SSL traffic monitoring fails if the Apache User or Group name is changed in the httpd.conf file

Technote (FAQ)


Question

Why is malicious SSL traffic not generating alerts after you have edited the httpd.conf file?

Cause

If the system administrator changes the User and/or Group name of the Apache owner to a non-default value in the httpd.conf file, the agent will not be able to scan the SSL traffic.

The agent uses the /tmp/.issx_key object which is owned by the previous Apache user/group. Because the owner user/group has changed, the SSL monitoring component will lose access control rights over this object and monitoring for this traffic will fail.

Answer

Important: When performing administration tasks via ssh or local console, configuration changes made to your IBM appliance by any user other than admin could degrade appliance performance. Installing or activating other services or applications may also impact appliance performance or security. IBM Infrastructure Security Support will not support configuration changes made using the root user account unless specifically directed by a support engineer or IBM documentation. The following DCF Technote content is supported. Any further changes made that are not included in this document will place your product into an unsupported state and IBM product support may require you to reimage your appliance to restore it to a supported state.




To avoid this issue, the system administrator needs to ensure that the ownership of /tmp/.issx_key and the Apache processes are the same. This can be done using the following steps:
  1. Access the command line on the server on which the agent is installed.

  2. Enter the following to stop the agent service:

    /etc/init.d/proventiaserver stop

  3. Change the owner and/or group for the file with the following command:

    chown UserName:GroupName /tmp/.issx_key

    where UserName and GroupName match the name and group that you set for the Apache owner.

  4. Enter the following to start the agent service:

    /etc/init.d/proventiaserver start

  5. Restart the Apache service. The command for this will vary depending on what version of Apache you are using.



If the above information does not resolve your issue, contact IBM Security Systems Customer Support.

Historical Number

5689

Rate this page:

(0 users)Average rating

Add comments

Document information


More support for:

IBM Security Host Protection
Proventia Server

Software version:

1.0.0, 1.5.0

Operating system(s):

Linux

Reference #:

1437169

Modified date:

2013-06-25

Translate my page

Machine Translation

Content navigation