Oracle® Fabric OS 1.0.2 Security Guide

Exit Print View

Updated: November 2016
 
 

User Security

The following topics describe security guidelines that you should follow for the Oracle Fabric OS.

User Accounts

The system is delivered with two default management accounts. Enforce complex passwords for these accounts through policy.

  • root – Allows complete administrative access to the underlying Linux-based Oracle Fabric OS. Security credentials are controlled by Oracle Enterprise Linux 6.7 (UEK 4).

  • admin – Allows administrative access to the Oracle Fabric OS management tools and security, including the ability to create new user accounts. These uses have access to the chassis configuration, but they cannot reconfigure Linux settings. The Oracle Fabric OS supports password hardening though the set system password command. Use the procedure below to prevent an attacker from creating users on the system in a way that exploits these accounts

To avoid the shared use of accounts and passwords, provide each Oracle Fabric OS user with a unique user name and password, and assign the proper role to match the user's tasks.

The Oracle Fabric OS users are not allowed to modify anything at the Linux level. Five types of roles are supported for Oracle Fabric OS users:

  • Administrator – Superuser. Allows creation, editing, and management of the Oracle Fabric OS.

  • Network – Allows creation, editing, and deletion of server profiles, vNICs, Ethernet cards and ports, and network QoS.

  • Operator – Allows read-only access, including all show commands.

  • Server – Allows creation, editing, and deletion of server profiles, as well as the ability to operate the physical server.

  • Storage – Allows creation, editing, and deletion of server profiles for vHBAs, and FC I/O cards and ports.


Note -  Always assign users the least privilege required for their tasks.

User Account Password Criteria

Users are prompted for a password for authentication. Before you create user passwords, set the password strength by specifying criteria with the set system password-strength command in the Oracle Fabric OS. Use the following criteria:

  • min-length – Sets the minimum number of characters allowed for the password string.

  • min-lower-case – Sets the minimum number of lowercase letters required for passwords.

  • min-number – Sets the minimum number of numbers required for passwords.

  • min-special – Sets the minimum number of special characters required for passwords.

  • min-upper-case – Sets the minimum number of uppercase letters required for passwords.


Note -  When you install the system, determine the password strength criteria before you create user passwords. Configure user password strength to adhere to your organizational security policy.