No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

FusionCloud 6.3.1.1 Troubleshooting Guide 02

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Hardening the OS

Hardening the OS

Basic security hardening has been performed on the ManageOne OS by default. This section describes how to disable SSH login for users such as root to improve OS security.

Procedure

  1. Use PuTTY to log in to a ManageOne node as the root user in SSH mode.
  2. Run the following command to modify the security hardening configuration file:

    vim /etc/ssh/sshd_config

    Change the value of PermitRootLogin in the configuration file to no.

    ...
    RhostsRSAAuthentication no
    HostbasedAuthentication no
    PermitRootLogin no
    PermitEmptyPasswords no
    PermitUserEnvironment no
    ...

  3. Press Esc to switch to the command mode, run the :wq! command to save the file and exit.
  4. Run the following command to restart the SSH service:

    systemctl restart sshd

    After the command is executed, the ManageOne node disconnects from the local PC.

  5. Use PuTTY to log in to a ManageOne node on which security hardening has been performed as the sopuser user in SSH mode.
  6. Run the following command to switch to the root user:

    su - root

    Enter the password of the root user as prompted.

  7. Run the following commands to delete history records:

    sed -i '/HISTSIZE/d' /etc/bashrc

    sed -i '/HISTFILESIZE/d' /etc/bashrc

    echo 'HISTSIZE=0' >> /etc/bashrc

    echo 'HISTFILESIZE=0' >> /etc/bashrc

    source /etc/bashrc

  8. Repeat 1 through 4 on all ManageOne nodes to perform security hardening.
Translation
Download
Updated: 2019-06-10

Document ID: EDOC1100063248

Views: 23195

Downloads: 37

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next