Use the following procedure to configure Cloud Pak for Data System in accordance with STIG.
Before you begin
apadmin or an equivalent user to perform the following task.
- STIG compliance requires more than one DNS server to be configured. You can configure more than one DNS server by following the steps at Node side network configuration.
- Set up the banner file according to your company requirements. Information in the banner file is displayed whenever a user logs in to the Cloud Pak for Data System nodes via console or SSH.
- Run the apstop command.
[root@gt15-node1 ~]# apstop Successfully deactivated system
Run the security_compliance_manager command with any of the following
options in order to prepare the system for STIG hardening.
- --stigAll: Use this option to apply hardening on all applicable files.
- --stigSingleFile: Use this option to apply hardening for mentioned file only.
For more details about the security_compliance_manager command, see Security hardening with the security_compliance_manager tool.
- Run the apstart command to reactivate the platform.
[root@gt15-node1 ~]# apstart Successfully activated platform, appliance activation request sent