Copyright © TIBCO Software Inc. All Rights Reserved
Copyright © TIBCO Software Inc. All Rights Reserved


Chapter 4 TIBCO Hawk Security Model : To Use the Trusted Model

To Use the Trusted Model
Two sample access control files are included with TIBCO Hawk.
Trusted.txt can be used on UNIX or Microsoft Windows. It is used when the command line specifies Trusted.
TrustedWithDomain.txt is for use on Microsoft Windows only, and is used when the command line specifies TrustedWithDomain.
The access control files, Trusted.txt and TrustedWithDomain.txt, are described in the next section.
To use the Trusted model:
If you have multiple Hawk agents running on a machine and these Hawk agents, in turn, belong to different Hawk domains, you can specify separate access control files for each domain.
1.
CONFIG_FOLDER/hawk/domain/<domain-name>/security where <domain-name> is the name of the Hawk domain.
2.
Provide a remote Trusted.txt file to configure a security URL on Agent,
add/append the following system parameter to java.extended.properties in tibhawkagent.tra
-Dhawk.security_file_url=file:///D:/temp/Trusted.txt
Or
-Dhawk.security_file_url=http://<hostname:port>/Trusted.txt
The Agent always gives precedence to the local file, if found in hawk/domain folder.
3.
Modify the appropriate sample access control file, Trusted.txt or TrustedWithDomain.txt, according to the requirements of your system.
4.
5.
Ensure that the security_policy parameter in Hawk agent configuration is set to one of the following, before starting TIBCO Hawk Agent and Hawk Console:
        COM.TIBCO.hawk.security.trusted.Trusted
or
 
        COM.TIBCO.hawk.security.trusted.TrustedWithDomain
The Trusted model is now in effect. The security policy stays in force as long as the process is running.
Access Control File
To store access control information, the Trusted model uses an ASCII file. Two sample access control files are included with TIBCO Hawk: Trusted.txt and TrustedWithDomain.txt.
Sample access control files are shipped with the TIBCO Hawk software, in the directory HAWK_HOME/examples/security/.
Trusted.txt
This access control file can be used with UNIX or with Microsoft Windows XP.
The user for authorization is the login ID of the TIBCO Hawk Display owner.
TrustedWithDomain.txt
This file can only be used with Microsoft Windows XP, and only when specified in the command used to start TIBCO Hawk agent and Display, as in -security_policy COM.TIBCO.hawk.security.trusted.TrustedWithDomain.
The user is the login ID and the domain where the user is logged on. For example, for user1 in domainX, the user is <domainX>\user1.
Group Operations
A group operation effectively performs a method invocation simultaneously on all of the specified target microagents. It is useful for affecting a group of microagents in a single operation. There are two kinds of group operation: network query and network action.
Wildcards characters + and * affect permissions on group operations and point-to-point invocations as shown in Access Control File.
Access Control File Conventions
The access control file uses the following conventions to grant or deny access.
File Settings for the Trusted Model
This table presents how individual restrictions and permissions are defined for nodes, microagents, and methods. Individual node, microagent, and method names can be specified. In addition, wildcard characters can be used as shown in the table.
Each individual setting is represented by one line in the access control file. Complex permissions and restrictions can be defined using sets of related lines. For example, you can give a user access to all methods on a node in one line, then in the following line, restrict that user’s access to one of those methods. See Disable Custom Microagent, for further details.
Permissions are granted to a user using the user name. Restrictions are defined by prefixing a bang (!) character to the user name, as shown in the table.
 
<user>
!<user>
<user>
<user>
<user>
<node>
!<user>
!<user>
!<user>
<node>
<user>
<node>
<microagent>
!<user>
<node>
<microagent>
Grants access to all ACTION and INFO methods on the specified microagent (but not ACTIONINFO methods).
<user>
<node>
<microagent>
Grants access to all INFO methods on the specified microagent (but not ACTION or ACTIONINFO methods).
<user>
<node>
<microagent>
<user>
<node>
<microagent>
<method>
!<user>
<node>
<microagent>
Denies access to all ACTION and ACTION_INFO methods on the specified microagent.
!<user>
<node>
<microagent>
!<user>
<node>
<microagent>
<method>
Disable Custom Microagent
The Custom microagent can be disabled by leveraging the Security TrustModel supported by TIBCO Hawk. Users are explicitly granted or denied access through the access control file.
The following steps describe how to disable Custom microagent execution.
1.
For each Hawk domain create a directory HAWK_HOME/domain/<domain-name>/security where <domain-name> is the name of the Hawk domain.
2.
According to the requirements of your system, copy HAWK_HOME/examples/security/Trusted.txt or HAWK_HOME/examples/security/TrustedWithDomain.txt to CONFIG_FOLDER/security/.
3.
   * * * *
   none * COM.TIBCO.hawk.microagent.Custom +
The first line grants access to all users, on all nodes, and for all microagent methods.
The second line grants access only to the user none, on all nodes for the Custom microagent, where none is a non-existent user. This effectively prevents anyone from executing the Custom microagent.
4.
Ensure that the security_policy parameter in Hawk agent configuration is set to one of the following, before starting TIBCO Hawk Agent and Hawk Console:
COM.TIBCO.hawk.security.trusted.Trusted or COM.TIBCO.hawk.security.trusted.TrustedWithDomain
Trusted.txt and TrustedWithDomain File Examples
The following example files demonstrates how a Trusted.txt and TrustedWithDomain.txt access control file might be constructed. The permissions and restrictions defined in this file are explained in the previous section.
Explanation of Settings
The settings in the example files below provide access to the following users as shown here:
Grant user1 point-to-point access to all methods on all microagents, except:
All ACTION methods on the Custom microagent on all nodes.
The specified methods on the Repository microagent on all nodes.
The specified methods on the RuleBaseEngine microagent on nodeA.
Grant user2 point-to-point and group operation invocation access to all methods on all microagents, except:
All ACTION methods on the Custom microagent on all nodes.
All ACTION methods on the Repository microagent on all nodes.
All ACTION methods on the RuleBase microagent on all nodes.
Grant user3 point-to-point and group operation invocation access to all methods on all microagents on all nodes, except:
group operation invocation access to all ACTION methods on the RuleBase microagent.
Grant user4 full access to all methods on all microagents on nodeB.
Grant user5 point-to-point access to all INFO methods on all microagents on all nodes.
Trusted.txt Example File

