No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

eSight V300R009C00 Single-Node System Software Installation Guide (SUSE Linux) 09

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Overview

Overview

Security hardening aims to enhance the defense capabilities of the Operating system and database.

Security hardening has the following functions on the eSight server:

  • Disable unnecessary system services on eSight to reduce the possibility of malicious attacks.
  • Strictly restrict the file permission and environment variables of the system to reduce the possibility of unauthorized operations.

Security Hardening Objects

The primary objects of security hardening are the operating system and database. For details, see Table 5-45.

Table 5-45 Security hardening objects

Object

Method

SUSE Linux operating system

SetSuSE

Oracle database

Script

Security Hardening Scenarios

Table 5-46 Security Hardening Scenarios

Operation

Scenario

Description

Security hardening

After installation and commissioning

After each component is installed and commissioned, security hardening must be performed for the system where the component runs to enhance system security.

After an upgrade

After each component version is upgraded, security hardening must be performed for the system where the component runs to enhance system security.

Rollback

Before uninstallation

Before uninstallation, if the operating system has been hardened, roll back the security hardening. Otherwise, the uninstallation may fail.

Security Hardening Impacts

  • Impacts on an operating system

    The hardening is invalid for existing sessions. After the hardening, quit all the sessions and connect them again.

  • After the security of a SUSE Linux operating system is hardened, certain parameters and user permission settings are changed.
    • After the SUSE operating system is hardened, the root user cannot directly log in to the server in remote mode. If you need to perform a certain operation as the root user, log in to the server as the ossuser user and switch to the root user.
    • After the SUSE operating system is hardened, to remotely log in to the server on an Xshell terminal, use Xshell 5 or a later version.
  • After the security hardening, some hardening items of the SUSE operating system cannot be rolled back. For details, see Table 5-47.
    Table 5-47 SUSE hardening items that cannot be rolled back

    Hardening Item

    Hardening Item Type

    Uninstall Packages [1.6.1.4,1.6.1.5,2.3.1,2.3.2,2.3.3,2.3.4,2.3.5]

    OS Services & Special Purpose Services

    Patch execution

    Patches

  • Impacts on a database

    After the security of a database is hardened, certain parameters and user permission are changed.

  • Impacts on a service

    If service running requires continuous system and data services, security hardening and system rollback have impacts on service running.

Duration

Table 5-48 describes the duration for security hardening.

Table 5-48 Security hardening duration

Object

Operation

Estimated Duration (min)

SUSE Linux operating system

Hardening

10

Hardening rollback

5

Oracle database

Hardening

5

NOTE:

Security hardening duration is an approximate duration of security hardening in a laboratory, and it is only for reference. Security hardening duration is subject to environment, network, and security hardening item.

Download
Updated: 2019-05-17

Document ID: EDOC1100011860

Views: 92854

Downloads: 138

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next