Data Center Security

 View Only

  • 1.  DCS: Updating Kernel on Linux/UNIX OS w/o Rebooting

    Posted Oct 22, 2018 12:17 PM

    Hi Sirs,

    The nature of DCS does not allow any update or modification to kernel on Linux/UNIX OS.

    So in order to perform the update/modification on the kernel, my client is requires to disable DCS perform a reboot. Update their OS perform a reboot, enable back DCS and reboot again.

    This whole process require 3 reboot.

    Is there any fix or workaround to refrain them from doing 3 reboot.

     

    thank you .



  • 2.  RE: DCS: Updating Kernel on Linux/UNIX OS w/o Rebooting

    Posted Oct 22, 2018 07:26 PM

    You do not need to reboot to disable an IPS policy.  

    Three options:

    1) Use the policy override tool (requires hands on keyboard and rights given to user/group),  Select duration of override.   Perform system updates.  Reboot.  The policy will auto-revert to enforce mode after the choosen duration.  Note any violations to the policy will be logged, but allowed.

    2) Add the orchestration tool process or user to the Trusted Updaters/Full Privilege sandbox.  That process/user will always to be able to update the system.  Reboot.  I suggest allow-but-log everything in this sandbox for forensic purposes.

    3) Allow the user that is doing the updates to run the DCS tools via the policy.  Have the user run "sisipsconfig -r" command in Windows, "sisipsconfig.sh -r" in -nix.  Then perform updates.  Then reapply the policy "sisipsconfig -s" or "sisipsconfig.sh -s" and reboot.  Note that this method will NOT log anything, so while it can be handy to use from a script or tool, it is the least secure (no forensic data as to what actually happened)



  • 3.  RE: DCS: Updating Kernel on Linux/UNIX OS w/o Rebooting

    Posted Oct 22, 2018 07:28 PM

    You do not need to reboot to disable an IPS policy.  

    Three options:

    1) Use the policy override tool (requires hands on keyboard and rights given to user/group),  Select duration of override.   Perform system updates.  Reboot.  The policy will auto-revert to enforce mode after the choosen duration.  Note any violations to the policy will be logged, but allowed.

    2) Add the orchestration tool process or user to the Trusted Updaters/Full Privilege sandbox.  That process/user will always to be able to update the system.  Reboot.  I suggest allow-but-log everything in this sandbox for forensic purposes.

    3) Allow the user that is doing the updates to run the DCS tools via the policy.  Have the user run "sisipsconfig -r" command in Windows, "sisipsconfig.sh -r" in -nix.  Then perform updates.  Then reapply the policy "sisipsconfig -s" or "sisipsconfig.sh -s" and reboot.  Note that this method will NOT log anything, so while it can be handy to use from a script or tool, it is the least secure (no forensic data as to what actually happened)



  • 4.  RE: DCS: Updating Kernel on Linux/UNIX OS w/o Rebooting

    Posted Oct 22, 2018 09:06 PM

    Thank you Sir!

    Will try out the method. Appreciate your help.