Configuring the installation parameters for the NSH or the RSCD agent
You can configure the installation parameters for the Network Shell or RSCD agent. When you run the Oracle Solaris SVR4 package or RPM Package Manager (RPM) installers, these customized parameter values are used. Configure the installation parameters in the following scenarios:
- You want to override the default values that are used during installation.
- You want to use the Smart Agent feature.
To configure the installation parameters
Do the following:
Create a text file named nsh-install-defaults in the /tmp directory. Only root users must own this file. In the file, add an entry for each parameter that you want to set and create another entry to export it. For example:
NSH_INSTALL_SKEL=1
export NSH_INSTALL_SKELThe following table describes how to set each possible parameter:
Parameter
Description
SHARE_NSH
Set this parameter value to 1 to enable the use of the nsh command to start NSH from any command line. This setting puts a link to a Network Shell start script in the /bin directory.
IS_SECURE_AGENT_LOGS
Set this parameter value to 1 to enable secure agent logging. When secure agent logging is enabled, agent logs are periodically rolled and digitally signed as they are rolled.
IS_KEYSTROKE_LOGS
Set this parameter value to 1 to enable keystroke (nexec) logging on an agent. When keystroke logging is enabled on an agent, remote commands run against the agent using nexec are captured and logged in an encrypted manner in keystroke logs. These logs are also periodically rolled and digitally signed as they are rolled.
INSTALL_BLPRNG
Set this parameter value to 1 to install the BladeLogic Pseudo Random Number Generator Daemon (PRNGD). TrueSight Server Automation uses random data to encrypt communication securely. Most systems already have a random number generator device; you might not need this setting. However, if a server on which you are performing a silent installation does not include a hardware device for generating random numbers, the installation program installs the PRNGD.
NSH_ROOT_HOST
Set this parameter value to identify a client on which users are granted root privileges for this server. This option sets the root= flag in the exports configuration file. By default, no clients are specified.
NSH_USER_FROM NSH_USER_TO
Set these values to configure a default user mapping in the users.local file. By default, no users are mapped. The values set with this parameter create an entry in the users.local file that says:
NSH_USER_FROM rw,map=NSH_USER_TO
For example, by defining values for these parameters, you could create an entry in users.local similar to the following example:
betty rw,map=root
For information about the users.local file, see Configuring-the-users-or-users-local-files.NSH_INSTALL_SKEL
By default, a silent installation does not include the .nsh/etc/skel files. Set this parameter to 1 to install those files.
TMP_DIR
(For the RSCD agent) Specifies a location where the installer should uncompress the sysinfo installation file before the file copy.
AUTOSTART_AGENT
Set this parameter to 1 to restart the RSCD agent automatically when the system is rebooted. (This setting creates agent start-up files in /etc.)
New in 20.02EXPORTSFILETEXT
Set this parameter to modify the exports file content.
For example, to allow user access only from appserver1 and appserver2 hosts, use this value:
"appserver1,appserver2 rw"
For more information about configuring the Exports file, see Configuring-the-exports-file.New in 23.4 ROOTONLY
Set this parameter to 1 to enable the rootonly mapping configuration. Conversely, set this parameter to 0 to disable the rootonly mapping configuration.
For more information, see Enhancing Security with the rootonly option in the RSCD agent.
Parameter
Description
SHARE_NSH
Set this parameter value to 1 to enable the use of the nsh command to start NSH from any command line. This setting puts a link to a Network Shell start script in the /bin directory.
IS_SECURE_AGENT_LOGS
Set this parameter value to 1 to enable secure agent logging. When secure agent logging is enabled, agent logs are periodically rolled and digitally signed as they are rolled.
IS_KEYSTROKE_LOGS
Set this parameter value to 1 to enable keystroke (nexec) logging on an agent. When keystroke logging is enabled on an agent, remote commands run against the agent using nexec are captured and logged in an encrypted manner in keystroke logs. These logs are also periodically rolled and digitally signed as they are rolled.
INSTALL_BLPRNG
Set this parameter value to 1 to install the BladeLogic Pseudo Random Number Generator Daemon (PRNGD). TrueSight Server Automation uses random data to encrypt communication securely. Most systems already have a random number generator device; you might not need this setting. However, if a server on which you are performing a silent installation does not include a hardware device for generating random numbers, the installation program installs the PRNGD.
NSH_ROOT_HOST
Set this parameter value to identify a client on which users are granted root privileges for this server. This option sets the root= flag in the exports configuration file. By default, no clients are specified.
NSH_USER_FROM NSH_USER_TO
Set these values to configure a default user mapping in the users.local file. By default, no users are mapped. The values set with this parameter create an entry in the users.local file that says:
NSH_USER_FROM rw,map=NSH_USER_TO
For example, by defining values for these parameters, you could create an entry in users.local similar to the following example:
betty rw,map=root
For information about the users.local file, see Configuring-the-users-or-users-local-files.NSH_INSTALL_SKEL
By default, a silent installation does not include the .nsh/etc/skel files. Set this parameter to 1 to install those files.
TMP_DIR
(For the RSCD agent) Specifies a location where the installer should uncompress the sysinfo installation file before the file copy.
AUTOSTART_AGENT
Set this parameter to 1 to restart the RSCD agent automatically when the system is rebooted. (This setting creates agent start-up files in /etc.)
New in 20.02EXPORTSFILETEXT
Set this parameter to modify the exports file content.
For example, to allow user access only from appserver1 and appserver2 hosts, use this value:
"appserver1,appserver2 rw"
For more information about configuring the Exports file, see Configuring-the-exports-file.New in 23.4 ROOTONLY
Set this parameter to 1 to enable the rootonly mapping configuration. Conversely, set this parameter to 0 to disable the rootonly mapping configuration.
For more information, see Enhancing Security with the rootonly option in the RSCD agent.
New in 20.02
Configure the following properties to use the Smart Agent capabilities.
- Save the changes.
What's next
Run the installer. When you run the NSH and RSCD installer, the Smart Agent related configuration settings are saved in the smartagent.conf file. This file is saved at this path:
- (Windows) C:\Windows\rsc
- (Linux) /etc/rsc
For installation instructions, see Using-the-Solaris-SVR4-package-installer-to-install-NSH-and-the-RSCD-agent or Using-RPM-to-install-NSH-or-the-RSCD-agent.