6.4
Table Of Contents
- Secure Configuration
- Contents
- Secure Configuration
- vRealize Operations Manager Security Posture
- Secure Deployment of vRealize Operations Manager
- Secure Configuration of vRealize Operations Manager
- Secure the vRealize Operations Manager Console
- Change the Root Password
- Managing Secure Shell, Administrative Accounts, and Console Access
- Enable or Disable Secure Shell on a vRealize Operations Manager node
- Create a Local Administrative Account for Secure Shell
- Restrict Secure Shell Access
- Maintain Secure Shell Key File Permissions
- Harden the Secure Shell Server Configuration
- Harden the Secure Shell Client Configuration
- Disable Direct Logins as Root
- Disable SSH Access for the Admin User Account
- Set Boot Loader Authentication
- Single-User or Maintenance Mode Authentication
- Monitor Minimal Necessary User Accounts
- Monitor Minimal Necessary Groups
- Resetting the vRealize Operations Manager Administrator Password (Linux)
- Configure NTP on VMware Appliances
- Disable the TCP Timestamp Response on Linux
- Enable FIPS 140-2 Mode
- TLS for Data in Transit
- Application Resources That Must be Protected
- Configure PostgreSQL Client Authentication
- Apache Configuration
- Disable Configuration Modes
- Managing Nonessential Software Components
- Secure the USB Mass Storage Handler
- Secure the Bluetooth Protocol Handler
- Secure the Stream Control Transmission Protocol
- Secure the Datagram Congestion Control Protocol
- Secure Reliable Datagram Sockets Protocol
- Secure the Transparent Inter-Process Communication Protocol
- Secure Internet Packet Exchange Protocol
- Secure Appletalk Protocol
- Secure DECnet Protocol
- Secure Firewire Module
- Kernel Message Logging
- Windows Installed Deployment
- Linux Installed Deployment
- Endpoint Operations Management Agent
- Additional Secure Configuration Activities
- Network Security and Secure Communication
- Configuring Network Settings for Virtual Application Installation
- Prevent User Control of Network Interfaces
- Set the Queue Size for TCP Backlog
- Deny ICMPv4 Echoes to Broadcast Address
- Configure the Host System to Disable IPv4 Proxy ARP
- Configure the Host System to Ignore IPv4 ICMP Redirect Messages
- Configure the Host System to Ignore IPv6 ICMP Redirect Messages
- Configure the Host System to Deny IPv4 ICMP Redirects
- Configure the Host System to Log IPv4 Martian Packets
- Configure the Host System to use IPv4 Reverse Path Filtering
- Configure the Host System to Deny IPv4 Forwarding
- Configure the Host System to Deny Forwarding of IPv4 Source Routed Packets
- Configure the Host System to Deny IPv6 Forwarding
- Configure the Host System to Use IPv4 TCP Syncookies
- Configure the Host System to Deny IPv6 Router Advertisements
- Configure the Host System to Deny IPv6 Router Solicitations
- Configure the Host System to Deny IPv6 Router Preference in Router Solicitations
- Configure the Host System to Deny IPv6 Router Prefix
- Configure the Host System to Deny IPv6 Router Advertisement Hop Limit Settings
- Configure the Host System to Deny IPv6 Router Advertisement Autoconf Settings
- Configure the Host System to Deny IPv6 Neighbor Solicitations
- Configure the Host System to Restrict IPv6 Maximum Addresses
- Configuring Ports and Protocols
- Configuring Network Settings for Virtual Application Installation
- Auditing and Logging on your vRealize Operations Manager System
- Index
IPv6, deny IPv6 router preference in router
solicitations 49
IPv6, ignore ICMP redirect messages 45
IPv6, restrict IPv6 maximum addresses 51
K
kernel message logging 32
L
local administrative account, creating 16
logging 53
M
maintenance mode authentication 20
managing nonessential software 29
minimal necessary groups 20
minimal user accounts 20
minimum incoming ports 52
minimum permissions, agent functionality 36
monitor minimal necessary groups 20
monitor minimal user accounts 20
N
network settings 43
network time protocol 34
O
open ports on agent host 39
OVF, network settings 43
P
password expiry 15
patching 41
platform files and permissions, Linux 36
platform files and permissions, Windows 37
ports
incoming 43
outgoing 43
ports and protocols, configuring 51
prevent user control 43
R
reinstate an agent resource 40
remote logging server > securing 53
remove the agent resource 39
removing sample code:Apache2 server 28
resetting the password on Linux clusters 21
review installed software 10
revoking an agent 39
root password, change 14
root user, secure shell 15
S
secure
Appletalk Protocol 31
Firewire Module 31
Internet Packet Exchange Protocol 31
Reliable Datagram Sockets protocol 30
Transparent Inter-Process Communication
protocol 30
secure configuration 13
Secure Shell, restricting access 17
secure deployment of vRealize Operations
Manager 9
secure remote logging server 53
secure shell client configuration 18
secure shell file permissions 17
secure shell server configuration 17
Secure Shell, managing 15
secure the console 14
security posture 7
security advisories, patches 11
server configuration, secure shell 17
single-user authentication 20
Stream Control Transmission Protocol 29
strong protocols 33, 34
strong ciphers 33, 35
strong ciphers, configure 24
strong protocols, configure 23
T
TCP backlog queue size 43
third-party software 10
TLS for data in transit 23, 33, 34
U
unnecessary applications, delete 41
updates 41
updating certificates 40
USB mass storage handler 29
V
verify, server user account settings 41
verify secure baseline 34
verify server tokens:apache2 server 28
verifying the installation media 9
virtual appliances
Bluetooth protocol handler 29
boot loader authentication 19
configure network time protocol 22
enable or disable Secure Shell 16
USB mass storage handler 29
virtual machines, disable IPv4 proxy ARP 44
virtual machines, deny ICMPv4 echoes to
broadcast address 44
Secure Configuration
56 VMware, Inc.