Table of Contents
Advertisement
Tuning, Troubleshooting, Security, and Maintenance
ITO Security
Passwords on Novell NetWare Managed Nodes
The password for the default operator opc_op is not assigned during the
installation of the agent software. For security reasons, it is strongly
recommended to assign a password to opc_op, using NetWare tools, after
the agent software is installed.
Automatic and Operator-initiated Actions
Action requests and action responses can contain sensitive information
(application password, application responses and so on), which might be
of interest to intruders. In a secure system this might not be a problem.
However, if these requests and responses have to pass through a firewall
system or even over the Internet where packets may be routed through
many unknown gateways and networks, then administrators need to
think in terms of the measures required to improve security.
In addition, automatic and operator-initiated actions are currently
executed as root. Consequently, in order to prevent security holes, it is
essential that the administrator:
protect any shell scripts (for example, those used to switch user) by
assigning minimal rights
choose carefully the commands which an application uses
Queue Files
The queue files for the message interceptor (msgiq) and the monitor
agent (monagtq) and used by opcmsg and opcmon for communicating
with their corresponding processes have read/write permission for
everyone. Sensitive messages can be read by displaying these queue files
as a regular user.
In addition, the administrator also needs to take into account the fact
that the opcmsg and opcmon commands allow anybody to send a
message which triggers automatic action attached to a message even on
another node.
456
Chapter 10
Advertisement
Table of Contents
Troubleshooting
