user guide - huawei...

Web Tamper Protection

User Guide

Issue 01

Date 2017-03-30

HUAWEI TECHNOLOGIES CO., LTD.

Copyright © Huawei Technologies Co., Ltd. 2017. All rights reserved.No part of this document may be reproduced or transmitted in any form or by any means without prior writtenconsent of Huawei Technologies Co., Ltd. Trademarks and Permissions

and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.All other trademarks and trade names mentioned in this document are the property of their respectiveholders. NoticeThe purchased products, services and features are stipulated by the contract made between Huawei and thecustomer. All or part of the products, services and features described in this document may not be within thepurchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information,and recommendations in this document are provided "AS IS" without warranties, guarantees orrepresentations of any kind, either express or implied.

The information in this document is subject to change without notice. Every effort has been made in thepreparation of this document to ensure accuracy of the contents, but all statements, information, andrecommendations in this document do not constitute a warranty of any kind, express or implied.

Huawei Technologies Co., Ltd.Address: Huawei Industrial Base

Bantian, LonggangShenzhen 518129People's Republic of China

Website: http://e.huawei.com

Issue 01 (2017-03-30) Huawei Proprietary and ConfidentialCopyright © Huawei Technologies Co., Ltd.

i

http://e.huawei.com

Contents

1 Introduction.................................................................................................................................... 11.1 Concepts......................................................................................................................................................................... 11.1.1 WTP.............................................................................................................................................................................11.1.2 File Driver Technology................................................................................................................................................11.2 Functions........................................................................................................................................................................ 11.3 Application Scenarios.....................................................................................................................................................11.4 Accessing and Using WTP............................................................................................................................................. 21.4.1 How to Access WTP....................................................................................................................................................21.4.2 How to Use WTP.........................................................................................................................................................21.4.3 Related Services.......................................................................................................................................................... 2

2 Management................................................................................................................................... 42.1 Installing a WTP Client.................................................................................................................................................. 42.2 Enabling WTP................................................................................................................................................................ 62.3 Adding Files to Be Protected..........................................................................................................................................92.4 Viewing the ECS List................................................................................................................................................... 102.5 Viewing Protection Records......................................................................................................................................... 122.6 Querying Statistics........................................................................................................................................................132.7 Canceling File Protection............................................................................................................................................. 142.8 Disabling WTP............................................................................................................................................................. 152.9 Uninstalling a WTP Client........................................................................................................................................... 16

3 FAQs...............................................................................................................................................183.1 What Is WTP?.............................................................................................................................................................. 183.2 Why Does Not the Protection Status Change Immediately After I Enable or Disable WTP?..................................... 18

4 Change History............................................................................................................................ 19

Web Tamper ProtectionUser Guide Contents


ii

1 Introduction

1.1 Concepts

1.1.1 WTPWeb Tamper Protection (WTP) uses file driver technologies to provide comprehensiveprotection for directories specified by public cloud users. It prevents the files in thesedirectories, including web pages, electronic documents, images, and databases, from beingtampered with or corrupted by hackers or viruses.

1.1.2 File Driver TechnologyFile driver technologies enable programs to work at the driver layer of an operating system(OS), thereby monitoring sessions of the OS and hardware devices. Programs developed usingfile driver technologies can provide services for all application software on the OS platform.

1.2 FunctionsWTP provides the following functions:

l Performing real-time tamper detection for web site files on Elastic Cloud Servers (ECSs)and using preset rules to prevent them from being tampered with or corrupted.

l Transmitting alarm information when web site files on ECSs are tampered with,including the time the tampering occurred, file names, process IDs, names of theprocesses affected, and tampering methods used.

l Collecting statistics on the ECSs, file types, and processes that are currently beingprotected.

1.3 Application ScenariosWTP allows you to:

l Configure web site directories to be protected against tampering.

Web Tamper ProtectionUser Guide 1 Introduction


1

l View alarm records about web site file tampering.

1.4 Accessing and Using WTP

1.4.1 How to Access WTPYou can use the management console to access WTP. If you have registered a public cloudaccount, log in to the management console, and choose Security > Product Center ofPartners > WEB Tamper Protection on the homepage.

1.4.2 How to Use WTPYou can use the management console to enable WTP for ECSs and view their protectionrecords.

1.4.3 Related Services

ECSWTP protects web site files on ECSs from being tampered with.

