Maximizing InterScan Web Security Suite 3.1 for Linux Performance ...

pridefulauburnData Management

Dec 16, 2012 (4 years and 7 months ago)

369 views










A Trend Micro TrendEdge Solution
Advanced Technologies and Techniques to Enhance Your Product



Maximizing InterScan Web
Security Suite 3.1 for Linux
Performance Using a Centralized
PostgreSQL Database




Jason Pappalexis
Senior Solutions Architect
Trend Micro, Inc.



March 2008





Trend Micro, Inc.
10101 N. De Anza Blvd.
Cupertino, CA 95014
T 800.288.5651 / 408.257.1500
F 408.257.2003
www.trendmicro.com

Ma
ximizi
ng
In
t
e
rSc
a
n
We
b
S
e
cu
rit
y

Suit
e
3.
1 f
o
r
Li
nu
x Pe
r
f
o
r
ma
nce
Usi
n
g a
C
e
n
t
r
a
lize
d
Post
g
r
eS
QL
D
a
ta
bas
e
Contents

T
Introduction......................................................................................................................................1

T
Requirements for Using a Distributed Database with IWSS 3.1 for Linux.............................................1

Requirements.....................................................................................................................................2

Software........................................................................................................................................2

Firewall..........................................................................................................................................2

Building a Dedicated Database Server.................................................................................................3

Installing and Configuring PostgreSQL............................................................................................3

Step 1: Install the PostgreSQL Database...................................................................................3

Step 2: Configure the PostgreSQL Environment.........................................................................4

Install and Configure IWSS 3.1 on the Scanner Server.......................................................................10

Testing the Configuration..................................................................................................................12

Returning to Standalone Mode..........................................................................................................12

Glossary..........................................................................................................................................15

Resources........................................................................................................................................16

Web Sites....................................................................................................................................16

Documentation.............................................................................................................................16

About the Author..............................................................................................................................17

Jason Pappalexis.........................................................................................................................17

About Trend Micro Incorporated........................................................................................................18

































Trend Micro, the Trend Micro t-ball logo, and InterScan are trademarks or registered trademarks of
Trend Micro, Incorporated. All other product or company names may be trademarks or registered
trademarks of their owners.

Trend Micro Incorporated reserves the right to make changes to this document and to the product
described herein without notice, and the information contained in this document is provided “as-is”. This
document is for informational purposes only, and is not supported by Trend Micro or its partners.

TREND MICRO MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT.

Copyright© 2008 Trend Micro Incorporated. All rights reserved.

Document Part No. TE02WSLX_080324US



i
A
T
r
en
d M
i
c
r
o T
r
en
dE
dg
e
S
o
l
u
tio
n

Ma
ximizi
ng
In
t
e
rSc
a
n
We
b
S
e
cu
rit
y

Suit
e
3.
1 f
o
r
Li
nu
x Pe
r
f
o
r
ma
nce
Usi
n
g a
C
e
n
t
r
a
lize
d
Post
g
r
eS
QL
D
a
ta
bas
e
Introduction
In enterprise environments, using a separate, centralized database server to record logging and user
data for Trend Micro™ InterScan™ Web Security Suite 3.1 for Linux (IWSS 3.1 for Linux) is desirable. A
separate database server will reduce the local I/O load on the IWSS 3.1 for Linux scanner server, which
increases the amount of I/O resources available for other purposes, such as scanning, report generation,
etc. An excellent example is IWSS 3.1 for Linux per-user logging, which, when active, requires additional
I/O that in some cases may be significant.
Additionally, offloading database logging and user data to an external server:

Simplifies database backup processes.

Maximizes and encourages the use of highly redundant database hardware.

Increases the workload capabilities of the IWSS 3.1 for Linux scanning servers due to reduced
local I/O.
This document presents the steps you must follow to configure this environment. This document does not
provide security or performance recommendations, nor instructions for any firewall modifications that
may be required.
For general performance recommendations, refer to the Trend Micro InterScan Web Security Suite 3.1 for
Linux Sizing Guide.

