After correcting any errors,
return to step 25 You
will have the option to ignore system check errors. Select the next
component in the list in step 26. Continue
the process until cyber hygiene is to be installed. Important: Do not shut down the servers between installation
phases. Shutting the servers down between phases has not been tested
and can result in unpredictable results.
Cyber hygiene applies
best practice configurations to provide additional security to the IBM Intelligent Operations Center system.
Before installing cyber hygiene, complete the post-installation configuration.
Once the post-installation configuration is complete, return to step 24 and install
and run cyber hygiene. Components successfully installed when IBM Installation Manager was previously
run are checked. Do not uncheck these components or the components
will be uninstalled when IBM Installation Manager is run again.
If running in a virtualized environment, take a snapshot
with memory of all servers after an installation step successfully
complete and before installing the next component. This snapshot can
be used to restart the installation at a successful state should an
error occur.
To reduce the time cyber hygiene runs scans and
remediation, unmount any file system not required to be assessed for
security. For example, the install_media directories
on each server can be deleted after all installation steps are complete.
These directories can be deleted or unmounted before running cyber
hygiene.
Note: Cyber hygiene is installed and run in the same step.
Cyber
hygiene should be the last step before moving your system to production
status or when your system must address good security practices. All
applications and solutions should be installed and configured before
running cyber hygiene so the final system can be scanned and remediations
applied.
Changes applied to the system by cyber hygiene can
cause problem with other applications and solutions. For example,
other applications and solutions might have requirements on the Linux
environment that are not in accord with good security practices. An
application or solution might require for the system to be logged
on as the root user to be installed or run.
In this case some of the cyber hygiene changes might need to be temporarily
or permanently changed or another solution found from the supplier
of the application or solution.
Once cyber hygiene changes
are made, there is no automated method to change them. Any changes
must be made by manual updates to the Linux operating system or by
changing file or directory permissions.