IBM Communications Server v6.2 for Linux Web Administration package
* (c) Copyright International Business Machines Corp. 2004
* All Rights Reserved
* Licensed Material - Property of IBM
*
* US Government Users Restricted Rights - Use, duplication or
* disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
Table of Contents
-----------------
0. Third-party license terms and conditions, notices, and information
1. About this release
1.1 Package compatibility
1.2 Package configuration requirements
2. Installation process
2.1 Configuration process
3. Uninstallation information
4. Known limitations and problems
5. Documentation updates
6. Notices and trademarks
SUBJECT TO ANY STATUTORY WARRANTIES WHICH CAN NOT BE EXCLUDED, IBM MAKES NO
WARRANTIES OR CONDITIONS EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED
TO, THE IMPLIED WARRANTIES OR CONDITIONS OF MERCHANTABLITY, FITNESS FOR A
PARTICULAR PURPOSE, AND NON-INFRINGEMENT, REGARDING THE PROGRAM OR TECHNICAL
SUPPORT, IF ANY.
The Communications Server for Linux Web Administration package is a tool designed to
provide remote web connectivity for managing a CS Linux server installation. A full range
of remote query and status information is provided in general and specific functional areas.
Some start and stop functions for node, connection and host resources are also provided.
Use this tool for most normal operations and not for large query operations.
If you need to query results for more than several hundred LUs or connections, use direct
Telnet for SSH connections.
The package depends on Common Gateway Interface (CGI) capabilities shipped with the "perl" package for Linux.
You must have an Apache server or IBM HTTP Server (IHS) and the perl-CGI RPMs installed.
The distributions tested for this package are those supported for the CS Linux products:
- Red Hat Advanced Server 2.1 (i386)
- Red Hat Enterprise Linux 3 (i386,s390,zSeries)
- SuSE Linux Enterprise Server 8 (i386,s390,s390x).
This package requires the administrator of a Linux system to perform configuration.
You must update the Web Server configuration file, httpd.conf. For secure access,
use visudo to update the /etc/sudoer file. The package uses full path specification
for execution of snaadmin, sna and snagetpd executables. This will prevent vulnerable attacks
by insertion of rogue execution files in the paths. It is assumed the administrator will be familiar
with the procedures described to configure the Web Server so that the proper security and
performance requirements are met.
This package requires that the IBM Communications Server for Linux (P/N 5724-i33) or
IBM communications Server for Linux on zSeries (P/N 5724-i34) be installed.
The Web Servers used to test with are the Apache 1.3.26 and 27 and IBM HTTP Server
(IHS) 2.0.47.1.
Most web browsers that support CGI enabled forms will work. Netscape V4.7 will not work
with this package.
The Communications Server for Linux and Communications Server for Linux on zSeries
products have been tested with this Communications Server Web Administration package.
For RHEL3-s390* and SLES8-s390* Linux on zSeries systems, the perl-CGI package is not
included by default. Go to http://www.redhad.com/ and http://www.suse.com/ to get the
appropriate packages. We used perl-CGI-2.81-88.7.s390.rpm for our testing.
For security purposes, you will need to also install the sudo package. This allows specific
access to CS Linux Administration commands for specific users. RHAS 2.1 does not install
this by default.
Follow the instructions in the Configuration Process to reference these directories.
The ibm-commserver-webadmin-version.rpm file will install into the /opt/ibm/sna/web directory. In this
directory, you will find this README and the three sub-directories that the web server should reference:
.../cscdoc,.../cscbin, .../cscicons.
Perform all installation instructions under the "root" system id.
Install the Web Administration package by using the following RPM command:
rpm -U ibm-commserver-webadmin-version.rpm
The instructions for configuring the Web Server is designed to have http://server_name/cscdoc/cslinuxweb.html
as the main page for the Web Administration package. You will want to put a link to this main page
somewhere on the Web Server to make access easy.
Update the Web Server configuration file, usually httpd.conf, with
Alias and Directory information. For secure access, it is recommended
you use the htpasswd tool shipped with Apache or IHS to set a user and password access.
The Web Server uses /etc/httpd/httpd.conf, /etc/httpd/conf/httpd.conf or
# For CS Linux Web Administration Document directory <Directory "/opt/ibm/sna/web/cscdoc">
/opt/IHS-version/conf/httpd.conf as the base configuration file, depending on the Web
server installed. The http.conf file must be updated to list Alias for .../cscdoc, .../cscbin,
and .../cscicons. Secure access should be imposed using a htpasswd file.
Here are the additions needed to the httpd.conf file to provide Web Server access for
the Web Administration tool:
- Add to ScriptAlias section:
ScriptAlias /cscbin/ "/opt/ibm/sna/web/cscbin/"
- Add to Directory section:
# For CS Linux Web Administration CGI directory
<Directory "/opt/ibm/sna/web/cscbin">
AuthName cslinux
# type of authentication
AuthType Basic
# the path of the password file, here in the same directory as httpd.conf
AuthUserFile /opt/ibm/sna/.webpasswd
# the valid users
require valid-user
AllowOverride None
Options None
Order allow,deny
Allow from all
</Directory>
Alias /cscdoc "/opt/ibm/sna/web/cscdoc/"
Alias /cscdoc/ "/opt/ibm/sna/web/cscdoc/"
AuthName cslinux
# type of authentication
AuthType Basic
# the path of the password file, here in the same directory as httpd.conf
AuthUserFile /opt/ibm/sna/.webpasswd
# the valid users
require valid-user
AllowOverride None
Options None
Order allow,deny
Allow from all
</Directory>
# For CS Linux Web Administration Icon directory
Alias /cscicons "/opt/ibm/sna/web/cscicons/"
Alias /cscicons/"/opt/ibm/sna/web/cscicons/"
<Directory "/opt/ibm/sna/web/cscicons">
Options Indexes MultiViews
AllowOverride None
Order allow,deny
Allow from all
</Directory>
In the Directory statements listed above for the Web Administration "html" documents
and CGI directory, the AuthUserFile is set. To build this file, use the htpasswd command
to create and set the file. An example of using this file would be:
htpasswd -bc /opt/ibm/sna/.webpasswd admin passw0rd
This example creates /opt/ibm/sna/.webpasswd with a user of "admin" and a password
of "passw0rd". Any reference to the http://server/cscdoc/ will prompt the initial access to
request the proper user id and password.
The permissions for CS Linux command line administration executables are set to 'root'
wwwrun interface = NOPASSWD: /opt/ibm/sna/bin/snaadmin, /opt/ibm/sna/bin/snagetpd, /opt/ibm/sna/bin/sna
,where wwwrun is the Apache user ID on SLES8 (use apache for RHEL Apache systems,
access only. Specific configuration is needed to allow users proper access to these Web
Administration CGI scripts . The visudo command in Linux allows
the system administrator to give specific access to a user for specific executables.
Care must be taken that the paths are fully provided so rogue execution will not be possible.
Using visudo, set the user-specific access to:
use nobody for IHS systems), the interface is the interface that the Web Server is allowing
access over. Use the NOPASSWD option so the system will not prompt for root password
when the web server executes the script. View the /var/log/httpd/error_logs for messages if
pages do not get invoked properly.
3.0 Uninstallation information:
To remove the CS Linux Web Administration package, you should first
de-configure the Web Server and then remove the package. To remove the package
from the Web Server configuration, edit the httpd.conf file and remove any
references to .../cscdoc, .../cscbin and .../cscicons. Run the visudo command to
remove the access permission for the Web Server from the /opt/ibm/sna/bin/... files.
Remove the .../cscdoc, .../cscbin and .../cscicons directories from the Web
Server path. Remove the CS Linux Web Administration package by using the rpm
command:
rpm -e ibm-commserver-webadmin
4.0 Known limitations and problems:
Forms presented by this package to allow action on SNA resources, like starting
or stopping the node, do not prompt for confirmation. The assumption is that selected
options are chosen action as submitted on the forms.
Errors that occur due to web server invocation problems are logged in the
/var/log/httpd/error_log or /opt/IHS-version/logs/error_log file.
5.0 Notices and trademarks:
This information was developed for products
and services offered in the U.S.A.
SUBJECT TO ANY STATUTORY WARRANTIES WHICH CANNOT BE EXCLUDED,
IBM MAKES NO WARRANTIES OR CONDITIONS EITHER EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OR
CONDITIONS OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
PURPOSE, AND NON-INFRINGEMENT, REGARDING THE PROGRAM OR
TECHNICAL SUPPORT, IF ANY.
The exclusion also applies to any of IBM's Program
developers and suppliers.
Manufacturers, suppliers, or publishers of non-IBM Programs
may provide their own warranties.
IBM does not provide technical support, unless IBM
specifies otherwise.
Trademarks
----------
The following terms are trademarks of the IBM Corporation
in the United States or other countries or both:
ACF/VTAM
Advanced Peer-to-Peer Networking
Application System/400
APPN
AS/400
eServer
IBM
S/390
VTAM
zSeries
The following terms are trademarks or registered trademarks of other
companies:
Java and all Java-based trademarks are trademarks of Sun Microsystems,
Inc., in the United States, other countries, or both.
UNIX is a registered trademark in the United States and other countries
licensed exclusively through The Open Group.
Intel is a trademark of Intel Corporation.
Linux is a trademark of Linus Torvalds.
RedHat and RPM are trademarks of Red Hat, Inc.
SuSE Linux is a trademark of SuSE Linux AG.
UnitedLinux is a trademark of UnitedLinux LLC.
Other company, product, and service names may be trademarks or service
marks of others.