Red Hat SummitEste conteúdo não está disponível no idioma selecionado.
Chapter 3. Security and SAP Solutions
Enterprises usually have substantial compliance requirements based on the industry, type of customers, geographic location, and more. Such requirements may need specific certifications, cryptographic modules, and support for encryptions. With Red Hat Enterprise Linux for SAP Solutions, Red{nbsp]Hat delivers a stable, security-focused, high-performance foundation for SAP business applications to support such requirements and provide an easy way to set and validate compliance policies.
You can learn about processes and practices for securing Red Hat Enterprise Linux systems against local and remote intrusion, exploitation, and malicious activity. These approaches and tools can create a more secure environment for running SAP HANA.
Additional resources
- For more information, see Security hardening guide for SAP HANA.
3.1. SELinux for SAP production environments
SELinux is a security technology for process isolation to mitigate attacks via privilege escalation. Configuring SELinux helps you enhance your system’s security. SELinux is an implementation of Mandatory Access Control (MAC), and provides an additional layer of security. The SELinux policy defines how users and processes can interact with the files on the system. You can control which users can perform which actions by mapping them to specific SELinux confined users.
Additional resources
- For more information, see Using SELinux for SAP HANA.
3.2. File access policy Daemon for SAP
File access policy Daemon fapolicyd is a technology provided in RHEL to determine access rights to files based on a trust database and file or process attributes. It helps customers to ensure data remains protected even in case an attacker has successfully gained control over certain processes.
You can configure fapolicyd to secure the environment for running SAP HANA against local and remote intrusion, exploitation, and malicious activity.
Additional resources
- For more information, see Configuring fapolicyd to allow only SAP HANA executables.