CTSCloud Trace Service (CTS) provides you with a history of WTP operations. After enablingCTS, you can view all generated traces to review and audit performed WTP operations. Fordetails, see the Cloud Trace Service User Guide.

Table 1-1 WTP operations that CTS supports

Operation Resource Type Trace Name

Enabling WTP wtp openWtp

Disabling WTP wtp stopWtp

Updating WTP policies wtp updateWtpConfig

CESCloud Eye (CES) provides you with WTP metrics. After enabling CES, you can view WTPmetrics for ECSs and configure their protection policies based on these metrics. For details,see the Cloud Eye User Guide.



2

Table 1-2 WTP metrics that CES supports

Metric Description Value Range Monitored Object

Number of WTPalarms

Indicates the numberof WTP alarms thatoccurred on amonitored object.

≥ 0 ECS



3

2 Management

2.1 Installing a WTP Client

ScenarioBefore using WTP on an ECS, you must install the WTP client. This section describes how todownload and install a WTP client on an ECS.

Prerequisitesl You have obtained an account and its password to log in to the management console.l Agent Status of the ECS is Not installed.

Downloading a WTP Client

Step 1 Log in to the management console.

Step 2 Choose Security > Product Center of Partners > WEB Tamper Protection to navigate tothe ECS List page.

Step 3 Check Agent Status of the ECS. If its Agent Status is Not installed, you must download andinstall a WTP client.

Figure 2-1 Agent status

Step 4 Click download a WTP client above the ECS list and select the client version thatcorresponds to the OS of the ECS. After reading the safedog application scenarios, select Ihave read and understand the application scenarios of safedog and click OK.

Web Tamper ProtectionUser Guide 2 Management


4

Figure 2-2 Downloading a WTP client

Step 5 In the Download dialog box, click OK to start downloading the client.

After the WTP client installation package is downloaded, upload it to the ECS. An elastic IPaddress (EIP) must have already been bound to this ECS.

----End

Installing a WTP ClientYou must log in to an ECS before you can install a WTP client on it. To log in to an ECS,click its name, and then click Remote Login in the displayed ECS management console. Thissection describes how to install a WTP client on an ECS running a 64-bit OS.

l Installing a WTP client on an ECS running Linux

Step 1 Log in to the ECS and run the following command to navigate to the directory containing theinstallation package:

cd directory containing the installation package

Step 2 Run the following command to decompress the installation package:

tar -zxvf name of the installation package

For example, if the name of the installation package is HwCloudAgent_linux64.tar.gz, runthe following command:

tar -zxvf HwCloudAgent_linux64.tar.gz

Step 3 Run the following command to switch to the directory containing the decompressed files:

cd HwCloudAgent_linux64

Step 4 Run the following command to run the installation script:

./install.py

If information similar to the following is displayed, the client has been successfully installed:



5

[root@testlinux64 HwCloudAgent_linux64]# ./install.py 1.1 Start install HwCloudAgent..1.2 Install common file1.3 Start the application1.4 Install apache pluginwill you need to install Apache Defense Module?please input [Y/n]:Ystep 0/0, start install Apache Defense Module..step 0.1, start install Apache Defend Module...step 0.2, copy libraries [ok]step 0.3, copy bin and set boot [ok]step 0.4, Install apache defense module succeed.. [ok]step 0.5, restart the apache server../usr/bin/sdacm: error while loading shared libraries: libQtCore.so.4: cannot open shared object file: No such file or directory[ok]Tips:(1)If you want to change the configuration of apache defense module, please modify the files in /etc/HwCloudAgent/apache/conf;(2)If you want to check apache defense module log, please use command: sdalog;(3)If apache defense module is failed to use, you can try to restart Apache service.1.4 Install Completely!

NOTE

The Apache Defense Module must be installed for WTP. If the question will you need to install ApacheDefense Module? is displayed, enter Y.

Step 5 Run the following command to confirm that the client processes exist:

ps -ef | grep HwCloud

If the following processes are displayed, the client is running properly:[root@testlinux64 HwCloudAgent_linux64.bak]# ps -ef|grep HwCloudroot 66514 66494 0 15:46 ? 00:00:00 HwCloudAgent -droot 66508 66494 0 15:46 ? 00:00:00 HwCloudUpdate -droot 66628 64918 0 15:50 tty1 00:00:00 grep --color=auto HwCloud

----End

l Installing a WTP client on an ECS running Windows

Step 1 Navigate to the directory containing the installation package and double-click the installationfile. In the installation wizard, click Next.

