Use the following procedure to configure Cloud Pak for Data System in accordance with STIG.
Before you begin
Make sure you stop the applications on Cloud Pak for Data System by running apstop. Log in as
apadmin or an equivalent user to perform the following task.
Procedure
-
STIG compliance requires more than one DNS server to be configured. You can configure more
than one DNS server by following the steps at Node side network configuration.
-
Set up the banner file according to your company requirements. Information in the banner file
is displayed whenever a user logs in to the Cloud Pak for Data System nodes via console or SSH.
- Run the apstop command.
apstop
[root@gt15-node1 ~]# apstop
Successfully deactivated system
-
Run the security_compliance_manager command with any of the following
options in order to prepare the system for STIG hardening.
- --stigAll: Use this option to apply hardening on all applicable files.
- --stigSingleFile: Use this option to apply hardening for mentioned file
only.
Example:
security_compliance_manager --stigAll
For more details about the
security_compliance_manager command, see
Security hardening with the security_compliance_manager tool.
- Run the apstart command to reactivate the platform.
apstart
[root@gt15-node1 ~]# apstart
Successfully activated platform, appliance activation request sent