Professional Documents
Culture Documents
RHB - Oracle Linux 7 For EXADATA Hardening Standard 2.0
RHB - Oracle Linux 7 For EXADATA Hardening Standard 2.0
RHB - Oracle Linux 7 For EXADATA Hardening Standard 2.0
Version : 2.0
Viewing Security : Level 2 (Confidential)
Owner : Group IT Security
Creation Date : 05 Jan 2021
Publish Date : 19 Apr 2021
Effective Date : 19 Oct 2021
Document Author : Syasya Qistina Binti Shahzan
Endorsement
: Josh Woo Chin Wei
Department Head Name
RHB BANKING GROUP
Group IT Security Hardening Checklist: EXADATA
Added
Somasundram 1.1 19/04/21 Appendix A, B – QA Sign Off, Exception Sign Off
30 Nov 2022 2
Version 2.0
RHB BANKING GROUP
Group IT Security Hardening Standard: EXADATA
AUDIENCE
This document is intended for all staff of the Bank, in particular those who discharge their roles and
responsibilities as a System Administrator in RHB Banking Group – Group IT Infrastructure Services. Additional
information may be obtained by contacting the personnel listed below. The ‘Effective Date’ is a grace period
of six months from ‘Publish Date’ is applicable for review on existing settings to ensure the settings are up-
to-date as per latest hardening guideline.
DOCUMENT SUPPORT
Support
Name Department Contact
Level
Syasya Qistina Bt Shahzan Group IT Security Primary syasya.qistina.shahzan@rhbgroup.com
Darren Liew Jen Yang Group IT Security Primary liew.jen.yang@rhbgroup.com
Josh Woo Chin Wei Group IT Security Secondary woo.chin.wei@rhbgroup.com
30 Nov 2022 3
Version 2.0
RHB BANKING GROUP
Group IT Security Hardening Standard: EXADATA
CONTENTS
SUMMARY OF DOCUMENT CHANGES 2
AUDIENCE 3
DOCUMENT SUPPORT 3
1 OVERVIEW 5
1.1 Introduction 5
1.2 Scope 5
1.3 Reference 5
2 INITIAL SETUP 6
2.1 Filesystem Configuration 6
2.2 Configure Software Updates 6
2.3 Configuration of Security tools 7
2.4 Secure Boot Settings 7
2.5 Additional Process Hardening 7
2.6 Configure Sudo 7
2.7 Mandatory Access Control 7
2.8 Warning Banners 8
2.9 Services 9
3 NETWORK SECURITY CONFIGURATION 10
4 LOGGING AND AUDITING 11
4.1 Configure Logging 11
5 ACCESS, AUTHENTICATION AND AUTHORIZATION 11
5.1 Configure cron 11
5.2 SSH Server Configuration 12
5.3 Configure PAM 13
5.4 User Accounts and Environment 14
6 SYSTEM MAINTENANCE, FILE PERMISSIONS, USER & GROUP SETTING 14
6.1 System File Permissions 14
6.2 User and Group Settings 15
APPENDIX A 16
APPENDIX B 18
30 Nov 2022 4
Version 2.0
RHB BANKING GROUP
Group IT Security Hardening Standard: EXADATA
1 Overview
1.1 Introduction
This document defines the baseline security requirements that should be applied to Oracle Linux 7
EXADATA.
1.2 Scope
The following is the scope of security configuration for Oracle Linux 7 EXADATA:
a. Initial Setup
b. Services
c. Network Configuration
d. Logging and Auditing
e. Access, Authentication and Authorization
f. System Maintenance
1.3 Reference
“Compliance Level” refers to the assigned criticality level of each configuration setting and the corresponding
deviation requirement. This is necessary as each configuration setting has a different impact on system
security, hence, it would be inappropriate to standardize the deviation requirement across all settings
irrespective of the configuration setting.
30 Nov 2022 5
Version 2.0
RHB BANKING GROUP
Group IT Security Hardening Standard: EXADATA
2 Initial Setup
This section describes the required settings for security-related value in Oracle Linux 7 EXADATA.
30 Nov 2022 6
Version 2.0
RHB BANKING GROUP
Group IT Security Hardening Standard: EXADATA
30 Nov 2022 7
Version 2.0
RHB BANKING GROUP
Group IT Security Hardening Standard: EXADATA
30 Nov 2022 8
Version 2.0
RHB BANKING GROUP
Group IT Security Hardening Standard: EXADATA
2.9 Services
30 Nov 2022 9
Version 2.0
RHB BANKING GROUP
Group IT Security Hardening Standard: EXADATA
30 Nov 2022 10
Version 2.0
RHB BANKING GROUP
Group IT Security Hardening Standard: EXADATA
30 Nov 2022 11
Version 2.0
RHB BANKING GROUP
Group IT Security Hardening Standard: EXADATA
30 Nov 2022 12
Version 2.0
RHB BANKING GROUP
Group IT Security Hardening Standard: EXADATA
30 Nov 2022 13
Version 2.0
RHB BANKING GROUP
Group IT Security Hardening Standard: EXADATA
30 Nov 2022 14
Version 2.0
RHB BANKING GROUP
Group IT Security Hardening Standard: EXADATA
30 Nov 2022 15
Version 2.0
RHB BANKING GROUP
Group IT Security Hardening Standard: EXADATA
Appendix A
Section 1: Details
30 Nov 2022 16
Version 2.0
RHB BANKING GROUP
Group IT Security Hardening Standard: EXADATA
Section 3: QA Sign-Off
HARDENING PERFORMED BY (IT Infra): QA PERFORMED BY (IT Sec):
30 Nov 2022 17
Version 2.0
RHB BANKING GROUP
Group IT Security Hardening Standard: EXADATA
Appendix B
DETAIL OF EXCEPTIONS
30 Nov 2022 18
Version 2.0