At the time of this post, page 55 of the document discusses it more.on't
I haven't seen any additional licensing requirements for this. Since STIG is a DoD standard, Isilon documentation won't have a whole lot in terms of the specifics on what exactly the settings are, only in what areas it is compliant.
If we don't have the STIG hardening license can I still do some of the "mentioned" lockdown that the profile would do? For example the guide states this below, can I still do these items without buying the STIG license?
The following modifications are examples of the many system changes:
l After you log in through SSH or the web interface, the system will display a message that you are accessing a U.S. Government Information System and will display the terms and conditions of using the system.
l On each node, SSH and the web interface will listen only on the node's external IP address.
l Password complexity requirements for local user accounts will increase. Passwords must be at least 14 characters and contain at least one of each of the following character types: numeric, uppercase, lowercase, symbol.
l Root SSH will be disabled. To log in after hardening is applied, you can log in as root only through the web interface or through a serial console session.
Curious if anyone has any insight on this, again if we did not buy the STIG hardening license can I still apply some of the related lockdowns on the Isilon? Such as disabling root SSH, etc. Or do I need the license and have to apply the hardening profile to do any of the above mentioned items?
sjones51
252 Posts
0
February 15th, 2018 10:00
Hi z29ac,
Various versions of the OneFS WebAdministration guide talk about this more. I don't know what version you are running, but here is 8.0.1:
https://support.emc.com/docu79793_OneFS-8.0.1-Web-Administration-Guide.pdf?language=en_US
At the time of this post, page 55 of the document discusses it more.on't
I haven't seen any additional licensing requirements for this. Since STIG is a DoD standard, Isilon documentation won't have a whole lot in terms of the specifics on what exactly the settings are, only in what areas it is compliant.
zthiel
1 Rookie
•
7 Posts
0
February 15th, 2018 13:00
If we don't have the STIG hardening license can I still do some of the "mentioned" lockdown that the profile would do? For example the guide states this below, can I still do these items without buying the STIG license?
The following modifications are examples of the many system changes:
l After you log in through SSH or the web interface, the system will display a message that you are accessing a U.S. Government Information System and will display the terms and conditions of using the system.
l On each node, SSH and the web interface will listen only on the node's external IP address.
l Password complexity requirements for local user accounts will increase. Passwords must be at least 14 characters and contain at least one of each of the following character types: numeric, uppercase, lowercase, symbol.
l Root SSH will be disabled. To log in after hardening is applied, you can log in as root only through the web interface or through a serial console session.
zthiel
1 Rookie
•
7 Posts
0
February 17th, 2018 04:00
Curious if anyone has any insight on this, again if we did not buy the STIG hardening license can I still apply some of the related lockdowns on the Isilon? Such as disabling root SSH, etc. Or do I need the license and have to apply the hardening profile to do any of the above mentioned items?