Previous
Index Next
ISCS version 0.1.1
The SPM may be installed on the same computer as the DBD (local DBD) or on a separate computer from the DBD (remote DBD). There can be any number of SPMs in an ISCS environment and they may be used concurrently but there is only one DBD.
SPM users will need a properly configured installation of SSH to communicate with a remote DBD. The configuration issues are discussed in the DBD installation instructions. In review, generate an SSH RSA keypair for the user:
ssh-keygen -t rsa
and add the contents of the id_rsa.pub file to the authorized_keys files in the user's home directory on the DBD. If you choose to password protect the user's private key, you will be constantly prompted for the password while using the SPM. You may wish to not password protect the user's private key. The user's home directory on the DBD needs to be configured according to the instructions in the DBD installation instructions.
The SPM needs some working directories and some support files. The tarball contains a directory named SPMdirs. Create the directory /usr/local/SPM. Ensure that the user has read, write and execute privileges to it. You may consider creating an “SPM” group, changing group ownership to SPM and granting these privileges to the group. Copy the BaseFiles and images directories and their contents from SPMdirs to /usr/local/SPM/. Under /usr/local/SPM/ create a spm_spm directory and under /usr/local/SPM/spm_spm create the additional directories of data, dbversions, etc and PEPfiles. The final directory structure should be:
/usr/local/SPM/
BaseFiles/
etc/
images/
spm_spm/
data/
dbversions/
PEPfiles/
The data, dbversions and PEPfiles directories will temporarily hold sensitive data so you may want to restrict file access to 700 or 770. If you wish to grant group level rights, ensure that these directories are owned by the appropriate group.
Now we are ready to compile and install the SPM. The SPM requires Qt >= 3.1.2. Change to the spm directory from the tarball. A simple configure, make and make install should do (however, if compiling on X86_64, you may need to explicitly give the location of the qt files with the --with-qt-dir and --with-qt-libraries and may also need to use --enable-libsuffix=64):
./configure && make
su
make install
The binary executable is named "spm". If you do not specify where the binary file should be installed in ./configure, it will install wherever your system defaults to install it. This may not be in the executable path. For example, we have frequently seen spm installed in /usr/local/kde/bin and that directory not in the executable path.
The SPM should now be ready to configure the ISCS network. PLEASE BE SURE TO READ THE SHORT INTRODUCTION BEFORE ATTEMPTING TO USE THE SPM. Using the SPM is not at all like using a traditional firewall configurator.
To start the SPM, type:
spm
if it has been installed in the executable path or
<INSTALLATION_DIRECTORY>/spm
if it has not.