Snare for Windows Custom MSI v2.0 © Intersect Alliance International Pty Ltd. All rights reserved worldwide. Intersect Alliance Pty Ltd shall not be liable for errors contained herein or for direct, or indirect damages in connection with the use of this material. No part of this work may be reproduced or transmitted in any form or by any means except as expressly permitted by Intersect Alliance International Pty Ltd. This does not include those documents and software developed under the terms of the open source General Public Licence, which covers the Snare agents and some other software. The Intersect Alliance logo and Snare logo are registered trademarks of Intersect Alliance International Pty Ltd. Other trademarks and trade names are marks' and names of their owners as may or may not be indicated. All trademarks are the property of their respective owners and are used here in an editorial context without intent of infringement. Specifications and content are subject to change without notice. Page 1 of 17 Table of Contents 1. Guide Overview . 3 2. Introduction to MSI . 3 3. Requirements . 4 4. Installing WIX . 5 5. Creating the MSI package . 6 6. Installing the MSI package using Group Policy . 9 7. About InterSect Alliance . 16 Page 2 of 17 1. Guide Overview About this Guide This guide provides administrators with the instructions to create a Windows MSI file, based on the required organizational security settings, using the freely available Windows Installer XML (WiX) toolset. This will allow you to remotely deploy Snare Enterprise Agents for Windows with a customized configuration, using the Microsoft Installer (MSI). Other guides that may be useful to read include: User Guide to Snare Enterprise Agents for Windows. This product uses the RSA Data Security, Inc. MD5 Message-Digest Algorithm. This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit. (http://www.openssl.org/) © Intersect Alliance International Pty Ltd Page 3 of 17 2. Introduction to MSI The Windows Installer utility (MSI, formerly known as Microsoft Installer) is an application that allows MSI compliant applications to be remotely deployed to workstations and servers that run the MSI service, without significant administrator intervention. Snare agents do not come packaged as a MSI file by default, as the standard 'setup' executable offers significantly more flexibility at this stage. However, organizations that wish to remotely deploy pre-configured Snare agents to workstations and servers, without physically moving from system to system, appreciate the functionality provided by MSI. Note The MSI functionality is currently only available with the Snare Enterprise Agent for Windows. © Intersect Alliance International Pty Ltd Page 4 of 17 3. Requirements What you Need The latest Snare Enterprise Agent for Windows executable file available from the Snare Secure Area at https://w ww.intersectalliance.com The MSI pack, MSI-2.0.zip, available from the Snare Secure Area at https://www.intersectalliance.com The Windows Installer XML (WiX Toolset version 3.10) binaries, wix310-binaries.zip, available from http://wix.codep lex.com/releases/view/619491 Minimum Requirements Administrator-level access to the system. Windows 2003 (or later) system. At least 8 Megabytes of disk space on your system. Note Version 2.0 of the MSI accepts the selection of Version 4 and Version 5 Snare Enterprise Agents for Windows. The creation of the MSI will not work with OpenSource Agents. © Intersect Alliance International Pty Ltd Page 5 of 17 4. Installing WIX Perform the following to install WIX: 1. As Administrator, unzip the wix310-binaries.zip file to C:\Program Files\wix. 2. Start the Control Panel, then navigate to System. For Windows 2008 and above, click on Advanced System Settings . 3. Under the Advanced tab, click Environment Variables. 4. Under System variables, edit the Path variable and add C:\Program Files\wix . Use a semicolon as the separator. 5. Click OK until you are back to the Control Panel. On some later versions of Windows, you may have to log out and log back in again for the PATH environment variables to take effect. 6. To check that the above procedures have worked, start a command prompt window and type: >candle Its usage will be displayed. If there are any errors then either the software has not been installed or the environment variables have not been set. Troubleshooting If your error dialog states "...application failed to initialize properly..." then this indicates that the .NET framework has not been installed. This will need to be installed for WIX to work. © Intersect Alliance International Pty Ltd Page 6 of 17 5. Creating the MSI package Perform the following to build the MSI. 1. Download, install and configure the latest agent on the machine you are building the MSI. 2. Place a copy of the Snare .exe installer (e.g. SnareEnterpriseAgent-Windows-v4.3.6-SUPP-MultiArch.exe, SnareEnterpriseAgent-Windows-v5.x.x-multiArch.exe) into the location of the installed Snare directory, e.g. C:\Program Files\Snare\. 