Chat now with support
Chat with Support

Please note, you may experience access issues between 6am - 7am Eastern time on Saturday, May 28 2022 due to planned maintenance

Foglight 6.0.0 - Security and Compliance Guide

Security overview
Foglight security measures Customer security measures Security features in Foglight FIPS-compliant mode Disclaimer
Security features for APM appliances Usage feedback Appendix: FISMA compliance

No root access

The root account is not used to run any services. Users cannot log in as root. The appliance’s root password is not shared with customers. The password is restricted to authorized personnel on the appliance development team. The secret root password is changed with every major release.

An internal foglight account is used by the appliances to run services. There is no external access to the account, that is, no one can log in to an appliance using the foglight account.

User authentication on appliances

Appliances control access to the Console Program using a dedicated user authentication mechanism, which is separate from the one described under Security features in Foglight . The user authentication mechanism is built on the Linux® Pluggable Authentication Modules (PAM). Account passwords are stored in encrypted form in Linux system files.

In addition to the root and foglight accounts described under No root access, the appliances ship with a default user account called setup.

The person configuring the appliances initially uses the default setup account to run the setup menu facility (hereafter called the Console Program) on an appliance. This text-mode application is the setup user’s shell, and the user is logged out when this shell is exited. The Console Program uses Yast to configure network cards and has menus to configure and start/stop Foglight® services. The setup account does not have read access to any directory where Foglight stores sensitive customer data. The setup user can create additional user accounts as necessary.

Secure remote access

An authorized user can access an appliance remotely using one of the following secure methods: Remote Access Controller (DRAC) or SSH.

To use SSH, the user’s account on the appliance needs to be configured to enable SSH. By default, the setup account and all new accounts have SSH disabled. If SSH is enabled, the user account requires a strong password, which must contain at least the following elements:

For instructions, see the Foglight APM Installation and Setup Guide.

Restricted network ports for appliances

All appliances

Communicate with other appliances

Management Server —> Sniffer or Archiver


Communicate with other appliances

Management Server —> Archiver


Transmit capture data from Sniffers to Archivers

Sniffer —> Relayer —> Archiver

Management Server

Communicate with other appliances

Archiver or Sniffer —> Management Server

Management Server

Run the Foglight browser interface

Client —> Management Server

Management Server

Run the browser interface over a secure connection (HTTPS)

Client —> Management Server

All appliances

Enable remote access using SSH

Client —> Appliance

The following TCP ports are left open to detect port-scanning programs: 1, 11, 110, and 143. For more information, see Layer 2: Port scan detection and blocking tool. When time synchronization with a time server using NTP is enabled, UDP port 123 is open.

To use port 8443 instead of 8080, set the Management Server’s httpsonly option to true. When the Management Server is hosted on an appliance, the setting is located in the appliance.config file, which you can access from the command line.

Select Advanced Options.
Select Access Shell.
Type: vi /opt/quest/foglight/config.appliance/appliance.config
Type: rcfoglight restart

To enable remote access using SSH, open port 22 for individual Console Program user accounts.

Select Console User Accounts.
Select Modify Console User.
Select Enable/Disable SSH.
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating