Juniper SECURITY THREAT RESPONSE MANAGER - SOFTWARE INSTALLATION REV 1, STRM Installation Manual

Security Threat Response Manager

STRM Software Installation Guide

Release 2008.2

Juniper Networks, Inc.

1194 North Mathilda Avenue
Sunnyvale, CA 94089
USA
408-745-2000

www.juniper.net

Part Number: 530-025619-01, Revision 1

Copyright Notice

Copyright © 2008 Juniper Networks, Inc. All rights reserved. Juniper Networks and the Juniper Networks logo are registered trademarks of Juniper
Networks Inc. in the United States and other countries. All other trademarks, service marks, registered trademarks, or registered service marks in this
document are the property of Juniper Networks or their respective owners. All specifications are subject to change without notice. Juniper Networks
assumes no responsibility for any inaccuracies in this document or for any obligation to update information in this document. Juniper Networks reserves
the right to change, modify, transfer, or otherwise revise this publicati on without notice.

FCC Statement

The following information is for FCC compliance of Class A devices: This equipment has been tested and found to comply with the limits for a Class A
digital device, pursuant to part 15 of the FCC rules. These limits are designed to provide reasonable protection against harmful interference when the
equipment is operated in a commercial environment. The equipment generates, uses, and can radiate radio-frequency energy and, if not installed and
used in accordance with the instruction manual, may cause harmful interference to radio communications. Operation of this equipment in a residential
area is likely to cause harmful interference, in which case users will be required to correct the interference at their own expense. The following
information is for FCC compliance of Class B devices: The equipment described in this manual generates and may radiate radio-frequency energy. If it
is not installed in accordance with NetScreen’s installation instructions, i t may cause interference wi th radio and tele vision reception. This equip ment has
been tested and found to comply with the limits for a Class B digital device in accordance with the specifications in part 15 of the FCC rules. Thes e
specifications are designed to provide reasonable protection against such interference in a residential installation. However, there is no guarantee that
interference will not occur in a particular installation. If this equipmen t does cause harmful interference to radio or television reception, which can be
determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one or more of the following measures:
Reorient or relocate the receiving antenna. Increase the separation between the equipme nt and receive r. Consult t he dealer o r an experienced ra dio/TV
technician for help. Connect the equipment to an outlet on a circuit different from that to which the receiver is connected.

Caution: Changes or modifications to this product could void the user's warrant y and authority to operate this device.

Disclaimer

THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET
THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE
SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR JUNIPER NETWORKS REPRESENTATIVE FOR A COPY.

STRM Installation Guide

Release 2008.2
Copyright © 2008, Juniper Networks, Inc.
All rights reserved. Printed in USA.
Revision History
June 2008—Revision 1

The information in this document is current as of the date listed in the revision history.

2 

CONTENTS

ABOUT THIS GUIDE

Conventions 3
Technical Documentation 3
Documentation Feedback 3
Requesting Support 4

1 PREPARING FOR YOUR INSTALLATION

Deploying STRM 6
Additional Hardware Requirements 7
Additional Software Requirements 7
Browser Support 7
Preparing Your Network Hierarchy 7
Identifying Network Settings 8
Identifying Security Monitoring Devices and Flow Data Sources 9
Identifying Network Assets 10

2 INSTALLING STRM

Setting Up Appliances 13
Installing STRM Using Red Hat Enterprise 4.6 18
Installing Japanese Support 23
Accessing STRM 24

A SETTING UP RED HAT ENTERPRISE

Before You Begin 25
Configuring Network Parameters 26
Configuring Firewall Configuration 26
Configuring Disk Partitions 26
Installing Red Hat Enterprise 4

Update 6 27
Customizing Red Hat Upgrades 28

INDEX

ABOUT THIS GUIDE

The STRM Installation Guide provides you with information on setting up STRM.
This guide assumes a working knowledge of networking and Linux systems.

Conventions Table 1 lists conventions that are used throughout this guide.

Table 1 Icons

Icon Type Description

Information note Information that describes important features or

instructions.

Caution Information that alerts you to potential loss of

data or potential damage to an application,
system, device, or network.

Warning Information that alerts you to potential personal

injury.

