TNS NetApp Data ONTAP 7G

Audit Details

Name: TNS NetApp Data ONTAP 7G

Updated: 12/22/2023

Authority: TNS

Plugin: NetApp

Revision: 1.29

Estimated Item Count: 151

File Details

Filename: NetApp_Data_ONTAP_Best_Practices.audit

Size: 189 kB

MD5: c1c462d8360793cb4cd61942fb5a5a1a
SHA256: a2af601f571972954c8ab72f727a6af1e6fc9eef7b948276d43b84ec3e44f396

Audit Changelog

 
Revision 1.29

Dec 22, 2023

Miscellaneous
  • Metadata updated.
  • References updated.
Revision 1.28

Mar 7, 2023

Miscellaneous
  • Metadata updated.
  • References updated.
  • Variables updated.
Revision 1.27

Dec 7, 2022

Miscellaneous
  • Metadata updated.
Revision 1.26

Apr 25, 2022

Miscellaneous
  • Metadata updated.
  • References updated.
Revision 1.25

Sep 1, 2021

Functional Update
  • 2.1 Enable Secure Admin Access - 'ssh.access has been configured'
  • 2.1 Enable Secure Admin Access - 'ssh.access is not unlimited'
  • 5.2 SnapMirror - 'replication.throttle.enable = on'
  • 5.2 SnapMirror - 'replication.throttle.incoming.max_kbs has been configured'
  • 5.2 SnapMirror - 'replication.throttle.outgoing.max_kbs has been configured'
  • 5.2 SnapMirror - 'snapmirror.access has been configured'
  • 5.2 SnapMirror - 'snapmirror.allow file should be reviewed'
  • 5.2 SnapMirror - 'snapmirror.log.enable = on'
  • 5.3 SnapVault - 'snapvault.access has been configured'
  • 5.3 SnapVault - 'snapvault.preservesnap = on'
  • 5.3 SnapVault - 'snapvault.snapshot_for_dr_backup has been configured'
  • 5.4 CIFS - 'cifs.LMCompatibilityLevel <= 3'
  • 5.4 CIFS - 'cifs.audit.account_mgmt_events.enable = on'
  • 5.4 CIFS - 'cifs.audit.autosave.file.extension has been configured'
  • 5.4 CIFS - 'cifs.audit.autosave.file.limit has been configured'
  • 5.4 CIFS - 'cifs.audit.autosave.onsize.enable = on'
  • 5.4 CIFS - 'cifs.audit.autosave.onsize.threshold has been configured'
  • 5.4 CIFS - 'cifs.audit.autosave.ontime.interval has been configured'
  • 5.4 CIFS - 'cifs.audit.enable = on'
  • 5.4 CIFS - 'cifs.audit.file_access_events.enable = on'
  • 5.4 CIFS - 'cifs.audit.liveview.enable = off'
  • 5.4 CIFS - 'cifs.audit.logon_events.enable = on'
  • 5.4 CIFS - 'cifs.audit.nfs.enable = on'
  • 5.4 CIFS - 'cifs.audit.nfs.filter.filename has been configured'
  • 5.4 CIFS - 'cifs.gpo.enable = on'
  • 5.4 CIFS - 'cifs.guest_account is not configured'
  • 5.4 CIFS - 'cifs.restrict_anonymous = 2'
  • 5.4 CIFS - 'cifs.signing.enable = on'
  • 5.4 CIFS - 'cifs.smb2.client.enable = on'
  • 5.4 CIFS - 'cifs.smb2.durable_handle.enable = on'
  • 5.4 CIFS - 'cifs.smb2.durable_handle.timeout'
  • 5.4 CIFS - 'cifs.smb2.signing.required = on'
  • 5.4 CIFS - 'dns.domainname has been configured'
  • 5.4 CIFS - 'dns.enable = on'
  • 5.4 CIFS - 'dns.update.enable = on or secure'
  • 5.4 CIFS - 'ldap.enable = on'
  • 5.4 CIFS - 'ldap.security.level = 1 or 2'
  • 5.4 CIFS - 'ldap.ssl.enable = on'
  • 5.4 CIFS - 'timed.enable = on'
  • 5.4 CIFS - 'timed.proto = ntp'
  • 5.4 CIFS - 'timed.servers has been configured'
  • 5.4 CIFS - 'timed.window = 5m'
  • 5.5 NFS - 'cifs.nfs_root_ignore_acl = on'
  • 5.5 NFS - 'cifs.preserve_unix_security = on'
  • 5.5 NFS - 'nfs.kerberos.enable = on'
  • 5.5 NFS - 'nfs.kerberos.file_keytab.enable = on'
  • 5.5 NFS - 'nfs.kerberos.principal has been configured'
  • 5.5 NFS - 'nfs.kerberos.realm has been configured'
  • 5.5 NFS - 'nfs.rpcsec.ctx.high has been configured'
  • 5.5 NFS - 'nfs.rpcsec.ctx.idle has been configured'
  • 5.5 NFS - 'nfs.v4.acl.enable = on'
  • 5.5 NFS - 'nfs.v4.id.domain has been configured'
  • 5.5 NFS - 'nfs.v4.read_delegation = on'
  • 5.5 NFS - 'nfs.v4.write_delegation = on'
  • 5.5 NFS - 'wafl.default_nt_user has been configured'
  • 5.5 NFS - 'wafl.default_security_style has been configured'
  • 5.5 NFS - 'wafl.default_unix_user has been configured'
  • 5.5 NFS - 'wafl.nt_admin_priv_map_to_root = on'
  • 5.5 NFS - 'wafl.wcc_minutes_valid has been configured'
Miscellaneous
  • References updated.
Revision 1.24

Feb 1, 2021

Miscellaneous
  • Metadata updated.
  • References updated.
Revision 1.23

Sep 29, 2020

Miscellaneous
  • References updated.
Revision 1.22

Apr 22, 2020

Miscellaneous
  • Metadata updated.
  • References updated.
Revision 1.21

Jan 29, 2019

Miscellaneous
  • Metadata updated.
  • References updated.
Revision 1.20

Dec 12, 2018

Informational Update
  • 2.0 Install & Config - 'Disable RIPv1'
  • 2.2 Disable/Modify Default Accts - 'SNMP default community strings have been removed'
  • 2.2 Disable/Modify Default Accts - 'alternate admin account has been created (root)'
  • 2.2 Disable/Modify Default Accts - 'alternate admin account has been created (snmp)'
  • 2.2 Disable/Modify Default Accts - 'ndmp/ndmpcopy service account'
  • 2.4 Password Security - 'maximum password age <= 90'
  • 2.4 Password Security - 'minimum password age >= 1'
  • 3.1 Storage System (Hardware) Management - 'Change the root account password after each use'
  • 3.1 Storage System (Hardware) Management - 'FW version >= 4.0'
  • 3.1 Storage System (Hardware) Management - 'Place the interface on a management VLAN'
  • 3.1 Storage System (Hardware) Management - 'Strong Password root account'
  • 3.2 Data ONTAP (Software) Mgmt - 'Place e0M on a management VLAN'
  • 3.2 Data ONTAP (Software) Mgmt - 'Set SSH login banner'
  • 3.2 Data ONTAP (Software) Mgmt - 'Telnet login banner'
  • 3.2 Data ONTAP (Software) Mgmt - 'Use e0M as the Data ONTAP management port'
  • 3.3 Role-Based Access Control (RBAC) - 'RBAC has been implemented'
  • 5.2 SnapMirror - 'replication.throttle.enable = on'
  • 5.2 SnapMirror - 'replication.throttle.incoming.max_kbs has been configured'
  • 5.2 SnapMirror - 'replication.throttle.outgoing.max_kbs has been configured'
  • 5.2 SnapMirror - 'snapmirror.access has been configured'
  • 5.2 SnapMirror - 'snapmirror.allow file should be reviewed'
  • 5.2 SnapMirror - 'snapmirror.log.enable = on'
  • 5.3 SnapVault - 'snapvault.access has been configured'
  • 5.3 SnapVault - 'snapvault.preservesnap = on'
  • 5.3 SnapVault - 'snapvault.snapshot_for_dr_backup has been configured'
  • 5.4 CIFS - 'cifs.LMCompatibilityLevel <= 3'
  • 5.4 CIFS - 'cifs.audit.account_mgmt_events.enable = on'
  • 5.4 CIFS - 'cifs.audit.autosave.file.extension has been configured'
  • 5.4 CIFS - 'cifs.audit.autosave.file.limit has been configured'
  • 5.4 CIFS - 'cifs.audit.autosave.onsize.enable = on'
  • 5.4 CIFS - 'cifs.audit.autosave.onsize.threshold has been configured'
  • 5.4 CIFS - 'cifs.audit.autosave.ontime.interval has been configured'
  • 5.4 CIFS - 'cifs.audit.enable = on'
  • 5.4 CIFS - 'cifs.audit.file_access_events.enable = on'
  • 5.4 CIFS - 'cifs.audit.liveview.enable = off'
  • 5.4 CIFS - 'cifs.audit.logon_events.enable = on'
  • 5.4 CIFS - 'cifs.audit.nfs.enable = on'
  • 5.4 CIFS - 'cifs.audit.nfs.filter.filename has been configured'
  • 5.4 CIFS - 'cifs.gpo.enable = on'
  • 5.4 CIFS - 'cifs.guest_account is not configured'
  • 5.4 CIFS - 'cifs.restrict_anonymous = 2'
  • 5.4 CIFS - 'cifs.smb2.client.enable = on'
  • 5.4 CIFS - 'cifs.smb2.durable_handle.enable = on'
  • 5.4 CIFS - 'cifs.smb2.durable_handle.timeout'
  • 5.4 CIFS - 'cifs.smb2.signing.required = on'
  • 5.4 CIFS - 'dns.domainname has been configured'
  • 5.4 CIFS - 'dns.enable = on'
  • 5.4 CIFS - 'dns.update.enable = on or secure'
  • 5.4 CIFS - 'ldap.enable = on'
  • 5.4 CIFS - 'ldap.security.level = 1 or 2'
  • 5.4 CIFS - 'timed.enable = on'
  • 5.4 CIFS - 'timed.proto = ntp'
  • 5.4 CIFS - 'timed.servers has been configured'
  • 5.4 CIFS - 'timed.window = 5m'
  • 5.5 NFS - 'cifs.nfs_root_ignore_acl = on'
  • 5.5 NFS - 'cifs.preserve_unix_security = on'
  • 5.5 NFS - 'nfs.kerberos.enable = on'
  • 5.5 NFS - 'nfs.kerberos.file_keytab.enable = on'
  • 5.5 NFS - 'nfs.kerberos.principal has been configured'
  • 5.5 NFS - 'nfs.kerberos.realm has been configured'
  • 5.5 NFS - 'nfs.rpcsec.ctx.high has been configured'
  • 5.5 NFS - 'nfs.rpcsec.ctx.idle has been configured'
  • 5.5 NFS - 'nfs.v4.acl.enable = on'
  • 5.5 NFS - 'nfs.v4.id.domain has been configured'
  • 5.5 NFS - 'nfs.v4.read_delegation = on'
  • 5.5 NFS - 'nfs.v4.write_delegation = on'
  • 5.5 NFS - 'wafl.default_nt_user has been configured'
  • 5.5 NFS - 'wafl.default_security_style has been configured'
  • 5.5 NFS - 'wafl.default_unix_user has been configured'
  • 5.5 NFS - 'wafl.nt_admin_priv_map_to_root = on'
  • 5.5 NFS - 'wafl.wcc_minutes_valid has been configured'
Miscellaneous
  • Metadata updated.
  • References updated.
  • See also link updated.