1820488 Members
2081 Online
109624 Solutions
New Discussion юеВ

Any comment on CA eTrust

 
SOLVED
Go to solution
Mad_1
Regular Advisor

Any comment on CA eTrust

I found a few posts here about eTrust that may have some problem running on HP-UX.

I would like to seek advise and comment on CA eTrust products (e.g. Access Control, Vulnerability Manger, etc) running on HP-UX 11.0.

Thanks
4 REPLIES 4
Michael Tully
Honored Contributor

Re: Any comment on CA eTrust

DON'T install it. It will basically take over the password security of your system. Apparently it places some tenticles into your kernel. Is there a product that this is part of that you are being asked to install?
Anyone for a Mutiny ?
John Payne_2
Honored Contributor
Solution

Re: Any comment on CA eTrust

We are running the Access Control, Firewall, and Policy Compliance pieces of eTrust quite extensively here. (50 HPUX machines, 30 Solaris/AIX, 35 RHAS 2.1) We are not yet running Vulnerability Manager as we have not yet had time to do the investigation work on it.

Access Control does more than just the password security for the system, (and doesn't have to do password aging if you don't want it to.) It has a 'tripwire' type function where it will block execution of a script if the script changes. (Like a suid script that has changed...) You can do root (and other privledged) user provisioning. (Similar to sudo.) They also have a 'su' function which allows you to grant privledged user access without giving out the password. Access Control runs very well on HPUX. The just released eAC 5.3 works very well. (We installed pre-release.) It doesn't hook into the kernel as deep as older versions did.

Policy Compliance works very well on an OS. It runs as an agent on your HPUX machine. It looks at things like file permissions, network permissions, user settings, etc. I hear that Policy Campliance and Vulnerability Manager are merging in to the same product eventually. If you have no idea what kinds of files and permissions are on your system, and don't have the time to sit and write scripts, then policy compliance will quickly show you where the problems are.

We have had some issues with the Firewall product, but many of them have been resolved. I don't have much to say about the Firewall product past saying it's a host based firewall. (A firewall is a firewall. Not much else to say, really.) The Administration GUI for the Firewall product is very nice to have, however. You can administer all host firewall from the same place, and it is very easy to create rules, view the traffic, view what is being blocked by the filewall, etc. It also has a nice report feature allowing you to run reports on traffic or denial history...

I would encourage you to either get training or professional services for the Access Control product before installing and implementing. You do not want to proceed without understanding what you are doing.

Did you have any more specific questions?

Hope it helps

John
Spoon!!!!
Mad_1
Regular Advisor

Re: Any comment on CA eTrust

Thanks.

About the 'su' function, is it look like the RSAM in HP-UX (no RSAM similar function in AIX).

I have heard that the eTrust has performance problem in HP-UX, is it resource demanding?

Besides password security and grant users privilege, any other features which Access Control is good at. Can it used as centralized password change of user account?
John Payne_2
Honored Contributor

Re: Any comment on CA eTrust

Hello again.

We are using Access Control for our password policies / aging / syncronizing. (I change my password on one machine, it gets changed on all other Unix/Linux machines.

We did see some performance issues on our very busy web servers, but there were some settings we changed in Access Control to do some tuning, and the performance issues went away. (Like a year ago...)

We use it to protect files (like suid) on the systems also.

Hope it helps

John
Spoon!!!!