VM Manual Probe Installation

Linux

Install VSP Probe using the below process:

1. Download the files listed below from LFR:

   1. virsec.gpg.key from the directory: vsp

   2. vsp-<SKU>-vm.sh.gpg from the directory: vsp > Operating System > Version > Signed

2. Execute the commands below:

   gpg --import virsec.gpg.key  #To import virsec key
   gpg --list-keys   #To verify by listing the available keys
   gpg --output vsp-<SKU>-vm.sh --decrypt vsp-<SKU>-vm.sh.gpg  #To un-sign the downloaded gpg file

   1. The above command creates an un-signed output file vsp-<SKU>-vm.sh in the same directory

3. Using any browser, navigate to the directory vsp in Local Repository URL:

   1. Version 2.8 to 2.11.x:https://<Local Repository URL>:8443

   2. Version 2.7: http://<Local Repository URL>

4. Execute the below commands:

   ShellShell

   sudo bash
   ./c -h  #To diplay Help menu
   ./vsp_install_vm.sh -c <CMS_IP> -i <Host_IP> -k <VSP_Kafka_Node_IP> -l <LFR_IP> -n <Hostname> -L <LFR_Port> -s <SKU> -g

   1. The required parameters for the script are:

      Parameter	Description
      -c <CMS_IP>	IP Address of CMS
      -l <LFR_IP>	IP Address of LFR
      -s <SKU>	Provide the required SKU. Allowed values are web, host, mem

5. The optional parameters for the script are:

6. Alternatively, to install a specific SKU, follow the steps below:

   sudo bash
   chmod +x vsp-<SKU>-vm.sh
   ./vsp-<SKU>-vm.sh -h  #To view Help menu
   ./vsp-<SKU>-vm.sh -c <CMS_IP> -i <Host_IP> -k <VSP_Kafka_Node_IP> -n <Hostname> -o <Host_OS> -V <Host_OS_Version> -r

   The required parameters for the script are:

   Parameter	Description
   -c <CMS_IP>	IP Address of CMS
   -i <Host_IP>	IP Address of Probe (Host)
   -k <VSP_Kafka_Node_IP>	IP Address of Kafka
   -n <Hostname>	Hostname of the Probe. This is utilized during probe registration with CMS
   -o <Host_OS>	Operating System of the Probe
   -r	To start VSP services after Installation
   -V <Host_OS_Version>	Operating System Version of the Probe

7. Optional Parameter to install specific SKU

   Parameter	Description
   -e	To indicate Remote vRule configuration. Do not provide this option for Remote vRule option
   -X	To set the password to stop/modify a service using VSP-CLI utility. When this parameter is used, the user is prompted to provide the password (this method is preferred due to security reasons). A valid password must be 16 (minimum) – 511 (maximum) characters in length and must have alphanumeric characters in both upper and lower cases
   -x	To extract the tar file and exit
   -y	To set the password to stop/modify a service using VSP-CLI utility. When this parameter is used, the password must be provided along with the command. A valid password must be 16 (minimum) – 511 (maximum) characters in length and must have alphanumeric characters in both upper and lower cases

8. At the end of the installation, the installed probe instance automatically registers with VSP CMS and a restart of the server is NOT required if the parameter -r is provided during installation

9. If the parameter -r is not provided during installation, restart the services using the below command:

   service vsp start

10. For container-based CMS instance, restart the VSP services in Ubuntu and RHEL Probe instances using the below command:

    service vsp restart

11. Verification: In CMS, navigate to Deploy > Probes and verify that the Probe server is listed and in Connected state
    

Windows 2008 and Above using Script

Pre-requisites

To install VSP Probe on Windows server, ensure that:

1. PowerShell is installed

2. The below packages are automatically installed during Probe installation

   1. VC_redist.x86.exe

   2. VC_redist.x64.exe

3. For Windows 2008, the Patch: Security Update for Microsoft Windows (KB4474419) is installed. Use the link below to install the required patch:
   https://www.catalog.update.microsoft.com/search.aspx?q=kb4474419  

Probe Installation

1. Using any browser, navigate to the directory vsp in Local Repository URL:

   1. Version 2.8 to 2.11 : https://<Local Repository URL>:8443

   2. Version 2.7: http://<Local Repository URL>

2. To install all the available SKUs (VSP-Enterprise, VSP-Web, VSP-Memory and VSP-Host), download vsp_install_vm.bat to the server

   1. Execute the below commands at the command prompt as an Administrator

      vsp_install_vm.bat -U  #To uninstall Previous version of VSP
      vsp_install_vm.bat -h  #To view the help menu
      vsp_install_vm.bat -c <CMS_IP> -i <Host_IP> -k <VSP_Kafka_Node_IP> -l <LFR_IP> -s <SKU>

      The required parameters for the script are:

      Parameter	Description
      -c <CMS_IP>	IP Address of CMS
      -l <LFR_IP>	IP Address of LFR
      -s <SKU> Version 2.10 and Below	Provide the required SKU. Allowed values are web, host, mem

   2. Make a note of the displayed token for future use during password reset

   3. Make a note of the displayed token for future use during password reset (If password is configured for VSP-CLI Utility)

   4. Optional Parameters to install all SKUs are:

3. If the parameter -r is provided during installation, the installed probe instance uired if the parameter -r is provided during installation

4. If the parameter -r is not provided during installation, start the installed VSP ASI service

   

5. Verify that the VSP Probe is installed as a service

   

6. Verification: In CMS, navigate to Deploy > Probes and verify that the Probe server is listed and in Connected state
   

Windows 2003 using Script

Supported VSP Features

1. For Windows 2003

   1. Only the Core license features - Executable Allowlisting and AppControl Policies are supported

   2. Other features – File System Monitoring, Memory Exploit Protection, Buffer Error Protection and Web Application Protection are not supported

   3. VSP is not supported for hosts running hypervisor: Hyper-V

   4. Out of the box protection actions are not available

   5. Probe Password protection feature is not available

Pre-requisites

To install VSP Probe on Windows server, ensure that:

1. PowerShell is installed

2. The below packages are installed:

   1. VC_redist.x86.exe

   2. VC_redist.x64.exe (Not applicable for Windows Server 2003 32 Bit Machines)

Probe Installation

1. Using any browser, navigate to the directory vsp in Local Repository URL:

   1. Version 2.8 to 2.11: https://<Local Repository URL>:8443

   2. Version 2.7: http://<Local Repository URL>

2. To install all the available SKUs (VSP-Enterprise, VSP-Web, VSP-Memory and VSP-Host), download vsp_install_vm.bat to the server

   1. Execute the below commands at the command prompt as an Administrator

      vsp_install_vm.bat -h #To view the Help menu
      vsp_install_vm.bat -c <CMS_IP> -i <Host_IP> -k <VSP_Kafka_Node_IP> -l <LFR_IP> -s <SKU>

      The required parameters for the script are:

      Parameter	Description
      -c <CMS_IP>	IP Address of CMS
      -l <LFR_IP>	IP Address of LFR
      -s <SKU> Version 2.10 and Below	Provide the required SKU. Allowed values are web, host, mem

   2. Make a note of the displayed token for future use during password reset

   3. Optional Parameters to install all SKUs are:

3. If the parameter -r is provided during installation, the installed probe instance automatically registers with VSP CMS and a restart of the server is NOT required

4. If the parameter -r is not provided during installation, start the installed VSP ASI service

   

5. Verify VSP Probe is installed as a service

   

6. Verification: In CMS, navigate to Deploy > Probes and verify that the Probe server is listed and in Connected state

Windows using MSI Installer

Installation

There are two methods of installation available

1. Quiet Installation – Command line method of installation

2. UI-based Installation

Quiet Installation

1. Pre-requisites:

   1. Ensure that the below packages are installed. They are included as part of the downloaded .zip file:

      1. VC_redist.x86.exe

      2. VC_redist.x64.exe (Not applicable for Windows Server 2003 32 Bit Machines)

   2. For Windows 2008, the Patch: Security Update for Microsoft Windows (KB4474419) is installed. Use the link below to install the required patch: https://www.catalog.update.microsoft.com/search.aspx?q=kb4474419

2. Install the VC_redist packages, using the below steps:

   1. Open Command Prompt (Run as an Administrator) and navigate to the directory with the file vsp.msi

   2. For installation of VC_redist.x64.exe, execute the below command:

      ShellShell

      start /wait VC_redist.x64.exe /q /norestart /l*v logs.txt

   3. For installation of VC_redist.x86.exe, execute the below command: (Not applicable for Windows Server 2003 32 Bit Machines):

      ShellShell

      start /wait VC_redist.x86.exe /q /norestart /l*v logs.txt

3. Version 2.11 and Above: During installation, it can be specified if the entire Probe package must be installed or Host only features must be installed

   1. In LFR, navigate to the directory: Windows > <OS_Version>. There are two directories specified for OS_Version:

      1. Windows 2003

      2. Windows 2008-22

   2. Download the .zip file and unzip it

4. Version 2.10 and Below: Install a specific SKU, download the relevant .zip file

   1. In LFR, navigate to the directory: Windows > <OS_Version>

   2. SKU: Select the appropriate file with web (VSP-Enterprise, VSP-Web), memory (VSP-Memory) and host (VSP-Host) in its name

   3. The file name format is: vsp-<SKU>-vm.zip. Unzip the file

5. Open a command prompt window as an Administrator

6. Navigate to the directory where the file VSP.msi is downloaded

7. Execute the command:

   ShellShell

   start /wait msiexec /i VSP.msi /qn /norestart CMS_IP=<CMS_IP> ACCEPTEULA=1 /l*v c:\vsp_installermsi.log

8. The Parameters for the script are

   Parameter	Description
   ACCEPTEULA	For quiet installation, defines acceptance to the license agreement. Expected value: 1
   CMS_IP	IP Address of CMS
   Optional Parameters
   HOST_IP	IP Address of Host
   KAFKA_IP	IP Address of Kafka. If it is not specified, CMS_IP will be used as KAFKA_IP. It not required if NO_HOST_ENTRY is used
   LFR_IP	IP Address of LFR is required if it is different from the CMS IP Address or if LFR is hosted in Kubernetes. If not specified, CMS IP address is utilized
   KAFKA_PORT	VSP Kafka Port (Default port is 9092)
   HOST_NAME	The hostname of the Application Instance. This is utilized during probe registration with CMS
   CMS_DNS_NAME	Custom DNS name for CMS. Default value is int.cms.virsec.com
   KAFKA_DNS_NAME	Custom DNS name for Kafka. Default value is vsp-kafka.virsec. If there are multiple values, ensure that they are comma-separated, enclosed in double-quotes and without any white spaces between them. Format: "<DNS_1>,<DNS_2>,<DNS_3>"
   ENABLE_REMOTE_AE	To indicate Remote vRule configuration. Default value is 0 Expected values are 0 (Disable) or 1 (Enable)
   START_VSP_SERVICE	To start VSP services after Installation Default value is 0 Expected values are 0 (Not started) or 1 (Started)
   NO_HOST_ENTRY	Entries are not added in the file /etc/host to resolve the LFR and CMS DNS names. If this parameter is used, ensure that the parameters -C and -K are provided Default value is 0 Expected values are 0 (Entries added) or 1 (Not added)
   VSP_CLI_PASSWORD	(Not applicable for Windows 2003) Specify password for the vsp-cli utility. Password must have a length of 16 (minimum) - 511 (maximum) characters and atleast one character from each group: [a-z][A-Z][0-9]
   HOST_PROFILE_TAG	A Host Profile Tag allows for an application instance to be auto-associated with a process profile on CMS
   APP_SERVICE_TAGS	List of app service tags separated by a comma; echo App service tags enable an Application Instance to be auto-associated with an application on CMS
   LOGLEVEL	To print Verbose information. Allowed values are 0 (INFO level), 1 (DEBUG level) and 2 (TRACE level) Default value is 0; Example: LOGLEVEL=1
   HOST_ONLY Version 2.11 and Above	Specify if only VSP Host features are required. Allowed value is: 1
   START_CPM_SERVICE Version 2.11 and Above	To start/stop CPM services after Installation. Allowed Values are: 1 (Start; Default) and 0 (Stop)

   
   

9. Version 2.11 and Above Sample commands:

   1. start /wait msiexec /i VSP.msi /qn /norestart CMS_IP=10.15.38.11 HOST_ONLY=1 ACCEPTEULA=1 START_VSP_SERVICE=1 VSP_CLI_PASSWORD="GhT890aRHjIkO9876" /l*v c:\vsp_installermsi.log

10. Version 2.10 and Below Sample commands:

    1. start /wait msiexec /i VSP.msi /qn /norestart CMS_IP=10.15.38.11 ACCEPTEULA=1 START_VSP_SERVICE=1 VSP_CLI_PASSWORD="GhT890aRHjIkO9876" /l*v c:\vsp_installermsi.log

