Setting up local security checks on the agent is optional. The agent can perform its own security checks when it receives instructions from the scheduling manager. Security rules define these checks.
Although security is mostly controlled on the CA WA CA 7 Edition side, the agent can perform its own local security checks against its security.txt file. These checks do not override the operating system security but are performed within the CA WA Agent.
Note: For more information about local security on the agent, see the CA Workload Automation Agent for UNIX, Linux, or Windows Implementation Guide.
To enable this local security, in the agentparm.txt file, set parameters security.level=on and security.filename=file.txt. This file contains the local checks that the agent is to perform. The default file, security.txt, permits all access to CONTROL commands and denies all access to FTP and commands/scripts, as shown in the following:
c a * * * f d * * + x d * * +
Indicates CONTROL commands.
Indicates FTP access.
Indicates command and script execution.
Permits access.
Denies access.
The following are the masking characters:
* for zero or more characters, and when applicable to directories, it means the current directory only.
+ for zero or more characters and it applies to the current directory and all subdirectories. When dealing with a file, it implies all members within that file.
Each format for c, f, and x is a little different. The following are the formats.
Note: For more information about formats, see the Agent Implementation Guide.
c {a|d} manager_userID CONTROL command
f {a|d} FTP_userID operation path
x {a|d} manager_userID agent_userID path
The manager-userID is determined on CA WA CA 7 Edition and is listed as MFUser in the AFM.
Any changes to the security file require that you recycle the CA WA Agent. The security files can also be refreshed from a CA WA CA 7 Edition terminal by entering the command /AGENT,AGENT=agentname,FUNC=REFRESH. This command causes the agent to reset the agent security environment such that new security definitions are in place.
|
Copyright © 2015 CA Technologies.
All rights reserved.
|
|