Understanding The Security Of Zenworks Linux Management System; Clear Text Passwords; Self-Signed Certificates; Zenworks Agent - Novell ZENWORKS LINUX MANAGEMENT 7.2 IR2 - INSTALLATION GUIDE 07-20-2009 Installation Manual

Understanding the Security of
9
ZENworks Linux Management
System
The following sections provide information you should be aware of as you consider the security of
®
your Novell ZENworks
Section 9.1, "Clear Text Passwords," on page 67
Section 9.2, "Self-Signed Certificates," on page 67
Section 9.3, "ZENworks Agent," on page 67
Section 9.4, "Database Connections," on page 68
Section 9.5, "Device Ports," on page 68
Section 9.6, "Denial-of-Service Attacks," on page 70
Section 9.7, "Root," on page 70

9.1 Clear Text Passwords

The following files contain the ZENworks Data Store password in clear text. All of the files are
located on the ZENworks Server and are accessible only as
/etc/opt/novell/zenworks/hibernate.cfg.xml
/etc/opt/novell/zenworks/tomcat/base/server.xml
We recommend that you do not grant users additional permissions to the following directories:
/etc/opt/novell/zenworks
/var/opt/novell/zenworks
/opt/novell/zenworks

9.2 Self-Signed Certificates

ZENworks Linux Management uses a self-signed certificate. The certificate's private keys are of
type RSA and the key size is 1024 bits. The certificate is created during installation through the use
of the Java keytool utility, which is part of the JDK*1.4 JSSE module.
The certificate can be replaced with a certificate signed by a trusted authority, at the user's
discretion.

9.3 ZENworks Agent

The ZENworks Agent, which is installed on all ZENworks Servers and all managed devices, runs as
. By default, remote services are enabled for the agent (allowing it to be controlled from
root
another device).
®
Linux Management system:

Understanding the Security of ZENworks Linux Management System

.
root
9
67