No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

eSight V300R009C00 Local HA System Software Installation Guide (SUSE Linux + MySQL + OMMHA) 11

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Hardening the SUSE Linux Using the SetSuSE

Hardening the SUSE Linux Using the SetSuSE

Some items in the SUSE Linux operating system can be hardened through the SetSuSE tool . This topic describes how to harden the security of the SUSE Linux operating system.

Installing SetSuSE

The tool SetSuSE can be used to harden the SuSE Linux operating system. This section describes the detailed procedure of installing SetSuSE.

Prerequisites

  • You have obtained the SetSuSE installation file.
  • You have uploaded the SetSuSE installation software package to the active and standby servers.

Context

SetSuSE is a security hardening tool for the SUSE Linux operating system. The tool supports the following operations to check and improve security of the SUSE Linux operating system.

  • Audit logs.
  • Implement minimum authorization.
  • Add alarm identifiers.
  • Harden built-in services of the system.
  • Adjust the system kernel parameters.
  • Strictly control access to the system.
  • Control read and write operations to the system files.
  • Properly design the disk partitioning before operating system installation.
  • Clear restricted accounts in the system and check password complexity.

Procedure

  1. Use the PuTTY tool to log in to the active server of eSight as the root user.
  2. Decompress the SetSuSE software package.

    Assume that the SetSuSE installation package is stored in /opt/setsuse.

    # cd /opt/setsuse

    # unzip eSight_V300R009C00SPC200_ReinforcementTools_For_SUSE12_SP2.zip

    # tar -xvf SecureCATV200R001C20SetSuSE12.tar.gz

  3. Install SetSuSE.

    # cd /opt/setsuse/SecureCATV200R001C20SetSuSE

    # sh install.sh -p /opt -if /opt/setsuse/ESIGHT_SUSE12.tar

    • -p /opt: specifies the installation directory of the tool.
    • -if /opt/setsuse/ESIGHT_SUSE12.tar: imports the security hardening policy file.

    If information similar to the following is displayed, eSight has been installed successfully.

    Installation in progress, please wait ...
    Importing configuration file successful
    /opt/install/ESIGHT_SUSE12.tar
    Installation completed successfully
    Note:
    SEK installation log file path : 
    < /var/log/SEKInstall.log >
    SEK installation path : 
    < /opt >
    SEK tool was run after installation, please refer the application log for details
    SEK version :
    VPP V300R003C22 (SetSuSE)

  4. Delete the installation package and temporary files from the server after the SetSuSE is installed.

    # rm -rf /opt/setsuse

  5. Use the PuTTY tool to log in to the standby server of eSight as the root user. Repeat 2 to 4 to install SetSuSE on the standby server of eSight.

Hardening the SUSE Linux

This section describes methods to perform security hardening on the SUSE Linux operating system.

Prerequisites

  • If a remote terminal is used for the installation, the remote terminal must provide a graphical user interface (GUI), and the SUSE Linux operating system must be configured to support remote GUI login. For details, see How to Use the VNC to Remotely Log In to SUSE Linux?.
  • Ensure that only the root user logs in to the user desktop (such as the management network port and VNC). If a non-root user logs in, log out first.

Procedure

When you use the security tool to harden a device, you cannot perform other operations on the device.

  1. Run the following commands to stop eSight:

    1. Use the PuTTY tool to log in to the standby eSight server as the ossuser user.
    2. Run the following command to stop the eSight system:

      > cd /opt/ommha/ha/bin

      > ./stop.sh

      The following information indicates that standby eSight server is stopped successfully:

      stop HA successfully.
    3. Use the PuTTY tool to log in to the active eSight server as the ossuser user.
    4. Run the following command to stop the eSight system:

      > cd /opt/ommha/ha/bin

      > ./stop.sh

      The following information indicates that the active eSight server is stopped successfully:

      stop HA successfully.

  2. Use VNC to log in to the SUSE Linux operating system of active eSight server as the root user
  3. Run the following commands to start SetSuSE.

    # cd /opt

    # sekgui

  4. Optional: SetSuSE automatically backs up system data when it is started for the first time.

    If some services on the eSight server are not started, a dialog box may be displayed during the backup process, indicating that data backup fails.

  5. Choose Policy > Execute All Selected from the main menu.

  6. Click Yes in the dialog box that is displayed.

  7. Click Yes in the dialog box that is displayed.

  8. Confirm the hardening result in the dialog box that is displayed.

  9. Close SetSuSE.
  10. Restart the operating system to make the policies take effect.
  11. Log in to the SUSE Linux operating system of the standby eSight server as the root user. Repeat 2 to 10 to harden the SUSE Linux on the standby server.
Download
Updated: 2019-11-22

Document ID: EDOC1100011856

Views: 102700

Downloads: 63

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Share
Previous Next