Oracle System Assistant is a preinstalled tool that helps you to locally or remotely configure and update server hardware and to install supported operating systems. For information about how to use Oracle System Assistant, refer to the Oracle X4 Series Servers Administration Guide at:
http://www.oracle.com/goto/x86AdminDiag/docs
The following information will help you to understand security issues related to Oracle System Assistant.
Oracle System Assistant contains a bootable root environment.
Oracle System Assistant is an application that runs on a preinstalled, internal USB flash drive. It is built on top of a bootable Linux root environment. Oracle System Assistant also provides the ability to access its underlying root shell. Users who have physical access to the system, or who have remote KVMS (keyboard, video, mouse, and storage) access to the system through Oracle ILOM, will be able to access Oracle System Assistant and the root shell.
A root environment can be used to change system configuration and policies, as well as to access data on other disks. It is recommended that physical access to the server be protected and that the administrator and console privileges for Oracle ILOM users be assigned sparingly.
Oracle System Assistant mounts a USB storage device that is accessible to the operating system.
In addition to being a bootable environment, Oracle System Assistant is also mounted as a USB storage device (flash drive) that is accessible to the host operating system after installation. This is useful when accessing tools and drivers for maintenance and reconfiguration. The Oracle System Assistant USB storage device is both readable and writeable and could potentially be exploited by viruses.
It is recommended that the same methods for protecting disks be applied to the Oracle System Assistant storage device, including regular virus scans and integrity checking.
Oracle System Assistant can be disabled.
Oracle System Assistant is a useful tool in helping to set up the server, update and configure firmware, and install the host operating system. However, if the security implications described above are unacceptable, or if the tool is not needed, Oracle System Assistant can be disabled. Disabling Oracle System Assistant means that the USB storage device will no longer be accessible to the host operating system. In addition, it will not be possible to boot Oracle System Assistant.
You can disable Oracle System Assistant from either the tool itself or from BIOS. Once disabled, Oracle System Assistant can only be re-enabled from the BIOS Setup Utility. It is recommended that BIOS Setup be password-protected so that only authorized users can re-enable Oracle System Assistant. For information about how to disable and re-enable Oracle System Assistant, refer to the Oracle X4 Series Servers Administration Guide at: