The following information describes the PCA installation package.
The PCA software package file name looks like:
tealeaf-pca-<nnnn>-<rrr>.<distro>.i386.rpm
Where:
<nnnn>
is the build version number; for example, 3650.<rrr>
is the RPM revision number. This is usually a single digit number.<distro>
is an identifier for the Linux™ distribution, such as "RHELn" for Red Hat Enterprise Linux release n.
Note: Red Hat Enterprise Linux (RHEL) 7 uses the same PCA installation package and process as Red Hat Enterprise Linux (RHEL) 6.x. In this scenario, use tealeaf-pca-<nnnn>-<rrr>.RHEL6.i386.rpm for the installation package.
You can access the PCA installation package on our downloads page. You will need an Acoustic ID to download files.
Operating system users
The PCA must be installed by using the root
user account. During the installation process, the PCA user ctccap
is created. During execution, the ctccap
user runs the PCA processes, regardless of the user that started them.
Note: Do not use the sudo root user for installation. Although it can display that the installation was completed, several capture errors indicate that the installation failed. These errors can include "restarting too rapidly" errors, failures to start interfaces, permissions issues, and more. Please be sure to use a true root user login.
It is not required that you log in to the system by using the root
user. However, the ctccap
user must have the permissions to run the tealeaf
start
and tealeaf stop
commands. It is necessary to run with limited root
permissions as described. As a passive network traffic that is capturing application running under a stock Linux operating system, the PCA requires specific system permissions to passively capture network packets. Through the operating system, the PCA must be able to place system network NICs into promiscuous capture mode. It allows the PCA to passively listen to all network traffic presented to the designated NICs. It is necessary to run the specific application process as root permission.
To minimize security issues, only one specific PCA application module requires this permission for traffic that is capturing. All other PCA application modules are run with non-root user permissions.
The capturing module only listens to a copy of the supplied network traffic. The module cannot inject any traffic whatsoever between your web server and the client browser.