Skip Navigation Links | |
Exit Print View | |
Netra Blade X3-2B (formerly Sun Netra X6270 M3 Server Module) Security Guide |
Operating System Security Guidelines
Maintaining a Secure Environment
The following post-installation topics are covered:
Oracle System Assistant is an application running on a pre-installed, internal USB flash drive. It is built on top of a bootable linux root environment. OSA also provides the ability to access its underlying root shell. Users who have physical access to the system, or who have Remote KVMS access to the system through ILOM, will be able to access OSA and the root shell.
A root environment can be used to change ILOM configuration, system policies, as well as access data on other disks. It is recommended that physical access to the server be protected and the administrator and console privileges for ILOM users be assigned sparingly. Encrypting the operating system filesystem will also prevent root shell users of OSA from being able to read disk contents.
In addition to being a bootable environment, Oracle System Assistant is also mounted as a USB storage device accessible to the host operating system after installation. This is useful in accessing tools and drivers for maintenance and reconfiguration. The OSA flash device is both readable and writable and could be a potential filesystem exploited by viruses.
It is recommended that the same methods for protecting disks be applied to the OSA storage device including regular virus scans and integrity checks.
Oracle System Assistant can be a useful tool in helping setup a server, update and configure firmware, and install the host operating system.However, if the security implications mentioned above are undesirable or if the tool is simply not needed, OSA itself can also be disabled. Disabling OSA means that the USB storage device will no longer be accessible to the host operating system. In addition, it will not be possible to boot to Oracle System Assistant.
It is possible to disable Oracle System Assistant from either OSA itself or from BIOS. Once disabled, it can only be re-enabled from BIOS Setup. It is recommended that BIOS Setup be password-protected such that only authorized users can re-enable OSA.
See the Oracle System Assistant documentation for instructions on how to disable OSA or refer to the Netra Blade X3-2B Administration Guide.