HMC 10.2.1030.0 introduces support for HMC hardening profile in IBM PowerSC. In this blog, we will walk you through the details of the feature, how to enable it and its capabilities. The link here can be referred to setup latest PowerSC server.
PowerSC UI Agent required for PowerSC server to manage HMC as an endpoint is now bundled with HMC. Once HMC is installed and PowerSC UI Agent is enabled, the PowerSC UI Agent will then communicate with the PowerSC server. This will allow the monitoring of compliance status of HMC. From the PowerSC Server, further customization of the profile can be done, and it can be re-deployed on the HMC.
The first step is enable PowerSC UI Agent port 11125 on HMC. Sample image for Firewall settings enablement for port 11125 port is as below image-1.
image-1
Next, Generate Keystore on PowerSC Server. On the PowerSC Server GUI, click Settings -> Endpoint Admin -> Keystore Requests -> Select Hostname -> Generate Keystore.
Alternatively, you can use the following command to generate keystore on PowerSC Server CLI:
/opt/powersc/uiServer/bin/generate_endpoint_keystore_uiServer.sh <endpoint FQDN>
Import the endpointTrustore.jks file from the PowerSC Server /etc/security/powersc/uiServer/endpointTrustore.jks on the HMC using the below command:
getfile -t powersctrust -l s -f /etc/security/powersc/uiServer/endpointTruststore.jks -h <powerSC_server> -u <user>
Once truststore is updated, enable PowerSC UI Agent on HMC with below command:
chhmc -c powerscuiagent -s enable
The enablement can be confirmed using:
lshmc -r
powerscuiagent=enable
Once settings are complete, select Endpoint admin under the settings icon in PowerSC Server GUI. The HMC will show up under the Endpoints tab of the Endpoint admin page as in sample image-2.
image-2
Apply the HMC profile in the PowerSC server. For more information about HMC Hardening profile, see the link . Once profile is applied, sample image-3 shows the compliance status with details of failure of rules from profile as in sample image-4.
image-3
image-4
References
· PowerSC standard edition: https://www.ibm.com/docs/en/powersc-standard
· HMC hardening profile: https://www.ibm.com/docs/en/powersc-standard/2.1?topic=concepts-hmc-hardening-profile