Note:
Trend Micro provides this document ”as-is" as a courtesy to interested parties. The accuracy
of the information is solely the author’s responsibility. This document is supported by neither
Trend Micro nor its partners.
Requirements for Using a Distributed Database with IWSS 3.1 for
Linux

Red Hat™ Enterprise Linux™ 4 Server (2.6.9-5 and above)

Trend Micro InterScan Web Security Suite 3.1 for Linux

PostgreSQL 7.4.16 or above (We used version 8.3.0 in this document)

gmake – It is recommended to use version 3.80 or later

gcc – It is recommended to use version 3.4.3 or later

1
A
T
r
en
d M
i
c
r
o T
r
en
dE
dg
e
S
o
l
u
tio
n

Ma
ximizi
ng
In
t
e
rSc
a
n
We
b
S
e
cu
rit
y

Suit
e
3.
1 f
o
r
Li
nu
x Pe
r
f
o
r
ma
nce
Usi
n
g a
C
e
n
t
r
a
lize
d
Post
g
r
eS
QL
D
a
ta
bas
e
Requirements
Software

IWSS 3.1 for Linux:
http://us.trendmicro.com/us/products/enterprise/interscan-Web-security-
suite/download/index.php?productID=34

PostgreSQL: http://www.postgresql.org/ftp/source/v8.3.0/

gmake: http://ftp.gnu.org/pub/gnu/make/

gcc: http://ftp.gnu.org/pub/gnu/gcc/
Firewall

Port 5432 should be opened on any existing firewalls between the new external database server
and the IWSS 3.1 for Linux servers.

2
A
T
r
en
d M
i
c
r
o T
r
en
dE
dg
e
S
o
l
u
tio
n

Ma
ximizi
ng
In
t
e
rSc
a
n
We
b
S
e
cu
rit
y

Suit
e
3.
1 f
o
r
Li
nu
x Pe
r
f
o
r
ma
nce
Usi
n
g a
C
e
n
t
r
a
lize
d
Post
g
r
eS
QL
D
a
ta
bas
e
Building a Dedicated Database Server
This section describes the steps you must follow to install and configure a PostgreSQL database for use
with IWSS 3.1 for Linux.
Note:
This document provides neither performance tuning nor security hardening guidelines for a
standalone database server.

Installing and Configuring PostgreSQL
These steps assume that you are installing a new PostgreSQL database and that you do not need to
back up an existing PostgreSQL database.
Note:
If you are upgrading an existing PostgreSQL database, be sure you backup the database
before starting the installation process. Refer to the PostgreSQL Web site for more
information:
http://www.postgresql.org/docs/8.3/interactive/install-upgrading.html

Step 1: Install the PostgreSQL Database
Use the commands in Figure 1 to use the PostgreSQL setup utility to install and configure your
PostgreSQL database.
Note:
The installation example in Figure 1 installs the PostgreSQL database from source code.
Alternately, you can install PostgreSQL using binary code (rpm). Refer to the PostgreSQL
manual and Web site for instructions on using this process.

Figure 1 Linux Commands to the Install the PostgreSQL Application from Source Code

[root@dellp4 postgres]# gunzip postgresql-8.3.0.tar.gz
[root@dellp4 postgres]# tar xf postgresql-8.3.0.tar
[root@dellp4 postgres]# cd postgresql-8.3.0
[root@dellp4 postgresql-8.3.0]# ./configure
… (this may take several minutes, output omitted for clarity)
[root@dellp4 postgresql-8.3.0]# gmake
… (output omitted for clarity)
All of PostgreSQL successfully made. Ready to install.
[root@dellp4 postgresql-8.3.0]# gmake install
… (output omitted for clarity)
PostgreSQL installation complete.
[root@dellp4 postgresql-8.3.0]# gmake clean
… (output omitted for clarity)
[root@dellp4 postgresql-8.3.0]#

You have now successfully installed the PostgreSQL application and are ready to configure it for use.

3
A
T
r
en
d M
i
c
r
o T
r
en
dE
dg
e
S
o
l
u
tio
n

Ma
ximizi
ng
In
t
e
rSc
a
n
We
b
S
e
cu
rit
y

Suit
e
3.
1 f
o
r
Li
nu
x Pe
r
f
o
r
ma
nce
Usi
n
g a
C
e
n
t
r
a
lize
d
Post
g
r
eS
QL
D
a
ta
bas
e
Step 2: Configure the PostgreSQL Environment
You must now:
1.
Create a new database user.
2.
Create a local directory in which to store the database files.
3.
Change the owner of the newly created directory.
We have provided a snapshot of these steps, including a directory list (to verify results) below.
Figure 2 Commands Linux Requires to Add a User and Create a Local Directory

[root@dellp4 postgresql-8.3.0]# useradd iscan –d /usr/local/pgsql –c “PostgreSQL
Server” –s /bin/bash
[root@dellp4 postgresql-8.3.0]# mkdir /usr/local/pgsql/data
[root@dellp4 postgresql-8.3.0]# chown iscan /usr/local/pgsql/data
[root@dellp4 postgres 3.0]# cd /usr/local/pgsql/
ql-8.
[root@dellp4 pgsql]# ls -l
total 72
drwxr-xr-x 9 root root 4096 Mar 6 10:57 .
drwxr-xr-x 12 root root 4096 Mar 5 23:50 ..
drwxr-xr-x 2 root root 4096 Mar 5 23:50 bin
drwxr-xr-x 2 iscan root 4096 Mar 6 10:57 data
drwxr-xr-x 3 root root 4096 Mar 5 23:50 doc
drwxr-xr-x 6 root root 4096 Mar 5 23:50 include
drwxr-xr-x 3 root root 4096 Mar 5 23:50 lib
drwxr-xr-x 4 root root 4096 Mar 5 23:50 man
drwxr-xr-x 5 root root 4096 Mar 5 23:50 share

After you have created the new user and new local directory:
1.
Login to the newly created database using your new user name, iscan.
2.
Start the PostgreSQL database application.
Figure 3 shows the process of making the iscan user the superuser of the iwss database. Optionally,
you can create a small test database to ensure everything is functioning properly. (We have included
both of these steps below.)
Figure 3 Commands Linux Requires to Initialize a new Database

[root@dellp4 pgsql]# su - iscan
[iscan@dellp4 ~]$ /usr/local/pgsql/bin/initdb -D /usr/local/pgsql/data
The files belonging to this database system will be owned by user "iscan".
This user must also own the server process.

The database cluster will be initialized with locale en_US.UTF-8.
The default database encoding has accordingly been set to UTF8.
The default text search configuration will be set to "english".

fixing permissions on existing directory /usr/local/pgsql/data ... ok
creating subdirectories ... ok
selecting default max_connections ... 100
selecting default shared_buffers/max_fsm_pages ... 32MB/204800
creating configuration files ... ok
creating template1 database in /usr/local/pgsql/data/base/1 ... ok
initializing pg_authid ... ok
initializing dependencies ... ok
creating system views ... ok

4
A
T
r
en
d M
i
c
r
o T
r
en
dE
dg
e
S
o
l
u
tio
n

Ma
ximizi
ng
In
t
e
rSc
a
n
We
b
S
e
cu
rit
y

Suit
e
3.
1 f
o
r
Li
nu
x Pe
r
f
o
r
ma
nce
Usi
n
g a
C
e
n
t
r
a
lize
d
Post
g
r
eS
QL
D
a
ta
bas
e
loading system objects' descriptions ... ok
creating conversions ... ok
creating dictionaries ... ok
setting privileges on built-in objects ... ok
creating information schema ... ok
vacuuming database template1 ... ok
copying template1 to template0 ... ok
copying template1 to postgres ... ok

WARNING: enabling "trust" authentication for local connections
You can change this by editing pg_hba.conf or using the -A option the
next time you run initdb.

Success. You can now start the database server using:

/usr/local/pgsql/bin/postgres -D /usr/local/pgsql/data
or
/usr/local/pgsql/bin/pg_ctl -D /usr/local/pgsql/data -l logfile start

[iscan@dellp4 ~]$ cd /usr/local/pgsql/data
[iscan@dellp4 ~]$ /usr/local/pgsql/bin/postgres -D /usr/local/pgsql/data >logfile
2>&1 &
[1] 4632
[iscan@dellp4 ~]$ /usr/local/pgsql/bin/createdb test
[iscan@dellp4 ~]$ /usr/local/pgsql/bin/psql test
Welcome to psql 8.3.0, the PostgreSQL interactive terminal.

Type: \copyright for distribution terms
\h for help with SQL commands
\? for help with psql commands
\g or terminate with semicolon to execute query
\q to quit

test=# \q
[iscan@dellp4 ~]$

Success! You created the database “test” properly. Now you need to create the iwss database and grant
specific users access to it:
1.
If you have not done so already, use the su command to make iscan the superuser.
2.
Change the password mypassword to reflect the security policies in place at your organization.
Figure 4 shows the commands you must enter to accomplish this task.

5
A
T
r
en
d M
i
c
r
o T
r
en
dE
dg
e
S
o
l
u
tio
n

Ma
ximizi
ng
In
t
e
rSc
a
n
We
b
S
e
cu
rit
y

Suit
e
3.
1 f
o
r
Li
nu
x Pe
r
f
o
r
ma
nce
Usi
n
g a
C
e
n
t
r
a
lize
d
Post
g
r
eS
QL
D
a
ta
bas
e
Figure 4 Creating the Superuser “sa” and “iwss” Database

[root@dellp4 pgsql]# su - iscan
[iscan@dellp4 data]$ psql template1
Welcome to psql 7.4.6, the PostgreSQL interactive terminal.

Type: \copyright for distribution terms
\h for help with SQL commands
\? for help on internal slash commands
\g or terminate with semicolon to execute query
\q to quit

template1=# create user sa with password 'mypassword' superuser createdb;
CREATE ROLE
template1=# \q
[root@dellp4 pgsql]# psql -U sa -c "CREATE DATABASE iwss;" template1
CREATE DATABASE
[iscan@dellp4 ~]$

Once you have completed this task, modify the pg_hba.conf file to allow remote connections to the
database. The PostgreSQL installation script adds the following text to the end of the file:
host all all network subnet_mask password
Figure 5 illustrates this as an example.
Note:
Ensure network and subnet mask match the existing environment.

Figure 5 Steps to Ensure the Database can be Remotely Accessed

[root@dellp4 pgsql]# cd /usr/local/pgsql/data
[root@dellp4 data]# cp pg_hba.conf pg_hba.conf.ORIG
[root@dellp4 data]# echo "host all all 192.168.1.0 255.255.255.0
password" >> pg_hba.conf
[root@dellp4 data]#

The pg_hba.conf file should now resemble Figure 6. Carefully edit the file to ensure that the local
domain socket connections and the IPv4 local connections are authenticated with “password” instead of
“trust”. Note that the network information in your file must reflect the topology in your environment.

6
A
T
r
en
d M
i
c
r
o T
r
en
dE
dg
e
S
o
l
u
tio
n

Ma
ximizi
ng
In
t
e
rSc
a
n
We
b
S
e
cu
rit
y

Suit
e
3.
1 f
o
r
Li
nu
x Pe
r
f
o
r
ma
nce
Usi
n
g a
C
e
n
t
r
a
lize
d
Post
g
r
eS
QL
D
a
ta
bas
e
Figure 6 Steps to Ensure the Database can be Remotely Accessed with Password
Authentication

# TYPE DATABASE USER CIDR-ADDRESS METHOD

# "local" is for Unix domain so nections only
cket con
local all all password
# IPv4 local connections:
host all all 127.0.0.1/32 password
# IPv6 local connections:
host all all ::1/128 trust
host all all 192.168.1.0 255.255.255.0 password

Other authentication methods may exist in your environment. You should tune this file to match the
security level in your environment.
You must now ensure the database listens on port 5432 with the proper IP addresses as appears in
Figure 7. The “*” indicates all IP addresses, but you can change this if you will use a specific IP. Root
credentials must exist to perform this action.
Figure 7 Ensuring the Database is Listening on All IP Addresses on Port 5432

[rootdellp4 ~]$ cd /usr/local/pgsql/data
[rootdellp4 ~]$ cp postgres.conf postgres.conf.ORIG
[root@dellp4 data]$ vi postgresql.conf

Ensure the following are not remarked out with “#”:
listen_addresses = '*'
port = 5432

:wq!
[root@dellp4 pgsql]#

Next, ensure the database will initialize at system reboot:

Create a file named postgresql in the /etc/init.d directory.

Place the information in Figure 8 inside it.

Save the file.

Figure 8 PostgreSQL Startup Script to be Saved in
/etc/init.d


#! /bin/sh

# chkconfig: 2345 98 02
# description: PostgreSQL RDBMS

# This is an example of a start/stop script for SysV-style init, such
# as is used on Linux systems. You should edit some of the variables
# and maybe the 'echo' commands.
#
# Place this file at /etc/init.d/postgresql (or
# /etc/rc.d/init.d/postgresql) and make symlinks to
# /etc/rc.d/rc0.d/K02postgresql
# /etc/rc.d/rc1.d/K02postgresql
# /etc/rc.d/rc2.d/K02postgresql
# /etc/rc.d/rc3.d/S98postgresql

7
A
T
r
en
d M
i
c
r
o T
r
en
dE
dg
e
S
o
l
u
tio
n

Ma
ximizi
ng
In
t
e
rSc
a
n
We
b
S
e
cu
rit
y

Suit
e
3.
1 f
o
r
Li
nu
x Pe
r
f
o
r
ma
nce
Usi
n
g a
C
e
n
t
r
a
lize
d
Post
g
r
eS
QL
D
a
ta
bas
e
# /etc/rc.d/rc4.d/S98postgresql
# /etc/rc.d/rc5.d/S98postgresql
# Or, if you have chkconfig, simp
ly:
# chkconfig --add postgresql
#
# P
roper init scripts on Linu
x systems normally require setting lock
# and pid files under /var/run as well as reacting to network
# settings, so you should treat this with care.

