psshHMCsecuritywp040604.doc Page 1 of 20
IBM ~ pSeries
Hardware Management Console Security
White Paper
Minh Nguyen
Ron Barker
psshHMCsecuritywp040804.doc Page 2 of 20
Introduction
The pSeries® Hardware Management Console (HMC) was introduced in 2001 at the same time as the
POWER4™ family of AIX 5L™ servers. It consists of a 32-bit Intel® processor-based computer running a
modified Linux operating system. The primary function of the HMC is to run a graphical user interface
based on Java™ that provides management tools for controlling one or more POWER4 servers and
associated logical partitions (LPARs). This white paper describes what IBM has done to protect the HMC
from unauthorized access or exploitation in a networked environment.
As shipped by IBM, the HMC is a special-purpose system to be used for server and partition management
only. It does not run other Linux applications. Most of the native Linux interfaces are hidden from users,
so no Linux skills are required to operate or manage the HMC. To prevent interference with system
function, only IBM approved software may be installed on the HMC.
For the remainder of this white paper, we will reference HMC Recovery Software for pSeries Release 3
Version 2.6 and describe its security features.
psshHMCsecuritywp040804.doc Page 3 of 20
The Role of the HMC
The HMC provides tools for managing complex system topologies, including static and dynamic logical
partitions, clusters of virtual servers and the pSeries High Performance Switch. Its main application is the
graphical user interface, the Web-based System Manager Remote Client. Although the menus differ from
those found in AIX 5L, the common interface makes it easier for a System Administrator to manage both
AIX 5L and HMC environments.
The HMC management functions include:
• Base platform management (power controls, modes of operation)
• LPAR management
• Virtual Terminal for AIX 5L
• Base High Performance Switch Network Management
• Capacity Upgrade on Demand (CUoD) information display, license entry and notifications
• Platform hardware/firmware service event consolidation
• Platform hardware/firmware inventory consolidation
• Platform firmware installation/upgrade
• Platform data capture for engineering/manufacturing/field problem determination
• Tools to perform or coordinate platform hardware service activities
• Support functions for the console itself (problem determination, code updates, backup/restore,
configuration tools, security, etc.)
• Remote user and program access to these management applications
• Common Information Model (CIM) repository and data base
The applications used to manage the HMC are depicted by icons seen in the navigation area on the left side
of the screen in the illustration below. The tree structure allows the user to select the specific task that
needs to be accomplished. In this illustration, the icon labeled DYN352030BLD is a POWER4 server
controlled by this HMC.
psshHMCsecuritywp040804.doc Page 4 of 20
Figure 1 - The pSeries Hardware Management Console graphical user interface main menu.
psshHMCsecuritywp040804.doc Page 5 of 20
Configuration Settings and HMC Customization
Many applications and services that typically would be found on a standard Linux installation have been
removed from the HMC. The following services are disabled on the HMC:
�� telnet
�� wu-ftp
�� rexec
�� chargen
�� chargen-udp
�� daytime
�� daytime-udp
�� echo
�� echo-udp
�� rlogin
�� time
�� time-udp
�� NFS
�� NIS
�� identd
�� routed
�� snmpd
�� portmap
�� ntpd
�� sendmail
�� OpenSSH (optionally this can be enabled to allow remote command execution)
The following services are enabled on the HMC:
�� Apache: This server is required to allow distribution of the Web-based System Manager Remote
Client. Access to the directories known to the server is password protected. The Apache server can be
turned off by using the following command:
chhmc –c http –s disable
�� X11: This server is required to allow the Web-based System Manager Remote Client to run at the local
console. It is protected by xhost -, which prevents X window sessions from being opened on the HMC
by a malicious user in a denial of service attack.
�� No .rhosts files exist on the HMC.
File permission settings of 640 on the HMC, with root ownership:
�� All files under /etc/xinetd.d and /etc/xinetd.conf
�� /etc/hosts.allow and /etc/hosts.deny
�� /etc/login.defs
�� /etc/aliases
File permission settings of 600 on the HMC, with root ownership:
�� /etc/lilo.conf , /etc/shadow, etc/gshadow
psshHMCsecuritywp040804.doc Page 6 of 20
HMC User Management and Access Control
Users on the HMC may have one of six different roles that allow them to perform certain functions. These
roles inherently limit what users can do. The six roles are:
�� System Administrator
�� Advanced Operator
�� Service Representative
�� Operator
�� User Administrator
�� Viewer
Refer to the IBM Hardware Management Console for pSeries Installation and Operations Guide, SA38-
0590, for a detailed description of the tasks that each role may perform.
Although Linux on the HMC has the traditional root userid, it is almost never used. In its place, hscroot is
the default userid with System Administrator authority. It is used for nearly all systems administration
functions. For audit control, it is advisable to assign individual userids with the role of System
Administrator. This lets Systems Administrators perform any task that hscroot can perform, but allows the
system to keep track of which user performed the action. The console events log tracks changes in logical
partitions and profiles, movement of resources between partitions and other administrative actions,
including both successful and failed login attempts.
The root userid is only used in a few instances. One is file system recovery following power failure or an
ungraceful shutdown. Another instance would be when an IBM Service Support Representative needs to
perform problem determination on the HMC. A root user may not login directly to the HMC. A Pluggable
Authentication Module (PAM) has been configured to block root login both at the console and from a
remote client (assuming remote SSH access has been enabled). Furthermore, access to root via the su
command is restricted to users with the System Administrator and Service Support Representative role.
Users with other roles cannot su to become root, even if they know root’s password.
When the HMC boots, it brings up a login menu from which a user may sign on to the Web-based System
Manager Remote Client, the normal interface on the console. For problem determination reasons, a
command line login can be obtained at the console by entering the key sequence <CTRL><ALT>F1. All
but one of the mingetty virtual consoles normally found in Linux have been removed from /etc/inittab, thus
allowing only a single command line login prompt at the HMC console. To return to the graphical
interface, enter the key sequence <CTRL><ALT>F2.
New accounts can be created on the HMC by users with System Administrator or User Administrator roles.
The six pre-defined roles on the HMC correlate to pre-defined user groups:
�� HSC_Sys_Prog: The System Administrator users have un-restricted authority to access and
modify most of the HMC System.
�� HSC_Admin: The User Administrator users have authority to create users on the HMC System,
including System Administrator users.
�� HSC_Serv_Rep: The Service Representative users have access to most of the Service applications
on the HMC System.
�� HSC_Adv_Operator: Advanced Operator
�� HSC_Operator: Operator
�� HSC_Viewer: The Viewer user has the lowest privileges in the HMC System.
psshHMCsecuritywp040804.doc Page 7 of 20
There are two user names that are reserved by the system:
�� HSCROOT: This is the logical root user on the HMC. It is created on the HMC with a default
password, abc123. Clients need to change it immediately when they install the HMC. This is done
using the User Management application from the HMC console, or by using the chhmcusr
command. Removing this user will render the HMC unusable. This user has the System
Administrator role.
�� HSCPE: This is a special userid created at the client’s discretion for IBM Service Support
Representative. With this userid, IBM support may use SSH to remotely login to an HMC and get
to an un-restricted shell. Root access still requires the root password, which is controlled by the
client.
psshHMCsecuritywp040804.doc Page 8 of 20
Password Length and Expiration Policies
The HMC was originally released with no password length or expiration policy settings. It was left to the
clients to implement and enforce their own password policies. As of HMC Recovery Software for pSeries
Release 3 Version 2.6, the following are the default password policies. They are contained in the
/etc/login.defs file.
�� Default maximum number of days a password can be used is set to 180.
�� Default minimum acceptable password length is set to 7
�� All users on the HMC, except root and hscroot, are subject to password aging.
The commands chhmcusr and mkhmcusr have arguments to allow setting the maximum number of days a
password may be used. The User Management application can also be used to set the password expiration
value, as shown below:
Figure 2 - Setting password expiration in R3V2.6
To use chhmcusr to change the number of days until a user’s password expires, specify the pwage attribute
as follows:
chhmcusr –t pwage –v 90 –u john
From the first release of the HMC, the passwords on the HMC are shadowed, with /etc/shadow and
/etc/gshadow files’ permissions set to 600, and owned by root.
psshHMCsecuritywp040804.doc Page 9 of 20
Auditing Capabilities on the HMC
A secure system also requires strong auditing capabilities. This section describes some of the
logging/auditing functions on the HMC.
Most tasks performed on the HMC (either locally or remotely) are logged in a file iqyylog.log. These
entries can be viewed by using the View Console Events task, under the HMC Management—System
Configuration application or by using the command lssvcevents command. A log entry contains the
timestamp, the user name and the task being performed. When a user logs in to the HMC locally or from a
remote client, entries are also logged in this file. For remote login, the client hostname or IP address is also
logged. For example:
lssvcevents -t console
Earliest Timestamp Description
10/16/03 07:27:51 PM HSCE2175 User hscroot login failed from
remote host abcd.xyz.com with IP address 9.99.999.9999
Standard log entries that come from syslogd can be also be viewed on the HMC by viewing the file
/var/hsc/log/secure. This file can be read by users with System Administrator role, and is under logrotate
control. A valid user can simply use the cat or more command to view the file. A user with the System
Administrator role could also use the scp command to securely copy the file to another system.
For clients who wish to route syslogd entries to another remote system, the chhmc command can be used to
change /etc/syslog.conf file on the HMC to specify a system to remotely log to. For example, the following
command line will cause syslog entries to be sent to the hostname myremotesys.company.com:
chhmc –c syslog –s add –h myremotesys.company.com
The System Administrator needs to make sure that the syslogd daemon running on
myremotesys.company.com is setup to receive message from the network. On most Linux systems, this can
be done by adding the –r option to the SYSLOGD_OPTIONS in file /etc/sysconfig/syslog.
In AIX 5L, the /etc/syslog.conf file would be edited by uncommenting the appropriate lines at the bottom
of the file, such as:
*.debug /tmp/syslog.out rotate size 100k files 4
*.crit /dev/console
Then the System Administrator would enter:
# touch /tmp/syslog.out
# refresh –s syslogd.
psshHMCsecuritywp040804.doc Page 10 of 20
Restricted Shell on the HMC
The HMC provides a rich set of commands that encompass most of the tasks found in the graphical user
interface. We choose to use SSH as a means to run these commands because it provides a secure way to
perform remote command execution. However, by itself, SSH would provide an authenticated user full
access to the shell. To protect the HMC from users trying to gain higher privileges by some means of
exploiting the system, we are enforcing a restricted shell when remotely connecting to the HMC via SSH.
In the restricted shell environment, users will only have access to a small subset of Linux commands, along
with all the HMC commands. Users will not be able to use the cd command, nor can they use re-direction.
Because the full list of HMC commands is already described in various IBM publications, such as the
Hardware Management Console for pSeries Installation and Operations Guide (SA38-0590) and Effective
System Management Using the IBM Hardware Management Console for pSeries (SG24-7038), we will
only reference a few commands in this paper that are security related.
�� MKAUTHKEYS: This command updates the caller’s authorized_keys2 file under the $HOME/.ssh/
directory with a given DSA or RSA key generated from a client. Typically, on Linux and UNIX®
systems, the key can be generated using the ssh-keygen command. With the setup of the key in
this file, a user can run HMC commands from a script without having to enter a password or
passphrase.
�� MKHMCUSR: This command creates a user on the HMC.
�� CHHMCUSR: This command changes the properties of an HMC user. This command must be used
to change the hscroot’s password. Using a Linux command to change the password will render the
HMC unusable, because hscroot’s password is encrypted and safely saved away for
communicating with various subsystems running on the HMC.
�� RMHMCUSR: This command removes a user on the HMC. Root and hscroot users cannot be
removed using this command.
�� LSHMCUSR: This command lists users on the HMC
�� CHHMC: This command changes subsystems and network settings on the HMC, such as SSH,
WebSM, syslog, http and network settings.
�� LSHMC: This command displays various HMC’s configuration settings, version and Vital Product
Data.
�� LSSVCEVENTS: This command displays console events entries.
�� HMCSHUTDOWN: This command can be used from a remote client to shut down or reboot the
HMC. This command notifies the service processor on the managed server that it is gracefully
going away. If this command is not used, the service processor will attempt to generate an error to
indicate unexpected loss of communication with the HMC.
�� UPDHMC: This command performs software updates on the HMC. Software can be installed from
a remote ftp server or locally from the DVD-RAM drive on the HMC.
psshHMCsecuritywp040804.doc Page 11 of 20
Securing Access to the HMC
A. Physical Security
Physical security of the HMC is primarily the client’s responsibility. Obviously, it should be located in a
secure room if at all possible. Usually, because of its proximity to the servers it manages, this is in a data
center. However, there are features in the HMC that can provide additional physical protection. These
functions are mainly provided as part of the BIOS in the Intel processor-based PC:
• Change the startup device settings in BIOS to prevent the use of a Linux Recovery CD/diskette to
get to single-user mode.
• Power-on password can be set in BIOS to prevent unauthorized changes to BIOS settings.
• Unattended start mode can be set in BIOS to allow the HMC to reboot without the power-on
password following restoration of power after an unplanned outage. However, the keyboard and
mouse at the local console will remain locked until the power-on password is entered.
B. Network Security
The HMC is required to be on a network in order to implement dynamic logical partitioning, collecting
serviceable events and managing the HMC from remote clients.
The different versions of the Web-based System Manager Remote Client code (Windows® 2000 or later,
Linux operating system-based version) reside on the HMC and are downloadable via http port 80. To
download the client package from the HMC, the user is required to enter a valid HMC userid and password.
Once the Web-based System Manager Remote Client package has been installed, the user can connect to
the HMC by typing:
• WSM <HMC HOSTNAME> If the user is on a remote Linux system, or
• Double click on the Web-based System Manager Remote Client icon on the Windows desktop.
A login dialog is then displayed to prompt the user for an id and password.
A secure Web-based System Manager Remote Client connection is possible using Secure Socket Layer
(SSL) code which is also available on the HMC via http. The SSL protocol provides server authentication,
data encryption and data integrity. The HMC itself can be configured to require all clients to connect via
SSL, or to give clients the option of connecting via SSL. The former option is more secure. The HMC
Security Manager application, which can only be accessed by a System Administrator-empowered user
from the HMC console, controls these options. Refer to Chapter 10 System Manager Security in Hardware
Management Console for pSeries Installation and Operations Guide, SA38-0590, or Chapter 7 in the IBM
Redbook Effective System Management Using the IBM Hardware Management Console for pSeries, SG24-
7038.
The server is authenticated using public key cryptography with the RSA algorithm. The user on the client
is then authenticated to the server by his login password. The user name and password are sent encrypted
over the SSL socket. The SSL protocol protects against changes or substitutions to any data transmissions
between the server and client machines. All data transmissions between the server and client machines are
encrypted by the SSL protocol using the RSA RC4 algorithm.
On the HMC, a Web-based System Manager server runs under xinetd control, and listens on port 9090.
When the Web-based System Manager Remote Client connects to the HMC, the Web-based System
Manager server first authenticates the userid and password. Once the authentication is completed, an
instance of a the Web-based System Manager Remote Client running a separate Java Virtual Machine will
psshHMCsecuritywp040804.doc Page 12 of 20
be created. A pair of ports in the range of 30000 and 30009 are used as the communications channel
between this Web-based System Manager server and the Web-based System Manager Remote Client.
Clients who choose not to use the remote management function can disable the Web-based System
Manager Remote Client and Apache servers by using the command chhmc. For example:
The following command disables all remote Web-based System Manager Remote Client connections to the
HMC:
chhmc –c websm –s disable
The following command disables the HTTP service on the HMC:
chhmc –c http –s disable
psshHMCsecuritywp040804.doc Page 13 of 20
Resource Monitoring and Control
The Resource Monitoring and Control subsystem (RMC) is based on IBM’s Reliable, Scalable Cluster
Technology (RSCT). It is installed and used on the HMC for establishing a trusted communication channel
between the HMC and the partitions on the managed server to perform tasks such as:
• Dynamic allocation of hardware resources on the partitions
• Graceful shutdown of the AIX 5L operating systems running on the partitions
• Propagate hardware error log entries from the AIX 5L partitions to the HMC to provide a single
focal point for error collection
RMC uses port 657 for HMC-to-partition communication. Initially, the TCP protocol was used, but in
recent releases of AIX 5L and HMC code, the connectionless User Datagram Protocol (UDP) has been
implemented. RMC employs access control lists to authenticate communication between the partitions and
the HMC. The authentication is established during configuration steps on the HMC that use the serial
network. Thus, when transmitting messages over port 657, the HMC and the partition can be sure with
whom they are communicating.
psshHMCsecuritywp040804.doc Page 14 of 20
CIM and Cluster System Management
The HMC uses Open CIMOM (Common Information Model Object Manager) to model the hardware
resources of the pSeries server. It is therefore CIM compliant and can provide information about its CIM
objects to remote CIM clients. A CIM server runs on the HMC and listens on port 5988 for remote CIM
requests. Only requests that supply a valid userid and password on the HMC are honored. The Cluster
System Management (CSM) managing server uses this facility on the HMC to perform various hardware
control functions such as power on/off of partitions or servers in an IBM ~® Cluster 1600
environment. The same SSL protocol used by the Web-based System Manager Remote Client and server
can be used to secure the communication between CIM clients and the HMC.
psshHMCsecuritywp040804.doc Page 15 of 20
Network Scan on the HMC
The table below provides the list of open ports on the HMC, and the available security features associated
with each port.
Port/Protocol Application Security
657/tcp RMC Keys exchange
657/udp RMC Keys exchange
9090/tcp WebSM SSL
30000-30009/tcp WebSM SSL
1198, 1199/tcp Service Agent Can be disabled
9735/tcp Virtual Terminal Server Can be disabled
80/tcp Web Server (HTTP) Require valid user id and
password
443/tcp Web Server (HTTPS) SSL
22/tcp Open SSH 3DES, Blowfish, etc..
5988/tcp CIM Server SSL
9198/tcp CIM Server Indication SSL
6000/tcp X11 XHOST -
Figure 3 - Open UDP and TCP ports as seen by a network scan.
NOTE: Some ports only allow incoming request from the local HMC only. Requests coming from outside
the HMC will be immediately rejected.
It is not uncommon for a security department to run a network scan against the HMC and obtain ambiguous
or misleading results. This has led to a number of false alerts. Therefore, you should be aware of how to
determine whether such an alert is genuine or not.
As our example, the table on the next page shows a report from a network scanning tool run against an
HMC at IP address x.xx.xxx.xx
psshHMCsecuritywp040804.doc Page 16 of 20
Host: x.xx.xxx.xx
• [attention] [SSH/22/TCP] Server version `Protocol 1.99; Server
OpenSSH_3.4p1' is known to contain vulnerabilities. More...
OpenSSH Buffer Management Error
CVE#:
CAN-2003-0693
CAN-2003-0695
Summary: There are two buffer "management errors" OpenSSH.
Details: The two errors are caused when a buffer is allocated for a large packet. Clearing the
buffer makes an "improperly sized chunk" of memory be overwritten with zeros. A heap
corruption can arise from this, causing a denial of service or potentially allow malicious users
to execute arbitrary commands. Such commands could be executed with privileges of the user
running the sshd process, which is most often root. Systems using privilege separation in
OpenSSH may not be impacted greatly by the vulnerability.
Fix: This vulnerability is resolved with OpenSSH 3.7.1. It is always best to upgrade to the
latest version. Patches are also available for this issue. Patched systems may still be detected
as vulnerable by security scanners, but are not really vulnerable.
References:
OpenSSH
OpenSSH Security Advisory: buffer.adv
MandrakeSoft Security Advisory MDKSA-2003:090
NetBSD Security Advisory 2003-012
OpenPKG Security Advisory OpenPKG-SA-2003.040
Red Hat Security Advisory RHSA-2003:279-17
Red Hat Security Advisory RHSA-2003:280-06
Sun Alert Notification 56861
SUSE LINUX Security Announcement SuSE-SA:2003:038
SUSE LINUX Security Announcement SuSE-SA:2003:039
The report specifically mentions that the fix for OpenSSH is in version 3.7.1, which could cause concern to
an HMC Administrator who knows that his current version of OpenSSH is 3.1p1-14.
Because this version of HMC code uses the OpenSSH package from Red Hat 7.2, the HMC Administrator
should visit the Red Hat, Inc. Web site: https://rhn.redhat.com/errata/rh72-errata-security.html. This
reveals that the OpenSSH referenced by RHSA-2003:279-17 is indeed fixed with package openssh-3.1p1-
14, which is on the HMC; and that RHSA-2003:280-06 refers to the OpenSSH for Red Hat Enterprise
Linux, which is not the Linux version used by HMC.
NOTE: The Red Hat, Inc. site is still accessible, so the example is still valid for the time being.
With this information, one can conclude that Red Hat, Inc. backports the patches to some version of
OpenSSH that it has, instead of incrementing the version number for each security fix. The alerts thus need
to be checked to make sure that they point to a genuine vulnerability.
psshHMCsecuritywp040804.doc Page 17 of 20
Distribution of Fixes on HMC
Since its introduction, the HMC has maintained a version naming convention of Release Version
Maintenance (RVM). This is different from the Version Release Maintenance Fix (VRMF) convention
used in software products such as AIX 5L. The release number is incremented when a major change in the
base HMC operating system occurs, requiring a major update of all packages in the HMC. The version
number is incremented when there are enhancements to the management software, and the maintenance
number is increased when a Corrective Service (Maintenance) package is released. The fix number is not
used on the HMC.
As mentioned earlier, because the HMC serves specific management purposes, only IBM approved
software can be installed on it. When Red Hat, Inc. releases security fixes, IBM tests them to ensure that
they do not inadvertently affect the behavior of other subsystems running on the HMC. Once fixes are
tested, there are a number of ways to distribute them to clients.
A. Security Fixes
Security fixes are only released on the Web at:
http://techsupport.services.ibm.com/server/hmc.
These fixes may contain more than one package from IBM or Red Hat, Inc., and they will stay on the Web
site only until the next Corrective Service from HMC is released. Then they will become part of the
Corrective Service package. Use the Install Corrective Service task from the graphical user interface to
install security fixes. Or you can use the updhmc command. The command lshmc can be used to show the
security fixes installed on the HMC. The WebSM user can also view this information by selecting the
About Hardware Management Console task under the Help menu at the local console. Clients have the
option of subscribing to technical bulletin alerts from the same Web site. They will then receive mail when
security and corrective fixes are available.
B. Corrective Service
Corrective Service packages are cumulative updates. They allow clients at any version level of a particular
HMC release to apply the code and update the HMC to the current Corrective Service level. Corrective
Service packages are also available on the same Web site where security fixes are published. In addition, a
Corrective Service CD can be ordered via IBM Software Distribution, by using an APAR number
associated with each Corrective Service package. Installation of the Corrective Service package is similar
to that of the security fixes.
