VMware vrealize Log Insight Security Guide

Similar documents
VMware vsphere Replication Security Guide

VMware vrealize Log Insight Getting Started Guide

Site Recovery Manager Security

Getting Started. Update 1 Modified on 03 SEP 2017 vrealize Log Insight 4.0

VMware vrealize Log Insight Getting Started Guide

Installing and Configuring vcloud Connector

Getting Started. 05-SEPT-2017 vrealize Log Insight 4.5

Administering vrealize Log Insight. September 20, 2018 vrealize Log Insight 4.7

Getting Started. April 12, 2018 vrealize Log Insight 4.6

Getting Started. vrealize Log Insight 4.3 EN

Installing and Configuring vcloud Connector

Administering vrealize Log Insight. April 12, 2018 vrealize Log Insight 4.6

Deploying VMware Identity Manager in the DMZ. JULY 2018 VMware Identity Manager 3.2

Deploying VMware Identity Manager in the DMZ. SEPT 2018 VMware Identity Manager 3.3

Administering vrealize Log Insight. 12-OCT-2017 vrealize Log Insight 4.5

VMware Identity Manager Connector Installation and Configuration (Legacy Mode)

vrealize Suite Lifecycle Manager 1.0 Installation and Management vrealize Suite 2017

Administering vrealize Log Insight. 05-SEP-2017 vrealize Log Insight 4.3

vrealize Log Insight Developer Resources

VMware Application Proxy v Guide. vrealize Operations Manager 6.7

vrealize Log Insight Developer Resources Update 1 Modified on 03 SEP 2017 vrealize Log Insight 4.0

vcenter Server Installation and Setup Modified on 11 MAY 2018 VMware vsphere 6.7 vcenter Server 6.7

Planning and Preparation. VMware Validated Design 4.0 VMware Validated Design for Remote Office Branch Office 4.0

vrealize Suite Lifecycle Manager 1.1 Installation, Upgrade, and Management vrealize Suite 2017

Using vrealize Operations Tenant App as a Service Provider

vsphere Upgrade Update 2 Modified on 4 OCT 2017 VMware vsphere 6.0 VMware ESXi 6.0 vcenter Server 6.0

VMware Skyline Collector Installation and Configuration Guide. VMware Skyline 1.4

vcenter Server Appliance Configuration Update 1 Modified on 04 OCT 2017 VMware vsphere 6.5 VMware ESXi 6.5 vcenter Server 6.5

vcenter Server Installation and Setup Update 1 Modified on 30 OCT 2018 VMware vsphere 6.7 vcenter Server 6.7

Reference Architecture

VMware Identity Manager Cloud Deployment. DEC 2017 VMware AirWatch 9.2 VMware Identity Manager

VMware Identity Manager Cloud Deployment. Modified on 01 OCT 2017 VMware Identity Manager

Migrating vrealize Automation 6.2 to 7.2

vcloud Usage Meter 3.6 User's Guide vcloud Usage Meter 3.6

Installing and Configuring vcenter Multi-Hypervisor Manager

Installing and Configuring VMware Identity Manager Connector (Windows) OCT 2018 VMware Identity Manager VMware Identity Manager 3.

Advanced Service Design. vrealize Automation 6.2

Installing and Configuring vcenter Support Assistant

Reference Architecture. Modified on 17 AUG 2017 vrealize Operations Manager 6.6

VMware vfabric Data Director Installation Guide

vrealize Operations Management Pack for NSX for vsphere 3.5.0

VMware vfabric Data Director Installation Guide

Reconfiguring VMware vsphere Update Manager. 17 APR 2018 VMware vsphere 6.7 vsphere Update Manager 6.7

Installing vrealize Network Insight

vrealize Operations Management Pack for NSX for vsphere 3.5 Release Notes

vrealize Network Insight Installation Guide

VMware vfabric AppInsight Installation Guide

Reference Architecture. 28 MAY 2018 vrealize Operations Manager 6.7

VMware Skyline Collector Installation and Configuration Guide. VMware Skyline Collector 2.0

VMware vcenter Log Insight Administration Guide

VMware AirWatch Content Gateway for Linux. VMware Workspace ONE UEM 1811 Unified Access Gateway

Installing vrealize Network Insight. VMware vrealize Network Insight 3.3

Administering vrealize Log Insight

vrealize Infrastructure Navigator Installation and Configuration Guide

vrealize Operations Management Pack for NSX for vsphere 3.0

Administering Cloud Pod Architecture in Horizon 7. Modified on 4 JAN 2018 VMware Horizon 7 7.4

vcloud Usage Meter 3.5 User's Guide vcloud Usage Meter 3.5

Horizon Cloud with On-Premises Infrastructure Administration Guide. VMware Horizon Cloud Service Horizon Cloud with On-Premises Infrastructure 1.

vcloud Director Administrator's Guide

VMware Identity Manager Administration

vcenter CapacityIQ Installation Guide

Administering Cloud Pod Architecture in Horizon 7. VMware Horizon 7 7.1

Administering View Cloud Pod Architecture. VMware Horizon 7 7.0

Introducing VMware Validated Designs for Software-Defined Data Center

Developing and Deploying vsphere Solutions, vservices, and ESX Agents

vrealize Network Insight Installation Guide

vsphere Upgrade Update 1 Modified on 4 OCT 2017 VMware vsphere 6.5 VMware ESXi 6.5 vcenter Server 6.5

Administering Cloud Pod Architecture in Horizon 7. Modified on 26 JUL 2017 VMware Horizon 7 7.2

vrealize Operations Management Pack for NSX for vsphere 2.0

VMware vcenter Server Appliance Management Programming Guide. Modified on 28 MAY 2018 vcenter Server 6.7 VMware ESXi 6.7

Platform Services Controller Administration. Update 1 Modified 03 NOV 2017 VMware vsphere 6.5 VMware ESXi 6.5 vcenter Server 6.5

vcenter Server Appliance Configuration Modified on 17 APR 2018 VMware vsphere 6.7 VMware ESXi 6.7 vcenter Server 6.7

Introducing VMware Validated Design Use Cases

Installation and Configuration

Reconfiguring VMware vsphere Update Manager. Update 1 VMware vsphere 6.5 vsphere Update Manager 6.5

PlateSpin Transformation Manager Appliance Guide. June 2018

Platform Services Controller Administration. Modified on 27 JUN 2018 VMware vsphere 6.7 VMware ESXi 6.7 vcenter Server 6.7

Multi-Tenancy in vrealize Orchestrator. vrealize Orchestrator 7.4

VMware Validated Design Backup and Restore Guide

Developing and Deploying vsphere Solutions, vservices, and ESX Agents. 17 APR 2018 vsphere Web Services SDK 6.7 vcenter Server 6.7 VMware ESXi 6.

vfabric AppInsight Security Reference

Platform Services Controller Administration. Update 1 Modified on 11 DEC 2018 VMware vsphere 6.7 VMware ESXi 6.7 vcenter Server 6.

Installing and Configuring VMware Identity Manager

vrealize Operations Compliance Pack for PCI

VMware Skyline Collector User Guide. VMware Skyline 1.4

vapp Deployment and Configuration Guide

Developing and Deploying vsphere Solutions, vservices, and ESX Agents

VMware vrealize Code Stream Reference Architecture. 16 MAY 2017 vrealize Code Stream 2.3

Upgrade Guide. vcloud Availability for vcloud Director 2.0

VMware vrealize Operations for Horizon Installation

Introducing VMware Validated Designs for Software-Defined Data Center

vcenter CapacityIQ Installation Guide

UDP Director Virtual Edition Installation and Configuration Guide (for Stealthwatch System v6.9.0)

Planning and Preparation

VMware vrealize Code Stream Reference Architecture. 12 APRIL 2018 vrealize Code Stream 2.4

vrealize Automation Management Pack 2.0 Guide

Using the Horizon vrealize Orchestrator Plug-In

Migrating vrealize Automation 6.2 to 7.1

Upgrading to VMware Identity Manager 2.7

Introducing VMware Validated Designs for Software-Defined Data Center

Transcription:

VMware vrealize Security Guide vrealize 2.5 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this document, see http://www.vmware.com/support/pubs. EN-001662-00

VMware vrealize Security Guide You can find the most up-to-date technical documentation on the VMware Web site at: http://www.vmware.com/support/ The VMware Web site also provides the latest product updates. If you have comments about this documentation, submit your feedback to: docfeedback@vmware.com Copyright 2014 VMware, Inc. All rights reserved. Copyright and trademark information. VMware, Inc. 3401 Hillview Ave. Palo Alto, CA 94304 www.vmware.com 2 VMware, Inc.

Contents About VMware vrealize Security Guide 5 1 Security Reference 7 Ports and External Interfaces that the Virtual Appliance Uses 7 Configuration Files 9 Public Key, Certificate, and Keystore 10 License and EULA File 10 Log Files 10 Firewall Recommendations 12 User Accounts 13 Security Updates and Patches 13 Index 15 VMware, Inc. 3

VMware vrealize Security Guide 4 VMware, Inc.

