Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
15436
Views
5
Helpful
2
Replies

cucm utils os secure mode ?

Go to solution
MehmetKaya
Level 1
Level 1

‎09-24-2012 06:29 AM - edited ‎03-16-2019 01:21 PM

Hi all,

Now Our CUCM SeLinux mode is enforcing(enabled).

If I make SeLinux mode permissive.  Does this situation cause a security vulnerability or what will be affected from this changes?

utils os secure

This command monitors and controls SELinux.

Command Syntax

utils os secure [status | enforce | permissive]

Parameters

status—displays SELinux mode (enforcing or permissive) to the CLI user.

Note The OS security status for SELinux should always be Enabled.

enforce allows the CLI user to change the SELinux mode from permissive to enforce. SELinux will block actions or events based on the defined policies when it is in enforce mode.

permissive allows the CLI user to change the SELinux mode from enforce to permissive. SELinux will log, but not block, actions or events when it is in permissive mode.

Usage Guidelines

If SELinux is enabled, you do not have to reboot when you use utils os secure enforce or utils os secure permissive.

If SELinux is disabled, you can use utils os secure enforce or utils os secure permissive to enable it. If you do this; however, you must reboot before SELinux becomes enabled

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
cnuche
Cisco Employee
Cisco Employee

‎12-01-2014 11:08 AM

Hi,

No, permissive mode is not a security breach by itself, this just means that you can perform all kind of changes on the CLI, all OS security issues are tracked down via bug search tool:

https://tools.cisco.com/bugsearch/?referring_site=bstib

 

HTH

Chris.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
cnuche
Cisco Employee
Cisco Employee

‎12-01-2014 11:08 AM

Hi,

No, permissive mode is not a security breach by itself, this just means that you can perform all kind of changes on the CLI, all OS security issues are tracked down via bug search tool:

https://tools.cisco.com/bugsearch/?referring_site=bstib

 

HTH

Chris.

0 Helpful

Go to solution
Jonathan Greenberg
Level 5
Level 5
In response to cnuche

‎07-27-2015 08:38 AM

Just to note....Since version 9.X, I've had to put the OS secure into passive prior to upgrading vmtools. When the server comes back up, you need to change back to enforce.

 

If you don't first change to permissive, the server will show the vmtools up to date, but VMWare  indicates that the tools are not installed. 

 

HTH,

    Jon

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents