Use this procedure to verify the security profile that is configured for the zones and VMs. To perform this procedure, you must access the system with a user account that has the root role.
For instructions, refer to Accessing the System in Oracle MiniCluster S7-2 Administration Guide.
For example:
% su root
In this example, there is one log file for each VM:
# cd /var/opt/oracle.minicluster/mcmubui/MCMU/verification_logs # ls verify_appvmg1-zone-1-mc4-n1.log verify_dbvmg1-zone-3-mc4-n1.log verify_appvmg1-zone-1-mc4-n2.log verify_dbvmg1-zone-3-mc4-n2.log verify_dbvmg1-zone-1-mc4-n2.log verify_dbvmg1-zone-4-mc4-n1.log verify_dbvmg1-zone-2-mc4-n1.log verify_dbvmg1-zone-4-mc4-n2.log verify_dbvmg1-zone-2-mc4-n2.log
View the last lines of the log file. If (PCI-DSS) is displayed, the VM's security profile is PCI-DSS. If no profile is listed, the VM's security profile is CIS Equivalent.
Example of the last 22 lines of a VM with a PCI-DSS profile:
# tail -22 verify_dbvmg1-zone-1-mc4-n2.log (PCI-DSS) Checking /etc/cron.d/at.allow: Passed/Configured (PCI-DSS) Checking audit configuration (user audit flags): Passed/Configured (PCI-DSS) Checking audit configuration (non-attributable audit flags): Passed/Configured (PCI-DSS) Checking audit configuration (audit_binfile plugin): Passed/Configured (PCI-DSS) Checking audit flags on root and tadmin roles: Passed/Configured Check if tenant-key exists in keystore: Passed/Configured Check if immutability is enabled: Failed/Not Configured
Example of the last 22 lines of a VM with a CIS Equivalent profile:
# tail -22 verify_dbvmg1-zone-1-mc4-n2.log Checking if NDP routing daemon is disabled: Passed/Configured Checking if r-protocol services are disabled: Passed/Configured Checking if rpc/bind is enabled and configured correctly: Passed/Configured Checking if NFS v2/v3 is disabled: Passed/Configured Checking if GDM is enabled: Failed/Not Configured Check if tenant-key exists in keystore: Passed/Configured Check if immutability is enabled: Failed/Not Configured