Chat now with support
Chat with Support

Foglight 5.9.5 - Security and Compliance Guide

Security overview
Foglight security measures Customer security measures Security features in Foglight Disclaimer
Security features for APM appliances Usage feedback Appendix: FISMA compliance

Layer 4: Apache Tomcat server configuration

Appliances use Apache Tomcat to facilitate communication between the software components on the appliances, primarily between the Management Server and the Archiver. Communications between software components are encrypted, with the exception of Sniffer to Archiver data transfer. Appliances require SSL and client authentication for any request received from an external source (external to the appliance). For more information, see Secure data transfer between software components.

Restricted access to appliances

Access to appliances is restricted and secured in the following ways:

No root access

The root account is not used to run any services. Users cannot log in as root. The appliance’s root password is not shared with customers. The password is restricted to authorized personnel on the appliance development team. The secret root password is changed with every major release.

An internal foglight account is used by the appliances to run services. There is no external access to the account, that is, no one can log in to an appliance using the foglight account.

User authentication on appliances

Appliances control access to the Console Program using a dedicated user authentication mechanism, which is separate from the one described under Security features in Foglight . The user authentication mechanism is built on the Linux® Pluggable Authentication Modules (PAM). Account passwords are stored in encrypted form in Linux system files.

In addition to the root and foglight accounts described under No root access, the appliances ship with a default user account called setup.

The person configuring the appliances initially uses the default setup account to run the setup menu facility (hereafter called the Console Program) on an appliance. This text-mode application is the setup user’s shell, and the user is logged out when this shell is exited. The Console Program uses Yast to configure network cards and has menus to configure and start/stop Foglight® services. The setup account does not have read access to any directory where Foglight stores sensitive customer data. The setup user can create additional user accounts as necessary.

Related Documents