Go to main content

Oracle^® SuperCluster M8 and SuperCluster M7 Security Guide

Exit Print View

» ...Documentation Home » Oracle SuperCluster M8 and SuperCluster M7 ... » Oracle^® SuperCluster M8 and ... » Securing the Exadata Storage Servers » Hardening the Storage Server Security ... » Configure a Password History Policy

Updated: June 2020

Oracle^® SuperCluster M8 and SuperCluster M7 Security Guide

Document Information

Using This Documentation

Understanding Security Principles

Reviewing the Default Security Configuration

Securing the Hardware

Securing Oracle ILOM

Securing the Compute Servers

Securing the ZFS Storage Appliance

Securing the Exadata Storage Servers

Log into the Storage Server OS

Change Storage Server Passwords

Determine the Exadata Storage Server Software Version

Default Exposed Network Services (Storage Servers)

Hardening the Storage Server Security Configuration

Security Configuration Restrictions

Display Available Security Configurations With host_access_control

Configure a System Boot Loader Password

Disable Oracle ILOM System Console Access

Restrict Remote root Access Using SSH

Configure System Account Lockout

Configure Password Complexity Rules

Configure a Password History Policy

Configure a Failed Authentication Lock Delay

Configure Password Aging Control Policies

Configure the Administrative Interface Inactivity Timeout (Login Shell)

Configure the Administrative Interface Inactivity Timeout (Secure Shell)

Configure a Login Warning Banner (Storage Server)

Limiting Remote Network Access

Additional Storage Server Resources

Securing the IB and Ethernet Switches

Auditing for Compliance

Keeping SuperCluster M8 and SuperCluster M7 Systems Secure

Language:

Configure a Password History Policy

By default, the storage servers define a password history policy that prevents users from reusing their last 10 passwords.

Log into the storage server as celladmin.
See Log into the Storage Server OS.

View the current setting.

# /opt/oracle.cellos/host_access_control pam-auth --status | grep remember=

Change the password history.
To comply with U.S. U.S. Department of Defense security and PCI-DSS requirements, set the password history policy to 5. This ensures that an account cannot reuse any of the five previous passwords assigned to the account. If necessary, replace that value with one that is compliant with your local site policies.
```
# /opt/oracle.cellos/host_access_control pam-auth --remember 5
```

To verify the setting, repeat Step 2.

Copyright © 2020, Oracle and/or its affiliates.