Skip Navigation Links | |
Exit Print View | |
Sun QFS and Sun Storage Archive Manager 5.3 Security Guide Sun QFS and Sun Storage Archive Manager 5.3 Information Library |
1. Sun QFS and Sun Storage Archive Manager Overview
2. Secure Installation and Configuration
3. Sun QFS and Sun Storage Archive Manager Security Features
The following sections describe the fundamental principles that are required to use any application securely.
Stay current with the version of SAM-QFS that you run. You can find current versions of the software for download at the Oracle Software Delivery Cloud.
SAM-QFS uses the following TCP/IP ports:
tcp/7105 is used for metadata traffic between the client and the MDS
tcp/1000 is used for Sun SAM-Remote
tcp/6789 is the HTTPS port that is used for a browser to contact to fsmgr
tcp/5012 is used for sam-rpcd
Note - For MDS client traffic, consider setting up a separate network that is not interconnected to the outside WAN. This configuration prevents exposure from outside threats and also ensures that outside traffic does not limit MDS performance.
Grant the user or administrator the least privilege that is required to accomplish the task to be performed. The SAM-QFS Manager has various roles that can be granted to users. These roles grant varying types and amounts of privilege. Performing SAM-QFS administration tasks from the command line requires root permission.
For more information about using the SAM-QFS Manager, see Chapter 6, Installing and Configuring SAM-QFS Manager, in Sun QFS and Sun Storage Archive Manager 5.3 Installation Guide.
Monitor system activity to determine how well SAM-QFS is operating and whether it is logging any unusual activity. Check the following log files:
/var/adm/messages
/var/opt/SUNWsamfs/sam-log
/var/opt/SUNWsamfs/archiver.log, see /etc/opt/SUNWsamfs/archiver.cmd
/var/opt/SUNWsamfs/recycler.log, see /etc/opt/SUNWsamfs/recycler.cmd
/var/opt/SUNWsamfs/releaser.log, see /etc/opt/SUNWsamfs/releaser.cmd
/var/opt/SUNWsamfs/stager.log, see /etc/opt/SUNWsamfs/stager.cmd
/var/opt/SUNWsamfs/trace/*
You can access several sources of security information. For security information and alerts for a large variety of software products, see http://www.us-cert.gov. For information specific to SAM-QFS, see http://mail.opensolaris.org/mailman/listinfo/sam-qfs-discuss. The primary way to keep up to date on security matters is to run the most current version of the SAM-QFS software.