APM Tech Tip -- The Missing Manual Part 4: Tim Monitoring 3 (Miscellaneous)

Discussion created by Hallett_German Employee on Jun 26, 2016

Previous Articles:
https://communities.ca.com/message/241870019  -- Part 1
https://communities.ca.com/message/241876573  -- Part 2
https://communities.ca.com/message/241882115  -- Part 3


This is the last in a series on TIM add-ons and tools. This month we look at the miscellaneous TIM Add-on utilities . I thank Joerg Mertin for his updates on these tools . I hope this series on this previously underdocumented area were helpful.



Miscellaneous tools


1. APM OS root-password recovery fieldpack

This utility is useful for APM TIM appliances up to 9.5 and for MTPs (no release information provided.) It requires a web-based installer interface to use. This is a temporary workaround for those customers that may have forgotten or misplaced the root password. (Stuff like this happens. Be glad there was a workaround.)

What  this does is add a rescue account (caddadmin) with a standard password. After installation,, simply log into caadmin using puttty/ssh  Afterwards, this is removed due to security concerns.


2. CEM SNMP Monitoring Fieldpack (CEM@Logssnmp)

In the past, monitoring everything with SNMP was important. (Although it is still heavily used by some customers today.) So with this fieldpack and using SNMP, the health of the TIM can be monitored. This includes


- Application monitoring
- Hard disk space monitoring
- System load monitoring
- Authentication failure monitoring


It can be configured to send out traps for all TIM events. There is also read-only SNMP Polling capability.

Note that the Monit and TIM Field Packs are more powerful and flexible than the above field pack. (These were previously discussed.)


3.  TESSDocs

Sometime back, I used to create more Tech Docs than I do now. (Some of the long KDs that I create now could be transformed to Tech Docs.) A list of most of them can be found at  https://communities.ca.com/docs/DOC-18610776


Joerg created a rpm file that included the various Tech Tips PDFs that both of us of created. Once installed, you could then access them on your TIM menu. These were updated from time to time.


4 . TIM Hardening scripts


While the TIM software/hardware in 9.0-9.6 was already hardened, some customers wanted it even more restricted. (In APM 9.6 onward, the customer is responsible for the operating system and related hardening. See https://communities.ca.com/message/241696644 for details.)


So a hardening script for RHEL 5 update 11 and RHEL 6 update 5.6 and later for APM 9.1.-9.7 was provided on request. Note that the hardening script does a minimum installation of the software and the hardening script can be configured as to what to harden.. This is the standard approach used for hardening.


Joerg created in 2011 a detailed PDF that explains what is taking place during this hardening process. It includes step by step hardening including
- User access
- System startup
- Limit services to start
- Root remote password denial & password security
- Security fixes
- Sendmail hardening
- Directory hardening and more


This provides a thorough methodology that could be used to harden an APM 10.x TIM


That is it on this topic. Next month I will be back with another Tech Tip. Until then, stay cool and have some fun.