Collected data from Foglight® agents is stored in the repository database, which is protected through user access control. This data contains collected metrics and statistics about the systems on the monitored hosts, as well as agent configuration parameters.
The Management Server's Web application server supports the use of SSL, in order to protect Foglight® users' login credentials. Foglight provides its own self-signed SSL certificate on the Web application server, and enables customers to provide a replacement SSL certificate of their choice. SSL certificates are managed through the JavaTM keystore on the Management Server.
When running a security scan on the Management Server, customers may discover that ServerTokens for the Apache HTTP Server has not been set.
Synopsis: The Apache HTTP Server could allow a remote attacker to obtain sensitive information. The Apache HTTP Server uses a configuration directive called ServerTokens to control what information the server discloses about itself in the HTTP header lines of the banner in a response to a query. The information disclosed includes the operating system and the software versions running on the server. When ServerTokens has not been set, an attacker could launch attacks.
2 |
Navigate to the <foglight_home>/server/tomcat/server.xml directory. |
3 |
Open the server.xml file for editing. |
4 |
5 |
6 |
Save and close the server.xml file and restart the Management Server. |
The Management Server's Web application server supports the use of SSL, in order to protect Foglight® users' login credentials. Foglight provides its own self-signed SSL certificate on the Web application server, and enables customers to provide a replacement SSL certificate of their choice. SSL certificates are managed through the JavaTM keystore on the Management Server.
When running a security scan on the Management Server, customers may discover that ServerTokens for the Apache HTTP Server has not been set.
Synopsis: The Apache HTTP Server could allow a remote attacker to obtain sensitive information. The Apache HTTP Server uses a configuration directive called ServerTokens to control what information the server discloses about itself in the HTTP header lines of the banner in a response to a query. The information disclosed includes the operating system and the software versions running on the server. When ServerTokens has not been set, an attacker could launch attacks.
2 |
Navigate to the <foglight_home>/server/tomcat/server.xml directory. |
3 |
Open the server.xml file for editing. |
4 |
5 |
6 |
Save and close the server.xml file and restart the Management Server. |
Most Foglight® agents communicate with the Management Server through the included client application, the Agent Manager. The exceptions are the Java EE Technology agents that communicate with the Management Server across a separate binary protocol, and agents that use the low level XML over HTTP(S) data submission option. When activating an agent it is necessary to communicate its properties, which may include login credentials for accounts on the monitored host.
© 2024 Quest Software Inc. ALL RIGHTS RESERVED. Conditions d’utilisation Confidentialité Cookie Preference Center