For certain components, passwords must be stored so that they are available to the components when the system needs to connect to a resource such as a database or an event source. In this case, the password is first encrypted to avoid unauthorized access to the clear-text password.
Even if the password is encrypted, you must ensure that the access to the stored password data is protected in order to avoid password exposure. For example, you can set permissions to ensure that files with sensitive data are not readable by other users.
Database credentials are stored in the /etc/opt/novell/sentinel_log_mgr/config/server.xml file.
<class>esecurity.base.ccs.comp.dataobject.ConnectionManager</class> <property name="username">appuser</property> <property name="password">7fA+ogBMeK7cRbJ+S6xJ/InLBUi+sRVGK5qYycDxfIqGDHVX9FApWg==</property>
Following is an example of Database Credentials in the configuration.xml file:
<strategy active="yes" id="jms" location="com.esecurity.common.communication.strategy.jmsstrategy.activemq.ActiveMQStrategyFactory" name="ActiveMQ"> <jms brokerURL="ssl://localhost:61616?wireFormat.maxInactivityDuration=0&jms.copyMessageOnSend=false" interceptors="compression" keystore="/etc/opt/novell/sentinel_log_mgr/config/.activemqclientkeystore.jks" keystorePassword="password" password="ebccfebf4ec3dac874494b992a91a3c9" username="system"/> </strategy>
The following database tables store passwords (/certificate) in the encrypted format.You must limit access to these tables.
EVT_SRC: column: ect_src_config column data
evt_src_collector: column: evt_src_collector_props
evt_src_grp: column: evt_src_default_config
md_config: column: data
integrator_config: column: integrator_properties
md_view_config: column: view_data
esec_content: column: content_context, content_hash
esec_content_grp_content: column: content_hash
sentinel_plugin: column: content_pkg, file_hash
Sentinel Log Manager stores both configuration data and event data in the following locations:
Table 2-2 Locations for Configuration Data and Event Data
Components |
Location for Configuration Data |
Location for Event Data |
---|---|---|
Event Data |
The database tables and file system at /etc/opt/novell/sentinel_log_mgr/config. This configuration information includes the encrypted database, event source, integrators, and passwords. |
The database (EVENTS, CORRELATED_EVENTS, and the EVT_SMRY_* and AUDIT_RECORD tables), and the file system at /var/opt/novell/sentinel_log_mgr/data/events. NOTE:Event data can be archived to the file system as part of the partition management job. |
Collector Manager |
The file system at /var/opt/novell/sentinel_log_mgr/data/eventdata and /var/opt/novell/sentinel_log_mgr/data/rawdata. The most sensitive configuration information is the client key pair used to connect to the message bus. |
Event data might be cached on the file system during error conditions such as the message bus being down or event overflow. This event data is stored in the /var/opt/novell/sentinel_log_mgr/data/collector_mgr.cache directory. |