POWER7 information
Configuring Virtual I/O Server system security hardening
Set the security level to specify security hardening rules for your Virtual I/O Server system.
To implement system security hardening rules, you
can use the viosecure command
to specify a security level of high, medium, or low. A default set
of rules
is defined for each level. You can also set a level of default, which
returns
the system to the system standard settings and removes any level settings
that have been applied.
The low level security settings
are a subset of the medium level
security settings, which are a subset of the high level security settings.
Therefore, the high level is the most restrictive and provides
the
greatest level of control. You can apply all of the rules for a specified
level or select which rules to activate for your environment. By default,
no Virtual I/O Server security
levels are set; you must run the viosecure command
to modify
the settings.
Use the following tasks to configure the system security settings.
Setting a security level
To set a Virtual I/O Server security
level of high, medium, or low, use the command viosecure -level. For example:
viosecure -level low -apply
Changing the settings in a security level
To set a Virtual I/O Server security
level in which you specify which hardening rules to apply for the
setting,
run the viosecure command interactively. For
example:
- At the Virtual I/O Server command line, type viosecure -level high. All the security level options (hardening rules) at that level are displayed ten at a time (pressing Enter displays the next set in the sequence).
- Review the options displayed and make your selection by entering the numbers, separated by a comma, that you want to apply, or type ALL to apply all the options or NONE to apply none of the options.
- Press Enter to display the
next set of options,
and continue entering your selections.Note: To exit the command without making any changes, type "q".
Viewing the current security setting
To
display the current Virtual I/O Server security
level setting use the viosecure command with the -view flag. For example:
viosecure -view
Removing security level settings
- To unset any previously set system security levels and return the system to the standard system settings, run the following command: viosecure -level default
- To remove the security settings that have been applied, run the following command: viosecure -undo