search cancel

DX NetOps : Hardening Policy implementation on CA PM servers

book

Article ID: 214563

calendar_today

Updated On:

Products

CA Performance Management - Usage and Administration

Issue/Introduction

User has the mandatory process that Hardening on CAPM application hosted server.

Please confirm that we can good to go with Hardening on CAPM application hosted server.

 

 

Environment

Release : 20.2

Component : PERFORMANCE MANAGEMENT INTEGRATIONS

Cause

The issue seems to be with  SElinux install.

Resolution

Recommendations:
  • Broadcom Support cannot review and suggest on hardening scripts.  
  • SELinux enforcing can break the product, permissive is fine.
  • Ports already mentioned in the docs which need to be opened, so during hardening ensure their script doesn't block / restrict them.
  • Make sure /etc/security/limits.conf changes we make are not lost.  Need to have the app not run out of handles/threads.
  • It is recommended to test the script in a dev environment before implementing in production, and see if anything is broken.  
  • Support will be able to  provide assistance for possible causes of DA not starting, DC not connecting, related to the application side.