Sentinel Application And Database Users; Securing Sentinel Data - Novell SENTINEL LOG MANAGER 1.0.0.5 - ADMINISTRATION GUIDE 03-31-2010 Administration Manual

home directory. By default, if a new user is created, the password for the user is not set in order to
maximize security. If you want to log in to the system as the user, you must set a password for the
user after installation. The default group is
During the client installation, if the user already exists, the installer does not prompt for the user
again. This behavior is similar to the behavior during uninstallation or reinstallation of a software.
However, you can have the installer prompt for the user again:
1 Delete the user and group created at the time of first installation.
2 Clear the ESEC_USER environment variables from the
Windows: No users are created.
The password policies for system users are defined by the operating system that is being used.

2.2.2 Sentinel Application and Database Users

All Sentinel Log Manager application users are native database users and their passwords are
protected by the native database platform. These users have only read access to certain tables in the
database so that they can execute queries against the database.
The user is the administrator user for Sentinel Log Manager user applications.
admin
By default, the following database users are created during installation:
dbuser: The is created as a superuser who can manage the database and is typically the
dbauser
user who can log in to the pgAdmin. The password for the dbauser is accepted at the time of
installation. This password is stored in the
follows the PostgreSQL database password policies.
appuser: The is the non-superuser used by Sentinel Log Manager to connect to the
appuser
database. By default, the appuser uses a password randomly generated at installation, which is stored
encrypted in the
Install_Directory/server.xml
use the
Install_Directory/bin/dbconfig
For more information, see
NOTE: There is also a PostgreSQL database user that owns the entire database, including system
database tables. By default, the postgres database user is set to NOLOGIN, so that no one can log-in
as the PostgreSQL user.

2.3 Securing Sentinel Data

IMPORTANT: Because of the highly sensitive nature of the data on the Sentinel Log Manager, you
must keep the machine physically secure and in a secure area of the network. To collect data from
event sources outside the secure network, use a remote Collector Manager.
For certain components, passwords must be stored so that they are available to the components
when the system needs to connect to a resource such as a database or an event source. In this case,
when the password is stored, it is first encrypted to avoid unauthorized access to the clear-text
password.
.
esec
user home directory/.pgpass
utility.
"Command Line Utilities" on page
file.
/etc/profile
file. The system
file. To change the password for the
141.
Security Considerations for Sentinel Log Manager
,
appuser
17