VMware vcenter Log Insight Security Guide



Similar documents
VMware vcenter Log Insight Security Guide

VMware vsphere Replication Security Guide

VMware vcenter Log Insight Getting Started Guide

VMware vcenter Log Insight Getting Started Guide

VMware vcenter Log Insight Administration Guide

Upgrading Horizon Workspace

Installing and Configuring vcloud Connector

Upgrading VMware Identity Manager Connector

Reconfiguring VMware vsphere Update Manager

VMware Identity Manager Connector Installation and Configuration

Installing and Configuring vcenter Multi-Hypervisor Manager

Installing and Administering VMware vsphere Update Manager

ESX 4 Patch Management Guide ESX 4.0

vsphere Upgrade vsphere 6.0 EN

VMware Software Manager - Download Service User's Guide

vrealize Air Compliance OVA Installation and Deployment Guide

VMware vcenter Log Insight Installation and Administration Guide

Migrating to vcloud Automation Center 6.1

Managing Multi-Hypervisor Environments with vcenter Server

VMware vcenter Configuration Manager and VMware vcenter Application Discovery Manager Integration Guide

Installing and Configuring vcenter Support Assistant

Reconfiguration of VMware vcenter Update Manager

VMware vcenter Log Insight User's Guide

vcenter Configuration Manager Backup and Disaster Recovery Guide VCM 5.3

VMware vcenter Log Insight Developer's Guide

Management Pack for vrealize Infrastructure Navigator

VMware vcenter Operations Standard Installation and Administration Guide

VMware vcenter Configuration Manager SQL Migration Helper Tool User's Guide vcenter Configuration Manager 5.6

vcenter Server Appliance Configuration

vsphere Upgrade Update 1 ESXi 6.0 vcenter Server 6.0 EN

Application Discovery Manager User s Guide vcenter Application Discovery Manager 6.2.1

Reconfiguring VMware vsphere Update Manager

vsphere App HA Installation and Configuration Guide

VMware vcenter Configuration Manager Backup and Disaster Recovery Guide vcenter Configuration Manager 5.4.1

Active Directory Solution 1.0 Guide

Advanced Service Design

vsphere Replication for Disaster Recovery to Cloud

vcenter CapacityIQ Installation Guide

Offline Data Transfer to VMWare vcloud Hybrid Service

Getting Started with ESXi Embedded

vcenter Support Assistant User's Guide

vcloud Director User's Guide

OnCommand Performance Manager 1.1

Deployment and Configuration Guide

vsphere Replication for Disaster Recovery to Cloud

Management, Logging and Troubleshooting

vcenter Chargeback User s Guide

Installing and Configuring vcloud Connector

VMware vcenter Log Insight User's Guide

Enterprise Manager. Version 6.2. Installation Guide

VMware vcenter Support Assistant 5.1.1

VMware vcenter Discovered Machines Import Tool User's Guide Version for vcenter Configuration Manager 5.3

VMware vrealize Operations for Horizon Security

JAMF Software Server Installation and Configuration Guide for Linux. Version 9.2

vcloud Automation Center Support Matrix vcloud Automation Center 5.2

VMware vrealize Operations for Horizon Security

vcenter Operations Manager for Horizon Supplement

IT Business Management System Requirements Guide

IaaS Configuration for Cloud Platforms

SNMP Adapter Installation and Configuration Guide

VMware vcenter Update Manager Administration Guide

JAMF Software Server Installation and Configuration Guide for Windows. Version 9.3

vrealize Business System Requirements Guide

JAMF Software Server Installation and Configuration Guide for OS X. Version 9.2

vrealize Operations Manager Customization and Administration Guide

VMware Identity Manager Administration

vsphere Security ESXi 6.0 vcenter Server 6.0 EN

JAMF Software Server Installation and Configuration Guide for OS X. Version 9.0

Obtaining SSL Certificates for VMware View Servers

IBM Security QRadar Version (MR1) WinCollect User Guide

VMware vcenter Configuration Manager Backup and Disaster Recovery Guide vcenter Configuration Manager 5.7

PowerChute TM Network Shutdown Security Features & Deployment

Scenarios for Setting Up SSL Certificates for View

vcloud Automation Center Support Matrix vcloud Automation Center 5.1

Installation Guide. Capacity Planner 3.0 EN

JAMF Software Server Installation and Configuration Guide for Linux. Version 9.0

ACE Management Server Deployment Guide VMware ACE 2.0

Installing and Configuring VMware Workspace Portal

VMware vcenter Update Manager Administration Guide

Installation and Configuration Guide for Windows and Linux

Obtaining SSL Certificates for VMware Horizon View Servers

W H I T E P A P E R. Best Practices for Building Virtual Appliances

vcloud Suite Licensing

vcenter Chargeback User s Guide vcenter Chargeback 1.0 EN

Using the vcenter Orchestrator Plug-In for vsphere Auto Deploy 1.0

24x7 Scheduler Multi-platform Edition 5.2

Integrated Virtual Debugger for Visual Studio Developer s Guide VMware Workstation 8.0

End Your Data Center Logging Chaos with VMware vcenter Log Insight

Administering View Cloud Pod Architecture

Cloud Director Installation and Configuration Guide

vcenter Hyperic Configuration Guide

vsphere Management Assistant Guide vsphere 4.0 EN

Installation and Configuration Guide for Windows and Linux

VMware Mirage Web Manager Guide

Syncplicity On-Premise Storage Connector

Nixu SNS Security White Paper May 2007 Version 1.2

ACE Management Server Administrator s Manual VMware ACE 2.6

Transcription:

VMware vcenter Log Insight Security Guide vcenter Log Insight 1.5 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this document, see http://www.vmware.com/support/pubs. EN-001299-00

VMware vcenter Log Insight Security Guide You can find the most up-to-date technical documentation on the VMware Web site at: http://www.vmware.com/support/ The VMware Web site also provides the latest product updates. If you have comments about this documentation, submit your feedback to: docfeedback@vmware.com Copyright 2014 VMware, Inc. All rights reserved. Copyright and trademark information. VMware, Inc. 3401 Hillview Ave. Palo Alto, CA 94304 www.vmware.com 2 VMware, Inc.

Contents About VMware vcenter Log Insight Security Guide 5 1 Log Insight Security Reference 7 Services, Ports, and External Interfaces that the Log Insight Virtual Appliance Uses 7 Log Insight Configuration Files 8 Log Insight Public Key, Certificate, and Keystore 9 Log Insight License and EULA File 9 Log Insight Log Files 10 Log Insight User Accounts 11 Security Updates and Patches 12 Index 13 VMware, Inc. 3

VMware vcenter Log Insight Security Guide 4 VMware, Inc.

About VMware vcenter Log Insight Security Guide The VMware vcenter Log Insight Security Guide provides a concise reference to the security features of Log Insight. To help you protect your Log Insight installation, this guide describes security features built in to Log Insight and the measures that you can take to safeguard it from attack. External interfaces, ports, and services that are necessary for the proper operation of Log Insight Configuration options and settings that have security implications Location of log files and their purpose Required system accounts Information on obtaining the latest security patches Intended Audience This information is intended for IT decision makers, architects, administrators, and others who must familiarize themselves with the security components of Log Insight. VMware, Inc. 5

VMware vcenter Log Insight Security Guide 6 VMware, Inc.

Log Insight Security Reference 1 Use the Security Reference to learn about the security features of your Log Insightinstallation and the measures that you can take to safeguard your environment from attack. This chapter includes the following topics: Services, Ports, and External Interfaces that the Log Insight Virtual Appliance Uses, on page 7 Log Insight Configuration Files, on page 8 Log Insight Public Key, Certificate, and Keystore, on page 9 Log Insight License and EULA File, on page 9 Log Insight Log Files, on page 10 Log Insight User Accounts, on page 11 Security Updates and Patches, on page 12 Services, Ports, and External Interfaces that the Log Insight Virtual Appliance Uses The operation of Log Insight depends on certain services, ports, and external interfaces. Log Insight Services The operation of Log Insight depends on several services that run on the Log Insight virtual appliance. Table 1 1. Log Insight Services Service Name Startup Type Description loginsight Automatic Core service for log aggregation, search, and analytics. sendmail Automatic Used to send system notifications alerts, email alerts, and phone home. sshd Automatic (Disabled before the root password is set) Secure remote console access. ntp Automatic Time service for syncing-up with Internet Time Server through Network Time Protocol. rpcbind Automatic Service that convert RPC program numbers into universal addresses. VMware, Inc. 7

VMware vcenter Log Insight Security Guide Table 1 1. Log Insight Services (Continued) Service Name Startup Type Description cron Automatic Scheduled command service for phone home. vaos Automatic Guest OS initialization that drives network setting, host name setting, ssh keys creation, #EULA acceptance, ISV boot scripts execution, and VAMI initialization. jexec Automatic Supports the direct execution of binary formats. Communication Ports Log Insight uses several communication ports and protocols. Port 22/TCP 80/TCP 443/TCP 514/UDP, 514/TCP 1514/TCP Protocol SSH HTTP HTTPS Syslog Syslog 9006-9007/TCP Tomcat 9240/TCP 111/TCP, 111/UDP 736/UDP 123/UDP 16520-16580/TCP 127.0.0.1:25/TCP 127.0.0.1:465/TCP 127.0.0.1:12543/TCP vapi rpcbind rpcbind ntpd loginsight SMTP SMTP Postgres Third-Party Components Log Insight uses the following third-party components. Third-Party Component Java Runtime Environment Python Openssl Version 1.7 or later 2.6 or later 0.9.8j or later Log Insight Configuration Files Some configuration files contain settings that affect Log Insight security. NOTE All security-related resources are accessible by the root account. Protecting this account is critical to the security of Log Insight. 8 VMware, Inc.

