search cancel

DX NetOps : Hardening Policy implementation on CA PM servers

book

Article ID: 214563

calendar_today

Updated On:

Products

CA Performance Management - Usage and Administration

Issue/Introduction

User has the mandatory process that Hardening on CAPM application hosted server.

Please confirm that we can good to go with Hardening on CAPM application hosted server.

 

 

Cause

The issue seems to be with  SElinux install.

Environment

Release : 20.2

Component : PERFORMANCE MANAGEMENT INTEGRATIONS

Resolution

Recommendations:
  • Broadcom Support cannot review and suggest on hardening scripts.  
  • SELinux enforcing can break the product, permissive is fine.
  • Ports already mentioned in the docs which need to be opened, so during hardening ensure their script doesn't block / restrict them.
  • Make sure /etc/security/limits.conf changes we make are not lost.  Need to have the app not run out of handles/threads.
  • It is recommended to test the script in a dev environment before implementing in production, and see if anything is broken.  
  • Support will be able to  provide assistance for possible causes of DA not starting, DC not connecting, related to the application side.