This page explains the steps required to setup a service account that some of the Workflow components will use to read data from the CCS Vulnerability Manager database.


The file paths listed below are for the Linux instance of CCSVM; if you're using the Windows version, just search for the file names in the Postgres install path.  Also, you can restart the Postgres db services via the Windows Service Manager.

The below bracketed values will be replaced by the values specific to your environment.
  • [api user] - Same user used to connect to the api
  • [api password] - Password for that user
  • [workflow server ip] - Ip address of the workflow server. DNS names are not allowed here.

 

  • Go to the ccsvm console (ssh if remote)
  • Change to /opt/Symantec/CCSVM/nsc/nxpgsql/nxpdata
    • cd /opt/Symantec/CCSVM/nsc/nxpgsql/nxpdata

  • Modify postgresql.conf to allow connections from all hosts
  • nano postgresql.conf
    • uncomment line with listen_addresses = '*'

  • Modify pg_hba.conf
  • nano pg_hba.conf
    • edit localhost line to trust from md5
    • add as the first entry
    • hostnossl       nexpose         /32            md5

  • Restart postgres or reboot
    • sudo -u nxpgsql ../pgsql/bin/pg_ctl reload -D ../nxpdata

  • Login to postgres
      • /opt/Symantec/CCSVM/nsc/nxpgsql/pgsql/bin/psql -U nxpgsql nexpose

      • execute sql (make sure to include the ; at the end of the commands)
        • CREATE ROLE [api user] LOGIN PASSWORD '[api password]' VALID UNTIL 'infinity';
        • GRANT CONNECT ON DATABASE nexpose TO [api user];
        • GRANT all ON SCHEMA nxsilo_default TO [api user];
        • GRANT all ON SCHEMA nxglobal TO [api user];
        • GRANT SELECT ON nxglobal.vuln_defs TO [api user];
        • GRANT SELECT ON nxsilo_default.node_tests TO [api user];
        • GRANT SELECT ON nxsilo_default.nodes TO [api user];
        • GRANT SELECT ON nxsilo_default.node_tests_vulnerable TO [api user];
        • GRANT SELECT ON nxglobal.vuln_exploits TO [api user];
        • GRANT SELECT ON nxsilo_default.node_ep TO [api user];
        • GRANT SELECT ON nxsilo_default.device_synopsis TO [api user];
        • GRANT SELECT ON nxsilo_default.ep_tests TO [api user];
        • GRANT SELECT ON nxsilo_default.vuln_exceptions TO [api user];
        • GRANT SELECT ON nxsilo_default.vulns TO [api user];
        • GRANT SELECT ON nxsilo_default.sites TO [api user];
        • GRANT SELECT ON nxsilo_default.site_devices TO [api user];
        • GRANT SELECT ON nxsilo_default.node_addr_ip4 TO [api user];
        • GRANT SELECT ON nxsilo_default.node_name TO [api user];
 
  • Modify pg_hba.conf
  • nano pg_hba.conf
  • edit localhost line back to md5 from trust

  • Restart postgres or reboot
    • sudo -u nxpgsql ../pgsql/bin/pg_ctl reload -D ../nxpdata


  • Download the Components Only Package - click here
  • Set the Project Properties for your environment



  • Run the simulator and verify that the components execute w/out errors.
  • Please submit feedback (click here) if you have any problems or have suggestions for improvement.  thx