The following scripts are designed to allow you to quickly and easily reconfigure the TIE Server, the DXL brokers, and the McAfee Agent.
Accessing the scripts
The scripts are located in the
/home/<username> directory. They must be executed with sudo permissions, for example,
sudo /home/myname/change-hostname.
Script Name |
Description |
Reboot Required or Not |
change-hostname |
Changes the host name of the current TIE Server or DXL broker appliance. This script restarts the McAfee Agent and DXL broker. If you use this script to change the host name of a secondary TIE Server, you must also update the connection configuration on the primary to reflect the new host name. (As of TIE 2.1.x, primary and secondary servers are now called primary and secondary servers.)
TIE 2.0 and later. You can trigger the update to the connection configuration. Change the 'Operation Mode' in the 'TIE Server Topology Management' Server setting to another mode, then set it back to the original operation mode. |
Recommended |
change-services |
Enables or disables the DXL broker.
If the DXL broker was initially disabled during first boot, the script prompts for DXL broker configuration information. |
No |
reconfig-ca |
Obtains an updated Certificate Authorities chain from ePolicy Orchestrator (ePO) and stores it in the TIE Server. |
No |
reconfig-dxl |
Reconfigures the DXL port. |
No |
reconfig-ma |
Reconfigures the McAfee Agent.
The agent and DXL broker services are restarted. New keystores are generated when the service starts. See below for full details of the process that occurs after running reconfig-ma:
- By design, running reconfig-ma erases the certificates for both DXL and TIE Server.
- McAfee Agent will take 90–120 seconds to fully start after being reconfigured.
- After DXL is started, it obtains a GUID from McAfee Agent.
- DXL requests certificates using a Data Channel request.
- A full props ASCI (agent-server communication interval) is triggered so the DXL broker shows in the products list in ePO.
- The Manage DXL Brokers server task runs so the DXL broker gets tagged as a broker and is in policy.
- A full props ASCI is triggered so the DXL broker sees itself (and other brokers, as appropriate) in policy.
- Send a new Certificate Signing Request to ePO through DXL to obtain the Certificate, Private Key, and Certification Authorities that are used for authentication.
- Bridging occurs as defined by policy.
WARNING: Do not use reconfig-ma during a certification regeneration. Doing the reconfiguration of the brokers creates a certificate chain, which causes connection issues. |
Recommended |
reconfig-network |
Reconfigures the current network interface, from DHCP to manual, or from manual to DHCP. |
Required |
reconfig-ntp |
Reconfigures the Network Time Protocol (NTP) servers. |
No |
reconfig-pghba |
Adds or removes entries from the list of allowed hosts that make remote connections to PostgreSQL.
This script is not available in TIE Server 2.0.0 and later. |
No |
reconfig-tie |
Changes the role of the TIE Server.
For example, changes the server from a Secondary to a Primary, or from a Primary to a Reporter.
This script is not available in TIE Server 2.0.0 and later. |
No |
update-sensitive-property.sh |
Changes the password for database users and other properties. |
No |
NOTE: As of TIE Server version 2.1.0, the naming convention for Master and Slave operations changed to Primary and Secondary. For example:
Master becomes Primary
Slave becomes Secondary
Previous versions of TIE Server retain the original Master/Slave designations.