1. Introduction
2. Installation
3. RPM Installation
4. Container Installation
5. Upgrades
6. Running Sicura Console
7. Configuration - Accounts
8. Configuration - Database
9. Configuration - Collector
10. Configuration - Security
11. Configuration - Plugins
12. Configuration - Experimental
13. Sidebar - Administration
14. Sidebar - Infrastructure
15. Sidebar - Profiles
16. Sidebar - Reports
17. Sidebar - Scheduling
18. Commands
19. Known Issues
20. How To - Enforce compliance
21. How To - Enforce custom profiles
22. How To - Use the API

Known Issues

Permissions on /etc/sicura

On Sicura systems prior to Sicura 6.4, permissions on /etc/sicura were too restrictive for the sicura-console user to read license keys and configuration.

If it is not possible to upgrade Sicura to 6.4 or later (or to upgrade the sicura-sicura Puppet module to at least version 4.8.1), as a workaround set an ACL on the /etc/sicura directory with the following command:

setfacl -m u:sicura-console:rx /etc/sicura

Running in FIPS mode

PostgreSQL 10 and later supports SCRAM-SHA-256 in leiu of md5. PostgreSQL 10 ships with the recommended installation platform, RHEL 8.

Manual configuration

Follow the Install instructions as normal except:

1. Change the ‘sed’ command s|ident|md5 to s|ident|scram-sha-256
2. Run echo password_encryption=scram-sha-256 >> /var/lib/pgsql/data/postgresql.conf before starting postgres

Puppet configuration

1. In hiera, set postgresql::server::password_encryption: 'scram-sha-256'
2. In sicura_console/manifests/db.pp, update it to include: class { ‘postgresql::globals’: pg_hba_conf_defaults => false, } postgresql::server::pg_hba_rule { # Here, duplicate the out-of-the-box pg_hba.conf settings, pass a variable for the auth_method, where applicable allowing both md5 or scram-sha-256. }

Note: Even after these changes to your environment you still may experience some non-idempotent issues with postgres.