1. Administrator's Guide
  2. Managing Recovery Appliance
  3. Securing the Operations of the Recovery Appliance

5 Securing the Operations of the Recovery Appliance

The following steps harden the Recovery Appliance by reducing exposure to powerful users, like root and rasys and allowing improved auditing of maintenance actions. Although this procedure is optional for many installations and applications, establishing and using secure users is required for operations to be compliant with various regulatory mandates.

For purposes of example, the sample commands have three fictive users: bob, sue, and jim.

  1. Create named users and assign them db_user with user type admin with administration rights.

    The db_user user type admin replaces the usage of rasys for configuration and day-to-day Recovery Appliance management operations. This account can issue certain SQLPlus commands within its assigned privileges. 

    racli add db_user --user_type=admin --user_name=bob
racli add db_user --user_type=admin --user_name=sue

    In this example, bob and sue are given --user_type=admin for administration rights.

    Note:

    The db_user user type admin has limits of privileges, and cannot be used as sysdba in SQLPlus.

  2. Create ssh users for the Recovery Appliance.

    The admin_user account is a role for new named users who manage the Recovery Appliance from an operation's perspective. It permits operating system level operations on the Recovery Appliance that previously required root access, however admin_user is not root. 

    racli add admin_user --user_name=bob
racli add admin_user --user_name=jim
racli add admin_user --user_name=sue

    In this example, bob, sue and jim are given admin_user with administration rights.

  3. Disable ssh access for root and oracle.

    racli disable ssh

  4. Disable root access for root, oracle, and raadmin.

    racli disable root_access

  5. Disable rasys access.

    Note:

    Make sure that you have the db_user user type admin accounts and admin_user accounts before disabling rasys access. 
    racli disable rasys_user

  6. Disable sys remote access.

    racli disable sys_remote_access

  7. Validate the time service.

    Refer to Changing the CHRONY Servers.

  8. Validate that the Recovery Appliance is in compliance.

    racli run check --check_name=check_ra_compliance

    The above should return TRUE. The check_ra_compliance validates:

    • ssh access for root and oracle is disabled on all nodes.

    • rasys access is disabled.

    • sys remote access is disabled.

    • Time service is enabled.

    • Two or more admin_users for the Recovery Appliance have been established.

    • Two or more db_users who are admin have been established.

    If any of the above items are not completed, check_ra_compliance fails, because one or more security gaps still exist on the Recovery Appliance.

At the completion of the above steps:

  • The initial set of administrative users have been configured.
  • An audit trail of actions by administrative users is now possible.
  • Various commands are restricted to users with the proper permissions.
  • Certain commands are restricted to quorum operations requiring approval of others to finally be run.