STIG hardening profile
The OneFS STIG hardening profile contains a subset of the configuration requirements set by the Department of Defense and is designed for Isilon clusters that support Federal Government accounts. An Isilon cluster that is installed with a STIG profile relies on the surrounding ecosystem also being secure.
After you apply the OneFS STIG hardening profile, the OneFS configuration is modified to make the Isilon cluster more secure and support some of the controls that are defined by the DISA STIGs. Some examples of the many system changes are as follows:
- After you log in through SSH or the web interface, the system displays a message that you are accessing a U.S. Government Information System and displays the terms and conditions of using the system.
- On each node, SSH and the web interface listen only on the node's external IP address.
- Password complexity requirements increase for local user accounts. Passwords must be at least 14 characters and contain at least one of each of the following character types: numeric, uppercase, lowercase, symbol.
- Root SSH is disabled. You can log in as root only through the web interface or through a serial console session.