1. Manuals
  2. Brands
  3. Skybox Security Manuals
  4. Computer Hardware
  5. Appliance 8000
  6. Quick start manual

Skybox Security Appliance 8000 Quick Start Manual

Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
Skybox Appliance 8000
Quick Start Guide
11.4.100
CentOS Linux release 7.9.2009 (Core)
Skybox Security, Inc.
| 2077 Gateway Place, Suite 200, San Jose, CA 95110 USA | +1 866 675 9269 | skyboxsecurity.com

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the Appliance 8000 and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Summary of Contents for Skybox Security Appliance 8000

  • Page 1 Skybox Appliance 8000 Quick Start Guide 11.4.100 CentOS Linux release 7.9.2009 (Core) Skybox Security, Inc. | 2077 Gateway Place, Suite 200, San Jose, CA 95110 USA | +1 866 675 9269 | skyboxsecurity.com...
  • Page 2 The information and intellectual property contained herein are confidential and remain the exclusive intellectual property of Skybox Security. If you find any problems in the documentation, please report them to us in writing. Skybox Security does not warrant that this document is error-free.

  • Page 3: Table Of Contents

    Contents Contents 3 Overview Basic architecture Related documentation Skybox Appliance specifications Before you open the box What’s in the box Physical specifications Environmental specifications MTBF estimates for Skybox Appliance Front panel Back panel connectors File system partitions Setting up Skybox Appliance Hardware installation Starting Skybox Appliance System configuration...
  • Page 4 Skybox Appliance 8000 Quick Start Guide SSH hardening Firmware updates for Skybox Appliance Checking your firmware revision via the console Checking your firmware revision via RMM Preparing to update Updating via the console Updating via RMM Adding your own certificate...

  • Page 5: Overview

    Chapter 1 Overview Skybox® Appliance is a hardware solution that enables you to deploy Skybox without the burden of maintaining your own server. Skybox® is an Automated Risk and Compliance Management (ARCM) platform that helps enterprise IT departments to discover and resolve potential security and compliance risks before they impact your organization.

  • Page 6: Skybox Appliance Specifications

    Chapter 2 Skybox Appliance specifications This chapter contains product specifications and packaging information for your Skybox Appliance. Before you open the box Inspect the shipping carton to ensure that the packaging is not damaged and verify that all tamper evident seals are intact. Verify that the Appliance serial number, purchase order number, and FedEx tracking number match the information provided by Skybox Customer Support.

  • Page 7: Environmental Specifications

    Skybox Appliance 8000 Quick Start Guide FEATURE DESCRIPTION Intel® Embedded Server RAID Technology 2 (ESRT2) 1.41 with optional RAID 5 key support System cooling 6 managed 40 mm dual-rotor system fans 2 power supply fans Front panel 1 power button with integrated LED...

  • Page 8: Mtbf Estimates For Skybox Appliance

    Chapter 2 Skybox Appliance specifications PROPERTY LIMITS 2008 Air Discharge: 12.0 kV Contact Discharge: 8.0 kV System cooling 2352.3 BTU/hour for 115-volt power requirement 2302.3 BTU/hour for 220-volt power MTBF estimates for Skybox Appliance The estimated mean time between failures (MTBF) and Failures in Time (FIT) for Skybox Appliances 8000 and 8050 are listed in the following table.
  • Page 9 Skybox Appliance 8000 Quick Start Guide Power button and LEDs LETTER FEATURE System ID button with integrated LED NMI button (recessed; tool required for use) NIC1 activity LED System cold reset button System status LED Power button with integrated LED...

  • Page 10: Back Panel Connectors

    Chapter 2 Skybox Appliance specifications Back panel connectors The Appliance back panel includes the connectors shown in the following figure. By default: NIC1 / eno1 is enabled and configured as DHCP NIC2 / eno2 is enabled and configured as static with the IP address: 192.168.1.1 /24 You can change these values.

  • Page 11: Setting Up Skybox Appliance

    Chapter 3 Setting up Skybox Appliance This chapter explains how to set up Skybox Appliance. Hardware installation Warning: These Appliance models include high wattage and high clock speed CPUs. Failure to maintain an ambient operating temperature of 27° C (80° F) or below will void the manufacturer’s warranty.

  • Page 12: System Configuration

    Skybox Appliance 8000 Quick Start Guide System configuration Before running the Skybox Server, configure Skybox Appliance to be part of your network and perform initial system configuration. Configuring connection Before using the Skybox Appliance Administration, configure connection of Skybox to your...
  • Page 13 Chapter 3 Setting up Skybox Appliance Troubleshooting the RMM IP address To change the IP address of the RMM interface 1. Reboot the Appliance. 2. During the boot process, press F2 to open the BIOS setup. 3. From the menu, select Server Management. 4.
  • Page 14 Skybox Appliance 8000 Quick Start Guide Parity: none Stop bits: 1 Flow control: none (If using PuTTY as your terminal emulator) Character set translation on received data: UTF-8 3. Press the Power button on the Appliance front panel and verify that the Power LED is green.
  • Page 15 Chapter 3 Setting up Skybox Appliance Setting up the Appliance for configuration To configure the Appliance 1. In a browser, connect to Skybox Appliance Administration using the following URL: https://<Appliance IP address>:444 where is the IP address of the Appliance that you previously <Appliance IP address>...

  • Page 16: What's Next

    Skybox Appliance 8000 Quick Start Guide What’s next After installing and configuring the Appliance, you must install Skybox Manager on at least 1 remote machine (see Skybox Manager Installation). Skybox Manager is required to configure certain admin components within the product. However, almost all user functions are done in Skybox Web Client and not in Skybox Manager.

  • Page 17: Configuring The Appliance

    Chapter 4 Configuring the Appliance This chapter explains how to configure the Appliance. Configuration and management options Skybox Appliance configuration options are described in the following table. PANE DESCRIPTION About tab System Information Information about Skybox configuration Network tab Configuration changes made in this tab are only saved after you click Save Network Configuration. Network Enables you to configure network settings (connection method, IP address, Configuration...

  • Page 18: Setting Up Network Interface Bonding

    Skybox Appliance 8000 Quick Start Guide PANE DESCRIPTION SNMP Select Enable SNMP Service to set up SNMP configuration, host configuration, and sending traps (see Setting up SNMP configuration). You can also download the Appliance MIBs. Security tab Appliance Enables you to change the root password for the Appliance, the password for Passwords the Appliance Administration, and the RMM password.
  • Page 19 Chapter 4 Configuring the Appliance To view a list of the network interface bonding On the Network tab, click Network Configuration Summary. Supported bond modes This section lists supported bond modes. mode=0 (balance-rr) Round-robin policy: Transmits packets in sequential order from the 1st available slave to the last.

  • Page 20: Setting Up Snmp Configuration

    Skybox Appliance 8000 Quick Start Guide speed) on each slave. Incoming traffic is received by the current slave. If the receiving slave fails, another slave takes over the MAC address of the failed receiving slave. Prerequisite: ethtool support in the base drivers for retrieving the speed of each slave.

  • Page 21: Radius Authentication

    Chapter 4 Configuring the Appliance SNMP v3 Configuration To use the Appliance as an SNMP v3 Server 1. On the System tab, click SNMP. 2. Select Enable SNMP Service. 3. Select Enable SNMP v3. 4. Set the following values in the tabs within the SNMP Service section: On the General tab: Listening Port: 161 Sending Port: 162...

  • Page 22: Ldap Authentication

    Skybox Appliance 8000 Quick Start Guide To configure RADIUS authentication 1. Open in your editor. /etc/pam.d/system-auth 2. Add the following line immediately after auth sufficient pam_unix.so nullok try_ first_pass auth sufficient pam_radius_auth.so 3. Save and close the file. 4. Open in your editor.
  • Page 23 Chapter 4 Configuring the Appliance To set up LDAP authentication 1. On the Security tab, click LDAP. 2. Define the authentication according to the fields shown in the following table. FIELD DESCRIPTION LDAP Servers A comma-separated list of LDAP servers against which to authenticate. The format of the URI must match the format defined in RFC 2396: ldap[s]://<server>...

  • Page 24: Changing The Tls Version

    Skybox Appliance 8000 Quick Start Guide FIELD DESCRIPTION Verify LDAP Verify the user password. Bind User Password Allowed Users A comma-separated list of permitted users. If empty, all users are permitted. Allowed A comma-separated list of permitted groups. If empty, all groups are permitted.

  • Page 25: Sending Centos Logs To A Remote Syslog Server

    Chapter 4 Configuring the Appliance 4. Uncomment either (not both) by deleting “ ” from the appropriate Medium lines. SSLProtocol SSLCipherSuite Note: Do not uncomment the title line ( Medium Security Low Security # Medium Security configuration for SSL. Oldest compatible clients: Firefox 1, Chrome 1, IE 7, Opera 5, Safari 1, Windows XP IE8, Android 2.3, Java 7 #SSLProtocol all -SSLv3...

  • Page 26: Customizing The Syslog Server

    Chapter 5 Customizing the syslog server The syslog server in Skybox Appliance is preconfigured and is enabled by default. Setting up TCP and UDP listeners Skybox Appliance includes TCP and UDP listeners for the syslog server. To set up TCP and UDP listeners 1.
  • Page 27 Skybox Appliance 8000 Quick Start Guide (New logs) <device name | IP address>_<time of creation>.log (Archived logs) <device name | IP address>_<time of creation>.zip How can the logs be imported into the Skybox model? Device logs can be imported using the following tasks: Change Tracking Events –...

  • Page 28: Skybox Manager Installation

    You can install multiple Skybox Managers on 1 computer; this is useful when connecting to Skybox Servers of different versions. For supported operating systems, supported web-based browsers, and hardware requirements for Skybox Manager, see Skybox Security System Requirements. Installing Skybox Manager Note: Skybox Manager runs on most Microsoft Windows operating systems. For details, see Skybox Manager system requirements.
  • Page 29 Skybox Appliance 8000 Quick Start Guide To replace the Skybox Manager installation file 1. Copy the installation file ( ) to the Appliance SkyboxManager-<version#>-<build#>.exe using PuTTY, WinSCP, or another client program. Save the file at /usr/local/skyboxwebadmin/manager 2. Delete all other file in this directory, including previous installation files; the directory must contain only the new installation file.

  • Page 30: Updating The Operating System On Skybox Appliance

    Chapter 7 Updating the operating system on Skybox Appliance In some cases (for example, after bug fixes or security patches are released for the operating system) it might be necessary to update the CentOS operating system on your Skybox Appliance. Updates to the operating system do not affect Skybox.
  • Page 31 Skybox Appliance 8000 Quick Start Guide 8. We recommend that, when asked where to save the files, you select either a location on the file sharing system (and not on the Appliance server) or an external drive. The default location is /var/tmp/appliance_update_<patch>/backup/...

  • Page 32: Iso Burning

    Chapter 8 ISO burning The Appliance ISO is larger than 4 GB and does not fit on a standard DVD+R. We recommend that you use either a DVD+R DL (Dual Layer) or a flash drive if you need to burn the ISO. Note: For flash drives, we recommend using Rufus to burn the ISO (https://rufus.ie).

  • Page 33: Ssh Hardening

    Chapter 9 SSH hardening The following lines in restrict access to remote login via SSH to the /etc/ssh/sshd_config root and skyboxview users only: AllowUsers root skyboxview AllowGroups root skyboxview This configuration is implemented as part of hardening the operating system of Skybox Appliance.

  • Page 34: Firmware Updates For Skybox Appliance

    Chapter 10 Firmware updates for Skybox Appliance This chapter explains how to perform a firmware update for your Skybox Appliance. Checking your firmware revision via the console To check the firmware revision on your Appliance Note: Run all commands from the command line on the Appliance. 1.
  • Page 35 Skybox Appliance 8000 Quick Start Guide To check the firmware revision on your Appliance 1. Open Microsoft Explorer. 2. Enter the RMM address of the Appliance as the URL. 3. Authenticate using the user name and the password. 4. If you are not sure of your model number: a.

  • Page 36: Preparing To Update

    Chapter 10 Firmware updates for Skybox Appliance 5. From the System Information tab, on the Summary page, check the firmware revision number in the field BMC FW Rev. 6. To determine whether your Skybox Appliance requires a firmware update, compare the Firmware/BMC version detected on your Appliance with the latest approved firmware versions listed in the following table: MODEL...

  • Page 37: Updating Via The Console

    A USB flash drive formatted with a FAT or FAT32 file system. This requires a USB drive of 32GB or less. The appropriate ZIP file for the Appliance model that you are using. For the Appliance 8050 use the same file as the Appliance 8000. The ZIP files can be downloaded from https://downloads.skyboxsecurity.com/files/iso/Misc/FirmwareUpdates/.

  • Page 38: Updating Via Rmm

    Chapter 10 Firmware updates for Skybox Appliance Updating via RMM The following instructions explain how to update the firmware via the RMM interface on your Appliance. Updating the firmware Before you start You must have permission to log in to the RMM interface of the Appliance from your local machine.
  • Page 39 Skybox Appliance 8000 Quick Start Guide a. From the BMC Web Console, click Server Power Control. b. Select Reset Server and select Force-enter Bios Setup. c. Click Perform Action The machine reboots and the boot menu is displayed. 9. From the menu, select Boot Manager and press <Enter>.
  • Page 40 Chapter 10 Firmware updates for Skybox Appliance 10. From the Boot Manager, select Launch EFI Shell and press <Enter>. After about 5 seconds, the following screen appears. Skybox version 11.4.100...
  • Page 41 Skybox Appliance 8000 Quick Start Guide 11. Press <Enter>. When the procedure is almost finished, the screen displays the following. Skybox version 11.4.100...
  • Page 42 Chapter 10 Firmware updates for Skybox Appliance 12. Wait 2 minutes and log in again to the remote console. 13. Press 5 to exit the update. Skybox version 11.4.100...
  • Page 43 Skybox Appliance 8000 Quick Start Guide 14. Press any key to continue. Configuring Java for login This procedure enables you to log in to the RMM interface of the Appliance machine from your local computer. Skybox version 11.4.100...
  • Page 44 Chapter 10 Firmware updates for Skybox Appliance 1. From the Windows Start menu, select Configure Java. 2. In the Java Control Panel, click the Security tab. Skybox version 11.4.100...
  • Page 45 Skybox Appliance 8000 Quick Start Guide 3. Click Edit Site List. 4. Add the URL of the RMM interface of the Appliance machine. Skybox version 11.4.100...
  • Page 46 Chapter 10 Firmware updates for Skybox Appliance Skybox version 11.4.100...

  • Page 47: Adding Your Own Certificate

    Chapter 11 Adding your own certificate To connect to the Appliance Administration via your own certificate, add the certificate to the Apache web server. Note: If you generated your own certificate using the Generating and installing a certificate using the Java keytool procedure in the Skybox Installation and Administration Guide , follow the directions in Exporting the Server certificate and private key from the Java keystore before...

  • Page 48: Exporting The Server Certificate And Private Key From The Java Keystore

    Skybox Appliance 8000 Quick Start Guide b. Transfer the concatenated file to /etc/pki/tls/certs 5. Back up the file /etc/httpd/conf.d/skyboxwebadmin.conf 6. Edit /etc/httpd/conf.d/skyboxwebadmin.conf a. Change from the default ( ) to the name used in the Common ServerName skyboxapp Name or SAN field of your certificate.
  • Page 49 Chapter 11 Adding your own certificate 4. Export the server certificate from the keystore: openssl pkcs12 -in server.keystore.p12 -nokeys -out /etc/pki/tls/certs/skybox_cert.pem The certificate is exported directly to /etc/pki/tls/certs 5. When prompted Enter Import Password, enter skyboxview. 6. Export the private key from the keystore: openssl pkcs12 -in server.keystore.p12 - nodes -nocerts -out /etc/pki/tls/private/skybox_key.pem The private key is exported directly to...

  • Page 50: Restoring The Appliance To Factory Defaults

    Chapter 12 Restoring the Appliance to factory defaults The Skybox USB flash drive that comes in the Appliance package is for restoring the Appliance to factory defaults. This USB drive might not contain the most current ISO for your Appliance. The latest ISO can be downloaded from https://downloads.skyboxsecurity.com/files/iso/.

  • Page 51: Monitoring Snmp

    Chapter 13 Monitoring SNMP Skybox Appliance supports standard Linux OIDs. OIDs that you can monitor include: CPU load statistics 1 minute load: .1.3.6.1.4.1.2021.10.1.3.1 5 minute load: .1.3.6.1.4.1.2021.10.1.3.2 15 minute load: .1.3.6.1.4.1.2021.10.1.3.3 CPU statistics Percentage of user CPU time: .1.3.6.1.4.1.2021.11.9.0 Raw user CPU time: .1.3.6.1.4.1.2021.11.50.0 Percentages of system CPU time: .1.3.6.1.4.1.2021.11.10.0 Raw system CPU time: .1.3.6.1.4.1.2021.11.52.0 Percentages of idle CPU time: .1.3.6.1.4.1.2021.11.11.0...
  • Page 52 Skybox Appliance 8000 Quick Start Guide Using with the Skybox Server and Collector OIDs, you get the same return codes as snmpget those of the commands. service sbvserver status service sbvcollector status Possible return codes (statuses) are: 0: Running 2: Partially running (currently in the process of starting or stopping)

  • Page 53: Troubleshooting

    Chapter 14 Troubleshooting Getting version information when the Appliance Administration is unavailable If you need to know the version of the Appliance (the image version ) and other information about the Appliance when the Appliance Administration is unavailable, run the get_ script from the CLI.

  • Page 54: Wiping The Hard Disk Drive

    Chapter 15 Wiping the hard disk drive In some cases, you need to wipe the internal SDD storage, destroying the data on it. This might be required, for example, if you are sending the Appliance back to Skybox for replacement. Warning: This procedure wipes the SDD completely;...

  • Page 55: Cis Benchmarks For Centos 7

    Chapter 16 CIS benchmarks for CentOS 7 All new Skybox Appliances meet the following CIS benchmark recommendations for CentOS 7. Appliances updated to the new ISO also meet the recommendations. RECOMMENDATION SCORED DESCRIPTION ü 1.1.1.1 – 1.1.1.8 Ensure that mounting of the following file systems is disabled: cramfs freevxfs...
  • Page 56 Skybox Appliance 8000 Quick Start Guide RECOMMENDATION SCORED DESCRIPTION ü 1.4.2 Ensure that the bootloader password is set. Setting the boot loader password requires that anyone rebooting the system must enter a password before being able to set command line boot parameters...
  • Page 57 Chapter 16 CIS benchmarks for CentOS 7 RECOMMENDATION SCORED DESCRIPTION attempting to target specific exploits of a system. Authorized users can get this information by running uname -a after they log in. ü 3.1.2 Ensure that packet redirect sending is disabled. Rationale: An attacker could use a compromised host to send invalid ICMP redirects to other router devices in an attempt to corrupt routing and have users access a system...
  • Page 58 Skybox Appliance 8000 Quick Start Guide RECOMMENDATION SCORED DESCRIPTION /var/log/lastlog maintain records of the last time a user successfully logged in. The /var/run/failock directory maintains records of login failures via the pam_ faillock module. The file /var/run/utmp file tracks all currently logged in users.
  • Page 59 Chapter 16 CIS benchmarks for CentOS 7 RECOMMENDATION SCORED DESCRIPTION changes in scope. The file /etc/sudoers is written to when the file or its attributes have changed. The audit records are tagged with the identifier ‘scope’. Rationale: Changes in the /etc/sudoers file can indicate that an unauthorized change has been made to scope of system administrator activity.
  • Page 60 Skybox Appliance 8000 Quick Start Guide RECOMMENDATION SCORED DESCRIPTION password when authenticating with SSH. ü 5.2.7 Ensure that SSH HostbasedAuthentication is disabled. The HostbasedAuthentication parameter specifies whether authentication is permitted through trusted hosts via the user of .rhosts, or /etc/hosts.equiv, along with successful public key client host authentication.
  • Page 61 Chapter 16 CIS benchmarks for CentOS 7 RECOMMENDATION SCORED DESCRIPTION The following options are set in the /etc/security/pwquality.conf file: minlen=14: Password must be at least 14 characters dcredit=-1: Provide at least one digit ucredit=-1: Provide at least one uppercase character ocredit=-1: Provide at least one special character lcredit=-1: Provide at least one lowercase character Note: The values shown are sample values.
  • Page 62 Skybox Appliance 8000 Quick Start Guide RECOMMENDATION SCORED DESCRIPTION ü 6.1.10 Ensure that no world writable files exist. Unix-based systems support variable settings to control access to files. World writable files are the least secure. See the chmod (2) man page for more information.

  • Page 63: Regulatory And Safety Information

    Chapter 17 Regulatory and safety information This chapter includes regulatory and safety information for Skybox Appliance 8000 hardware. Product regulatory compliance Intended application This product is to be evaluated and certified as Information Technology Equipment (ITE), which may be installed in offices, schools, computer rooms, and similar commercial type locations.

  • Page 64: Regulatory Compliance Markings

    Skybox Appliance 8000 Quick Start Guide Europe – European Directive 2002/95/EC – Restriction of Hazardous Substances (RoHS) Threshold limits and banned substances are noted below. Quantity limit of 0.1% by mass (1000 PPM) for: Lead, Mercury, Hexavalent Chromium, Polybrominated Biphenyls Diphenyl Ethers (PBB/PBDE) Quantity limit of 0.01% by mass (100 PPM) for: Cadmium...
  • Page 65 Chapter 17 Regulatory and safety information REGULATORY REGION MARKING COMPLIANCE Russia Ukraine Ukraine Certification BSMI Certification Taiwan (RPC) Number & Class A Warning FCC Marking This device complies with Part 15 of the FCC Rules. (Class A) Operation of this device is subject to the following two conditions: (1) This device may not cause harmful interference, and (2) This device must accept interference receive, including interference that may cause undesired...

  • Page 66: Electromagnetic Compatibility Notices For The Server Board

    Skybox Appliance 8000 Quick Start Guide REGULATORY REGION MARKING COMPLIANCE Other Recycling International Package Marks Will be added on Package label Battery Perchlorate USA (CA) Perchlorate Material – Special handling may apply. See Warning www.dtsc.ca.gov/hazardouswaste/perchlorate This notice is Information required by California Code of Regulations, Title 22, Division 4.5, Chapter 33: Best Management Practices for Perchlorate...
  • Page 67 Chapter 17 Regulatory and safety information interference received, including interference that may cause undesired operation. Intel Corporation, 5200 N.E. Elam Young Parkway Hillsboro, OR 97124-6497 Phone: 1-800- 628-8686 This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of the FCC Rules.
  • Page 68 Skybox Appliance 8000 Quick Start Guide VCCI (Japan) English translation of this notice: This is a Class B product based on the standard of the Voluntary Control Council for Interference (VCCI) from Information Technology Equipment. If this is used near a radio or television receiver in a domestic environment, it may cause radio interference.

This manual is also suitable for:

Appliance 6000

Table of Contents