Checkpoint OPSEC SmartConnector on RHEL 7.2

I am trying to install an OPSEC connector onto a RHEL 7.2 host and have come up against a lack of 32-bit support.

Install the 64-bit 7.3 Connector ok but of course there is no Checkpoint option to select (understand CheckPoint only provides support for 32-bit OPSEC). Install the 32-bit 7.3 Connector and get the following,

[root@abc bin]# ./runagentsetup.sh

Assuming ARCSIGHT_HOME: /opt/arcsight/connectors/checkpoint_10/current

Assuming JAVA_HOME: /opt/arcsight/connectors/checkpoint_10/current/jre

ArcSight Agent Setup starting...

Error occurred during initialization of VM

java/lang/NoClassDefFoundError: java/lang/Object

[root@abc bin]#

There is no 32 bit version of RHEL7. Many libraries have a 32 bit version but to install i686 packages, you would need to specify that, otherwise yum presumes x86_64. When dependency handling, yum will grab i686 packages.

Has anyone overcome this and can provide a list of required 32-bit packages to install to get the 32-bit connector working ?

Parents
  • So we now have the following installed,

    pam.i686                        1.1.8-12.el7_1.1        @rhel-7-server-eus-rpms

    pam.x86_64                      1.1.8-12.el7_1.1        @rhel-7-server-eus-rpms

    mod_authnz_pam.x86_64            0.9.3-5.el7_2          rhel-7-server-eus-rpms

    nss-pam-ldapd.i686              0.8.13-8.el7            rhel-7-server-eus-rpms

    nss-pam-ldapd.x86_64            0.8.13-8.el7            rhel-7-server-eus-rpms

    pam-devel.i686                  1.1.8-12.el7_1.1        rhel-7-server-eus-rpms

    pam-devel.x86_64                1.1.8-12.el7_1.1        rhel-7-server-eus-rpms

    pam_krb5.i686                    2.4.8-4.el7            rhel-7-server-eus-rpms

    pam_krb5.x86_64                  2.4.8-4.el7            rhel-7-server-eus-rpms

    pam_pkcs11.i686                  0.6.2-24.el7            rhel-7-server-eus-rpms

    pam_pkcs11.x86_64                0.6.2-24.el7            rhel-7-server-eus-rpms

    A yum install libpam.so.0 resulted in the following,

    Installed:

      pam.i686 0:1.1.8-12.el7_1.1

    Dependency Installed:

      audit-libs.i686 0:2.4.1-5.el7 cracklib.i686 0:2.9.0-11.el7 libdb.i686 0:5.3.21-19.el7 libgcc.i686 0:4.8.5-4.el7 libselinux.i686 0:2.2.2-6.el7 libstdc .i686 0:4.8.5-4.el7 pcre.i686 0:8.32-15.el7_2.1 xz-libs.i686 0:5.1.2-12alpha.el7

      zlib.i686 0:1.2.7-15.el7

    Dependency Updated:

      pcre.x86_64 0:8.32-15.el7_2.1

    And I do have unzip installed

    unzip.x86_64                    6.0-15.el7              @rhel-7-server-eus-rpms

    I have removed the connector directory, and 'relaid' from ArcSight-7.3.0.7886.0-Connector-Linux.bin

    I get a slightly different error now,

    [root@abc bin]# ./runagentsetup.sh

    Assuming ARCSIGHT_HOME: /opt/arcsight/connectors/checkpoint_10/current

    Assuming JAVA_HOME: /opt/arcsight/connectors/checkpoint_10/current/jre

    ArcSight Agent Setup starting...

    Error: missing `server' JVM at `/opt/arcsight/connectors/checkpoint_10/current/jre/lib/i386/server/libjvm.so'.

    Please install or use the JRE or JDK that contains these missing components.

    The file exists, but the jre directory tree has taken on a strange UID/GID

    [root@abc server]# ll /opt/arcsight/connectors/checkpoint_10/current/

    total 268

    drwxrwxr-x. 2 root root     29 Sep 20 14:59 agentdata

    -rwxrwxr-x. 1 root root 125451 Sep 20 14:59 agents-7.3.0.7886.0-common.xml

    -rwx------. 1 root root 110661 Sep 20 14:59 agents-7.3.0.7886.0-linux.xml

    -rwx------. 1 root root   9622 Sep 20 14:59 agents-7.3.0.7886.0-unix.xml

    drwx------. 7 root root   4096 Sep 20 14:59 bin

    drwxrwxr-x. 7 root root   4096 Sep 20 14:59 config

    drwxrwxr-x. 5 root root     61 Sep 20 14:59 i18n

    drwxrwxr-x. 5  10  143   4096 Apr  1 09:15 jre

    drwxrwxr-x. 4 root root     46 Sep 20 14:59 lib

    drwxrwxr-x. 3 root root     28 Sep 20 14:59 logs

    drwxrwxr-x. 2 root root     29 Sep 20 14:59 run

    drwxrwxr-x. 3 root root     26 Sep 20 14:59 system

    drwxrwxr-x. 2 root root   4096 Sep 20 15:00 UninstallerData

    drwxrwxr-x. 3 root root     26 Sep 20 14:59 user

    -rwxrwxr-x. 1 root root      5 Sep 20 14:59 version.txt

    I correct this with chown -R root:root /opt/arcsight/connectors/checkpoint_10/current/jre

    [root@abc bin]# ll /opt/arcsight/connectors/checkpoint_10/current/jre/lib/i386/server/

    total 12580

    lrwxrwxrwx. 1 root root       13 Jun  8 22:22 libjsig.so -> ../libjsig.so

    -rwxrwxr-x. 1 root root 12876601 Apr  1 09:15 libjvm.so

    -rwxrwxr-x. 1 root root     1423 Apr  1 09:15 Xusage.txt

    [root@nppslxdc11 connectors]# getfacl /opt/arcsight/connectors/checkpoint_10/current/jre/lib/i386/server/libjvm.so

    getfacl: Removing leading '/' from absolute path names

    # file: opt/arcsight/connectors/checkpoint_10/current/jre/lib/i386/server/libjvm.so

    # owner: root

    # group: root

    user::rwx

    group::rwx

    other::r-x

    However still get same error,

    [root@abc bin]# ./runagentsetup.sh

    Assuming ARCSIGHT_HOME: /opt/arcsight/connectors/checkpoint_10/current

    Assuming JAVA_HOME: /opt/arcsight/connectors/checkpoint_10/current/jre

    ArcSight Agent Setup starting...

    Error: missing `server' JVM at `/opt/arcsight/connectors/checkpoint_10/current/jre/lib/i386/server/libjvm.so'.

    Please install or use the JRE or JDK that contains these missing components.

    I still only have the 64-bit JDK installed, and I also note that SELinux is enforcing which I'd normally disable.

    [root@abc connectors]# getenforce

    Enforcing

Reply
  • So we now have the following installed,

    pam.i686                        1.1.8-12.el7_1.1        @rhel-7-server-eus-rpms

    pam.x86_64                      1.1.8-12.el7_1.1        @rhel-7-server-eus-rpms

    mod_authnz_pam.x86_64            0.9.3-5.el7_2          rhel-7-server-eus-rpms

    nss-pam-ldapd.i686              0.8.13-8.el7            rhel-7-server-eus-rpms

    nss-pam-ldapd.x86_64            0.8.13-8.el7            rhel-7-server-eus-rpms

    pam-devel.i686                  1.1.8-12.el7_1.1        rhel-7-server-eus-rpms

    pam-devel.x86_64                1.1.8-12.el7_1.1        rhel-7-server-eus-rpms

    pam_krb5.i686                    2.4.8-4.el7            rhel-7-server-eus-rpms

    pam_krb5.x86_64                  2.4.8-4.el7            rhel-7-server-eus-rpms

    pam_pkcs11.i686                  0.6.2-24.el7            rhel-7-server-eus-rpms

    pam_pkcs11.x86_64                0.6.2-24.el7            rhel-7-server-eus-rpms

    A yum install libpam.so.0 resulted in the following,

    Installed:

      pam.i686 0:1.1.8-12.el7_1.1

    Dependency Installed:

      audit-libs.i686 0:2.4.1-5.el7 cracklib.i686 0:2.9.0-11.el7 libdb.i686 0:5.3.21-19.el7 libgcc.i686 0:4.8.5-4.el7 libselinux.i686 0:2.2.2-6.el7 libstdc .i686 0:4.8.5-4.el7 pcre.i686 0:8.32-15.el7_2.1 xz-libs.i686 0:5.1.2-12alpha.el7

      zlib.i686 0:1.2.7-15.el7

    Dependency Updated:

      pcre.x86_64 0:8.32-15.el7_2.1

    And I do have unzip installed

    unzip.x86_64                    6.0-15.el7              @rhel-7-server-eus-rpms

    I have removed the connector directory, and 'relaid' from ArcSight-7.3.0.7886.0-Connector-Linux.bin

    I get a slightly different error now,

    [root@abc bin]# ./runagentsetup.sh

    Assuming ARCSIGHT_HOME: /opt/arcsight/connectors/checkpoint_10/current

    Assuming JAVA_HOME: /opt/arcsight/connectors/checkpoint_10/current/jre

    ArcSight Agent Setup starting...

    Error: missing `server' JVM at `/opt/arcsight/connectors/checkpoint_10/current/jre/lib/i386/server/libjvm.so'.

    Please install or use the JRE or JDK that contains these missing components.

    The file exists, but the jre directory tree has taken on a strange UID/GID

    [root@abc server]# ll /opt/arcsight/connectors/checkpoint_10/current/

    total 268

    drwxrwxr-x. 2 root root     29 Sep 20 14:59 agentdata

    -rwxrwxr-x. 1 root root 125451 Sep 20 14:59 agents-7.3.0.7886.0-common.xml

    -rwx------. 1 root root 110661 Sep 20 14:59 agents-7.3.0.7886.0-linux.xml

    -rwx------. 1 root root   9622 Sep 20 14:59 agents-7.3.0.7886.0-unix.xml

    drwx------. 7 root root   4096 Sep 20 14:59 bin

    drwxrwxr-x. 7 root root   4096 Sep 20 14:59 config

    drwxrwxr-x. 5 root root     61 Sep 20 14:59 i18n

    drwxrwxr-x. 5  10  143   4096 Apr  1 09:15 jre

    drwxrwxr-x. 4 root root     46 Sep 20 14:59 lib

    drwxrwxr-x. 3 root root     28 Sep 20 14:59 logs

    drwxrwxr-x. 2 root root     29 Sep 20 14:59 run

    drwxrwxr-x. 3 root root     26 Sep 20 14:59 system

    drwxrwxr-x. 2 root root   4096 Sep 20 15:00 UninstallerData

    drwxrwxr-x. 3 root root     26 Sep 20 14:59 user

    -rwxrwxr-x. 1 root root      5 Sep 20 14:59 version.txt

    I correct this with chown -R root:root /opt/arcsight/connectors/checkpoint_10/current/jre

    [root@abc bin]# ll /opt/arcsight/connectors/checkpoint_10/current/jre/lib/i386/server/

    total 12580

    lrwxrwxrwx. 1 root root       13 Jun  8 22:22 libjsig.so -> ../libjsig.so

    -rwxrwxr-x. 1 root root 12876601 Apr  1 09:15 libjvm.so

    -rwxrwxr-x. 1 root root     1423 Apr  1 09:15 Xusage.txt

    [root@nppslxdc11 connectors]# getfacl /opt/arcsight/connectors/checkpoint_10/current/jre/lib/i386/server/libjvm.so

    getfacl: Removing leading '/' from absolute path names

    # file: opt/arcsight/connectors/checkpoint_10/current/jre/lib/i386/server/libjvm.so

    # owner: root

    # group: root

    user::rwx

    group::rwx

    other::r-x

    However still get same error,

    [root@abc bin]# ./runagentsetup.sh

    Assuming ARCSIGHT_HOME: /opt/arcsight/connectors/checkpoint_10/current

    Assuming JAVA_HOME: /opt/arcsight/connectors/checkpoint_10/current/jre

    ArcSight Agent Setup starting...

    Error: missing `server' JVM at `/opt/arcsight/connectors/checkpoint_10/current/jre/lib/i386/server/libjvm.so'.

    Please install or use the JRE or JDK that contains these missing components.

    I still only have the 64-bit JDK installed, and I also note that SELinux is enforcing which I'd normally disable.

    [root@abc connectors]# getenforce

    Enforcing

Children
No Data