Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

Gecko1507

32 Posts

1239

October 6th, 2016 03:00

Level 2 Hardening

Hi,

Anyone have any experience of applying the level 2 OS and password security hardening?

One applied is it possible to roll back, ie: undo the hardening process? My initial thoughts could be to create a checkpoint prior to applying the hardening and if it goes horribly wrong roll back to that checkpoint taken before the hardening was applied but just wondering if there is an actual process to undo the hardening?

Thanks

Neil

ionthegeek

2K Posts

October 6th, 2016 06:00

One of my colleagues wrote a KB article that covers installing and removing the hardening packages:

https://support.emc.com/kb/466996

Removing the packages should revert the system back to its previous configuration.

For reference, a checkpoint rollback wouldn't help you here. Checkpoints only cover the backup data and system databases like the MCS, they do not cover the OS configuration files that would be modified when hardening is applied.

Gecko1507

32 Posts

October 7th, 2016 00:00

Thank you very much for that Ian,

I will be using today as part of the process.

Very helpful as always,  very much appreciated.

Neil

Gecko1507

32 Posts

October 10th, 2016 01:00

Ian,

Is the colleague who wrote the article still around/contactable?

Trying to install the avhardening package and the system is claiming it is already installed - this is fine but I need to be 100% sure that it is actually installed!!

I'm wondering if it is part of the AvPlatformOSRollup package and whether your colleague experienced similar behaviour when trying to install??

Neil

ionthegeek

2K Posts

October 11th, 2016 09:00

Depends on version. The avhardening package is included out of the box in Avamar 7.3.

If you want to check whether avhardening is installed, you can log into the utility node as the admin user and check with the rpm:

rpm -qa | grep avhardening

If this is a multi-node system and you want to check all the nodes, load the keys and use mapall:

mapall --noerror --all 'rpm -qa | grep avhardening'

Edit: The install and upgrade packages for some older releases (and I believe the OS security rollup package as well) have an option that will install avhardening. This may have been enabled in your environment.

View More

View All

No Events found!

Top