Technical Library
|
Support
Installing Websense Content Gateway
> Requirements for Red Hat Enterprise Linux
Requirements for Red Hat Enterprise Linux
Deployment and Installation Center | Web Security Solutions | Version 7.7.x
Applies to:
In this topic
Web Security Gateway and Web Security Gateway Anywhere, v7.7.x
Required libraries in Red Hat Enterprise Linux 6
Installing on Red Hat Enterprise Linux 6, update 1 and higher
Red Hat Enterprise Linux Update 5.x
Required libraries in Red Hat Enterprise Linux 6
Required libraries:
apr.i686
apr-util.i686
audit-libs.i686
bzip2-libs.i686
compat-db43.i686
compat-expat1.i686
compat-openldap.i686
compat-readline5.i686
cracklib.i686
cyrus-sasl-lib.i686
db4.i686
expat.i686
ftp.x86_64
gdbm.i686
glibc.i686
keyutils-libs.i686
krb5-libs.i686
libattr.i686
libcap.i686
libcom_err.i686
libcurl.i686
libgcc.i686
libicu.i686
libidn.i686
libselinux.i686
libssh2.i686
libstdc++.i686
libtalloc.i686
libtdb.i686
libuuid.i686
libxml2.i686
nc.x86_64
ncurses-devel.i686
ncurses-libs.i686
nspr.i686
nss.i686
nss-softokn.i686
nss-softokn-freebl.i686
nss-util.i686
openldap.i686
openssl.i686
openssl098e.i686
pam.i686
popt.i686
readline.i686
readline-devel.i686
samba-winbind-clients.i686
sqlite.i686
tcl.x86_64
tcp_wrappers-libs.i686
zlib.i686
During Content Gateway installation, the installer will list missing packages and then exit the installer.
To install the missing packages, the operating system must have a repository of available libraries. The Media repository on the Red Hat Enterprise Linux install DVD is an acceptable source of packages.
After the repository is setup, all of the required dependencies can be automatically resolved by running:
yum install wcg_deps-1-0.noarch.rpm
The above RPM is included in the Content Gateway install tree, at the same level as wcg_install.sh.
Installing on Red Hat Enterprise Linux 6, update 1 and higher
biosdevname
Red Hat Enterprise Linux 6, update 1 introduces
biosdevname
.
biosdevname is not supported by Content Gateway version 7.7.x and lower.
What is biosdevname? The Red Hat Enterprise Linux update 6.1 release notes state:
... biosdevname [is an] optional convention for naming network interfaces. biosdevname assigns names to network interfaces based on their physical location. ... biosdevname is disabled by default, except for a limited set of Dell systems.
biosdevname is designed to replace the older, inconsistent "eth#" naming scheme. The new standard will be very helpful when it is fully adopted, however it is not yet fully adopted.
The presence of a single Ethernet device absent the SMIBIOS Slot # and biosdevname field causes the Red Hat Enterprise Linux 6.1 installer and 'udev' to fall back to the preferred eth# device naming for all interfaces.
Important
To ensure interface name consistency among hardware platforms and Red Hat Enterprise Linux 6.0, 6.1, and higher, Content Gateway version 7.7.x requires "eth#" names. If any non-"eth#" names exist, the Content Gateway installer exits and provides a link to instructions for modifying system startup files.
Upgrading from Red Hat Enterprise Linux 6.0 to 6.1 and higher poses no risk. There was no biosdevname support in Update 6.0 and device names are not altered by the upgrade to 6.1 or higher.
Disabling biosdevname
If while installing Content Gateway the installer finds non-eth# interface names, the installer quits and provides a link to instructions for modifying system startup files.
There are 2 ways to disable biosdevname:
1.
During operating system installation.
2.
Post-operating system installation through modification of several system files and other activities.
The easiest way to disable biosdevname is to do it during operating system installation. This is the recommend method.
Disabling biosdevname during operating system installation:
When the installer starts, press [TAB] and alter the boot line to add "biosdevname=0" as follows:
Proceed through the rest of the installer as usual.
Disabling biosdevname after operating system installation:
Log on to the operating system and verify that non-eth# names are present.
ifconfig -a
If only "eth#" and "lo" names are present, you are done. No other actions are required.
If there are names like "emb#" or "p#p#" perform the following steps.
1.
Log in as root.
2.
cd /etc/sysconfig/network-scripts
3.
Rename all "ifcfg-<ifname>" files except "ifcfg-lo" so that they are named "ifcfg-eth#".
a.
Start by renaming "ifcfg-em1" to "ifcfg-eth0" and continue with the rest of the "ifcfg-em#" files.
b.
When the above are done, rename the "ifcfg-p#p#" files.
If there are multiple "ifcfg-p#p1" interfaces, rename all of them in the order of the lowest "ifcfg-p#" first. For example, if the initial set of interfaces presented by "`ifconfig -a" is:
em1 em2 em3 em4 p1p1 p1p2 p2p1 p2p2
em1 -> eth0
em2 -> eth1
em3 -> eth2
em4 -> eth3
p1p1 -> eth4
p1p2 -> eth5
p2p1 -> eth6
p2p2 -> eth7
c.
Make the "ifcfg-eth#" files linear so that if you have 6 interfaces you have eth0 through eth5.
4.
Edit all the ifcfg-eth# files.
a.
Update the DEVICE= sections to refer to the new name: "eth#"
b.
Update the NAME= sections to refer to the new name: "System eth#"
5.
Remove the old udev device mapping file if it exists:
rm -f /etc/udev/rules.d/70-persistent-net.rules
6.
Modify the "grub.conf" file to disable biosdevname for the kernel you boot.
a.
Edit /boot/grub/grub.conf
b.
Add the following to the end of your "kernel /vmlinuz" line:
biosdevname=0
7.
Reboot.
8.
Reconfigure the interfaces as required.
Installer gives NetworkManager or avahi-daemon error
Warning
Content Gateway is supported on Red Hat Enterprise Linux 6, Basic Server (no GUI).
It is
not
supported on Red Hat Enterprise Linux 6 with a GUI.
When Red Hat Enterprise Linux 6 is installed with a GUI, the Content Gateway installer recognizes systems running NetworkManager or avahi-daemon processes and emits an error similar to:
Error: The avahi-daemon service is enabled on this system and must be disabled before Websense Content Gateway v7.7 can be installed.
Please disable the avahi-daemon service with the following commands and restart the Websense Content Gateway installation.
chkconfig --levels 2345 avahi-daemon off
service avahi-daemon stop
To continue, the conflicting NetworkManager and avahi-daemon processes must be stopped.
1.
To disable the avahi-daemon service:
chkconfig --levels 2345 avahi-daemon off
service avahi-daemon stop
2.
To restart the installer:
./wch_install.sh
Red Hat Enterprise Linux Update 5.x
PAE (Physical Address Extension)-enabled kernel required
By default, Red Hat Enterprise Linux 5, update 3 and later has PAE enabled. If you are running the non-PAE kernel, reboot with the PAE-enabled kernel before installing Websense Content Gateway.
RPM compat-libstdc++-33-3.2.3-47.3.i386.rpm (or higher version of this package)
To display a list of RPMs installed on your system with the string "compat-libstdc" in their name, enter the command:
rpm -qa |grep compat-libstdc
libgdbm.so.2 required
RPM krb5-workstation-*.rpm
This must be the version of the krb5-workstation RPM that is bundled with your version of Red Hat Enterprise Linux.
To display a list of RPMs installed on your system with the string "krb5-workstation" in their name, enter the command:
rpm -qa |grep krb5-workstation
GNU C library (glibc) version 2.5-42 or later
Note that Red Hat Enterprise Linux 5, update 3 ships with glibc version 2.5-34. Be sure to update it to version 2.5-42 or later.
Example command to update this library (running as
root
):
yum update glibc
.
SELinux must be set to disabled or permissive
Installing Websense Content Gateway
> Requirements for Red Hat Enterprise Linux
Copyright 2016 Forcepoint LLC. All rights reserved.