No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

eLog V200R007C10 Installation Guide

Describes the installation process of product software. Includes plans, environmental requirements, and procedures for installation, as well as commissioning procedures.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Security Hardening

Security Hardening

The security hardening operations described in this section apply only to operating systems delivered with the eLog but not other operating systems installed by users.

Purpose

The eLog server may have the following security risks:

  • Many services are enabled by default during operating system installation, increasing the possibility of system attacks.
  • System file permissions and environment variables are not strictly restricted, increasing system risks.

Security hardening ensures secure and stable system running and hides or eliminates system defects.

Security hardening is required for the analyzer, collector, and server deployed in centralized mode.

Operating System Security

Harden an operating system by using the operating system hardening tool. The hardening tasks include the following:

  • Install the officially released patch on the operating system.
  • Start the firewall and disable unused ports. The ports to be used are automatically added to the firewall exception service. For details on the open ports, see Communication Matrix.
  • Disable unused services.
  • Forbid simple passwords.
  • Change the single-user mode to the access mode that requires the root password.
  • Disable root remote connection.
  • Uninstall tcpdump.

Prerequisites

  • The operating system parameter values have been set or changed.
  • The eLog system has been installed or upgraded.
  • The eLog service has been stopped.
  • The hardening tool has been obtained from http://support.huawei.com and copied to the server.

Procedure

  1. Use the iBMC interface to connect to the server and log in to the operating system as the root user.

    Remote connections will be torn down during security hardening. Therefore, you must use the iBMC interface to connect to the server. Otherwise, you cannot log in to the eLog after security hardening.

  2. Right-click the desktop to open the terminal.
  3. Run the cd hardening-tool-directory command to access the directory where the hardening tool resides.

    For example, if the hardening tool is stored in /opt, run the following command:

    # cd /opt

  4. Decompress the hardening tool.

    # unzip eLog_ReinforcementTools_For_SUSE12SP2.zip -d eLog_ReinforcementTools_For_SUSE12SP2

  5. Run the following command to start the hardening tool.

    # cd eLog_ReinforcementTools_For_SUSE12SP2
    # sh run.sh

  6. If the following information is displayed, security hardening is complete.

    Execute reinforcement successfully, please reboot the system.

  7. Run the reboot command to validate the hardening configuration.

    After security hardening, the root remote connection is disabled when the firewall starts. To uninstall the eLog, you can only use the root account to log in to the server through the iBMC interface or enable the root remote connection and close the firewall. For details, see How to Enable or Disable Root Remote Connection and Adding Exceptions on the Firewall.

Follow-Up Procedure

tcpdump is a common packet analyzer that intercepts data packets transmitted on the network based on user definition. For network security, tcpdump is uninstalled during security hardening. If you need to use the tool in future, learn the risks and manually install it according to Installing tcpdump.

Translation
Download
Updated: 2019-04-01

Document ID: EDOC1100073937

Views: 9499

Downloads: 16

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next