Security Breach

[OKTSMGURU21]

TSM 5.3.3

AIX 5.2ML8



I have a serious question:



We noticed that we have had a couple of nodes created, and when we issued the command, q node <name of node> f=d, we noticed that it had in the REGISTERING ADMINISTRATOR=OPEN_REGISTRATION.



WHO IS THIS ?



I cannot find this admin when I issue the command, q admin



I need to know this because it we have client node operators with the priviledges to create nodes within coming through the TSM Administrator, then, we have a security risk



Am I right ????

 

[Harry_Redl]

Hi,



when "open registration" is used, first node connection registers/creates new node

opposite is "closed registration" where and administrator has to register the node before it can connect





See "q stat" and "registration" parameter for your current setup

also see "help set registration" for more info



Hope it helps



Harry

 

[rlthari]

This goes back to how you built the TSM server. if you run " q sta" and check "Registration", it should be saying "open", set it to closed by running "set registration closed". This should prevent unauthorized nodes from registering by themselves.

 

[sgabriel62]

Hey
There is no security breach in place unless there is an admin account with system level privlege that you or a teammember did not create. To control the situation - do not use the default Admin account - disable it. Then proceed with closed registration - this will prevent actions such as a new client and service installations, admin scripts past or present, from registering the dsm.opt(dsm.sys) information or administrators - and force you to create the account - preferrably before hand so you dont forget after the installation is completed.
Change your password aging policies to meet your local security requirements and you are all set.
Hope this helps
Steven