#
Original author: Ryan Kirkpatrick <pgsql@rkirk
pat.net>

#
$PostgreSQL: pgsql/contrib/start-scripts/linux,v 1.8 2006
/07/13 14:44:33 petere
Exp $

#
# EDIT
FROM HERE

#
Installation pre
fix
prefix=/usr/local/pgsql


#
Data directory
PGDATA="/usr/local
/pgsql/data"

#
Who to run the postmaster as,
usually "postgres". (NOT "root")
PGUSER=iscan

#
Where to keep
a log file
PGLOG="$PGDATA/serverlog"

#
# STOP EDITING HERE

#
The path that is to
be used for the script
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin
:/usr/sbin:/usr/bin

#
What to use to start up the postmaster (we do NOT use pg_ctl for
this,
# as it adds no value and can cause the postmaster to misrecognize a stale
# lock file)
DAEMON="$prefi
x/bin/postmaster"

#
What to use to shut down the p
ostmaster
PGCTL="$prefix/bin/pg_ctl"

se
t -e

#
Only
start if we can find the postmaster.
test -x $DAEMON || exit 0

#
Parse command line paramete
rs.
case $1 in
start)
echo
-n
"Starting PostgreSQL: "
su - $PGUSER -c "$DAEMON -D '$PGD
ATA' &" >>$PGLOG 2>&1
echo "ok"
;;
stop)
echo -
n "Stopping PostgreSQL: "
su - $PGUSER -c "$PGCTL stop -D '
$PGDATA' -s -m fast"
echo "ok"
;;
restart)
echo -n
"Restarting PostgreSQL: "
su - $PGUSER -c "$PGCTL stop -D '$P
GDATA' -s -m fast -w"
su - $PGUSER -c "$DAEMON -D '$PGDATA' &" >>$PGLOG 2>&1
echo "ok"

8
A
T
r
en
d M
i
c
r
o T
r
en
dE
dg
e
S
o
l
u
tio
n

Ma
ximizi
ng
In
t
e
rSc
a
n
We
b
S
e
cu
rit
y

Suit
e
3.
1 f
o
r
Li
nu
x Pe
r
f
o
r
ma
nce
Usi
n
g a
C
e
n
t
r
a
lize
d
Post
g
r
eS
QL
D
a
ta
bas
e
;;
reload)
echo -
n "Reload PostgreSQL: "
su - $PGUSER -c "$PGCTL reload -D
'$PGDATA' -s"
echo "ok"
;;
status)
su - $
PGUSER -c "$PGCTL status -D '$PGDATA'"
;;
*)
# P
rint help
echo "Usage: $
0 {start|stop|restart|reload|status}" 1>&2
exit 1
;;
esac

ex
it 0

wing:
e new postgresql batch file is executable.
postgresql batch file to ensure that the
Figure 9
[root@dellp4 init.d]# cd /etc/init.d
Now do the follo
1.
Ensure that th
2.
As Figure 9 demonstrates, add the commands to the
database starts up at runlevels 2, 3, 4 and 5 (you can edit this based on your environment).
Ensuring the PostgreSQL Database Starts at runlevels 2,3,4,and 5

[root@dellp4 init.d]# ls -al postgresql

-rw-r--r-- 1 root root 2408 Mar 7 13:01 po
stgresql
[root@dellp4 init.d]# chmod +x postgresql
[root@dellp4 init.d]# ls -al postgresql
-rwxr-xr-x 1 root root 2408 Mar 7 13:01 po
s
tgresql
[root@dellp4 init.d]# chkconfig --level 2345 postgresq
l on
[root@dellp4 init.d]#
[root@dellp4 init.d]#
./postgresql restart
Restarting PostgreSQL: server stopped
ok
[roo
t@dellp4 init.d]#

S
uccess! You have installed and configured the PostgreSQL database for use by IWSS 3.1 for Linux and
Note:
It is beyond the scope of this document to outline specific database tuning parameters,
have ensured it initializes at startup. At this stage, the database is available and ready for use by the
IWSS 3.1 for Linux scanners.

authentication, or general server hardening processes.


9
A
T
r
en
d M
i
c
r
o T
r
en
dE
dg
e
S
o
l
u
tio
n

Ma
ximizi
ng
In
t
e
rSc
a
n
We
b
S
e
cu
rit
y

Suit
e
3.
1 f
o
r
Li
nu
x Pe
r
f
o
r
ma
nce
Usi
n
g a
C
e
n
t
r
a
lize
d
Post
g
r
eS
QL
D
a
ta
bas
e
Install and Configure IWSS 3.1 on the Scanner Server
The next step is to install IWSS 3.1 on the scanner server(s). (For more information on this process, see
the Trend Micro InterScan Web Security Suite 3.1 for Linux Administrator’s Guide). When the IWSS 3.1
installation script prompts for database information, point it to the newly created database server. You
need the following information before starting the process:

The IP address or hostname of the database server.

