Preparing for installation.
Before the installation, make sure that the protected node has a supported version of the OS and that the OS kernel is included in the list of those supported by the developers of the Information Security System. The hardware requirements must also be satisfied.
Before installation, disable external repositories, and connect the OS installation disk and the repository from the Secret Net LSP installation disk.
We strongly recommend to perform the installation of the LSP continuously from start to finish.
Installation of Secret Net LSP.
- Download the installation package from the Security Code site or Cloud4Y cloud storage: https://nc.cloud4y.ru/index.php/s/iYmk7jPATRbDDw6.
- Find the appropriate distribution package for your OS version. Run the installation.
For Red Hat OS (RHEL, Cent OS, Red OS):
#yum install ./ sn-lsp-1.10-680.el7.x86_64.rpm
For Debian family OS (Ubuntu, Lotus):
#apt update
#apt install ./<пакет sn-lsp>
for Alt Workstation 9.0:
#apt-get update
#apt-get install ./<пакет sn-lsp>
for Alt 8 SP (lightdm-gtkgreeter-pd package must be installed on the system):
#setenforce 0
#apt-get update
#apt-get install ./<пакет sn-lsp>
- Reboot the system.
- Download and install the obtained license on the protected node:
snlicensectl -c /home/ ID_key.lic
Configuring Secret Net LSP.
To configure the policy settings, along with the graphical management console, you can also use the snpolctl utility, available in the /opt/secretnet/bin directory. The utility runs in command line mode as the current user.
- User policy configuration.
Minimum password length:
#snpolctl –p users –c users, min_passwd_size,8
Password complexity:
#snpolctl –p users –c users, passwd_strength,1
Password validity period:
#snpolctl –p users –c users, max_days,90
Minimum period after which the password can be changed:
#snpolctl –p users –c users,min_days,0
Warning to change password, days to:
#snpolctl –p users –c users, warn_days,14
Number of days before blocking a UZ with an outdated password:
#snpolctl –p users –c users,inactive_days,0
- Configuring the authentication policy
No blocking when the identifier is withdrawn:
#snpolctl -p token_mgr –c authentication,lock,1
Number of failed entry attempts:
#snpolctl -p token_mgr –c authentication,deny,1
Blocking time after exceeding the allowed number of attempts:
#snpolctl -p token_mgr –c authentication,unlock_time,15
Inactivity period before the screen locks:
#snpolctl -p token_mgr –c authentication,lock_delay,1
Backup of the Secret Net LSP configuration.
To backup and restore, use the snbckctl utility located in the /opt/secretnet/bin directory..
- To save the current configuration, run the command (ID - identifier (name) of the configuration file):
#snbckctl –r –i <ID>
- Restore the configuration from a file:
#snbckctl –r –i <ID>