 
#
# This file is used by agent running with COM.TIBCO.hawk.security.trusted.Trusted
# security model.
#
#
# Explanation of Settings:
#
# Grant "user1" point-to-point access to all methods on all Microagents, EXCEPT
# - all ACTION methods on the Custom microagent on all nodes.
# - the specified methods on the Repository microagent on all nodes.
# - the specified methods on the RuleBaseEngine microagent on "nodeA".
#
# Grant "user2" point-to-point and network access to all methods on all
# Microagents, EXCEPT
# - all ACTION methods on the Custom microagent on all nodes.
# - all ACTION methods on the Repository microagent on all nodes.
# - all ACTION methods on the RuleBase microagent on all nodes.
#
# Grant "user3" point-to-point and network access to all methods on all
# Microagents on all nodes, EXCEPT
# - network access to all ACTION methods on the RuleBase microagent.
#
# Grant "user4" full access to all methods on all microagents on nodeB.
#
# Grant "user5" point-to-point access to all INFO methods on all microagents
# on all nodes.
#
#
# Wildcard characters + and * usage:
#
# - Use + in node access for allowing access to group operations.
# - Use * in node access for allowing access to point-to-point invocations.
# - Use + in method access for allowing access to all INFO and ACTION methods.
# - Use * in method access for allowing access to all INFO methods only.
#
#
# File format:
#
# user node microagent method
# access access access
# & & &
# restrictions restrictions restrictions
#
user1 *
!user1 * COM.TIBCO.hawk.microagent.Custom +
!user1 * COM.TIBCO.hawk.microagent.Repository addRuleBase
!user1 * COM.TIBCO.hawk.microagent.Repository updateRuleBase
!user1 * COM.TIBCO.hawk.microagent.Repository deleteRuleBase
!user1 * COM.TIBCO.hawk.microagent.Repository setSchedules
!user1 * COM.TIBCO.hawk.microagent.Repository setRBMap
!user1 nodeA COM.TIBCO.hawk.microagent.RuleBaseEngine addRuleBase
!user1 nodeA COM.TIBCO.hawk.microagent.RuleBaseEngine updateRuleBase
!user1 nodeA COM.TIBCO.hawk.microagent.RuleBaseEngine deleteRuleBase
!user1 nodeA COM.TIBCO.hawk.microagent.RuleBaseEngine loadRuleBase
!user1 nodeA COM.TIBCO.hawk.microagent.RuleBaseEngine unloadRuleBase
!user1 nodeA COM.TIBCO.hawk.microagent.RuleBaseEngine loadRuleBaseFromFile
!user1 nodeA COM.TIBCO.hawk.microagent.RuleBaseEngine setSchedules
!user1 nodeA COM.TIBCO.hawk.microagent.RuleBaseEngine setRBMap
 
user2 + * +
!user2 * COM.TIBCO.hawk.microagent.Custom +
!user2 * COM.TIBCO.hawk.microagent.Repository +
!user2 * COM.TIBCO.hawk.microagent.RuleBaseEngine +
 
user3
!user3 + COM.TIBCO.hawk.microagent.RuleBaseEngine +
 
user4 nodeB
 
user5 * * *
 
#
# To activate logging, uncomment the following:
# <LogService> -log_dir logDir -log_max_size size -log_max_num n
#
# where: logDir is the directory where the log file is stored
# size is the maximum size of a rotating log file in KB.
# A suffix m or M can be used for indicating MB .
# n is the maximum number of rotating log files.

