Allowlist tab

Cloverleaf provides full control and configuration of command actions, Java Driver protocols, and Java UPoCs that are available during engine and UI operation. The default list contains commands and jars that are commonly used to manage Cloverleaf. The Security Administrator must configure and approve any additional application commands, jars, or classes.

The allowlist has root, master site, and site levels. The root level allowlist contains Cloverleaf defined commands and jar files that are invisible and cannot be modified. This can be used by all sites. The allowlist defined by the master site can also be used by the runtime site.

The SHA-256 hash of the file/binary or class/jar file is stored with the allowlist entry. The hash is automatically updated when it is added to the allowlist. Only the files/binaries or classes/jars that have the matching hashes can be run.

The allowlist is configured at Server Administration > Host Server.

The Allowlist tab's "read"/"write" permission is controlled by ACLRoleMgr with "config/allowlist" at the root level.

  • Users with "read" permission can view the tab.
  • Users with "write" permission can edit the allowlist.

Cloverleaf commands that are issued through the Remote Command tool and IDE are predefined in the allowlist. You can add, edit, and remove user-defined commands using the Allowlist tab. This tab is controlled by the config/allowlist of the root level in Advanced Security mode. Users who have "read" permission can see this tab.

Commands that run are expanded to the full path according to the OS environment when it only has the command name. The commands are validated by both the file path and digest. The file path and digest should be distinct for each entry.

Cloverleaf shipped jars that are used in Java Driver protocols and Java UPoCs are predefined in the allowlist. You can add, edit, and remove Java classes/jars using the Allowlist > Java tab. Java classes/jars are validated by the file name and digest.

The name and digest cannot be duplicates when adding the java class/jar.

You also can update the hashes in the allowlist by clicking Update All Hashes when there are changes to the files/binaries or classes/jars.

Note: The default allowlist is invisible and cannot be modified. Only the user-defined allowlist's Note attribute can be edited. The master site allowlist is loaded by default. Any command or jar/class file is considered valid when it resides in the master site.

The Host Server and MonitorD validate that any remote command entered by the user is approved before running. Unauthorized commands are denied and the attempt is logged in the audit log. Only failed commands are logged in server/logs/allowlist.log.

User interface

You can add and remove user-defined commands or java classes/jars in a list.

Select Add to browse for a file/binary or class/jar. Then, you can add a note to describe the file/binary or class/jar to run.

The Command tab list is referenced wherever remote commands are required. This includes the Remote Commands tool and the exec alert action in the Alert Configurator.

Commands configured in the Alert Configurator are validated before being saved.

The Java tab list is referenced by Java Driver protocols and Java UPoCs. Unauthorized classes and jars are not added to class path.