Install Security Provider

IMPORTANT:
If user wants to install FTASecurity and DataView or DataFlowML on the same machine, then in order to protect the log files, it is strongly recommended to use a different non-root user account for installing FTASecurity and DataView or DataFlowML. This ensures security and that no sensitive information is exposed to external components beyond trust boundaries.
NOTE:
If the FTASecurity Provider is already installed with other FTA Application, it is recommended to use the existing FTASecurity.
Install the Security Provider and configure it to run as a systemd/systemctl service. To do this user need to set up a service account for managing the application and the service.
  1. Ensure that the unzip utility is installed:
    For CentOS and RHEL:
    $ sudo yum install unzip
  2. For SUSE:
    $ sudo zypper install unzip
  3. Execute the following command to create the fta-security Group:
    $ sudo groupadd -r fta-security
  4. Execute the following command to create the fta-security user account:
    $ sudo useradd -r -g fta-security -d /opt/rockwell/fta-security -s /bin/bash fta-security
  5. Execute the following command to create a password for the ‘fta-security’ user:
    $ sudo passwd fta-security
  6. Provide a new password for the ‘fta-security’ user.
  7. Execute the following command to create a new home directory for the application:
    $ sudo mkdir -p /opt/rockwell/fta-security
  8. Execute the following commands to change the permissions and ownership for the fta-security folder:
    $ sudo chmod 0750 /opt/rockwell/fta-security
    $ sudo chown fta-security:fta-security /opt/rockwell/fta-security
  9. Change the directory path to the <Installation Directory>/FTASecurity folder:
    $ cd <Installation Directory>/FTASecurity
  10. Copy the package for the Security Provider to the /opt/rockwell directory, so that it is available to the fta-security user.
    $ sudo cp FTASecurity-<Version>.zip /opt/rockwell
  11. Change the directory path to the /opt/rockwell folder:
    $ cd /opt/rockwell
  12. Unzip the Analytics Security Provider ZIP files in the following folders:
    • fta-security
      $ sudo unzip FTASecurity-<Version>.zip FTASecurity/systemd/fta-security
    • fta-security.conf
      $ sudo unzip FTASecurity-<Version>.zip FTASecurity/systemd/fta-security.conf
    • fta-security.service
      $ sudo unzip FTASecurity-<Version>.zip FTASecurity/systemd/fta-security.service
  13. Execute the command to copy the fta-security file to the /etc/sudoers.d folder:
    $ sudo cp FTASecurity/systemd/fta-security /etc/sudoers.d
  14. Execute the command to provide access permissions to the fta-security file:
    $ sudo chmod 440 /etc/sudoers.d/fta-security
  15. Execute the following command to create a folder called ‘fta-security’ in the etc folder:
    $ sudo mkdir /etc/fta-security
  16. Execute the following command to copy the fta-security.conf file to the /etc/fta-security folder:
    $ sudo cp FTASecurity/systemd/fta-security.conf /etc/fta-security/
  17. Execute the following command to copy the fta-security.service file to the /etc/systemd/system folder:
    $ sudo cp FTASecurity/systemd/fta-security.service /etc/systemd/system/
  18. To run Analytics Security Provider as a service, execute the following command to switch to the ‘fta-security’ user:
    $ sudo su - fta-security
    NOTE:
    The current working directory is /opt/rockwell/fta-security. A copy of the package file should be in the directory.
  19. Execute the following command to set the umask for the account to restrict access to configuration and log files to the fta-security account. User can do this by creating a bash profile:
    $ echo umask 0022 >./.bash_profile
    NOTE:
    The default umask is 0002, that the new files are created with read access to all users on the system. User don't want configuration or log files to be accessed by any user other than the fta-security user.
  20. Run the umask as the bash profile will not take effect until the next login:
    $ umask 0022
  21. Unzip the FTASecurity.<Version>.zip file:
    $ unzip ../FTASecurity-<Version>.zip
  22. Execute the following command to move the contents to the current directory:
    $ mv FTASecurity/* .
    TIP:
    Copy the above command “$ mv FTASecurity/* ." along with a period.
  23. Execute the following command to remove the FTASecurity file:
    $ rm -rf FTASecurity
  24. Execute the following command to change the access permissions to file system objects:
    $ chmod -R +x `find . -type f -printf "%p\n" | grep \.sh$`
    TIP:
    Copy the above command along with the space and the special characters.
  25. Execute the following command to start the Analytics Security Provider service:
    $ sudo /bin/systemctl start fta-security.service
  26. Execute the following command to enable the Analytics Security Provider service:
    $ sudo /bin/systemctl enable fta-security.service
  27. Execute the following command to check the status of the Analytics Security Provider service:
    $ sudo /bin/systemctl status fta-security.service
    FTA-Security
  28. Execute the following command to exit or logout as the fta-security user:
    -bash-4.2$ exit
Provide Feedback
Have questions or feedback about this documentation? Please submit your feedback here.