Security Considerations; Password For User Admin Written In Clear Text In Control.xml; Access To The Server During An Installation Or Upgrade; Remote Installations Using Vnc - Novell OPEN ENTERPRISE SERVER 2 SP2 Installation Manual

Hide thumbs Also See for OPEN ENTERPRISE SERVER 2 SP2:

Manual (82 pages)

Implementation manual (288 pages)

Manual (50 pages)

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

page of 244

/ 244
Contents
Table of Contents
Bookmarks

Table of Contents

Security Considerations

1 4

This section includes issues that you should consider when installing and configuring an Novell

Open Enterprise Server 2 (OES) Linux server.

Section 14.1, "Password for User Admin Written in Clear Text in control.xml," on page 209

Section 14.2, "Access to the Server During an Installation or Upgrade," on page 209

Section 14.3, "Remote Installations Using VNC," on page 209

Section 14.4, "Improperly Configured LDAP Servers," on page 209

14.1 Password for User Admin Written in Clear

Text in control.xml

When you create a

control.xml

is written in clear text. This password can be read by anyone who has access to the file. Linux

passwords are stored in the file in a hashed form.

We recommend controlling access to this file.

14.2 Access to the Server During an Installation

or Upgrade

Because eDirectory passwords are not obfuscated in system memory during the installation or

upgrade, we recommend not leaving a server unattended during installation, upgrade, or

configuration.

You can use ssh (secure shell) to access the system to perform an installation. However, only

authorized users can access the installation.

14.3 Remote Installations Using VNC

While installing the server, we recommend that you do not use Virtual Network Computing (VNC)

for remote installation in an untrusted environment. Consider using one of the more secure options

(such as SSH) as outlined in

Installation and Administration Guide (http://www.novell.com/documentation/sles10/

book_sle_reference/data/sec_deployment_remoteinst_scenario.html).

14.4 Improperly Configured LDAP Servers

Issue 1: Improperly configured LDAP servers allow any user to connect to the server and query for

information

An eDirectory LDAP server enables NULL BIND by default, but allows it to be disabled on the

server. To enhance the security of the OES server, disable the NULL bind on the LDAP server port

389. See

"Configuring LDAP Services for Novell

Administration

Guide.

file by using AutoYast, the eDirectory

"Installation Scenarios for Remote Installation" in the SLES 10

eDirectory" in the

password for user Admin

Novell eDirectory 8.8

Security Considerations

209

Table of Contents

Chapters

Table of Contents

Security Considerations; Password For User Admin Written In Clear Text In Control.xml; Access To The Server During An Installation Or Upgrade; Remote Installations Using Vnc - Novell OPEN ENTERPRISE SERVER 2 SP2 Installation Manual

Security Considerations

14.3 Remote Installations Using VNC

14.4 Improperly Configured LDAP Servers

Chapters

Related Manuals for Novell OPEN ENTERPRISE SERVER 2 SP2

Related Content for Novell OPEN ENTERPRISE SERVER 2 SP2

Table of Contents