About VMware vrealize Security Guide The VMware vrealize Security Guide provides a concise reference to the security features of. To help you protect your installation, this guide describes security features built in to and the measures that you can take to safeguard it from attack. External interfaces, ports, and services that are necessary for the proper operation of Configuration options and settings that have security implications Location of log files and their purpose Required system accounts Information on obtaining the latest security patches Intended Audience This information is intended for IT decision makers, architects, administrators, and others who must familiarize themselves with the security components of. VMware, Inc. 5

VMware vrealize Security Guide 6 VMware, Inc.

Security Reference 1 Use the Security Reference to learn about the security features of your installation and the measures that you can take to safeguard your environment from attack. This chapter includes the following topics: Ports and External Interfaces that the Virtual Appliance Uses, on page 7 Configuration Files, on page 9 Public Key, Certificate, and Keystore, on page 10 License and EULA File, on page 10 Log Files, on page 10 Firewall Recommendations, on page 12 User Accounts, on page 13 Security Updates and Patches, on page 13 Ports and External Interfaces that the Virtual Appliance Uses The operation of depends on certain services, ports, and external interfaces. Communication Ports uses several communication ports and protocols. network traffic has several sources. Admin workstation User workstation System sending logs Windows Agent The machine that a system administrator uses to manage the virtual remotely. The machine on which a user uses a browser to access the web interface of. The endpoint that sends logs to for analysis and search. For example, endpoints include ESXi hosts, VMs or any system with an IP address. The agent that resides on a Windows machine and sends Windows events and logs to over APIs. VMware, Inc. 7

VMware vrealize Security Guide master node Any virtual, master or worker, where the services reside. The base operating system pf the is SUSE 11 SP3. In cluster mode, consists of multiple nodes, including one master node and several worker nodes. When you issue a query, it goes first to the master node. The master node processes the query, distributes the work to multiple worker nodes, collects and aggregates the result, and sends it back to you. You use the master node to configure the entire system. In standalone mode, the only node is both the master node and the worker node. Source Destination Port Protocol Service Description Admin workstation User workstation User workstation System sending logs System sending logs Windows Agent 22 TCP SSH: Secure Shell connectivity 80 TCP HTTP: Web interface 443 TCP HTTPS: Web interface 514 TCP, UDP Syslog data 1514 TCP Syslog data over SSL 9000 TCP Ingestion API NTP server 123 UDP NTPD: Provides NTP time synchronization NOTE The port is open only if you choose to use NTP time synchronization 59778, 16520-16580 TCP services Mail Server 465 TCP SMTPS: MTP mail service over SSL master node 12543 TCP Postgres database server NOTE Port 12543 is open only on the master node. The Postgres database server runs on the master node. master node master node DNS server 53 TCP, UDP DNS AD server 389 TCP, UDP Active Directory NOTE The port is open only if you enable Active Directory integration. 8 VMware, Inc.

Chapter 1 Security Reference Source Destination Port Protocol Service Description master node master node master node AD server 636 TCP Active Directory over SSL NOTE The port is open only if you enable Active Directory integration. AD server 3268 TCP Active Directory Global Catalog NOTE The port is open only if you enable Active Directory integration. AD server 3269 TCP Active Directory Global Catalog SSL NOTE The port is open only if you enable Active Directory integration. 7000 TCP Cassandra replication and query 9042 TCP Cassandra query The following ports are open but not used by, and can be safely blocked by a firewall. They will be closed by default in a future release. Destination Port Protocol Service Description 111 TCP, UDP RPCbind service that converts RPC program numbers into universal addresses Tomcat service 9007 TCP Tomcat services Configuration Files Some configuration files contain settings that affect security. NOTE All security-related resources are accessible by the root account. Protecting this account is critical to the security of. Table 1 1. Configuration Files File /usr/lib/loginsight/application/etc/jaas.conf /usr/lib/loginsight/application/etc/3rd_confi g/server.xml /usr/lib/loginsight/application/etc/loginsightconfig-base.xml /storage/core/loginsight/config/loginsightconfig.xml#number /storage/var/loginsight/apachetomcat/conf/tomcat-users.xml Description The default system configuration for. The modified (from the default) system configuration for. The configuration for active directory integration. The system configuration for Apache Tomcat server. The system configuration for Apache Tomcat server. VMware, Inc. 9

