isc-apptools-lockdown
Program for changing the security level of the system.
What’s new
The ability to change the security level not only to lockdown, but also to minimum and normal has been implemented.
Added methods for saving the custom security level to the global and applying these settings to other instances
Installation with ZPM
If ZPM the current instance is not installed, then in one line you can install the latest version of ZPM.
zn "%SYS" d ##class(Security.SSLConfigs).Create("z") s r=##class(%Net.HttpRequest).%New(),r.Server="pm.community.intersystems.com",r.SSLConfiguration="z" d r.Get("/packages/zpm/latest/installer"),$system.OBJ.LoadStream(r.HttpResponse.Data,"c")
If ZPM is installed, then can be set with the command
zpm:USER>install isc-apptools-lockdown
Installation with Docker
Prerequisites
Make sure you have git and Docker desktop installed.
Installation
Clone/git pull the repo into any local directory
git clone https://github.com/SergeyMi37/isc-apptools-lockdown.git
Open the terminal in this directory and run:
docker-compose build
- Run the IRIS container with your project:
docker-compose up -d
How to Test it
Open IRIS terminal:
docker-compose exec iris iris session iris
Increasing security settings
You can replace the shared password if the password of the predefined system users has been compromised
USER>do ##class(appmsw.security.lockdown).ChangePassword("NewPass231",##class(appmsw.security.lockdown).GetPreparedUsers())
Apply Security settings to “LockDown”
USER>do ##class(appmsw.security.lockdown).SetSecurityLevel(“lockdown”,“NewPassword123”)
or equivalent
USER>zpm “install isc-apptools-lockdown -Dzpm.securitylevel=lockdown -Dzpm.newpasswd=NewPassword123”
Apply Security settings to “normal”
USER>do ##class(appmsw.security.lockdown).SetSecurityLevel(“normal”,“NewPassword123”)
or equivalent
USER>zpm “install isc-apptools-lockdown -Dzpm.securitylevel=normal -Dzpm.newpasswd=NewPassword123”
Apply Security settings to “minimum”
USER>do ##class(appmsw.security.lockdown).SetSecurityLevel(“minimum”,“SYS”)
or equivalent
USER>zpm “install isc-apptools-lockdown -Dzpm.securitylevel=minimum -Dzpm.newpasswd=SYS”
Added methods for saving the current security level to the global and applying these settings to other instances.
To do this, you need to save the current applied security settings: the values of the Enabled and AutheEnabled parameters in the predefined objects of the Security.Applications, Security.Services and Security.System classes in the global by running the command
do ##class(appmsw.security.lockdown).SaveSecLevel(1,“Custom”,,“d:!\Custom.xml”)
Import this Custom.xml global to the target instance and apply this applied security level there with the command
do ##class(appmsw.security.lockdown).SetSecurityLevel(“Custom”,“Custom321level”)
or
zpm “install isc-apptools-lockdown -Dzpm.securitylevel=Custom -Dzpm.newpasswd=Custom321level”