Paso a paso cómo instalar un WCG 7.8.2 en GNU/Linux
Requisitos de Hardware
Realizar una instalación mínima de RHEL 6.5 Server con 2 placas de red.
Si es una MV clonada en VMWare, hay que borrar las placas de red anteriores.
# rm -f /etc/udev/rules.d/70-persistent-net.rules
Deshabilitar el firewall:
# service iptables stop
# chkconfig iptables off
Para no descargarlo de Internet, se debe utilizar un repositorio local:
# mount -t iso9660 -o loop /dev/cdrom /mnt
Dependencias a instalar:
# yum install bind-utils gd samba-winbind-clients compat-readline5 nc apr-util perl ftp apr tcl krb5-workstation ncurses-devel readline-devel libicu redhat-lsb unzip wget
Comprobar que es posible conectarse la base de datos de Websense vía Internet:
# wget download.websense.com --delete
por Matías Colli
Requisitos de Hardware
- Procesador Quad-core corriendo al menos 2.8 GHz o superior
- Memoria RAM: 6 GB mínimo (8 GB recomendado)
- Red Hat Enterprise Linux 6 de 64-bit
- Almacenamiento: 2 disco (1 de 100GB para el SO, el Content Gateway, y los archivos temporales. 1 de 147 GB para el caching OPCIONAL)
- Debe ser un disco sin formatear, no un sistema montado.
- Debe ser un servidor dedicado y no formar parte de un RAID por software.
Realizar una instalación mínima de RHEL 6.5 Server con 2 placas de red.
Si es una MV clonada en VMWare, hay que borrar las placas de red anteriores.
# rm -f /etc/udev/rules.d/70-persistent-net.rules
Deshabilitar el firewall:
# service iptables stop
# chkconfig iptables off
Para no descargarlo de Internet, se debe utilizar un repositorio local:
# mount -t iso9660 -o loop /dev/cdrom /mnt
# vi /etc/yum.repos.d/rhel.repo
[rhel65]
name=RHEL 6.5 x86_64
baseurl=file:///mnt
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY
gpgcheck=0
enabled=1
# yum install bind-utils gd samba-winbind-clients compat-readline5 nc apr-util perl ftp apr tcl krb5-workstation ncurses-devel readline-devel libicu redhat-lsb unzip wget
Comprobar que es posible conectarse la base de datos de Websense vía Internet:
# wget download.websense.com --delete
El cual debería devolver correctamente un 200.
Verificar que SELinux esté deshabilitado.
# sestatus
# cat /etc/selinux/config
Si no está deshabilitado, editar el archivo /etc/selinux/config y cambiar el parámetro de forma tal que quede así.
“SELINUX=disabled”
Luego de editar el archivo, ya que reiniciar el equipo para que lo tome (no hay opción).
# reboot
Luego, copiar el comprimido al directorio de programas (opt) y ejecutar el instalador:
[root@WebsenseCG782 root]# mkdir /opt/wcg_v782/
[root@WebsenseCG782 root]# mv WebsenseCG782Setup_Lnx.tar.gz /opt/wcg_v782/
[root@WebsenseCG782 root]# cd /opt/wcg_v782/
[root@WebsenseCG782 wcg_v782]# ./wcg_install.sh
The osvers is 2.6.32-431
Websense Content Gateway v7.8.2-6768
(c)1996 - 2014
WEBSENSE
SUBSCRIPTION AGREEMENT
....
Do you accept the above agreement [y/n]? y
---------------------------------------------------
Websense Content Gateway Administration Information
---------------------------------------------------
Enter the administrator password for the Websense Content Gateway
management interface.
Username: admin
Password:> 123456
Websense Content Gateway requires an email address for alarm notification.
Enter an email address using @ notation: [] > matiascolli@gmail.com.ar
Websense Content Gateway Integrations Configuration
---------------------------------------------------
Enter the Policy Server IP address (leave blank if integrating with Data Security only): [] >
Websense Content Gateway Port Configuration
-------------------------------------------
Websense Content Gateway uses 8 ports on your server.
Port Assignments:
-----------------
'1' Websense Content Gateway Proxy Port 8080
'2' Web Interface port 8081
'3' Auto config port 8083
'4' Process manager port 8084
'5' Logging server port 8085
'6' Clustering port 8086
'7' Reliable service port 8087
'8' Multicast port 8088
Enter the port assignment you would like to change:
'1-8' - specific port changes
'X' - no change
'H' - help
[X] > X
Websense Content Gateway Clustering Information
-----------------------------------------------
'1' - Select '1' to configure Websense Content Gateway for management
clustering. The nodes in the cluster will share
configuration/management information automatically.
'2' - Select '2' to operate this Websense Content Gateway as a single node.
Enter the cluster type for this Websense Content Gateway installation:
[2] > 2
Websense Content Gateway Cache Disk Configuration
-------------------------------------------------
Websense Content Gateway will operate in proxy-only mode.
No disks are detected for cache.
Websense Content Gateway will operate in PROXY_ONLY mode.
Press ENTER to continue without cache...
-----------------------------------------------------------------------------
Configuration Summary
-----------------------------------------------------------------------------
Websense Content Gateway Install Directory : /opt/WCG
Admin Username for Content Gateway Manager : admin
Alarm Email Address : matiasc@issecurity.com.ar
Websense Content Gateway Cluster Type : NO_CLUSTER
Websense Content Gateway Cache Type : PROXY_ONLY
Do you want to continue installation with this configuration [y/n]? y
Writing values to file...done
Using configuration file: /tmp/WCGinstall.cfg
Extracting files...
Installing Adaptive Redirection Module (ARM)...done
Websense Content Gateway will operate in proxy-only mode.
Setting Websense Content Gateway environment...done
Installing required RPMs...
Installing required RPMs...done
Installing Samba...done
Installing DSS Policy Engine...done
Starting services...
Starting Websense Content Gateway...
Started Websense Content Gateway
Starting Websense Analytics Service...
*COMPLETED* Websense Content Gateway 7.8.2-6768 installation.
A log file of this installation process has been written to
/root/WCG/Current/WCGinstall.log
For full operating information, see the Websense Content Gateway
Help system.
Follow these steps to start the Websense Content Gateway management
interface (Content Gateway Manager):
-------------------------------------------------------------------
1. Start a browser.
2. Enter the IP address of the Websense Content Gateway server,
followed by a colon and the management interface port (8081 for
this installation). For example: https://11.222.33.44:8081.
3. Log on using username admin and the password you chose earlier.
A copy of the CA public key used by the Manager is located in /root/WCG/.
[root@WebsenseCG782 wcg_v782]#
Comprobar el estado del servicio:
[root@WebsenseCG782 ~]# /opt/WCG/WCGAdmin status
Content Cop is running...
Websense Content Gateway is running...
Content Gateway Manager is running...
Analytics Server is running...
[root@WebsenseCG782 ~]#
Nota: El instalador implementará el Content Gateway en el directorio /opt/WCG con el propietario root.
Luego desde un navegador ingresas a https://<direccionIPWCG>:8081
Donde direccionIPWCG es la dirección IP donde se instaló recientemente el WCG y 8081 el puerto que está escuchando el administrador web.
Autor: Matias Colli
