T l Security Compliance Manager - IBM · 2004-10-07 · v IBM Tivoli Security Compliance Manager...
Transcript of T l Security Compliance Manager - IBM · 2004-10-07 · v IBM Tivoli Security Compliance Manager...
Tivoli® Security
Compliance
Manager
Installation
Guide:
All
Components
Version
5.1
GC32-1592-00
���
Tivoli® Security
Compliance
Manager
Installation
Guide:
All
Components
Version
5.1
GC32-1592-00
���
Note
Before
using
this
information
and
the
product
it
supports,
read
the
information
in
“Notices,”
on
page
71.
First
Edition
(May
2004)
This
edition
applies
to
version
5,
release
1,
modification
0
of
IBM
Tivoli
Security
Compliance
Manager
(product
number
5724-F82)
and
to
all
subsequent
releases
and
modifications
until
otherwise
indicated
in
new
editions.
©
Copyright
International
Business
Machines
Corporation
2003,
2004.
All
rights
reserved.
US
Government
Users
Restricted
Rights
–
Use,
duplication
or
disclosure
restricted
by
GSA
ADP
Schedule
Contract
with
IBM
Corp.
Contents
Preface
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. v
Who
should
read
this
book
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. v
What
this
book
contains
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. v
Publications
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. vi
IBM
Tivoli
Security
Compliance
Manager
library
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. vi
Related
publications
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. vi
Accessing
publications
online
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. vii
Accessibility
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. vii
Tivoli
technical
training
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. vii
Contacting
software
support
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. vii
Conventions
used
in
this
book
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. vii
Typeface
conventions
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. vii
Operating
system
differences
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. viii
Chapter
1.
Installation
overview
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 1
Supported
operating
systems
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 1
Software
prerequisites
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 3
Processor
and
memory
requirements
for
server
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 4
Disk
and
memory
requirements
for
client
and
collectors
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 4
Disk
and
memory
requirements
for
proxy
relay
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 4
Disk
and
memory
requirements
for
administration
utilities
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 5
CD
Layout
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 6
Chapter
2.
Installing
the
Tivoli
Security
Compliance
Manager
server
.
.
.
.
.
.
.
.
.
. 7
Before
you
begin
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 7
Using
the
InstallShield
MultiPlatform
package
to
install
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 8
Chapter
3.
Installing
the
Tivoli
Security
Compliance
Manager
client
.
.
.
.
.
.
.
.
. 25
Before
you
begin
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 25
Using
the
InstallShield
MultiPlatform
Package
to
Install
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 25
Chapter
4.
Installing
the
Tivoli
Security
Compliance
Manager
administration
utilities
.
. 37
Before
you
begin
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 37
Using
the
InstallShield
MultiPlatform
Package
to
Install
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 37
Chapter
5.
Using
the
Tivoli
Security
Compliance
Manager
database
utilities
.
.
.
.
.
. 45
Before
you
begin
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 45
Using
the
InstallShield
MultiPlatform
package
to
run
the
database
utilities
.
.
.
.
.
.
.
.
.
.
.
.
.
. 46
Chapter
6.
Uninstalling
Tivoli
Security
Compliance
Manager
.
.
.
.
.
.
.
.
.
.
.
.
. 55
Before
you
begin
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 55
Using
the
InstallShield
MultiPlatform
package
to
uninstall
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 55
Console
mode
Uninstallation
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 60
Chapter
7.
After
the
installation
has
completed
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 63
Chapter
8.
Alternate
installation
methods
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 65
Silent
install
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 65
Console
mode
installation
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 66
Chapter
9.
Troubleshooting
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 67
Installing
with
an
alternate
temporary
directory
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 67
Files
left
in
temporary
directory
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 67
©
Copyright
IBM
Corp.
2003,
2004
iii
Logging
during
installation
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 67
Frequently
asked
questions
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 68
Invalid
DB2
user
ID
and
password
given
during
install
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 68
Entered
wrong
DB2
password
during
server
start
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 68
Deselected
create
database
now
box
by
mistake
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 68
Forgot
Tivoli
Security
Compliance
Manager
administrator
password
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 68
Forgot
Tivoli
Security
Compliance
Manager
administrator
ID
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 69
Forgot
to
reset
UMASK
before
installation
on
UNIX-based
or
Linux
platforms
.
.
.
.
.
.
.
.
.
.
.
. 69
Used
double-byte
characters
for
my
administrator
user
ID
and/or
password
.
.
.
.
.
.
.
.
.
.
.
. 69
Forgot
to
select
stash
password
during
install
and
server
will
not
start
.
.
.
.
.
.
.
.
.
.
.
.
.
. 69
Selected
stash
password
during
install
and
server
will
not
start
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 70
Appendix.
Notices
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 71
Trademarks
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 72
Glossary
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 75
Index
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 77
iv
Tivoli
Security
Compliance
Manager:
Installation
Guide:
All
Components
Preface
The
IBM®
Tivoli®
Security
Compliance
Manager
Installation
Guide:
All
Components
book
explains
how
to
install
and
configure
the
IBM
Tivoli
Security
Compliance
Manager
software.
Tivoli
Security
Compliance
Manager
is
a
data
collection
service
that
gathers
and
stores
a
wide
variety
of
information
from
multiple
participating
systems.
Information
types
can
include
any
data
on
a
system,
such
as
operating
system
versions,
software
patch
levels,
and
security-related
data.
System
and
security
administrators
can
use
the
Tivoli
Security
Compliance
Manager
service
to
monitor
specific
data
checkpoints
on
any
given
machine
(or
group
of
machines).
Who
should
read
this
book
The
target
audience
for
this
installation
guide
includes:
v
Security
administrators
v
System
administrators
Readers
should
be
familiar
with:
v
TCP/IP
v
DB2
Relational
databases
v
Security
management,
including
authentication
and
authorization
What
this
book
contains
This
document
contains
the
following
chapters:
v
Chapter
1,
“Installation
overview,”
on
page
1
describes
the
prerequisites
for
Tivoli
Security
Compliance
Manager.
v
Chapter
2,
“Installing
the
Tivoli
Security
Compliance
Manager
server,”
on
page
7
describes
how
to
install
the
server.
v
Chapter
3,
“Installing
the
Tivoli
Security
Compliance
Manager
client,”
on
page
25
describes
how
to
install
the
client.
v
Chapter
4,
“Installing
the
Tivoli
Security
Compliance
Manager
administration
utilities,”
on
page
37
describes
how
to
install
the
administration
utilities,
which
include
the
administration
console
and
the
administration
command
line
interface.
v
Chapter
5,
“Using
the
Tivoli
Security
Compliance
Manager
database
utilities,”
on
page
45
describes
how
to
use
the
database
utilities
to
configure
the
Tivoli
Security
Compliance
Manager
DB2
database.
This
step
is
automatically
performed
during
a
server
install.
v
Chapter
6,
“Uninstalling
Tivoli
Security
Compliance
Manager,”
on
page
55
describes
how
to
remove
any
of
the
Tivoli
Security
Compliance
Manager
system
components.
v
Chapter
7,
“After
the
installation
has
completed,”
on
page
63
describes
what
to
do
immediately
after
you
have
completed
the
installation.
v
Chapter
8,
“Alternate
installation
methods,”
on
page
65
describes
how
to
install
in
silent
mode
using
a
response
file
to
provide
input
or
in
console
mode.
©
Copyright
IBM
Corp.
2003,
2004
v
v
Chapter
9,
“Troubleshooting,”
on
page
67
describes
solutions
for
problems
that
you
might
encounter
during
the
installation
of
Tivoli
Security
Compliance
Manager.
Publications
Read
the
descriptions
of
the
IBM
Tivoli
Security
Compliance
Manager
library,
the
prerequisite
publications,
and
the
related
publications
to
determine
which
publications
you
might
find
helpful.
After
you
determine
the
publications
you
need,
refer
to
the
instructions
for
accessing
publications
online.
IBM
Tivoli
Security
Compliance
Manager
library
The
publications
in
the
IBM
Tivoli
Security
Compliance
Manager
library
are:
v
IBM
Tivoli
Security
Compliance
Manager
Installation
Guide:
All
Components
(GC32-1592-00)
Explains
how
to
install
and
configure
Tivoli
Security
Compliance
Manager
software.
v
IBM
Tivoli
Security
Compliance
Manager
Installation
Guide:
Client
Component
(GC32-1593-00)
Explains
how
to
install
and
configure
the
Tivoli
Security
Compliance
Manager
client
component
software.
v
IBM
Tivoli
Security
Compliance
Manager
Administration
Guide
(SC32-1594-00)
Explains
how
to
manage
and
configure
Tivoli
Security
Compliance
Manager
services
using
the
administration
console.
v
IBM
Tivoli
Security
Compliance
Manager
Collector
Development
Guide
(SC32-1595-00)
Explains
how
to
design
and
implement
custom
Tivoli
Security
Compliance
Manager
collectors.
v
IBM
Tivoli
Security
Compliance
Manager
Warehouse
Enablement
Pack,
Version
1.1
Implementation
Guide
for
Tivoli
Data
Warehouse,
Version
1.2
(SC32-1596-00)
Explains
how
to
integrate
Tivoli
Security
Compliance
Manager
with
Tivoli®
Data
Warehouse.
v
IBM
Tivoli
Security
Compliance
Manager
Release
Notes
(GI11-4695-00)
Provides
late-breaking
information,
such
as
software
limitations,
workarounds,
and
documentation
updates.
Related
publications
This
section
lists
publications
related
to
the
Tivoli
Security
Compliance
Manager
library.
The
Tivoli
Software
Library
provides
a
variety
of
Tivoli
publications
such
as
white
papers,
datasheets,
demonstrations,
redbooks,
and
announcement
letters.
The
Tivoli
Software
Library
is
available
on
the
Web
at:
http://www.ibm.com/software/tivoli/library/
The
Tivoli
Software
Glossary
includes
definitions
for
many
of
the
technical
terms
related
to
Tivoli
software.
The
Tivoli
Software
Glossary
is
available,
in
English
only,
from
the
Glossary
link
on
the
left
side
of
the
Tivoli
Software
Library
Web
page
http://www.ibm.com/software/tivoli/library/
IBM
DB2
Universal
Database™
IBM®
DB2®
Universal
Database
is
required
when
using
Tivoli
Security
Compliance
Manager.
Additional
information
about
DB2
can
be
found
at:
vi
Tivoli
Security
Compliance
Manager:
Installation
Guide:
All
Components
http://www.ibm.com/software/data/db2/
Accessing
publications
online
The
publications
for
this
product
are
available
online
in
Portable
Document
Format
(PDF)
or
Hypertext
Markup
Language
(HTML)
format,
or
both
in
the
Tivoli
software
library:
http://www.ibm.com/software/tivoli/library
To
locate
product
publications
in
the
library,
click
the
Product
manuals
link
on
the
left
side
of
the
library
page.
Then,
locate
and
click
the
name
of
the
product
on
the
Tivoli
software
information
center
page.
Product
publications
include
release
notes,
installation
guides,
user’s
guides,
administrator’s
guides,
and
developer’s
references.
Note:
To
ensure
proper
printing
of
publications,
select
the
Fit
to
page
check
box
in
the
Adobe
Acrobat
window
(which
is
available
when
you
click
File
→
Print).
Accessibility
Accessibility
features
help
a
user
who
has
a
physical
disability,
such
as
restricted
mobility
or
limited
vision,
to
use
software
products
successfully.
You
can
use
assistive
technologies
to
hear
and
navigate
the
product
documentation.
You
also
can
use
the
keyboard
instead
of
the
mouse
to
operate
some
features
of
the
graphical
user
interface.
Tivoli
technical
training
For
Tivoli
technical
training
information,
refer
to
the
IBM
Tivoli
Education
Web
site:
http://www.ibm.com/software/tivoli/education.
Contacting
software
support
Before
contacting
IBM
Tivoli
Software
Support
with
a
problem,
refer
to
the
IBM
Tivoli
Software
Support
site
by
clicking
the
Tivoli
support
link
at
the
following
Web
site:
http://www.ibm.com/software/support/
If
you
need
additional
help,
contact
software
support
by
using
the
methods
described
in
the
IBM
Software
Support
Guide
at
the
following
Web
site:
http://techsupport.services.ibm.com/guides/handbook.html
The
guide
provides
the
following
information:
v
Registration
and
eligibility
requirements
for
receiving
support
v
Telephone
numbers,
depending
on
the
country
in
which
you
are
located
v
A
list
of
information
you
should
gather
before
contacting
customer
support
Conventions
used
in
this
book
This
reference
uses
several
conventions
for
special
terms
and
actions
and
for
operating
system-dependent
commands
and
paths.
Typeface
conventions
The
following
typeface
conventions
are
used
in
this
reference:
Preface
vii
Bold
Lowercase
commands
or
mixed
case
commands
that
are
difficult
to
distinguish
from
surrounding
text,
keywords,
parameters,
options,
names
of
Java
classes,
and
objects
are
in
bold.
Italic
Variables,
titles
of
publications,
and
special
words
or
phrases
that
are
emphasized
are
in
italic.
Monospace
Code
examples,
command
lines,
screen
output,
file
and
directory
names
that
are
difficult
to
distinguish
from
surrounding
text,
system
messages,
text
that
the
user
must
type,
and
values
for
arguments
or
command
options
are
in
monospace.
Operating
system
differences
This
book
uses
the
UNIX
convention
for
specifying
environment
variables
and
for
directory
notation.
When
using
the
Windows
command
line,
replace
$variable
with
%variable%
for
environment
variables
and
replace
each
forward
slash
(/)
with
a
backslash
(\)
in
directory
paths.
If
you
are
using
the
bash
shell
on
a
Windows
system,
you
can
use
the
UNIX
conventions.
viii
Tivoli
Security
Compliance
Manager:
Installation
Guide:
All
Components
Chapter
1.
Installation
overview
This
chapter
lists
the
supported
operating
systems,
prerequisites,
and
disk
and
memory
requirements
for
IBM
Tivoli
Security
Compliance
Manager.
It
also
suggests
important
things
you
should
consider
before
you
begin
the
product
installation.
Supported
operating
systems
The
following
tables
list
the
supported
operating
systems
for
the
Tivoli
Security
Compliance
Manager
server,
client,
collectors,
and
administration
utilities.
Note:
Unless
otherwise
noted,
for
Linux
systems
only
Intel,
IA32
is
supported.
Table
1.
Server
Operating
system
Level
Patch/maintenance
level
AIX
®
5.1
No
fix
pack
required
AIX
5.2
No
fix
pack
required
Windows®
2000
Server
Latest
fix
pack
level
Sun
Solaris
2.8
Latest
fix
pack
level
Sun
Solaris
2.9
Latest
fix
pack
level
SUSE
Linux
Enterprise
Server
8
Latest
fix
pack
level
Table
2.
Clients,
collectors,
and
proxy
relay
Operating
system
Level
Patch/maintenance
level
AIX
5.1
Latest
cumulative
patches
AIX
5.2
Latest
cumulative
patches
HP-UX
11.0
Latest
cumulative
patches
HP-UX
11i
Latest
cumulative
patches
Red
Hat
Linux
6.2
Latest
cumulative
patches
Red
Hat
Linux
7.0
Latest
cumulative
patches
Red
Hat
Linux
7.1
Latest
cumulative
patches
Red
Hat
Linux
7.2
Latest
cumulative
patches
Red
Hat
Linux
7.3
Latest
cumulative
patches
Red
Hat
Linux
8.0
Latest
cumulative
patches
Red
Hat
Linux
9.0
Latest
cumulative
patches
Sun
Solaris
2.6
Latest
cumulative
patches
Sun
Solaris
2.7
Latest
cumulative
patches
Sun
Solaris
2.8
Latest
cumulative
patches
Sun
Solaris
2.9
Latest
cumulative
patches
Windows
NT®
4.0
Server
Latest
service
pack
and
security
roll
up
package
©
Copyright
IBM
Corp.
2003,
2004
1
Table
2.
Clients,
collectors,
and
proxy
relay
(continued)
Operating
system
Level
Patch/maintenance
level
Windows
NT
4.0
Workstation
Latest
service
pack
and
security
roll
up
package
Windows
2000
Server
Latest
service
pack
and
security
roll
up
package
Windows
2000
Advanced
Server
Latest
service
pack
and
security
roll
up
package
Windows
2000
Professional
Latest
service
pack
and
security
roll
up
package
Windows
XP
Professional
Latest
service
pack
and
security
roll
up
package
Windows
2003
Server
Standard
Edition
and
Enterprise
Edition
Latest
service
pack
and
security
roll
up
package
Red
Hat
Enterprise
Linux
2.1
Latest
cumulative
patches
Red
Hat
Enterprise
Linux
Advanced
Server
3.0
(see
note
below)
Latest
cumulative
patches
Red
Hat
Enterprise
Linux
for
zSeries
3.0
Latest
cumulative
patches
Red
Hat
Enterprise
Linux
for
iSeries
or
pSeries
3.0
Latest
cumulative
patches
Red
Hat
Enterprise
Linux
for
zSeries
7.2
Latest
cumulative
patches
Red
Hat
Enterprise
Linux
Advanced
Server
2.1
Latest
cumulative
patches
SUSE
LINUX
7.0
Latest
cumulative
patches
SUSE
LINUX
Enterprise
Server
8
Latest
cumulative
patches
SUSE
LINUX
Enterprise
Server
for
zSeries
8
Latest
cumulative
patches
SUSE
LINUX
Enterprise
Server
for
iSeries
or
pSeries
8
Latest
cumulative
patches
Note:
The
Red
Hat
Enterprise
Linux
Advanced
Server
3.0
platform
can
only
be
installed
using
the
console
mode
in
Japanese.
Please
see
“Console
mode
installation”
on
page
66
for
more
information
on
how
to
perform
a
console
mode
install.
Table
3.
Administration
console
Operating
system
Level
Patch/maintenance
level
Windows
2000
Professional
Latest
service
pack
and
security
roll
up
package
Windows
XP
Professional
Latest
service
pack
and
security
roll
up
package
Table
4.
Administration
command
line
interface
Operating
system
Level
Patch/maintenance
level
AIX
5.1
Latest
cumulative
patches
2
Tivoli
Security
Compliance
Manager:
Installation
Guide:
All
Components
Table
4.
Administration
command
line
interface
(continued)
Operating
system
Level
Patch/maintenance
level
AIX
5.2
Latest
cumulative
patches
Windows
2000
Professional
Latest
service
pack
and
security
roll
up
package
Windows
2000
Server
Latest
service
pack
and
security
roll
up
package
Windows
2000
Advanced
Server
Latest
service
pack
and
security
roll
up
package
Windows
XP
Professional
Latest
service
pack
and
security
roll
up
package
Sun
Solaris
2.8
Latest
cumulative
patches
Sun
Solaris
2.9
Latest
cumulative
patches
HP-UX
11
Latest
cumulative
patches
HP-UX
11i
Latest
cumulative
patches
SUSE
LINUX
Enterprise
Server
8
Latest
cumulative
patches
Red
Hat
Linux
9
Latest
cumulative
patches
Red
Hat
Enterprise
Linux
Advanced
Server
3.0
Latest
cumulative
patches
Red
Hat
Enterprise
Linux
for
iSeries
or
pSeries
3.0
Latest
cumulative
patches
SUSE
LINUX
Enterprise
Server
for
iSeries
or
pSeries
8
Latest
cumulative
patches
Software
prerequisites
All
UNIX-based
and
Linux
systems
must
have
full
X
Windows
(X11)
support
in
place
for
the
installation
to
run
correctly,
regardless
of
whether
or
not
the
system
contains
a
graphics
card.
See
the
installation
media
for
the
system’s
operating
system
to
install
X
Windows
(X11).
The
following
table
lists
the
software
prerequisites
for
the
server.
Table
5.
Server
software
prerequisites
Operating
system
Requirements
AIX
5.1
DB2
7.2
or
8.1
AIX
5.2
DB2
7.2
or
8.1
Windows
2000
Server
DB2
7.2
or
8.1
Sun
Solaris
2.8
DB2
7.2
or
8.1
Sun
Solaris
2.9
DB2
7.2
or
8.1
SUSE
LINUX
Enterprise
Server
8
for
IA32
DB2
7.2
or
8.1
The
Tivoli
Security
Compliance
Manager
5.1
product
package
includes
DB2
8.1.
The
following
table
lists
the
software
prerequisites
for
the
HP-UX
client
and
command
line
interface.
Chapter
1.
Installation
overview
3
Table
6.
Client,
collectors,
and
proxy
relay
software
prerequisites
Operating
system
Requirements
HP-UX
11.0,
11i
Java
Runtime
Environment
(JRE)
1.3.1
Processor
and
memory
requirements
for
server
The
following
table
lists
the
processor
and
memory
requirements
for
the
server.
Table
7.
Server
processor
and
memory
requirements
Type
of
Tivoli
Security
Compliance
Manager
Deployment
Processor
Memory
Requirements
Small
(1–500
clients)
1
512
MB
RAM
Medium
(501–2500
clients)
2
512
MB
RAM
Large
(2501–10,000
clients)
2–4
2–4
GB
RAM
You
need
5
MB
of
disk
space
to
install
the
server
package.
Disk
and
memory
requirements
for
client
and
collectors
The
following
table
lists
the
disk
and
memory
requirements
for
the
Tivoli
Security
Compliance
Manager
client
and
collectors.
Table
8.
Disk
and
memory
requirements
for
Tivoli
Security
Compliance
Manager
client
Client
Platform
Disk
Requirements
for
Installation
Directory
Disk
Requirements
for
Temporary
Directory
Memory
Requirements
AIX
64
MB
45
MB
75
MB
RAM
HP-UX
64
MB
6
MB
75
MB
RAM
Linux
64
MB
46
MB
75
MB
RAM
Solaris
64
MB
65
MB
75
MB
RAM
Windows
64
MB
44
MB
75
MB
RAM
Note:
The
HP-UX
platform
values
in
the
table
are
much
smaller
than
the
other
platform
values
because
the
Java
Runtime
Environment
is
not
packaged
with
the
HP-UX
client.
Disk
and
memory
requirements
for
proxy
relay
The
following
table
lists
the
disk
and
memory
requirements
for
the
Tivoli
Security
Compliance
Manager
client
with
the
proxy
relay
collector.
Table
9.
Disk
and
memory
requirements
for
Tivoli
Security
Compliance
Manager
proxy
relay
Client
Platform
Disk
Requirements
for
Installation
Directory
Disk
Requirements
for
Temporary
Directory
Memory
Requirements
AIX
64
MB
45
MB
256
MB
RAM
minimum,
512
MB
RAM
recommended
4
Tivoli
Security
Compliance
Manager:
Installation
Guide:
All
Components
Table
9.
Disk
and
memory
requirements
for
Tivoli
Security
Compliance
Manager
proxy
relay
(continued)
Client
Platform
Disk
Requirements
for
Installation
Directory
Disk
Requirements
for
Temporary
Directory
Memory
Requirements
HP-UX
64
MB
6
MB
256
MB
RAM
minimum,
512
MB
RAM
recommended
Linux
64
MB
46
MB
256
MB
RAM
minimum,
512
MB
RAM
recommended
Solaris
64
MB
65
MB
256
MB
RAM
minimum,
512
MB
RAM
recommended
Windows
64
MB
44
MB
256
MB
RAM
minimum,
512
MB
RAM
recommended
Note:
The
HP-UX
platform
values
in
the
table
are
much
smaller
than
the
other
platform
values
because
the
Java
Runtime
Environment
is
not
packaged
with
the
HP-UX
client.
Disk
and
memory
requirements
for
administration
utilities
The
following
table
lists
the
disk
and
memory
requirements
for
the
administration
console.
Table
10.
Disk
and
memory
requirements
for
Tivoli
Security
Compliance
Manager
administration
console
Administration
Console
Platform
Disk
Requirements
for
Installation
Directory
Disk
Requirements
for
Temporary
Directory
Memory
Requirements
Windows
64
MB
42
MB
128
MB
RAM
minimum,
256
MB
RAM
recommended
The
following
table
lists
the
disk
and
memory
requirements
for
the
command
line
interface.
Table
11.
Disk
and
memory
requirements
for
Tivoli
Security
Compliance
Manager
command
line
interface
Command
Line
Interface
Platform
Disk
Requirements
for
Installation
Directory
Disk
Requirements
for
Temporary
Directory
Memory
Requirements
AIX
64
MB
45
MB
256
MB
RAM
minimum,
512
MB
RAM
recommended
HP-UX
64
MB
6
MB
256
MB
RAM
minimum,
512
MB
RAM
recommended
Linux
64
MB
46
MB
256
MB
RAM
minimum,
512
MB
RAM
recommended
Chapter
1.
Installation
overview
5
Table
11.
Disk
and
memory
requirements
for
Tivoli
Security
Compliance
Manager
command
line
interface
(continued)
Command
Line
Interface
Platform
Disk
Requirements
for
Installation
Directory
Disk
Requirements
for
Temporary
Directory
Memory
Requirements
Solaris
64
MB
65
MB
256
MB
RAM
minimum,
512
MB
RAM
recommended
Windows
64
MB
44
MB
256
MB
RAM
minimum,
512
MB
RAM
recommended
Note:
The
HP-UX
platform
values
in
the
table
are
much
smaller
than
the
other
platform
values
because
the
Java
Runtime
Environment
is
not
packaged
with
the
HP-UX
client.
CD
Layout
The
Tivoli
Security
Compliance
Manager
5.1
CD
contains
the
following
files
and
directories:
v
/policies/Network_AIX.pol
v
/policies/System_AIX.pol
v
/policies/Network_Windows.pol
v
/policies/System_Windows.pol
v
scm_aix
v
scm_hp11
v
scm_linux
v
scm_linux390
v
scm_linuxppc
v
scm_solaris
v
scm_win32.exe
v
scminstall.jar
The
scm_aix,
scm_hp11,
scm_linux,
scm_linux390,
scm_linuxppc,
scm_solaris,
scm_win32.exe
and
scminstall.jar
are
the
InstallShield
executables
and
.jar
file
needed
to
install
Tivoli
Security
Compliance
Manager.
6
Tivoli
Security
Compliance
Manager:
Installation
Guide:
All
Components
Chapter
2.
Installing
the
Tivoli
Security
Compliance
Manager
server
You
can
install
the
Tivoli
Security
Compliance
Manager
server
on
the
platforms
listed
in
“Supported
operating
systems”
on
page
1.
The
installation
program
is
an
InstallShield
MultiPlatform
package.
When
you
install
the
server,
the
administration
utilities
and
database
configuration
utility
are
automatically
included.
The
administration
utilities
includes
the
administration
console,
the
administration
command
line
interface,
and
the
proxy
relay
collector.
Administration
and
usage
information
for
the
proxy
relay,
including
configuration,
can
be
found
in
the
IBM
Tivoli
Security
Compliance
Manager
Administration
Guide.
Note:
Do
not
attempt
to
run
the
administration
console
on
unsupported
platforms.
Doing
so
may
have
unintended
consequences
on
your
Tivoli
Security
Compliance
Manager
installation.
Before
you
begin
Before
you
install
the
server:
v
If
you
are
reinstalling
the
server,
stop
the
server
before
you
attempt
to
reinstall
it.
See
“Using
the
InstallShield
MultiPlatform
package
to
uninstall”
on
page
55
for
more
information.
v
The
default
installation
directories
are
/opt/IBM/SCM
directory
on
UNIX-based
platforms
and
Linux
platforms,
and
in
the
C:\Program
Files\IBM\SCM
directory
on
Windows.
v
For
UNIX-based
platforms
and
Linux
platforms,
the
installation
directory
should
not
be
on
the
root
file
system.
If
the
/opt
directory
is
located
in
the
root
file
system,
consider
one
of
the
following
options:
–
Create
a
separate
file
system
for
/opt
(the
optimum
solution).
–
Create
a
separate
file
system
for
/opt/IBM
or
/opt/IBM/SCM
–
Create
a
symbolic
link
from
/opt
to
/usr/opt
–
Create
a
symbolic
link
from
/opt/IBM
or
/opt/IBM/SCM
to
some
other
file
system
(perhaps
/usr/opt/IBM
or
/usr/opt/IBM/SCM).
The
/opt
directory
is
often
a
part
of
the
root
file
system.
Causing
the
root
file
system
to
fill
up
might
impact
other
applications,
including
the
operating
system
itself.
Changing
the
mount
point
does
not
remove
the
possibility
of
filling
up
a
file
system,
but
it
does
reduce
the
impact
to
other
applications
that
are
running
on
the
system.
It
localizes
a
file
system
problem
to
Tivoli
Security
Compliance
Manager.
v
DB2
must
be
installed
prior
to
installing
Tivoli
Security
Compliance
Manager
server.
Consider
making
a
separate
file
system
for
the
DB2
database
that
is
to
be
used
by
the
server.
This
might
be
necessary
if
the
server
encounters
DB2
errors
indicating
that
there
is
not
enough
space
to
store
Tivoli
Security
Compliance
Manager
data.
Creating
a
separate
file
system
does
not
remove
the
possibility
of
filling
up
a
file
system
but
it
does
reduce
the
impact
to
other
applications
that
are
using
DB2
and
using
the
file
system
that
DB2
uses
by
default.
If
the
file
system
has
an
error,
it
will
be
easier
to
isolate
the
problem
to
Tivoli
Security
Compliance
Manager.
–
A
DB2
8.1
database
may
either
be
on
the
server
machine,
or
on
a
remote
machine.
In
order
to
use
a
DB2
8.1
database
on
a
remote
machine,
you
will
©
Copyright
IBM
Corp.
2003,
2004
7
need
to
place
a
copy
of
the
db2java.zip
and
the
db2jcc.jar
files
onto
your
IBM
Tivoli
Security
Compliance
Manager
server
machine.
These
files
must
be
located
in
the
same
directory
on
the
IBM
Tivoli
Security
Compliance
Manager
server.
You
will
need
to
provide
the
fully-qualified
directory
path
to
the
db2java.zip
file
during
install.
–
A
DB2
7.2
database
may
either
be
on
the
server
machine,
or
on
a
remote
machine.
In
order
to
use
a
DB2
7.2
database
on
a
remote
machine,
you
will
need
to
place
a
copy
of
the
db2java.zip
file
onto
your
IBM
Tivoli
Security
Compliance
Manager
server
machine.
You
will
need
to
provide
the
fully-qualified
directory
path
to
the
db2java.zip
file
during
install.v
You
need
to
know
the
DB2
instance
ID
and
password.
v
For
UNIX-based
and
Linux
systems,
you
must
be
logged
on
as
the
user
ID
root.
v
For
installations
on
UNIX-based
or
Linux
platforms,
set
the
umask
to
022
for
the
Tivoli
Security
Compliance
Manager
files
to
be
installed
with
the
correct
permissions
for
operations.
If
the
umask
is
set
to
another
value,
the
install
will
complete
but
the
product
will
not
run.
v
For
more
information
on
alternative
installation
methods,
including
silent
and
console
mode
installations,
see
Chapter
8,
“Alternate
installation
methods,”
on
page
65.
Additional
server
installation
requirements
are
listed
on
the
Welcome
panel
of
the
installation
program.
Using
the
InstallShield
MultiPlatform
package
to
install
Tivoli
Security
Compliance
Manager
uses
the
InstallShield
MultiPlatform
(ISMP)
tool
for
installation.
Through
the
use
of
ISMP,
a
Java-based
installation
tool,
a
common
look
and
feel
for
installation
is
provided
regardless
of
your
operating
system.
Configuration
questions
are
provided
by
the
installation,
and
a
simple
configuration
is
performed
during
installation
to
get
you
up
and
running
quickly.
When
you
use
ISMP
to
install
the
Tivoli
Security
Compliance
Manager
server,
you
will
follow
these
steps
regardless
of
your
operating
system:
1.
Run
the
installation
executable.
The
list
of
the
platform-specific
installation
executables
is
located
in
Chapter
1,
“Installation
overview,”
on
page
1.
A
startup
window
for
the
Java
Virtual
Machine,
JVM,
is
displayed
while
the
JVM
is
loaded.
2.
The
Language
Selection
window
is
displayed.
Select
a
language
for
the
installation.
Click
OK.
Figure
1.
Language
Selection
8
Tivoli
Security
Compliance
Manager:
Installation
Guide:
All
Components
3.
The
installation
Welcome
window
is
displayed.
This
window
lists
all
the
required
information
for
each
Tivoli
Security
Compliance
Manager
component;
use
the
scroll
bar
to
display
the
required
information
for
the
component
you
will
be
installing.
Click
Next.
4.
The
software
license
agreement
is
displayed.
Accept
the
agreement
and
click
Next
to
continue.
Figure
2.
Installation
Welcome
window
Chapter
2.
Installing
the
Tivoli
Security
Compliance
Manager
server
9
5.
The
Installation
Directory
Location
window
is
displayed.
The
Tivoli
Security
Compliance
Manager
server
code
is
installed
in
the
/opt/IBM/SCM
directory
on
UNIX–based
platforms
and
Linux
platforms,
and
in
the
C:\Program
Files\IBM\SCM
directory
on
Windows.
Enter
a
different
installation
location
in
this
window
if
you
do
not
want
to
use
the
default
directory.
Click
Next.
Note:
If
you
have
already
installed
another
Tivoli
Security
Compliance
Manager
component,
or
are
reinstalling
the
server,
the
Installation
Directory
Location
window
will
not
be
displayed.
The
installation
program
will
automatically
install
the
server
to
the
same
location
as
the
previously
installed
components.
Figure
3.
Installation
Directory
Location
window
10
Tivoli
Security
Compliance
Manager:
Installation
Guide:
All
Components
6.
The
System
Component
Selection
window
is
displayed.
After
the
system
component
selection
window
opens,
you
will
be
able
to
continue
your
installation
based
on
the
system
component
you
have
selected.
Select
IBM
Tivoli
Security
Compliance
Manager
Server
and
click
Next.
Note:
The
IBM
Tivoli
Security
Compliance
Manager
Database
Configuration
utility
is
automatically
included
with
the
server
installation.
After
the
server
installation
has
completed,
a
separate
database
configuration
step
is
not
required.
Figure
4.
System
Component
Selection
window
—
Server
Chapter
2.
Installing
the
Tivoli
Security
Compliance
Manager
server
11
7.
The
Server
Configuration
window
is
displayed.
Enter
the
SMTP
server
host
name
that
will
be
used
by
Tivoli
Security
Compliance
Manager
to
send
notifications,
and
the
address
to
send
the
notifications
to.
The
address
will
be
used
as
the
From:
field
in
the
notification
sent
by
the
Tivoli
Security
Compliance
Manager
server.
Click
Next
to
continue.
Figure
5.
Server
Configuration
window
12
Tivoli
Security
Compliance
Manager:
Installation
Guide:
All
Components
8.
The
Server
Communication
Configuration
window
is
displayed.
Enter
the
server
and
client
connection
ports,
and
click
Next.
The
server
connection
port
displayed
on
this
window
is
the
port
used
for
communications
with
the
administration
console
and
with
the
administration
command
line
interface.
Figure
6.
Server
Communication
Configuration
window
Chapter
2.
Installing
the
Tivoli
Security
Compliance
Manager
server
13
9.
The
Server
Security
Configuration
window
is
displayed.
a.
Enter
the
fully
qualified
host
name
of
the
server
machine
for
the
system
name
for
the
certificate,
and
the
password
to
be
used
for
the
master
keystore
and
a
separate
password
to
be
used
for
the
server
keystore.
These
passwords
must
be
at
least
six
characters
in
length.
b.
Select
the
check
box
to
stash
the
server
keystore
password
and
enable
the
server
to
start
automatically
after
installation
has
completed;
if
you
do
not
select
the
box
you
will
have
to
manually
start
the
server
and
then
enter
the
server
keystore
password.
Additionally
on
Windows
systems,
if
you
choose
not
to
store
the
server
keystore
password,
the
server
service
will
not
be
installed
as
a
Windows
server.
As
a
result,
the
server
will
not
start
automatically
when
the
Windows
machine
is
started.
Instead,
you
will
need
to
use
the
jacserver
command
to
start
the
server,
and
then
you
will
be
prompted
for
the
server
keystore
password
before
launching
the
server.
Click
Next
to
continue
the
installation.
Note:
The
master
keystore
password
is
used
to
generate
the
keystore.
Figure
7.
Server
Security
Configuration
window
14
Tivoli
Security
Compliance
Manager:
Installation
Guide:
All
Components
10.
The
Database
Location
window
is
displayed.
v
To
use
a
database
on
the
server
machine,
select
The
database
is
on
the
local
machine,
click
Next,
and
continue
onto
the
next
step.
v
To
use
a
database
on
a
remote
machine,
select
The
database
is
remote,
click
Next,
and
continue
onto
Step
13
on
page
19
Figure
8.
Database
Location
window
Chapter
2.
Installing
the
Tivoli
Security
Compliance
Manager
server
15
11.
The
Database
Configuration
window
is
displayed.
A
slightly
different
window
is
displayed
on
Windows
platforms
as
opposed
to
UNIX-based
or
Linux
platforms.
v
For
Windows
platforms,
enter
the
following
information:
–
The
DB2
user
ID
and
password.
–
The
location
of
the
.jar
or
.zip
file
that
contains
the
DB2
JDBC
driver.
Click
the
Browse
button
to
navigate
to
the
location
of
the
.jar
or
.zip
file,
or
enter
the
location
manually.
The
typical
location
for
this
file
is:
C:\Program
Files\IBM\SQLLIB\java\db2java.zip
–
The
name
of
the
DB2
JDBC
driver.
A
default
DB2
JDBC
driver
name
is
displayed.
–
The
URL
to
use
for
database
connectivity.
Leave
the
default
for
a
local
database,
and
see
your
DB2
administrator
for
a
remote
database.
See
your
DB2
documentation
for
more
information
on
how
to
configure
JDBC
for
DB2.
–
Click
Next
to
continue
the
installation
and
continue
onto
Step
12
on
page
18.
Figure
9.
Database
Configuration
window
—
Windows
Platform
16
Tivoli
Security
Compliance
Manager:
Installation
Guide:
All
Components
v
For
UNIX-based
and
Linux
platforms,
enter
the
following
information:
–
The
DB2
user
ID
and
password.
–
The
location
to
create
the
DB2
database.
If
this
field
is
left
blank,
the
installation
will
use
the
default
location
of
the
database
instance
ID
home.
If
a
location
is
specified
in
this
field,
that
location
will
be
used
as
the
location
of
the
database.
–
Select
the
check
box
to
create
the
DB2
database
as
part
of
the
server
installation.
See
the
note
in
the
next
step
for
more
details
on
the
function
of
the
check
box.
–
Click
Next
to
continue
the
installation
and
continue
onto
Step
15
on
page
22.
Figure
10.
Database
Configuration
window
—
UNIX-based
Platforms
Chapter
2.
Installing
the
Tivoli
Security
Compliance
Manager
server
17
12.
A
second
Database
Configuration
window
is
displayed
for
Windows
platforms.
Select
the
check
box
to
create
the
DB2
database
as
part
of
the
server
installation.
If
you
choose
to
not
create
the
database
as
part
of
the
server
installation,
then
the
installation
program
will
bypass
the
creation
of
the
database.
Click
Next
to
continue
the
installation
and
continue
onto
Step
15
on
page
22.
Note:
The
check
box
option
allows
you
to
customize
your
database
configuration
by
not
installing
the
database
with
the
default
configuration.
The
default
database
used
by
IBM
Tivoli
Security
Compliance
Manager
is
called
JAC.
The
table
definitions
are
included
in
the
file
INSTDIR/sql/jac.sql.
The
commands
to
create
the
database
and
the
local
node
alias,
SCM,
are
included
as
comments
in
the
jac.sql
file.
You
can
either
create
the
database
JAC
and
the
SCM
local
node
alias
using
DB2
commands
prior
to
using
jac.sql,
or
uncomment
the
statements
in
jac.sql.
There
are
two
other
files
in
the
INSTDIR/sql/
directory
that
are
used
during
database
configuration:
groups_and_roles.sql
and
admin.sql.
The
file
groups_and_roles.sql
contains
the
default
administration
group
and
role
definitions.
The
file
admin.sql
contains
the
commands
used
to
create
the
administrator
user
ID.
Figure
11.
Second
Database
Configuration
window
—
Windows
Platform
18
Tivoli
Security
Compliance
Manager:
Installation
Guide:
All
Components
The
db2
–tvf
<filename>
command
can
be
used
to
execute
the
commands
contained
in
the
.sql
files.
When
creating
a
custom
database
configuration,
you
should
create
the
database
tables
using
the
jac.sql
file
before
using
the
other
two
.sql
files.
The
IBM
Tivoli
Security
Compliance
Manager
Server
connects
to
the
JAC
database
or
the
SCM
alias
using
the
configuration
parameters
specified
during
installation.
The
database
configuration
options
are
included
in
the
INSTDIR/server/server.ini
file.
The
configuration
options
contained
in
the
server.ini
file
must
be
valid
for
any
database
customization.
13.
For
installations
that
will
use
a
remote
database,
the
Database
Configuration
window
is
displayed.
Enter
the
following
information:
Note:
Although
the
information
requested
is
the
same,
the
order
in
which
the
information
is
requested
differs
between
Windows
platforms
and
UNIX-based
or
Linux
platforms.
The
windows
that
follow
show
the
order
for
Windows
platforms.
v
The
DB2
user
ID
and
password.
v
The
location
of
the
.jar
or
.zip
file
that
contains
the
DB2
JDBC
driver.
Click
the
Browse
button
to
navigate
to
the
location
of
the
.jar
or
.zip
file,
or
enter
the
location
manually.
The
typical
location
for
this
file
is:
–
Windows:
C:\Program
Files\IBM\SQLLIB\java\db2java.zip
–
UNIX-based
or
Linux
platforms:
/home/db2instl/sqllib/java/db2java.zip
v
The
name
of
the
DB2
JDBC
driver.
A
default
DB2
JDBC
driver
name
is
displayed.
v
The
URL
to
use
for
database
connectivity.
Leave
the
default
for
a
local
database,
and
see
your
DB2
administrator
for
a
remote
database.
See
your
DB2
documentation
for
more
information
on
how
to
configure
JDBC
for
DB2.
v
Click
Next
to
continue
the
installation.
Chapter
2.
Installing
the
Tivoli
Security
Compliance
Manager
server
19
Figure
12.
Database
Configuration
window
20
Tivoli
Security
Compliance
Manager:
Installation
Guide:
All
Components
14.
A
Confirm
Remote
Database
Exists
window
is
displayed.
This
window
prompts
you
to
check
that
the
remote
database
exists
and
has
been
enabled
to
use
the
JDBC
interface
specified
on
the
Database
Configuration
windows.
Click
Next
to
continue
the
installation
and
continue
onto
Step
16
on
page
23.
Figure
13.
Confirm
Remote
Database
Exists
window
Chapter
2.
Installing
the
Tivoli
Security
Compliance
Manager
server
21
15.
The
Administrator
User
ID
Configuration
window
is
displayed.
Enter
the
Tivoli
Security
Compliance
Manager
system
administrator
user
ID
and
password,
and
click
Next.
The
user
ID
and
password
entered
on
this
window
will
be
used
as
the
primary
administrator
for
the
administration
console
or
the
command
line
interface.
The
passwords
must
be
at
least
six
characters
in
length.
Note:
All
administrator
user
IDs
and
passwords
must
contain
only
single-byte
characters
for
the
installation
to
complete
successfully.
Once
the
installation
is
complete,
you
may
use
the
administration
console
to
change
the
administrator
user
ID
and
password
to
contain
double-byte
characters.
Figure
14.
Administrator
User
ID
Configuration
window
22
Tivoli
Security
Compliance
Manager:
Installation
Guide:
All
Components
16.
The
Installation
Summary
window
is
displayed.
This
window
displays
the
installation
location,
the
system
components
to
be
installed,
and
the
installation
size.
Click
Next
to
begin
the
installation
process.
Figure
15.
Installation
Summary
window
Chapter
2.
Installing
the
Tivoli
Security
Compliance
Manager
server
23
17.
An
installation
progress
indicator
will
be
displayed
in
place
of
the
summary
window.
After
the
installation
has
completed,
a
results
window
is
displayed.
Click
Finish
to
exit
the
installation.
18.
After
installation
is
complete,
make
sure
to
back
up
your
server
keys
and
keystores.
See
the
chapter
on
managing
server
keys
and
keystores
in
the
IBM
Tivoli
Security
Compliance
Manager
Administration
Guide
for
instructions
on
using
the
administration
console
to
create
a
back-up
of
the
server
keys
and
keystores.
In
addition,
refer
to
Chapter
7,
“After
the
installation
has
completed,”
on
page
63
for
further
post-installation
recommendations.
Figure
16.
Installation
Results
window
24
Tivoli
Security
Compliance
Manager:
Installation
Guide:
All
Components
Chapter
3.
Installing
the
Tivoli
Security
Compliance
Manager
client
This
chapter
describes
how
to
install
the
Tivoli
Security
Compliance
Manager
client.
Before
you
begin
Before
you
install
the
client:
v
If
you
are
reinstalling
the
client,
stop
it
before
you
attempt
to
reinstall
it.
See
“Using
the
InstallShield
MultiPlatform
package
to
uninstall”
on
page
55
for
more
information.
v
You
will
need
the
host
name
and
port
number
of
the
Tivoli
Security
Compliance
Manager
server
that
the
client
will
connect
to.
v
If
you
will
install
the
client
on
a
HP-UX
system
that
is
using
Japanese
as
its
language,
use
the
console
mode
installation
or
enter
export
LANG=C
in
your
command
window
prior
to
using
the
ISMP
install.
For
more
information
on
the
console
mode
installation,
see
Chapter
8,
“Alternate
installation
methods,”
on
page
65.
v
If
you
will
install
the
client
on
a
Linux
for
zSeries
system
or
on
a
Linux
for
390
system,
these
systems
do
not
come
with
a
CD-ROM
drive.
You
must
load
the
CD
on
a
workstation
that
has
a
CD-ROM
and
NFS
mount
it
to
the
Linux
system,
or
FTP
the
scm_linux390
and
scminstall.jar
files
to
the
Linux
system.
v
If
you
will
install
the
client
on
a
Linux
for
zSeries
system,
you
must
connect
to
the
Linux
for
zSeries
installation
file
with
a
system
that
supports
an
X
server,
or
use
the
console
mode
when
installing.
See
“Console
mode
installation”
on
page
66
for
more
information
on
using
the
console
mode
install.
v
The
Red
Hat
Enterprise
Linux
Advanced
Server
3.0
platform
can
only
be
installed
using
the
console
mode
in
Japanese.
Please
see
“Console
mode
installation”
on
page
66
for
more
information
on
how
to
perform
a
console
mode
install.
v
For
installations
on
UNIX-based
or
Linux
platforms,
set
the
umask
to
022
for
the
Tivoli
Security
Compliance
Manager
files
to
be
installed
with
the
correct
permissions
for
operations.
If
the
umask
is
set
to
another
value,
the
install
will
complete
but
the
product
will
not
run.
v
For
more
information
on
alternative
installation
methods,
including
silent
and
console
mode
installations,
see
Chapter
8,
“Alternate
installation
methods,”
on
page
65.
Additional
client
installation
requirements
are
listed
on
the
Welcome
window
of
the
installation
program.
Using
the
InstallShield
MultiPlatform
Package
to
Install
Tivoli
Security
Compliance
Manager
uses
the
InstallShield
MultiPlatform
(ISMP)
tool
for
installation
on
all
supported
client
platforms.
See
Chapter
1,
“Installation
overview,”
on
page
1
for
a
complete
list
of
supported
client
platforms.
Through
the
use
of
ISMP,
a
Java-based
installation
tool,
a
common
look
and
feel
for
installation
is
provided
regardless
of
your
operating
system.
Configuration
©
Copyright
IBM
Corp.
2003,
2004
25
questions
are
provided
by
the
installation,
and
a
simple
configuration
is
performed
during
installation
to
get
you
up
and
running
quickly.
In
addition
to
the
regular
product
installation
package,
a
stand-alone
ISMP
client
installation
package
is
provided.
This
client-only
installation
is
very
similar
to
the
regular
product
installation,
but
contains
fewer
screens.
Differences
between
the
regular
and
client-only
installation
packages
are
indicated
throughout
the
installation
procedure.
When
you
use
ISMP
to
install
the
Tivoli
Security
Compliance
Manager
client,
you
will
follow
these
steps
regardless
of
your
operating
system:
1.
Run
the
installation
executable.
The
list
of
the
platform-specific
installation
executables
is
located
in
Chapter
1,
“Installation
overview,”
on
page
1.
A
startup
window
for
the
Java
Virtual
Machine,
JVM,
is
displayed
while
the
JVM
is
loaded.
2.
The
Language
Selection
window
is
displayed.
Select
a
language
for
the
installation.
Click
OK.
Figure
17.
Language
Selection
26
Tivoli
Security
Compliance
Manager:
Installation
Guide:
All
Components
3.
The
installation
Welcome
window
is
displayed.
This
window
lists
all
the
required
information
for
each
Tivoli
Security
Compliance
Manager
component;
use
the
scroll
bar
to
display
the
required
information
for
the
component
you
will
be
installing.
Click
Next.
Note:
This
window
is
not
displayed
in
the
client-only
installation.
4.
The
software
license
agreement
is
displayed.
Accept
the
agreement
and
click
Next
to
continue.
Figure
18.
Installation
Welcome
window
Chapter
3.
Installing
the
Tivoli
Security
Compliance
Manager
client
27
5.
The
Installation
Directory
Location
window
is
displayed.
The
Tivoli
Security
Compliance
Manager
client
code
is
installed
in
the
/opt/IBM/SCM
directory
on
UNIX-based
platforms
and
the
Linux
platforms,
and
in
the
C:\Program
Files\IBM\SCM
directory
on
Windows.
Enter
a
different
installation
location
in
this
window
if
you
do
not
want
to
use
the
default
directory.
Click
Next.
Note:
If
you
have
already
installed
another
Tivoli
Security
Compliance
Manager
component,
or
are
reinstalling
the
client,
the
Installation
Directory
Location
window
will
not
be
displayed.
The
installation
program
will
automatically
install
the
client
to
the
same
location
as
the
previously
installed
components.
Figure
19.
Installation
Directory
Location
window
28
Tivoli
Security
Compliance
Manager:
Installation
Guide:
All
Components
6.
The
System
Component
Selection
window
is
displayed.
After
the
system
component
selection
window
opens,
you
will
be
able
to
continue
your
installation
based
on
the
system
component
you
have
selected.
Select
IBM
Tivoli
Security
Compliance
Manager
Client
and
click
Next.
Note:
This
window
is
not
displayed
in
the
client-only
installation.
Figure
20.
System
Component
Selection
window
—
Client
Chapter
3.
Installing
the
Tivoli
Security
Compliance
Manager
client
29
7.
For
client
installations
on
the
HP-UX
platform,
the
Java
Runtime
Location
window
is
displayed.
Enter
the
directory
that
contains
the
1.3.1
JVM,
and
click
Next.
Figure
21.
HP-UX
Java
Runtime
Location
window
30
Tivoli
Security
Compliance
Manager:
Installation
Guide:
All
Components
8.
The
Client
Communication
Mode
Configuration
window
is
displayed.
Enter
the
client
connection
port,
and
the
client
communications
mode.
There
are
two
communication
modes:
Push
A
client
that
permits
communication
with
the
server
to
be
initiated
by
either
the
client
or
the
server.
Pull
A
client
that
permits
communication
with
the
server
to
be
initiated
by
only
the
server.Defining
a
client
as
a
push
client
permits
communication
with
the
server
to
be
established
by
either
the
client
or
the
server.
In
some
network
environments,
however,
inbound
connections
to
the
server
might
not
be
permitted.
In
these
cases,
defining
the
client
as
a
pull
client
forces
the
server
to
initiate
all
communications
with
the
client.
Pull
clients
are
generally
needed
when
the
server
is
located
behind
a
firewall.
To
install
a
push
client,
select
Push
and
click
Next.
To
install
a
pull
client,
select
Pull,
click
Next,
and
proceed
to
Step
11
on
page
34.
Figure
22.
Client
Communication
Mode
Configuration
window
Chapter
3.
Installing
the
Tivoli
Security
Compliance
Manager
client
31
9.
The
Server
Communication
Configuration
window
is
displayed.
Enter
the
Tivoli
Security
Compliance
manager
server
host
name
and
connection
port
for
server
and
client
communications.
Select
the
check
box
if
the
client
has
a
dynamic
IP
address,
or
if
the
IP
address
or
host
name
of
the
client
changes
frequently.
Clear
the
check
box
if
the
client
has
a
static
IP
address.
Click
Next
to
continue
the
installation.
Figure
23.
Server
Communication
Configuration
window
32
Tivoli
Security
Compliance
Manager:
Installation
Guide:
All
Components
10.
For
DHCP
clients,
the
Client
DHCP
Configuration
window
is
displayed.
You
can
enter
an
optional
DHCP
client
alias,
or
the
system
will
use
a
default
alias
of
the
client
host
name.
Click
Next
to
continue
the
installation.
Figure
24.
Client
DHCP
Configuration
window
Chapter
3.
Installing
the
Tivoli
Security
Compliance
Manager
client
33
11.
The
Installation
Summary
window
is
displayed.
This
window
displays
the
installation
location,
the
system
components
to
be
installed,
and
the
installation
size.
Click
Next
to
begin
the
installation
process.
Figure
25.
Installation
Summary
window
34
Tivoli
Security
Compliance
Manager:
Installation
Guide:
All
Components
12.
An
installation
progress
indicator
will
be
displayed
in
place
of
the
summary
window.
After
the
installation
has
completed,
a
results
window
is
displayed.
Click
Finish
to
exit
the
installation.
Figure
26.
Installation
Results
window
Chapter
3.
Installing
the
Tivoli
Security
Compliance
Manager
client
35
36
Tivoli
Security
Compliance
Manager:
Installation
Guide:
All
Components
Chapter
4.
Installing
the
Tivoli
Security
Compliance
Manager
administration
utilities
This
chapter
provides
instructions
on
how
to
install
the
Tivoli
Security
Compliance
Manager
administration
utilities,
which
includes
the
administration
console,
the
administration
command
line
interface,
and
the
proxy
relay
collector.
Administration
and
usage
information
for
the
proxy
relay,
including
configuration,
can
be
found
in
the
IBM
Tivoli
Security
Compliance
Manager
Administration
Guide.
Before
you
begin
If
you
are
reinstalling
the
administration
utilities,
first
stop
any
administration
application
you
are
using
before
you
attempt
to
reinstall.
See
“Using
the
InstallShield
MultiPlatform
package
to
uninstall”
on
page
55
for
more
information.
For
installations
on
UNIX-based
or
Linux
platforms,
set
the
umask
to
022
for
the
Tivoli
Security
Compliance
Manager
files
to
be
installed
with
the
correct
permissions
for
operations.
If
the
umask
is
set
to
another
value,
the
install
will
complete
but
the
product
will
not
run.
For
more
information
on
alternative
installation
methods,
including
silent
and
console
mode
installations,
see
Chapter
8,
“Alternate
installation
methods,”
on
page
65.
Additional
administration
utilities
installation
requirements
are
listed
on
the
Welcome
window
of
the
installation
program.
Using
the
InstallShield
MultiPlatform
Package
to
Install
Tivoli
Security
Compliance
Manager
uses
the
InstallShield
MultiPlatform
(ISMP)
tool
for
installation
on
all
supported
administration
console
and
administration
command
line
interface
platforms.
See
Chapter
1,
“Installation
overview,”
on
page
1
for
a
complete
list
of
supported
administration
console
and
administration
command
line
interface
platforms.
The
administration
console
is
only
supported
on
Windows
platforms,
and
will
not
be
installed
on
non-Windows
platforms
during
an
administration
utilities
installation.
Through
the
use
of
ISMP,
a
Java-based
installation
tool,
a
common
look
and
feel
for
installation
is
provided
regardless
of
your
operating
system.
Configuration
questions
are
provided
by
the
installation,
and
a
simple
configuration
is
performed
during
installation
to
get
you
up
and
running
quickly.
When
you
use
ISMP
to
install
the
Tivoli
Security
Compliance
Manager
administration
utilities,
you
will
follow
these
steps
regardless
of
your
operating
system:
1.
Run
the
installation
executable.
The
list
of
the
platform
specific
installation
executable
are
located
in
Chapter
1,
“Installation
overview,”
on
page
1.
A
startup
window
for
the
Java
Virtual
Machine,
JVM,
is
displayed
while
the
JVM
is
loaded.
2.
The
Language
Selection
window
is
displayed.
Select
a
language
for
the
installation.
Click
OK.
©
Copyright
IBM
Corp.
2003,
2004
37
3.
The
installation
Welcome
window
is
displayed.
This
window
lists
all
the
required
information
for
each
Tivoli
Security
Compliance
Manager
component;
use
the
scroll
bar
to
display
the
required
information
for
the
component
you
will
be
installing.
Click
Next.
Figure
27.
Language
Selection
Figure
28.
Installation
Welcome
window
38
Tivoli
Security
Compliance
Manager:
Installation
Guide:
All
Components
4.
The
software
license
agreement
is
displayed.
Accept
the
agreement
and
click
Next
to
continue.
5.
The
Installation
Directory
Location
window
is
displayed.
The
Tivoli
Security
Compliance
Manager
administration
utilities
code
is
installed
in
the
/opt/IBM/SCM
directory
on
UNIX-based
platforms
and
the
Linux
platforms,
and
in
the
C:\Program
Files\IBM\SCM
directory
on
Windows.
Enter
a
different
installation
location
in
this
window
if
you
do
not
want
to
use
the
default
directory.
Click
Next.
Note:
If
you
have
already
installed
another
Tivoli
Security
Compliance
Manager
component,
or
are
reinstalling
the
administration
console
or
the
command
line
interface,
the
Installation
Directory
Location
window
will
not
be
displayed.
The
installation
program
will
automatically
install
the
administration
console
or
administration
command
line
interface
to
the
same
location
as
the
previously
installed
components.
Figure
29.
Installation
Directory
Location
window
Chapter
4.
Installing
the
Tivoli
Security
Compliance
Manager
administration
utilities
39
6.
The
System
Component
Selection
window
is
displayed.
After
the
system
component
selection
window
opens,
you
will
be
able
to
continue
your
installation
based
on
the
system
component
you
have
selected.
Select
IBM
Tivoli
Security
Compliance
Manager
Administration
Utilities
and
click
Next.
Figure
30.
System
Component
Selection
window
–
Administration
Utilities
40
Tivoli
Security
Compliance
Manager:
Installation
Guide:
All
Components
7.
For
administration
utilities
installations
on
the
HP-UX
platform,
the
Java
Runtime
Location
window
is
displayed.
Enter
the
directory
that
contains
the
1.3.1
JVM,
and
click
Next.
Figure
31.
HP-UX
Java
Runtime
Location
window
Chapter
4.
Installing
the
Tivoli
Security
Compliance
Manager
administration
utilities
41
8.
The
Installation
Summary
window
is
displayed.
This
window
displays
the
installation
location,
the
system
components
to
be
installed,
and
the
installation
size.
Click
Next
to
begin
the
installation
process.
Figure
32.
Installation
Summary
Window
42
Tivoli
Security
Compliance
Manager:
Installation
Guide:
All
Components
9.
An
installation
progress
indicator
will
be
displayed
in
place
of
the
summary
window.
After
the
installation
has
completed,
a
results
window
is
displayed.
Click
Finish
to
exit
the
installation.
Figure
33.
Installation
Results
window
Chapter
4.
Installing
the
Tivoli
Security
Compliance
Manager
administration
utilities
43
44
Tivoli
Security
Compliance
Manager:
Installation
Guide:
All
Components
Chapter
5.
Using
the
Tivoli
Security
Compliance
Manager
database
utilities
This
chapter
describes
how
to
use
the
Tivoli
Security
Compliance
Manager
database
utilities
to
configure
the
Tivoli
Security
Compliance
Manager
DB2
database.
The
database
utility
is
provided
to
configure
DB2
databases
that
were
installed
after
the
Tivoli
Security
Compliance
Manager
server
was
installed.
Before
you
begin
Before
you
use
the
database
utilities:
v
DB2
must
be
installed
prior
to
installing
Tivoli
Security
Compliance
Manager.
Consider
making
a
separate
file
system
for
the
DB2
database
that
is
to
be
used
by
the
server.
A
separate
file
might
be
necessary
if
the
server
encounters
DB2
errors
indicating
that
there
is
not
enough
space
to
store
Tivoli
Security
Compliance
Manager
data.
Creation
of
a
separate
file
does
not
remove
the
possibility
of
filling
up
a
file
system
but
it
does
reduce
the
impact
to
other
applications
that
are
using
DB2
and
using
the
file
system
that
DB2
uses
by
default.
If
the
file
system
has
an
error,
it
will
be
easier
to
isolate
the
problem
to
Tivoli
Security
Compliance
Manager.
v
A
DB2
8.1
database
may
either
be
on
the
server
machine,
or
on
a
remote
machine.
In
order
to
use
a
DB2
8.1
database
on
a
remote
machine,
you
will
need
to
place
a
copy
of
the
db2java.zip
and
the
db2jcc.jar
files
onto
your
IBM
Tivoli
Security
Compliance
Manager
server
machine.
These
files
must
be
located
in
the
same
directory
on
the
server,
and
you
will
need
to
provide
the
fully-qualified
directory
path
to
the
db2java.zip
file
during
install.
v
A
DB2
7.2
database
may
either
be
on
the
server
machine,
or
on
a
remote
machine.
In
order
to
use
a
DB2
7.2
database
on
a
remote
machine,
you
will
need
to
place
a
copy
of
the
db2java.zip
file
onto
your
IBM
Tivoli
Security
Compliance
Manager
server
machine.
You
will
need
to
provide
the
fully-qualified
directory
path
to
the
db2java.zip
file
during
install.
v
You
need
to
know
the
DB2
instance
ID
and
password
v
For
UNIX-based
and
Linux
systems,
you
must
be
logged
on
as
the
user
ID
root.
v
For
installations
on
UNIX-based
or
Linux
platforms,
set
the
umask
to
022
for
the
Tivoli
Security
Compliance
Manager
files
to
be
installed
with
the
correct
permissions
for
operations.
If
the
umask
is
set
to
another
value,
the
install
will
complete
but
the
product
will
not
run.
v
For
more
information
on
alternative
installation
methods,
including
silent
and
console
mode
installations,
see
Chapter
8,
“Alternate
installation
methods,”
on
page
65.
Additional
database
utilities
requirements
are
listed
on
the
Welcome
window
of
the
installation
program.
©
Copyright
IBM
Corp.
2003,
2004
45
Using
the
InstallShield
MultiPlatform
package
to
run
the
database
utilities
Tivoli
Security
Compliance
Manager
uses
the
InstallShield
MultiPlatform
(ISMP)
tool
to
run
the
database
utilities.
Through
the
use
of
ISMP,
a
Java-based
installation
tool,
a
common
look
and
feel
for
installation
is
provided
regardless
of
your
operating
system.
Configuration
questions
are
provided
by
the
installation,
and
a
simple
configuration
is
performed
during
installation
to
get
you
up
and
running
quickly.
When
you
use
ISMP
to
run
the
Tivoli
Security
Compliance
Manager
database
utilities,
you
will
follow
these
steps
regardless
of
your
operating
system:
1.
Run
the
installation
executable.
The
list
of
the
platform-specific
installation
executables
is
located
in
Chapter
1,
“Installation
overview,”
on
page
1.
A
startup
window
for
the
Java
Virtual
Machine,
JVM,
is
displayed
while
the
JVM
is
loaded.
2.
The
Language
Selection
window
is
displayed.
Select
a
language
for
the
installation.
Click
OK.
Figure
34.
Language
Selection
46
Tivoli
Security
Compliance
Manager:
Installation
Guide:
All
Components
3.
The
installation
Welcome
window
is
displayed.
This
window
lists
all
the
required
information
for
each
Tivoli
Security
Compliance
Manager
component;
use
the
scroll
bar
to
display
the
required
information
for
the
component
you
will
be
installing.
Click
Next.
4.
The
software
license
agreement
is
displayed.
Accept
the
agreement
and
click
Next
to
continue.
Figure
35.
Installation
Welcome
window
Chapter
5.
Using
the
Tivoli
Security
Compliance
Manager
database
utilities
47
5.
The
Installation
Directory
Location
window
is
displayed.
The
Tivoli
Security
Compliance
Manager
server
code
is
installed
in
the
/opt/IBM/SCM
directory
on
UNIX-based
and
Linux
platforms,
and
in
the
C:\Program
Files\IBM\SCM
directory
on
Windows.
Enter
a
different
installation
location
in
this
window
if
you
do
not
want
to
use
the
default
directory.
Click
Next.
Note:
If
you
have
already
installed
another
Tivoli
Security
Compliance
Manager
component,
the
Installation
Directory
Location
window
will
not
be
displayed.
The
installation
program
will
automatically
install
the
database
configuration
utilities
to
the
same
location
as
the
previously
installed
components.
Figure
36.
Installation
Directory
Location
window
48
Tivoli
Security
Compliance
Manager:
Installation
Guide:
All
Components
6.
The
System
Component
Selection
window
is
displayed.
After
the
system
component
selection
window
opens,
you
will
be
able
to
continue
your
installation
based
on
the
system
component
you
have
selected.
Select
IBM
Tivoli
Security
Compliance
Manager
Database
Configuration
and
click
Next.
Figure
37.
System
Component
Selection
window
–
Database
Configuration
Chapter
5.
Using
the
Tivoli
Security
Compliance
Manager
database
utilities
49
7.
The
Database
Configuration
window
is
displayed.
Enter
the
following
information:
v
The
DB2
user
ID
and
password.
v
The
location
of
the
.jar
or
.zip
file
that
contains
the
DB2
JDBC
driver.
Click
the
Browse
button
to
navigate
to
the
location
of
the
.jar
or
.zip
file,
or
enter
the
location
manually.
The
default
location
for
this
file
is:
–
Windows:
C:\Program
Files\IBM\SQLLIB\java\db2java.zip
–
UNIX–based
platforms:
/home/db2inst1/sqllib/java/db2java.zip
v
The
name
of
the
DB2
JDBC
driver.
A
default
DB2
JDBC
driver
name
is
displayed.
v
The
URL
to
use
for
database
connectivity.
Leave
the
default
for
a
local
database,
and
see
your
DB2
administrator
for
a
remote
database.
See
your
DB2
documentation
for
more
information
on
how
to
configure
JDBC
for
DB2.
Click
Next
to
continue
the
installation.
Figure
38.
Database
Configuration
window
50
Tivoli
Security
Compliance
Manager:
Installation
Guide:
All
Components
8.
A
second
Database
Configuration
window
is
displayed.
Select
the
check
box
to
create
the
DB2
database.
This
option
allows
you
to
customize
your
database
configuration
by
not
installing
the
database
with
the
default
configuration.
The
default
database
used
by
IBM
Tivoli
Security
Compliance
Manager
is
called
JAC.
The
table
definitions
are
included
in
the
file
INSTDIR/sql/jac.sql.
The
commands
to
create
the
database
and
the
local
node
alias,
SCM,
are
included
as
comments
in
the
jac.sql
file.
You
can
either
create
the
database
JAC
and
the
SCM
local
node
alias
using
DB2
commands
prior
to
using
jac.sql,
or
uncomment
the
statements
in
jac.sql.
There
are
two
other
files
in
the
INSTDIR/sql/
directory
that
are
used
during
database
configuration:
groups_and_roles.sql
and
admin.sql.
The
file
groups_and_roles.sql
contains
the
default
administration
group
and
role
definitions.
The
file
admin.sql
contains
the
commands
used
to
create
the
administrator
user
ID.
The
db2
–tvf
<filename>
command
can
be
used
to
execute
the
commands
contained
in
the
.sql
files.
When
creating
a
custom
database
configuration,
you
should
create
the
database
tables
using
the
jac.sql
file
before
using
the
other
two
.sql
files.
The
IBM
Tivoli
Security
Compliance
Manager
Server
connects
to
the
JAC
database
or
the
SCM
alias
using
the
configuration
parameters
specified
during
installation.
The
database
configuration
options
are
included
in
the
INSTDIR/server/server.ini
file.
The
configuration
options
contained
in
the
server.ini
file
must
be
valid
for
any
database
customization.
Figure
39.
Second
Database
Configuration
window
Chapter
5.
Using
the
Tivoli
Security
Compliance
Manager
database
utilities
51
9.
The
Administrator
User
ID
Configuration
window
is
displayed.
Enter
the
Tivoli
Security
Compliance
Manager
system
administrator
user
ID
and
password,
and
click
Next.
The
password
must
be
at
least
six
characters
in
length.
Note:
All
administrator
user
IDs
and
passwords
must
contain
only
single-byte
characters
for
the
installation
to
complete
successfully.
Once
the
installation
is
complete,
you
may
use
the
Administration
Console
to
change
the
administrator
user
ID
and
password
to
contain
double-byte
characters.
Figure
40.
Administrator
User
ID
Configuration
window
52
Tivoli
Security
Compliance
Manager:
Installation
Guide:
All
Components
10.
The
Installation
Summary
window
is
displayed.
This
window
displays
the
installation
location,
the
system
components
to
be
installed,
and
the
installation
size.
Click
Next
to
begin
the
installation
process.
Figure
41.
Installation
Summary
window
Chapter
5.
Using
the
Tivoli
Security
Compliance
Manager
database
utilities
53
11.
An
installation
progress
indicator
will
be
displayed
in
place
of
the
summary
window.
After
the
installation
has
completed,
a
results
window
is
displayed.
Click
Finish
to
exit
the
installation.
Figure
42.
Installation
Results
window
54
Tivoli
Security
Compliance
Manager:
Installation
Guide:
All
Components
Chapter
6.
Uninstalling
Tivoli
Security
Compliance
Manager
This
chapter
describes
how
to
uninstall
the
system
components
of
Tivoli
Security
Compliance
Manager.
Before
you
begin
If
you
intend
to
uninstall
your
Tivoli
Security
Compliance
Manager
server
and
then
reinstall
it
and
have
your
existing
clients
communicate
without
needing
to
be
reinstalled,
you
must
keep
the
keystore
files
currently
being
used
for
client-server
communication.
See
the
chapter
on
managing
server
keys
and
keystores
in
the
IBM
Tivoli
Security
Compliance
Manager
Administration
Guide
for
instructions
on
using
the
administration
console
to
create
a
backup
copy
of
the
server
keys
and
keystores.
Using
the
InstallShield
MultiPlatform
package
to
uninstall
Tivoli
Security
Compliance
Manager
uses
the
InstallShield
MultiPlatform
(ISMP)
tool
for
uninstallation
on
all
system
component
supported
platforms.
See
Chapter
1,
“Installation
overview,”
on
page
1
for
a
complete
list
of
system
component
supported
platforms.
Through
the
use
of
ISMP,
a
Java-based
installation
tool,
a
common
look
and
feel
for
uninstallation
is
provided
regardless
of
your
operating
system.
To
uninstall
any
Tivoli
Security
Compliance
Manager
system
component,
use
the
following
steps:
1.
Navigate
to
the
uninstallation
directory
and
run
the
uninstallation
executable.
The
path
to
the
platform
specific
uninstallation
executables
follows:
v
UNIX-based
platforms
and
Linux
platforms:
/opt/IBM/SCM/_uninst
v
Windows
platforms:
C:\Program
Files\IBM\SCM\_uninst
A
startup
window
for
the
Java
Virtual
Machine,
JVM,
is
displayed
while
the
JVM
is
loaded.
2.
The
Language
Selection
window
is
displayed.
Select
a
language
for
the
installation.
Click
OK.
Figure
43.
Language
Selection
©
Copyright
IBM
Corp.
2003,
2004
55
3.
The
Uninstallation
Welcome
window
is
displayed.
Click
Next.
Figure
44.
Uninstallation
Welcome
window
56
Tivoli
Security
Compliance
Manager:
Installation
Guide:
All
Components
4.
The
Uninstallation
Selection
window
is
displayed.
All
installed
Tivoli
Security
Compliance
Manager
system
components
are
listed,
and
preselected,
in
this
window.
Select
the
Tivoli
Security
Compliance
Manager
system
components
to
uninstall
and
click
Next.
Note:
This
window
is
not
displayed
in
the
client-only
installation.
5.
If
you
select
to
uninstall
the
server,
the
Confirm
Keystore
Deletion
window
is
displayed.
If
you
intend
to
reinstall
the
server
and
have
your
existing
clients
communicate
without
needing
to
be
reinstalled,
you
must
keep
the
keystore
files
currently
being
used
for
client-server
communication.
See
the
chapter
on
managing
server
keys
and
keystores
in
the
IBM
Tivoli
Security
Compliance
Manager
Administration
Guide
for
instructions
on
using
the
administration
console
to
create
a
backup
of
the
server
keys
and
keystores.
Select
the
check
box
to
delete
the
client
server
communication
keystore
file
if
you
have
a
back-up
copy
or
you
do
not
intend
to
reinstall
the
server.
Deselect
the
check
box
to
leave
the
two
files,
server.jksand
master.jks,
in
the
INSTDIR/server/keystores
directory
and
uninstall
the
server.
Click
Next
to
continue.
Figure
45.
Uninstallation
Selection
window
Chapter
6.
Uninstalling
Tivoli
Security
Compliance
Manager
57
6.
The
Uninstallation
Summary
window
is
displayed.
This
window
displays
the
directory
location
that
the
system
components
will
be
uninstalled
from
and
the
system
components
to
be
uninstalled.
Click
Next
to
begin
the
uninstallation
process.
Figure
46.
Uninstallation
Summary
window
58
Tivoli
Security
Compliance
Manager:
Installation
Guide:
All
Components
7.
A
progress
indicator
will
be
displayed
in
place
of
the
summary
window.
After
the
uninstallation
has
completed,
a
results
window
is
displayed.
Click
Next.
Figure
47.
Uninstallation
Results
window
Chapter
6.
Uninstalling
Tivoli
Security
Compliance
Manager
59
8.
The
uninstall
wizard
might
require
you
to
restart
your
computer
to
complete
the
uninstallation
process.
Click
Finish
to
exit
the
uninstallation
program.
Note:
The
uninstallation
process
on
HP-UX
systems
will
display
a
Next
option
on
the
final
uninstallation
panel
instead
of
a
Finish
option.
Selecting
the
Next
option
will
complete
the
uninstall.
Console
mode
Uninstallation
In
addition
to
running
the
launcher
executable,
there
are
other
methods
of
starting
the
uninstallation
that
also
might
be
useful.
This
section
describes
the
way
to
start
the
uninstallation
program
using
a
Java
command
with
the
–console
option.
Command
examples
are
shown
as
if
you
have
first
used
a
cd
(change
directory)
command
to
change
to
the
/opt/IBM/SCM/_uninst
directory
on
UNIX–based
and
Linux
platforms,
or
to
the
C:\Program
Files\IBM\SCM\_uninst
directory
on
Windows.
To
bypass
the
launcher
executable
and
run
the
uninstallation
in
the
non-graphical
mode,
run
the
Java
command
with
the
–console
option.
An
example
of
the
Java
command
using
the
–console
option
follows:
For
UNIX–based
and
Linux
platforms:
uninstaller.bin
-console
For
Windows:
uninstaller.exe
-console
This
example
starts
the
uninstallation
in
the
non-graphical
mode.
If
you
are
running
the
uninstallation
from
a
remote
host,
use
the
non-graphical
mode.
The
uninstallation
program
does
not
run
correctly
with
some
window
managers
when
run
remotely.
Figure
48.
Uninstallation
System
Restart
window
60
Tivoli
Security
Compliance
Manager:
Installation
Guide:
All
Components
Note:
The
console
mode
uninstallation
process
on
HP-UX
systems
will
display
a
Next
option
on
the
final
uninstallation
panel
instead
of
a
Finish
option.
Selecting
the
Next
option
will
complete
the
uninstall.
Chapter
6.
Uninstalling
Tivoli
Security
Compliance
Manager
61
62
Tivoli
Security
Compliance
Manager:
Installation
Guide:
All
Components
Chapter
7.
