Overview of System Hardening in XCO

Get an overview of techniques for hardening security in XCO.

Learn about security hardening guidance for ExtremeCloud Orchestrator (XCO), with an emphasis on the installation and usage of open source security tools to achieve a hardened operational security stance. It is assumed that you have some basic knowledge of security principles and operations of the Linux operating system and associated technologies.

Note: This document assumes that XCO has been installed in secure mode and is operational. For details on how to achieve this, refer to the ExtremeCloud Orchestrator CLI Administration Guide, 3.6.0 , which includes details on XCO security options and commands.

The following security hardening topics included in this document:

CIS-CAT security hardening: Details of a custom python script from Extreme Networks that hardens the underlying operating system.
Iptables firewall: Securing the XCO networking stance.
Grub boot loader security: How to set a hardened security posture for Grub.
System auditing with auditd: Instructions for monitoring various aspects of system runtime activities.
OSSEC HIDS installation and usage: A broad set of indicators relevant for host intrusion detection.
Authenticated NTP: How to ensure that NTP communications are authenticated.
Secure DNS: Details about encrypted DNS communications.
Detecting rootkits with rkhunter: Specialized run time checks for various types of Linux rootkits.