Hi
controller/hdb/spooler/hub probes if you validate ->security it will restart robot / hub .This is expected
Not expected to restart robot / hub when other probes are validated
The signed checksum is generated from the main binaries/script in the probe package, it is based on the IP address + secret key.
If probe fails to start due to any changes you need to validate it manually for security
Only a user with administrator privileges has acccess to validate ->Security in such case for probe to start in such scenario
===========
Probe Security
Probes have different tasks. Most of them have simple tasks such as monitoring something and sending an alarm if a threshold is reached. Other have more complex tasks such as collecting information from and executing commands on other probes.The first type does not need a SID, because all they do is to send messages on the Nimsoft. The other one needs permission to connect to and execute commands on remote probes; these probes are a potential security risk.
To obtain a SID without a login, two conditions must be fulfilled.
1. The robot must install the probe in order to get a signed checksum generated. This requires administration rights and cannot be performed by intruders or operators.
2. The controller must start the probe. A magic number scheme ensures that this
cannot be circumvented.
If these requirements are met and the probe needs a SID; the controller connects to the Hub to get the appropriate SID for the probe. This again requires that the probe has been added to the security configuration with the appropriate permissions and IP-mask.
Signed checksum installation
To prevent that unauthorized probes are installed and started on a robot have we devised a system that ensures that only probes installed by a user with administrator rights can obtain a SID on start up.
The controller generates a signed checksum (HMAC) during installation; this HMAC is saved and is later used to verify the probe identity each time it is stared. If the checksum has changed the probe will not be started by the controller and cannot do any harm.
The signed checksum is generated from the main binaries/script in the probe package, it is based on the IP address + secret key.
Magic number scheme
A magic number is generated into the probe-environment just before the probe is started. When a probe starts, the magic number is passed to the controller to ensure that the controller is in full control of the probe that is started, thus making it impossible for intruders to use probes.
Administration
Please note that all changes to the security configuration must be done with the Infrastructure Manager; manual changes of the security file will render it invalid!!
Also see
https://community.broadcom.com/communities/community-home/librarydocuments/viewdocument?DocumentKey=29f9e989-6b43-4088-b6b7-520dfa63ecaa
Original Message:
Sent: 08-15-2019 08:45 PM
From: John Paolo Santos
Subject: Validating Probes
Hi,
Thanks for response but I'm still confused. What is the checksum for? And when I execute validation, I observed that it restarts the controller probe and hub probe, is this expected?
Original Message:
Sent: 08-15-2019 07:46 PM
From: Franklin D'souza
Subject: Validating Probes
Hi
callback 'probe_verify' followed by a 'probe_activate' is what the infrastructure manager callback 'probe_verify' followed by a 'probe_activate' is what the infrastructure manager does behind the scenes when you right click a probe and choose validate and 'yes'.
From controller whitepaper
=====================
probe_verify (name) Accept the probe as valid and generate a new checksum for it for validation use on subsequent probe starts
Parameter Type Req Descriptionname String yes
The name of the probe to be validated.This must be a defined probe. Which files that need a checksum generated / checked is flagged in the package from which the probe was originally installed.
Original Message:
Sent: 08-15-2019 06:34 PM
From: John Paolo Santos
Subject: Validating Probes
Hi,
What does validation do to the probes? There times that I was able to solve problems because of this step (Right Click Probe > Security > Validate > Yes All) but I don't know what it does.
Thanks