No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

eSight V300R009C00 Single-Node System Software Installation Guide (SUSE Linux) 09

Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Rolling Back SUSE Linux Using SetSuSE

Rolling Back SUSE Linux Using SetSuSE

After the operating system is rolled back to the pre-hardened state, system parameters restore the values before security hardening.

Prerequisites

  • The eSight service is stopped.
  • If a remote terminal is used for the installation, the remote terminal must provide a graphical user interface (GUI), and the SUSE Linux operating system must be configured to support remote GUI login. For details, see How to Use the VNC to Remotely Log In to SUSE Linux.
  • Ensure that only the root user logs in to the user desktop (such as the management network port and VNC). If a non-root user logs in, log out first.

Procedure

  1. Log in to the server as the ossuser user.
  2. Switch to the root user.

    > su - root

  3. Run the following commands to start SetSuSE.

    # cd /opt/setsuse/SecureCATV200R001C20SetSuSE

    # sekgui

  4. Choose Policy > Rollback All Selected to Original State from the main menu.

  5. In the dialog box that is displayed, click Yes.

  6. Confirm the rollback result in the dialog box that is displayed.

    The rollback result for hardening items whose rollback is successful is Success. The rollback result for items that are only checked or hardening items that do not support rollback is Not Supported.

    • For specific hardening items that do not support rollback, see Overview.
    • For items that are only checked, see Table 11-1.
    Table 11-1 Items that are only checked

    Type

    Item

    Review User Group Settings

    Verify Permissions of User .netrc Files [6.2.13]

    Review User Group Settings

    Check for Presence of User .netrc Files [6.2.12]

    Logging and Auditing

    Verify rsyslog is Installed [4.2.3]

    Verify System File Permissions

    Find SUID & SGID System Executables [6.1.11,6.1.12]

    Filesystem Configuration

    Verify /var Partitions [1.1.6,1.1.11,1.1.12]

    Review User Group Settings

    Check that Users Are Assigned Valid Home Directories [6.2.7]

    Review User Group Settings

    Check Permissions on User Home Directories [6.2.8]

    Review User Group Settings

    Check for Duplicate User Names and UID [6.2.16, 6.2.18]

    Review User Group Settings

    Check Groups in /etc/passwd [6.2.15]

    Review User Group Settings

    Verify no UID 0 Accounts Exist Other than root [6.2.5]

    Review User Group Settings

    Check for Presence of User .rhosts Files [6.2.14]

    Verify System File Permissions

    Find Ungrouped, Unowned Files & Directories [6.1.9, 6.1.10]

    Review User Group Settings

    Ensure Password Fields are Not Empty [6.2.1]

    Review User Group Settings

    Verify Permissions of User Dot Files [6.2.10]

    Additional Process Hardening

    Ensure No Unconfined Daemons [1.6.1.6]

    Review User Group Settings

    Check User Home Directory Ownership [6.2.9]

    Review User Group Settings

    Check for Duplicate Group Names and Duplicate GID [6.2.17, 6.2.19]

    Review User Group Settings

    Verify no Legacy "+" Entries [6.2.2, 6.2.3, 6.2.4]

    Review User Group Settings

    Check for Presence of User .forward Files [6.2.11]

  7. Restart the operating system to make the system rollback take effect.
Download
Updated: 2019-05-17

Document ID: EDOC1100011860

Views: 92120

Downloads: 138

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next