Step 2 After reading License Agreement, click I Agree.

Step 3 In Destination Folder, select an installation directory and click Next.

Step 4 Click Install to start installing the client.

Step 5 After the installation is completed, click Finish.

Check for the client processes HwCloudAgent.exe and HwCloudUpdate.exe in TaskManager. If these processes are displayed, the client has been successfully installed.

----End

2.2 Enabling WTP

ScenarioThis section describes how to enable WTP for one or multiple ECSs.



6

Prerequisitesl You have obtained an account and its password to log in to the management console.l Agent Status of each ECS is Normal, Abnormal, or Stopped, and its Protection

Status is .

NOTE

The protection status of an ECS may be (enabled) or (disabled).

Procedurel Enabling WTP for one ECS



Step 3 In the row containing the ECS for which you want to enable WTP, click to set its

Protection Status to .

Figure 2-3 Enabling WTP for one ECS

Step 4 In the displayed dialog box, read the WTP Service Statement, select I have read and agree tothe WTP Service Statement, and click OK. Figure 2-4 shows the dialog box.

Figure 2-4 Enabling WTP

----End



7

l Enabling WTP for multiple ECSs



Step 3 Select the ECSs for which you want to enable WTP and click Enable.

Figure 2-5 Enabling WTP for multiple ECSs

Step 4 In the displayed dialog box, read the WTP Service Statement, select I have read and agree tothe WTP Service Statement, and click OK. Figure 2-6 shows the dialog box.

Figure 2-6 Enabling WTP

----End



8

2.3 Adding Files to Be Protected

ScenarioThis section describes how to add files to be protected by adding directories on a WTP-enabled ECS.

Prerequisitesl You have obtained an account and its password to log in to the management console.

l Protection Status of the ECS is .

Procedure



Step 3 In the row containing the ECS on which files will be added, click , as shown in Figure2-7.

Figure 2-7 Adding files to be protected

Step 4 Click Add. In the Add Directory for Protection dialog box that is displayed, specify thedirectory information.l Protected Directory: Enter the directory containing files to be protected.l Exclude Subdirectory: Enter a subdirectory you do not want to protect (optional).l Exclude File Type: Enter any file types you do not want to protect (optional).



9

Figure 2-8 Adding a directory for protection

Step 5 Click OK.

NOTE

The default protection status of a newly added directory is . To disable WTP for the directory,

click to set its Protection Status to .

----End

2.4 Viewing the ECS List

Scenario

This section describes how to view general WTP information about ECSs.

Prerequisites

You have obtained an account and its password to log in to the management console.

Procedure



The ECS List page displays the ECS names, ECS IP addresses, ECS statuses, agent statuses,protection statuses, and number of WTP times, as shown in Figure 2-9.

NOTE

You can filter ECS information by selecting a status from the All ECS statuses and All statuses drop-down lists, or entering a keyword for ECS Name or ECS IP Address.



10

Figure 2-9 ECS list

Table 2-1 Parameter description

Parameter Description

ECS Name Displays ECS names. You can click an ECS name to switch to theECS management console.

ECS IP address Displays the IP addresses of ECSs.

ECS Status Displays the current status of an ECS. An ECS may be in any of thefollowing statuses:l Runningl Creatingl Faultyl Stopped

Agent Status Displays the current status of an agent. An agent may be in any of thefollowing statuses:l Not installed: The client has not been installed or successfully

started.l Normal: The client is running properly.l Abnormal: The client has been successfully installed but

communication with the ECS has failed.l Stopped: The ECS has been shut down.

Protection Status Displays the status of WTP.

l : WTP is enabled.

l : WTP is disabled.

l : WTP is unavailable.

WTP Times Displays the number of WTP times within the last month that WTPhas been enabled for an ECS.

Operation Allows you to query the protection records of a WTP-enabled ECS.

----End



11

2.5 Viewing Protection Records

Scenario

This section describes how to view the protection records of an ECS for the most recent week.

Prerequisites

You have obtained an account and its password to log in to the management console.

Procedure



Step 3 Click View Protection Record to view the protection records of an ECS for the most recentweek. You can view the ECS name, protection status, WTP times, detection time, protectedfiles, process ID, process name, and action, as shown in Figure 2-10.

