The UNIX parameters file contains installation parameters that you can customize for your requirements. The parameters file contains customizable parameters for specific areas of the CA Control Minder package. For a particular parameter to take effect the corresponding shell variable must be set.
The parameter files conform to shell syntax and must contain key=value pairs. Use the parameter files from the package you want to install.
This file has the following format:
Defines users as security administrators.
Note: Security administrators can assign access rights to authorized users, manage privilege user passwords, and report on user activities.
Values: A space-separated list of user IDs, none
Default: none (Only root is defined as a security administrator)
Specifies whether to install the API package.
Values: yes, no
Default: no
Defines administrators for Advanced Policy Management Server components other than the local host.
Values: A space-separated list of users, none
Default: none
Defines Advanced Policy Management Server components administration computers other than the local host.
Values: A space-separated list of computers, none
Default: none
Defines whether an advanced policy management server is running in the distribution mode.
Values: yes, no
Default: no
Specifies whether to keep time-stamped backups of the audit file.
Notes:
Values: yes, no
Default: no
Specifies the name of the group reading CA Control Minder audit files.
Values: Any existing group name, none.
Default: none (only root can read audit files)
Note: The root user can read the audit files unless you deny access using CA Control Minder access rules.
Specifies whether to install the client package.
Values: yes, no
Default: yes
Defines the name of the Distribution Hosts (DH) on the endpoint Advanced Policy Management Server components host.
Values: A space-separated DH list in the format dh1@host1 dh2@host1, none
Default: none
Defines the message queue host names.
Values: A comma-separated list of valid host names, none
Default: none
Defines the message queue port.
Values: 7243 (for a ssl protocol), 7222 (for a non-ssl protocol)
Default: 7243
Defines the message queue communication protocol.
Values: ssl, tcp
Default: ssl
Defines the names of the endpoint Disaster Recovery Distribution Hosts (DR DH).
Values: A space-separated DR DH list in the format dr_dh1@drhost dr_dh2@drhost, none
Default: none
Specifies whether CA Control Minder sends endpoint audit data to the report server.
Note: If you specify yes, set CA Control Minder to keep audit backups (AUDIT_BK=yes).
Values: yes, no
Default: no
Specifies whether CA Control Minder enables the KBL audit records manager.
Values: yes, no
Default: no
Defines whether to use symmetric encryption, asymmetric encryption (public key), or both.
Values: 1 (Symmetric key), 2 (Public key), 3 (Public key and Symmetric key)
Default: 1
Notes:
Important! The encryption method must be the same on all CA Control Minder hosts. Earlier CA Control Minder releases configured a simple symmetric encryption method by default.
Defines whether a link is created in the /etc directory that points to the CA Control Minder installation directory.
Values: yes, no
Default: yes
Specifies whether CA Control Minder works in the FIPS only mode.
Note: In this mode, all non-FIPS functions are disabled and the encryption method is set to FIPS only.
Values: yes, no
Default: no
Specifies whether the installation warns you about using a nondefault encryption key.
Note: After the upgrade, your encryption key is set to the default.
Values: yes, no
Default: no
Specifies whether to force installation over an existing installation of the same CA Control Minder version. FORCE_INSTALL also specifies if the installation directory is different from the installation directory set in the new CA Control Minder package.
Values: yes, no
Default: no
Specifies whether the installation warns you when the old kernel module cannot be unloaded.
Note: If you specify no, reboot the system after the upgrade is complete.
Values: yes, no
Default: no
Specifies whether to install the baseline security pack.
Notes:
Values: yes, no
Default: no
Specifies whether you want to configure endpoint JCS Management.
Note: To configure the AccountManager, set the Distribution Server parameters.
Values: yes, no
Default: no
Specifies whether to configure the endpoint for advanced policy management.
Note: Each CA Control Minder endpoint must be configured to receive updates from the advanced policy management server components.
Values: yes, no
Default: yes
Specifies whether to install the advanced policy management server components to centrally managed policy deployments.
Note: We recommend that you install advanced policy management server components on a central computer.
Values: yes, no
Default: no
Specifies whether you want to configure the PUPM Agent.
Values: yes, no
Default: no
Specifies whether you want to configure endpoint Message Queues.
Values: yes, no
Default: no
Defines the path to the installed Java environment.
Note: The Java environment path depends on the version and the platform. For example, on IBM J2SE Version 5.0 installed on Linux390, JAVA_HOME=/opt/ibm/java2-s390-50/jre.
Values: path to the installed Java environment
Default: java_home (the value in accommon.ini is set during installation)
Specifies the JCS server Distinguished Name (DN).
Values: A valid DN format string
Default: dc=im,dc=etasa
Specifies the JCS port.
Values: Port number
Default: 20411
Defines the JCS communication protocol.
Values: yes (for SSL connection), no
Default: yes
Specifies the JCS administrative user Distinguished Name (DN).
Values: Any valid DN format string
Default: cn=root,dc=etasa
Specifies the JCS administrative user password.
Note: Wildcards (*)replace the JCS_USER_PSSWD after the installation.
Values: Any valid DN format string
Default: No default value
Defines the CA Control Minder installation language.
Example: To install CA Control Minder with Japanese EUC support, LANG=ja_JP. For a complete list of supported languages, use the command locale -a.
Notes:
Values: A supported language string
Default: English
Defines the encryption method that is used to protect communication between <eCA> programs and CA Control Minder installed hosts.
Notes:
Values: 99 (AES2526), 1 (SCRAMBLE), 2 (DES), 3 (TRIPLEDES), 4 (AES128), 5 (AES192)
Default: 99
Defines the command that accepts the license agreement.
Notes:
Important! The LIC_CMD command is required to install CA Control Minder.
Defines the CA license installation location.
Values: Any absolute path name.
Default: /opt/CA/SharedComponents (Same as lic98 default)
Defines the installation log file name that is created in the $SEOSDIR.
Values: Any valid file name.
Default: AccessControl_install.log
Specifies whether to install the Mainframe Synchronization Support Daemon.
Values: yes, no
Default: no
Specifies whether to set up the selogrd/TNG integration.
Values: yes (attempts to set up selogrd/TNG integration), no (selogrd/TNG integration does not take place)
Default: no
Specifies OS database administrators.
Values: A space-separated list of users, none
Default: none
Defines a list of Policy Model Databases (PMDBs) from which the computer accepts updates.
Note: The local CA Control Minder database rejects updates from any PMDB that is not specified in this list.
Values: _NO_MASTER_ (The local database accepts updated from any PMDB), A comma-separated list of PMDBs in the format pmd1@host1, pmdb2@host1, A path to a file that contains a line-separated list of PMDBs, none (The local database does not accept updates from any PMDBs).
Default: none
Specifies the Policy Model Database (PMDB) where sepass sends password updates.
Values: A PMDB in the format pmd_name@hostname, none
Default: none
Notes:
Defines the full program or script path name that is executed after you run the post install script.
Values: yes, pathname
Default: no
Defines the full program or script path name that is executed before you run the post install script.
Values: yes, pathname
Default: no
Defines the Primary Enterprise Management server host name.
Values: string, none
Default: none
Specifies whether you generate a new subject certificate and key or provide an existing subject certificate and key.
Notes:
Values: 1 (Generate a subject certificate and key), 2 (Provide an existing certificate and key)
Default: 1
Defines the upgrade behavior when a PMDB update is in progress.
Notes:
Values: yes, no
Default: no
Defines the shared secret for Message Queue SSL authentication.
Note: Wildcards(*) replace the shared secret after the installation.
Values: Any string
Default: Empty value
Defines the name of the queue where reports are sent.
Values: A string representing a queue name
Default: queue/snapshots
Defines when reports are generated and sent to the report server.
Values: A string representing time and date in the format time@day, day
Example:19:22@Sun, Mon. (This example generates reports every Sunday and Monday at 19:22).
Default: 00:00@Sun, Mon, Tue, Wed, Thu, Fri, Sat
Specifies the public key that is used for the subject key generation.
Values: The full path name to the subject certificate file, default
Default:default (the key that is provided with the installation package)
Specifies the root certificate that is used for the subject certificate generation.
Values: The full path name to the subject certificate file, default
Default: default (The root certificate that is provided with the installation package)
Specifies whether UNIX Authentication Broker activates the SELinux policy during installation.
Values: yes, no
Default: no
Defines the name of the group that owns the CA Control Minder files.
Values: Any existing group name.
Default: root
Defines the subject certificate serial number.
Note: To define a subject certificate serial number, CA Control Minder uses default values or accepts your input.
Values: A valid serial number, 0003ba39cc23
Limits: 3-247 characters
Default: 0003ba39cc23
Specifies whether to install the server package.
Values: no, yes
Default: yes
Specifies whether to change the default symmetric encryption method.
Notes:
Values: yes, no
Default: yes
Specifies the public key location.
Values: The full path name to the subject certificate file
Default: SEOSDIR>/data/crypto/sub.key
Specifies the subject certification location.
Note: To generate a subject certificate, specify the file location.
Values: The full path name to the subject certificate file
Default: SEOSDIR>/data/crypto/sub.pem
Defines the subject certificate expiration date.
Note: To define a subject certificate expiration date, CA Control Minder uses default values or accepts your input.
Values: A date in the format mm/dd/yy
Default: 12/31/35
Defines the subject certificate name.
Note: To define a subject certificate name, CA Control Minder uses default values or accepts your input.
Values: An LDAP format name, cn=any.string
Limits: 3-63 characters
Default: c=any.string
Specifies whether to install the Unicenter Integration and Migration packages.
Note: This package supports CA Control Minder integration and migration with CAUTIL, Workload Management, and Event Management components of Unicenter.
Values: yes, no
Default: no
Specifies whether to change the default encryption method which protects communication between CA Control Minder programs and CA Control Minder installed hosts.
Values: yes, no
Default: yes
Defines whether the CA_LIC updates the file /etc/profile with profile.ca loading.
Values: yes, no
Default: yes
Specifies whether the installer will attempt to stop and unload the existing version of CA Control Minder when installing a different version.
Values: yes, no
Default: yes
Enables OS user support.
Note: OS users are defined in the OS repository but not in the CA Control Minder database. If you enable OS users support, you can reference users not defined in the CA Control Minder database.
Values: yes, no
Default: yes
Specifies whether to enable the STOP (Stack Overflow Protection) feature of CA Control Minder.
Values: yes, no
Default: no
Specifies whether CA Control Minder imports native users and groups into the database.
Values: yes, no
Default: no
Note: The import process uses local host files or the local NIS maps as information sources. The time that is required to import users and groups depends on the number of users, groups, and hosts defined. You can also import this data into the CA Control Minder database after the installation using the UxImport utility.
(Solaris 10 only) Specifies that CA Control Minder is installed on a branded zone or that a branded zone with CA Control Minder installed is configured.
Note: If you set this value to yes, the installation changes the kernel communication mode to use iotcl instead of a sysscall.
Values: yes, no
Default: no
Specifies whether to use DNS to create the host look-alike database during installation.
Values: yes, no
Default: yes
Copyright © 2013 CA Technologies.
All rights reserved.
|
|