[Linux-cluster] Rhel BootLoader, Single-user mode password & Interactive Boot in a Cloud environment
Digimer
lists at alteeve.ca
Wed Oct 22 10:46:22 UTC 2014
On 22/10/14 04:44 AM, Sunhux G wrote:
> We run cloud service & our vCenter is not accessible to our tenants
> and their IT support; so I would say console access is not feasible
> unless the tenant/customer IT come to our DC.
>
> If the following 3 hardenings are done our tenant/customer RHEL
> Linux VM, what's the impact to the tenant's sysadmin & IT operation?
>
>
> a) CIS 1.5.3 Set Boot Loader Password *:*
> if this password is set, when tenant reboot (shutdown -r)
> their VM each time, will it prompt for the bootloader
> password at console? If so, is there any way the tenant,
> could still get their VM booted up if they have no access
> to vCenter's console?
>
> b) CIS 1.5.4 Require Authentication for Single-User Mode *:*
> Does Linux allow ssh access while in single-user mode &
> can this 'single-user mode password' be entered via an
> ssh session (without access to console), assuming certain
> 'terminal' service is started up / running while in single
> user mode
>
> c) CIS 1.5.5 Disable Interactive Boot *:*
> what's the general consensus on this? Disable or enable?
> Our corporate hardening guide does not mention this item.
> So if the tenant wishes to boot up step by step (ie pausing
> at each startup script), they can't do it?
>
> Feel free to add any other impacts that anyone can think of
>
> Lastly, how do people out there grant console access to their
> tenants in Cloud environment without security compromise
> (I mean without granting vCenter access) : I heard that we can
> customize vCenter to grant limited access of vCenter to
> tenants, is this so?
>
>
> Sun
Hi Sun,
Did you mean to post this to the vmware mailing list?
--
Digimer
Papers and Projects: https://alteeve.ca/w/
What if the cure for cancer is trapped in the mind of a person without
access to education?
More information about the Linux-cluster
mailing list