 
TrustedWithDomain.txt Example File

 
#
# This file is used by agent running with
# COM.TIBCO.hawk.security.trusted.TrustedWithDomain security model.
#
# To allow a user running with COM.TIBCO.hawk.security.trusted.TrustedWithDomain
# security model on Windows platform to access this agent, the user
# specified should include the domain of the user.
# For example, for user1 in domainX, the user should be specified as
# "domainX\user1".
#
# Note that agents using the TrustedWithDomain security model also allow
# users running with COM.TIBCO.hawk.security.trusted.Trusted security model
# to access this agent. For these users, the domain should not be
# included in the user.
#
#
# Explanation of Settings:
#
# Grant "user1" point-to-point access to all methods on all Microagents, EXCEPT
# - all ACTION methods on the Custom microagent on all nodes.
# - the specified methods on the Repository microagent on all nodes.
# - the specified methods on the RuleBaseEngine microagent on "nodeA".
#
# Grant "user2" point-to-point and network access to all methods on all
# Microagents, EXCEPT
# - all ACTION methods on the Custom microagent on all nodes.
# - all ACTION methods on the Repository microagent on all nodes.
# - all ACTION methods on the RuleBase microagent on all nodes.
#
# Grant "user3" point-to-point and network access to all methods on all
# Microagents on all nodes, EXCEPT
# - network access to all ACTION methods on the RuleBase microagent.
#
# Grant "user4" full access to all methods on all microagents on nodeB.
#
# Grant "user5" point-to-point access to all INFO methods on all microagents
# on all nodes.
#
#
# Wildcard characters + and * usage:
#
# - Use + in node access for allowing access to group operations.
# - Use * in node access for allowing access to point-to-point invocations.
# - Use + in method access for allowing access to all INFO and ACTION methods.
# - Use * in method access for allowing access to all INFO methods only.
#
#
# File format:
#
# user node microagent method
# access access access
# & & &
# restrictions restrictions restrictions
#
user1 *
!user1 * COM.TIBCO.hawk.microagent.Custom +
!user1 * COM.TIBCO.hawk.microagent.Repository addRuleBase
!user1 * COM.TIBCO.hawk.microagent.Repository updateRuleBase
!user1 * COM.TIBCO.hawk.microagent.Repository deleteRuleBase
!user1 * COM.TIBCO.hawk.microagent.Repository setSchedules
!user1 * COM.TIBCO.hawk.microagent.Repository setRBMap
!user1 nodeA COM.TIBCO.hawk.microagent.RuleBaseEngine addRuleBase
!user1 nodeA COM.TIBCO.hawk.microagent.RuleBaseEngine updateRuleBase
!user1 nodeA COM.TIBCO.hawk.microagent.RuleBaseEngine deleteRuleBase
!user1 nodeA COM.TIBCO.hawk.microagent.RuleBaseEngine loadRuleBase
!user1 nodeA COM.TIBCO.hawk.microagent.RuleBaseEngine unloadRuleBase
!user1 nodeA COM.TIBCO.hawk.microagent.RuleBaseEngine loadRuleBaseFromFile
!user1 nodeA COM.TIBCO.hawk.microagent.RuleBaseEngine setSchedules
!user1 nodeA COM.TIBCO.hawk.microagent.RuleBaseEngine setRBMap
 
user2 + * +
!user2 * COM.TIBCO.hawk.microagent.Custom +
!user2 * COM.TIBCO.hawk.microagent.Repository +
!user2 * COM.TIBCO.hawk.microagent.RuleBaseEngine +
 
user3
!user3 + COM.TIBCO.hawk.microagent.RuleBaseEngine +
 
user4 nodeB
 
user5 * * *
 
#
# To activate logging, uncomment the following:
# <LogService> -log_dir logDir -log_max_size size -log_max_num n
#
# where: logDir is the directory where the log file is stored
# size is the maximum size of a rotating log file in KB.
# A suffix m or M can be used for indicating MB .
# n is the maximum number of rotating log files.
­Running with a localhost rvd
As a further precaution, AMI applications are required to specify localhost as part of the TIBCO Rendezvous daemon parameter in order to prevent remote connections to its rvd daemon. Instructions to do this for UNIX and Microsoft Windows platforms are given below.
UNIX Procedure
1.
Add a command to start the localhost rvd prior to starting any TIBCO Hawk processes, as follows:
rvd -listen tcp:127.0.0.1:<daemon>
2.
Modify hawkagent.cfg and hawkhma.cfg and, in the -rvd_session parameter, specify the following:
tcp:127.0.0.1:<daemon>
Microsoft Windows Procedure
Use rvntsreg.exe to install a localhost rvd as a Microsoft Windows service.
1.
Create an rvd service using rvntsreg.exe. Use the following parameters:
-listen tcp:127.0.0.1:<daemon>
2.
3.
tcp:127.0.0.1:<daemon>

Copyright © TIBCO Software Inc. All Rights Reserved
Copyright © TIBCO Software Inc. All Rights Reserved