Novell Cool Solutions

Restrict Access to ZENworks Control Center



By:

February 24, 2010 4:52 pm

Reads:4,861

Comments:3

Score:5

Print/PDF

Under the following directory you will find a file named context.xml:

/opt/novell/zenworks/share/tomcat/tomcat/conf/

Edit the file with your favorite text editor and add the following line between “<context>” and “</context>” tags:

<Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="192.168.0.*"/>

Then only hosts in the 192.168.0.0/24 network would get access to ZCC.

After saving the edited file you need to restart ZENworks before the changes take effect.

1 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 5 (1 votes, average: 5.00 out of 5)
You need to be a registered member to rate this post.
Loading...Loading...

Categories: Uncategorized

3

Disclaimer: This content is not supported by Novell. It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test it thoroughly before using it in a production environment.

3 Comments

  1. By:dwu2001

    It is an issue I concern while testing ZCM. zcc is accessible from the world,
    and I do not find it is mentioned in the documents.
    Thank you for the tip. I run ZCM on SLES, so I find it is easier to set up a rule
    in iptables firewall. The context.xml file maybe overwritten during update.

    I also notice that 127.0.0.1 is also needed in the allow list, otherwise zman return error 13.

  2. By:strada-ch

    At least with ZCM 11 SP2 I tested with, this setting prevents also clients from communicating with this primary (such as downloading bundles). Therefore unfortunately not only effective for ZCC and not usable.

  3. By:reni

    Hi all, this blocks access to other zenworks services which the agent uses
    like:
    zenworks-useradmin
    zenworks-coreadmin
    zenworks-ping

    I’m looking for something to just block zcc ./zenworks access.

Comment

RSS