beautypg.com

2 security, 1 integrated security features – HP Insight Control Software for Linux User Manual

Page 25

background image

2 Security

2.1 Integrated security features

This section describes features that are integrated into HP SIM and Insight Control for Linux to
make them secure. Security features are also discussed in context of the associated topic
throughout this document.

Browser Connections

HP SIM enforces a secure connection to the web browser.

User Names and Passwords

The following is a list of user names and passwords on your CMS that permit access only
to authorized users:

— Linux root password

Permits access to the root account on the CMS, which has privileges to perform any
administrative task.

— HP SIM user name and password

A user with administrative privileges who can launch and use HP SIM and Insight
Control for Linux to manage and monitor systems.

— Management processor user name and password

Allows access to the serial console ports of the managed systems.

— Nagios administrator password

Grants access to launch and use the Nagios system and network monitoring application.

Directory access

The following two directories are accessible to nonroot users:

— /opt/hptc
— /opt/repository

HP recommends that you do not create guest and other nontrusted user accounts on the
CMS so that users cannot access, add, or delete files in these directories.

Firewalls

Insight Control for Linux works with a firewall if you open the appropriate ports.

HP recommends that you use a firewall.

Secure Shell

Secure Shell (SSH) is the preferred method to access managed systems. Typically, you use
the ssh command to get a login shell or to run commands.

Insight Control for Linux and most modern Linux distributions provide the OpenSSH suite,
which includes the ssh command. OpenSSH implements both ssh1 and ssh2 protocols;
ssh2

is the preferred default protocol. RSA, RSA1 and DSA host keys are supported. The

keys used to identify hosts are 1024-bit RSA keys, and a 256-bit AES key is used for encrypting
communication. The diffie-helman-group1-sha key is used.

The defaults should be sufficient but, if your environment requires different key
configurations, see the following web address for information on their proper configuration:

http://www.openssh.com/manual.html

The SSH service also enables file transfer with the scp or sftp commands over the same
port as SSH.

2.1 Integrated security features

25