Manualshelf

Understanding HP SIM 5.1 and 5.2 security (481362-003, January 2009)

ManualsBrandsHP ManualsSoftwareHP Systems Insight Manager 5.x Windows Software
11121314151617181920
Auditing
The HP SIM audit log contains entries for important system activities, such as executed tasks,
authorization modifications, user sign in and sign out, and so on. Tools by default are configured so
that results are logged to the audit log, but their tool definition files can be modified so that this is not
the case.
Command-line interface
Much of HP SIM’s functionality can be accessed through the command line. To access the command-
line interface, you must be logged on to the CMS using an operating system account that is a valid
HP SIM user account. That account’s authorizations and privileges within HP SIM apply to the
command line interface as well.
Note: On a Windows system, the operating system account must have administrator-level access on
the CMS for all of the commands to work properly.
How-to: configuration checklist
General
Configure firewalls to allow desired ports/protocols.
Review lockdown versus ease of use.
After configuring the CMS and managed systems, run discovery on the CMS.
Configure CMS
Inspect SSL server certificate and update if desired.
Configure WBEM passwords and SNMP community strings in global protocol settings. See the
Configuring the CMS for managed systems section below.
Configure user accounts, based on operating system accounts that will access HP SIM.
Review and configure toolboxes if defaults are not appropriate.
Review and configure authorizations for users.
Configure system link configuration format.
Review audit log.
Strong security
Note: See How-to: lockdown versus ease of use for more details
Enable Require Trusted Certificates, inspect and import desired system SSL certificates or root
signing certificates.
Require only known SSH keys, inspect and import desired system SSH public keys.
Configure managed systems
Configure SNMP community strings, which are required at the CMS.
For WBEM on HP-UX and Linux, configure the WBEM password. This password is required at the
CMS. For the highest level of security, a different user name and password can be used for each
managed system; each user name and password pair must be entered into the CMS to enable
access.
The CMS requires a user name and password to access WMI data on Windows systems. By
default, a domain administrator account can be used for this, but you should use an account with