tealeaf-pca RPM creates log files and performs several different directory and file operations.
You can install Passive Capture into a directory other than the default of
The package creates the log file directory, which is
/var/log/tealeaf by default, if it does not exist.
When you upgrade from an old installation that contains a nonempty
/usr/local/ctccap/logs directory, the package uses the existing
/usr/local/ctccap/logs directory instead of
/var/log/tealeaf. This behavior is intended to avoid surprising the user by leaving old log files in the old directory (
/usr/local/ctccap/logs) and writing new log files to the new default (
This check for
/usr/local/ctccap/logs is independent of the installation prefix that is chosen for installation for upgrade. So if you install Passive Capture into
/opt/tealeaf, the package still looks for a nonempty directory
/usr/local/ctccap/etc. The package creates them automatically as a convenience for installations that do not provide their own SSL certificates:
/usr/local/ctccap/etc/tealeaf-pca.crt /usr/local/ctccap/etc/tealeaf-pca.key /usr/local/ctccap/etc/tealeaf-tts.crt /usr/local/ctccap/etc/tealeaf-tts.key /usr/local/ctccap/etc/tealeaf-tts.pem /usr/local/ctccap/etc/tealeaf-web.crt /usr/local/ctccap/etc/tealeaf-web.key
tealeaf-pcafiles are currently unused and are reserved for future use.
tealeaf-webfiles are used by the default
httpd.conffor the web console.
tealeaf-ttsfiles are provided for convenience in configuring SSL connections with the Transport Service.
/usr/local/ctccap/etcdirectory is normally writable by root and the capture user,
The package installs the crontab file:
/etc/cron.d/tealeaf. The crontab file schedules the execution of
tealeaf cron as user
The package installs the following initialization scripts in
The package creates the
capture.log file in the
logfile directory if the file does not exist.
Directory and file modification
The package performs the following actions that modify directories and files outside of the installation prefix:
Creates a group
ctccapif it does not exist.
Creates a user
ctccapif it does not exist.
This user is created without a default password, so you cannot log in with that account by default. Security risks are minimal; the
ctccapuser can only start and own the Tealeaf processes. Depending on your enterprise security requirements, you can assign a password to the
ctccapuser from the root user.
/usr/local/ctccap/bin-debug/listendas setuid root (required for
ethdevices for packet sniffing; drops down to user
ctccapafter you open the
- Remove PHP session files in
/tmp. These files are assumed to be PHP session files for the Passive Capture web console.
/etc/syslog.conf(if needed) to ensure that it contains an entry for facility local0 to file
syslogdto reload its configuration and use any changes that are made to