1. Installation Guide
  2. Installing Session Monitor
  3. Installing Session Monitor Using the RPM

Installing Session Monitor Using the RPM

This section describes installing the Session Monitor using RPM.

You have to set up the machine with Oracle Linux operating system to install Session Monitor using the RPM.

Note:

Oracle Linux installs Kernel 3 by default but it is recommended to use the latest unbreakable kernel 4. Session Monitor requires the yum groups @base and @core.

Configurations are necessary for proxies and repos, if there are any. See Configuring Proxies and Repos.

To install Session Monitor using an RPM:

  1. Change the edition of MySQL to enterprise edition. Refer unresolvable-reference.html.
  2. If you have a running Oracle Linux 7 (DPDK) probe with an Oracle Communications Session Monitor version prior to 3.4.0, uninstall Session Monitor by running the following command: 
    yum remove ocsm
  3. Verify that the system hosting the mediation engine is connected to the Internet.
  4. Log on to the Mediation Engine server as the root user or root privileged user.
  5. Verify that Oracle Linux 7 is installed by running the following command: 
    cat /etc/oracle-release
  6. Download the Session Monitor software by doing the following:
    1. Create a temporary directory ( temp_dir) on the system that hosts the mediation engine.
    2. Download the software pack for your operating system from the Oracle software delivery web site.
    3. Download the Session Monitor installation software RPM ZIP file to temp_dir.
    4. Unzip the Session Monitor installation software RPM ZIP file.
  7. Install the Session Monitor RPM file by running the following command: 
    yum install ocsm-<rn>x86_64.rpm

    where:

    • <rn> is the current Session Monitor release number.
    For example, ocsm-4.4.0.0.0-10243.x86_64.rpmrp

    The following partitioning options are available:

    • Single partition (default option)
    • Secondary partition for data storage
  8. Perform the following steps to create separate partition for data (block) storage:
    1. Create the partition for data storage
    2. Run the following command to create a directory to mount the partition: 
      mkdir -pv /opt/oracle/ocsm/var/vsi
    3. Adjust /etc/fstab to mount the data storage partition. For example: 
      LABEL=PLD_DATA /opt/oracle/ocsm/var/vsi ext4 defaults,nosuid,nodev,nofail 0 2

      Result: During installation partition will be detected by product setup application and the system uses the separate partition.

  9. Verify the installation by doing the following:
    1. Navigate to /var/log/ocsm file.
    2. Verify whether the following log file exists: ocsm_installed_*.log
  10. Adjust the firewalld to access the Session Monitor applications by doing the following:
    1. Allow firewalld to access the HTTPS service (port 443) by running the following command: 
      firewall-cmd --permanent --zone=public --add-service=https
    2. (Optional) If you are planning to configure the system as a mediation engine, allow the firewalld to access the probe connection by doing the following:
      • For SBC (embedded) probes: 
        firewall-cmd --permanent --zone=public --add-port=4739/tcp
firewall-cmd --permanent --zone=public --add-port=4740/tcp
      • For standalone probes: 
        firewall-cmd --permanent --zone=public --add-port=4741/tcp
firewall-cmd --permanent --zone=public --add-port=4742/tcp
    3. Reload the configuration by running the following command: 
      firewall-cmd --reload

    Note:

    If you are planning to enable additional services, see the discussion about network security in Oracle Communications Session Monitor Security Guide for a complete list of services and their respective ports.

Enabling SELinux

Session Monitor currently supports the following top-level state of SELinux on a system – enforcing, permissive and disabled. The only supported SELinux type is targeted.

To enable SELinux:
  1. Run the command to set the SELinux mode as enforcing and SELinux policy as targeted:
    sed -i -e "s/^SELINUX=.*/SELINUX=enforcing/" /etc/selinux/config
    sed -i -e "s/^SELINUXTYPE=.*/SELINUXTYPE=targeted/" /etc/selinux/config
  2. Reboot the system using the command: 
    reboot
  3. After the reboot, run the command to verify the SELinux status:
    sestatus
    Verify the command output:
    SELinux status:        enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   enforcing
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      31
  4. Install the customized SELinux policy modules for Session monitor using the command:
    cd /opt/oracle/ocsm/
./ocsm_ext.sh

Disabling SELinux

Use the following instructions to disable SELinux.

  1. Set the SELinux mode as disabled using the command as a root user:
    sed -i -e "s/^SELINUX=.*/SELINUX=disabled/" /etc/selinux/config
  2. Reboot the system using the command:
    reboot
  3. Verify the SELinux status using the command:
    sestatus
  4. Verify the output:
    SELinux status: disabled

Adding Ports in the SELinux Port List

On a SELinux enabled machine, in order to use any port other than the default ports in the Session Monitor, add the port in the SELinux port list using the following commands.

yum install -y setroubleshoot-server 
semanage port -a -t <Service_Name> -p <Protocol> <Port_Number>
You can view all ports allowed in the SELinux using the command: 
semanage port -l
For example: By default, SELinux allows http to listen on TCP ports 80, 443, 488, 8008, 8009, or 8443.
To configure http to run on a port other than the TCP ports listed above, such as 8001, then add the ports to the SELinux port list using the command:
semanage port -a -t http_port_t -p tcp 8001

Troubleshooting Tips

Following intructions will be helpful in solving issues in configuring SELinux.

To modify the mode in which SELinux runs in real-time, run the following commands:

Table 2-1 Modifying SELinux Mode

Mode Command
To run SELinux in permissive mode (System prints warnings only but does not enforce SELinux policy) 
setenforce 0
To run SELinux in the enforcing mode (SELinux security policy is enforced) 
setenforce 1
Verify the status using command 
getenforce