Environment
Sentinel 6.0.xx Sentinel Server
Sentinel 6.0.xx
Sentinel 6.0.xx
Situation
For security reasons it may be desirable to use NTLM v2 for windowsauthentication to a Microsoft environment. The Security
Technical Implementation Guide (STIG) from the United States
Department of Defense (DoD) states NTLM v2 should be used as
well. Once the Microsoft side is configured properly to use
this protocol the Sentinel components can also be configured to do
the same. This TID is written specifically for Sentinel 6.0
SP2 and may apply to future versions until this is the default
configuration for a Microsoft windows environment.
Resolution
Be sure Sentinel 6.0 SP2 or later is applied to all Sentinel
servers before taking the following steps. These steps should
be applied to all servers running Sentinel.
1. - Create a new file called mssql_jdbc_ntlmv2.properties in the $ESEC_HOME/config directory with the following two lines (be sure permissions are appropriate for this file like the others in the same directory):
useCursors=true
useNTLMv2=true
2. - Backup the $ESEC_HOME/config/configuration.xml file. When completed add the following switch to each DAS process's definition at some point BEFORE the JAR file is specified (-jar):
-Desecurity.jdbc.config.file=../config/mssql_jdbc_ntlmv2.properties
The filename specified in the configuration option listed above should refer to the properties file created in step 1. An example of an updated process definition is in the Additional Notes section. This is only a sample from a configured system and should not be used directly as some parameters may differ from your own environment.
3. - Restart all Sentinel services.
1. - Create a new file called mssql_jdbc_ntlmv2.properties in the $ESEC_HOME/config directory with the following two lines (be sure permissions are appropriate for this file like the others in the same directory):
useCursors=true
useNTLMv2=true
2. - Backup the $ESEC_HOME/config/configuration.xml file. When completed add the following switch to each DAS process's definition at some point BEFORE the JAR file is specified (-jar):
-Desecurity.jdbc.config.file=../config/mssql_jdbc_ntlmv2.properties
The filename specified in the configuration option listed above should refer to the properties file created in step 1. An example of an updated process definition is in the Additional Notes section. This is only a sample from a configured system and should not be used directly as some parameters may differ from your own environment.
3. - Restart all Sentinel services.
Additional Information
To implement NTLM v2 in Microsoft Active Directory (MAD) and
Microsoft windows see http://support.microsoft.com/kb/239869
A sample process definition from configuration.xml with the changes applied:
-Desecurity.jdbc.config.file=../config/mssql_jdbc_ntlmv2.properties
-jar ../lib/ccsbase.jar ..//config//das_query.xml"
min_instances="1" name="DAS_Query" post_startup_delay="20"
type="container" working_directory="$(ESEC_HOME)/data"/>
A sample process definition from configuration.xml with the changes applied: