LINUX Security Recommendation
The Product requires the use of a Linux Operating System (OS). It is verified and supported solely under RedHat Enterprise Linux. The matching OS version for a specific Product Release is documented in the Product’s Release Notes. This section describes available security options to be implemented on the OS level.
It is however recommended to apply the CIS hardening profile to the Linux OS on the server where the Product services are installed and will be running.
The description on how to apply the CIS profile to the Linux OS can be found in [1KHW029185] FOXMAN-UN R18 RHEL9 CIS Hardened Installation (or a later version, as applicable to the current Product version) published on Hitachi Energy Publisher via:
https://publisher.hitachienergy.com.
https://publisher.hitachienergy.com.
Further detailed OS version specific configuration instructions can easily be looked up in the extensive RedHat Enterprise Linux documentation, e.g. in the Security Guide, which can be downloaded from the Internet. Frequently used settings or recommended security defaults may also be documented in the Products installation instructions or FAT procedure.
Here is a list of security relevant “Things to consider” taken from the above-mentioned Linux Security Guide. They reflect the reasoning behind the recommendations given in this section.
• BIOS/UEFI and boot loader security
Can an unauthorized user physically access the machine and boot into single user or rescue mode without a password?
Can an unauthorized user physically access the machine and boot into single user or rescue mode without a password?
• Security-Enhanced Linux (SELinux)
A mechanism that is implementing security policies for access control, including mandatory access control (MAC).
A mechanism that is implementing security policies for access control, including mandatory access control (MAC).
• Password security
How secure are the user account passwords on the machine?
How secure are the user account passwords on the machine?
• Administrative controls
Who has an account on the system and how much administrative control do they have?
Who has an account on the system and how much administrative control do they have?
• Available network services
What services are listening for requests from the network and should they be running at all?
What services are listening for requests from the network and should they be running at all?
• Personal firewalls
What type of firewall, if any, is necessary?
What type of firewall, if any, is necessary?
• Security enhanced communication tools
Which tools should be used to communicate between workstations and which should be avoided?
Which tools should be used to communicate between workstations and which should be avoided?
• Keep all services current, to protect against the latest threats.
• Use secure protocols whenever possible.
• Monitor all servers carefully for suspicious activity.