
description added
A program to enhance security and create users and add SQL privileges.
zpm:USER>install isc-apptools-lockdown
Make sure you have git and Docker desktop installed.
Clone/git pull the repo into any local directory
$ git clone https://github.com/SergeyMi37/isc-apptools-lockdown.git
Open the terminal in this directory and run:
$ docker-compose build
$ docker-compose up -d
Open IRIS terminal:
$ docker-compose exec iris iris session iris
You can replace the shared password if the password of the predefined system users has been compromised
IRISAPP>do ##class(App.LockDown).ChangePassword("NewPass231",##class(App.LockDown).GetPreparedUsers())
Application to the LockedDown system, if it was installed with the initial security settings, minimum or normal. You can get and study the description of the method parameters with such a command, like any other element of any other class.
IRISAPP>write ##class(App.msg).man("App.LockDown).Apply")
Increase system security to LockDown
The method disables services and applications as in LockDown. Deletes the namespaces "DOCBOOK", "ENSDEMO", "SAMPLES"
The method enables auditing and configures registration of all events in the portal, except for switching the log
and modification of system properties
For all predefined users, change the password and change the properties as in LockDown
newPassword - new single password instead of SYS. For LockDown security level, it has an 8.32ANP pattern
sBindings = 1 Service% service_bindings enable
sCachedirect = 1 Service% service_cachedirect enable
InactiveLimit = 90
DemoDelete = 0 Demoens, Samples namespaces are being deleted
AuditOn = 1
sECP = 1 Service% service_ecp enable
sBindingsIP - list of ip addresses with a semicolon for which to allow CacheStudio connection.
For ECP configurations, you need to add the addresses of all servers and clients to allow connection on% Net.RemoteConnection to remove "abandoned" tasks
sCachedirectIP - list of ip addresses with a semicolon for which to allow legacy applications connection.
sECPIP - list of ip addresses with a semicolon for which to allow connection to the ECP server.
AuthLDAP = 1 In addition to the password, also enable LDAP authentication
...
Apply Security settings to "LockDown"
IRISAPP>do ##class(App.LockDown).Apply("NewPassword123",.msg,1,1,0,0)
Applications and services will be authenticated by password
Password is reset to predefined users
Modification of service properties:
%service_cachedirect: Error=ERROR #787: Service %Service_CacheDirect not allowed by license
Passwords are created for all CSP applications.
There is a modification of the basic system settings
Event Setup AUDIT :
%System/%DirectMode/DirectMode changed
%System/%Login/Login changed
%System/%Login/Logout changed
%System/%Login/Terminate changed
%System/%Security/Protect changed
%System/%System/JournalChange changed
%System/%System/RoutineChange changed
%System/%System/SuspendResume changed
All other features of the interface part of the software solution can be found in the document or in an article of a Russian resource