Appendix E: Custom Security Settings

A single file (/etc/hai.d/security.cfg) contains the security and policies settings for the Makito X Series. It is distinct from the configuration files for encoding and streaming settings for security reasons (it has different access privileges). A privileged (admin) user can modify the security.cfg file to apply custom security settings (e.g., enable additional cryptographic modules).

Note

It is not possible to propagate a custom security configuration to multiple devices.

For settings with corresponding services, such as audit settings, manual editing of the security configuration file followed by a service stop/start applies the changes.
For settings with no corresponding services, such as password policies, the encoder or decoder must be rebooted to apply custom changes.

To customize the security settings for the Makito X Series, do the following:

1. Sign in to the encoder or decoder as an administrator.

2. Open the security configuration file:
   $ vicfg security.cfg

   

   Note

   vicfg is a special function that "knows" the location of security.cfg, and opens it in the vi editor.

   See Example default security.cfg file for an example of the contents of the default security.cfg file.

3. Edit the file in one of the following ways:
   1. Enable an existing entry by removing the # character at the beginning of the corresponding line.
   2. Add/delete elements from an existing entry. For example, if you wish to disallow cipher block chaining, delete any "–cbc" elements from an otherwise enabled entry.
   3. Delete unwanted entries, or disable them by adding a # character at the beginning of the corresponding line.
4. Save the file.
5. To apply the changes, either stop and restart the service(s) affected by the changes, or reboot the device.

Related Topics:

• Example default security.cfg file