C. Emergency Fixes
Some fixes are not cumulative, but because of the nature of the problem, need to be posted on the Web site.
They have associated APAR number, so that a CD can be ordered. Installation of the Emergency fixes is
similar to that of the security fixes.
D. Upgrade
Each time a Corrective Service package is released that supports new HMC hardware, a Recovery CD is
made available to facilitate software pre-load at manufacturing. This CD can be ordered by clients by
referring to an IBM Part Number, and used for upgrading the HMC to this new level of code. To perform
an upgrade with a new HMC Recovery CD, users must first perform a Save Upgrade Data. This task will
allow the existing HMC configuration as well as LPAR profile configurations to be saved in a special disk
partition. Next, the HMC is rebooted with the new HMC Recovery CD in the DVD drive. When the
psshHMCsecuritywp040804.doc Page 18 of 20
installation menu is presented to the user, the Upgrade option must be selected by twice pressing function
key F1.
When selecting this option, all but one partition on the HMC disk will be erased. At the end of the
installation process, when the HMC is rebooted, data from the saved partition will be copied back into the
HMC file systems. Below is a partial list of system configuration files saved as part of the Save Upgrade
Data process:
/etc/group
/etc/gshadow
/etc/localtime
/etc/passwd
/etc/shadow
/etc/hosts
/etc/login.defs,
/etc/resolv.conf
/etc/syslog.conf
/etc/hosts.allow
/etc/hosts.deny
/etc/sysconfig/network
/etc/sysconfig/clock
/etc/sysconfig/keyboard
/etc/sysconfig/i18n
/etc/sysconfig/iptables
psshHMCsecuritywp040604.doc Page 19 of 20
Executive Summary
The HMC is a Linux operating system-based management appliance designed for the control of POWER4
processor-based servers and partitions. It has been highly customized to limit what it can do and how it can
be accessed. Many services typically found on Linux servers have been turned off. Users on the HMC are
assigned specific roles that control the level of access they have to the management applications.
The remote command line access method is OpenSSH. Users with remote command line access are limited
in what they can perform by a restricted shell. Optionally, remote users of the WebSM interface can be
required to use SSL to secure their connection to the HMC. Tools have been added to the HMC to help
administrators monitor for unauthorized access.
If desired, clients may use BIOS settings of the Intel processor-based PC to provide additional physical
security, such as changing the startup device settings to prevent use of a Linux Recovery CD or diskette to
get into single-user mode, and to prevent unauthorized changes to BIOS settings. Although useful, the
remote WebSM interface itself and the Apache server used to distribute remote client code can be turned
off, leaving the client with remote command-line access via OpenSSH and local Web-based System
Manager access on the HMC console.
psshHMCsecuritywp040604.doc Page 20 of 20
© IBM Corporation 2004
IBM Corporation
Marketing Communications
Systems Group
Route 100
Somers, New York 10589
Produced in the United States of America
April 2004
All Rights Reserved
This document was developed for products and/or
services offered in the United States. IBM may
not offer the products, features, or services
discussed in this document in other countries.
The information may be subject to change without
notice. Consult your local IBM business contact
for information on the products, features and
services available in your area.
All statements regarding future directions and
intent of IBM are subject to change or withdrawal
without notice and represent goals and objectives
only.
IBM, the IBM logo, the e-business logo, ^ ,
AIX 5L, POWER4 and pSeries are trademarks or
registered trademarks of International Business
Machines Corporation in the United States or
other countries or both. A full list of U.S.
trademarks owned by IBM may be found at
http://www.ibm.com/legal/copytrade.shtml.
UNIX is a registered trademark of The Open
Group in the United States and other countries.
Windows is a registered trademark of the
Microsoft Corporation.
Intel is a registered trademark of Intel Corporation
in the United States and/or other countries.
Java and all Java-based trademarks and logos
are trademarks of Sun Microsystems, Inc. In the
United States and/or other countries.
Other company, product, and service names may
be trademarks or service marks of others.
IBM hardware products are manufactured from
new parts, or new and used parts. Regardless,
our warranty terms apply.
Copying or downloading the images contained in
this document is expressly prohibited without the
written consent of IBM.
This equipment is subject to FCC rules. It will
comply with the appropriate FCC rules before
final delivery to the buyer.
Information concerning non-IBM products was
obtained from the suppliers of these products or
other public sources. Questions on the
capabilities of the non-IBM products should be
addressed with the suppliers.
The IBM home page on the Internet can be found
at http://www.ibm.com.
The pSeries home page on the Internet can be
found at
http://www.ibm.com/servers/eserver/pseries.
More information about IBM ~ Cluster
1600 can be found at
http://www.ibm.com/servers/eserver/clusters.

Links

RAID data recovery, Mac data recovery, Unix data recovery, Linux data recovery, Oracle data recovery, CD data recovery, Zip data recovery, DVD data recovery , Flash data recovery, Laptop data recovery, PDA data recovery, Ipaq data recovery, Maxtor HDD, Hitachi HDD, Fujitsi HDD, Seagate HDD, Hewlett-Packard HDD, HP HDD, IBM HDD, MP3 data recovery, DVD data recovery, CD-RW data recovery, DAT data recovery, Smartmedia data recovery, Network data recovery, Lost data recovery, Back-up expert data recovery, Tape data recovery, NTFS data recovery, FAT 16 data recovery, FAT 32 data recovery, Novell data recovery, Recovery tool data recovery, Compact flash data recovery, Hard drive data recovery, IDE data recovery, SCSI data recovery, Deskstar data recovery, Maxtor data recovery, Fujitsu HDD data recovery, Samsung data recovery, IBM data recovery, Seagate data recovery, Hitachi data recovery, Western Digital data recovery, Quantum data recovery, Microdrives data recovery, Easy Recovery, Recover deleted data , Data Recovery, Data Recovery Software, Undelete data, Recover, Recovery, Restore data, Unerase deleted data, unformat, Deleted, Data Destorer, fat recovery, Data, Recovery Software, File recovery, Drive Recovery, Recovery Disk , Easy data recovery, Partition recovery, Data Recovery Program, File Recovery, Disaster Recovery, Undelete File, Hard Disk Rrecovery, Win95 Data Recovery, Win98 Data Recovery, WinME data recovery, WinNT 4.x data recovery, WinXP data recovery, Windows2000 data recovery, System Utilities data recovery, File data recovery, Disk Management recovery, BitMart 2000 data recovery, Hard Drive Data Recovery, CompactFlash I, CompactFlash II, CF Compact Flash Type I Card, CF Compact Flash Type II Card, MD Micro Drive Card, XD Picture Card, SM Smart Media Card, MMC I Multi Media Type I Card, MMC II Multi Media Type II Card, RS-MMC Reduced Size Multi Media Card, SD Secure Digital Card, Mini SD Mini Secure Digital Card, TFlash T-Flash Card, MS Memory Stick Card, MS DUO Memory Stick Duo Card, MS PRO Memory Stick PRO Card, MS PRO DUO Memory Stick PRO Duo Card, MS Memory Stick Card MagicGate, MS DUO Memory Stick Duo Card MagicGate, MS PRO Memory Stick PRO Card MagicGate, MS PRO DUO Memory Stick PRO Duo Card MagicGate, MicroDrive Card and TFlash Memory Cards, Digital Camera Memory Card, RS-MMC, ATAPI Drive, JVC JY-HD10U, Secured Data Deletion, IT Security Firewall & Antiviruses, PocketPC Recocery, System File Recovery , RAID , Apple MAC Recovery , Exchange Mailbox Recovery, Tape Recovery, Exchange server database recovery, Outlook Data Recovery, .pst Data Recovery

Terms & Conditions