Use root or non-root user for clean install ?

Hello,
I am going to install new Looger,ESM and ArcMC. I am not sure which user should I use ?
As I understand when using root I can use lower ports and it is easier to register service to the system. However there is potential security risk.
Also when using root, can I ugrade ArcMC and Logger from GUI web portal or I have to use the local terminal on the server ?

Thanks
J

  • Hi Maresj,

    yes, if you install a new Logger as root the UDP receiver is on port 514/udp. For non-root installs, it is on port 8514/udp by default.
    In the same way the TCP receiver is on port 515/tcp. For non-root installs, it is on port 8515/tcp.

    And yes if you used root to install Logger, at the moment of the upgrade you will have to use again root and use a local terminal.

    M. 


  • Verified Answer

    Hello J, 

    when you are talking about installing ArcSight products please try to not group them together and instead try to take them as individual products.

    ESM  - the deployment/installation will require a non-root user which cannot be changed. The user will be always "arcsight". Setting up the process will require root access also the ESM will start all the services as non-root ( arcsight user ).

    Logger - the deployment/installation can be done as root and non-root user. The only difference as M mentioned are the ports between non-root and root users used to run the services. 

    ArcMC - the deployment/installation can be done as root and non-root user. The only difference as M mentioned are the ports between non-root and root users used to run the services.

    Related to the last question "Also when using root, can I ugrade ArcMC and Logger from GUI web portal or I have to use the local terminal on the server ?". Well, that depends on the type of upgrade and also on the product, and for that let's split the products. 

    ESM - always the upgrade from one version to another or installing a patch must be done as arcsight user. There will be situations requested by the upgrade procedure to :

    - run the specific script as the root user;

    - provide the root password;

    - run a specific command as root user;

    Logger - upgrades from one version to another one will be done via CLI. Depending on how you deployed/installed the software version, as a non-root or root user, you need to run the upgrade. You need to remember how you did the deployment/installation as you did the installation, on-root, and root, and not mix the upgrade. 

    Applying patches will be done via GUI and this will not matter how the products were installed.

    ArcMC - upgrades from one version to another one will be done via CLI. Depending on how you deployed/installed the software version, as a non-root or root user, you need to run the upgrade. You need to remember how you did the deployment/installation as you did the installation, on-root, and root, and not mix the upgrade. 

    Applying patches will be done via GUI and this will not matter how the products were installed.

    Hopefully, now will be more clear for you.

    Best Regards, 

    Daniel

  • Thank you for the information. I wasn't the one who did the initial install, so the fact that the Logger was installed under root made me confused  sometimes.

  • Hi Daniel,

    If there is any trace, could you please tell me where it is possible to get the user who carried out the first installation (sw) in case we don't remember?
    Thank you

  • I have used these files. In .txt there is the information about user who did the installation or last upgrade.

    For Logger and ArcMC
    /opt/arcsight/logger/L{number_version}/UninstallerData/logs/


    ESM
    /opt/arcsight/manager/UninstallerDataDocPack

  • Hello  ,

    There is a way to check what user is used to install ArcMC (and this is also applicable for Logger as well). Just use this command:
    cat <arcmc_home>/UninstallerData/Logs/ArcMC_<build number>.log | grep user.name

    Output should be like:
    [root@arcm]# cat UninstallerData/Logs/ArcMC_<build number>.log | grep user.name
    user.name == root

    As you could assume, for logger you should run:

    cat <logger_home>/UninstallerData/Logs/logger_<build number>.log | grep user.name

    Hope this helps.

    Mladen

  • Hi Mladen, i Find it at the beginning of the log file. it is Root.

    Thank you

    Roberto