使用此程序即可確認或識別,針對區域和虛擬機器所設定的安全設定檔。
如需如何存取系統的指示,請參閱「Oracle MiniCluster S7-2 Administration Guide」。
範例:
# su root
在此範例中,每個 VM 會有各自的記錄檔:
# cd /var/opt/oracle.minicluster/mcmubui/MCMU/verification_logs # ls verify_appvmg1-zone-1-mc4-n1.log verify_dbvmg1-zone-3-mc4-n1.log verify_appvmg1-zone-1-mc4-n2.log verify_dbvmg1-zone-3-mc4-n2.log verify_dbvmg1-zone-1-mc4-n2.log verify_dbvmg1-zone-4-mc4-n1.log verify_dbvmg1-zone-2-mc4-n1.log verify_dbvmg1-zone-4-mc4-n2.log verify_dbvmg1-zone-2-mc4-n2.log #
檢視記錄檔的最後幾行。如果顯示 (PCI-DSS),則 VM 的安全設定檔是 PCI-DSS。如果未列出任何設定檔,則 VM 的安全設定檔是「CIS 等效」。
使用 PCI-DSS 設定檔之 VM 的最後 22 行範例:
# tail -22 verify_dbvmg1-zone-1-mc4-n2.log (PCI-DSS) Checking /etc/cron.d/at.allow: Passed/Configured (PCI-DSS) Checking audit configuration (user audit flags): Passed/Configured (PCI-DSS) Checking audit configuration (non-attributable audit flags): Passed/Configured (PCI-DSS) Checking audit configuration (audit_binfile plugin): Passed/Configured (PCI-DSS) Checking audit flags on root and tadmin roles: Passed/Configured Check if tenant-key exists in keystore: Passed/Configured Check if immutability is enabled: Failed/Not Configured
使用「CIS 等效」設定檔之 VM 的最後 22 行範例:
# tail -22 verify_dbvmg1-zone-1-mc4-n2.log Checking if NDP routing daemon is disabled: Passed/Configured Checking if r-protocol services are disabled: Passed/Configured Checking if rpc/bind is enabled and configured correctly: Passed/Configured Checking if NFS v2/v3 is disabled: Passed/Configured Checking if GDM is enabled: Failed/Not Configured Check if tenant-key exists in keystore: Passed/Configured Check if immutability is enabled: Failed/Not Configured