The operating system of the system hosting the eDirectory server should always be up-to-date with the latest updates and security patches.
No other services should run on the hosting system except for SSH. Additionally, the SSH server must be configured with strong ciphers to ensure secure communication.
If SSH is enabled, it is recommended to regularly audit the SSH server logs to detect any suspicious activity.
A non-administrative account should be used for configuring and running eDirectory. There should be no other user accounts besides the non-administrative account and the root user with shell access to the system.
An intrusion detection system should be utilized to alert the administrator of any unexpected behavior.
It is recommended to set SELinux to Permissive mode on all RHEL machines.
To do this, navigate to the SELinux configuration file located in /etc.selinux/config location and set SELinux to permissive mode as follows:
SELINUX=permissive
For console access restrictions, it is recommended that the server be placed in secured room and accessed only by authorized users.
Non-root users (systems non-admin users) should have non-root password policies. Users should have strong password policies.
It is recommended to only have an administrator account on Windows, and no other user accounts.
Lastly, Linux operating system can be installed in FIPS mode for added security.