HP Operations Manager for Windows

Security Considerations for the HPOM Interface API


Because an event subscription service API is a window for applications to see generic system-wide activity, applications must be prevented from unauthorized snooping of system behavior at this access point. In addition, access to the HPOM message flow in read-write mode allows an external application to discard messages, without a user being made aware that a message was generated. The APIs must, therefore, apply authentication mechanisms to prevent users and applications from unauthorized access to the HPOM message flow.

Automatic/Operator-initiated Actions

One important and critical issue arising from these security considerations is whether external applications using the interfaces are allowed to define automatic actions, operator-initiated actions, or both. If HPOM allows access to these message attributes, any user who is authorized to call the APIs is also able to execute actions on HPOM managed nodes.

According to the current HPOM concept, which regards HPOM as an open application providing a high level of flexibility to integrate applications, HPOM allows external programs to define actions for messages that are passed to the message agent. Event correlation can be seen as an advance on the existing concept of message conditions ("if attributes match then set attributes and actions") to a higher level ("if rule fires then set attributes and actions"). It is, therefore, essential that these external applications are allowed to perform these modifications.

An appropriate authorization mechanism at the API level guarantees that only authorized users can apply the APIs. However, as the checking of a user ID belongs to the OS level with its superuser concept, this conflicts somewhat with the existing HPOM concept where the administrator is responsible for the configuration of user roles.

HPOM for Windows provides a possibility to enable and disable the interface functionality. In addition, you can configure whether actions can be defined by an application that is writing to the interface. This concerns all interface types.

You can also define whether each message is allowed for output to the Message Stream Interface in the HPOM for Windows policy editors. For example, an administrator can prevent the output of certain messages so that external applications do not receive secure information by reading these messages from the HPOM message flow.

Summary

HPOM allows users with a user ID of zero (uid 0), typically root, on UNIX and users that are in the Administrators group on Windows to access the HPOM Interface APIs and to define actions for messages that are sent to the management server. The HPOM for Windows administrator can enable or disable the interface functionality of the interface types concerning the message flow and allow or disallow actions that are read from the interface.

Per default the interfaces are disabled and it is not allowed to define actions.

To enable the message stream interface on a managed node create a nodeinfo policy containing

OPC_AGTMSI_ENABLE TRUE

and deploy it to the managed nodes.

If actions are disallowed, an appropriate error text is added to the annotations field and the action disabled.

To allow the definition of automatic actions add the following to the nodeinfo policy:

OPC_AGTMSI_ALLOW_AA TRUE

To allow the definition of operator initiated actions add the following to the nodeinfo policy:

OPC_AGTMSI_ALLOW_OA TRUE