2.1.5 Storage Server Security Hardening

Oracle Exadata System Software release 26.1.0 introduces new capabilities that harden storage server security. These changes reduce risk by enforcing least-privilege access and minimizing root usage, improving protection against credential compromise, unauthorized administrative actions, and other threat vectors often associated with ransomware attacks.

• The Exadata storage server built-in operating system (OS) user accounts (celladmin and cellmonitor) are restricted to run specific Cell Command Line Interface (CellCLI) and Exascale Command Line Interface (ESCLI) commands, along with a limited set of read-only Linux OS commands.

  Additionally, for Exascale environments, each OS user now uses a separate Exascale keystore (wallet) with appropriate corresponding credentials. By default, the wallet associated with celladmin provides Exascale administrator privileges, while the cellmonitor wallet provides read-only access to Exascale objects and metadata.

  These changes limit the ability to perform malicious operations using the celladmin and cellmonitor accounts if their credentials are compromised. They also prevent many possibilities for accidental damage through mistakes by legitimate users.

• Exadata storage servers can now be configured to disable SSH access using the root OS administration account. Additionally, Exadata administrators can define site-specific policies to enable or disable remote login using SSH.

  For example, by using the CellCLI ALTER CELL command to set the ACCESSLEVELPERM and ACCESSLEVELTEMP attributes, you can configure a storage server to nominally disable root SSH access but allow it for a specific time-bound maintenance window.

  This capability limits the opportunity to perform malicious operations using the root OS administration account if it is compromised.

• Exadata administrators can now configure SSH equivalence for the celladmin and cellmonitor accounts using CellCLI commands to CREATE SSHEQUIVALENCE, LIST SSHEQUIVALENCE, and DROP SSHEQUIVALENCE.

  This capability removes the requirement for root access to configure SSH equivalence and complements the ability to disable root SSH access.

• Oracle Exadata Deployment Assistant (OEDA) supports initial deployments using the celladmin OS user account. During these deployments, celladmin performs the deployment tasks, and root SSH access is disabled on all storage servers.

  This enables customers to adopt the strongest available security posture from the beginning of the Exadata deployment process and improves auditability by reducing root usage during deployment.