TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED]  Contact [EMAIL PROTECTED] for help with any problems!
----------------------------------------------------------------------------

Actually...
    You can simply do the following: shut down the issdaemon service of the
Network Sensor, delete the (hostname_username) within "Master Console        =S
hostname_username;" of the daemon.policy file. Do not delete the semicolon after
the "hostname_username" section of the line, however.  Restart the issdaemon
service, and the connect to the network sensor from the console machine. The new
hostname_username will automaticially be applied when you check "master console"
since the edited daemon.policy allows the network sensor to think it has no
master console yet. Basically the same as you wrote, Jim, but only avoiding the
worry of retyping the new master console's hostname_username.

Dane

"Lindley, Jim (ISSAtlanta)" wrote:

> TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
> [EMAIL PROTECTED]  Contact [EMAIL PROTECTED] for help with any problems!
> ----------------------------------------------------------------------------
>
> Ok, here's how it's done.
>
> Way 1.  When you install the original console, ARCHIVE the private keys to a
> floppy and make copies of the public key files to the same floppy.  THEN
> GUARD THAT FLOPPY WITH YOUR LIFE!  When you have to replace a damaged or
> missing console, go ahead and install on a CPU with the SAME HOST NAME and
> SAME USER ACCOUNT and then restore the archived keys when offered the chance
> during RS COnsole Installation.  When the new console authenticates with the
> keys that ARE ALREADY ON THE ENGINE, then the engine believes that the new
> console IS the old console and EVERYBODY'S HAPPY!
>
> Way 2.  OOPS!  I didn't archive the keys, the host name is different, the
> user name is different, my console computer died, crashed, etc.  Go to the
> NETWORK Sensor and log in locally (We did tell you that the Network Sensor
> should be PHYSICALLY secured, right?  And that there should be only ONE
> active account, the RENAMED Administrator with a REALLY GOOD PASSWORD,
> right?), find a file under \program files\iss\realsecure x.x called
> DAEMON.POLICY.  Open that file in notepad, find the line identifying the
> Master Console (hint...it'll look something like "Master Console        =S
> hostname_username;".  CAREFULLY replace the "hostname_username" with the NEW
> Master Console's host and user name, MAKING VERY SURE TO PRESERVE FORMATTING
> AND CASE!!!  Stop the RealSecure Daemon in Control Panel Services, then
> restart the daemon service, which will cause it to reread the daemon.policy
> file.  Now log on to the new Master Console, monitor the sensor, and you'll
> notice that your menu line "Set Console as Master Controller" will NOT be
> checked.  Click on the menu choice and it will become checked, as the Sensor
> updates the console. This way ASSUMES that you have placed a copy of the new
> Master COnsole's public authentication key in the proper location on the
> Network Sensor.
>
> Since each sensor is responsible for remembering its master, breaking the
> connection, as Stephen suggested", WILL NOT WORK.  The only ways to change
> RS Master Console are the two above AND using the original Console to
> relinquish status, then the FIRST CONSOLE THAT ASKS will become the new
> master.  But that's the gooey way.
>
> James R Lindley
> Anomaly Detection Xpert
> X-Force Surveillance and Reconnaissance Group
> Special Operations Group
> Managed Security Services
> Internet Security Systems Inc
> Vox:  678-443-6323
> Fax:  678-443-6482
> An unquenchable thirst for Pierian Waters.
>
> Internet Security Systems - The Power To Protect.
>
> -----Original Message-----
> From: Michael Wilson [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, August 24, 2000 4:25 PM
> To: Norton.Stephen
> Cc: [EMAIL PROTECTED]
> Subject: RE: Changing Master Console Monitor
>
> TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
> [EMAIL PROTECTED]  Contact [EMAIL PROTECTED] for help with any
> problems!
> ----------------------------------------------------------------------------
>
> Stephen,
>         That's what I thought, and what the documentation says.  However,
> when we tried this, it didn't work.  Very confusing; the network sensor
> insisted that it was still under the control of a non-existent machine.
>
> -Mike Wilson
> -Sr. Security Specialist
> -UNIFIED Technologies
> -Troy, NY
>
> On Thu, 24 Aug 2000, Norton.Stephen wrote:
>
> > Stopping and restarting the network engines will also relinquish Master
> > Console status.  The console is authenticated to the sensor through a
> secure
> > channel.  Anything that breaks that authenticated connection will
> relinquish
> > the MC status.
> >
> >
> > Stephen P. Norton
> > Franchise Tax Board
> > [EMAIL PROTECTED]
> >
> >
> > -----Original Message-----
> > From: Michael Wilson [mailto:[EMAIL PROTECTED]]
> > Sent: Thursday, August 24, 2000 12:26 PM
> > To: [EMAIL PROTECTED]
> > Subject: RE: Changing Master Console Monitor
> >
> >
> >
> > TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message
> to
> > [EMAIL PROTECTED]  Contact [EMAIL PROTECTED] for help with any
> > problems!
> >
> ----------------------------------------------------------------------------
> >
> >
> >       More interesting to me is the question of how you fix things if,
> > for example, you have a master console assigned, but then that machine
> > goes away for whatever reason, without backups.  If you can't go and
> > relinquish properly, then what?  I imagine that this is the situation
> > under discussion - otherwise he probably would have already tried to
> > release it.
> >       I've got a situation like this at a customer site.  In this case,
> > it's immaterial, since we're doing a complete reinstall of the probes
> > for other reasons anyway, but I'm curious to know how to make a probe
> > release it's master without having the master available to make the
> > request.
> >
> > -Mike Wilson
> > -Sr. Security Specialist
> > -UNIFIED Technologies
> > -Troy, NY
> >
> > On Thu, 24 Aug 2000, Norton.Stephen wrote:
> >
> > >
> > > TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message
> > to
> > > [EMAIL PROTECTED]  Contact [EMAIL PROTECTED] for help with any
> > problems!
> > >
> >
> ----------------------------------------------------------------------------
> > >
> > > The message indicates another console ('hostname') has obtained Master
> > > Controller status.  This is granted by the sensors on a first-come,
> > > first-served basis.  If you want your console to be the designated
> Master
> > > Controller, you will need to go to the 'hostname' console and relinquish
> > the
> > > Master Controller status, then go back to your console and re-add the
> > > network engine.  If you are only monitoring the engine, and not making
> any
> > > configuration changes, you shouldn't need Master Controller status.
> > >
> > >
> > > Stephen P. Norton
> > > Franchise Tax Board
> > > [EMAIL PROTECTED]
> >



Reply via email to