3. Unzip MSI-2.0.zip into the C:\Program Files\Snare\ (or wherever your Snare installation is located) directory. 4. Open a command prompt as administrator and from the location of the Snare installation type: > MakeSnareMSI.bat You will be prompted with following: a. Select Windows agent configuration method. Select from: Use configuration of local agent By default, the build process will export and use the settings of the locally installed agent. Use configuration from an existing file Edit the template.inf in directory b. Upgrade or Reinstall the target machine's agent? Select either Update or Reinstall, then click Enter: Upgrade This produces an MSI which installs a new agent, but leaves existing settings/objectives unchanged. Reinstall This produces an MSI which installs a new agent, and resets settings/objectives to settings on the MSI build machine. c. Select installer exe to be added to the MSI. Any Snare executable files found will be listed. Select the .exe file to add to the MSI represented by numerals. If only one file is found in the Snare installation folder then that file will be listed. Click Enter. d. On completion, the message will print MSI build of Snare<product name>.msi completed successfully. e. The customized MSI is now available at C:\Program Files\Snare\SnareEnterpriseWindowsAgentsv<version>. msi. © Intersect Alliance International Pty Ltd Page 7 of 17 4. e. If the version of the Snare.msi detects an newer version of the agent it will not upgrade the software. A reinstall will always replace with the version that is being installed. 5. Test the MSI. For systems running User Account Control (UAC), you will need to test the MSI from within a "Run as Administrator" Command Prompt. To install the MSI, type the following from the command line: >msiexec /i SnareEnterpriseWindowsAgentsv5.0.0.msi Upon execution you will see the following dialog box: © Intersect Alliance International Pty Ltd Page 8 of 17 5. To include logging, on a deployment, (recommended for acceptance testing) type the following from the command line: >msiexec /l*v [logname].log /i [msiname].msi To uninstall the MSI, type the following from the command line: >msiexec /x SnareEnterpriseWindowsAgentsv5.0.0.msi 6. To ensure the agent is working correctly, check the Latest Events page in the web UI of the Snare agent. If no events appear in this window in a timely manner, check the agent configuration or run the agent in Debug Mode (instructions below). Ensure the MSI is tested before use in production networks. Debug Mode To use the Debug Mode, from the command line of an administrative prompt execute the following commands > net stop snare > snarecore -c -d9 this command will send log to the console. Enter CTRL-C to end the debug log. > net start snare © Intersect Alliance International Pty Ltd Page 9 of 17 6. Installing the MSI package using Group Policy To install the MSI package over the network group policy may be used. Add the Snare .msi package in your Domain The instructions should be executed on the network domain controller. Snare{version number}.msi package must be placed in a network share folder with read access. © Intersect Alliance International Pty Ltd Page 10 of 17 1. Start 'Group Policy Management' snapshot of MMC. a. Go to Start | Run window or shortcut 'Windows Key + R'. b. Type 'mmc' in run window and click Enter. c. Following screen will appear. This is from Windows 2008 R2 (other windows will have similar window). d. Go to File | Add/Remove Snap-in. Select Group Policy Management snap-in and select Add and click OK. e. In Group Policy Management snap-in window, navigate to the Group Policy Objects folder. © Intersect Alliance International Pty Ltd Page 11 of 17 1. e. f. Right click on Group Policy Objects and select New. The New GPO window will appear. Enter the name of your MSI install, for example Snare Agent 4.2.3 (match the version of the agent you are using). Click OK. g. Right click the newly created GPO (Snare Agent 4.2.3) and select Edit. Group Policy Management Editor screen will appear. Navigate to the Software Installation option. © Intersect Alliance International Pty Ltd Page 12 of 17 1. g. h. Right click on Software Installation and select New | Package.... i. From the file open window select your Snare{version number}.msi package from the network shared folder. j. After selecting the Snare .msi package, the following Deploy Software pop-up will appear. © Intersect Alliance International Pty Ltd Page 13 of 17 1. j.