No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

eSight V300R009C00 Local HA System Software Installation Guide (SUSE Linux + MySQL + OMMHA) 10

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Overview

Overview

Security hardening aims to enhance the defense capabilities of the Operating system.

Security hardening has the following functions on the eSight server:

  • Disable unnecessary system services on eSight to reduce the possibility of malicious attacks.
  • Strictly restrict the file permission and environment variables of the system to reduce the possibility of unauthorized operations.

Security Hardening Objects

The primary objects of security hardening are the operating system.

Table 2-11 Security hardening objects

Object

Method

SUSE Linux operating system

SetSuSE

Security Hardening Scenarios

After services are installed, commissioned, upgraded, backed up, and restored, you need to perform security hardening on the OS. If security hardening has been performed on the OS, you must roll back the security hardening before uninstallation.

Table 2-12 Security Hardening Scenarios

Operation

Scenario

Description

Security hardening

After installation and commissioning

After each component is installed and commissioned, security hardening must be performed for the system where the component runs to enhance system security.

After an upgrade

After each component version is upgraded, security hardening must be performed for the system where the component runs to enhance system security.

Rollback

Before uninstallation

Before uninstallation, if the operating system has been hardened, roll back the security hardening. Otherwise, the uninstallation may fail.

Security Hardening Impacts

Table 2-13 Security Hardening Impacts

Object

Impact

Operating System

NOTICE:

The hardening is invalid for existing sessions. After the hardening, quit all the sessions and connect them again.

After the security of a SUSE Linux operating system is hardened, certain parameters and user permission settings are changed.

For details, see descriptions in the hardening policy package.

NOTICE:

After the SUSE operating system is hardened, to remotely log in to the server on an Xshell terminal, use Xshell 5 or a later version.

After the security hardening, some hardening items of the SUSE operating system cannot be rolled back. For details, see Table 2-14.

Database

After the security of a database is hardened, certain parameters and user permission are changed.

Service

eSight needs to be stopped during security hardening and rollback. Therefore, eSight services are unavailable.

Table 2-14 SUSE hardening items that cannot be rolled back

Hardening Item

Hardening Item Type

Uninstall Packages [5.1.2,5.1.4,5.1.6,6.6,6.17]

OS Services & Special Purpose Services

Patch execution

Patches

Security Hardening Duration

Table 2-15 Security hardening duration

Object

Operation

Estimated Duration (min)

SUSE Linux operating system

Hardening

5

Hardening rollback

5

NOTE:

Security hardening duration is an approximate duration of security hardening in a laboratory, and it is only for reference. Security hardening duration is subject to environment, network, and security hardening item.

Download
Updated: 2019-09-02

Document ID: EDOC1100011856

Views: 91127

Downloads: 53

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next