Technical
Documentation

Documentation
Feedback

You can access technical documentation, technical notes, and release notes
directly from the Juniper networks Support Web site at

www.juniper.net/support/.

http://

We encourage you to provide feedback, comments, and suggestions so that we
can improve the documentation. Send your comments to

techpubs-comments@juniper.net, or fill out the documentation feedback form at
http://www.juniper.net/techpubs/docbug/docbugreport.html. If you are using e-mail, be

sure to include the following information with your comments:

• Document name

• Document part number

• Page number

• Software release version

STRM Installation Guide

4 ABOUT THIS GUIDE

Requesting
Support

• Open a support case using the Case Management link at

http://www.juniper.net/support/ or call 1-888-314-JTAC (from the United States,

Canada, or Mexico) or 1-408-745-9500 (from elsewher e).

STRM Installation Guide

1

PREPARING FOR YOUR
I

NSTALLATION

This chapter provides information for when planning your STRM deployment
including:

• Deploying STRM

• Additional Hardware Requirements

• Additional Software Requirements

• Browser Support

• Preparing Your Network Hierarchy

• Identifying Network Settings

• Identifying Security Monitoring Devices and Flow Data Sources

• Identifying Network Assets

Your STRM deployment may consist of STRM installed on one or multiple
systems. You can use the STRM three-tier architecture to install any or all
components on a single server for small enterprises or distributed across multiple
servers for maximum performance and scalability in large enterprise
environments.

To ensure a successful STRM deployment, adhere to the recommendations in this
document.

STRM Installation Guide

6 PREPARING FOR YOUR INSTALLATION

Deploying STRM Y ou can deploy STRM using STRM appliances or STRM software installed on your

own hardware. This section provides information on deploying STRM including:

• STRM Components

A STRM appliance includes STRM software and a CentOS-4 operating system.
For further information on STRM appliances, see the Hardware Installation Guide.

STRM Components STRM components that may exist in your deployment include:

Note: For more information on each STRM component, see the STRM
Administration Guide.

• Flow Collector - Passively collects traffic flows from your network through span

ports or network taps. The Flow Collector also supports the collection of
external flow-based data sources, such as NetFlow. You can install a Flow
Collector on your own hardware or use one of the QFlow appliances.

• Flow Processor - Normalizes flows sent from one or more Flow Collector(s) by

consolidating, aggregating, and removing duplicate flows. The Flow Collector
can also create superflows (aggregate flows) before the flows reach the
Classification Engine.

• Classification Engine - Analyzes flows to classify and identify all traffic in the

enterprise network into multiple objects.

• Console - Provides the interface for STRM. The Console provides real time

views, reports, alerts, and in-depth flow views of network traffic and security
threats. This Console is also used to manage distributed STRM deployments.

The Console is accessed from a standard web browser. When you access the
system, a prompt appears for a user name and password, which must be
configured during the installation process. You must also have Java installed.
For information on software requirements, see Additional Software

Requirements.

• Update Daemon - St ores the database and TopN data. Typically, the Update

Daemon is installed on the Console.

• Flow Writer - Stores the flow and asset profile data.

• Offense Resolution - Offense Resolution is a module that provides

enterprise-wide intrusion prevention for your network and includes Resolvers,
Resolutions and Resolver Agents.

• Event Collector - The Event Collector gathers events from local and remote

device sources. The Event Collector normalizes events and sends the
information to the Event Processor. Before being sent to the Event Processor,
the Event Collector bundles identical events to conserve system usage. During
this process, Magistrate risk factors map the events to the STRM Identification
System, and creates the bundles.

• Event Processor - Processes events collected from one or more Event

Collector(s). Once received, the Event Processor correlates the information

STRM Installation Guide

Additional Hardware Requirements 7

from STRM and distributes to the appropriate area, depending on the type of
event. The Event Processor also includes information gathered by STRM to
indicate any behavioral changes or policy violations for the event. Rules are
applied to the events that allow the Event Processor to process according to the
configured rules. Once complete, the Event Processor sends the events to the
Magistrate.

• Magistrate - Provides the core processing components. You can add one

Magistrate component for each deployment. The Magistrate provides views,
reports, alerts, and analysis of network traffic and security events. The
Magistrate processes the event against the defined custom rules to create an
offense. If no custom rules exist, the Magistrate uses the default rules to
process the event. An offense is an event that has been processed through
STRM using multiple inputs, individual events, and events combined with
analyzed behavior and vulnerabilities. Magistrate prioritizes the offenses and
assigns a magnitude value based on several factors, including number of
events, severity, relevance, and credibility.

Additional
Hardware
Requirements

Additional Software
Requirements

Before installing your STRM systems, make sure you have access to the additional
hardware components:

• Monitor and keyboard or a serial console

• To make sure that your STRM data is preserved during a power failure, we

highly recommend that all STRM appliances or systems running STRM
software storing data (such as, Consoles, Event Processors, or Flow
Processors) be equipped with a Uninterrupted Power Supply (UPS).

Before installing STRM, make sure you have Java Runtime Environment installed
on your system. You can download Java version 1.5.0_12 at the following web
site: http://java.com/.

Browser Support You must have a browser installed on your client system to access the STRM

interface. STRM supports the following web browsers:

- Microsoft Internet Explorer 6.0/7.0

- Firefox 2.0

Preparing Your
Network Hierarchy

STRM uses the network hierarchy to understand your network traffic and provide
you with the ability to view network activity for your entire deployment. STRM
supports any network hierarchy that can be defined by a range of IP addresses.
You can create your network based on many different variables, including
geographical or business units. For example, your network hierarchy may include
corporate IP address ranges (internal or external), physical departments or areas,
mails servers, and web servers.

STRM Installation Guide

8 PREPARING FOR YOUR INSTALLATION

Once you define the components you wish to add to your network hierarchy and
install STRM, you can then configure the network hierarchy using the STR M
interface. For each component you wish to add to your network hierarchy, use the
following table to indicate each component in your network map.

At a minimum, we recommend that you define objects in the network hierarchy for:

• Internal/external Demilitarized zone (DMZ)

• VPN

• All internal IP address space (for example, 0.0.0.0/8)

• Proxy servers

• Network Address Translation (NAT) IP address range

• Server Network subnets

• Voice over IP (Vo IP) su bnets

Table 1-1 Network Hierarchy

Description Name IP/CIDR Value Weight

Identifying Network
Settings

For more information, see the STRM Administration Guide - Setting Up STRM,
Creating Your Network Hierarchy.

Before you install STRM, you must have the following information for each system
you wish to install:

• Hostname

• IP address

• Network Mask address

• Subnet Mask

• Default Gateway

• Primary DNS Server

• Secondary DNS Server (Optional)

• Public IP address for networks using Network Address Translation (NAT)

• E-mail Server

• NTP Server (Console only) or Time server

STRM Installation Guide

Identifying Security Monitoring Devices and Flow Data Sources 9

Identifying Security
Monitoring Devices
and Flow Data
Sources

Table 1-2 Devices

Product
Device
Type

QTY

Name/

Version

STRM can collect and correlate events received from external sources such as
security equipment (for example, firewalls, VPNs, or IDSs) and host or application
security logs, such as, window logs. Device Support Modules (DSMs) and Flow
Collectors allows you to integr a te STRM with this external data.

STRM automatically discovers sensor devices that are sending syslog messages
to an Event Collector. Any sensor devices that are automatically discovered by
STRM appear in the Sensor Devices window within the STRM Administration
Console. Once auto discovery is complete, you should disable the Auto Detection
Enabled option in the Event Collector configuration. For more information, see
Chapter 4 Using the Deployment Editor of the STRM Administration Guide.

Non-syslog based information sources must be added to your deployment
manually. For more information, see the Managing Sensor De vices Guide. For
each device you wish to add to your deployment, record the device in Table 1-2.

Link
Speed
& Type

Msg
Level

Avg Log
Rate
(Event/Sec)

No. of
Users

Network
Location

Geographic
Location

Credibility
(0 to 10)

Where:

• Link Speed & Type indicates the maximum network link (in Kbps) for firewall,

router, and VPN devices. Record the primary application of the host system, for
example, e-mail, anit-virus, domain controller, or a workstation.

• Msg Level indicates the message level you wish to log. For example, critical,

informational, debug.

• No. of Users indicates the maximum number of hosts/users using or being

served by tis device.

• Network Location indicates whether this device is located on the Internet

DMZ, Intranet, or Extranet DMZ.

• Geographic Location indicates if the devices is located on the same LAN as

STRM or sending logs over the WAN identified in the Link Speed & Type
column.

• Credibility indicates the integrity of an event or offense as determined by the

credibility rating from source devices. Credibility increases as the multiple
sources report the same event.

