Disable Unnecessary Services (IB Switch)

Language:

Disable any services that are not required to support the operational and management requirements of the platform. By default, the IB switch employs a network secure-by-default configuration whereby nonessential services are already disabled. However, based upon customer security policies and requirements, it might be necessary to disable additional services.

Log into an IB switch as ilom-admin.
See Log Into an IB Switch.

Determine the list of services supported by the IB switch.
```
-> show /SP/services
```

Determine if a given service is enabled.
Replace servicename with the name of a service from Step 2.
```
-> show /SP/services/servicename servicestate
```
While the majority of services recognize and use the servicestate parameter to record whether the service is enabled or disabled, there are a few services such as servicetag, ssh, sso, and wsman that use a parameter called state. Regardless of the actual parameter used, a service is enabled if the service state parameter returns a value of enabled, as shown in these examples:
```
-> show /SP/services/https servicestate
/SP/services/https
Properties:
servicestate = enabled
```
```
-> show /SP/services/ssh state
/SP/services/ssh
Properties:
state = enabled
```

To disable a service that is no longer required, set the service state to disabled.
```
-> set /SP/services/http servicestate=disabled
```

Determine if any of these services should be disabled.
Depending on the tools and methods used, the HTTP and HTTPS browser services can be disabled if they are not required or used. Type:
```
-> set /SP/services/http servicestate=disabled
-> set /SP/services/http secureredirect=disabled
-> set /SP/services/https servicestate=disabled
```
- Browser Administrative Interface (HTTP, HTTPS):
  
  -> set /SP/services/http servicestate=disabled
  
  -> set /SP/services/http secureredirect=disabled
  
  -> set /SP/services/https servicestate=disabled