432
Building a Network Access Control Solution with IBM Tivoli and Cisco Systems
TCRZLSoftwareInstalled
The
TCRZLSoftwareInstalled
workflow is also very similar to the ones described
above, as all it does is install software that is missing. The
TCRZLSoftwareInstalled workflow was defined in the KEY_WF, VALUE_WF,
and VALUE_DATA_WF parameters in the ZoneAlarm Software Installed policy to
be used when the compliance check generated a FAIL or WARNING status.
The collector used to verify the ZoneAlarm firewall presence is the generic
registry checking collector. Theoretically, you can call three different workflows if
a registry key exists, if a value under this key exists, or if the value matches the
specified rules. However, in our lab all three cases render the same result if the
check fails, meaning that the software is not installed. So in all cases we must
call the same workflow to download and run the ZoneAlarm installation package.
Similar to the Symantec Antivirus package, you need the installation media from
the vendor to build that package, and you have to obtain the proper license.
Follow the steps described below:
1. Open a command prompt, import the environment variables for the Tivoli
Framework, and start bash. Then create a directory for the workflow files. To
do this issue the following commands:
cmd /k %SystemRoot%\system32\drivers\etc\Tivoli\setup_env.cmd
bash
cd $BINDIR/tcmremed/download
mkdir TCRZLSoftwareInstalled
cd TCRZLSoftwareInstalled
2. To build the package you must obtain the appropriate ZoneAlarm installation
file from ZoneLabs. For testing purposes we use a 15-day trial version of the
ZoneAlarm Pro installation file, which you can download from the ZoneLabs
Web site at the following location:
http://www.zonelabs.com/store/content/company/products/trial_zaFamily/trial
_zaFamily.jsp?dc=12bms&ctry=US&lang=en&lid=db_trial
You can easily modify the policy to check for any other software and workflow
to install it when missing. During the time of writing this book the version
available on the Web was 6.5.737. If you have downloaded the ZoneAlarm
Pro trial or you are in possession of a fully licensed installation image, copy
the installation package to the TCRZLSoftwareInstalled directory.
Summary of Contents for Tivoli and Cisco
Page 2: ......
Page 16: ...xiv Building a Network Access Control Solution with IBM Tivoli and Cisco Systems...
Page 18: ...xvi Building a Network Access Control Solution with IBM Tivoli and Cisco Systems...
Page 20: ...2 Building a Network Access Control Solution with IBM Tivoli and Cisco Systems...
Page 30: ...12 Building a Network Access Control Solution with IBM Tivoli and Cisco Systems...
Page 56: ...38 Building a Network Access Control Solution with IBM Tivoli and Cisco Systems...
Page 94: ...76 Building a Network Access Control Solution with IBM Tivoli and Cisco Systems...
Page 110: ...92 Building a Network Access Control Solution with IBM Tivoli and Cisco Systems...
Page 142: ...124 Building a Network Access Control Solution with IBM Tivoli and Cisco Systems...
Page 225: ...Chapter 6 Compliance subsystem implementation 207 Figure 6 77 Client connection window...
Page 456: ...438 Building a Network Access Control Solution with IBM Tivoli and Cisco Systems...
Page 458: ...440 Building a Network Access Control Solution with IBM Tivoli and Cisco Systems...
Page 504: ...486 Building a Network Access Control Solution with IBM Tivoli and Cisco Systems...
Page 513: ...Building a Network Access Control Solution with IBM Tivoli and Cisco Systems...
Page 514: ......
Page 515: ......