Wednesday, March 12, 2008

Tighten ITM Security using Secure* utilities

ITM 6.1 Fixpack 3 introduces three new utilities, SecureMain, SecureLock and SecureUnlock. These utilities, as the name suggests, help to secure your ITM installation while providing ways to run your ITM installation as non-root user. Please read on to learn about them

SecureMain Utility

This utility provides a way to lock or unlock security on your ITM installation. One of the problems with earlier fixpacks was that many of the ITM directories had a world read/write permissions so that the non-root user could install/uninstall components. But, these world read/write permissions are not needed for a normal operations and they present a security vulnerability. With the help of SecureMain utility, you can unlock the permissions for installation directory, install/uninstll products as non-root user and then lock the permissions by running the secureMain utility again.

$ sudo secureMain unlock
Enter the root password if propmted
$
$ sudo secureMain lock
Enter the root password if prompted
$

SecureLock & SecureUnlock utilities

SecureMain is a shell script that calls SecureLock or SecureUnlock scripts internally. So, instead of running SecureMain with lock/unlock parameters, you could directly run the SecureLock or SecureUnlock utilities. Why would you want to do this? The secureLock and secureUnlock utilities accepts an userid as argument. They are useful if you want to specify an explicit userid to which you want to lock/unlock the installation directories.

No comments: