Installing BMC Defender NMAP adapter
This topic describes how to install the BMC Defender NMAP adapter, which is a self-extracting WinZip file.
Installation procedure for SPE2010
Use the following procedure to install BMC Defender NMAP adapter.
Before you begin
Before you install BMC Defender NMAP adapter, make sure your environment meets the following criteria:
Existing
BMC Defender Server
installation—The BMC Defender Server system must be installed on a Windows platform, as instructed in BMC AMI Command Center for Security installation and BMC AMI Defender SIEM Correlation Server installation.
- Firewall requirements—All network devices and managed devices must be able to be accessed and probed by BMC Defender Server. This might be a normal condition, but some sties might intentionally disable this port, and those selected devices are not manageable by BMC.
- Administrator privileges—You must have an administrative login to the NMAP server to fetch information.
To ensure proper installation of the program, close all windows, and temporarily disable any port-blocking or virus-scan software on the system.
If you have an existing version of BMC Defender NMAP adapter, perform the following steps:
- To preserve the existing data, settings, and customizations, back up the files matching the specification installationDirectory\nmagen-nmap*
Replace installationDirectory with the directory in which you installed the product. The default directory is C:\Program Files\BMC Software\BMC Defender. - Delete the contents of the installationDirectory\nmap directory.
- Restore the files from your backup, but keep the backup files for reference.
- Delete the installationDirectory\nmap\gen_nmat.bat file from the restored files so that the installation process can add the new one.
To install NMAP on your BMC Defender Server system
Download NMAP for your system from http://nmap.org.
- Follow the instructions provided by NMAP to install it on your system. Make sure to install it in a location that is outside the BMC Defender Server product installation.
Configure NMAP. Then test and determine the command line settings you want. Record how long an NMAP scan takes with your settings.
We recommend starting with the following command line. Replace the placeholder nnn.nnn.n with the IP address for your environment:
nmap.exe -n -F --unprivileged nnn.nnn.n .*Download the installation file, BMC-Defender-NMAP-Adapter-v.r.mm.bbbb.exe, from the BMC Electronic Product Download (EPD) website. Your ability to access product pages on the EPD website is determined by the license entitlements purchased by your company.
The BMC Defender NMAP adapter installation file is located with the BMC AMI Command Center for Security and BMC Defender SIEM Correlation Server files.
- Run the BMC Defender NMAP adapter installation file.
Edit the installationDirectory\nmap\gen_nmat.bat file:
- Edit the following line to have the full file path to the nmap.exe file on your system. For example:
set NMAP_EXE_PATH=d:\projects\nmap-7.80\nmap.exe - Edit the following line to reflect the options that you determined to work with the NMAP test. For example:
set NMAP_CMD_OPTIONS=-F -n --unprivileged - If you are updating from a existing installation, refer to the gen_nmat.bat file to copy any other customizations.
Do not change the end of the command line. Do not add any other command redirection.
- Edit the following line to have the full file path to the nmap.exe file on your system. For example:
In the BMC Defender Server interface, configure the adapter settings on the System > NMAP > Edit screen to match your environment. Specifically, set Max NMAP Exec Time to a time in seconds that is longer than the time that NMAP took to run in your tests.
For more information about configuring BMC Defender NMAP adapter, see Configuring-BMC-Defender-NMAP-adapter.
Installation procedure for pre-SPE2010
Use the following procedure to install BMC Defender NMAP adapter.
Before you begin
Before you install BMC Defender NMAP adapter, make sure your environment meets the following criteria:
Existing
BMC Defender Server
installation—The BMC Defender Server system must be installed on a Windows platform, as instructed in BMC AMI Command Center for Security installation and BMC AMI Defender SIEM Correlation Server installation.
- Firewall requirements—All network devices and managed devices must be able to be accessed and probed by BMC Defender Server. This might be a normal condition, but some sties might intentionally disable this port, and those selected devices are not manageable by BMC.
- Administrator privileges—You must have an administrative login to the NMAP server to fetch information.
To ensure proper installation of the program, close all windows, and temporarily disable any port-blocking or virus-scan software on the system.
To install BMC Defender NMAP adapter on your BMC Defender Server system
- Obtain the BMC Defender NMAP adapter in self-extracting WinZip format.
- Execute the self-extracting WinZip file. It then unzips the software into the BMC Defender Windows Distribution, including all configuration data, executables, and required packages.
- Install the NMAP software (included in the original package).
- Execute WinPcap software package (included in the NMAP package), and install WinPcap software and service.
- Configure the NMAP interface using the System > NMAP screen that is added to the installation.
Actual installation steps are in this section. The information needed to perform the configuration of the NMAP parameters is provided in Configuring-BMC-Defender-NMAP-adapter.
WinPCAP driver installation procedure
The NMAP adapter requires the entire BMC Defender Server to reboot. This usually is not required when installing any BMC Defender Server adapter but is uniquely necessary here to install the WinPCAP driver (used and required by NMAP). This is mentioned, in Step 2 of the procedure.
The specific steps needed to install the software are as follows:
- Obtain and execute the BMC co-n-n-n-nmap.exe package, extracting files to the directory location where BMC is installed. The default installation directory is C:\Program Files\BMC Software\BMC Defender. After extracting files, the About dialog is displayed indicating the success of the installation.
Comment—The co-n-n-n-nmap.exe program contains all files and software (including various packages referenced in the following line). Extracting files creates the installationDirectory\nmap folder.
Comment—As part of the installation, the WinPCAP driver is installed on your platform. You should read and acknowledge the license agreement for this particular package. You might also execute the installationDirectory \nmap\winpcap-nmap-X.XX.exe package manually to install the WinPCAP libraries used for all versions and instances of NMAP.
Comment—You should select the default items during the installation of the WinPCAP package, including starting services at system startup. This package adds files to the standard Windows\Program Files folders of the system. - After the About dialog is displayed, click Close to close the dialog, and then reboot the entire BMC Defender Server, necessary to start the WinPCAP driver and service correctly.
Comment—This step can be omitted at some sites if the WinPCAP drivers have already been installed on your system. But, if the NMAP server fails to function, you should reboot the server as stated here. - Log on to the BMC Defender Server web interface, and verify that the System > NMAP tab now exists.
- Configure the NMAP parameters on the System > NMAP tab, as discussed in the following section.
Comment—In particular, you need to modify the Scan Address Specification value on this screen to indicate the networks and domains that should be scanned by the system. - Click Run Report to generate the NMAP data, and verify that the operation completes successfully.
If after extracting files, you do not see the NMAP tab in the System tab, you probably extracted files to the wrong location in Step 1. In this case, repeat the preceding procedure, extracting files to the correct installation folder for the BMC Defender Server.