Security configuration interface More...

import <Security.idl;

Public Member Functions
boolean	getHttpRedirSettings ()
	Retrieve the current state of the HTTP-to-HTTPS redirection.

void	setHttpRedirSettings (in boolean http2httpsRedir)
	Enable or disable HTTP-to-HTTPS redirection.

boolean	isHstsEnabled ()
	Check whether HTTP Strict Transport Security (HSTS) is enabled.

void	setHstsEnabled (in boolean enable)
	Enable or disable HTTP Strict Transport Security (HSTS).

IpFw	getIpFwSettings ()
	Retrieve the IPv4 packet filter configuration.

int	setIpFwSettings (in IpFw ipFw)
	Set the IPv4 packet filter configuration.

IpFw	getIpV6FwSettings ()
	Retrieve the IPv6 packet filter configuration.

int	setIpV6FwSettings (in IpFw ipV6Fw)
	Set the IPv6 packet filter configuration.

RoleAccessControl	getRoleAccessControlSettings ()
	Retrieve the role-base access control settings for IPv4.

int	setRoleAccessControlSettings (in RoleAccessControl settings)
	Change the role-based access control settings.

RoleAccessControl	getRoleAccessControlSettingsV6 ()
	Retrieve the role-base access control settings for IPv6.

int	setRoleAccessControlSettingsV6 (in RoleAccessControl settings)
	Change the role-based access control settings for IPv6.

BlockSettings	getBlockSettings ()
	Retrieve the current user blocking settings.

int	setBlockSettings (in BlockSettings settings)
	Change the user blocking settings.

PasswordSettings	getPwSettings ()
	Retrieve the password settings.

int	setPwSettings (in PasswordSettings pwSettings)
	Change the password settings.

int	getIdleTimeoutSettings ()
	Retrieve the current idle timeout.

int	setIdleTimeoutSettings (in int idleTimeout)
	Change the session idle timeout.

boolean	getSingleLoginLimitation ()
	Retrieve the current single-login limitation setting.

void	setSingleLoginLimitation (in boolean singleLogin)
	Enable or disable single login limitation.

SSHSettings	getSSHSettings ()
	Retrieve the current SSH settings.

void	setSSHSettings (in SSHSettings settings)
	Change the SSH settings.

vector< SSHHostKey >	getSSHHostKeys ()
	Retrieve the host SSH keys.

RestrictedServiceAgreement	getRestrictedServiceAgreement ()
	Retrieve the current Restricted Service Agreement settings.

int	setRestrictedServiceAgreement (in RestrictedServiceAgreement settings)
	Change the Restricted Service Agreement settings.

vector< string >	getSupportedFrontPanelPrivileges ()
	Retrieve a list of supported privileges for the front panel.

vector< string >	getFrontPanelPrivileges ()
	Retrieve the list of active front panel privileges.

int	setFrontPanelPrivileges (in vector< string > privileges)
	Set the privileges for the front panel.

int	setDefaultAdminAccountPassword (in string password, in boolean disableStrongPasswordReq)
	Set the default admin account password and optionally disable strong password requirements.

int	setAdminAccountPasswordHash (in string passwordHash)
	Set the password hash for the admin user.

boolean	isSecureBootActive ()
	Check whether secure boot is active.

TpmInfo	getTpmInfo ()
	Return information about an installed Secure Element.

FipsSettings	getActiveFipsSettings ()
	Get active FIPS settings.

FipsSettings	getPersistentFipsSettings ()
	Get persistent FIPS settings.

void	setPersistentFipsSettings (in FipsSettings settings)
	Set persistent FIPS settings.

Public Attributes
constant int	ERR_INVALID_VALUE = 1
	Invalid arguments.

Detailed Description

Security configuration interface

Definition at line 150 of file Security.idl.

Member Function Documentation

◆ getActiveFipsSettings()

FipsSettings security::Security::getActiveFipsSettings ( )

Get active FIPS settings.

Returns: Active FIPS settings

◆ getBlockSettings()

BlockSettings security::Security::getBlockSettings ( )

Retrieve the current user blocking settings.

Returns: User blocking settings

◆ getFrontPanelPrivileges()

vector< string > security::Security::getFrontPanelPrivileges ( )

Retrieve the list of active front panel privileges.

Returns: List of privilege names

◆ getHttpRedirSettings()

boolean security::Security::getHttpRedirSettings ( )

Retrieve the current state of the HTTP-to-HTTPS redirection.

Returns: true if the HTTP-to-HTTPS redirection is enabled

◆ getIdleTimeoutSettings()

int security::Security::getIdleTimeoutSettings ( )

Retrieve the current idle timeout.

Returns: Idle timeout in minutes

◆ getIpFwSettings()

IpFw security::Security::getIpFwSettings ( )

Retrieve the IPv4 packet filter configuration.

Returns: IPv4 packet filter configuration

◆ getIpV6FwSettings()

IpFw security::Security::getIpV6FwSettings ( )

Retrieve the IPv6 packet filter configuration.

Returns: IPv6 packet filter configuration

◆ getPersistentFipsSettings()

FipsSettings security::Security::getPersistentFipsSettings ( )

Get persistent FIPS settings.

Those settings are applied on next boot and may differ from currently active settings.

Returns: Persistent FIPS settings

◆ getPwSettings()

PasswordSettings security::Security::getPwSettings ( )

Retrieve the password settings.

Returns: Password settings

◆ getRestrictedServiceAgreement()

RestrictedServiceAgreement security::Security::getRestrictedServiceAgreement ( )

Retrieve the current Restricted Service Agreement settings.

Returns: Restricted Service Agreement settings

◆ getRoleAccessControlSettings()

RoleAccessControl security::Security::getRoleAccessControlSettings ( )

Retrieve the role-base access control settings for IPv4.

Returns: Role-based access control settings

◆ getRoleAccessControlSettingsV6()

RoleAccessControl security::Security::getRoleAccessControlSettingsV6 ( )

Retrieve the role-base access control settings for IPv6.

Returns: Role-based access control settings

◆ getSingleLoginLimitation()

boolean security::Security::getSingleLoginLimitation ( )

Retrieve the current single-login limitation setting.

Returns: true if single-login limitation is enabled

◆ getSSHHostKeys()

vector< SSHHostKey > security::Security::getSSHHostKeys ( )

Retrieve the host SSH keys.

Returns: SSH host keys

◆ getSSHSettings()

SSHSettings security::Security::getSSHSettings ( )

Retrieve the current SSH settings.

Returns: SSH settings

◆ getSupportedFrontPanelPrivileges()

vector< string > security::Security::getSupportedFrontPanelPrivileges ( )

Retrieve a list of supported privileges for the front panel.

Returns: List of privilege names

◆ getTpmInfo()

TpmInfo security::Security::getTpmInfo ( )

Return information about an installed Secure Element.

The name getTpmInfo is kept for backward compatibility.

Returns: Secure Element information

◆ isHstsEnabled()

boolean security::Security::isHstsEnabled ( )

Check whether HTTP Strict Transport Security (HSTS) is enabled.

Returns: true when HSTS is enabled

◆ isSecureBootActive()

boolean security::Security::isSecureBootActive ( )

Check whether secure boot is active.

ATTENTION: There are some uncertainties involved here. It is possible that it reports secure boot active while it isn't. Theoretically also the opposite is possible. For that reason the result of this function may not be used to reduce any security checks!

Returns: true if secure boot is active

◆ setAdminAccountPasswordHash()

int security::Security::setAdminAccountPasswordHash ( in string passwordHash )

Set the password hash for the admin user.

Naturally, this circumvents checks for password complexity requirements and the password history, since we only receive the salted hash of a password.

This method is only allowed on link units when called by the primary unit.

Returns: 0 OK; 2 The password hash must not be empty.

◆ setBlockSettings()

int security::Security::setBlockSettings ( in BlockSettings settings )

Change the user blocking settings.

Parameters

settings New settings

Returns: 0 on success; ERR_INVALID_VALUE if any argument was invalid

◆ setDefaultAdminAccountPassword()

int security::Security::setDefaultAdminAccountPassword	(	in string	password,
		in boolean	disableStrongPasswordReq )

Set the default admin account password and optionally disable strong password requirements.

The purpose of this method is to set the default admin account password when the device is unprovisioned, i.e. has not been configured yet or has been reset to factory defaults. The difference to the regular setAccountPassword() method in the User::idl is that this method allows to disable the strong password requirements at the same time. It allows choosing a weaker password in case strong password requirements are not needed for the specific purpose.

Parameters

password	The new password
disableStrongPasswordReq	`true` to disable strong password requirements `false` to keep the current strong password requirement setting

Returns: 0 OK; 1 The new password has to differ from old password.; 2 The password must not be empty.; 3 The password is too short.; 4 The password is too long.; 5 The password must not contain control characters.; 6 The password has to contain at least one lower case character.; 7 The password has to contain at least one upper case character.; 8 The password has to contain at least one numeric character.; 9 The password has to contain at least one printable special character.; 10 The password already is in history.; 11 SNMPv3 USM is activated for the user and the password shall be used as auth passphrase. For this case, the password is too short (must be at least 8 characters).

◆ setFrontPanelPrivileges()

int security::Security::setFrontPanelPrivileges ( in vector< string > privileges )

Set the privileges for the front panel.

Returns: 0 on success; ERR_INVALID_VALUE if any argument was invalid

◆ setHstsEnabled()

void security::Security::setHstsEnabled ( in boolean enable )

Enable or disable HTTP Strict Transport Security (HSTS).

Parameters

enable true to enable HSTS

◆ setHttpRedirSettings()

void security::Security::setHttpRedirSettings ( in boolean http2httpsRedir )

Enable or disable HTTP-to-HTTPS redirection.

Parameters

http2httpsRedir true to enable the redirection

◆ setIdleTimeoutSettings()

int security::Security::setIdleTimeoutSettings ( in int idleTimeout )

Change the session idle timeout.

Parameters

idleTimeout New idle timeout in minutes

Returns: 0 on success; ERR_INVALID_VALUE if any argument was invalid

◆ setIpFwSettings()

int security::Security::setIpFwSettings ( in IpFw ipFw )

Set the IPv4 packet filter configuration.

Parameters

ipFw	New packet filter settings

Returns: 0 on success; ERR_INVALID_VALUE if any argument was invalid

◆ setIpV6FwSettings()

int security::Security::setIpV6FwSettings ( in IpFw ipV6Fw )

Set the IPv6 packet filter configuration.

Parameters

ipV6Fw New packet filter settings

Returns: 0 on success; ERR_INVALID_VALUE if any argument was invalid

◆ setPersistentFipsSettings()

void security::Security::setPersistentFipsSettings ( in FipsSettings settings )

Set persistent FIPS settings.

Those settings are applied on next boot and may differ from currently active settings.

Parameters

settings new persistent FIPS settings

◆ setPwSettings()

int security::Security::setPwSettings ( in PasswordSettings pwSettings )

Change the password settings.

Parameters

pwSettings New settings

Returns: 0 on success; ERR_INVALID_VALUE if any argument was invalid

◆ setRestrictedServiceAgreement()

int security::Security::setRestrictedServiceAgreement ( in RestrictedServiceAgreement settings )

Change the Restricted Service Agreement settings.

Parameters

settings New settings

Returns: 0 on success; ERR_INVALID_VALUE if any argument was invalid

◆ setRoleAccessControlSettings()

int security::Security::setRoleAccessControlSettings ( in RoleAccessControl settings )

Change the role-based access control settings.

Parameters

settings New settings

Returns: 0 on success; ERR_INVALID_VALUE if any argument was invalid

◆ setRoleAccessControlSettingsV6()

int security::Security::setRoleAccessControlSettingsV6 ( in RoleAccessControl settings )

Change the role-based access control settings for IPv6.

Parameters

settings New settings

Returns: 0 on success; ERR_INVALID_VALUE if any argument was invalid

◆ setSingleLoginLimitation()

void security::Security::setSingleLoginLimitation ( in boolean singleLogin )

Enable or disable single login limitation.

Parameters

singleLogin true to enable single login limitation

◆ setSSHSettings()

void security::Security::setSSHSettings ( in SSHSettings settings )

Change the SSH settings.

Parameters

settings New settings

Member Data Documentation

◆ ERR_INVALID_VALUE

constant int security::Security::ERR_INVALID_VALUE = 1

Invalid arguments.

Definition at line 152 of file Security.idl.

The documentation for this interface was generated from the following file:

Security.idl

Public Member Functions

Public Attributes

Detailed Description

Member Function Documentation

◆ getActiveFipsSettings()

◆ getBlockSettings()

◆ getFrontPanelPrivileges()

◆ getHttpRedirSettings()

◆ getIdleTimeoutSettings()

◆ getIpFwSettings()

◆ getIpV6FwSettings()

◆ getPersistentFipsSettings()

◆ getPwSettings()

◆ getRestrictedServiceAgreement()

◆ getRoleAccessControlSettings()

◆ getRoleAccessControlSettingsV6()

◆ getSingleLoginLimitation()

◆ getSSHHostKeys()

◆ getSSHSettings()

◆ getSupportedFrontPanelPrivileges()

◆ getTpmInfo()

◆ isHstsEnabled()

◆ isSecureBootActive()

◆ setAdminAccountPasswordHash()

◆ setBlockSettings()

◆ setDefaultAdminAccountPassword()

◆ setFrontPanelPrivileges()

◆ setHstsEnabled()

◆ setHttpRedirSettings()

◆ setIdleTimeoutSettings()

◆ setIpFwSettings()

◆ setIpV6FwSettings()

◆ setPersistentFipsSettings()

◆ setPwSettings()

◆ setRestrictedServiceAgreement()

◆ setRoleAccessControlSettings()

◆ setRoleAccessControlSettingsV6()

◆ setSingleLoginLimitation()

◆ setSSHSettings()

Member Data Documentation

◆ ERR_INVALID_VALUE