Skip to main content

PCA installation

PCA installation

What changes does the RPM make to the PCA server?

The tealeaf-pca RPM creates log files and performs several different directory and file operations.

You can install Passive Capture into a directory other than the default of /usr/local/ctccap.

Log files

The package creates the log file directory, which is /var/log/tealeaf by default, if it does not exist.

When you upgrade from an old installation that contains a nonempty /usr/local/ctccap/logs directory, the package uses the existing /usr/local/ctccap/logs directory instead of /var/log/tealeaf. This behavior is intended to avoid surprising the user by leaving old log files in the old directory (/usr/local/ctccap/logs) and writing new log files to the new default (/var/log/tealeaf).

This check for /usr/local/ctccap/logs is independent of the installation prefix that is chosen for installation for upgrade. So if you install Passive Capture into /opt/tealeaf, the package still looks for a nonempty directory /usr/local/ctccap/logs.

File creation

The package creates the following SSL self-signed certificate files in /usr/local/ctccap/etc. The package creates them automatically as a convenience for installations that do not provide their own SSL certificates: 

/usr/local/ctccap/etc/tealeaf-pca.crt
/usr/local/ctccap/etc/tealeaf-pca.key
/usr/local/ctccap/etc/tealeaf-tts.crt
/usr/local/ctccap/etc/tealeaf-tts.key
/usr/local/ctccap/etc/tealeaf-tts.pem
/usr/local/ctccap/etc/tealeaf-web.crt
/usr/local/ctccap/etc/tealeaf-web.key

  • The tealeaf-pca files are currently unused and are reserved for future use.

  • The tealeaf-web files are used by the default httpd.conf for the web console.

  • The tealeaf-tts files are provided for convenience in configuring SSL connections with the Transport Service.

    The /usr/local/ctccap/etc directory is normally writable by root and the capture user, ctccap.

The package installs the crontab file: /etc/cron.d/tealeaf. The crontab file schedules the execution of tealeaf cron as user root.

The package installs the following initialization scripts in /etc/init.d: tealeaf-pca, tealeaf-startup.

The package creates the capture.log file in the logfile directory if the file does not exist.

Directory and file modification

 

The package performs the following actions that modify directories and files outside of the installation prefix:

  • Creates a group ctccap if it does not exist.

  • Creates a user ctccap if it does not exist.

    This user is created without a default password, so you cannot log in with that account by default. Security risks are minimal; the ctccap user can only start and own the Tealeaf processes. Depending on your enterprise security requirements, you can assign a password to the ctccap user from the root user.

  • Sets /usr/local/ctccap/bin/listend and /usr/local/ctccap/bin-debug/listend as setuid root (required for listend to open eth devices for packet sniffing; drops down to user ctccap after you open the eth devices).
  • Remove PHP session files in /tmp. These files are assumed to be PHP session files for the Passive Capture web console.
  • Update /etc/syslog.conf (if needed) to ensure that it contains an entry for facility local0 to file capture.log in the logfile directory.
  • Restart syslogd to reload its configuration and use any changes that are made to /etc/syslog.conf.

Related articles

community icon

Join the community

Ask questions, share best practices, and connect with fellow marketers.

Ask a question

Academy

Read how-to articles, guides, and more to help you on the path to success.

Learn more