Absent Member.. Catalin Absent Member..
Absent Member..
187 views

(OO) Support Tip: Increasing the security of the OO installation

In OO version 10.50 or newer is possible to prevent the flow access to the file system, network or a resource.

In order to enable additional security in RAS the following option needs to be added to ras-wrapper.conf:

wrapper.java.additional.=-Djava.security.manager

Additionally the rules needs to be configured in <OO_DIR>/java/lib/security/java.policy .

The best way is to start with the config highlighted in the Security and Hardening guide, Section "Preventing Flows from Accessing the Central/RAS Local File System" and add any rules that are needed based on the error messages from the RAS logs in order to enable all the operations/flows to work.

Labels (2)
0 Likes
2 Replies
Super Contributor.. Brett Simpson_1 Super Contributor..
Super Contributor..

Re: (OO) Support Tip: Increasing the security of the OO installation

i'm surprised you posted this with so little real information for HP customers given our recent experience with this feature.

i would like to see HP post more usefull info when giving tips on documented features. e.g. As you are aware of the new defects raised against the Security and hardening document, why not in this post also inform customers and provide links to existing defets against this specific sections of the document.? why make customers waste time trying the current example only to find it doesn't work, and have to raise a case themselves, or troll the knowledge base?

Also inform customers, OO has not been actualy developed with this model in mind. HP does not currently know or understand the full implications across all the supplied Content PAcks on enabling this setting. Customers WILL need to log cases and get support involved if they enable this setting. And that currently, the Reverse RAS feature does not work with this setting enabled, due to a bug in a third party library usedby OO.

Personally, i think the entire section should be pulled from the Security guide, until HP has actually deployed and run OO in all its possible deplyment configurations, and attempted to use the HP supplied content packs with this feature enabled, rather than use customers as its testing platform.

Absent Member.. Catalin Absent Member..
Absent Member..

Re: (OO) Support Tip: Increasing the security of the OO installation

Hi Brett,

The purpose of the support tips is to provide couple of sentences about the issue, but I agree with you that more information about this should be provided.

As a result I will include here the link to a new KM created realted to this issue: https://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facetsearch/document/KM02523386

Also the link to the open documentation bug:

https://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facetsearch/document/LID/QCCR8C30578

Thank you for the feedback

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.