Chapter 1 Log Insight Security Reference Table 1 2. Log Insight Configuration Files File /usr/lib/loginsight/application/etc/jaas.conf /usr/lib/loginsight/application/etc/3rd_confi g/server.xml /usr/lib/loginsight/application/etc/loginsightconfig-base.xml /usr/lib/loginsight/application/etc/loginsightconfig-projects.xml /storage/var/loginsight/apachetomcat/conf/tomcat-users.xml /usr/lib/loginsight/application/3rd_party/apach e-tomcat-*/conf/server.xml /usr/lib/loginsight/application/3rd_party/apach e-tomcat-*/conf/tomcat-users.xml Description The default system configuration for log insight. The user-defined configuration for log insight, such as NTP server, NFS archiving location, and so on. The configuration for active directory integration. The system configuration for Apache Tomcat server. The system configuration for Apache Tomcat server. The system configuration for Apache Tomcat server. User information for Apache Tomcat server. Log Insight Public Key, Certificate, and Keystore The public key, the certificate, and the keystore of Log Insight are located on the Log Insight virtual appliance. NOTE All security-related resources are accessible by the root account. Protecting this account is critical to the security of Log Insight. /usr/lib/loginsight/application/etc/public.cert /usr/lib/loginsight/application/etc/loginsight.pub /usr/lib/loginsight/application/etc/keystore /usr/lib/loginsight/application/etc/truststore /usr/lib/loginsight/application/3rd_party/apache-tomcat-*/conf/keystore Log Insight License and EULA File The end-user license agreement (EULA) and license file are located on the Log Insight virtual appliance. NOTE All security-related resources are accessible by the root account. Protecting this account is critical to the security of Log Insight. File License License Key file End-user license agreement Location /usr/lib/loginsight/application/etc/license/loginsight.dlf /usr/lib/loginsight/application/etc/license/loginsight_license.txt /usr/lib/loginsight/application/etc/license/eula.txt VMware, Inc. 9

VMware vcenter Log Insight Security Guide Log Insight Log Files The files that contain system messages are located on the Log Insight virtual appliance. File /storage/var/loginsight/runtime.log /storage/var/loginsight/pi.log /storage/var/loginsight/usage.log /storage/var/loginsight/ui.log /storage/var/loginsight/watchdog_log* /storage/var/loginsight/vcenter_operations.log /storage/var/loginsight/loginsight_daemon_stdout.log /storage/var/loginsight/upgrade.log /storage/var/loginsight/apache-tomcat/logs/*.log /storage/var/loginsight/plugins/vsphere/li-vsphere.log /storage/var/loginsight/pgsql.log /var/log/firstboot/stratavm.log /var/log/li-disk.log Description Used to track all run time information related to Log Insight Used to track database start or stop events Used to track all queries Used to track events related to the Log Insight user interface Used to track the run time events of the watch dog process, which is responsible for restarting Log Insight if it is shutdown for some reason Used to trace events related to integration with vsphere Used for the standard output of Log Insight daemon Used to track events that occur during Log Insight upgrade Used to track events from Apache Tomcat server Used to track events related to the vcenter Operations Manager integration Used to track the events of the Postgres server Used to track the events that occur at first boot and configuration of the Log Insight virtual appliance Used to track storage related events, such as adding a new disk to the Log Insight virtual appliance Log Messages Related to Security The runtime.log file contains user audit log messages in the following format. [2013-05-17 20:40:18.716+0000] [http-443-5 INFO /127.0.0.1] [com.vmware.loginsight.web.actions.misc.loginactionbean][user logged in: Name: admin Role: admin] [2013-05-17 20:39:51.395+0000] [http-443-5 INFO /127.0.0.1] [com.vmware.loginsight.web.actions.misc.loginactionbean][user logged out: Name: admin Role: admin] [20130918 12:39:34.8230700] [http94433 WARN /127.0.0.1] [com.vmware.loginsight.web.actions.misc.loginactionbean] [Bad username/password attempt (username: myusername)] [20130918 12:40:08.7610700] [http94433 INFO /127.0.0.1] [com.vmware.loginsight.web.actions.misc.loginactionbean] [User logged in: Active Directory User: SAM=myusername, Domain=vmware.com, UPN=myusername@vmware.com] [ 20130918 12:40:20.2320700] [http94433 INFO /127.0.0.1] [com.vmware.loginsight.web.actions.misc.loginactionbean] [User logged out: Active Directory User: SAM=myusername, Domain=vmware.com, UPN=myusername@vmware.com] 10 VMware, Inc.

Chapter 1 Log Insight Security Reference [20130918 12:40:36.9330700] [http94433 INFO /127.0.0.1] [com.vmware.loginsight.web.actions.misc.loginactionbean] [User logged in: Local User: Name=myusername, Role=user] [20130918 12:40:40.4290700] [http94433 INFO /127.0.0.1] [com.vmware.loginsight.web.actions.misc.loginactionbean] [User logged out: Local User: Name=myusername, Role=user] [2013-11-13 23:26:21.569+0000] [http-443-4 INFO /127.0.0.1] [com.vmware.loginsight.web.actions.settings.usersactionbean] [Created new user: Active Directory User: SAM=username, Domain=vmware.com, UPN=username@vmware.com] [2013-11-14 22:44:11.017+0000] [http-443-6 INFO /127.0.0.1] [com.vmware.loginsight.web.actions.settings.usersactionbean] [Created new user: Local User: Name=username, Role=admin] [2013-12-05 21:03:36.751+0000] [http-443-3 INFO /127.0.0.1] [com.vmware.loginsight.web.actions.settings.usersactionbean] [Removed users: [Active Directory User: SAM=username, Domain=vmware.com, UPN=username@vmware.com]] [2013-12-05 21:04:16.707+0000] [http-443-3 INFO /127.0.0.1] [com.vmware.loginsight.web.actions.settings.usersactionbean] [Removed users: [Local User: Name=username, Role=admin]] [http-9443-3 INFO /127.0.0.1] [com.vmware.loginsight.web.actions.settings.usersactionbean] [Created new group: (domain=vmware.com, group=vmware Employees, role=user)] [2013-12-05 13:07:04.108-0800] [http-9443-2 INFO /127.0.0.1] [com.vmware.loginsight.web.actions.settings.usersactionbean] [Removed groups: [(domain=vmware.com, group=vmware Employees, role=user)]] Log Insight User Accounts You must set up a system and a root account to administer Log Insight. Log Insight Root User Log Insight currently uses the root user account as the service user. No other user is created. The default root password is blank. You must change the root password when you log in to the Log Insight console for the first time. SSH is disabled until the default root password is changed. The root password must meet the following requirements. Must be at least 8 characters long Must contain at least one uppercase letter, one lowercase letter, one digit, and one special character Must not repeat the same character four times Log Insight Admin User When you start the Log Insight virtual appliance for the first time, Log Insight creates the admin user account for its Web user interface. The default password for admin is blank. You must change the admin password in the Web user interface during the initial configuration of Log Insight. VMware, Inc. 11

VMware vcenter Log Insight Security Guide Active Directory Support Log Insight supports integration with Active Directory. When configured, Log Insight can authenticate or authorize a user against Active Directory. See topic Enable User Authentication Through Active Directory in the Log Insight Administration Guide. Privileges Assigned to Default Users The Log Insight service user has root privileges. The Web user interface admin user has the administrator privileges only to the Log Insight Web user interface. Security Updates and Patches The Log Insight virtual appliance uses SUSE Linux Enterprise Server 11 (x86_64), version 11, patch level 2 as the guest operating system. You can apply the latest security update or patch by using a conventional approach, for example, rpm upgrade. Before you apply an upgrade or patch to the guest operating system, take into account the dependencies. See Services, Ports, and External Interfaces that the Log Insight Virtual Appliance Uses, on page 7. 12 VMware, Inc.

Index A admin privileges 11 C certificate 9 configuration files 8 D default root password 11 disabled SSH 11 E EULA 9 G glossary 5 guest OS 12 H http 7 https 7 I intended audience 5 R root privileges 11 S security reference 7 security updates 12 sendmail 7 server.xml 8 services 7 smtp 7 SSH 11 sshd 7 syslog 7 system logs 10 T tcp 7 tomcat-users.xml 8 truststore 9 U udp 7 K keystore 9 L license file 9 loginsight-config-base.xml 8 loginsight-config-projects.xml 8 loginsight.pub 9 logs 10 logsight-config.xml 8 N ntp 7 P patches 12 ports 7 postgres 7 public key 9 public.cert 9 VMware, Inc. 13

VMware vcenter Log Insight Security Guide 14 VMware, Inc.