6.5
Table Of Contents
- Secure Configuration
- Contents
- Secure Configuration
- vRealize Operations Manager Security Posture
- Secure Deployment of vRealize Operations Manager
- Secure Configuration of vRealize Operations Manager
- Secure the vRealize Operations Manager Console
- Change the Root Password
- Managing Secure Shell, Administrative Accounts, and Console Access
- Enable or Disable Secure Shell on a vRealize Operations Manager node
- Create a Local Administrative Account for Secure Shell
- Restrict Secure Shell Access
- Maintain Secure Shell Key File Permissions
- Harden the Secure Shell Server Configuration
- Harden the Secure Shell Client Configuration
- Disable Direct Logins as Root
- Disable SSH Access for the Admin User Account
- Set Boot Loader Authentication
- Single-User or Maintenance Mode Authentication
- Monitor Minimal Necessary User Accounts
- Monitor Minimal Necessary Groups
- Resetting the vRealize Operations Manager Administrator Password (Linux)
- Configure NTP on VMware Appliances
- Disable the TCP Timestamp Response on Linux
- Enable FIPS 140-2 Mode
- TLS for Data in Transit
- Application Resources That Must be Protected
- Configure PostgreSQL Client Authentication
- Apache Configuration
- Disable Configuration Modes
- Managing Nonessential Software Components
- Secure the USB Mass Storage Handler
- Secure the Bluetooth Protocol Handler
- Secure the Stream Control Transmission Protocol
- Secure the Datagram Congestion Control Protocol
- Secure Reliable Datagram Sockets Protocol
- Secure the Transparent Inter-Process Communication Protocol
- Secure Internet Packet Exchange Protocol
- Secure Appletalk Protocol
- Secure DECnet Protocol
- Secure Firewire Module
- Kernel Message Logging
- Linux Installed Deployment
- Endpoint Operations Management Agent
- Additional Secure Configuration Activities
- Network Security and Secure Communication
- Configuring Network Settings for Virtual Application Installation
- Prevent User Control of Network Interfaces
- Set the Queue Size for TCP Backlog
- Deny ICMPv4 Echoes to Broadcast Address
- Configure the Host System to Disable IPv4 Proxy ARP
- Configure the Host System to Ignore IPv4 ICMP Redirect Messages
- Configure the Host System to Ignore IPv6 ICMP Redirect Messages
- Configure the Host System to Deny IPv4 ICMP Redirects
- Configure the Host System to Log IPv4 Martian Packets
- Configure the Host System to use IPv4 Reverse Path Filtering
- Configure the Host System to Deny IPv4 Forwarding
- Configure the Host System to Deny Forwarding of IPv4 Source Routed Packets
- Configure the Host System to Deny IPv6 Forwarding
- Configure the Host System to Use IPv4 TCP Syncookies
- Configure the Host System to Deny IPv6 Router Advertisements
- Configure the Host System to Deny IPv6 Router Solicitations
- Configure the Host System to Deny IPv6 Router Preference in Router Solicitations
- Configure the Host System to Deny IPv6 Router Prefix
- Configure the Host System to Deny IPv6 Router Advertisement Hop Limit Settings
- Configure the Host System to Deny IPv6 Router Advertisement Autoconf Settings
- Configure the Host System to Deny IPv6 Neighbor Solicitations
- Configure the Host System to Restrict IPv6 Maximum Addresses
- Configuring Ports and Protocols
- Configuring Network Settings for Virtual Application Installation
- Auditing and Logging on your vRealize Operations Manager System
- Index
K
kernel message logging 32
L
Linux installed deployment 32
local administrative account, creating 16
logging 51
M
maintenance mode authentication 20
managing nonessential software 29
minimal necessary groups 20
minimal user accounts 20
minimum incoming ports 50
minimum permissions, agent functionality 34
monitor minimal necessary groups 20
monitor minimal user accounts 20
N
network settings 41
network time protocol 32
O
open ports on agent host 37
OVF, network settings 41
P
password expiry 15
patching 39
platform files and permissions, Linux 35
platform files and permissions, Windows 36
ports
incoming 41
outgoing 41
ports and protocols, configuring 49
prevent user control 41
R
reinstate an agent resource 38
remote logging server > securing 51
remove the agent resource 38
removing sample code:Apache2 server 28
resetting the password on Linux clusters 21
review installed software 10
revoking an agent 37
root password, change 14
root user, secure shell 15
S
secure
Appletalk Protocol 31
Firewire Module 31
Internet Packet Exchange Protocol 31
Reliable Datagram Sockets protocol 30
Transparent Inter-Process Communication
protocol 30
secure configuration 13
Secure Shell, restricting access 17
secure configuration activities 39
secure deployment of vRealize Operations
Manager 9
secure remote logging server 51
secure shell client configuration 18
secure shell file permissions 17
secure shell server configuration 17
Secure Shell, managing 15
secure the console 14
security posture 7
security advisories, patches 10
server configuration, secure shell 17
single-user authentication 20
Stream Control Transmission Protocol 29
strong protocols 33
strong ciphers 33
strong ciphers, configure 24
strong protocols, configure 23
T
TCP backlog queue size 41
third-party software 10
TLS for data in transit 23, 33
U
unnecessary applications, delete 39
updates 39
updating certificates 39
USB mass storage handler 29
V
verify, server user account settings 39
verify server tokens:apache2 server 28
verifying the installation media 9
virtual appliances
Bluetooth protocol handler 29
boot loader authentication 19
configure network time protocol 22
enable or disable Secure Shell 16
USB mass storage handler 29
virtual machines, disable IPv4 proxy ARP 42
virtual machines, deny ICMPv4 echoes to
broadcast address 42
vRealize Operations Manager administrative
password 21
Secure Configuration
54 VMware, Inc.