HMC hardening profile
The Hardware Management Console (HMC) profile hardens security on the HMC appliance. A list of hardening settings have been identified for this environment.
HMC hardening profile
| Group | Requirement | Location of the script that modifies the setting |
|---|---|---|
| HMC policy recommendations | Implements HMC Linux Requirement: HMC Logon Banner. | /etc/security/pscxpert/bin/adapter
/etc/security/pscxpert/bin/hmc_logon_banner Arguments: |
| HMC policy recommendations | Implements HMC Linux Requirement: HMC Local Accounts. | /etc/security/pscxpert/bin/adapter
/etc/security/pscxpert/bin/hmc_remove_local_accounts Arguments: |
| HMC policy recommendations | Implements HMC Linux Requirement: HMC Password Rules. | /etc/security/pscxpert/bin/adapter
/etc/security/pscxpert/bin/hmc_password_policy Arguments:
|
| HMC policy recommendations | Implements HMC Linux Requirement: HMC Empty Passwords Validation. | /etc/security/pscxpert/bin/adapter
/etc/security/pscxpert/bin/hmc_user_accounts Arguments:
|
| HMC policy recommendations | Implements HMC Linux Requirement: HMC Guest Accounts Validation. | /etc/security/pscxpert/bin/adapter
/etc/security/pscxpert/bin/hmc_user_accounts Arguments:
|
| HMC policy recommendations | Implements HMC Linux Requirement: HMC Automatic Call Answering. | /etc/security/pscxpert/bin/adapter
/etc/security/pscxpert/bin/hmc_automatic_call_answering Arguments: |
| HMC policy recommendations | Implements HMC Linux Requirement: HMC Verify LDAP. | /etc/security/pscxpert/bin/adapter
/etc/security/pscxpert/bin/hmc_verify_ldap Arguments: |
| HMC policy recommendations | Implements HMC Linux Requirement: HMC User Roles Restriction. | /etc/security/pscxpert/bin/adapter
/etc/security/pscxpert/bin/hmc_user_roles Arguments: |
| HMC policy recommendations | Implements HMC Linux Requirement: HMC Remote Logging Validation. | /etc/security/pscxpert/bin/adapter
/etc/security/pscxpert/bin/hmc_remote_logging Arguments: |
| Login policy recommendations | Implements HMC Requirement V-24359: Limit repeated access attempts by locking out the user ID after not more than three attempts. | /etc/security/pscxpert/bin/adapter
/etc/security/pscxpert/bin/hmc_web_user_properties Arguments:
|
| Login policy recommendations | Implements HMC Requirement V-25404: Set the lockout duration to a minimum of 30 minutes or until administrator enables the user ID. | /etc/security/pscxpert/bin/adapter
/etc/security/pscxpert/bin/hmc_web_user_properties Arguments:
|
| Login policy recommendations | Implements HMC Requirement V-25404: Set the session timeout to 120. | /etc/security/pscxpert/bin/adapter
/etc/security/pscxpert/bin/defaccounts Arguments:
|