Understanding the Security of
9
ZENworks Linux Management
System
The following sections provide information you should be aware of as you consider the security of
®
your Novell
ZENworks
Section 9.1, "Clear Text Passwords," on page 71
Section 9.2, "Server Certificates," on page 71
Section 9.3, "ZENworks Agent," on page 71
Section 9.4, "Database Connections," on page 72
Section 9.5, "Device Ports," on page 72
Section 9.6, "Denial-of-Service Attacks," on page 74
Section 9.7, "Root," on page 74
9.1 Clear Text Passwords
The following files contain the ZENworks Data Store password in clear text. All of the files are
located on the ZENworks Server and are accessible only as
/etc/opt/novell/zenworks/hibernate.cfg.xml
/etc/opt/novell/zenworks/tomcat/base/server.xml
We recommend that you do not grant users additional permissions to the following directories:
/etc/opt/novell/zenworks
/var/opt/novell/zenworks
/opt/novell/zenworks
9.2 Server Certificates
ZENworks Linux Management uses a self-signed certificate. The certificate's private keys are of
type RSA and the key size is 1024 bits. The certificate is created during installation through the use
of the Java keytool utility, which is part of the JDK*1.4 JSSE module.
The certificate can be replaced with a certificate signed by a trusted authority, at the user's
discretion. For more information, see
9.3 ZENworks Agent
The ZENworks Agent, which is installed on all ZENworks Servers and all managed devices, runs as
. By default, remote services are enabled for the agent (allowing it to be controlled from
root
another device).
®
Linux Management system:
Section A.7, "Adding a Third-Party Certificate," on page
Understanding the Security of ZENworks Linux Management System
.
root
9
127.
71