Note: The ClearPath Forward Hardening Tool for Linux has been qualified for use with the following operating systems:
SUSE Linux Enterprise Server (SLES) 11 SP3
Red Hat Enterprise Linux (RHEL) 6.4
The ClearPath Forward Hardening Tool for Linux provides configuration files with predefined security levels for improving the security of the operating system. The hardening script is available at /usr/bin/harden.
The system administrator can use the tool to
Compare the current state of the security settings of the operating system to details in a configuration file to see if a particular setting is enabled or disabled.
An example of a command for verifying the current state of the security settings of the operating system to a particular configuration file:
harden -c /var/lib/harden/configs/Harden-SLES11SP3-Level1-default.cfg
Audit the current state of the security settings of the operating system and generate a report describing areas that could be hardened to further improve security.
Note: As some recommendations may conflict with application needs, be sure to consider the requirements of applications on the partition before modifying any settings.
An example of a command for performing an audit of the security settings of the operating system and generating a report of possible steps than can be taken to improve the security of the operating system:
harden -r
Create a configuration file based on the current state of the security settings of the operating system.
An example of creating a configuration file based on the current state of the security settings of the operating system:
harden -o /tmp/my_custom_settings.cfg
The administrator may edit the file to enable or disable a number of the settings before applying the custom configuration file.
Apply a configuration file to adjust security policies on the operating system.
An example of a command for applying a particular configuration file:
harden -i /var/lib/harden/configs/Harden-SLES11SP3-Level1-default.cfg