Installation and Configuration
After you have installed TIBCO MFT Platform Server for UNIX, you must configure security-related parameters mentioned in the following sections based on your requirements:
config.txt
Parameters
There are a variety of config.txt parameters that affect security mentioned in the following sections. For a detailed description of these parameters, see the "Configuration Parameters" in TIBCO® Managed File Transfer Platform Server for UNIX Installation and Operation Guide.
config.txt
Security Parameters
Parameter | Description |
---|---|
SecurityPolicy
|
Defines the security policy for the Platform Server started task. You can configure the following values:
|
ClientVerification
|
For TLS/SSL transfer, client certificates are required. |
AllowRoot
|
Defines whether responder transfers can run under root. You can configure the following values:
|
PamAuth
|
Defines whether PAM authentication is used. Support for root installations only. |
SemaphoreMaxWaitTime
|
Defines how long CyberMgr waits to complete. You may need to raise this value on high volume systems if you find that audit records (log.txt) are not being written.
|
RpcSynchIntervalHA
|
Defines the time range between the RPC client and RPC server that is honored. HA requires that the time is synchronized on RPC clients and RPC servers. If the times are not synchronized, you may need to increase the sync interval. This parameter is only needed when running in HA. |
SSLEnabledProtocols
|
Defines the SSL/TLS protocols that are used. This parameter is defined in both the SERVER and CLIENT sections of the config.txt file.
|
Ciphers
|
Defines the SSL/TLS ciphers that are used. This parameter is defined in both the SERVER and CLIENT sections of the config.txt file.
|
Umask_Default
|
Defines the UNIX umask applied to the newly created files on the server. This is used for responder transfers only. |
Uperm_Default
|
Defines the UNIX permissions set for newly created files on the server. This is used for responder transfers only. |
CheckCRL
|
Defines whether CRL is checked for SSL/TLS transfers. |
CAPath
|
Defines the path where the CRL checking looks for the hashed file names. |
AccessControlConfig
|
Defines the fully qualified path of the Access Control Config files. |
AliasConfig
|
Defines the fully qualified path of the Alias Config files. |
RunCyberRespAsNonRoot
|
Defines whether you can run the CyberResp daemon as a non-root user. |
Responder Profile Password Rule Parameters
These parameters define the rules used when responder profiles are created. These rules apply to responder passwords created by the cfrprofile utility or through Command Center.
-
PasswordRuleChecking
-
PasswordRequireUpperAndLower
-
PasswordMinLength
-
PasswordMinUnique
-
PasswordMinNumber
-
PasswordMinSpecial
Parse Commands
These parameters define how an argument should be parsed. For a detailed description of these parameters, see the "Common Configuration Parameters" in TIBCO® Managed File Transfer Platform Server for UNIX User's Guide.
-
protect_cctransfer
-
protect_cfdir
-
protect_fusutil
-
protect_receivedir
-
protect_rcmd
-
protect_ppa
-
protect_cfgpostproc
-
rejectcmdcharacters
Communication Parameters
These parameters allow you to set the Adapter IP address that Platform Server uses when establishing TCP connections. You can set different Adapter IP address parameters for IPv4 and IPv6 and for Listen(Responder) and Connect(Initiator).
-
ListenAdapterIP
-
ListenAdapterIPv6
-
ConnectAdapterIP
-
ConnectAdapterIPv6
Group Class Checking Parameters
Parameter | Description |
---|---|
AdminGroup
|
Defines users that can create node definitions, user profiles, and responder profiles. Users can also inquire on completed transfers executed by any user. |
BrowseGroup
|
Defines users that can inquire on completed transfers executed by any user. |
TransferGroup
|
Defines users that can execute transfers initiated by Command Center. |
StrictGroupChecking
|
Defines users that are granted rights assigned by membership in the group, if a group is not defined. This parameter defines whether requests should be denied if the group is not defined. |
Miscellaneous Parameters
Parameter | Description |
---|---|
RequiredNodeDefinition
|
Allows you to require pre-defined nodes for initiator and responder requests. This parameter is defined in two places:
|
ResponderProfile
|
Sets the default that defines whether responder profiles are required. This parameter can be overridden by node definitions. |
AcceptVerifiedUser
|
We suggest using the default value of No . |
Node Parameters
There are a variety of node parameters that affect security. For a more detailed description of these parameters, see the "Transfer Using Nodes" section in TIBCO® Managed File Transfer Platform Server for UNIX Installation and Operation Guide.
Security Parameters
Parameter | Description |
---|---|
SecurityPolicy
|
Allows you to override the |
ResponderProfile
|
Overrides the |
AcceptVerifiedUser
|
We suggest using the default value of No . |
Encrypt
|
Defines the default encryption for initiator transfers with this node. |
CommandSupport
|
Defines whether requests from this IP Address supports Command Center functions. |
TLS
|
Defines whether communication to this node should be through TLS or Tunnel communication. |