Idea Details

Provide SELinux policy configuration for CA SSO

Last activity 06-13-2019 09:37 AM
Anon Anon's profile image
03-19-2015 10:01 AM

With the need for hightened security, SELinux is becoming required more and more, having a policy or guidelines to implement SELinux when running your products would be extremely helpful.  In our case;

CA Single Sign On

 

To vote for SELinux policy configuration for CA ID Suite, go here: Provide SELinux policy configuration for CA ID Suite

To vote for SELinux policy configuration for CA Directory, go here: Provide SELinux policy configuration for CA Directory

To vote for SELinux policy configuration for CA Strong Authentication, go here: Provide SELinux policy configuration for CA Strong Authentication


Comments

08-30-2016 04:43 PM

There was already an idea in the community for the support of SELinux, which was a bit more generic. We're going to use that one (SElinux support ) as the placeholder for votes but will consider this discussion relevant as well. If you voted for this idea, please also vote for the original. Marking this one as duplicate.

10-26-2015 05:32 AM

Thank you for your contribution of an enhancement idea to the CA Community. CA is continually working to improve its software and services to best meet the needs of its customers. Your input is vital to that effort. The CA Single Sign-On Product Management team has reviewed your enhancement suggestion and decided to maintain the idea for possible consideration in a future release. The Community will continue to be able to vote on this enhancement idea.

09-15-2015 05:05 PM

I've separated this idea out into 4 separate ideas so that the product managers can track the status of each idea separately for each product.

07-09-2015 04:27 PM

Herb!!!!!!!

 

  • SE Linux is in the support matrix as supported
  • You provide context setting for the Policy Server.
  • This means we should not know the context setting without your help for the rest

When will you add that for the rest of the pieces?

(IE: Web Agent, SPA, etc)

 

Why not take this idea as a calling to add this context configuration as a option in the configuration wizard.

 

-Josh

07-09-2015 04:13 PM

beating my head against this all  day.

they need SOMETHING

06-16-2015 05:12 PM

It's cool that there is something for the policy server installation, but how about the agent installation?

06-16-2015 09:53 AM

HI Tod, See these instructions here: https://wiki.ca.com/display/sm1252sp1/Install%20the%20Policy%20Server%20on%20UNIX   at the bottom of the page is some information about configuration for SeLinux for the Policy Server.  Is that sufficient for your needs?

05-06-2015 11:09 AM

More and more we have audit findings to close the gaps on SELinux not being run, so having a good sense of what rules we need would be a great addition to the installation guide so we don't have to disable or run in permissive mode.

04-28-2015 05:19 PM

Herb

 

I think what Tod is referring to is SELinux (Security Enhanced Linux). Our product suggest we disable SELinux before installing and configuring Policy Server on RHEL.

 

setenforce 0

 

 

Regards

 

Hubert

04-28-2015 04:16 PM

All of the Infrastructure Management products were bundled into one community: CA Infrastructure Management. Products covered:

  • CA Application Delivery Analysis
  • CA DCIM
  • CA eHealth
  • CA Gigastor
  • CA Mediation Manager
  • CA NetVoyant
  • CA Network Flow Analysis
  • CA NSM
  • CA Performance Center
  • CA Performance Management
  • CA Spectrum
  • CA SystemEDGE
  • CA Unified Communications Manager
  • CA Unified Infrastructure Management (f/k/a Nimsoft Monitor)
  • CA Virtual Assurance for Infrastructure Managers

 

This idea was posted to the CA Security Community. Products covered:

  • CA Data Protection
  • CA Directory
  • CA Identity Suite
  • CA Privileged Identity Manager
  • CA Risk Authentication
  • CA Secure Cloud
  • CA Single Sign-On
  • CA Strong Authentication

04-28-2015 10:33 AM

I thought I was posting in the CA Infrastructure Management community.  Aren't all the products now bundled into one portal?

04-28-2015 10:26 AM

Hi droark! CA UIM ideas should be posted to the CA Infrastructure Management Community.

04-28-2015 10:03 AM

One other thing.  I noted that you made this comment w.r.t. to CA AuthMinder, so I added a tag for the Advanced Auth product manager to see this same idea.

04-28-2015 10:02 AM

Hi Tod,  Any additional comments on this.  I am believing we have a tech doc gap regarding specific configuration changes necessary to run SM components on SELinux.   I can tee up tech info team to close that gap, but if there is more to this please add some additional commentary so we can see what we can do to assist. 

04-17-2015 06:51 PM

Hi Tod,  Can you add a bit more detail to this.  The title says "SELinux Policy Configuration".  Can you add a use case ? Do you mean install and configure any of the components in CA SSO, CA IDM, CA Direcotry, & CA AuthMinder on SELinux or is there some other "Policy Configuration" you mean?

03-19-2015 11:49 AM

given all the recent breaches, i would expect this is overdue

03-19-2015 10:16 AM

CA UIM as well please