Knowledge Article
Remedy - Server - Tightening BMC Remedy AR System security
Guidance with securing the server and network resources which AR System has access. This applies to all versions of ARS.
Remedy AR System Server
AR System
All versions
How to secure the server and network resources which AR System has access. |
This knowledge article may contain information that does not apply to version 21.05 or later which runs in a container environment. Please refer to Article Number 000385088 for more information about troubleshooting BMC products in containers. Below is a guide to help secure the environment running Remedy. This may require working with the Windows or Linux Administrator to set up the AR server running with a user that is restricted to the folders and files you want the AR service to have access to. A good starting point is to restrict the file/directory access to the install directory for Remedy was installed. - On Linux/Unix install and run Remedy as a non-root user. - On Windows you must install as Administrator, but once installed configure Remedy to run as a non-Admin user with access to the files and folders that the AR requires to run and access (which is the install directly and write access to the logs directory for Remedy AR) Below are tests run on Windows as an example that can be used to test in the environment. 1. The service has been configured to execute with local OS user “aradmin” and service running under that user. Service running as user ‘aradmin’: 2. Next we show a file that we have restricted access (as an example) Folder permissions: 3. Here are the expected results of an AR Admin user trying to access the file c:\test\test.txt – the remedy error in the screenshot shows what is returned when the AR admin tries to access a file that the OS user assigned to the AR server service (running service) does not have access to. User did not get access to file:
|
Attachment(s):