Category Archives: RSA

Install and configure RSA web agent with Redhat EL5 and Apache

Login to RSA interface:

– Create the apache server as agent host with type web agent
– Generate the config file (zip file containing sdconf.rec) from RSA interface, and download to your local machine

Login to the web server

– Download the RSA web agent installation files from RSA website.

# mkdir -p /var/ace

– Copy and extract (sdconf.rec) the downloaded config file
# chmod 755 sdconf.rec

– Create the sdopts.rec file with the ip address of the machine, if you have multiple ip address assigned to the server or if the RSA we agent is a virtual machine. Otherwise the authentication might break with following kind of errors
“100: Access denied. The RSA ACE/Server rejected the Passcode. Please try again.” , “attempted to authenticate using authenticator “SecurID_Native”. The user belongs to security domain “SystemDomain””

# echo "CLIENT_IP=" > sdopts.rec
# chown -R webuser:webuser /var/ace

– Now install the RSA web agent

# tar xvf WebAgent_70_Apache_RHEL5_32_379_08201024.tar
# cd CD/
# chmod u+x install
# ./install

– Enter the location of sdconf.rec

– Configure the apache virtual host

It was found that web agent breaks if apache starts multiple server thread, so would be better to limit the thread.

< IfModule prefork.c >
StartServers 1
MinSpareServers 1
MaxSpareServers 1
ServerLimit 256
MaxClients 256
MaxRequestsPerChild 4000
< /IfModule >

– Now start apache and you will be able to access the RSA web interface.

Once authenticated, the RSA server will create a node secret for the agent host and will be copied automatically to the web server.

This web interface is mainly useful for the token users to reset or enable to token assigned to him.

./arun

Changing RSA passwords

 

Reset SSH Password:
——————-
Log in to Operations console (Master):

Administration --> Networking --> Configure connectivity using SSH

Do the same procedure on Replica also (if any), it is manual process.

Reset Operations console password:
———————————-
Login to the master appliance with SSH

$ sudo -s // sudo as root
# su - rsaadmin // change user to rsaadmin
$ cd /usr/local/RSASecurity/RSAAuthenticationManager/ //navigate to RSA installation path
$ cd utils
$ ./rsautil manage-oc-administrator -a update // Execute

// Enter Super administrators name
// Enter Super administrators password
// Enter operation console user
// Set the new password

Do the same steps on replica
Error: This operation can be performed only on a primary instance.
But the password got changed

Reset Master password:
———————
Login to the master appliance with SSH

$ sudo -s // sudo as root
# su - rsaadmin // change user to rsaadmin
$ cd /usr/local/RSASecurity/RSAAuthenticationManager/ //navigate to RSA installation path
$ cd utils
$ ./rsautil manage-secrets --action change --new-password <enter_the_new_password>

Do the same procedure on the replica device.

Reset Security Console Password:
———————————
Login to Security Console

Identity-->Users-->Manage Existing // Search for your admin username in internal datase

Change password for the admin user
This action will be automatically replicated to replica.

./arun