Skip to main content

Cloud ConnectorsSetup

Table of Contents

Security

Enable HTTP Strict-Transport-Security Response Headers

For increased security, the Exabeam Cloud Connectors platform with a base version of 2.5.192 or later automatically enables HTTP Strict-Transport-Security (HTHS) response headers. If you upgrade the Exabeam Cloud Connectors from an earlier version, you must manually enable the HTHS response headers.

To perform this configuration, you must have an account with root-level permissions that can act as sudo.

  1. SSH into the machine which hosts the Exabeam Cloud Connectors platform.

  2. Run the sudo -i command to run the shell with root-level credentials.

  3. Run the cd /opt/exabeam/data/sk4/conf/shiro command to change to the shiro directory.

  4. Run the cp client-shiro.ini client-shiro.ini.bak.beforehsts command to make a backup of the client-shiro.ini file.

  5. Use you preferred text editor to make the following edits to the client-shiro.ini file:

    Below the [main] section, add a new section:

    # configure Shiro's default 'ssl' filter to enabled HSTS:
ssl.enabled = true
ssl.port = 8443
ssl.hsts.enabled = true
ssl.hsts.includeSubDomains = true

    Below the [urls] section, replace the existing configuration and set /login.html = ssl, sk4Authc.

    /index.html = ssl, sk4Authc, roles[sk4-admin]
/onboard.html = ssl, sk4Authc, roles[sk4-admin]
/logout = ssl, logout
/ = ssl, sk4Authc, roles[sk4-admin]
/** = ssl, anon

    Save and exit the file.

  6. Run the sudo systemctl restart sk4compose command to restart sk4compose.