The port number of the PostgreSQL server (the default is 5432).

The database superuser name (the default is “sa”).

The database superuser password. (You created this password mypassword when you installed
the database server, see Figure 4).
An example of the installation process appears in Figure 10. Note that you will have to change the IP
addresses used to reflect the IP address of the database server in your environment:
Figure 10 Example IWSS 3.1Messages when Installing a Remote Database on a Scanner Server


##############################
## Database Install ##
##############################

By default, InterScan Web Security Suite 3.1 installs a copy of PostgreSQL
database on this machine.
You can choose to use an existing remote/local PostgreSQL database.
Use an existing database? (the version 7.4.16 above only)(default no) [y/n]: Yes
Please enter h
192.168.1.202
ostname or IP address of PostgreSQL server:
Pleas
5432
e enter port number of PostgreSQL server:
Pleas
iwss
e enter database name of PostgreSQL:
Ple
sa
ase enter user name with superuser privileges of PostgreSQL:
Please enter password of [sa]:
mypassword
Backup /root/.pgpass to /root/.pgpass.db_migration.bck
Testing if 192.168.1.202 is reachable across the network...
192.168.1.202 is reachable across the network.
Testing connection to database: iwss...
Connected successfully to database.
ALTER ROLE
ALTER ROLE
Creating Database "iwss"...
The database: iwss already exists.
Do y
yes
ou want to drop it and create a new one with the same name? [ yes|y|no|n ]
You entered the response that is 'yes', start to drop, then create a new one.
Dropping DB iwss...
DROP DATABASE
CREATE DATABASE
Creating plpgsql language...
NOTICE: using pg_pltemplate information instead of CREATE LANGUAGE parameters
Creating tables and stored procedures...
Starting to create DB objects and insert initial entries...

10
A
T
r
en
d M
i
c
r
o T
r
en
dE
dg
e
S
o
l
u
tio
n

Ma
ximizi
ng
In
t
e
rSc
a
n
We
b
S
e
cu
rit
y

Suit
e
3.
1 f
o
r
Li
nu
x Pe
r
f
o
r
ma
nce
Usi
n
g a
C
e
n
t
r
a
lize
d
Post
g
r
eS
QL
D
a
ta
bas
e

CREATE TABLE
CREATE TABLE
CREATE TABLE
CREATE TABLE
CREATE TABLE
CREATE TABLE
CREATE TABLE
CREATE INDEX
CREATE TABLE
CREATE TABLE
CREATE INDEX
CREATE INDEX
CREATE TABLE
CREATE INDEX
CREATE INDEX
CREATE TABLE
CREATE INDEX
CREATE TABLE
CREATE TABLE
CREATE INDEX
CREATE TABLE
CREATE TABLE
CREATE TABLE
CREATE TABLE

CREATE TABLE

CREATE TABLE
CREATE TABLE
CREATE INDEX
CREATE INDEX
CREATE INDEX
CREATE INDEX
CREATE INDEX
CREATE INDEX
INSERT 0 1
INSERT 0 1
INSERT 0 1
INSERT 0 1
INSERT 0 1
INSERT 0 1
INSERT 0 1
INSERT 0 1
INSERT 0 1
INSERT 0 1
INSERT 0 1
INSERT 0 1
INSERT 0 1
INSERT 0 1
INSERT 0 1
INSERT 0 1
INSERT 0 1
INSERT 0 1
INSERT 0 1
INSERT 0 1
INSERT 0 1
INSERT 0 1
INSERT 0 1
CREATE TABLE
CREATE INDEX
CREATE FUNCTION

11
A
T
r
en
d M
i
c
r
o T
r
en
dE
dg
e
S
o
l
u
tio
n

Ma
ximizi
ng
In
t
e
rSc
a
n
We
b
S
e
cu
rit
y

Suit
e
3.
1 f
o
r
Li
nu
x Pe
r
f
o
r
ma
nce
Usi
n
g a
C
e
n
t
r
a
lize
d
Post
g
r
eS
QL
D
a
ta
bas
e


Repeat this step for additional scanner servers in your organization if required.
CREATE FUNCTION
CREATE FUNCTION
CREATE FUNCTION
CREATE FUNCTION
CREATE FUNCTION
CREATE FUNCTION
CREATE FUNCTION
CREATE FUNCTION
CREATE FUNCTION
CREATE FUNCTION
CREATE FUNCTION
CREATE FUNCTION
CREATE FUNCTION
CREATE FUNCTION
CREATE FUNCTION
addinitvalues
---------------
0
(1 row)

Modifying odbc.ini...
Modifying intscan.ini...
PostgreSQL setup complete.
Testing the Configuration
This process consists of two steps:
1.
The first step in verification should be to open the administrative console and view the
configuration for the IWSS Scanner server. If an error exists, a database error appears in the
Web browser. If this occurs check that you performed all configuration steps correctly. Outside
factors may also be present, for example it may be necessary to configure firewall rules to allow
traffic over port 5432 to the database server.
2.
If the console opens properly, tcpdump can be used to verify that traffic is going to the new
database server while under load. Issue the following command on the new database server
while workload is being passed through the scanner server and you can see the specific traffic
arriving at the IWSS 3.1 database server from the IWSS 3.1 scanner server over port 5432. Note
that the port (listed as eth0 below) and IP addresses should be changed to match the
environment.
o tcpdump –i eth0 port 5432 src host IP_ADDRESS_IWSS_SCANNER dst host
IP_ADDRESS_DATABASE

Returning to Standalone Mode
If you want to return to using a local database on the IWSS 3.1 for Linux scanner server, you must
reinstall IWSS 3.1 on that server and select the “Choose a local PostgreSQL database”
configuration option. The IWSS 3.1 installation script then installs a new instance of PostgreSQL and
modifies it for local use. Figure 12 shows the PostgreSQL installation script messages that displays when
you make the necessary selections:

12
A
T
r
en
d M
i
c
r
o T
r
en
dE
dg
e
S
o
l
u
tio
n

Ma
ximizi
ng
In
t
e
rSc
a
n
We
b
S
e
cu
rit
y

Suit
e
3.
1 f
o
r
Li
nu
x Pe
r
f
o
r
ma
nce
Usi
n
g a
C
e
n
t
r
a
lize
d
Post
g
r
eS
QL
D
a
ta
bas
e
Figure 11 PostgreSQL Installation Script Messages for a Local Database Installation
##################################
## Database Username & Password ##
##################################

The default username for the PostgreSQL database is "sa"...
Create a password for this database account: mypassword
Enter the password again: mypassword
CREATE USER
ALTER USER
ALTER USER
CREATE DATABASE
Starting to create DB objects and insert initial entries...
CREATE TABLE
CREATE TABLE
CREATE TABLE
CREATE TABLE
CREATE TABLE
CREATE TABLE
CREATE TABLE
CREATE INDEX
CREATE TABLE
CREATE TABLE
CREATE INDEX
CREATE INDEX
CREATE TABLE
CREATE INDEX
CREATE INDEX
CREATE TABLE
CREATE INDEX
CREATE TABLE
CREATE TABLE
CREATE INDEX
CREATE TABLE
CREATE TABLE
CREATE TABLE
CREATE TABLE
CREATE TABLE
CREATE TABLE
CREATE TABLE
CREATE INDEX
CREATE INDEX
CREATE INDEX
CREATE INDEX
CREATE INDEX
CREATE INDEX
INSERT 17252 1
INSERT 17253 1
INSERT 17254 1
INSERT 17255 1
INSERT 17256 1
INSERT 17257 1
INSERT 17258 1
INSERT 17259 1
INSERT 17260 1
INSERT 17261 1
INSERT 17262 1
INSERT 17263 1
INSERT 17264 1

13
A
T
r
en
d M
i
c
r
o T
r
en
dE
dg
e
S
o
l
u
tio
n

Ma
ximizi
ng
In
t
e
rSc
a
n
We
b
S
e
cu
rit
y

Suit
e
3.
1 f
o
r
Li
nu
x Pe
r
f
o
r
ma
nce
Usi
n
g a
C
e
n
t
r
a
lize
d
Post
g
r
eS
QL
D
a
ta
bas
e


INSERT 17265 1
INSERT 17266 1
INSERT 17267 1
INSERT 17268 1
INSERT 17269 1

INSERT 17270 1
INSERT 17271 1
INSERT 17272 1
INSERT 17273 1
INSERT 17274 1
CREATE TABLE
CREATE INDEX
CREATE FUNCTION
CREATE FUNCTION
CREATE FUNCTION
CREATE FUNCTION
CREATE FUNCTION
CREATE FUNCTION
CREATE FUNCTION
CREATE FUNCTION
CREATE FUNCTION
CREATE FUNCTION
CREATE FUNCTION
CREATE FUNCTION
CREATE FUNCTION
CREATE FUNCTION
CREATE FUNCTION
CREATE FUNCTION
addinitvalues
---------------
0
(1 row)

Loading contrib module...
CREATE FUNCTION
CREATE FUNCTION
Modifying intscan.ini...
Modifying odbc.ini...
Modifying pg_hba.conf to use password mode...
postmaster successfully signaled
PostgreSQL setup complete.

