Go to main content
oracle home
Oracle
®
SuperCluster M8 and SuperCluster M7 Security Guide
Exit Print View
Search Term
Search Scope:
This Document
Entire Library
» ...
Documentation Home
»
Oracle SuperCluster M8 and SuperCluster M7 ...
»
Oracle
®
SuperCluster M8 and ...
»
Securing the Exadata Storage Servers
»
Log into the Storage Server OS
Updated: June 2020
Oracle
®
SuperCluster M8 and SuperCluster M7 Security Guide
Document Information
Using This Documentation
Product Documentation Library
Feedback
Understanding Security Principles
Secure Isolation
Data Protection
Related Information
Access Control
Monitoring and Compliance Auditing
Related Information
Additional Resources for SuperCluster Security Best Practices
Reviewing the Default Security Configuration
Default Security Settings
Default User Accounts and Passwords
Passwords Known by Oracle Engineered Systems Hardware Manager
Securing the Hardware
Access Restrictions
Serial Numbers
Drives
OpenBoot
Additional Hardware Resources
Securing Oracle ILOM
Log in to the Oracle ILOM CLI
Determine the Oracle ILOM Version
(If Required) Enable FIPS-140 Compliant Operation (Oracle ILOM)
Default Exposed Network Services (Oracle ILOM)
Hardening the Oracle ILOM Security Configuration
Disable Unnecessary Services (Oracle ILOM)
Configure HTTP Redirection to HTTPS (Oracle ILOM)
Disable Unapproved Protocols
Disable the SSLv2 Protocol for HTTPS
Disable the SSLv3 Protocol for HTTPS
Disable Unapproved TLS Protocols for HTTPS
Disable SSL Weak and Medium-Strength Ciphers for HTTPS
Disable Unapproved SNMP Protocols (Oracle ILOM)
Configure SNMP v1 and v2c Community Strings (Oracle ILOM)
Replace Default Self-Signed Certificates (Oracle ILOM)
Configure Administrative Browser Interface Inactivity Timeout
Configure the Administrative Interface Timeout (Oracle ILOM CLI)
Configure Login Warning Banners (Oracle ILOM)
Additional Oracle ILOM Resources
Securing the Compute Servers
Log into a Compute Server
Determine the SuperCluster Software Version
Configure the Secure Shell Service
Verify That root Is a Role
Default Exposed Network Services (Compute Servers)
Hardening the Compute Server Security Configuration
Disable Unnecessary Services (Compute Servers)
Enable Strict Multi-homing
Enable ASLR
Configure TCP Connections
Set Password History Logs and Password Policies for PCI Compliance
Ensure That User Home Directories Have Appropriate Permissions
Enable the IP Filter Firewall
Ensure That Name Services Only Use Local Files
Enable Sendmail and NTP Services
Disable GSS (Unless Using Kerberos)
Set the Sticky Bit for World-Writable Files
Protect Core Dumps
Enforce Nonexecutable Stacks
Enable Encrypted Swap Space
Enable Auditing
Enable Data Link (Spoofing) Protection on Global Zones
Enable Data Link (Spoofing) Protection on Non-Global Zones
Create Encrypted ZFS Data Sets
(Optional) Set a Passphrase for Key Store Access
Create Immutable Global Zones
Configure Immutable Non-Global Zones
Enable Secure Verified Boot (Oracle ILOM CLI)
Secure Verified Boot (Oracle ILOM Web Interface)
Additional Compute Server Resources
Securing the ZFS Storage Appliance
Log into the ZFS Storage Appliance
Determine the ZFS Storage Appliance Software Version
Change the ZFS Storage Appliance root Password
Default Exposed Network Services (ZFS Storage Appliance)
Hardening the ZFS Storage Appliance Security Configuration
Implement Oracle ILOM Security Configuration Hardening
Disable Unnecessary Services (ZFS Storage Appliance)
Disable Dynamic Routing
Configure the Administrative Interface Inactivity Timeout (HTTPS)
Disable Unapproved SNMP Protocols
Configure SNMP Community Strings
Configure SNMP Authorized Networks
Additional ZFS Storage Appliance Resources
Securing the Exadata Storage Servers
Log into the Storage Server OS
Change Storage Server Passwords
Determine the Exadata Storage Server Software Version
Default Exposed Network Services (Storage Servers)
Hardening the Storage Server Security Configuration
Security Configuration Restrictions
Display Available Security Configurations With host_access_control
Configure a System Boot Loader Password
Disable Oracle ILOM System Console Access
Restrict Remote root Access Using SSH
Configure System Account Lockout
Configure Password Complexity Rules
Configure a Password History Policy
Configure a Failed Authentication Lock Delay
Configure Password Aging Control Policies
Configure the Administrative Interface Inactivity Timeout (Login Shell)
Configure the Administrative Interface Inactivity Timeout (Secure Shell)
Configure a Login Warning Banner (Storage Server)
Limiting Remote Network Access
Storage Server Management Network Isolation
Limit Remote Network Access
Additional Storage Server Resources
Securing the IB and Ethernet Switches
Log Into an IB Switch
Determine the IB Switch Firmware Version
Change root and nm2user Passwords
Change IB Switch Passwords (Oracle ILOM)
IB Switch Network Isolation
Default Exposed Network Services (IB Switch)
Hardening the IB Switch Configuration
Disable Unnecessary Services (IB Switch)
Configure HTTP Redirection to HTTPS (IB Switch)
Disable Unapproved SNMP Protocols (IB Switch)
Configure SNMP Community Strings (IB Switch)
Replace Default Self-Signed Certificates (IB Switch)
Configure the Administrative CLI Session Timeout (IB Switch)
Additional IB Switch Resources
Change the Ethernet Switch Password
Auditing for Compliance
Generate a Compliance Assessment
(Optional) Run Compliance Reports with a cron Job
FIPS-140-2 Level 1 Compliance
Keeping SuperCluster M8 and SuperCluster M7 Systems Secure
Managing SuperCluster Security
Oracle ILOM for Secure Management
Oracle Identity Management Suite
Oracle Key Manager
Oracle Engineered Systems Hardware Manager
Oracle Enterprise Manager
Oracle Enterprise Manager Ops Center (Optional)
Monitoring Security
Workload Monitoring
Database Activity Monitoring and Auditing
Network Monitoring
Software and Firmware Updating
Index
Index A
Index B
Index C
Index D
Index E
Index F
Index G
Index H
Index I
Index K
Index L
Index M
Index N
Index O
Index P
Index R
Index S
Index T
Index U
Index V
Index W
Index Z
Language:
English
Log into the Storage Server OS
On the management network, log into one of the storage servers as
celladmin
.
See
Default User Accounts and Passwords
.
#
ssh celladmin@
Storage_Server_IP_address
Previous
Next