Previous Articles:https://communities.ca.com/message/241870019 -- Part 1https://communities.ca.com/message/241876573 -- Part 2https://communities.ca.com/message/241882115 -- Part 3
IntroductionThis is the last in a series on TIM add-ons and tools. This month we look at the miscellaneous TIM Add-on utilities . I thank Joerg Mertin for his updates on these tools . I hope this series on this previously underdocumented area were helpful.
1. APM OS root-password recovery fieldpack
This utility is useful for APM TIM appliances up to 9.5 and for MTPs (no release information provided.) It requires a web-based installer interface to use. This is a temporary workaround for those customers that may have forgotten or misplaced the root password. (Stuff like this happens. Be glad there was a workaround.)
What this does is add a rescue account (caddadmin) with a standard password. After installation,, simply log into caadmin using puttty/ssh Afterwards, this is removed due to security concerns.
2. CEM SNMP Monitoring Fieldpack (CEM@Logssnmp)
In the past, monitoring everything with SNMP was important. (Although it is still heavily used by some customers today.) So with this fieldpack and using SNMP, the health of the TIM can be monitored. This includes
- Application monitoring- Hard disk space monitoring- System load monitoring- Authentication failure monitoring
It can be configured to send out traps for all TIM events. There is also read-only SNMP Polling capability.
Note that the Monit and TIM Field Packs are more powerful and flexible than the above field pack. (These were previously discussed.)
Sometime back, I used to create more Tech Docs than I do now. (Some of the long KDs that I create now could be transformed to Tech Docs.) A list of most of them can be found at https://communities.ca.com/docs/DOC-18610776
Joerg created a rpm file that included the various Tech Tips PDFs that both of us of created. Once installed, you could then access them on your TIM menu. These were updated from time to time.
4 . TIM Hardening scripts
While the TIM software/hardware in 9.0-9.6 was already hardened, some customers wanted it even more restricted. (In APM 9.6 onward, the customer is responsible for the operating system and related hardening. See https://communities.ca.com/message/241696644 for details.)
So a hardening script for RHEL 5 update 11 and RHEL 6 update 5.6 and later for APM 9.1.-9.7 was provided on request. Note that the hardening script does a minimum installation of the software and the hardening script can be configured as to what to harden.. This is the standard approach used for hardening.
Joerg created in 2011 a detailed PDF that explains what is taking place during this hardening process. It includes step by step hardening including- User access- System startup- Limit services to start- Root remote password denial & password security- Security fixes- Sendmail hardening- Directory hardening and more
This provides a thorough methodology that could be used to harden an APM 10.x TIM
That is it on this topic. Next month I will be back with another Tech Tip. Until then, stay cool and have some fun.