Depending on the Linux operating system, perform one of the following actions:
For Linux 5 operating system, perform the following actions:
Prerequisites: Download the following installation packages:
Note:
To download the required rpm and zip files, navigate to My Oracle Support and download the required patch (Patch number 23498419).
exalytics-hardening-1.0.0.8-3.noarch.rpm
Download the U_RedHat_5_V1R14_STIG_SCAP_1-1_Benchmark.zip file from the following location:
The openscap utility can be installed by using the yum channel. To manually install the utility download the following files from the yum channel (ol5_x86_64_latest):
openscap-utils-1.0.8-1.el5_10.x86_64.rpm
openscap-1.0.8-1.el5_10.x86_64.rpm
To install the exalytics hardening file, run the following command:
# rpm -ivh exalytics-hardening-1.0.0.8-3.noarch.rpm
To run the stigfix script as a root user, run the following command:
# /opt/exalytics/stigfix/bin/stigfix
Note:
If you are prompted to create a non-root user, run the following commands:
# useadd <User>
# passwd <PWD>
Where, <User> and <PWD> are the user name and password of the non-root user respectively.
To install the oscap utility, run the following command:
# rpm -ivh -nosignature openscap*
Note:
To verify if the oscap utility is installed, run the following command:
# which oscap
The following output is displayed, if the oscap utility is installed:
# /usr/bin/oscap
To unzip the U_RedHat_5_V1R14_STIG_SCAP_1-1_Benchmark file, run the following command:
# unzip U_RedHat_5_V1R14_STIG_SCAP_1-1_Benchmark.zip
Run the following commands:
# export PATH=/usr/bin:/usr/sbin:$PATH
# oscap xccdf eval --results results-xccdf.xml --oval-results --cpe U_RedHat_5_V1R14_STIG_SCAP_1-1_Benchmark-cpe-dictionary.xml U_RedHat_5_V1R14_STIG_SCAP_1-1_Benchmark-xccdf.xml
# oscap xccdf generate report --output results-xccdf.html results-xccdf.xml
You can view the generated scan report in the results-xccdf.html file.
For Linux 6 operating system, perform the following actions:
Prerequisites: Download the following installation packages:
Note:
To download the required rpm and zip files, navigate to My Oracle Support and download the required patch (Patch number 23498270).
exalytics-hardening-2.0.0.1-13_el6.noarch.rpm
Download the U_RedHat_6_V1R10_STIG_SCAP_1-1_Benchmark.zip file from the following location:
The openscap utility can be installed by using the yum channel. To manually install the utility download the following files from the yum channel (ol6_x86_64_latest):
fakeroot-1.12.2-22.2.el6.x86_64.rpm fakeroot-libs-1.12.2-22.2.el6.x86_64.rpm openscap-1.0.10-3.0.2.el6.x86_64.rpm openscap-scanner-1.0.10-3.0.2.el6.x86_64.rpmopenscap-utils-1.0.10-3.0.2.el6.x86_64.rpmrpmdevtools-7.5-2.0.1.el6.noarch.rpm
To install the exalytics hardening file, run the following command:
# rpm -ivh exalytics-hardening-2.0.0.1-13_el6.noarch.rpm
To run the stigfix script as a root user, run the following command:
# /opt/exalytics/stigfix/bin/stigfix
Note:
If you are prompted to create a non-root user, run the following commands:
# useadd <User>
# passwd <PWD>
Where, <User> and <PWD> are the user name and password of the non-root user respectively.
To install the oscap utility, run the following commands:
# rpm -ivh -nosignature fakeroot* # rpm -ivh -nosignature rpmdevtools* # rpm -ivh -nosignature openscap*
Note:
To verify if the oscap utility is installed, run the following command:
# which oscap
The following output is displayed if the oscap utility is installed:
# /us/bin/oscap
To unzip the U_RedHat_6_V1R10_STIG_SCAP_1-1_Benchmark file, run the following command:
# unzip U_RedHat_6_V1R10_STIG_SCAP_1-1_Benchmark.zip
Run the following commands:
# export PATH=/usr/bin:/usr/sbin:$PATH
# oscap xccdf eval --results results-xccdf.xml --oval-results --cpe U_RedHat_6_V1R10_STIG_SCAP_1-1_Benchmark-cpe-dictionary.xml U_RedHat_6_V1R10_STIG_SCAP_1-1_Benchmark-xccdf.xml
# oscap xccdf generate report --output results-xccdf.html results-xccdf.xml
You can view the generated scan report in the results-xccdf.html file.
Parent topic: Hardening an Exalytics Machine