I am looking to install Policy Auditor 6.0.1 on Solaris 10 SPARC machines amd I am unable to do it from within the 4.6 ePO console. There are client tasks created for product deployment to the Solaris boxes, but they do not run. When I go to "Run Client Task" now, the option to deploy the "Install PA" task does not allow me to click "run task now." In the ignored systems area, it says :
Agent Version (Systems with these agent version do not support Run Now.)
So if I cannot deploy Policy Auditor to Solaris from the ePO console via Client Task, how can I get Policy Auditor installed? Is there a method to manually install Policy Auditor on the Solaris machines? I tried copying the policy auditor package in the DB folder on the ePO server, but the installation failed after running the install.sh script.
Thanks for your help!
Hi rshiggs, maybe the Solaris agent doesn't allow the "Run Client task" option so you should do it another way.
- Under the system tree select the solaris box
- Click on Actions->Agent->Modify tasks on a single system
- Add a task to deploy Policy Auditor and schedule it to run immediately
- Send a wake up call for the solaris box
Then you should see the task being executed on the solaris box
I believe you are correct about the Agent (for Solaris) not supporting that task option. Scheduling a regular old Client Task works for our Solaris systems.
Hello Laszlo G, thanks for the reply. However, I have tried that method multiple times and the deployment task never reaches the Solaris boxes. I am not really sure where since there is not any feedback as to when that task failed and why. I was just looking into my other options to get these machines inspection compliant. I was hoping there was a manual way just in case. HIPS 8 and the USAF ACCM point products installed manually just fine. I have individual deployment tasks set to run now for all of them, and none of them ever installed. Thanks again for your help.
Have you been able to verify that the Install Task was received on the Solaris boxes? I think you can see the task names if you cat the Registry.ini file within the /opt/McAfee/cma/ folder structure.
If it shows up there, then you should be able to find something in the local logs. Either a failed install or maybe something in the Agent log itself.
It does not look like the Install Task makes it to the Solaris box. The last task received was an Full Product Update from sending an Agent wakeup. I am not seeing anything in the cmdagent.log either.
I really appreciate the help. Is there anywhere else I can look to track this down? I am sorry that I am not as proficient with where all the McAfee logs are stored on Solaris boxes.
In order to install PA 6.0.1 in your Solaris 10 box you should follow these steps:
1) Go to you ePO system tree actions, click on "New systems" - Select "Create and download agent installation package" - Select "Non-windows and get McAfee Agent for Solaris 4.6", Click OK.
2) Download your install.sh file and send it to your Solaris 10 box.
3) Provide chmod +x to your install.sh file and execute it # ./install.sh -i (As per my understanding you need to install the MA for Linux / Unix systems manually.)
4) Once the agent installation is successful you can check for # tail -f /opt/McAfee/cma/scratch/etc/log. This is the MA log.
5) Depending on your network and ePo configuration you'll need to wait for your Solaris 10 box to become a managed system within your ePO system tree.
6) Make you sure you can ping your Solaris 10 box from your ePO and so from your Solaris 10 box to your ePO.
7) Send an agent-wake up from your ePO to make sure the Solaris 10 box is receiving the same. Make sure that your Solaris 10 box is a "SPARC" system otherwise Policy Auditor won't work.
😎 Make sure you have pulled out the latest auditengine content / findings content to your master repository.
9) You need to create a client task: go to assigned client tasks - Actions - New client task assignment - Select "Product" - Task type: Product deployment - Task Name: create new task.
10) You need to add a task name, check for "solaris" under target platforms and select "McAfee Policy Auditor Agent for Solaris 6.0.1.x". Save it.
11) Select your task name and click "Next" and set it to run immediately - "Next" and "Save".
12) You need to monitor MA log - tail -f /opt/McAfee/cma/scratch/etc/log and check whether the client task has been dowloaded successfully - you should have a message like "paasolaris task loaded successfully", you will have to wait a couple of minutes while the PA Agent is installed and sync with the latest auditengine content. There should be a message in MA log that says "update succeeded to version XXXX" which is the 4 digit auditengine version.
13) Send another agent wake-up from your ePO against your Solaris 10 box, and wait a couple more minutes, after that click on your Solaris 10 managed system within your ePO an check for "Installed Products" within your system properties. You should be able to have McAfee Policy Auditor 6.0.x.x displayed.
14) You can check PA Agent log in /opt/McAfee/auditengine/enginemain.log - Here you can monitor your audits every time you execute a benchmark.
Try following these steps, they have worked for me.