Our TEL team is working with Customer State Bank of India to operationalise one new SSS 3500 that we sold to customer to replace the existing Gen2 GLS2 SSS Storage.
As part of the internal security practices the State Bank of India runs their own scans on all their devices is asking the TEL team to help close the discovered vulnerabilities . For few of the changes sought the DEV team has requested the Tel team to help raise RFE for these so this configs can be tested in dev setup and post which the dev team can confirm if same can be implemented in customers SSS3500 storage.
There are multiple vulnerabilities noted , as per discussion with TEL & Dev team raising at high level 5 RFE where the related vulnerabilities are bunched
Control Objective - 2.15.1. Uncommon Network Protocols to be disabled
Control Statement - The Linux kernel modules support several network protocols that are not commonly used. If these protocols are not needed, it is recommended that they be disabled in the kernel.
Risk/Impact - If the protocol is not required, it is recommended that the drivers not be installed to reduce the potential attack surface.
Recommendations/ Implementation Steps -
Edit or create a file in the /etc/modprobe.d/ directory ending in .conf and add the following line:
install dccp /bin/true
install sctp /bin/true
install rds /bin/true
install tipc /bin/true
Dev teams Comment - Please open an RFE so that we can investigate the ramifications of changing this.
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Control Objective - 2.17.1. Ensure auditd is installed
Control Statement - System auditing, through auditd, allows system administrators to monitor their systems such that they can detect unauthorized access or modification of data. By default, auditd will audit SELinux AVC denials, system logins, account modifications, and authentication events. Events will be logged to /var/log/audit/audit.log.
Risk/Impact - It is important that an appropriate size is determined for log files so that they do not impact the system and audit data is not lost.
Recommendations/ Implementation Steps -
Run the following command to Install auditd
# dnf install audit audit-libs
Run the following command to enable auditd: # systemctl --now enable auditd
Dev teams Comment - Please open an RFE so that we can investigate the ramifications of changing this.
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Control Objective - 2.17.2. Ensure events that modify the system's Mandatory Access Controls are collected
Control Statement - Monitor SELinux mandatory access controls. The parameters below monitor any write access (potential additional, deletion or modification of files in the directory) or attribute changes to /etc/apparmor and /etc/apparmor.d directories.
Risk/Impact - Changes to files in these directories could indicate that an unauthorized user is attempting to modify access controls and change security contexts, leading to a compromise of the system.
Recommendations/ Implementation Steps -
Edit or create a file in the /etc/audit/rules.d/ directory ending in .rules and add the following lines:
-w /etc/selinux/ -p wa -k MAC-policy
-w /usr/share/selinux/ -p wa -k MAC-policy
Dev teams Comment - SELinux is available today. It is not the default. Please open an RFE so that we can investigate the ramifications of changing this.
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Control Objective -2.17.1. Ensure auditd is installed
Control Statement - System auditing, through auditd, allows system administrators to monitor their systems such that they can detect unauthorized access or modification of data. By default, auditd will audit SELinux AVC denials, system logins, account modifications, and authentication events. Events will be logged to /var/log/audit/audit.log.
Risk/Impact - It is important that an appropriate size is determined for log files so that they do not impact the system and audit data is not lost.
Recommendations/ Implementation Steps -
Run the following command to Install auditd
# dnf install audit audit-libs
Run the following command to enable auditd: # systemctl --now enable auditd
Dev teams Comment - Please open an RFE so that we can investigate the ramifications of changing this.
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Control Objective - 2.17.2. Ensure events that modify the system's Mandatory Access Controls are collected
Control Statement - Monitor SELinux mandatory access controls. The parameters below monitor any write access (potential additional, deletion or modification of files in the directory) or attribute changes to /etc/apparmor and /etc/apparmor.d directories.
Risk/Impact - Changes to files in these directories could indicate that an unauthorized user is attempting to modify access controls and change security contexts, leading to a compromise of the system
Recommendations/ Implementation Steps -
Edit or create a file in the /etc/audit/rules.d/ directory ending in .rules and add the following lines:
-w /etc/selinux/ -p wa -k MAC-policy
-w /usr/share/selinux/ -p wa -k MAC-policy
Dev teams Comment - SELinux is available today. It is not the default. Please open an RFE so that we can investigate the ramifications of changing this.