    2. start /wait msiexec /i VSP.msi /qn /norestart CMS_IP=10.15.38.11 ACCEPTEULA=1 KAFKA_IP=10.12.3.45 START_VSP_SERVICE=1 CMS_DNS_NAME=int.cms.virsec.com KAFKA_DNS_NAME=vsp-kafka.virsec /l*v c:\vsp_installermsi.log

11. Verification: Execute the below command to verify if the installation was successful

    ShellShell

    if %ERRORLEVEL% NEQ 0 (echo "INSTALLATION FAILED") else (echo "INSTALLATION SUCCEEDED")

    
    

UI-based Installation

1. Pre-requisites:

   1. Ensure that the below packages are installed. They are included as part of the downloaded .zip file:

      1. VC_redist.x86.exe

      2. VC_redist.x64.exe (Not applicable for Windows Server 2003 32 Bit Machines)

   2. For Windows 2008, the Patch: Security Update for Microsoft Windows (KB4474419) is installed. Use the link below to install the required patch: https://www.catalog.update.microsoft.com/search.aspx?q=kb4474419

2. Version 2.11 and Above: During installation, it can be specified if the entire Probe package must be installed or Host only features must be installed

   1. In LFR, navigate to the directory: Windows > <OS_Version>. There are two directories specified for OS_Version:

      1. Windows 2003

      2. Windows 2008-22

   2. Download the .zip file and unzip it

3. Version 2.10 and Below: Install a specific SKU, download the relevant .zip file

   1. In LFR, navigate to the directory: Windows > <OS_Version>

   2. SKU: Select the appropriate file with web (VSP-Enterprise, VSP-Web), memory (VSP-Memory) and host (VSP-Host) in its name

   3. The file name format is: vsp-<SKU>-vm.zip. Unzip the file

4. Double-click VSP.msi with Administrator privileges and click Next on the Welcome screen

5. Accept the License Agreement and click Next

6. Provide the below information and click Next

   1. CMS IP - IP Address of VSP CMS

   2. No Host Entry – When enabled, entries are not added in the file /etc/host to resolve the LFR and CMS DNS names. If this parameter is used, ensure that the parameters -C and -K are provided

   3. Version 2.11 and Above: Host only feature - When enabled, only the Host features are installed. When disabled (default), all the VSP features are installed

7. Provide the Optional Parameters if required and click Next

   Parameters	Description
   Host IP	IP Address of Host
   Host Name	The hostname of the Application Instance. This is utilized during probe registration with CMS
   LFR_IP	IP Address of LFR is required if it is different from the CMS IP Address or if LFR is hosted in Kubernetes. If not specified, CMS IP address is utilized
   CMS DNS Name	Custom DNS name for CMS. Default value is int.cms.virsec.com
   Kafka IP	IP Address of Kafka. If it is not specified, CMS_IP will be used as KAFKA_IP. It not required if NO_HOST_ENTRY is used
   Kafka DNS Name	Custom DNS name for Kafka. Default value is vsp-kafka.virsec. If there are multiple values, ensure that they are comma-separated, enclosed in double-quotes and without any white spaces between them. Format: "<DNS_1>,<DNS_2>,<DNS_3>"c
   Kafka Port	VSP Kafka Port (Default port is 9092)
   Host Profile Tag	A Host Profile Tag allows for an application instance to be auto-associated with a process profile on CMS
   App Service Tags	List of app service tags separated by a comma; echo App service tags enable an Application Instance to be auto-associated with an application on CMS
   VSP CLI Password	(Not applicable for Windows 2003) Specify password for the vsp-cli utility. Password must have a length of 16 (minimum) - 511 (maximum) characters and atleast one character from each group: [a-z][A-Z][0-9]
   Enable Remote vRule Engine (Web Only)	Select to indicate Remote vRule configuration
   Start VSP Service	Select to start VSP services after Installation
   Log Level	Select one of the levels: INFO (Default), WARNING or ERROR
   Hide VSP in Control Panel	Select to Hide VSP listing in Control Panel

   
   

8. Specify the directory for VSP installation and click Next

9. Modify the feature if required. Click Next

10. Click Install

11. Once the installation is completed, an installation log file appears that states success or failure

Log Location

Logs related to the installation are placed in these locations:

1. Post-Installation Operation Log - C:\vsp_installer.log

2. Installation operation Log - C:\vspinstall_ca.log

3. MSIEXEC Log - C:\vsp_installermsi.log