SAP Gateway Security


/nSMGW -> goto -> Expert functions

Logging:
/nRZ10
gw/sec_info = $(DIR_DATA)/secinfo
gw/reg_info = $(DIR_DATA)/reginfo
gw/logging = ACTION=S LOGFILE=gw_log-%y-%m-%d SWITCHTF=day 
			ACTION=SPXZ LOGFILE=gw_log_$(SAPSYSTEMNAME)_$(SAPLOCALHOST)-%y%m%d MAXSIZEKB=1000
			ACTION=RSsZ LOGFILE=gw_log-%y-%m-%d SWITCHTF=day MAXSIZEKB=1000
gw/sim_mode = 1 (1 aktiv, 0 inaktiv)
gw/acl_mode = 1

/usr/sap/HR1/DVEBMGS02/data/secinfo
P TP=* USER=* USER-HOST=* HOST=*

/usr/sap/HR1/DVEBMGS02/data/reginfo
P TP=*

Trace Files
ls -al /usr/sap/DH1/DVEBMGS01/work/gw_log-2015-07-16

Info:
910919 - Gateway-Logging einrichten 
1689663 - GW: Simulationsmodus für reg,sec und prxy_info

#######################################################################################
#######################################################################################
#######################################################################################
Bsp.:

sles114:/usr/sap/P14/DVEBMGS10/data # cat secinfo 
#VERSION=2
#
# created by UJAE at 20130424 104852
#
# local access should be allowed by default
# P TP=* USER=* USER-HOST=local HOST=local
#
# internal (server from the same SID) access should be allowed by default
# P TP=* USER=* USER-HOST=internal HOST=internal
#
#
# sys
# system entries for 720 compatibility
#P TP=* USER=* USER-HOST=local HOST=local
#P TP=* USER=* USER-HOST=internal HOST=internal
#
# secinfo should the crosswise execution of external program
# from servers within the system. Therefore USER-HOST for
# one machine must allow HOST of all other servers.
#
# system entry for host:sles114_P14_10
#P TP=* USER=* USER-HOST=127.0.0.2,10.130.4.30 HOST=127.0.0.2,10.130.4.30
#P TP=* USER=* USER-HOST=127.0.0.2,10.130.4.30 HOST=10.130.4.237
# system entry for host:sles115
#P TP=* USER=* USER-HOST=10.130.4.237 HOST=127.0.0.2,10.130.4.30
#P TP=* USER=* USER-HOST=10.130.4.237 HOST=10.130.4.237
#
# list of external programs from SM59 which must be explicitly defined
#
P TP=sapxpg USER=* USER-HOST=local HOST=10.130.4.30
P TP=SAPBC_SAPROUT2 USER=* USER-HOST=* HOST=*
P TP=SAPBC_REAL1 USER=*  USER-HOST=* HOST=*

#P TP=* USER=* USER-HOST=* HOST=*
#
# system entry for host:sles114_P14_10
P TP=* USER=* USER-HOST=127.0.0.2,10.130.4.30 HOST=127.0.0.2,10.130.4.30
P TP=* USER=* USER-HOST=127.0.0.2,10.130.4.30 HOST=10.130.4.237
#
# system entry for host:sles247_P14_09
P TP=* USER=* USER-HOST=127.0.0.2,10.130.4.30 HOST=10.130.4.50
#
# system entry for host:sles251_P14_08 
P TP=* USER=* USER-HOST=127.0.0.2,10.130.4.30 HOST=10.130.4.251
#
# system entry for host:sles115
P TP=* USER=* USER-HOST=10.130.4.237 HOST=127.0.0.2,10.130.4.30,10.130.4.251,10.130.4.50
#
# internal (server from the same SID) access should be allowed by default
P TP=* USER=* USER-HOST=internal HOST=internal
#
# local access should be allowed by default
P TP=* USER=* USER-HOST=local HOST=local

#######################################################################################
#######################################################################################
#######################################################################################
sles114:/usr/sap/P14/DVEBMGS10/data # cat reginfo
#VERSION=2
#
# created by UJAE at 20130305 111838
#
# local access should be allowed by default
# P TP=* HOST=local CANCEL=local ACCESS=local
#
# internal (server from the same SID) access should be allowed by default
# P TP=* HOST=internal CANCEL=internal ACCESS=internal
#
# system entry for host: sles114_P14_10
#P TP=* HOST=127.0.0.2,10.130.4.30 CANCEL=127.0.0.2,10.130.4.30 ACCESS=127.0.0.2,10.130.4.30
# system entry for host: sles115
#P TP=* HOST=10.130.4.237 CANCEL=10.130.4.237 ACCESS=10.130.4.237
#
# system entries for 720 compatibility
#P TP=* HOST=local    CANCEL=local    ACCESS=local
#P TP=* HOST=internal CANCEL=internal ACCESS=internal
#
#
# list of external programs from SM59 which must be explicitly defined
#
P TP=SLD_UC HOST=local CANCEL=local ACCESS=*
P TP=SLD_UC HOST=internal CANCEL=internal ACCESS=*
P TP=SLD_NUC HOST=local CANCEL=local ACCESS=*
P TP=SLD_NUC HOST=internal CANCEL=internal ACCESS=*
P TP=P14C110 HOST=local CANCEL=local ACCESS=*
P TP=P14C110 HOST=internal CANCEL=internal ACCESS=*
#
P TP=FAX_P14_110 HOST=local CANCEL=local ACCESS=*
P TP=FAX_P14_110 HOST=internal CANCEL=internal ACCESS=*
P TP=FAX_P14_110 HOST=10.130.5.70 CANCEL=* ACCESS=*
#
P TP=IGS.P14 HOST=local CANCEL=local ACCESS=*
P TP=IGS.P14 HOST=internal CANCEL=internal ACCESS=*
P TP=IGS.P14 HOST=127.0.0.1 CANCEL=127.0.0.1 ACCESS=*
#
P TP=SAPBC_SAPROUT2 HOST=149.249.36,149.249.18.11 CANCEL=* ACCESS=*
P TP=SAPBC_REAL1 HOST=149.249.4.36,149.249.17.16 CANCEL=* ACCESS=*
#
# system entry for host: sles114_P14_10
P TP=* HOST=127.0.0.2,10.130.4.30 CANCEL=127.0.0.2,10.130.4.30 ACCESS=127.0.0.2,10.130.4.30
# system entry for host: sles115
P TP=* HOST=10.130.4.237 CANCEL=10.130.4.237 ACCESS=10.130.4.237
#
# system entry for host: sles247
P TP=* HOST=10.130.4.50 CANCEL=10.130.4.50 ACCESS=10.130.4.50
#
# system entry for host: sles251
P TP=* HOST=10.130.4.251 CANCEL=10.130.4.251 ACCESS=10.130.4.251
#
# local access should be allowed by default
P TP=* HOST=local CANCEL=local ACCESS=local
# internal (server from the same SID) access should be allowed by default
P TP=* HOST=internal CANCEL=internal ACCESS=internal
#######################################################################################
#######################################################################################
#######################################################################################
Gateway Mon (Security Gateway)

""su - j3dadm""
"dpro"
gwmon pf=/sapmnt/J3D/profile/J3D_DVEBMGS01_sles161
Parameter ändern/hinzufügen
	m
	10		(expertenfunktion)
	20		(Parameter ändern . genau wie in RZ10)
		gw/sim_mode
		1
		gw/acl_mode
		1
		gw/logging
		ACTION=RSsZ LOGFILE=gw_log-%y-%m-%d SWITCHTF=day MAXSIZEKB=1000
	m
	7	(Paramter anzeigen)
	q 
#######################################################################################
#######################################################################################
#######################################################################################

Post Revisions: