Sicura Console
  1. Introduction
  2. Installation
  3. RPM Installation
  4. Container Installation
  5. Upgrades
  6. Running Sicura Console
  7. Configuration - Accounts
  8. Configuration - Database
  9. Configuration - Collector
  10. Configuration - Security
  11. Configuration - Plugins
  12. Configuration - Experimental
  13. Sidebar - Administration
  14. Sidebar - Infrastructure
  15. Sidebar - Profiles
  16. Sidebar - Reports
  17. Sidebar - Scheduling
  18. Commands
  19. Known Issues
  20. How To - Enforce compliance
  21. How To - Enforce custom profiles
  22. How To - Use the API

Known Issues

Permissions on /etc/sicura

On Sicura systems prior to Sicura 6.4, permissions on /etc/sicura were too restrictive for the sicura-console user to read license keys and configuration.

If it is not possible to upgrade Sicura to 6.4 or later (or to upgrade the sicura-sicura Puppet module to at least version 4.8.1), as a workaround set an ACL on the /etc/sicura directory with the following command:

setfacl -m u:sicura-console:rx /etc/sicura

Running in FIPS mode

PostgreSQL 10 and later supports SCRAM-SHA-256 in leiu of md5. PostgreSQL 10 ships with the recommended installation platform, RHEL 8.

Manual configuration

Follow the Install instructions as normal except:

  1. Change the ‘sed’ command s|ident|md5 to s|ident|scram-sha-256
  2. Run echo password_encryption=scram-sha-256 >> /var/lib/pgsql/data/postgresql.conf before starting postgres

Puppet configuration

  1. In hiera, set postgresql::server::password_encryption: 'scram-sha-256'
  2. In sicura_console/manifests/db.pp, update it to include: class { ‘postgresql::globals’: pg_hba_conf_defaults => false, } postgresql::server::pg_hba_rule { # Here, duplicate the out-of-the-box pg_hba.conf settings, pass a variable for the auth_method, where applicable allowing both md5 or scram-sha-256. }

Note: Even after these changes to your environment you still may experience some non-idempotent issues with postgres.