000034668 - Improve Installation Procedure which Involves Creating a Non-root User with SUdoer Privileges in RSA Web Threat Detection

Document created by RSA Customer Support Employee on Jun 1, 2017
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000034668
Applies ToRSA Product Set: Web Threat Detection
RSA Product/Service Type: Mitigator
RSA Version/Condition: 5.1 - 6.2
 
IssueIn the version 6.1 Web Threat Detection Installation and Upgrade Guide --
See page 9:  
Prepare the Environment for Installation 
Procedure
1. Create a new linux user and add to the new user to the sudoers file.

Also see page 14:
Install the Software
Perform the yum install on all host machines.
Before you begin
Review the list of dependencies in the README file, and ensure you have installed all
necessary files for your environment.
Procedure
1. Switch to the new user that you created in Prepare the Environment for Installation on page 9. 
2. Copy rsa-wtd-enterprise-<version_number>.el6.run to the installation directory.
And then complete all other steps for the installation of single tenant with this user.   

 The Customer, doing first time installation, may have questions regarding these steps. Customers who are upgrading might still have the rsawtd user,
the default user who owns all files, directories and services for WTD, and may have similar questions.
  • Is rsawtd no longer used or  created automatically?  
  • Is the user created in the 6.1 installation steps a replacement for rsawtd, and will now own all the services, directories, and files?
  • What would happen if you skipped this step and performed the installation as root?
  • Does the created user need to remain on the system? Is it to be a functional account?  [Yes!, for both questions]
  • Can the Customer use an existing rsawtd user on the system (for an upgrade) or should they delete and create again? (- a different guid would be created.)
 
Resolution
  • The rsawtd user is created during installation and still is with 6.1  
 
  • So, an upgrading Customer will  already have this user if they simply removed the old WTD directories. Look for this user and if present,
nothing needs to be done.  The existing rsawtd user will be associated with the directories, services and files for WTD by the upgrade installation automatically. 
 

  • The reason this other user is mentioned, it that this is a recommended best practice to install the software with a user other than root.
A Customer may use any existing user in the 'sudoers' list, however, to perform the installation.  If the rsawtd user exists, there is no need to recreate.

Attachments

    Outcomes