After
the
installation
has
completed
After
you
have
installed
the
server,
the
client,
and
the
administration
console
or
command
line
interface
or
both,
be
sure
to
install
the
Tivoli
Security
Compliance
Manager
collectors
and
policies
from
the
product
CD
into
a
directory
that
the
server
can
read
and
write
to.
See
the
IBM
Tivoli
Security
Compliance
Manager
Administration
Guide
for
more
information
about
using
the
collectors.
After
you
have
installed
Tivoli
Security
Compliance
Manager,
it
is
important
to
review
log
space
in
DB2
to
determine
if
you
have
adequate
space
for
Tivoli
Security
Compliance
Manager
logging
requirements.
You
must
have
administrator
authority
for
DB2
to
issue
the
following
commands,
which
will
enable
you
to
review
the
logging
requirements
and
make
changes,
if
necessary.
The
values
in
the
following
commands
are
the
minimum
size
needed
for
a
reasonably
loaded
system.
If
you
are
using
a
more
heavily
loaded
system,
you
might
need
to
increase
the
log
file
size
and
or
the
number
of
log
files.
1.
To
see
the
current
DB2
settings,
issue
the
command:
db2
get
db
cfg
for
JAC
2.
To
set
the
log
file
to
1000
4K
pages,
issue
the
command:
db2
update
db
config
for
JAC
using
LOGFILSIZ
1000
3.
To
set
DB2
to
use
30
circular
log
files,
issue
the
command:
db2
update
db
config
for
JAC
using
LOGPRIMARY
30
4.
After
you
make
these
changes,
stop
and
then
restart
the
server.
©
Copyright
IBM
Corp.
2003,
2004
63
64
Tivoli
Security
Compliance
Manager:
Installation
Guide:
All
Components
Chapter
8.
Alternate
installation
methods
The
Tivoli
Security
Compliance
Manager
InstallShield
package
provides
the
ability
to
perform
a
silent
installation,
or
to
install
in
console
mode.
The
following
sections
provide
details
on
both
of
these
installation
methods.
You
can
install
in
silent
mode
using
a
response
file
to
provide
input.
Silent
install
Note:
Before
you
begin
be
aware
that
ISMP
does
not
report
any
errors
in
silent
mode.
Therefore,
if
you
type
any
of
the
options
incorrectly,
the
installation
will
silently
fail
or
respond
unexpectedly.
For
example,
if
you
are
installing
in
/syslocal/tools/SCM
and
you
were
to
type
the
command
incorrectly,
the
component
would
still
be
installed
and
there
would
be
no
error
message.
The
InstallShield
MultiPlatform
tool
provides
the
capability
to
create
a
template
file
that
contains
all
possible
responses.
The
tool
also
provides
a
record
option
that
allows
you
to
record
the
responses
given
when
installing
a
particular
system.
Response
files
created
using
these
techniques
can
be
used
to
perform
silent
installations.
Note:
When
performing
a
silent
install
on
a
Windows
system,
the
InstallShield
program
does
not
wait
for
the
installation
to
complete
before
displaying
an
active
command
window.
The
install
will
still
be
in
progress
once
the
user
prompt
is
displayed,
so
check
to
ensure
that
the
installation
is
complete
before
using
the
command
window.
In
the
examples
given
in
this
section
for
the
platform
variables,
substitute
one
of
the
following:
scm_aix,
scm_hp11,
scm_linux,
scm_linux390,
scm_linuxppc,
scm_solaris,
scm_win32.exe
To
record
a
response
file
during
an
installation,
enter
the
following
command:
scm_platform
-options-record
filename
where
filename
is
the
path
name
of
the
file
to
which
the
recorded
response
data
will
be
written.
Note:
Using
the
-options-record
on
the
Solaris
platform
causes
invalid
error
messages
to
be
displayed.
The
options
file
that
is
created
on
Solaris
can
be
used
for
silent
installation.
To
generate
a
template
file,
enter
the
following
command:
scm_platform
-options-template
filename
where
filename
is
the
path
name
of
the
file
that
the
template
response
data
will
be
written.
When
the
template
generation
successfully
completes,
you
will
receive
the
following
message:
Options
file
filename
was
successfully
created
©
Copyright
IBM
Corp.
2003,
2004
65
The
template
file
that
is
created
must
be
edited
using
a
text
editor
as
follows:
v
For
options
you
want
to
set,
remove
the
three
comment
characters
(###)
at
the
start
of
the
option
line.
v
Replace
value
with
the
appropriate
value
for
each
uncommented
option.
When
you
first
perform
a
silent
installation,
use
the
-options-record
option
to
generate
a
response
file
from
an
actual
installation.
This
option
allows
you
to
familiarize
yourself
with
the
data
variables
that
can
be
set
and
with
the
valid
responses.
After
you
are
familiar
with
the
data
that
must
be
provided
in
the
response
file,
you
might
find
the
-options-template
option,
which
provides
a
template
file
of
all
possible
responses,
to
be
useful.
After
you
have
created
a
response
file
with
the
desired
data
input,
you
can
use
that
file
in
a
subsequent
silent
installation.
For
example,
to
perform
a
silent
installation
enter
the
following
command:
scm_platform
-silent
-options
filename
where
filename
is
the
path
name
of
the
file
that
contains
the
response
data
to
be
used.
Console
mode
installation
In
addition
to
running
the
launcher
executable,
there
are
other
methods
of
starting
the
installation
that
also
might
be
useful.
This
section
describes
the
way
to
start
the
installation
program
using
a
Java
command
with
the
–console
option.
Command
examples
are
shown
as
if
you
have
first
used
a
cd
(change
directory)
command
to
change
to
the
directory
where
the
Tivoli
Security
Compliance
Manager
CD
is
mounted.
To
bypass
the
launcher
executable
and
run
the
installation
in
the
non-graphical
mode,
run
the
Java
command
with
the
–console
option.
An
example
of
the
Java
command
using
the
–console
option
follows:
scm_platform
-console
where
platform
is
the
installation
executable
platform.
This
example
starts
the
installation
in
the
non-graphical
mode.
If
you
are
running
the
installation
from
a
remote
host,
use
the
non-graphical
mode.
The
installation
program
does
not
run
correctly
with
some
window
managers
when
run
remotely.
66
Tivoli
Security
Compliance
Manager:
Installation
Guide:
All
Components
Chapter
9.
Troubleshooting
This
chapter
describes
problems
that
you
might
encounter
as
you
install
and
configure
Tivoli
Security
Compliance
Manager
and
it
provides
some
solutions
to
these
problems.
Installing
with
an
alternate
temporary
directory
The
installation
process
can
require
a
significant
amount
of
temporary
free
space
that
is
used
to
unpack
and
contain
the
bundled
Java
runtime
environment
and
other
installation
files.
Specific
space
requirements
are
documented
in
Chapter
1,
“Installation
overview,”
on
page
1.
If
the
temporary
directory
on
your
system
does
not
contain
sufficient
free
space
to
perform
the
installation,
you
must
change
the
directory
that
is
used
for
temporary
space
to
one
that
does
contain
sufficient
space.
Note:
Before
you
install
Tivoli
Security
Compliance
Manager,
the
temporary
directory
must
already
exist;
otherwise,
the
option
is
ignored.
To
install
a
system
component
using
an
alternate
directory
for
temporary
installation
space,
use
the
command:
launcher_name
-is:tempdir
temp_dir
where
launcher_name
is
the
name
of
the
installation
executable
and
temp_dir
is
the
name
of
the
directory
that
will
be
used
to
store
temporary
files.
Files
left
in
temporary
directory
Occasionally,
InstallShield
files
are
left
in
the
temporary
directory.
This
problem
can
occur
if
you
use
Ctrl+c
to
cancel
out
of
an
installation,
or
if
the
installation
abnormally
terminates.
Canceling
the
installation
can
also
result
in
errors
being
logged
and
files
being
left
on
the
system.
If
you
cancel
an
installation
before
it
completes
successfully,
or
an
installation
abnormally
terminates,
make
sure
to
remove
all
files
in
the
installation
directory;
the
default
installation
location
is
the
/opt/IBM/SCM
directory
on
UNIX–based
platforms
and
Linux
platforms,
and
the
C:\Program
Files\IBM\SCM
directory
on
Windows.
Logging
during
installation
If
an
error
occurs
during
the
installation,
then
an
installation
log
is
automatically
generated.
The
log
file,
log.txt,
will
be
placed
into
the
installation
location
directory.
To
perform
an
installation
with
additional
logging,
enter
the
following
command:
scm_platform
-log
!fileName
@ALL
where
scm_platform
is
one
of
the
platform
launchers
for
Tivoli
Security
Compliance
Manager:
scm_aix,
scm_hp11,
scm_linux,
scm_linux390,
scm_linuxppc,
scm_solaris,
scm_win32.exe.
The
@ALL
parameter
will
log
all
installation
events.
©
Copyright
IBM
Corp.
2003,
2004
67
The
ISMP
installation
program
also
stores
information
about
the
ISMP
installed
components
in
a
vital
product
data
file
called
vpd.properties.
This
file
is
found
in
various
directories
depending
on
the
operating
system,
such
as:
v
Windows:
%SystemRoot%\vpd.properties
v
AIX:
/usr/lib/objrepos/vpd.properties
v
Linux:
/root/vpd.properties
v
HP-UX:
/vpd.properties
v
Solaris:
/vpd.properties
Frequently
asked
questions
The
following
section
contains
frequently
asked
installation
troubleshooting
questions.
Invalid
DB2
user
ID
and
password
given
during
install
Problem:
I
entered
an
invalid
DB2
user
ID
and
password
during
install.
Solution:
You
can
rerun
the
installation
program
by
selecting
the
database
configuration
option;
this
will
recreate
your
database
and
tables.
You
will
also
have
to
edit
the
INSTDIR/server/server.ini
file
to
set
the
following
values:
db.userid=<correct_userid_value>
db.password=<correct_password_value>
where
<correct_userid_value>
is
the
valid
DB2
user
ID
and
<correct_password_value>
is
the
valid
DB2
password.
You
may
enter
the
password
as
plain
text,
and
it
will
be
encrypted
in
the
file
for
you.
Entered
wrong
DB2
password
during
server
start
Problem:I
entered
the
wrong
password
for
the
DB2
user
ID,
and
my
server
will
not
start.
Solution:
Edit
the
INSTDIR/server/server.ini
file
to
correct
the
db.password
value.
You
may
enter
the
password
as
plain
text,
and
when
you
start
the
server
it
will
be
encrypted
in
the
file
for
you.
Deselected
create
database
now
box
by
mistake
Problem:
I
deselected
the
check
box
to
create
the
database
as
part
of
the
server
installation,
but
I
did
not
mean
to.
Solution:
Rerun
the
installation
and
select
the
database
configuration
option.
Alternatively,
you
can
edit
the
INSTALLDIR/sql/jac.sql
file
to
uncomment
the
lines
needed
to
create
the
database
and
alias.
See
8
on
page
51
in
the
database
configuration
chapter
for
more
information.
Forgot
Tivoli
Security
Compliance
Manager
administrator
password
Problem:
I
forgot
the
password
I
entered
for
the
Tivoli
Security
Compliance
Manager
administrator.
Solution:
Contact
IBM
Tivoli
Support
for
assistance.
68
Tivoli
Security
Compliance
Manager:
Installation
Guide:
All
Components
Forgot
Tivoli
Security
Compliance
Manager
administrator
ID
Problem:
I
forgot
the
user
ID
I
entered
for
the
Tivoli
Security
Compliance
Manager
administrator.
Solution:
Look
in
the
file
INSTDIR/sql/admin.sql.
Forgot
to
reset
UMASK
before
installation
on
UNIX-based
or
Linux
platforms
Problem:I
forgot
to
reset
the
UMASK
parameter
on
my
UNIX-based
or
Linux
machine
before
beginning
installation,
and
my
commands
will
not
run
or
are
having
problems
executing
wbindmsg.
Solution:
Log
in
as
the
root
user
and
use
the
chmod
to
change
the
command
file
permissions
and
the
INSTDIR/bin/wbindmsg
file
permissions.
You
may
also
need
to
use
chmod
on
the
/var/ibm/tivoli/common/HCV
directory
and
its
subdirectories.
Used
double-byte
characters
for
my
administrator
user
ID
and/or
password
Problem:I
entered
an
administrator
ID
and/or
password
that
contains
double-byte
characters,
and
I
can
not
log
into
my
administration
console.
Solution:Rerun
the
installation
and
select
the
database
configuration
option.
Enter
only
single-byte
characters
for
the
administrator
ID
and
password.
Note:
If
you
deselected
the
check
box
to
create
the
database
now,
you
can
update
only
the
affected
tables
as
follows:
1.
Use
the
db2
connect
command
to
connect
to
the
JAC
database.
2.
Use
the
db2
select
userid
command
to
select
the
administrator
user
ID
from
the
jac_sys.users
file.
3.
Use
the
db2
delete
command
to
delete
the
administrator
user
ID
from
the
jac_sys.users
file
where
userid=<wrong_value>.
4.
