Manualshelf

HP 3PAR InForm OS Common Criteria Administrator's Reference (QL226-96586, October 2012)

ManualsBrandsHP ManualsComputer AccessoriesHP 3PAR Inform S800/4x500GB Nearline Magazine LTU
21222324252627282930
Confirming the System Configuration 28
CC Configuration Validation
Use the steps below to determine if the system is running in the Common Criteria
evaluated configuration.
1. Using a port scanner from a machine on the management network, scan the HP 3PAR
Storage System for open ports.
The only open ports should indicate that they support encrypted connections. This is
useful following a maintenance activity that may have changed networking
configuration on the HP 3PAR Storage System. The netcconf command, used by
service personnel on the console, can cause unsecured port blocking to be turned off if
not executed correctly. For example, using the popular scanner “nmap”:
nmap sT vv p1-65535 <ip address of HP 3PAR Storage System>
a. If you find unsecured, open ports in the scan following a maintenance procedure,
please consult with the maintenance provider to determine if netcconf was run
incorrectly. It can be re-run to disable the ports.
2. Verify that CIM is not running using the showcim CLI command.
a. Use the stopcim CLI command if CIM is running and you want to turn it off.
3. Verify that SNMP is not in use by using the showsnmpmgr, showsnmppw, and
showsnmpuser CLI commands.
a. Use removesnmpmgr, removesnmpuser for each SNMP user, removesnmppw
–r, removesnmppw rw, and removesnmppw –w if you want to disable it.
4. Validate that the deprecated management ports are disabled using the showsys -
mgmtoldports CLI command.
a. Use the setsys MgmtOldPorts disable CLI command if you want to disable
them.
NOTE
If you need to disable the ports, you must execute a shutdownsys reboot CLI
command for the disabling to take effect (a reboot is required whenever the state of the
MgmtOldPorts is changed). See step 4 of “
Configuration Steps for CC Operation” on
page 24
for details on issuing the
shutdownsys
command.
5. Validate that the Remote Copy feature is not running using the showrcopy CLI
command.
a. Use the stoprcopy CLI command if you want to disable it.
6. Validate that the default user passwords have been changed and that unused accounts
have been deleted (except 3parsvcits password should be changed).