------------------------------------------
The cert file has been modified

Self-register

1
2
3
4
5
# su - sisips -c "/opt/Symantec/sdcssagent/IPS/bin/sisipsconfigtool -forcereg"
---------------------------------------------------------------------------
Agent Configuration Tool version 6.8.2.756
---------------------------------------------------------------------------
The agent will be forced to reregister

Update management server host

1
2
3
4
5
6
7
8
9
10
11
12
13
14
root@sduxapps01:/root# su - sisips -c "/opt/Symantec/sdcssagent/IPS/bin/sisipsconfigtool -h 10.114.234.105"
---------------------------------------------------------------------------
Agent Configuration Tool version 6.8.2.756
---------------------------------------------------------------------------
The Management Server host list has been modified

root@sduxapps01:/root# su - sisips -c "/opt/Symantec/sdcssagent/IPS/bin/sisipsconfigtool -t 1"
---------------------------------------------------------------------------
Agent Configuration Tool version 6.8.2.756
---------------------------------------------------------------------------

Testing connection to server 10.114.234.105

Connection to server successful

Stop and start UNIX agent (AIX, Linux)

1
2
3
4
5
6
7
/opt/Symantec/sdcssagent/IDS/bin/sisidsagent stop
/opt/Symantec/sdcssagent/IPS/bin/sisipsagent stop
/opt/Symantec/sdcssagent/IPS/bin/sisipsutil stop

/opt/Symantec/sdcssagent/IDS/bin/sisidsagent start
/opt/Symantec/sdcssagent/IPS/bin/sisipsagent start
/opt/Symantec/sdcssagent/IPS/bin/sisipsutil start

Gather AIX agent log for support (Broadcom)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
# rpm -ql sdcss-6.9.0-448.aix.ppc | grep -i get
/opt/Symantec/sdcssagent/IPS/tools/getagentinfo.sh

# /opt/Symantec/sdcssagent/IPS/tools/getagentinfo.sh
Collecting Install Logs...
Collecting System Info...
Collecting syslog.conf File...
Collecting syslog Files...
Collecting System Startup Info...
Collecting Agent Logs...
Collecting symantec dir...
Collecting AMD Configuration Settings...
Collecting IPS Configuration Settings...
Collecting IDS Configuration Settings...
Collecting Agent Environment Settings...
Collecting Agent Core Files...
Collecting audit information for AIX platform
Collecting /etc/security/audit
Collecting the output of running /usr/sbin/audit query
Collecting the output of audit directory
Gathering snap data (this may take a couple minutes)...
Zipping Info...
Cleaning Up...

*** Please send the Info File:
***   /tmp/20250207_103247_0001_CU_ppuxinap01.tar.gz
*** to Broadcom

Show loaded modules status

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
# /usr/lib/symantec/status.sh
Symantec Agent for Linux
Symantec Data Center Security Server Agent (DCS) 6.9.3.2543

Daemon status:
  sisamdagent          running
  sisidsagent          running
  sisipsagent          running
  sisipsutil           running

Module status:
  sisips               not loaded
  sisfim               not loaded
  sisevt               not loaded
  sisap                not loaded

[root@sulxmail02 ~]# mokutil --sb-state
SecureBoot enabled

[root@sulxmail02 ~]# mokutil --sb-state
SecureBoot disabled
[root@sulxmail02 ~]# /usr/lib/symantec/status.sh
Symantec Agent for Linux
Symantec Data Center Security Server Agent (DCS) 6.9.3.2543

Daemon status:
  sisamdagent          running
  sisidsagent          running
  sisipsagent          running
  sisipsutil           running

Module status:
  sisips               loaded
  sisfim               loaded
  sisevt               loaded
  sisap                loaded

AMD

1
2
/opt/Symantec/sdcssagent/AMD/sef/Logs/lux.log
/opt/Symantec/sdcssagent/AMD/system/AntiMalware.ini