IBM Support

Linux applications required by ISDM deployment

Question & Answer


Question

Which Linux applications are required by IBM Service Delivery Manager (ISDM) deployment and which ones can be removed?

Cause

You are being asked to disable various Linux applications on your ISDM server.

The following list represents an example environment with applications installed. You need to know which applications can be safely removed or changed (as indicated) without impacting your ISDM deployment.

  • Require Authentication for Single-User Mode
  • Restrict Core Dumps
  • Configure ExecShield
  • Enable Randomized Virtual Memory Region Placement
  • Remove telnet Clients
  • Remove rsh
  • Remove NIS Client
  • Remove NIS Client
  • Remove tftp
  • Remove tftp-server
  • Set Daemon umask
  • Remove the X Window System
  • Disable Print Server - CUPS
  • Remove DHCP Server
  • Configure Network Time Protocol (NTP)
  • Remove LDAP
  • Disable NFS and RPC
  • Remove DNS Server
  • Remove Samba
  • Remove HTTP Proxy Server
  • Disable IP Forwarding
  • Disable Send Packet Redirects
  • Disable Source Routed Packet Acceptance
  • Disable ICMP Redirect Acceptance
  • Log Suspicious Packets
  • Enable Bad Error Message Protection
  • Enable TCP SYN Cookies
  • Install TCP Wrappers
  • Enable IPtables
  • Restrict at Daemon
  • Restrict at/cron to Authorized Users
  • Set SSH MaxAuthTries to 4 or Less
  • Set SSH IgnoreRhosts to Yes
  • Set SSH HostbasedAuthentication to No
  • Disable SSH Root Login
  • Set SSH PermitEmptyPasswords to No
  • Do Not Allow Users to Set Environment Options
  • Use Only Approved Cipher in Counter Mode
  • Set Idle Timeout Interval for User Login
  • Limit Access of SSH
  • Set SSH Banner
  • Set Password Creation Requirement Parameters Using pam_cracklib
  • Set Lockout for Failed Password Attempts
  • Limit Password Reuse
  • Restrict Access to the su Command
  • Remove telnet Clients
  • Remove rsh
  • Remove NIS Client
  • Remove tftp
  • Remove tftp-server
  • Remove the X Window System
  • Disable Print Server - CUPS
  • Remove DHCP Server
  • Configure Network Time Protocol (NTP)
  • Remove LDAP
  • Disable NFS and RPC
  • Remove DNS Server
  • Remove Samba
  • Remove HTTP Proxy Server
  • Disable IP Forwarding
  • Enable TCP SYN Cookies
  • Install TCP Wrappers
  • Restrict at Daemon
  • Disable SSH Root Login

Answer

IMPORTANT: Before you make any changes, always take a snapshot of your ISDM environment. When possible, apply any changes first to your test environment and verify before you apply to production.

Regarding the example list above, you cannot remove or change the following applications without impacting ISDM:

  • Require Authentication for Single-User Mode
  • Enable Randomized Virtual Memory Region Placement
  • Do Not Allow Users to Set Environment Options
  • Set SSH MaxAuthTries to 4 or Less
  • Set SSH HostbasedAuthentication to No
  • Set SSH PermitEmptyPasswords to No
  • Use Only Approved Cipher in Counter Mode
  • Limit Access of SSH
  • Restrict Access to the su Command
  • Remove tftp
  • Remove tftp-server
  • Remove NIS Client
  • Remove DHCP Server
  • Remove LDAP
  • Disable NFS and RPC
  • Remove DNS Server
  • Restrict at Daemon
  • Remove HTTP Proxy Server
  • Disable SSH Root Login

[{"Product":{"code":"SSBH2C","label":"IBM Service Delivery Manager"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"General Information","Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.2.4","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
17 June 2018

UID

swg2C1000083

Page Feedback