Symantec Security Expressions Server manual SSH Agent Authentication

Page 29

Configure Servers

3.Agent - Uses the audit agent to remotely execute scripts and programs. Before auditing, make sure to install the agent on the remote computer or check the

Automatically install Agent if required in order to execute scripts and programs remotely box.

Automatically install Agent if required to execute scripts and programs remotely

Check this box to automatically install the agent on the remote system when the agent is necessary to complete an audit. The agent can only be automatically installed on Windows systems. For UNIX systems, you must install the agent manually. If you select either Agent or Automatic from the Default method for remote execution on Windows drop-down list, consider checking this box.

If required services are not started, start them before auditing and stop them after audit completes

Check this box to start whichever service the selected remote-execution method needs, such as WMI or the Windows Task Scheduler, before auditing and stop the service after the audit completes. Starting and stopping the service if it's not already running ensures that the audit will not fail.

SSH Agent Authentication

When performing Audit-on-Connect audits, the server software can communicate with UNIX computers through the audit agent or through SSH. When performing Audit-on-Connect audits through SSH, you can authenticate users by either setting up password-based authentication on the Scopes page or uploading private keys to the server application. Use the SSH Agent Authentication section of the Agent & Service Configuration page to set up SSH private keys.

The SSH Agent Authentication options apply to Audit-on-Connect audits only. To upload a new SSH key:

1.Click Browse to locate and select the private key file.

2.In the Key Password box, type in the Password box the passcode associated with the private key file.

3.Click Add New. The key and passcode appear in the table.

You can add keys in any order. When Audit-on-Connect attempts to connect to a UNIX computer, it checks all keys in the list to see if any of them work.

To edit an existing SSH Key:

1.Click the Edit hyperlink for the SSH key that appears in the table.

2.Browse for a new key file and type the passcode associated with the key file.

3.Click Update.

To delete an existing SSH Key:

1. Click the Delete hyperlink for the SSH key that appears in the table.

When you delete an SSH key, you remove it from the database. A warning appears to remind you that you are about to remove the key from the database.

2.Click Delete to remove the SSH key.

21

Image 29
Contents SecurityExpressions Server User Guide Page Table Of Contents Page Table Of Contents Page Vii Page Contacting Us Page Contacting Technical Support Technical SupportPage SecurityExpressions Console Other ProductsPage About SecurityExpressions Audit & Compliance Server OverviewPage What is Self-Service Auditing? Self-Service AuditSelf-Service Audit Agreement How to Audit your Local ComputerDisplays on the page. No detailed audit results appear About Server Configuration Configure ServersLocal Server Settings Pages with Role SettingsDatabase Connection SetupViewing Audit Results Windows 2000 Servers Secure ConnectionCreating Credential Stores Click OK on the Default Web Site Properties windowCredential Store User SecurityExpressions Console Credential Stores Enable Web ServicesSoftware Registration Site PreferencesAccess Item Rights Global Machine List Access User RolesCheck the Synchronize with a policy file library box Policy File LibraryLibrary Synchronization How System Scores are Calculated About Policy FilesTarget Options Agent & Service ConfigurationDefault method for remote execution on Windows SSH Agent Authentication Database Cleanup Cancel Update TaskPolicies Add TaskClick Use the Following Agreement Agent DownloadsSite Preferences Allow Remediation Page Audit-On-Connect What is Audit-on-Connect?Policies Policies TablePage Adding Policies Editing Policies Deleting Policies Configuring with Run-Time Policy VariablesPage Add a New Scope ScopesScopes Page Edit a Scope Scopes Table DNS Domain Name Scopes Deleting ScopesExpression Scopes Supported OperatorsDetection Method Scopes Supported FunctionsOrg Unit Scopes Notifications Creating New Email Notifications Creating New Command NotificationsClick Add New Editing NotificationsClick Add New Creating New Command Notifications Notification Variables Deleting NotificationsExceptions ExceptionsExceptions Table Column Description Adding ExceptionsConnection Monitors Specify Password and Encrypted PasswordDeleting Exceptions Connection MonitorsEnabling Connection Monitors Configuring Connection MonitorsRemove IP Range Section Connection Monitor Configuration FileOptions DefaultActive Directory Active Directory Connection Monitor only Processing the Configuration FileConfiguration File Syntax Slow Links NetworkNetwork Admissions Control Trace Route InformationUnmanaged Systems Initial TokenQuarantined/Unknown HealthyReaudit if quarantined Redirection WebAudit on Connect Tracing Audit on Connect TracingRedirection Web Page Behavior Page Page Audit-On-Schedule What is Audit-on-Schedule?Page Adding Policies Editing Policies Deleting Policies Page Notifications Click Add New Click Add New Deleting Notifications My Machine Lists My Machine ListsEditing Machine Lists Adding Machine ListsDeleting Machine Lists Scheduled TasksEditing Global Machine Lists Scheduled TasksAdding Scheduled Tasks Basic SettingsSchedule Settings Hosts Not Connected Settings Credentials Settings Other Options SettingsEditing Scheduled Tasks Windows Group AccessSchedule Settings Notifications Other Options Settings Deleting Scheduled Tasks Page Browse Audit-On-Connect Activity View Audit-On-Connect ActivityAudit-On-Connect Activity Table Column Description Adding a New Audit-On-Connect Report ProfileDeleting Report Profiles Editing Report ProfilesAudit-On-Connect Exceptions Report Audit-On-Connect Error Log ReportPage Adding a New Audit Results Report Profile View Audit ResultsBrowse Audit Results Page Adding Custom Reports to the Server Application Scheduled Audits Log ReportEditing Audit Report Results Profiles Deleting Audit Report Results ProfilesPage Glossary Page Index ConfigureIP address 33, 44, 45 Rule weights