Solved: What host hardening does Dynatrace Managed Server install perform?

krokkas · ‎14 Jul 2017

What additional hardening is performed by the SELinux component of the Dynatrace Managed Server install. Can you provide a list that can be sent to our Security team, as it may be that default hardening as part of the install meets security requirements.

Radoslaw_Szulgo · ‎14 Jul 2017

The following system files and directories can be modified during installation of Dynatrace Managed:

/etc/hosts
/etc/sysctl.conf
/etc/pam.d/su
/etc/rc.local
/etc/security/limits.conf
/etc/security/limits.d/90-nproc.conf
/etc/sudoers
/etc/sudoers.d/
/etc/init.d/
/etc/init.d/rc*.d/
/etc/systemd/system/

Additionally, we need to configure firewall settings as stated here:

https://help.dynatrace.com/dynatrace-managed/dynat...

You may also have a look here:

/opt/dtrun/dtrun.conf

to see what scripts are executed that may modify a system.

Hope that helps! If you have more questions, feel free to ask.

Senior Product Manager,
Dynatrace Managed expert

monika_zyra · ‎18 Jul 2017

There is no separated component like SELinux of Dynatrace Managed Server install. The general requirements that must be met before installation are listed here:

https://help.dynatrace.com/dynatrace-managed/dynatrace-server/how-do-i-install-dynatrace-server/

krokkas · ‎18 Jul 2017

@Radoslaw S. @Monika A. Apologies, this was meant to be instance hardening performed by the OneAgent install. I can open a new forum question if appropriate.

monika_zyra · ‎18 Jul 2017

OneAgent installation is described here:

https://help.dynatrace.com/get-started/installation/how-do-i-install-dynatrace-oneagent/

krokkas · ‎18 Jul 2017

@Monika A. Thank you, will investigate further and get back to you.