The ClearPath Forward Hardening Tools are scripts that help you apply configuration files containing hardening parameter settings on a target operating system. You can also use the hardening tools to audit your current operating system security settings, generate a report, or apply a different configuration file to remove or restore hardening parameter settings. The hardening tools contain brief descriptions of the security parameters, and the effect of enabling or disabling the settings. For detailed descriptions, refer to the extensive documentation available from the operating system vendors and industry security experts (see list in Hardening Your Operating System).
For user convenience, as a starting point, Unisys developed a series of configuration files describing levels of hardening with predefined security levels Unisys recommends for operating environments in the fabric.
You can create your own configuration files with customized settings to suit your particular needs: Create a local copy of one of the supplied configuration files, and then modify the settings in it.
Note: The supplied configuration files are only a starting point Unisys provides for your convenience, and are based upon best practices as of May 2015. For current best practices, consult your Unisys service representative.
Requirements for Use of ClearPath Forward Hardening Tools
The ClearPath Forward Hardening Tools have been qualified for use with the following operating systems:
Windows Server 2008 R2 SP1
Windows Server 2012
SUSE Linux Enterprise Server (SLES) 11 SP3
Red Hat Enterprise Linux (RHEL) 6.4
If you wish to use the hardening tools on a later version of an operating system that is supported for use with the fabric, contact your Unisys sales representative for assistance. For more details on the latest list of supported operating systems, refer to the ClearPath Forward Supported Operating Systems link that is available from the ClearPath Forward portion of the Unisys Product Support site.
Levels of Hardening for Windows Operating Systems Predefined by Unisys
The security settings for operating systems commissioned with Unisys-supplied blueprints are the same settings provided by Microsoft; and the security settings for operating systems commissioned with customer-supplied blueprints are the same settings as when you created your customer-supplied operating system image.
None – Default level until the initial run of the ClearPath Forward Hardening Tool for Windows.
If you changed any security settings in the operating system, your default reflects the base security settings provided out of the box plus any custom security settings that you have manually applied to the operating system.
Note: The value of None is not a valid option when running the hardening tool.
0 – Settings for level 0 are captured when the hardening tool is first run. A snapshot of the existing settings is saved as level 0, thereby providing a baseline for rollback purposes if needed.
Note: If you changed settings in your operating system before running the ClearPath Forward Hardening Tool for Windows for the first time, the modified settings will be captured and saved as the baseline (that is, as level 0 of hardening).
1 – Medium hardened, defined by Unisys as the recommended hardened state.
2 – Extremely hardened, defined by Unisys for use when high levels of security are needed. However, these settings may prevent some applications from running or stop some operations from working.
Levels of Hardening for Linux Operating Systems Predefined by Unisys
The security settings for operating systems commissioned with Unisys-supplied blueprints are the same settings provided by SUSE or Red Hat; and the security settings for operating systems commissioned with customer-supplied blueprints are the same settings as when you created your customer-supplied operating system image.
None – Default level of security settings that are provided out of the box by the Linux operating system vendor.
Notes:
The value of None is not a valid option when running the hardening tool.
If you wish to save a copy of these security settings as a baseline for rollback purposes, you can create a configuration file based on the existing settings. See Capturing a Snapshot of Existing Security Settings for more information.
0 – Minimally hardened, defined by Unisys (as of May 2015) as bare minimum security.
1 – Medium hardened, defined by Unisys as the recommended hardened state.
2 – Extremely hardened, defined by Unisys for use when high levels of security are needed. However, these settings may prevent some applications from running or stop some operations from working.