000022419 - Rapid Deployment Procedures for ACE/Apache Web Agent On Linux (including complete Apache Server Installation)

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000022419
Applies ToRSA ACE/Agent for Web (Apache)
The versions of Apache Web Server and associated modules used in this solution are currently unsupported by RSA Security.  They have been smoke tested, and were able to successfully perform authentication.  These versions have not been certified through QA, and do not currently have the promise of Engineering resources to overcome technical issues involving bugs, should such issues arise. -- April 09, 2002
IssueRapid Deployment Procedures for ACE/Apache Web Agent On Linux (including complete Apache Server Installation)
Protect Apache Web Server 1.3.24 with ACE authentication
Resolution1.  Download and Copy the required packages to a common directory

2.  Extract the required packages:

    $ gzip -d -c apache_1.3.24.tar.gz | tar xvf -
    $ gzip -d -c mod_ssl-2.8.x-1.3.24.tar.gz | tar xvf -
    $ gzip -d -c openssl-0.9.6c.tar.gz | tar xvf -

3.  Install Open SSL:

 $ ./config
 $ make
 $ make test
 $ make install

4.  Install Mod_ssl:

$ cd mod_ssl-2.8.x-1.3.24
       $ ./configure \
             --with-apache=../apache_1.3.24 \
             --with-ssl=../openssl-0.9.6c \
             --prefix=/usr/local/apache
         $ cd ..
         $ cd apache_1.3.24

5.  Install the Apache 1.3 HTTP server with APACI:

    $ ./configure --prefix=/usr/local/apache \
        --add-module= /apache_1.3.24/src/modules/standard/mod_so
     $ make
     $ make certificate
     $ make install

6.  Install the ACE/Agent 5.0 for Apache Web

Add a VAR_ACE environment variable to your Web server configuration file (usr/local/apache/conf/httpd.conf) so it is set whenever the Web server runs.  This environment variable identifies the location of the sdconf.rec file (e.g. setenv VAR_ACE /var/ace).

Copy the sdconf.rec file to the defined  $VAR_ACE directory

cd to the Agent directory
$ ./install
Accept the defaults

$ ./usr/local/apache/bin/apachectl startssl

Enter the following URL into a Web browser:  http://SERVERNAME/
You should now be prompted for authentication

Troubleshooting:

If you are NOT challenged, try the following:
$ cd /usr/local/apache/rsawebagent/
$ ./acetest
This will bring up an authentication test client.  If this fails to authenticate, troubleshoot for generic authentication issues.  Run an ACE/Log Monitor on the ACE/Server and authenticate again.

If the first authentication was successful but subsequent authentications fail:
Change the group relationship of /var/ace to other with:
chgrp other /var/ace
In database administration on the ACE/Server under Agent Host, Edit Agent host, uncheck the Node Secret Sent checkbox.  Then authenticate successfully two more times.

.$ ./acestatus
This will display configuration information contained in the sdconf.rec file.  Make sure that the information is correct and the hostnames and addresses are resolvable as displayed.

If all authentications fail, try running:

./config
Add the Web Server as a specific identity, then try disabling protection for all but one resource.  Then reboot the Web Server's Operating System.

Test access to an unprotected URL
Test access to a protected URL

Check the HTTPD.conf file - the end should read as follows:
================================================
setenv VAR_ACE /var/ace

|###### BEGIN_RSA_BLOCK
|###### WARNING: DO NOT EDIT THIS BLOCK. ANYTHING ADDED WILL BE REMOVED BY
|######          THE NEXT INSTALLATION OF RSA WEB AGENT
include /usr/local/apache/rsawebagent/rsawebagent.conf
|###### END_RSA_BLOCK
================================================

$ cd /usr/local/apache/rsawebagent

$ ./acestatus
Displays sdconf.rec Server information, verify the correctness and resolvability of the values

$ ./acetest
Provides test authentication functionality

$ ./config
Run this and add the Web Server as a specific server

$ ./protectURL
Try disabling authentication for all resources but a single page.  Then test access unauthenticated, if successful test authenticated.

Try rebooting the Web Server if you still have an issue.
Legacy Article IDa10056

Attachments

    Outcomes