Instructions on disabling port 5705 for customers whose gateway is already on the 5.18 version

Port 5705 uses deprecated protocols TLS 1.0, 1.1, enabled with TLS 1.2 weak ciphers.

Security vulnerabilities were reported due to usage of deprecated protocols TLS 1.0 and TLS 1.1.

Below are the steps for modifying the necessary configuration files to deactivate the Redfish event listener on port 5705.

Virtual Edition

1. Log in to the appliance docker, run the below commands and stop the SCG alert service.

   • docker exec -it saede-app bash
   • wd stop secureconnectgatewayalertservice

2. Copy the telegraf_appliance_conf.zip (attached) to /var/lib/docker/volumes/saede_logs/_data and extract it (Attached file is available only in the English version of this article)

3. Ensure that you are logged into docker and move the files (alert_processing.conf, alert_processing_v2.conf, alert_processing.v3.conf from the logs folder to the target directory "/opt/dell/secureconnectgateway/bin/conf" as shown below

   • cd to the path "/opt/dell/secureconnectgateway/logs" folder and run below commands.
     mv alert_processing.conf /opt/dell/secureconnectgateway/bin/conf
mv alert_processing_v2.conf /opt/dell/secureconnectgateway/bin/conf
mv alert_processing_v3.conf /opt/dell/secureconnectgateway/bin/conf

4. Start the secureconnectgatewayalertservice

   wd start secureconnectgatewayalertservice.

5. Check the status if the service is up and running

   wd status secureconnectgatewayalertservice

The service should be up and running.

Application Edition - Windows

1. Run the command "services.msc" Windows system and stop the secureconnectgatewayalertservice

2. Copy the telegraf_application_win_conf.zip (attached) to any temp directory and extract the .zip file (Attached file is available only in the English version of this article)

   Note: In case if the SCG application is installed on a custom directory, we must modify the below values in all the conf files, other wise if SCG is installed in the default location, the below ones are not required.
   Under Agent
   logfile = "<InstallDirectory>/Dell/SecureConnectGateway/logs/alert_service.log"
   Under outputs.dell_file
   file = "<InstallationDirectory>/Dell/SecureConnectGateway/data/alert/raw_events/"

3. In case if the SCG default installation directory is "C:\Program Files\Dell\SecureConnectGateway," copy the extracted files (alert_processing.conf, alert_processing_v2.conf, alert_processing_v3.conf) from the temp directory to "C:\Program Files\Dell\SecureConnectGateway\bin\conf\"

4. Go to services.msc and start the secureconnectgatewayalertservice, and check that the services are running.

The service should be up and running.

Application Edition - Linux

1. Run the below commands on the Linux system and stop the SCG alert service.

   systemctl stop secureconnectgatewayalertservice

2. Copy the telegraf_application_lin_conf.zip (attached) and create a folder under tmp ex /tmp/conf/ and extract it (Attached file is available only in the English version of this article)

3. Move the files (alert_processing.conf, alert_processing_v2.conf, alert_processing.v3.conf from /tmp/conf/ folder to the target directory "/opt/dell/secureconnectgateway/bin/conf" as shown below

   • cd to the path "/tmp/conf/" folder and run below commands.
     mv alert_processing.conf /opt/dell/secureconnectgateway/bin/conf
mv alert_processing_v2.conf /opt/dell/secureconnectgateway/bin/conf
mv alert_processing_v3.conf /opt/dell/secureconnectgateway/bin/conf

4. Start the secureconnectgatewayalertservice

   wd start secureconnectgatewayalertservice.

5. Check the status if the service is up and running

   wd status secureconnectgatewayalertservice

The service should be up and running.