5 Securing the Operations of the Recovery Appliance
The following steps harden the Recovery Appliance by reducing exposure to powerful users, like root
and rasys
and allowing improved auditing of maintenance actions. Although this procedure is optional for many installations and applications, establishing and using secure users is required for operations to be compliant with various regulatory mandates.
For purposes of example, the sample commands have three fictive users: bob
, sue
, and jim
.
-
Create named users and assign them
db_user
with user typeadmin
with administration rights.The
db_user
user typeadmin
replaces the usage ofrasys
for configuration and day-to-day Recovery Appliance management operations. This account can issue certain SQLPlus commands within its assigned privileges.racli add db_user --user_type=admin --user_name=bob racli add db_user --user_type=admin --user_name=sue
In this example,
bob
andsue
are given--user_type=admin
for administration rights.Note:
Thedb_user
user typeadmin
has limits of privileges, and cannot be used assysdba
in SQLPlus. -
Create
ssh
users for the Recovery Appliance.The
admin_user
account is a role for new named users who manage the Recovery Appliance from an operation's perspective. It permits operating system level operations on the Recovery Appliance that previously requiredroot
access, howeveradmin_user
is notroot
.racli add admin_user --user_name=bob racli add admin_user --user_name=jim racli add admin_user --user_name=sue
In this example,
bob
,sue
andjim
are givenadmin_user
with administration rights. -
Disable
ssh
access forroot
andoracle
.racli disable ssh
-
Disable
root
access forroot
,oracle
, andraadmin
.racli disable root_access
-
Disable
rasys
access.Note:
Make sure that you have thedb_user
user typeadmin
accounts andadmin_user
accounts before disablingrasys
access.racli disable rasys_user
-
Disable
sys
remote access.racli disable sys_remote_access
-
Validate the time service.
Refer to Changing the CHRONY Servers.
-
Validate that the Recovery Appliance is in compliance.
racli run check --check_name=check_ra_compliance
The above should return
TRUE
. Thecheck_ra_compliance
validates:-
ssh
access forroot
andoracle
is disabled on all nodes. -
rasys
access is disabled. -
sys
remote access is disabled. -
Time service is enabled.
-
Two or more
admin_users
for the Recovery Appliance have been established. -
Two or more
db_users
who areadmin
have been established.
If any of the above items are not completed,
check_ra_compliance
fails, because one or more security gaps still exist on the Recovery Appliance. -
At the completion of the above steps:
- The initial set of administrative users have been configured.
- An audit trail of actions by administrative users is now possible.
- Various commands are restricted to users with the proper permissions.
- Certain commands are restricted to quorum operations requiring approval of others to finally be run.