This topic gives background information about the methods of maintaining security for the BMC PATROL Agent, lists default ownership and permissions for the PATROL Agent, and tells you how to change those ownerships and permissions. This topic contains the following sections:
Supported security methods
The following table lists the methods available for maintaining security for the PATROL Agent and tells you where you can find instructions for changing security.
Methods for maintaining security for the PATROL Agent
Method of maintaining security | How security Is established | Task reference |
|---|---|---|
Security levels | Allows you to install one of five security level policies which secure the dataflow between the PATROL Agent, PATROL Consoles, and PATROL Console Server. | PATROL Security User Guide |
User account | The default account for commands run by the agent is specified by the defaultAccount variable in the agent configuration file. The agent cannot run application discovery and parameters properly without a valid user name. | |
User and host names | The Access Control List (ACL) is defined by an agent configuration variable. The ACL specifies which user names can be used with which computers when connecting with an agent. | |
Directory and file ownership and permissions | The PATROL_HOME/log and PATROL_HOME/config directories are created when the PATROL Agent process is run for the first time. At that time, the ownership and permissions of the PATROL Agent log and configuration directories are set. | |
PATROL Access Control | Access is controlled by configuration variables in patrol.conf | PATROL Console for Microsoft Windows User Guide — Customizing PATROL, Volume 3 |
Firewall requirements
If your environment includes firewalls, you may have to modify the configuration of the firewall to accommodate PATROL. For information about installing and configuring PATROL in an environment with firewalls, see
Installing
.
Access control list
The Access Control List (ACL) controls which users are authorized to connect to an agent, in which modes and from which hosts. For information about how to set up an Access Control List, see Controlling access to the Agent.
Application accounts
You can instruct the PATROL Agent to use separate accounts for individual applications and instances. For more information about how to specify which accounts are used for which commands, see Establishing accounts and ports.
Ownership and permissions
The default ownership and permissions of the PATROL Agent log and configuration directories are set according to the following table:
Directories for ownership and permissions of agent log
UNIX directory Windows directory | Owner | Permissions |
|---|---|---|
PATROL_HOME/log | AgentSetup/defaultAccount | UNIX = 0755 Windows = Full Control |
PATROL_HOME/bin | root | UNIX = 6755 Windows = Full Control |
PATROL_HOME/config | AgentSetup/defaultAccount | UNIX = 0755 Windows = Full Control |
The following table shows the default ownership and permissions of the log and configuration files:
Default owner and permissions of log and files
UNIX directory Windows directory | Owner | Permissions |
|---|---|---|
config/config_<host>-<port>_.dat | AgentSetup/defaultAccount | UNIX = 0644 |
config/config_<host>-<port>_.idx | AgentSetup/defaultAccount | UNIX = 0644 |
log/PatrolAgent_<host>-<port>_.errs | AgentSetup/defaultAccount | UNIX = 0644 |
log/history/<host>/<port>/dir | AgentSetup/defaultAccount | UNIX = 0644 Windows = Change |
log/history/<host>/<port>/annotate.dat | AgentSetup/defaultAccount | UNIX = 0644 |
log/history/<host>/<port>/param.hist | AgentSetup/defaultAccount | UNIX = 0644 |
log/PEM_<host>-<port>.log | AgentSetup/defaultAccount | UNIX = 0644 |
Overview
Content Tools
Apps
Reporter Replacement
com.bmc.atlassian.bmc-util-plugin-2.section.label
Tasks