VMware vrealize Security Guide Table 1 1. Configuration Files (Continued) File /usr/lib/loginsight/application/3rd_party/apach e-tomcat-*/conf/server.xml /usr/lib/loginsight/application/3rd_party/apach e-tomcat-*/conf/tomcat-users.xml Description The system configuration for Apache Tomcat server. User information for Apache Tomcat server. Public Key, Certificate, and Keystore The public key, the certificate, and the keystore of are located on the virtual. NOTE All security-related resources are accessible by the root account. Protecting this account is critical to the security of. /usr/lib/loginsight/application/etc/public.cert /usr/lib/loginsight/application/etc/loginsight.pub /usr/lib/loginsight/application/etc/3rd_config/keystore /usr/lib/loginsight/application/etc/truststore /usr/lib/loginsight/application/3rd_party/apache-tomcat-*/conf/keystore License and EULA File The end-user license agreement (EULA) and license file are located on the virtual. NOTE All security-related resources are accessible by the root account. Protecting this account is critical to the security of. File License License License License Key file End-user license agreement Location /usr/lib/loginsight/application/etc/license/loginsight_dev.dlf /usr/lib/loginsight/application/etc/license/loginsight_cpu.dlf /usr/lib/loginsight/application/etc/license/loginsight_osi.dlf /usr/lib/loginsight/application/etc/license/loginsight_license.txt /usr/lib/loginsight/application/etc/license/eula.txt Log Files The files that contain system messages are located on the virtual. File /storage/var/loginsight/runtime.log /storage/var/loginsight/pi.log /storage/var/loginsight/usage.log /storage/var/loginsight/ui.log Description Used to track all run time information related to Used to track database start or stop events Used to track all queries Used to track events related to the user interface 10 VMware, Inc.

Chapter 1 Security Reference File /storage/var/loginsight/watchdog_log* /storage/var/loginsight/vcenter_operations.log /storage/var/loginsight/loginsight_daemon_stdout.log /storage/var/loginsight/upgrade.log /storage/var/loginsight/apache-tomcat/logs/*.log /storage/var/loginsight/plugins/vsphere/li-vsphere.log /storage/var/loginsight/pgsql.log /var/log/firstboot/stratavm.log /storage/var/loginsight/phonehome.log /storage/var/loginsight/alert.log /storage/var/loginsight/systemalert.log /storage/var/loginsight/systemalert_worker.log Description Used to track the run time events of the watch dog process, which is responsible for restarting if it is shutdown for some reason Used to track events related to the vrealize Operations Manager integration Used for the standard output of daemon Used to track events that occur during upgrade Used to track events from Apache Tomcat server Used to trace events related to integration with vsphere Used to track the events of the Postgres server Used to track the events that occur at first boot and configuration of the virtual Used to track information about trace data collection sent to VMware (if enabled). Used to track information about user defined alerts that have been triggered. Used to track information about system alerts that sends. Each alert is listed as a JSON entry. Used to track information about system alerts that a worker node sends. Each alert is listed as a JSON entry. Log Messages Related to Security The runtime.log file contains user audit log messages in the following format. [2013-05-17 20:40:18.716+0000] [http-443-5 INFO /127.0.0.1] [com.vmware.loginsight.web.actions.misc.loginactionbean][user logged in: Name: admin Role: admin] [2013-05-17 20:39:51.395+0000] [http-443-5 INFO /127.0.0.1] [com.vmware.loginsight.web.actions.misc.loginactionbean][user logged out: Name: admin Role: admin] [2013-09-18 12:39:34.823-0700] [http-9443-3 WARN /127.0.0.1] [com.vmware.loginsight.web.actions.misc.loginactionbean][bad username/password attempt (username: myusername)] [2013-09-18 12:40:08.761-0700] [http-9443-3 INFO /127.0.0.1] [com.vmware.loginsight.web.actions.misc.loginactionbean][user logged in: Active Directory User: SAM=myusername, Domain=vmware.com,UPN=myusername@vmware.com] [ 2013-09-18 12:40:20.232-0700] [http-9443-3 INFO /127.0.0.1] [com.vmware.loginsight.web.actions.misc.loginactionbean][user logged out: Active Directory User: SAM=myusername, Domain=vmware.com,UPN=myusername@vmware.com] [2013-09-18 12:40:36.933-0700] [http-9443-3 INFO /127.0.0.1] [com.vmware.loginsight.web.actions.misc.loginactionbean][user logged in: Local User: Name=myusername, Role=user] VMware, Inc. 11