NOTE

You can specify a time period and click Search to query the protection records for this period.

Figure 2-10 Protection record list

Table 2-2 Parameter description

Parameter Description

Detected Displays the time a tampering attempt was detected.

Protected Files Displays the files protected by WTP.

Process ID Displays the ID of the process protected by WTP.

Process Name Displays the name of the process protected by WTP.

Action Displays the actions that were attempted on files and directories,including create, write, re-name, and delete.

----End



12

2.6 Querying Statistics

ScenarioThis section describes how to query weekly protection statistics for the last five weeks.

PrerequisitesYou have obtained an account and its password to log in to the management console.

Procedure



Step 3 Click the Statistics tab page to view detailed protection statistics about ECSs:l Number of protection times of file types by time: displays the number of times that

different file types were protected, by time.l Weekly top 7 ECSs with most protection times: displays information about the seven

ECSs with the largest number of tampering attempts for the week.l Weekly top 7 file types with most protection times: displays information about the

seven file types with the largest number of tampering attempts for the week.l Weekly top 7 processes with most protection times: displays information about the

seven processes with the largest number of tampering attempts for the week.



13

Figure 2-11 Statistics

----End

2.7 Canceling File Protection

ScenarioThis section describes how to cancel the file protection by deleting directories on a WTP-enabled ECS.

Prerequisitesl You have obtained an account and its password to log in to the management console.l A directory on an ECS has been added to WTP for protection.

Procedure



Step 3 In the row containing the ECS on which file protection will be canceled, click .

Step 4 In the row containing the desired directory, click Delete.



14

Figure 2-12 Protected directory

Step 5 In the Delete Protected Directory dialog box, click OK.

Figure 2-13 Deleting a protected directory

----End

2.8 Disabling WTP

Scenario

This section describes how to disable WTP for one or multiple ECSs.

Prerequisitesl You have obtained an account and its password to log in to the management console.

l Agent Status of each ECS is Normal, Abnormal, or Stopped, and its Protection

Status is .

Procedurel Disabling WTP for one ECS



Step 3 In the row containing the ECS for which you want to disable WTP, click to set its

Protection Status to .



15

Figure 2-14 Disabling WTP for one ECS

Step 4 In the dialog box that is displayed, click OK.

----End

l Disabling WTP for multiple ECSs



Step 3 Select the ECSs for which you want to disable WTP and click Disable.

Figure 2-15 Disabling WTP for multiple ECSs

Step 4 In the dialog box that is displayed, click OK.

----End

2.9 Uninstalling a WTP Client

Uninstalling a WTP Client from an ECS Running Linux

Step 1 Log in to the ECS from which you want to uninstall the WTP client.

Step 2 Run the following command to navigate to the installation directory:

cd client installation directory

For example, if the client installation directory is /etc/HwCloudAgent_linux64, run thefollowing command:

cd /etc/HwCloudAgent_linux64

Step 3 Run the following command to uninstall the client:

./uninstall.py

If the following information is displayed, the client has been uninstalled:

[root@testlinux64 HwCloudAgent_linux64]# ./uninstall.pyStart uninstall..Stop the application..



16

Uninstall file..Uninstall completely!

----End

Uninstalling a WTP Client from an ECS Running Windows

Step 1 Log in to the ECS from which you want to uninstall the WTP client.

Step 2 Navigate to the client installation directory and double-click uninst.exe to uninstall the client.

Step 3 In the dialog box that is displayed, click Yes to start uninstalling the client.

Step 4 Click Close after the client is completely uninstalled.

----End



17

3 FAQs

3.1 What Is WTP?WTP uses file driver technologies to provide comprehensive protection for directoriesspecified by public cloud users. It prevents the files in these directories, including web pages,electronic documents, images, and databases, from being tampered with or corrupted byhackers or viruses.

3.2 Why Does Not the Protection Status ChangeImmediately After I Enable or Disable WTP?

WTP must interact with safedog to enable or disable protection, and this takes a short periodof time. Wait 3 to 5 minutes after you enable or disable WTP, and then refresh the currentpage to view the updated protection status.

Web Tamper ProtectionUser Guide 3 FAQs


18

4 Change History

Released On Description

2017-03-30 This is the first official release.

Web Tamper ProtectionUser Guide 4 Change History


19

user guide - huawei...

Documents