Re: Rhel BootLoader, Single-user mode password & Interactive Boot in a Cloud environment

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 22/10/14 04:44 AM, Sunhux G wrote:
We run cloud service & our vCenter is not accessible to our tenants
and their IT support; so I would say console access is not feasible
unless the tenant/customer IT come to our DC.

If the following 3 hardenings are done our tenant/customer RHEL
Linux VM, what's the impact to the tenant's sysadmin & IT operation?


a) CIS 1.5.3 Set Boot Loader Password *:*
     if this password is set, when tenant reboot (shutdown -r)
     their VM each time, will it prompt for the bootloader
     password at console?  If so, is there any way the tenant,
     could still get their VM booted up if they have no access
     to vCenter's console?

b) CIS 1.5.4 Require Authentication for Single-User Mode *:*
     Does Linux allow ssh access while in single-user mode &
     can this 'single-user mode password' be entered via an
     ssh session (without access to console), assuming certain
     'terminal' service is started up / running while in single
     user mode

c) CIS 1.5.5 Disable Interactive Boot *:*
     what's the general consensus on this? Disable or enable?
     Our corporate hardening guide does not mention this item.
     So if the tenant wishes to boot up step by step (ie pausing
     at each startup script), they can't do it?

Feel free to add any other impacts that anyone can think of

Lastly, how do people out there grant console access to their
tenants in Cloud environment without security compromise
(I mean without granting vCenter access) : I heard that we can
customize vCenter to grant limited access of vCenter to
tenants, is this so?


Sun

Hi Sun,

  Did you mean to post this to the vmware mailing list?

--
Digimer
Papers and Projects: https://alteeve.ca/w/
What if the cure for cancer is trapped in the mind of a person without access to education?

--
Linux-cluster mailing list
Linux-cluster@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/linux-cluster




[Index of Archives]     [Corosync Cluster Engine]     [GFS]     [Linux Virtualization]     [Centos Virtualization]     [Centos]     [Linux RAID]     [Fedora Users]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite Camping]

  Powered by Linux