2 security, 1 integrated security features – HP Insight Control Software for Linux User Manual
Page 22
2 Security
2.1 Integrated security features
This section describes features that are integrated into HP SIM and Insight Control for Linux to make
them secure. Security features are also discussed in context of the associated topic throughout this
document.
•
Browser Connections
HP SIM enforces a secure connection to the web browser.
•
User Names and Passwords
The following is a list of user names and passwords on your CMS that permit access only to
authorized users:
◦
Linux root password
Permits access to the root account on the CMS, which has privileges to perform any
administrative task.
◦
HP SIM user name and password
A user with administrative privileges who can launch and use HP SIM and Insight Control
for Linux to manage and monitor systems.
◦
Management processor user name and password
Allows access to the serial console ports of the managed systems.
◦
Nagios administrator password
Grants access to launch and use the Nagios system and network monitoring application.
•
Directory access
The following two directories are accessible to nonroot users:
◦
/opt/hptc
◦
/opt/repository
HP recommends that you do not create guest and other nontrusted user accounts on the CMS
so that users cannot access, add, or delete files in these directories.
•
Firewalls
Insight Control for Linux works with a firewall if you open the appropriate ports.
HP recommends that you use a firewall.
•
Secure Shell
Secure Shell (SSH) is the preferred method to access managed systems. Typically, you use the
ssh
command to get a login shell or to run commands.
Insight Control for Linux and most modern Linux distributions provide the OpenSSH suite,
which includes the ssh command. OpenSSH implements both ssh1 and ssh2 protocols;
ssh2
is the preferred default protocol. RSA, RSA1 and DSA host keys are supported. The
keys used to identify hosts are 1024-bit RSA keys, and a 256-bit AES key is used for encrypting
communication. The diffie-helman-group1-sha key is used.
The defaults should be sufficient but, if your environment requires different key configurations,
see the following web address for information on their proper configuration:
22
Security