cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Cisco Community Designated VIP Class of 2020

7487
Views
0
Helpful
2
Replies
Beginner

cucm utils os secure mode ?

Hi all,

Now Our CUCM SeLinux mode is enforcing(enabled).

If I make SeLinux mode permissive.  Does this situation cause a security vulnerability or what will be affected from this changes?

utils os secure

This command monitors and controls SELinux.

Command Syntax

utils os secure [status | enforce | permissive]

Parameters

status—displays SELinux mode (enforcing or permissive) to the CLI user.


Note The OS security status for SELinux should always be Enabled.


enforce allows the CLI user to change the SELinux mode from permissive to enforce. SELinux will block actions or events based on the defined policies when it is in enforce mode.

permissive allows the CLI user to change the SELinux mode from enforce to permissive. SELinux will log, but not block, actions or events when it is in permissive mode.

Usage Guidelines

If SELinux is enabled, you do not have to reboot when you use utils os secure enforce or utils os secure permissive.

If SELinux is disabled, you can use utils os secure enforce or utils os secure permissive to enable it. If you do this; however, you must reboot before SELinux becomes enabled

Everyone's tags (5)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Hi,No, permissive mode is not

Hi,

No, permissive mode is not a security breach by itself, this just means that you can perform all kind of changes on the CLI, all OS security issues are tracked down via bug search tool:

https://tools.cisco.com/bugsearch/?referring_site=bstib

 

HTH

Chris.

View solution in original post

2 REPLIES 2
Cisco Employee

Hi,No, permissive mode is not

Hi,

No, permissive mode is not a security breach by itself, this just means that you can perform all kind of changes on the CLI, all OS security issues are tracked down via bug search tool:

https://tools.cisco.com/bugsearch/?referring_site=bstib

 

HTH

Chris.

View solution in original post

Highlighted
Contributor

Just to note....Since version

Just to note....Since version 9.X, I've had to put the OS secure into passive prior to upgrading vmtools. When the server comes back up, you need to change back to enforce.

 

If you don't first change to permissive, the server will show the vmtools up to date, but VMWare  indicates that the tools are not installed. 

 

HTH,

    Jon

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here