Introduction

The critical point when it comes to job scheduling is the fact that it perfectly implements code injection across your network - which is what is usually is called a vulnerability.

• Jobs are code, frequently shell commands, that which are forwarded to remote servers and are executed in unattended mode.
• Users have to open their network and make their firewalls look like swiss cheese to allow a central server where a job scheduling product is operated to access any remote servers in their network.

The JS7 introduces digital signing for the deployment of objects such as workflows and jobs.

• Digital signatures are created automatically and do not increase the effort for deployment of objects.
• The security mechanism includes to have having certificates for digital signatures ready with the Controller and the Agents that execute jobs. If the signature does not match the available certificates then deployment is denied. This mechanism does not prevent an authorized person from deploying workflows and , but it prevents attackers from hijacking a user's identity and deploying malicious code.

Digital Signing

Digital signing is applied to Workflows, File Order Sources and Job Resources when performing workflows when performing JS7 - Deployment of Scheduling Objects.

• The signing process is performed by the JOC Cockpit and includes:
  • the user to be is assigned a private key Private Key and a certificate Certificate (X.509) or a public/private key Public Key (PGP),
  • to create a signature from the JSON representation of the respective inventory object workflow by use of the user's private keyPrivate Key.
• The verification process is performed by the Controller and Agent that is which have been assigned the respective workflow and jobrelevant scheduling object such as a workflow:
  • Both Controller and Agents Agent instances look up available X.509 certificates Certificates and PGP public keys Public Keys from files with the following locations:
    • Unix
      • X.509 certificates: ./config/private/trusted-x509-keys
      • PGP public key: ./config/private/trusted-pgp-keys
    • Windows
      • X.509 certificates: .\config\private\trusted-x509-keys
      • PGP public key: .\config\private\trusted-pgp-keys
  • If a certificate Certificate or public key Public Key is found then the signature of the deployed scheduling object is verified like thisas follows:
    • X.509: 
      • the Root CA certificate Certificate or Intermediate CA certificate has to be in place Certificate that was used originally to sign the user's private key Signing Certificate has to be in place or
      • the user's certificate self-issued Signing Certificate has to be in place.
      • Using the Root CA certificate Certificate or Intermediate CA certificates Certificates simplifies certificate management as a single certificate file only has to be present with for any Controller or Agent instanceinstances. At the same time, security-aware administrators might prefer to deploy individual user certificates Signing Certificates to Controller and Agent instances for more fine-grained control to of which Agent workflows and other objects can be deployed by a specific user to a given Agent. Similarly a specific Intermediate CA can be used to sign user Signing Certificates.
    • PGP: the public key Public Key available for the given user who signed the deployed scheduling object has to be present.
  • Controller and Agent instances make use of any certificate all Certificate files and public key Public Key files found available in the directories mentioned above. If non none of the files matches the signature of a deployable deployed scheduling object then deployment is will be denied.

For creation of certificates for digital signing see JS7 - How to create X.509 Signing Certificates.

Security Levels

The JOC Cockpit is installed for one of the following security levels, see see the JS7 - Security Architecture.Depending on the JOC Cockpit security level in use the signing process includes the following steps: article for more information.

• Security Level Low
  • Inventory objects are automatically signed with the private key Private Key that is stored with the root account.
  • Signing is automatically applied when performing the Deploy operation.
• Security Level Medium
  • Inventory objects are automatically signed with the private key Private Key that is stored with the current user's account.
  • Signing is automatically applied when performing the Deploy operation.
• Security Level High
  • Inventory Scheduling objects are signed outside of JOC Cockpit:
    • Inventory Scheduling objects are exported using the Export operation that offers and the option for For signing.
    • The export archive file is transferred to a secure device, e.g. to a secure desktop machine.
    • The export archive file is extracted and each inventory scheduling object file included is signed individually signed. 
      • The JS7 offers script solutions, see JS7 - Signing Workflows for High Security Level.
      • For There is no pre-requisite about the tools used for signing. For example the OpenSSL command line utility can be used and tools such as OpenPGP Kleopatra  can be used.
      • The signing step includes to create a signature file for each inventory scheduling object file with the same name and the extension .sig (using X.509 certificates) or .asc (using PGP keys).
    • The signed inventory scheduling object files and signature files are added to the same or to a new .zip archive file.
  • The archive file that includes signatures for inventory objects the scheduling object files and signature files is imported to JOC Cockpit. The deployment step is performed inline with the import step.

Resources

• JS7 - Deployment of Workflows for High Security Level
• JS7 - Signing Workflows for High Security Level
• JS7 - How to create X.509 Signing Certificates