As a Security Server Admin I want that I can limit the environmental monitoring data returned from my Security Server so that possible sensitive data is not exposed

[hanhaka]

Affected components: xroad-monitor Affected documentation: ARC-ENVMON, UG-SS, UG-SYSPAR Estimated delivery: Q4 / 2017 External reference: https://jira.csc.fi/browse/PVAYLADEV-883

Problem Using Security Server's Environmental Monitoring interface it is possible for the central monitoring client to make a SOAP query and get the response data related to server running environment/platform. This so called ENV monitoring data includes information for example about X-Road version, server OS version, HW and installed SW packages.

At the moment by default all the ENV monitoring data will be returned when central monitoring client makes the query. To avoid transferring (possible) sensitive data (like installed security/customer/3rd party SW packages etc.) from Security Server to central monitoring client, it must be possible that Security Server admin can limit the data to be included to ENV data response.

As the result of implementation of this issue, admin can choose (via configurable option/parameter) if only the minimum set of data is returned. Minimum set of ENV monitoring data includes only following ENV monitoring related data:

• X-Road version (proxyVersion string)
• OS version (OperatingSystem string)
• Certificates related data (CertificateInfoSensor data)

If the admin has not configured the option/parameter, maximum (=all) set of ENV monitoring data is returned. By default the maximum set of ENV monitoring data is enabled.

Acceptance criteria

• Security Server admin can configure Environmental Monitoring response data to include only minimum set of data.
• By default the maximum set of ENV monitoring data is enabled.
• Environmental Monitoring documentation is updated

[hanhaka]

Fixed in 6.17.0, see: https://github.com/ria-ee/X-Road/pull/68