IMPORTANT:Because of the highly sensitive nature of the data on the Sentinel Server, you should keep the machine physically secure and in a secure area of the network. To collect data from event sources outside the secure network, use a remote Collector Manager.
For certain components, passwords must be stored so that they are available when the system needs to connect to a resource such as the database or an event source. In this case, when the password is stored, it is first encrypted to avoid unauthorized access to the clear text password.
Even when the password is encrypted, you must be careful that the access to the stored password data is protected in order to avoid password exposure. For example, you can ensure that the permissions on the files with sensitive data are not readable by unauthorized users.
advisor_client.xml
The database credentials are stored in the <installation_directory>/config/server.xml file
<class>esecurity.base.ccs.comp.dataobject.ConnectionManager</class> <property name="username">appuser</property> <property name="password">7fA+ogBMeK7cRbJ+S6xJ/InLBUi+sRVGK5qYycDxfIqGDHVX9FApWg==</property>
<obj-component id="DownloadComponent"> <class>esecurity.ccs.comp.advisor.feed.NewAdvClientDownload</class> <property name="advisor.downloadfrom.url">https://secure-www.novell.com/sentinel/advisor/advisordata</property> <property name="username">admin</property> <!-- Set the password (encrypted) using the adv_change_password script --> <property name="password">jqhlWIX8HD6GDHVX9FApWg==</property> <property name="compression.enabled">true</property> <!-- Set the following properties to connect through an HTTP proxy. Set the proxy password (encrypted) using the adv_change_password script (make a copy of the script and add "-x" to the java cmd line to set the proxy password instead of the advisor password. --> <!-- <property name="proxy_host"></property> <property name="proxy_port"></property> <property name="proxy_username"></property> <property name="proxy_password"></property> --> </obj-component>
<strategy active="yes" id="jms" location="com.esecurity.common.communication.strategy.jmsstrategy.activemq.ActiveMQStrategyFactory" name="ActiveMQ"> <jms brokerURL="failover://(ssl://localhost:61616?wireFormat.maxInactivityDuration=30000)?randomize=false" interceptors="compression" keystore="../config/.activemqclientkeystore.jks" keystorePassword="password" password="374d9f338b4dc4b50e45b3822fc6be12" username="system"/> </strategy>
<class>esecurity.base.ccs.comp.dataobject.ConnectionManager</class> <property name="username">appuser</property> <property name="password">7fA+ogBMeK7cRbJ+S6xJ/InLBUi+sRVGK5qYycDxfIqGDHVX9FApWg==</property>
<class>esecurity.base.ccs.comp.dataobject.ConnectionManager</class> <property name="username">appuser</property> <property name="password">7fA+ogBMeK7cRbJ+S6xJ/InLBUi+sRVGK5qYycDxfIqGDHVX9FApWg==</property>
Some database tables store passwords and certificates. This sensitive data is encrypted and is stored in the tables listed below. You must limit the access to these tables.
evt_src: evt_src_config column data
evt_src_collector: columns: evt_src_collector_props
evt_src_grp (doubt): columns: evt_src_default_config
md_config: column: data
integrator_config: column: integrator_properties
md_view_config: column: view_data
esec_content: column: content_context, content_hash
esec_content_grp_content: columns: content_hash
sentinel_plugin: columns: content_pkg, file_hash
Sentinel Rapid Deployment stores both configuration data and event data. This data is stored at the following locations: