3.5 Sensitive Data Locations

For certain components, passwords must be stored so that they are available to the components when the system needs to connect to a resource such as a database or an event source. In this case, the password is first encrypted to avoid unauthorized access to the clear-text password.

Even if the password is encrypted, you must ensure that the access to the stored password data is protected to avoid password exposure. For example, you can set permissions to ensure that files with sensitive data are not readable by other users.

Database credentials are stored in the <sentinel_installation_path>/etc/opt/novell/sentinel/config/obj-component.ConnectionManager.properties file.

username=appuser
database=SIEM
password=<password>

The following database tables store passwords (/certificate) in encrypted format. You must limit access to these tables.

EVT_SRC: column: evt_src_config column data
evt_src_collector: column: evt_src_collector_props
evt_src_grp: column: evt_src_default_config
md_config: column: data
integrator_config: column: integrator_properties
md_view_config: column: view_data
esec_content: column: content_context, content_hash
esec_content_grp_content: column: content_hash
sentinel_plugin: column: content_pkg, file_hash

Sentinel stores both configuration data and event data in the following locations:

Table 3-2 Locations for Configuration Data and Event Data

Components	Location for Configuration Data	Location for Event Data
Sentinel server	The database tables and file system at <sentinel_installation_path>/etc/opt/novell/sentinel/config. This configuration information includes the encrypted database, event source, integrators, and passwords.	The database (for example, CORRELATED_EVENTS and EVT_RPT_* tables) and the file system at /var/opt/novell/sentinel/data/eventdata, /var/opt/novell/sentinel/data/rawdata, /var/opt/novell/sentinel/data/server.cache, /var/opt/novell/sentinel/data/map_data, and /var/opt/novell/sentinel/3rdparty/postgresql.
Collector Manager	The file system at <sentinel_installation_path>/etc/opt/novell/sentinel/config. The most sensitive configuration information is the client key pair used to connect to the message bus.	Event data might be cached on the file system during error conditions such as the message bus being down or event overflow. This event data is stored in the /var/opt/novell/sentinel/data/collector_mgr.cache directory.

Components

Location for Configuration Data

Location for Event Data

Sentinel server

The database tables and file system at <sentinel_installation_path>/etc/opt/novell/sentinel/config.

This configuration information includes the encrypted database, event source, integrators, and passwords.

The database (for example, CORRELATED_EVENTS and EVT_RPT_* tables) and the file system at /var/opt/novell/sentinel/data/eventdata, /var/opt/novell/sentinel/data/rawdata, /var/opt/novell/sentinel/data/server.cache, /var/opt/novell/sentinel/data/map_data, and /var/opt/novell/sentinel/3rdparty/postgresql.

Collector Manager

The file system at <sentinel_installation_path>/etc/opt/novell/sentinel/config. The most sensitive configuration information is the client key pair used to connect to the message bus.

Event data might be cached on the file system during error conditions such as the message bus being down or event overflow. This event data is stored in the /var/opt/novell/sentinel/data/collector_mgr.cache directory.