VMware vrealize Security Guide [2013-09-18 12:40:40.429-0700] [http-9443-3 INFO /127.0.0.1] [com.vmware.loginsight.web.actions.misc.loginactionbean][user logged out: Local User: Name=myusername, Role=user [2013-11-13 23:26:21.569+0000] [http-443-4 INFO /127.0.0.1] [com.vmware.loginsight.web.actions.settings.usersactionbean] [Created new user: Active Directory User: SAM=username, Domain=vmware.com, UPN=username@vmware.com] [2013-11-14 22:44:11.017+0000] [http-443-6 INFO /127.0.0.1] [com.vmware.loginsight.web.actions.settings.usersactionbean] [Created new user: Local User: Name=username, Role=admin] [2013-12-05 21:03:36.751+0000] [http-443-3 INFO /127.0.0.1] [com.vmware.loginsight.web.actions.settings.usersactionbean] [Removed users: [Active Directory User: SAM=username, Domain=vmware.com, UPN=username@vmware.com]] [2013-12-05 21:04:16.707+0000] [http-443-3 INFO /127.0.0.1] [com.vmware.loginsight.web.actions.settings.usersactionbean] [Removed users: [Local User: Name=username, Role=admin]] [http-9443-3 INFO /127.0.0.1] [com.vmware.loginsight.web.actions.settings.usersactionbean] [Created new group: (domain=vmware.com, group=vmware Employees, role=user)] [2013-12-05 13:07:04.108-0800] [http-9443-2 INFO /127.0.0.1] [com.vmware.loginsight.web.actions.settings.usersactionbean] [Removed groups: [(domain=vmware.com, group=vmware Employees, role=user)]] Firewall Recommendations To protect sensitive information gathered by, place the server or servers on a management network segment protected by a firewall from the rest of your internal network. Required Ports The following ports need to be open to network traffic from sources that send data to. Port 514/UDP, 514/TCP 1514/TCP 9000/TCP Protocol Syslog Syslog-TLS (SSL) Ingestion API The following ports need to be open to network traffic that needs to use the UI. Port 80/TCP 443/TCP Protocol HTTP HTTPS The following set of ports should only be open on a master node for network access from worker nodes for maximum security. Port 16520:16580/TCP 59778/TCP 12543/TCP Protocol Thrift RPC log4j server database server 12 VMware, Inc.

Chapter 1 Security Reference User Accounts You must set up a system and a root account to administer. Root User currently uses the root user account as the service user. No other user is created. Unless you set the root password property during deployment, the default root password is blank. You must change the root password when you log in to the console for the first time. SSH is disabled until the default root password is set. The root password must meet the following requirements. Must be at least 8 characters long Must contain at least one uppercase letter, one lowercase letter, one digit, and one special character Must not repeat the same character four times Admin User When you start the virtual for the first time, creates the admin user account for its Web user interface. The default password for admin is blank. You must change the admin password in the Web user interface during the initial configuration of. Active Directory Support supports integration with Active Directory. When configured, can authenticate or authorize a user against Active Directory. See topic Enable User Authentication Through Active Directory in the Administration Guide. Privileges Assigned to Default Users The service user has root privileges. The Web user interface admin user has the administrator privileges only to the Web user interface. Security Updates and Patches The virtual uses SUSE Linux Enterprise Server 11 (x86_64), version 11, patch level 3 as the guest operating system. You can apply the latest security update or patch by using a conventional approach, for example, rpm upgrade. Before you apply an upgrade or patch to the guest operating system, take into account the dependencies. See Ports and External Interfaces that the Virtual Appliance Uses, on page 7. VMware, Inc. 13

VMware vrealize Security Guide 14 VMware, Inc.

Index A admin privileges 13 C certificate 10 configuration files 9 D default root password 13 disabled SSH 13 E EULA 10 F firewall ports 12 firewall recommendations 12 G glossary 5 guest OS 13 H http 7 https 7 I intended audience 5 K keystore 10 ports 7 postgres 7 public key 10 public.cert 10 R required ports 12 root privileges 13 S security reference 7 security updates 13 sendmail 7 server.xml 9 services 7 smtp 7 SSH 13 sshd 7 syslog 7 system logs 10 T tcp 7 tomcat-users.xml 9 truststore 10 U udp 7 L license file 10 loginsight-config-base.xml 9 loginsight-config-projects.xml 9 loginsight.pub 10 logs 10 logsight-config.xml 9 N ntp 7 P patches 13 VMware, Inc. 15

VMware vrealize Security Guide 16 VMware, Inc.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback