Security Settings for Sentinel Admin Control Center

Owned by
Copy Page Tree
Last updated: Oct 13, 2023 by
W.Erber
Version comment
2 min read

 

Stromasys strongly recommends performing the steps described below to reduce the risk of unauthorized access to the Sentinel ACC.

To improve the security of the Sentinel Admin Control Center, perform the following steps:

Setting a GUI Password

By default, anyone on the local system with access to port 1947 can access the GUI. If remote access is enabled, users on the network with access to port 1947 can also access the GUI. To protect access to the GUI with a password, perform the following steps:

Step

Description

1

Open a web browser and navigate to http://localhost:1947/.

2

Click on the left-hand menu item labeled Configuration.

3

Click on the Basic Settings tab.

4Under the entry labeled Password Protection, click the Change Password button.
5

At the Change Password window:

  • Leave the Current Admin Password field blank (there is no password set by default).
  • Enter the desired password into the New Admin Password field.
  • Repeat the desired password in the Re-enter new Admin Password field.
  • Click the Submit button.
6

Back at the Basic Settings tab:

  • Under the section labeled Password Protection, select the All ACC Pages radio button.
  • Click the Submit button to save this change.
7

Optional: to allow remote access to the Sentinel HASP GUI:

  • Click the Basic Settings tab.
  • Select the Allow Remote Access to ACC check box.
  • Click the Submit button.

Additional information for remote access to the Sentinel HASP GUI:

  • The firewall must permit access to port 1947/TCP, and
  • network visibility on the ACC network configuration tab must be set to All Network Adapters.

If required, remote access can also be enabled on Linux by editing the file /etc/hasplm/hasplm.ini 
and setting the parameter ACCremote to 1. Should the file not yet exist, refer to
How-to enable remote connection to Sentinel Admin Control Center without GUI, or to the Sentinel ACC Selected Configuration File Parameters chapter in the Tools Reference section of the licensing handbook. 
The parameter to enable network visibility is bind_local_only. It must be set to to enable all adapters. Changed settings are recognized automatically by aksusbd.

Protecting the Sentinel HASP Configuration File on Linux

To prevent unprivileged access and modifications to the Sentinel HASP configuration file on Linux, enter the following commands:

# chmod 0700 /etc/hasplm
# chmod 0600 /etc/hasplm/*

The file hasplm.ini on Windows is readable by normal users but cannot be modified. Password information is encrypted.




© Stromasys, 1999-2024  - All the information is provided on the best effort basis, and might be changed anytime without notice. Information provided does not mean Stromasys commitment to any features described.