Imperva Cyber Community

 View Only
  • 1.  MX-HA Hardening Configuration

    Posted 09-01-2020 18:49
    Hi team

    I have a question/ problem, im trying to implement an MX-HA configuration between 2 MX, i have no problems until i get to the hardening communication between both.

    It shows this error: "SSH must be configured for both 'root' and 'oracle' on both servers"

    i type on the secondary MX this command: impctl hardening config --root-source-ip-exception="source ip address" as require the primary MX and it shows a status OK on the opening of SSH session between them.

    im my lab i check and add the same to root (as it required), also to system that is the DB user also i try to add secure user but any user works, also i was checking the admin guide on version 13.0 and 13.5 but there is no info about securing and hardening oracle user on MX-HA configuration?

    Do you have any idea on this info and which specific user i have to provide access?

    Jose Bolanos

  • 2.  RE: MX-HA Hardening Configuration

    Posted 09-03-2020 14:44

    My understanding is all that all is required is to set up SSH trust for both the oracle and root users.  But, you do have to add the exception for root.

    - BA

    Brian Anderson

  • 3.  RE: MX-HA Hardening Configuration

    Posted 08-29-2022 05:57
    Hi Team,

     Please refer this link helped me :

    Ensure that file under /etc/ssh/sshd_config  entries of IP would be correct on both active and standby MGMT Server

    # Per CCE: Set UsePrivilegeSeparation yes in /etc/ssh/sshd_config

    UsePrivilegeSeparation yes
    # Per CCE: Set StrictModes yes in /etc/ssh/sshd_config
    StrictModes yes
    ListenAddress 172.**.**.* # management interface
    ListenAddress 172.**.**.* # lan interface ( heartbeat IP)


    Gokul Palanisamy.

    Gokul SOC
    SOC analyst
    Indian Overseas Bank
    Chennai TN