Searching the Help
To search for information in the Help, type a word or phrase in the Search box. When you enter a group of words, OR is inferred. You can use Boolean operators to refine your search.
Results returned are case insensitive. However, results ranking takes case into account and assigns higher scores to case matches. Therefore, a search for "cats" followed by a search for "Cats" would return the same number of Help topics, but the order in which the topics are listed would be different.
Words and Phrases
| Search for | Example | Results |
|---|---|---|
| A single word | cat
|
Topics that contain the word "cat". You will also find its grammatical variations, such as "cats". |
|
A phrase. You can specify that the search results contain a specific phrase. |
"cat food" (quotation marks) |
Topics that contain the literal phrase "cat food" and all its grammatical variations. Without the quotation marks, the query is equivalent to specifying an OR operator, which finds topics with one of the individual words instead of the phrase. |
Using Boolean Operators
| Search for | Operator | Example |
|---|---|---|
|
Two or more words in the same topic |
|
|
| Either word in a topic |
|
|
| Topics that do not contain a specific word or phrase |
|
|
| Topics that contain one string and do not contain another | ^ (caret) |
cat ^ mouse
|
| A combination of search types | ( ) parentheses |
|
Checksum-checker Tool
CSA provides a checksum-checker tool to verify the authenticity of CSA code files. This tool and a jarsigner tool that is included in Java JDK (but not in Java JRE) can be used to validate your CSA installation. The tool may uncover some modifications to CSA code files that may be malicious. It may be useful to run it after a breach is detected and mitigated to ensure that CSA code files has not been maliciously modified during a breach, or it can be useful for ordinary integrity check.
The tool is used post-installation.
Before Running the Checksum-checker Tool
Within your CSA installation, run a command line (Windows) or a shell (Linux) and navigate to the CSA_HOME\Tools\Security directory.
The first step is to verify that the checksum checker is signed. Execute the jarsigner command (available from Java JDK) in the specified directory:
jarsigner -verify checksum-checker.jar
You should get a response:
jar verified.
Once you verify the checksum-checker, you can use the tool to verify the rest of the CSA installation.
For complete assurance, you can run it with -verbose and -certs arguments to see if code signing certificate comes from HPE.
Once you verify the checksum-checker, you can use the tool to verify the rest of the CSA installation.
Using Checksum-checker
The tool can be used after mitigating potential security breach or just for plain file integrity validation.
To use the checksum-checker, follow these Steps (for plain file integrity validation without presence of adversary, you can skip directly to step 4):
- Disconnect the systems from the network, to verify if the attacker has modified the CSA installation;
- Check your OS to see if it is negatively affected;
- Check the java files to verify if the Java is modified in any way;
- Check checksum-checker with jarsigner (as described above);
-
Check to see if CSA code is modified via the checksum-checker. You can do this using the following command in the
CSA_HOME\Tools\Securitydirectory:java -jar checksum-checker.jarThe tool will run through the files and give you the list of validated files. At the end of list there is a summary of files that did not pass the check.
For example, let's see what would the checksum-checker.jar will report if the
provider-toolfile (in theCSA_HOME\Tools\ProviderTooldirectory) has been modified.The checksum-checker.jar will provide a message with the name of the file that has unexpected checksum at the end of its output like this:
Files with wrong checksums:Tools/ProviderTool/provider-tool.jarNote: The checksum-checker tool can only verify CSA code files, not configuration files. It verifies only known files and ignores unknown ones. Checksum-checker will report wrong checksums for CSA applied hotfixes; it can only validate full version installations, patch releases, and version updates within CSA installations. The checksum checker uses SHA-256 algorithm for checksums.The
checksum-checker.jarcan also run from different directory thanCSA_HOME\Tools\Security, if the argument--installdirfollowed by the location ofCSA_HOMEdirectory is specified.
We welcome your comments!
To open the configured email client on this computer, open an email window.
Otherwise, copy the information below to a web mail client, and send this email to clouddocs@hpe.com.
Help Topic ID:
Product:
Topic Title:
Feedback: