06-22-2012 01:37 AM
Do you where i could find all we have to do to harden a linux before installing a STM on?
Any White paper or experience feedback will be great !
06-25-2012 03:08 AM
Chapters 23 and 24 of the user manual (https://support.riverbed.com/docs/stingray/trafficmanager.htm) describe the secure installation and adminstration of the Stingray software, with information that will help you firewall off the management ports and traffic (unless you've already configured an explicit management network)
Stingray software puts very little requirements on the underlying operating system; other than a base install, the only service that many users leave running is ssh (for remote OS administration). Securing a Stingray host is much like securing any other Linux server (webserver, mail server) and you should be able to find appropriate documentation for your preferred Linux distro.
06-25-2012 06:43 AM
In addition to securing the access as you mentionned, i found those information :
Desactivate Firewall services : iptables et ip6tables (performances reasons)
Desactivation of others services : Iptables, ip6tablesm, irqbalance, cpuspeed, sendmail, isdn, autofs yum-updatesd, nfslock, avahi-daemon
Hace a nice day !
05-17-2013 04:13 AM
Those are wise steps - you can disable almost all services on your Linux host. For example, on our virtual appliance, the only services other than Stingray are SNMP, NTP (so that you can sync from the Stingray clock) and SSH (for remote administration), and we advise that you firewall these off so that they cannot be accessed from outside your org.
This document: Tuning Stingray Traffic Manager and this discussion Port scan on a VIP shows UDP port 123 and 161 open may help too.