Symantec Security Expressions Server User Manual

Configure Servers

21

3. Agent - Uses the audit agent to remotely execute scripts and programs. Before

auditing, make sure to install the agent on the remote computer or check the

Automatically install Agent if required in order to execute scripts and
programs remotely box.

Automatically install Agent if required to execute scripts and programs remotely

Check this box to automatically install the agent on the remote system when the agent is

necessary to complete an audit. The agent can only be automatically installed on Windows

systems. For UNIX systems, you must install the agent manually. If you select either Agent or

Automatic from the Default method for remote execution on Windows drop-down list, consider

checking this box.

If required services are not started, start them before auditing and stop them after
audit completes

Check this box to start whichever service the selected remote-execution method needs, such
as WMI or the Windows Task Scheduler, before auditing and stop the service after the audit

completes. Starting and stopping the service if it's not already running ensures that the audit

will not fail.

SSH Agent Authentication

When performing Audit-on-Connect audits, the server software can communicate with UNIX

computers through the audit agent or through SSH. When performing Audit-on-Connect audits

through SSH, you can authenticate users by either setting up password-based authentication on

the Scopes page or uploading private keys to the server application. Use the SSH Agent
Authentication section of the Agent & Service Configuration page to set up SSH private keys.

The SSH Agent Authentication options apply to Audit-on-Connect audits only.

To upload a new SSH key:

1. Click Browse to locate and select the private key file.
2. In the Key Password box, type in the Password box the passcode associated with the

private key file.

3. Click Add New. The key and passcode appear in the table.

You can add keys in any order. When Audit-on-Connect attempts to connect to a UNIX computer,
it checks all keys in the list to see if any of them work.

To edit an existing SSH Key:

1. Click the Edit hyperlink for the SSH key that appears in the table.
2. Browse for a new key file and type the passcode associated with the key file.
3. Click Update.

To delete an existing SSH Key:

1. Click the Delete hyperlink for the SSH key that appears in the table.

When you delete an SSH key, you remove it from the database. A warning appears to

remind you that you are about to remove the key from the database.

2.

Click Delete to remove the SSH key.