2 security, 1 integrated security features – HP Insight Control Software for Linux User Manual
Page 25
2 Security
2.1 Integrated security features
This section describes features that are integrated into HP SIM and Insight Control for Linux to
make them secure. Security features are also discussed in context of the associated topic
throughout this document.
•
Browser Connections
HP SIM enforces a secure connection to the web browser.
•
User Names and Passwords
The following is a list of user names and passwords on your CMS that permit access only
to authorized users:
— Linux root password
Permits access to the root account on the CMS, which has privileges to perform any
administrative task.
— HP SIM user name and password
A user with administrative privileges who can launch and use HP SIM and Insight
Control for Linux to manage and monitor systems.
— Management processor user name and password
Allows access to the serial console ports of the managed systems.
— Nagios administrator password
Grants access to launch and use the Nagios system and network monitoring application.
•
Directory access
The following two directories are accessible to nonroot users:
— /opt/hptc
— /opt/repository
HP recommends that you do not create guest and other nontrusted user accounts on the
CMS so that users cannot access, add, or delete files in these directories.
•
Firewalls
Insight Control for Linux works with a firewall if you open the appropriate ports.
HP recommends that you use a firewall.
•
Secure Shell
Secure Shell (SSH) is the preferred method to access managed systems. Typically, you use
the ssh command to get a login shell or to run commands.
Insight Control for Linux and most modern Linux distributions provide the OpenSSH suite,
which includes the ssh command. OpenSSH implements both ssh1 and ssh2 protocols;
ssh2
is the preferred default protocol. RSA, RSA1 and DSA host keys are supported. The
keys used to identify hosts are 1024-bit RSA keys, and a 256-bit AES key is used for encrypting
communication. The diffie-helman-group1-sha key is used.
The defaults should be sufficient but, if your environment requires different key
configurations, see the following web address for information on their proper configuration:
The SSH service also enables file transfer with the scp or sftp commands over the same
port as SSH.
2.1 Integrated security features
25