14
A
T
r
en
d M
i
c
r
o T
r
en
dE
dg
e
S
o
l
u
tio
n

Ma
ximizi
ng
In
t
e
rSc
a
n
We
b
S
e
cu
rit
y

Suit
e
3.
1 f
o
r
Li
nu
x Pe
r
f
o
r
ma
nce
Usi
n
g a
C
e
n
t
r
a
lize
d
Post
g
r
eS
QL
D
a
ta
bas
e
Glossary
Active Users – The number of users requesting Web content through an HTTP Web browser (such as
Microsoft™ Internet Explorer) at any one time.
Connection Latency – The amount of time between the user’s first click in a Web browser until the time
data begins appearing on the screen.
Default Configuration – The default configuration for IWSS 3.1 for Linux is with antivirus, Web-
reputation, URL filtering, and Applet and ActiveX Security (AAXS) active.
HTTP 1.1 Connection – A method that enables the use of one connection to send or receive multiple
HTTP requests or responses. HTTP 1.1 allows users to make multiple requests through a single
connection.
Requests per second – The rate at which IWSS 3.1 requests and processes HTTP objects (for example
.jpg, .gif or .htm files).
Scanner Server – An IWSS 3.1 server using an external database.
Think Time – The time between browser clicks for an active user.
Throughput – The amount of digital data per time unit that a network delivers over a physical or logical
link, or that is passing through a gateway scanning device. This is expressed in either Bytes per second
or bits per second (8 bits = 1 Byte).
Total Page Download Latency – The average total time to download a workload-specific Web site after
initial connection.
User Population – The total number of users with Internet access to be supported by the IWSS 3.1 for
Linux deployment.


15
A
T
r
en
d M
i
c
r
o T
r
en
dE
dg
e
S
o
l
u
tio
n

Ma
ximizi
ng
In
t
e
rSc
a
n
We
b
S
e
cu
rit
y

Suit
e
3.
1 f
o
r
Li
nu
x Pe
r
f
o
r
ma
nce
Usi
n
g a
C
e
n
t
r
a
lize
d
Post
g
r
eS
QL
D
a
ta
bas
e
Resources

Web Sites

http://www.trendmicro.com/us


http://www.redhat.com


http://www.postgresql.org/

Documentation

http://www.trendmicro.com/ftp/documentation/guides/iwss_31_linux_
b1027_AdminGd.pdf


http://www.trendmicro.com/ftp/documentation/guides/iwss_31_linux_b1027_
InstallGd.pdf



16
A
T
r
en
d M
i
c
r
o T
r
en
dE
dg
e
S
o
l
u
tio
n

Ma
ximizi
ng
In
t
e
rSc
a
n
We
b
S
e
cu
rit
y

Suit
e
3.
1 f
o
r
Li
nu
x Pe
r
f
o
r
ma
nce
Usi
n
g a
C
e
n
t
r
a
lize
d
Post
g
r
eS
QL
D
a
ta
bas
e
About the Author
Jason Pappalexis
Jason Pappalexis has been with Trend Micro for over 4 years in a Senior Technical Marketing
Engineering role and is currently a Senior Solutions Architect. Prior to working at Trend Micro, he has
worked as system administrator and field engineering roles for public and government clients. He holds a
Bachelor’s and Master’s degree in Mechanical Engineering.

17
A
T
r
en
d M
i
c
r
o T
r
en
dE
dg
e
S
o
l
u
tio
n

Ma
ximizi
ng
In
t
e
rSc
a
n
We
b
S
e
cu
rit
y

Suit
e
3.
1 f
o
r
Li
nu
x Pe
r
f
o
r
ma
nce
Usi
n
g a
C
e
n
t
r
a
lize
d
Post
g
r
eS
QL
D
a
ta
bas
e
About Trend Micro Incorporated
Trend Micro Incorporated is a pioneer in secure content and threat management. Founded in 1988, Trend
Micro provides individuals and organizations of all sizes with award-winning security software, hardware,
and services. With headquarters in Tokyo and operations in more than 30 countries, Trend Micro
solutions are sold through corporate and value-added resellers and service providers worldwide. For
additional information and evaluation copies of Trend Micro products and services, visit our Web site at
www.trendmicro.com
..

18
A
T
r
en
d M
i
c
r
o T
r
en
dE
dg
e
S
o
l
u
tio
n