Appliance Hardening

The Protegrity Appliance provides the framework for its appliance-based products. The base Operating System (OS) used for Protegrity Appliances is Linux, which provides the platform for Protegrity products. This platform includes the required OS low-level components as well as higher-level components for enhanced security management. Linux is widely accepted as the preferred base OS for many customized solutions, such as in firewalls and embedded systems, among others.

Linux was selected for the following reasons:

  • Open Source: Linux is an Open Source solution.
  • Stable: The OS is a stable platform due to its R&D and QA cycles.
  • Customizable: The OS can be customized up to a high level.
  • Proven system: The OS has already been proven in many production environments and systems.

For a list of installed components, refer to the Contractual.htm document available in the appliance Web UI under Settings > System > Files pane.

Protegrity takes several measures to harden this Linux-based system and make it more secure. For example, many non-essential packages and components are removed. If you want to install external packages on the appliances, the packages must be certified by Protegrity.

For more information about installing external packages, contact Protegrity Support.

The following additional hardening measures are described in this section:

  • Linux Kernel
  • Restricted Logins
  • Enhances Logging
  • Open Listening TCP Ports
  • Packages and Services

Several major components, services, or packages are disabled or removed for appliance hardening. The following table lists the removed packages.

Removed ObjectExamples
Network Services (except SSH/Apache)telnet client/server client/server
Package Managersapt
Additional PackagesMan Pages Documents

Appliance Hardening

The appliance kernels are optimized for hardening. The Protegrity appliances are currently equipped with a modular patched Linux Kernel version 4.9.38. These kernel are patched to enhance some capabilities as well as optimize it for server-side usage. Standard server-side features such as scheduler and TCP settings are available.

Logging in

Restricted Log in

Every Protegrity Appliance is equipped with an internal LDAP directory service, OpenLDAP. Appliances may use this internal LDAP for authentication, or an external one.

The ESA Server provides directory services to all the other appliances. However, to avoid single point of failure you can use multiple directory services.

Four users are predefined and available after the appliance is installed. Unlike in standard Linux, the root user is blocked and cannot access the system without permission from the admin user. The admin user cannot access the Linux Shell Console without permission from the root user. This design provides extra security to ensure that in order to perform any OS-related or security-related operations, both root and admin users must cooperate. The operations include upgrade, and patches. The same design applies to SSH connectivity.

The main characteristics of the four users are described here.

root user

  • Local OS user.
  • By default, can only access machine’s console.
  • All other access requires additional admin user login to ensure isolation of duties.
  • If required, then login using SSH can be allowed, which is blocked by default.
  • No Web UI access.

admin user

  • LDAP directory management user.
  • Usually this user is the Chief Security Officer.
  • Can access and manage Web UI or CLI menu using machine’s console or SSH.
  • Can create additional users.
  • If required, then root user login for OS related activities can be allowed.

viewer user

  • LDAP directory user.
  • By default, has read-only access to Appliance features.
  • Can access Web UI and CLI menu using machine’s console or SSH but cannot modify settings/server.

local_admin user

  • Local OS user.
  • Emergency or maintenance user with limited admin user permission.
  • Handles cases where the directory server is not accessible.
  • By default, has SSH and Web UI blocked, and only machine’s console is accessible.

The appliance login design facilitates appliance hardening. The following two OS users are defined:

  • root: The standard system administrator user.
  • local_admin: Administrative OS user for maintenance, in case the LDAP is not accessible.

By default, has SSH and Web UI blocked, and only machine’s console is accessible

These are the basic login rules:

  • The root user will never be able to login directly.
  • The admin user can connect to the CLI Manager, locally or through SSH.
  • A root shell can be accessed from within the admin CLI Manager.

Enhanced Log in

The logging capabilities are enhanced for appliance hardening. In addition to the standard OS logs or syslogs that are available by default, many other operations are logged as well.

Logs that are considered important are sent to the Protegrity ESA logging facility, which can be local or remote. This means that in addition to the standard syslog repository, Protegrity provides a secured repository for important system logs.

You can find these events from within the logs that are escalated to the ESA logging facility:

  • System startup logs
  • Protegrity product or service is started or stopped
  • System backup and restore operations
  • High Availability events
  • User logins
  • Configuration changes

Configuring user limits

In Linux, a user utilizes the system resources to perform different operations. When a user with minimal privileges runs operations that use most system resources, it can result in the unavailability of resources for other users. This introduces a Denial-of-Service (DoS) attack on the system. To mitigate this attack, you can restrict users or groups utilizing the system resources. For Protegrity appliances, using the ulimit functionality, you can limit the number of processes that a user can create. The ulimit functionality cannot be applied on usernames that contain the space character.

Open listening ports

Last modified February 7, 2025