Oracle Linux 6.9 exadata OS hardening

Latest response

hi
i need help in security Harding checklist for red hat enterprise Linux 7.4 to install on it Oracle Linux 6.9 Exadata? any idea

Responses

We utilize CIS for this. Maybe this will help - https://www.cisecurity.org/cis-benchmarks/

Also examine https://www.open-scap.org/getting-started/. If you want to go down another rabbit hole, search the discussion area here for "STIG". STIG is not necessarily limited to government entities according to some contacts I have at Red Hat, banks and others use it too

These were written for either RHEL or CentOS, however many aspects of it could be considered fro Oracle's version of Linux https://github.com/fcaviggia

This is the RHEL security guide

This STIG list by Red Hatter Shawn Wells is with the previous STIG, but it is worthwhile to consider.

Note, there is a new method to secure grub with a password.

I made a script to implement FIPS controls (google that) on RHEL 7. It has not been tested on Oracle Linux (you should test it first, and examine the solution ID at Red Hat listed within the script. https://access.redhat.com/discussions/3487481

Here is something from Oracle on their own hardening. Examine, evaluate, test. Consider this Oracle resource during that process.

This is Oracle's very own security guide.

You can't be the only one who has hardened Oracle Linux. You ought to examine their discussion area (first, before posting), and then after searching, reviewing, consider posting with additional questions.

Hardening an operating system is the product of some focused research. Most controls will probably work. Not every (speaking in absolute terms) control will be applicable or work for every server. Example, FIPS does not work with gluster, if you happen to use that. It's in the works though. That's just one example. There are other exceptions.

Make notes, make scripts where possible. Make backup copies of configuration files with a time date stamp such as...

mydate=`date '+%Y%m%d_%H%M%S'`
echo $mydate
cp -v /etc/pam.d/system-auth{,.$mydate}

That will copy a specific file you are about to edit with a time date stamp. Leave "bread crumbs" (clues) for yourself as you go down this process. You'll need it.

Implement controls into kickstarts, kickstart builds as you go along. My builds have all usual controls built in, it took some time.

Regards

RJ

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.