Use
the
db2
delete
command
to
delete
the
administrator
user
ID
password
from
the
jac_sys.use_passwords
file
where
userid=<wrong_value>.
5.
Enter
the
following
command:
db2
–tvf
INSTDIR/sql/admin.sql
Forgot
to
select
stash
password
during
install
and
server
will
not
start
Problem:
I
deselected
the
stash
password
check
box
on
the
Server
Security
Configuration
window
during
installation,
and
my
server
fails
to
start
when
the
system
is
rebooted.
Solution:Deselecting
the
stash
password
check
box
removes
the
server.keystore.password
value
from
the
INSTDIR/server/server.ini
file,
but
does
not
change
the
system
entries
to
automatically
start
the
server.
v
To
solve
this
problem
on
AIX
systems,
enter
the
following
command:
rmitab
ibmscmsrv
v
To
solve
this
problem
on
other
UNIX-based
systems,
enter
the
following
commands:
Chapter
9.
Troubleshooting
69
cd
/etc
find
.
|
grep
IBMSCMserver
|
xargs
rm
–f
v
To
solve
this
problem
on
a
Windows
system,
enter
the
following
command
to
remove
the
server
as
a
Windows
service:
scmserver
–remove
Selected
stash
password
during
install
and
server
will
not
start
Problem:I
selected
the
stash
password
check
box
on
the
Server
Security
Configuration
window
during
installation,
but
my
server
does
not
automatically
start
when
the
system
is
rebooted.
Solution:
Use
the
following
steps
to
add
the
server
to
your
system’s
start
up
process:
Note:
Make
sure
to
replace
the
INSTDIR
directory
below
with
the
directory
where
you
installed
Tivoli
Security
Compliance
Manager.
v
For
AIX
systems,
enter
the
following
command:
mkitab
ibmscmsrv:2:once:INSTDIR/server/scmserver
start
2>/dev/null
v
For
Solaris
systems,
make
the
following
symbolic
links:
ln
–s
INSTDIR/server/scmserver
/etc/init.d/IBMSCMserver
ln
–s
INSTDIR/server/scmserver
/etc/rc0.d/K10IBMSCMserver
ln
–s
INSTDIR/server/scmserver
/etc/rc1.d/K10IBMSCMserver
ln
–s
INSTDIR/server/scmserver
/etc/rc2.d/S99IBMSCMserver
ln
–s
INSTDIR/server/scmserver
/etc/rcS.d/K10IBMSCMserver
v
For
Windows
systems,
enter
the
following
command:
scmserver
–install
v
For
Linux
systems,
make
the
following
symbolic
links:ln
–fs
INSTDIR/server/scmserver
/etc/init.d/IBMSCMserver
ln
–fs
../IBMSCMserver
/etc/init.d/rc0.d/K10IBMSCMserver
ln
–fs
../IBMSCMserver
/etc/init.d/rc1.d/K10IBMSCMserver
ln
–fs
../IBMSCMserver
/etc/init.d/rc2.d/S99IBMSCMserver
ln
–fs
../IBMSCMserver
/etc/init.d/rc3.d/S99IBMSCMserver
ln
–fs
../IBMSCMserver
/etc/init.d/rc4.d/S99IBMSCMserver
ln
–fs
../IBMSCMserver
/etc/init.d/rc5.d/S99IBMSCMserver
ln
–fs
../IBMSCMserver
/etc/init.d/rc6.d/K10IBMSCMserver
70
Tivoli
Security
Compliance
Manager:
Installation
Guide:
All
Components
Appendix.
Notices
This
information
was
developed
for
products
and
services
offered
in
the
U.S.A.
IBM
may
not
offer
the
products,
services,
or
features
discussed
in
this
document
in
other
countries.
Consult
your
local
IBM
representative
for
information
on
the
products
and
services
currently
available
in
your
area.
Any
reference
to
an
IBM
product,
program,
or
service
is
not
intended
to
state
or
imply
that
only
that
IBM
product,
program,
or
service
may
be
used.
Any
functionally
equivalent
product,
program,
or
service
that
does
not
infringe
any
IBM
intellectual
property
right
may
be
used
instead.
However,
it
is
the
user’s
responsibility
to
evaluate
and
verify
the
operation
of
any
non-IBM
product,
program,
or
service.
IBM
may
have
patents
or
pending
patent
applications
covering
subject
matter
described
in
this
document.
The
furnishing
of
this
document
does
not
give
you
any
license
to
these
patents.
You
can
send
license
inquiries,
in
writing,
to:
IBM
Director
of
Licensing
IBM
Corporation
500
Columbus
Avenue
Thornwood,
NY
10594
U.S.A
For
license
inquiries
regarding
double-byte
(DBCS)
information,
contact
the
IBM
Intellectual
Property
Department
in
your
country
or
send
inquiries,
in
writing,
to:
IBM
World
Trade
Asia
Corporation
Licensing
2-31
Roppongi
3-chome,
Minato-ku
Tokyo
106,
Japan
The
following
paragraph
does
not
apply
to
the
United
Kingdom
or
any
other
country
where
such
provisions
are
inconsistent
with
local
law:
INTERNATIONAL
BUSINESS
MACHINES
CORPORATION
PROVIDES
THIS
PUBLICATION
“AS
IS”
WITHOUT
WARRANTY
OF
ANY
KIND,
EITHER
EXPRESS
OR
IMPLIED,
INCLUDING,
BUT
NOT
LIMITED
TO,
THE
IMPLIED
WARRANTIES
OF
NON-INFRINGEMENT,
MERCHANTABILITY
OR
FITNESS
FOR
A
PARTICULAR
PURPOSE.
Some
states
do
not
allow
disclaimer
of
express
or
implied
warranties
in
certain
transactions,
therefore,
this
statement
may
not
apply
to
you.
This
information
could
include
technical
inaccuracies
or
typographical
errors.
Changes
are
periodically
made
to
the
information
herein;
these
changes
will
be
incorporated
in
new
editions
of
the
publication.
IBM
may
make
improvements
and/or
changes
in
the
product(s)
and/or
the
program(s)
described
in
this
publication
at
any
time
without
notice.
Any
references
in
this
information
to
non-IBM
Web
sites
are
provided
for
convenience
only
and
do
not
in
any
manner
serve
as
an
endorsement
of
those
Web
sites.
The
materials
at
those
Web
sites
are
not
part
of
the
materials
for
this
IBM
product
and
use
of
those
Web
sites
is
at
your
own
risk.
IBM
may
use
or
distribute
any
of
the
information
you
supply
in
any
way
it
believes
appropriate
without
incurring
any
obligation
to
you.
©
Copyright
IBM
Corp.
2003,
2004
71
Licensees
of
this
program
who
wish
to
have
information
about
it
for
the
purpose
of
enabling:
(i)
the
exchange
of
information
between
independently
created
programs
and
other
programs
(including
this
one)
and
(ii)
the
mutual
use
of
the
information
which
has
been
exchanged,
should
contact:
IBM
Corporation
2Z4A/101
11400
Burnet
Road
Austin,
TX
78758
USA
Such
information
may
be
available,
subject
to
appropriate
terms
and
conditions,
including
in
some
cases,
payment
of
a
fee.
The
licensed
program
described
in
this
information
and
all
licensed
material
available
for
it
are
provided
by
IBM
under
terms
of
the
IBM
Customer
Agreement,
IBM
International
Program
License
Agreement,
or
any
equivalent
agreement
between
us.
Any
performance
data
contained
herein
was
determined
in
a
controlled
environment.
Therefore,
the
results
obtained
in
other
operating
environments
may
vary
significantly.
Some
measurements
may
have
been
made
on
development-level
systems
and
there
is
no
guarantee
that
these
measurements
will
be
the
same
on
generally
available
systems.
Furthermore,
some
measurement
may
have
been
estimated
through
extrapolation.
Actual
results
may
vary.
Users
of
this
document
should
verify
the
applicable
data
for
their
specific
environment.
Information
concerning
non-IBM
products
was
obtained
from
the
suppliers
of
those
products,
their
published
announcements
or
other
publicly
available
sources.
IBM
has
not
tested
those
products
and
cannot
confirm
the
accuracy
of
performance,
compatibility
or
any
other
claims
related
to
non-IBM
products.
Questions
on
the
capabilities
of
non-IBM
products
should
be
addressed
to
the
suppliers
of
those
products.
All
statements
regarding
IBM’s
future
direction
or
intent
are
subject
to
change
or
withdrawal
without
notice,
and
represent
goals
and
objectives
only.
This
information
contains
examples
of
data
and
reports
used
in
daily
business
operations.
To
illustrate
them
as
completely
as
possible,
the
examples
include
the
names
of
individuals,
companies,
brands,
and
products.
All
of
these
names
are
fictitious
and
any
similarity
to
the
names
and
addresses
used
by
an
actual
business
enterprise
is
entirely
coincidental.
If
you
are
viewing
this
information
softcopy,
the
photographs
and
color
illustrations
may
not
appear.
Trademarks
The
following
terms
are
trademarks
or
registered
trademarks
of
International
Business
Machines
Corporation
in
the
United
States,
other
countries,
or
both:
AIX
DB2
IBM
72
Tivoli
Security
Compliance
Manager:
Installation
Guide:
All
Components
IBM
logo
Tivoli
Tivoli
logo
Microsoft,
Windows,
Windows
NT,
and
the
Windows
logo
are
trademarks
of
Microsoft
Corporation
in
the
United
States,
other
countries,
or
both.
Java
and
all
Java-based
trademarks
and
logos
are
trademarks
or
registered
trademarks
of
Sun
Microsystems,
Inc.
in
the
United
States
and
other
countries.
UNIX
is
a
registered
trademark
of
The
Open
Group
in
the
United
States
and
other
countries.
Other
company,
product,
and
service
names
may
be
trademarks
or
service
marks
of
others.
Appendix.
Notices
73
74
Tivoli
Security
Compliance
Manager:
Installation
Guide:
All
Components
Glossary
collector.
A
software
module
that
runs
on
a
client
system
and
gathers
data.
This
data
is
subsequently
sent
to
a
server.
compliance
query.
An
SQL
query
that
extracts
specific
data
from
the
server
database
and
returns
a
list
of
clients
that
are
in
violation
of
specific
security
requirements.
delta
table.
A
database
table
used
for
saving
changed
data
from
subsequent
runs
of
a
collector.
disinherit.
To
remove
actions
from
a
role
that
were
originally
copied
from
a
template.
inherit.
To
copy
actions
to
a
role
from
a
template.
policy.
A
set
of
one
or
more
compliance
queries
used
to
demonstrate
the
level
of
adherence
to
specific
security
requirements.
policy
bundle.
A
file
containing
the
information
associated
with
a
policy,
such
as
the
compliance
queries,
the
collectors,
and
the
associated
schedules.
A
policy
bundle
permits
the
policy
to
be
saved
and
subsequently
applied
to
other
servers.
proxy
relay.
A
special
pull
client
that
acts
as
a
relay
between
the
server
and
one
or
more
clients.
A
proxy
relay
is
used
to
reach
a
limited
number
of
clients
that
are
located
behind
a
firewall,
or
that
are
in
an
IP-address
range
that
is
not
directly
addressable
by
the
server.
pull
client.
A
client
that
permits
communication
with
the
server
to
be
initiated
by
only
the
server.
push
client.
A
client
that
permits
communication
with
the
server
to
be
initiated
by
either
the
client
or
the
server.
snapshot.
The
result
of
running
all
of
the
compliance
queries
in
a
policy
against
a
set
of
clients.
A
snapshot
shows
the
number
of
violations
and
indicates
what
clients
are
not
adhering
to
the
security
requirements
being
tested
by
the
compliance
queries.
©
Copyright
IBM
Corp.
2003,
2004
75
76
Tivoli
Security
Compliance
Manager:
Installation
Guide:
All
Components
Index
Aaccessibility
vii
administration
utilities
installation
37
after
installation
63
alternate
temporary
installation
directory
67
CCD
layout
6
client
installation
25
configurationdatabase
45
console
mode
installation
66
console
mode
uninstallation
60
Ddatabase
configuration
45
database
utilities
45
Iinstallation
after
completion
63
console
mode
66
silent
65
troubleshooting
67
using
an
alternate
temporary
directory
67
installation
prerequisites
1
installingadministration
utilities
37
client
25
server
7
InstallShield
MultiPlatform
uninstallation
55
Pproduct
removal
55
Rreinstalling
administration
utilities
37
client
25
server
7
related
publications
vi
running
database
utilities
46
Sserver
installation
7
silent
installadministration
utilities
65
client
65
server
65
silent
installation
65
software
prerequisites
1
Ttroubleshooting
installation
67
Uuninstall
console
mode
60
InstallShield
MutliPlatform
55
uninstalling
55
©
Copyright
IBM
Corp.
2003,
2004
77
78
Tivoli
Security
Compliance
Manager:
Installation
Guide:
All
Components
����
Printed
in
USA
GC32-1592-00