Websense Content Gateway kurulum öncesi hazırlık

The following commands were tested and confirmed on Red Hat Enterprise Linux 6.3.

  1. Confirm your Red Hat server meets minimum hardware requirements. For system hardware requirements, see the Websense Deployment and Installation Center.
  2. Log in or acquire root privileges. Perform all configuration and installation steps as root. If logged on, acquire root permissions.
    • # su root
  3. Confirm your Red Hat server meets software requirements. For system software requirements, see the Websense Deployment and Installation Center.  Verify the kernel version supports WCG. Using either of the following commands will help you determine your Linux kernel version. Do not modify the redhat-release file.
    • # uname -r
      # cat /etc/redhat-release
  4. Verify the server hostname. The hostname must be 15 characters or less and not written as a FQDN.
    • # hostname
      # cat /etc/sysconfig/network
      -Confirm the gateway IP address is correct.
      -A change requires a server reboot.
  5. Verify an IP address is associated with the FQDN and hostname. This entry must be the first line in the file.
    • # hostname -f
      # hostname -i
      # cat /etc/hosts
      For example:  <xxx.xxx.xxx.xxx> <FQDN> <hostname>
      <xxx.xxx.xxx.xxx> IP address
      <FQDN> is the fully-qualified domain name of the machine
      <hostname> the same name specified in step 2 above
      -Do not reverse the order of the FQDN and hostname.
      -A change requires a server reboot.
  6. Verify DNS and search parameter in the /etc/resolv.conf file.
    • # cat /etc/resolv.conf
      -Example:
      search   <subdomain1>.<top-level domain>   <subdomain2>.<toplevel domain>
      nameserver xxx.xxx.xxx.xxx
      nameserver xxx.xxx.xxx.xxx
      -This example demonstrates more than one domain can be listed on the search line.
      -Primary and secondary nameserver are specified.
  7. Verify the IP address, DNS, mask, and gateway entries in the network configuration file(s).
    • # ifconfig
      # cat /etc/sysconfig/network-scripts/ifcfg-eth0
      # cat /etc/sysconfig/network-scripts/ifcfg-eth1
      -The IP address should be static, interface start on boot (ONBOOT=yes), and correct mask, IP address, gateway, and nameservers.
      -A change requires restarting the network service: # service network restart
      -To check the network service: # service network status
  8. Verify routing table defines the gateway.
    • # route -n
  9. Verify successful resolutions.
    • # ping <hostname>
      # ping <FQDN>
      # ping <IP address>
      # ping localhost
      # uname -n
      # hostname -a
      # hostname -s
      # hostname -d
      # hostname -f
      # hostname
      # nslookup
      > www.yahoo.com
      > <IP address returned by the prior command>
      > exit
      -Ensure all test commands resolve successfully.
  10. Confirm connectivity allows contacting the Websense database download servers.
    • # wget download.websense.com –delete
  11. If not employing IPv6, disable it. (The latest WCG versions support IPv6. For specific ipv6 support details, see the v7.7.0 Release Notes.) If IPv6 is active, the following commands display “IPv6” data.
    • # ifconfig | grep -i inet6
      # cat /proc/net/if_inet6
      # ping6 -c2 ::1
      -To disable IPv6 on Red Hat 6, add the following lines to the /etc/sysctl.conf file.
      net.ipv6.conf.all.disable_ipv6 = 1
      net.ipv6.conf.default.disable_ipv6 = 1
      -After editing the sysctl.conf file, restart the network service and confirm.
      # service network restart
      # ifconfig | grep -i inet6
      -When disabling IPv6, also disable ip6tables (firewall).
  12. Verify the firewall (iptables and ip6tables) is not running. To determine if the firewall is running.
    • # service iptables status
      # service ip6tables status
      -Stop the firewall:
      # service iptables stop
      # service ip6tables stop
      -After installation, restart the firewall and open the ports used by Websense components installed on the machine. A server reboot also restarts the firewall service.
      # service iptables start
      # service ip6tables start
      -Alternatively, if you want the firewall to remain off (not restart after a server reboot).
      # chkconfig iptables off
      # chkconfig ip6tables off
  13. Check if non-eth# names exist. If present, disable biosdevname.
    • # ifconfig -s
      -If only “eth#” and “lo” names exist, then you are done. If names like “emb#” or “p#p#” appear, then you must disable biosdevname. Click here for details.
  14. Verify the date and time.
    • # date
      -You must synchronize the time on all filtering-software and Content Gateway machines. It is a best practice to use a Network Time Protocol (NTP) server. The following commands will modify the date and time, and save changes.
      # date mmddhhmmyyyy
      # clock -wu
  15. Verify the SELinux state is either permissive or disabled.
    • # sestatus
      # cat /etc/selinux/config
      # setenforce 0
      -The setenforce command only changes the SELinux state to permissive. Upon reboot, SELinux assumes the “SELINUX=” state set in the /etc/selinux/config file.
      -A server reboot is required to change the SELinux state to disabled.
      -Do not install or run the Content Gateway with SELinux enabled (enforcing).
      -To disable SELinux, the file must contain the “SELINUX=disabled” parameter.
  16. If you will be using WCG as a caching proxy, then click here for details on preparing a cache disk.
  17. If you plan to deploy multiple, clustered instances of WCG, then click here for details.
    • Clustering may be enabled after WCG installation.
  18. Reboot the server before installing WCG.
    • # reboot

No Comments

Post a Comment