Enabling security within the cluster management console

The security features within the cluster management console are enabled by default. If you have disabled security features within the cluster management console and now want to enable them, follow these steps.

About this task

Procedure

  1. Open the pmc.conf file:
    • Linux®: $EGO_CONFDIR/../../gui/conf/pmc.conf
    • Windows: %EGO_CONFDIR%\..\..\gui\conf\pmc.conf
  2. Enable the following secure interactions for the cluster management console:
    • Prevent cross-site scripting (CSS) attacks in which malicious scripts are injected to trusted web sites.
    • Prevent cross-site request forgery (CSRF) attacks, which force users to execute unwanted actions on a web application in which they are currently authenticated.
    • Prevent user names and passwords from being stored in cookies.
    • Enable access control to prevent access to certain files.

    Do this by locating the SECURITY tag in the pmc.conf file and setting its value to ON. If the tag does not exist, add the tag. For example:

    SECURITY=ON
  3. Enable HTTP Strict Transport Security (HSTS) protocol for the cluster management console so that IBM® Spectrum Symphony always uses HTTPS (Hypertext Transfer Protocol Secure) to access cluster management console.
    Do this by locating the HSTS tag in the pmc.conf file and setting its value to ON. If the tag does not exist, add the tag. For example:
    HSTS=ON
  4. Save your changes.
  5. Stop and restart the WEBGUI service:
    # egosh service stop WEBGUI
    # egosh service start WEBGUI