opsi manual opsi version 4.0.2 - opsi Download - uib

More documents

Recommendations

Info

opsi manual opsi version 4.0.2 • Initialize the configuration opsi-setup --init-current-config • Set the rights for opsi-relevant files and directories: opsi-setup --set-rights • Cleanup backend opsi-setup --cleanup-backend • Check that samba is running: ps -ef | grep mbd It have to run at least one nmbd and one smbd process. To restart samba: /etc/init.d/samba restart or service nmbd restart service smbd restart • Set the pcpatch-password: opsi-admin -d task setPcpatchPassword 12 Security 12.1 Introduction Opsi is a powerful tool for the administration of many clients. According to that fact, the opsi-server has to be in the focus of security considerations. If you control the opsi-server, you are in control of all the clients, that are connecting to that opsi-server. 93 / 193 How much time and money you should spend for hardening your opsi-server, depends on your needs regarding security and the operational environment for using opsi. So for example an opsi-server in the cloud is more endangered than an opsi-server in a secured network. In the following chapter we have collected the most important issues and problems. At this point we say thank you to all customers and users which informed us about security problems and helped us to improve the security of the opsi system. If you find any security problem, please inform us (info@uib.de) before disclosing the security vulnerability in public.
opsi manual opsi version 4.0.2 12.2 Stay tuned Information about security relevant updates and tasks are published at the news area at the opsi forum: https://forum.opsi.org/viewforum.php?f=10 12.3 General server security 94 / 193 The opsi software cannot be more secure than the underlying operating system. So please make sure to update your server with the security updates of your Linux distribution. This has to be done not only for the opsi-config-server, but also for all the opsi-depot-server. It may help you to install programs which inform you by email if there are new updates available. Debian, Ubuntu apticron RHEL, CentOS yum-updatesd There are a lot of possibilities to enhance the security of your Linux server. But this is not the task of this manual. We would be happy to help you with this task as part of a support contract. 12.4 Read Only depot share The depot_share which is used by the clients should be read-only. This is important to avoid virus infections of the files at the depot_share by an infected client. Since opsi 4.0.1 there is a new share opsi_depot which is read-only. In order to use this share, please execute (on all your opsi-servers): opsi-setup --auto-configure-samba This command creates the new share. This share points to the directory /var/lib/opsi/depot. According to your Linux distribution, a symbolic link from this directory to /opt/pcbin/install will be created. To tell the clients that they now have to use this new share, you should execute at your opsi-config-server the following script: for depot in $(opsi-admin -dS method host_getIdents unicode "{\"type\":\"OpsiDepotserver\"}"); do echo "Depot: $depot" depot_remote=$(opsi-admin -dS method host_getObjects [] "{\"id\":\"$depot\"}" | grep "depotRemoteUrl=" | cut -d "=" \ -f2) depot_local=$(opsi-admin -dS method host_getObjects [] "{\"id\":\"$depot\"}" | grep "depotLocalUrl=" | cut -d "=" -\ f2) depot_remote_new=$(echo $depot_remote | sed "s|/opt_pcbin/install|/opsi_depot|") depot_local_new=$(echo $depot_local | sed "s|/opt/pcbin/install|/var/lib/opsi/depot|") servertype=$(opsi-admin -dS method host_getObjects [] "{\"id\":\"$depot\"}" | grep "type=" | cut -d "=" -f2) opsi-admin -d method host_updateObjects "{\"type\":\"$servertype\",\"id\":\"$depot\",\"depotLocalUrl\":\"\ $depot_local_new\",\"depotRemoteUrl\":\"$depot_remote_new\"}" done 12.5 Client authentication at the server The client authenticates itself using the FQDN as username and the opsi-host-key as password. The opsi-host-key is stored at the client in the file: %programfiles%\opsi.org\opsi-client-agent\opsiclientd\opsiclientd.conf
Page 1 and 2:
opsi manual opsi version 4.0.2 Stan
Page 3 and 4:
opsi manual opsi version 4.0.2 4.3.
Page 5 and 6:
opsi manual opsi version 4.0.2 8 Lo
Page 7 and 8:
opsi manual opsi version 4.0.2 14 o
Page 9 and 10:
opsi manual opsi version 4.0.2 20 o
Page 11 and 12:
opsi manual opsi version 4.0.2 24.6
Page 13 and 14:
opsi manual opsi version 4.0.2 3 Ov
Page 15 and 16:
opsi manual opsi version 4.0.2 More
Page 17 and 18:
Page 19 and 20:
opsi manual opsi version 4.0.2 prod
Page 21 and 22:
opsi manual opsi version 4.0.2 4.3.
Page 23 and 24:
opsi manual opsi version 4.0.2 12 /
Page 25 and 26:
opsi manual opsi version 4.0.2 Basi
Page 27 and 28:
opsi manual opsi version 4.0.2 Send
Page 29 and 30:
opsi manual opsi version 4.0.2 Dele
Page 31 and 32:
opsi manual opsi version 4.0.2 20 /
Page 33 and 34:
opsi manual opsi version 4.0.2 Figu
Page 35 and 36:
Page 37 and 38:
Page 39 and 40:
opsi manual opsi version 4.0.2 The
Page 41 and 42:
opsi manual opsi version 4.0.2 -p,
Page 43 and 44:
Page 45 and 46:
opsi manual opsi version 4.0.2 •
Page 47 and 48:
opsi manual opsi version 4.0.2 meth
Page 49 and 50:
opsi manual opsi version 4.0.2 Note
Page 51 and 52:
opsi manual opsi version 4.0.2 prod
Page 53 and 54: ] opsi manual opsi version 4.0.2 {
Page 55 and 56: opsi manual opsi version 4.0.2 (...
Page 57 and 58: opsi manual opsi version 4.0.2 soft
Page 59 and 60: opsi manual opsi version 4.0.2 meth
Page 61 and 62: opsi manual opsi version 4.0.2 Supp
Page 63 and 64: opsi manual opsi version 4.0.2 Supp
Page 65 and 66: opsi manual opsi version 4.0.2 6 Ac
Page 67 and 68: opsi manual opsi version 4.0.2 7.3
Page 69 and 70: opsi manual opsi version 4.0.2 shut
Page 71 and 72: opsi manual opsi version 4.0.2 60 /
Page 73 and 74: opsi manual opsi version 4.0.2 7.3.
Page 75 and 76: opsi manual opsi version 4.0.2 veri
Page 77 and 78: opsi manual opsi version 4.0.2 even
Page 79 and 80: opsi manual opsi version 4.0.2 [eve
Page 83 and 84: opsi manual opsi version 4.0.2 Figu
Page 85 and 86: opsi manual opsi version 4.0.2 At t
Page 91 and 92: opsi manual opsi version 4.0.2 - Ch
Page 95 and 96: opsi manual opsi version 4.0.2 Call
Page 97 and 98: opsi manual opsi version 4.0.2 imag
Page 101 and 102: opsi manual opsi version 4.0.2 { "C
Page 103: opsi manual opsi version 4.0.2 11.5
Page 121 and 122: opsi manual opsi version 4.0.2 The
Page 125 and 126: opsi manual opsi version 4.0.2 114
Page 127 and 128: opsi manual opsi version 4.0.2 Tabl
Page 133 and 134: opsi manual opsi version 4.0.2 The
Page 135 and 136: opsi manual opsi version 4.0.2 •
Page 139 and 140: opsi manual opsi version 4.0.2 [5]
Page 145 and 146: opsi manual opsi version 4.0.2 ’
Page 147 and 148: opsi manual opsi version 4.0.2 18 o
Page 155 and 156:
opsi manual opsi version 4.0.2 144
Page 157 and 158:
opsi manual opsi version 4.0.2 Show
Page 159 and 160:
Page 161 and 162:
Page 163 and 164:
Page 165 and 166:
opsi manual opsi version 4.0.2 On R
Page 167 and 168:
opsi manual opsi version 4.0.2 Chec
Page 169 and 170:
Page 171 and 172:
Page 173 and 174:
Page 175 and 176:
Page 177 and 178:
Page 179 and 180:
opsi manual opsi version 4.0.2 serv
Page 181 and 182:
Page 183 and 184:
opsi manual opsi version 4.0.2 HARD
Page 185 and 186:
opsi manual opsi version 4.0.2 •
Page 187 and 188:
Page 189 and 190:
opsi manual opsi version 4.0.2 -h s
Page 191 and 192:
opsi manual opsi version 4.0.2 set
Page 193 and 194:
Page 195 and 196:
Page 197 and 198:
opsi manual opsi version 4.0.2 [rep
Page 199 and 200:
Page 201 and 202:
opsi manual opsi version 4.0.2 Devi
Page 203 and 204:
show all

opsi manual opsi version 4.0.2 - opsi Download - uib

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?