Chapter 1. Security hardening settings for SAP HANA
You should consider the following before applying the approaches and practices to SAP HANA and SAP application systems:
- You can install SAP HANA or SAP NetWeaver software and relevant packages with the help of RHEL System Roles for SAP. For more information, refer to Red Hat Enterprise Linux System Roles for SAP and Installing the Minimum Amount of Packages Required.
-
You should implement the recommended settings and steps on a non-production system before making any changes or editing the files according to the Security Hardening guide. It is recommended that you backup the system. You must at least make a backup of the
/etc
directory. - If you follow the steps described in Blocking and allowing applications by using fapolicyd, you must also perform the steps described in the Configuring fapolicyd to allow only SAP HANA executables document.
- If you follow the steps described in Using SELinux for RHEL, you must also perform the steps described in Using SELinux for SAP HANA.
To enhance users’ management and access to the RHEL for SAP Solution system, you can configure secure remote communication, sudo access, and set password policy and complexity. For more information, refer to the following:
To keep your Red Hat Enterprise Linux for SAP Solutions systems secured against newly discovered threats and vulnerabilities, refer to Managing and monitoring security updates.