Safe and Powerful: Security in HP-UX System Management Homepage (SMH)

ManualsBrandsHP ManualsSoftwareHP-UX System Administration

EXECUTIVE SUMMARY

This white paper provides an overview of the security aspects in HP SMH, which is

the single system management solution introduced to manage an HP-UX system. The

white paper describes the various security features that the application provides, and

includes security related tips for system administrators.

The intended audience for this document includes HP customers currently using or

planning to use the HP System Management Homepage application, system

administrators, response center engineers and HP field and consulting personnel who

advise customers on solutions for their environments. It is assumed that the reader has

functional knowledge of HP-UX system administration.

Safe and Powerful: Security in HP-UX System

Management Homepage (SMH)

A white paper on the security related features in the web-based SMH

Revision 1.0

Summary of content (13 pages)

PAGE 1
Safe and Powerful: Security in HP-UX System Management Homepage (SMH) A white paper on the security related features in the web-based SMH Revision 1.0 EXECUTIVE SUMMARY This white paper provides an overview of the security aspects in HP SMH, which is the single system management solution introduced to manage an HP-UX system. The white paper describes the various security features that the application provides, and includes security related tips for system administrators.
PAGE 2
Table of Contents Introduction ......................................................................................................................................... 3 SMH key benefits................................................................................................................................. 3 SMH – creating a secure product .......................................................................................................... 4 SMH security features ..............................
PAGE 3
Introduction HP System Management Homepage (SMH) is the single system management solution for managing HP-UX 11i. It is a web-based tool and uses the Apache web server. SMH is also available for Linux, and Microsoft® Windows® systems. The key features of SMH are its system administration capabilities and its ability to display details of hardware attributes.
PAGE 4
 SMH offers auto-start and time-out features that the user can configure by using the hpsmh(1M) and smhstartconfig(1M) commands.  SMH supports the Mozilla, Firefox, and Internet Explorer web browsers.  SMH provides the command preview feature that enables the user to view the commands that will be run for a task before executing that task. This feature facilitates training and usage in scripts.  A majority of the SMH applications are localized.
PAGE 5
 Common HTTP and HTTPS service for HP Insight Management Agents and utilities, for reduced complexity and system resource requirements.  Certificate-based authentication which is considered to be a very safe and secure mode of authentication. Certificates signed by CAs such as VeriSign can be used for this.  Simplified architecture for implementing HTTP security and HP management updates.
PAGE 6
• DNS name (for example, Linux;Linux.localdomain) • IP Address (for example, 10.16.165.1;192.168.1.189) Anonymous/Local Access Settings → System Management Homepage → Security → Local/Anonymous Access Anonymous/Local access enables you to select the following settings to include: • Anonymous Access (Disabled by default). Enabling Anonymous Access enables a user to access the SMH without logging in.
PAGE 7
User. After operating system groups are added, the operating system administrator can add operating system users into these operating system groups. Each SMH access level can be assigned up to five operating system groups. The SMH installation enables you to assign the operating system groups to SMH. SMH will not allow adding an operating system group if the specified operating system group is not defined in the operating system.
PAGE 8
Table 1: SMH Configuration – Timeout Variables Variable JAVA_HOME 15 TIMEOUT_SMH TIMEOUT_TOMCAT Description This variable points to the /opt/hpsmh/lbin/envvars directory where JDK is installed. The tag defines the HP SMH session timeout in minutes. If it is defined, then the HP SMH session stops after the time period has elapsed without any user activity. If it is not defined, then the default for the HP SMH session timeout is 15 minutes.
PAGE 9
Autostart URL This mode is the default setting for startup. You can start SMH by using a web browser and navigating to http://hostname:2301/. If autostart is configured as the default, there is a daemon listening only on http://hostname:2301. There is no daemon listening on port 2381 and hence this port will fail. When a request reaches port 2301 (http), then the HP-UX Apache-based Web Server is started on port 2381 (https) and the page is automatically redirected.
PAGE 10
The error log and access_log files are stored on the system at /opt/hpsmh/logs. The System Management Homepage Error Log contains error information generated by SMH modules and CGI execution errors (httpd). It is the first place to look when a problem occurs with starting the server or with server operation because, the log often contains details of what went wrong and how to fix the problem. The access_log records all requests processed by the server.
PAGE 11
For more information about Bastille, see the bastille(1M) manpage, and the Bastille User Guide available at /opt/sec_mgmt_bastille/docs/user_guide.txt. Securely maintaining SMH – Tips Here are some tips for maintaining a secure SMH environment: • Limit the number of root users. • Regularly review system and SMH logs. • Always ‘logout’ of an SMH session. SMH automatically logs out the user if there is no activity for the ‘session timeout’ period, 15 minutes being the default period.
PAGE 12
installation guide is available on the HP Technical Documentation website at http://docs.hp.com. Also, for Linux and Windows operating system releases, the installation guide is available on the Management CD and at the SMH web page at http://h18013.www1.hp.com/products/servers/management/agents/documentation.html HP System Management Homepage User Guide The user guide provides a set of documentation for using, maintaining, and troubleshooting SMH.
PAGE 13
For more information HP SIM security resources Understanding SIM security http://h10018.www1.hp.com/wwsolutions/misc/hpsim-helpfiles/hpsim_5_Security.pdf Managing HP Servers through firewalls with SIM http://h10018.www1.hp.com/wwsolutions/misc/hpsim-helpfiles/ManagingHPServerswithHPSIM.pdf SIM Secure Data Transmission http://docs.hp.com/en/5991-4498/ch01s08.html Secure Shell in SIM 5.3 http://h10018.www1.hp.com/wwsolutions/misc/hpsim-helpfiles/hpsim_53_ssh.