Summary of Security Recommendations
Security > Summary of Security Recommendations
One Identity recommends that you implement the following to secure the data used by Management Console for Unix:
- When authenticating Active Directory users for access to Management Console for Unix make sure that the server is installed on a machine that is joined to the Active Directory forest you wish to manage.
- Install an SSL/TLS key pair and certificate that is signed by a Certification Authority that will be trusted by all users' browsers.
- Directly import SSH host keys using a known_hosts file, or the Import SSH Host Key toolbar command; or manually verify the fingerprints by disabling the Automatically accept SSH keys option when profiling.
- Configure a local firewall to restrict remote access to the database port (Default port is 9001).
To help you troubleshoot, One Identity recommends the following resolutions to some of the common problems you might encounter as you deploy and use Management Console for Unix.
Note: Simply re-profiling a host can resolve issues caused when the host is out of sync with the server.
Auto profiling issues
The following topics may help you resolve some problems related to Auto Profiling.
Auto profiling takes a long time
If auto-profiling multiple hosts does not complete within a reasonable amount of time and the host is configured for multiple consoles, make sure each console address is valid and available.
To validate the console addresses
On the unresponsive host, open the <Service Account Home Dir>/.quest_autoprofile/notify.rc configuration file.
Remove the entry for the unresponsive server.
Note: If the host continues to be unresponsive, here are some other things you can try:
- Verify the network connection.
- Verify the console address is correct in Settings | System Settings | General | Console information.
If this has changed, re-configure the host for auto-profile.
- Check the firewall settings. Make sure the non-SSL port is not blocked for incoming traffic on the host that has the Management Console for Unix software installation.
The default is 9080.
Note: If you have customized your HTTP or SSL/TLS ports, see Customizing HTTP and SSL/TLS ports for more information.
There could be any number of things that would prevent the host from communicating with the console.