No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

eSight V300R009C00 Local HA System Software Installation Guide (SUSE Linux + MySQL + OMMHA) 11

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Rolling Back SUSE Linux Using SetSuSE

Rolling Back SUSE Linux Using SetSuSE

After the operating system is rolled back to the pre-hardened state, system parameters restore the values before security hardening.

Prerequisites

  • The eSight service is stopped.
  • If a remote terminal is used for the installation, the remote terminal must provide a graphical user interface (GUI), and the SUSE Linux operating system must be configured to support remote GUI login. For details, see How to Use the VNC to Remotely Log In to SUSE Linux.
  • Ensure that only the root user logs in to the user desktop (such as the management network port and VNC). If a non-root user logs in, log out first.

Procedure

The following operations need to be performed on both the active and standby eSight servers.

  1. Log in to the server as the ossuser user.
  2. Run the following command to switch to the root user.

    > su - root

  3. Run the following commands to start SetSuSE.

    # cd /opt/setsuse/SecureCATV200R001C20SetSuSE

    # sekgui

  4. Choose Policy > Rollback All Selected to Original State from the main menu.

  5. In the dialog box that is displayed, click Yes.

  6. Confirm the rollback result in the dialog box that is displayed.

    The rollback result for hardening items whose rollback is successful is Success. The rollback result for items that are only checked or hardening items that do not support rollback is Not Supported.

    After security hardening is performed, if the following information is modified before the rollback, the hardening item Activate AppArmor[4.5] will fail to be rolled back. If the rollback fails, Activate AppArmor is still in hardened state, and AppArmor access control still works.
    • Number of entries in menu.lst.
    • Title or kernel information.
    • If the value for kernel parameter "CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE".

    After security hardening is performed, if the following information is modified before the rollback, the hardening item Enable Auditing for Process That Start Prior to auditd[8.1.3] will fail to be rolled back. If the rollback fails, Enable Auditing for Process That Start Prior to auditd is still in hardened state, and the audit log is still in enabled state.

    • Number of entries in menu.lst.
    • Title or kernel information.
    • For specific hardening items that do not support rollback, see Table 9-1
      Table 9-1 SUSE hardening items that cannot be rolled back

      Hardening Item

      Hardening Item Type

      Uninstall Packages [5.1.2,5.1.4,5.1.6,6.6,6.17]

      OS Services & Special Purpose Services

      Patch execution

      Patches

    • For items that are only checked, see Table 9-2.
      Table 9-2 Items that are only checked

      Type

      Item

      Review User Group Settings

      Verify Permissions of User .netrc Files [6.2.13]

      Review User Group Settings

      Check for Presence of User .netrc Files [6.2.12]

      Logging and Auditing

      Verify rsyslog is Installed [4.2.3]

      Verify System File Permissions

      Find SUID & SGID System Executables [6.1.11,6.1.12]

      Filesystem Configuration

      Verify /var Partitions [1.1.6,1.1.11,1.1.12]

      Review User Group Settings

      Check that Users Are Assigned Valid Home Directories [6.2.7]

      Review User Group Settings

      Check Permissions on User Home Directories [6.2.8]

      Review User Group Settings

      Check for Duplicate User Names and UID [6.2.16, 6.2.18]

      Review User Group Settings

      Check Groups in /etc/passwd [6.2.15]

      Review User Group Settings

      Verify no UID 0 Accounts Exist Other than root [6.2.5]

      Review User Group Settings

      Check for Presence of User .rhosts Files [6.2.14]

      Verify System File Permissions

      Find Ungrouped, Unowned Files & Directories [6.1.9, 6.1.10]

      Review User Group Settings

      Ensure Password Fields are Not Empty [6.2.1]

      Review User Group Settings

      Verify Permissions of User Dot Files [6.2.10]

      Additional Process Hardening

      Ensure No Unconfined Daemons [1.6.1.6]

      Review User Group Settings

      Check User Home Directory Ownership [6.2.9]

      Review User Group Settings

      Check for Duplicate Group Names and Duplicate GID [6.2.17, 6.2.19]

      Review User Group Settings

      Verify no Legacy "+" Entries [6.2.2, 6.2.3, 6.2.4]

      Review User Group Settings

      Check for Presence of User .forward Files [6.2.11]

  7. Restart the operating system to make the system rollback take effect.
Download
Updated: 2019-11-22

Document ID: EDOC1100011856

Views: 94924

Downloads: 54

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next