STRM Installation Guide

10 PREPARING FOR YOUR INSTALLATION

Identifying Network
Assets

STRM can learn about your network and server infrastructure based on flow data.
The Server Discovery function uses STRM’s Asset Profile database to discover
many types of servers.

Defining certain additional server and IP address types also improves tuning
results. Table 1-3 provides a list of possible servers. When identified, see the
STRM Users Guide for information on defining severs within STRM. If your
network includes a large number of servers, you can use CIDR or IP subnet
addresses within the server networks category.

Table 1-3 Asset Identification

Server IP Address(es) QTY Name

NAT Address Range
Vulnerability Scanners
Network Management

Servers
Proxy Servers
Virus Definition and

Other Update Servers
Windows Server

Networks, such as,
domain controllers or
exchange servers

STRM Installation Guide

Identifying Network Assets 11

STRM Installation Guide

2

INSTALLING STRM

This chapter provides information on installing your STRM system using one of the
following options:

• Setting Up Appliances

• Installing Japanese Support

• Installing STRM Using Red Hat Enterprise 4.6

• Accessing STRM

Setting Up
Appliances

A STRM appliance includes STRM software and a CentOS-4 operating system.
This section provides information on setting up your appliance. For more
information on appliances see the Hardware Installation Guide.

To set-up your appliance:

Step 1 Install all necessary hardware.

For information on rack mounting your STRM appliance, see the Hardware
Installation Guide.

Step 2 Choose one of the following options:

a Connect a laptop to the serial port on the rear of the appliance.

Note: When using a laptop to connect to the system you must use a terminal
program, such as HyperTerminal, to connect to the system. Be sure to set

Connect Using to the appropriate COM port of the serial connector and Bits per
second to 9600. You must also set Stop Bits (1), Data bits (8), and Parity

(None).

b Connect a keyboard and monitor to their respective ports.

For more information on appliance ports, see the Hardware Installation Guide.

Step 3 Power on the system and log in to STRM:

Username: root
Password: password

Note: The username and password are case sensitive.

Step 4 Press Enter.

STRM Installation Guide

14 INSTALLING STRM

Step 5 Read the information in the window. Press the Spacebar to advance each window

The End User License Agreement (EULA) appears.

until you have reached the end of the document. Type yes to accept the
agreement, then press Enter.

The activation key window appears. The activation key is a 24-digit four-part
(separated by hyphens) alphanumeric string that you receive from Juniper
Networks. The letter I and the number 1 (one) are treated the same, as are the
letter O and the number 0 (zero). You can find the key:

• Printed on a sticker and physically placed on your appliance.

• Included with the packing slip; all appliances are listed along with their

associated keys.

Step 6 Enter your activation key.

If you are setting up a STRM appliance, such as a STRM 2100, the Tuning
Template window appears. Go to Step 7.

If you are setting up a QFlow appliance, such as a QFlow 1101, the Time Zone
Continent window appears. Go to Step 11.

Step 7 To select a tuning template:

a Using the up/down arrow keys, select one of the following tuning templates:

- Enterprise - Tunes properties for internal network activity.

- University - Tunes properties for education-specific concerns.

- ISP - Tunes properties for Internet Service Provider (ISP) concerns.

Note: For more information on each template, see the STR M Administration
Guide.

b Using the left/right arrow keys, select Set Template. Press Enter.

The Set the Date and Time window appears.

STRM Installation Guide

Setting Up Appliances 15

Step 8

Using the up/down arrow keys, highlight the method you wish to use to set the date
and time, then use the spacebar to select that option:

• Manual - Allows you to manually input the time and date. Use the Tab key to

select the Next option. Press Enter. The Current Date and Time window
appears. Go to Step 9.

• Server - Allows you to specify your time server. Use the Tab key to select the

Next option. Press Enter. The Enter Time Server window appears. Go to Step

10.

Step 9 To manually enter the time and date:

a Enter the current date and time.
b Using the left/right arrow keys, select Next. Press Enter.
c Go to Step 11.

Step 10 To specify a time server:

a In the text field, enter the time server name or IP address.
b Using the left/right arrow keys, select Next. Press Enter.

The Time Zone Continent window appears.

Step 11 To select the time zone continent:

a Using the up/down arrow keys, or the page up/page down keys, select your

time zone continent or area.

b Using the left/right arrow keys, select Next, then press Enter.

STRM Installation Guide

16 INSTALLING STRM

The Time Zone Region window appears.

Note: The options that appear in this window are regions that are associated with
the continent or area previously selected.

c Using the up/down arrow keys, or the page up/page down keys, select your

time zone region.

d Using the left/right arrow keys, select Next. Press Enter.

The Configure STRM window appears.

Step 12 To configure the STRM network settings:

a You must change the displayed default values. Using the up/down arrow keys

to navigate the fields, enter values for the following parameters:

- Hostname - Specify a fully qualified domain name as the system hostname.

- IP Address - Specify the IP address of the system.

- Network Mask - Specify the network mask address for the system.

- Gateway - Specify the default gateway of the system.

- Primary DNS - Specify the primary DNS server.

- Secondary DNS - Optional. Specify the secondary DNS server.

- Public IP - Optional. Specify the Public IP address of the server. This is a
secondary IP address that is used to access the server, usually from a
different network or the Internet, and is managed by your network
administrator. The Public IP address is often configured using Network
Address Translation (NAT) services on your network or firewall settings on

STRM Installation Guide

your network. NAT translates an IP address in one network to a different IP
address in another network.

- Email Server - Specify the email server. If you do not have an email server,
specify localhost in this field.

b Use the TAB key to move to the Next option. Press Enter.

The New Root Password window appears.

Step 13 To configure the STRM root password:

a Enter your password.
b Use the TAB key to move to the Next option. Press Enter.

Setting Up Appliances 17

The Confirm New Root Password window appears.

c Re-enter your new password to confirm.
d Use the TAB key to move to the Finish option. Press Enter.

A series of messages appear as STRM continues with the installation. This
process typically takes several minutes. The Configuration is Complete window
appears.

Step 14 Press Enter to select OK.

You are now ready to access STRM. For more information, see Accessing STRM.

STRM Installation Guide

18 INSTALLING STRM

Installing STRM
Using Red Hat
Enterprise 4.6

To install STRM when using Red Hat Enterprise 4 Update 6 on your own hardware:

Note: For information on setting up Red Hat Enterprise for use with STRM, see

Appendix A Setting Up Red Hat Enterprise.

Step 1 Install all necessary hardware.
Step 2 Install Red Hat Enterprise. See Setting Up Red Hat Enterprise.
Step 3 Obtain the STRM software and copy to a CD.

Note: To download the software from the Juniper Networks web site, go to
http://support.juniper.net/. Click the Management Software link and log in. Go to
the Security Threat Response Manager Link to download the software.

Step 4 Place the STRM CD in the CD drive.
Step 5 Login as root.
Step 6 Mount the CD drive and change the CD content location:

mount /media/cdrom
cd /media/cdrom

Step 7 Begin the installation:

./setup

The End User License Agreement (EULA) appears.

Step 8 Read the information in the window. Press the Spacebar to advance each window

until you have reached the end of the document. Type yes to accept the
agreement, then press Enter.

The activation key window appears. The activation key is a 24-digit four-part
(separated by hyphens) alphanumeric string that you receive from Juniper
Networks. The letter I and the number 1 (one) are treated the same, as are the
letter O and the number 0 (zero). You can find the activation key included with the
packing slip.

STRM Installation Guide

Step 9 Enter your activation key.

A series of messages appear as STRM continues with the installation. This
process typically takes several minutes. The System Console window appears.

Installing STRM Using Red Hat Enterprise 4.6 19

Step 10 Using the up/down arrow keys, highlight one of the following options and use the

spacebar to select that option:

• Yes - Select this option only if this system is a Console. If you select this option,

the Tuning Template window appears. Go to Step 11.

• No - Select this option only if this system is not a Console. If you select this

option the Time Zone Continent window appears. Go to Step 16.

Note: To select the desired option, make sure you highlight the option and press
the spacebar to place an X in the parentheses.

Step 11 To select a tuning template:

a Using the up/down arrow keys, select one of the following:

- Enterprise - Tunes properties for internal network activity.

- ISP - Tunes properties for Internet Service Provider (ISP) concerns.

- University - Tunes properties for education specific concerns.

Note: For more information on each template, see the STRM Administration
Guide.

STRM Installation Guide

20 INSTALLING STRM

Step 12 Using the up/down arrow keys, highlight the method you wish to use to set the time

b

Using the left/right arrow keys, select Set Template. Press Enter.

The Set Time and Date window appears.

and date, then use the spacebar to select that option:

• Manual - Allows you to manually input the time and date. Use the Tab key to

select the Next option. Press Enter. The Current Date and Time window
appears. Go to Step 14.

• Server - Allows you to specify your time server. Use the Tab key to select the

Next option. Press Enter. The Enter Time Server window appears. Go to Step

15.

Step 13 To manually enter the time and date:

a Enter the current date and time.
b Using the left/right arrow keys, select Next. Press Enter.
c Go to Step 16.

Step 14 To specify a time server:

a In the text field, enter the time server name or IP address.
b Using the left/right arrow keys, select Next. Press Enter.

The Time Zone Continent window appears.

STRM Installation Guide

Installing STRM Using Red Hat Enterprise 4.6 21

Step 15

To select the time zone continent:

a Using the up/down arrow keys, or the page up/page down keys, select your

time zone continent or area.

b Using the left/right arrow keys, select Next, then press Enter.

The Time Zone Region window appears.

Note: The options that appear in this window are relevant to the continent or area
previously selected.

c Using the up/down arrow keys, or the page up/page down keys, select your

time zone region.

d Using the left/right arrow keys, select Next. Press Enter.

The Configure STRM window appears.

Step 16 To configure the STRM network settings:

a You must change the displayed default values. Using the up/down arrow keys

to navigate the fields, enter values for the following parameters:

- Hostname - Specify a fully qualified domain name as the system hostname.

- IP Address - Specify the IP address of the system.

- Network Mask - Specify the network mask address for the system.

- Gateway - Specify the default gateway of the system.

STRM Installation Guide

22 INSTALLING STRM

- Primary DNS - Specify the primary DNS server.

- Secondary DNS - Optional. Specify the secondary DNS server.

- Public IP - Optional. Specify the Public IP address of the server. This is a
secondary IP address that is used to access the server, usually from a
different network or the Internet, and is managed by your network
administrator. The Public IP address is often configured using Network
Address Translation (NAT) services on your network or firewall settings on
your network. NA T translates an IP address in one network to a different IP
address in another network.

- Email Server - Specify the email server. If you do not have an email server,
specify localhost in this field.

b Use the TAB key to move to the Next option. Press Enter.

The New Root Password window appears.

Step 17 To configure your STRM root password:

a Enter your password.
b Use the TAB key to move to the Next option. Press Enter.

The Confirm New Root Password window appears.

c Re-enter your new password to confirm.
d Use the TAB key to move to the Finish option. Press Enter.

A series of messages appear as STRM continues with the installation. This
process typically takes several minutes. The Configuration is Complete window
appears.

Step 18 Press Enter.

The shell prompt appears.

STRM Installation Guide

Step 19 Unmount the CD:

cd /opt/strm/conf
umount /media/cdrom
eject

You are now ready to access STRM. For more information, see Accessing STRM.

Installing Japanese Support 23

Installing Japa nese
Support

Installing Plug-In on

an Appliance

Step 1 Set-up STRM.
Step 2 Go to the Juniper Networks web site to download the plug-in:

Step 3 Click the Management Software link and log in. Go to the Security Threat

You can install a seperate plug-in to provide Japanese character support in the
STRM Reports interface. Once you install the plug-in located on the Juniper
Networks web site, your Report templates will be replaced to ensure that the
appropriate font and characters appear in the Reports interface.

Note: To display reports in PDF format, Adobe Acrobat may require the installation
of a Japanese plug-in to view your reports. For more information, see your Adobe
documentation.

This section provides information on installing the plug-in for your STRM system
including:

• Installing Plug-In on an Appliance

• Installing Plug-In on a System Running Red Hat Enterprise

To install the Japanese plug-in on a STRM appliance :

http://support.juniper.net/

Response Manager Link to download the plug-in.

Step 4 Install the plug-in:

rpm -Uvh <path to RPM>/japanese-support-6.1.2-<build>_ctrh.i386.rpm

Installing Plug-In on a

To install the Japanese plug-in on a STRM system running Red Hat Enterprise:

System Running Red

Hat Enterprise

Step 1 Install STRM.
Step 2 Insert your STRM CD.
Step 3 Mount the CD:

mount /media/cdrom

Step 4 Install the plug-in:

rpm -Uvh /media/cdrom/strm/japanese-support-6.1.2-<build>_ctrh.i386.rpm

STRM Installation Guide

24 INSTALLING STRM

Accessing STRM To access the STRM interface:

Step 1 Open your web browser.
Step 2 Log in to STRM:

https://<IP Address>

Where <IP Address> is the IP address of the STRM system. The default values
are:

Username: admin
Password: <root password>
Where <root password> is the password assigned to STRM during the

installation process.

Step 3 Click Login To STRM.

For your STRM Console, a default key provides you access to STRM for five
weeks. For more information on the license key, see the STRM Administration
Guide.

STRM Installation Guide

SETTING UP RED HAT ENTERPRISE

A

STRM supports the 32-bit version of Red Hat Enterprise 4 Update 6. This
appendix provides information on setting up Red Hat Enterprise including:

• Before You Begin

• Configuring Network Parameters

• Configuring Firewall Configuration

• Configuring Disk Partitions

Note: For further information on hardware requirements for your STRM
installation, see the Hardware Installation Guide. We recommend that your system
hardware used for a Red Hat Enterprise 4 Update 6 installation correspond to the
requirements outlined in the Hardware Installation Guide for appliances.

Before You Begin Before you install Red Hat Enterprise 4 Update 6, note the following:

• You must use the 32-bit version of Red Hat Enterprise 4 Update 6. Using

another version causes the installation process to fail.

• When installing Red Hat Enterprise, you must use the Minimal install option

and set the SELinux option to Disabled.

Note: To access the Minimal install option, select the Customize Software
Packages to be Installed option and scroll to the bottom of the menu.

• STRM does not support KickStart disks, using these disks may cause the

application to install improperly.

• If you wish to use NTP as your time server, make sure you install the NTP

package. For more information, see your Red Hat documentation.

• For non-Console systems, make sure all systems include a minimum of 36 GB

drives.

• For Console systems, make sure the primary drive includes a minimum of 36

GB drive with RAID for storage.

For more information on Red Hat Enterprise installation, see your Red Hat
documentation.

STRM Installation Guide

26 SETTING UP RED HAT ENTERPRISE

CAUTION: If the hardware on which you wish to install STRM includes Red Hat
Enterprise 4 Update 6, you must re-install Red Hat Enterprise from the CD using
the minimal package option. The default Red Hat Enterprise 4 Update 6 installation
does not have the appropriate options selected.

Configuring
Network
Parameters

Configuring
Firewall
Configuration

Configuring Disk
Partitions

The access (management) interface must be eth0. You must configure this
interface with the access information for the network. You must use a static IP
address for your STRM systems.

The firewall configuration must allow WWW (http, https) and SSH traffic. Prior to
configuring the firewall, disable the SELinux option.

During the STRM installation, a default firewall template is installed, which you can
update using the web-based system administration interface.

During the installation process, you must configure several disk partitions, typically
Disk 1.

You must configure your deployment partitions before installing the STRM
application. For all deployments, configure the following partitions:

Note: Make sure all EXT3 file systems are mounted as noatime.

• /boot - System boot files should typically be 100 MB. Select a file system type

of EXT3 and the forced to be primary option.

• swap - Must be 4 GB. Choose swap as your file system type and leave the

mount point empty. Also, select the forced to be primary option.

• / - Enter “/” as the partition to indicate root. This is the install area for STRM, the

operating system, and associated files. In a typical system this should be 5 GB
to 20 GB. However, if you have a single disk in the system, you may choose the
option to expand the disk to maximum allowable size. Select the file system
type as EXT3.

We recommend that you configure the following partitions:

• /store/tmp - This partition, which stores STRM temporary files, should be 5 GB

to 20 GB, depending on the size of your primary disk. Select the file system
type as EXT3.

• /var/log - This partition, which stores STRM and system log files, should be 5

GB to 20 GB, depending on the size of your primary disk. Select the file system
type as EXT3.

Note: For assistance creating disk partitions, contact your system administrator. If
an error appears during the creation of software RAID partitions, contact Juniper
Networks Customer Support.

For multi-disk deployments only, configure the following partitions for the Console:

STRM Installation Guide

Installing Red Hat Enterprise 4 Update 6 27

• /store as RAID5 - Stores STRM data. Choose EXT3 as the file system type.

• FLOWLOGS and DB are located in the Store partition. In a system with five

drives, a suggested configuration includes:

- disk 1 - boot, swap, OS, STRM temporary files, and log files

- remaining disks - RAID 5, mounted as /store

Note: Other STRM components do not require the storage partitions mentioned
above.

Note: Make sure that your system includes at least Red Hat 4 Update 6. You must
run Up2Date if your system is running a version earlier than Red Hat 4 Update 6 to
ensure that you have the latest Red Hat Enterprise version. Also, make sure you
configure your Up2Date to exclude the boost library and the kernel from the update
process (see Customizing Red Hat Upgrades). For information on configuring
Up2Date, see your Red Hat Enterprise documentation or for on-line help, enter
up2date --help.

If you attempting to install Red Hat 4 Update 6 on an appliance with a disk larger
than 2 TB, see Installing Red Hat Enterprise 4 Update 6.

You are now ready to install STRM.

Installing Red Hat
Enterprise 4
Update 6

Step 1 Install Red Hat Enterprise 4 Update 6.
Step 2 When the Red Hat Installation is complete, press Control-Alt-F2.

Step 3 Enter the following command:

Step 4 Write down the values from the following line:

Step 5 Enter the following command:

Red Hat Enterprise 4 Update 6 is not compatible with a disk larger than 2 TB. If
you attempt to install Red Hat Enterprise 4 Update 6 on a system with a disk larger
than 2 TB, Red Hat will not boot.

On some hardware systems, such as a Dell 2950, RAID 10 may cause the system
to detect only one disk greater than 2 TB. If the boot drive (array) is over 2 TB, at
the end of the installation process, when grub is installed, an error message
appears and no boot loader is installed. You can install Red Hat 4 Update 6 on a
disk larger than 2 TB by modifying grub before the system is rebooted.

To install Red Hat 4 Update 6 on a disk larger than 2 TB:

Note: Do not click the Reboot button.

fdisk -l /dev/sda

Values for the disk appear.

<x-value> heads, <y-value> sectors/track, <z-value> cylinders

grub

STRM Installation Guide

28 SETTING UP RED HAT ENTERPRISE

The grub command line prompt appears.

Step 6 Enter the following command using the values recorded in Step 4:

geometry (hd0) <x-value> heads, <y-value> sectors/track,
<z-value> cylinders

Step 7 Enter the following command:

root (hd0,0)

Step 8 Enter the following command:

setup (hd0)

Step 9 Enter the following command:

quit

Step 10 Press Alt-F7.

The Installation is complete screen appears.

Step 11 From the Installation is complete screen, click Reboot.

The installation completes.

Customizing Red
Hat Upgrades

Step 1 Enter the following command:

Step 2 Enter the pkgSkipList number, for example:

Step 3 Enter the following command:

Step 4 Enter the following command:

STRM installs both a customized version of boost and modules to support the
Endace cards that are tied to a particular version of the kernel. If you upgrade Red
Hat Enterprise, the wrong versions of boost and the kernel will be installed. To
ensure that boost and the kernel function properly you must exclude them from
upgrades and installations by configuring Up2Date.

To exclude ke rnel and boost from upgrades and installations:

up2date --configure

A list of items that you can edit appears.

20

A prompt appears to enter values for the pkgSkipList.

kernel*;boost*

up2date -u

STRM Installation Guide

INDEX

A

appliances

setting-up

13

B

browser support 7

C

Classification Engine

definition
configuring disk partitions
configuring firewall configuration
configuring network parameters
Console

definition 6
conventions
customizing Up2Date

6

26

3

28

D

disk partitions

configuring

26

E

Event Collector

definition
Event Processor

definition 6

6

26

26

Japanese support 23

M

Magistrate

definition

7

N

network assets

identifying

network hierarchy

preparing 7

network settings

identifying

10

8

O

Offense Resolution

definition

6

P

preparing 5

Q

QFlow Collector

definition

QRadar

using Red Hat Enterprise 4 update 6

6

18

F

firewall 26
flow data sources

identifying 9
Flow Processor

definition
Flow Writer

definition

6
6

I

installing

Japanese support

preparing

Red Hat Enterprise 4 update 6

5

23

27

J

R

Red Hat Enterprise 4 update 6

setting up
upgrading

requirements

hardware 7

S

Secure Shell 26
security monitoring devices

identifying 9

software

requirements

U

Up2Date

QRadar Installation Guide

25
28

7

customizing 28

Update Daemon

definition

6