POWER7 information

Configuring Virtual I/O Server system security hardening

Set the security level to specify security hardening rules for your Virtual I/O Server system.

To implement system security hardening rules, you can use the viosecure command to specify a security level of high, medium, or low. A default set of rules is defined for each level. You can also set a level of default, which returns the system to the system standard settings and removes any level settings that have been applied.
The low level security settings are a subset of the medium level security settings, which are a subset of the high level security settings. Therefore, the high level is the most restrictive and provides the greatest level of control. You can apply all of the rules for a specified level or select which rules to activate for your environment. By default, no Virtual I/O Server security levels are set; you must run the viosecure command to modify the settings.

Use the following tasks to configure the system security settings.

Parent topic: Security on the Virtual I/O Server

Setting a security level

To set a Virtual I/O Server security level of high, medium, or low, use the command viosecure -level. For example:
viosecure -level low -apply

Changing the settings in a security level

To set a Virtual I/O Server security level in which you specify which hardening rules to apply for the setting, run the viosecure command interactively. For example:
  1. At the Virtual I/O Server command line, type viosecure -level high. All the security level options (hardening rules) at that level are displayed ten at a time (pressing Enter displays the next set in the sequence).
  2. Review the options displayed and make your selection by entering the numbers, separated by a comma, that you want to apply, or type ALL to apply all the options or NONE to apply none of the options.
  3. Press Enter to display the next set of options, and continue entering your selections.
    Note: To exit the command without making any changes, type "q".

Viewing the current security setting

To display the current Virtual I/O Server security level setting use the viosecure command with the -view flag. For example: 
viosecure -view

Removing security level settings

  • To unset any previously set system security levels and return the system to the standard system settings, run the following command: viosecure -level default
  • To remove the security settings that have been applied, run the following command: viosecure -undo

Send feedback Rate this page

Last updated: Thu, April 05, 2018