This page provides a list of recommended secure configuration checks for Dell EMC Elastic Cloud Storage (ECS) systems, and is periodically updated. Dell EMC ECS is a modern software-defined object storage platform designed for both traditional and next-generation workloads.
| ID | System | Category | Configuration check |
| K1328I00P100 | Dell EMC ECS | Access Control | Access During Outage |
| K1328I00P105 | Dell EMC ECS | Access Control | Access-Control-Allow-Headers setting |
| K1328I00P110 | Dell EMC ECS | Access Control | Access-Control-Allow-Methods setting |
| K1328I00P115 | Dell EMC ECS | Access Control | Access-Control-Allow-Origin setting |
| K1328I00P120 | Dell EMC ECS | Access Control | Access-Control-Expose-Headers setting |
| K1328I00P125 | Dell EMC ECS | Access Control | Access-Control-Max-Age setting |
| K1328I00P130 | Dell EMC ECS | Access Control | Approved admin user/group |
| K1328I00P135 | Dell EMC ECS | Access Control | Approved LDAP Servers |
| K1328I00P140 | Dell EMC ECS | Access Control | Authentication provider group whitelist |
| K1328I00P145 | Dell EMC ECS | Access Control | Bucket acl |
| K1328I00P150 | Dell EMC ECS | Access Control | Bucket default groups |
| K1328I00P155 | Dell EMC ECS | Access Control | CAS IP restrictions |
| K1328I00P160 | Dell EMC ECS | Access Control | Central Certificate Authority (CA) status |
| K1328I00P165 | Dell EMC ECS | Access Control | Certificate issuer |
| K1328I00P170 | Dell EMC ECS | Access Control | External key manager configuration |
| K1328I00P175 | Dell EMC ECS | Access Control | Firewall status |
| K1328I00P180 | Dell EMC ECS | Access Control | Hardening status |
| K1328I00P185 | Dell EMC ECS | Access Control | HTTP access |
| K1328I00P190 | Dell EMC ECS | Access Control | Inactive user time |
| K1328I00P195 | Dell EMC ECS | Access Control | IPMI access mode |
| K1328I00P200 | Dell EMC ECS | Access Control | IPMI session type |
| K1328I00P205 | Dell EMC ECS | Access Control | Login Banner Status |
| K1328I00P210 | Dell EMC ECS | Access Control | Max number of sessions |
| K1328I00P215 | Dell EMC ECS | Access Control | Max session duration |
| K1328I00P220 | Dell EMC ECS | Access Control | NFS anon user mapping |
| K1328I00P225 | Dell EMC ECS | Access Control | Node compliance mode |
| K1328I00P230 | Dell EMC ECS | Access Control | Node firewall health |
| K1328I00P235 | Dell EMC ECS | Access Control | Node firewall status |
| K1328I00P240 | Dell EMC ECS | Access Control | Node lockdown |
| K1328I00P245 | Dell EMC ECS | Access Control | Non-default admin local users |
| K1328I00P250 | Dell EMC ECS | Access Control | Permission on sensitive directories/files |
| K1328I00P255 | Dell EMC ECS | Access Control | Readonly access during outage |
| K1328I00P260 | Dell EMC ECS | Access Control | Remote support configuration |
| K1328I00P265 | Dell EMC ECS | Access Control | Remote support status |
| K1328I00P270 | Dell EMC ECS | Access Control | Session timeout |
| K1328I00P275 | Dell EMC ECS | Access Control | Session timeout (UI) |
| K1328I00P280 | Dell EMC ECS | Access Control | SNMP trap receiver |
| K1328I00P285 | Dell EMC ECS | Access Control | SNMP version |
| K1328I00P290 | Dell EMC ECS | Access Control | User Agreement Text |
| K1328I00P295 | Dell EMC ECS | Access Control | Vdc lockdown |
| K1328I00P300 | Dell EMC ECS | Audit | Approved external syslog servers |
| K1328I00P305 | Dell EMC ECS | Audit | Approved NTP servers |
| K1328I00P310 | Dell EMC ECS | Audit | Bucket Audit Delete Expiration |
| K1328I00P315 | Dell EMC ECS | Audit | Centralized log server |
| K1328I00P320 | Dell EMC ECS | Audit | Centralized log server redundancy |
| K1328I00P325 | Dell EMC ECS | Audit | Min severity for syslog |
| K1328I00P330 | Dell EMC ECS | Audit | NTP server configuration |
| K1328I00P335 | Dell EMC ECS | Audit | NTP server redundancy |
| K1328I00P340 | Dell EMC ECS | Audit | NTP service status |
| K1328I00P345 | Dell EMC ECS | Audit | Required external syslog servers |
| K1328I00P350 | Dell EMC ECS | Audit | Required NTP servers |
| K1328I00P355 | Dell EMC ECS | Audit | Syslog facility |
| K1328I00P360 | Dell EMC ECS | Audit | Syslog protocol |
| K1328I00P365 | Dell EMC ECS | Audit | Syslog status |
| K1328I00P370 | Dell EMC ECS | Authentication | [HDFS] Kerberos admin ACL |
| K1328I00P375 | Dell EMC ECS | Authentication | [HDFS] Kerberos configuration |
| K1328I00P380 | Dell EMC ECS | Authentication | [HDFS] Kerberos status |
| K1328I00P385 | Dell EMC ECS | Authentication | Account lockout threshold |
| K1328I00P390 | Dell EMC ECS | Authentication | Default passwords |
| K1328I00P395 | Dell EMC ECS | Authentication | IPMI anonymous user access |
| K1328I00P400 | Dell EMC ECS | Authentication | IPMI authentication type |
| K1328I00P405 | Dell EMC ECS | Authentication | IPMI default password |
| K1328I00P410 | Dell EMC ECS | Authentication | IPMI per message authentication |
| K1328I00P415 | Dell EMC ECS | Authentication | IPMI user level authentication |
| K1328I00P420 | Dell EMC ECS | Authentication | IPMI user list |
| K1328I00P425 | Dell EMC ECS | Authentication | LDAP server configuration |
| K1328I00P430 | Dell EMC ECS | Authentication | LDAP Server redundancy |
| K1328I00P435 | Dell EMC ECS | Authentication | Max password age |
| K1328I00P440 | Dell EMC ECS | Authentication | Min number of lowercase password chars |
| K1328I00P445 | Dell EMC ECS | Authentication | Min number of password numeric chars |
| K1328I00P450 | Dell EMC ECS | Authentication | Min number of password special chars |
| K1328I00P455 | Dell EMC ECS | Authentication | Min number of uppercase password chars |
| K1328I00P460 | Dell EMC ECS | Authentication | Min password age |
| K1328I00P465 | Dell EMC ECS | Authentication | Min password char change |
| K1328I00P470 | Dell EMC ECS | Authentication | NFS authentication settings |
| K1328I00P475 | Dell EMC ECS | Authentication | NFS root user mapping |
| K1328I00P480 | Dell EMC ECS | Authentication | Password length |
| K1328I00P485 | Dell EMC ECS | Authentication | Password reuse |
| K1328I00P490 | Dell EMC ECS | Authentication | Password rule status |
| K1328I00P495 | Dell EMC ECS | Authentication | Rack switch SNMP community string |
| K1328I00P500 | Dell EMC ECS | Authentication | Required LDAP Servers |
| K1328I00P505 | Dell EMC ECS | Authentication | SNMP authentication |
| K1328I00P510 | Dell EMC ECS | Authentication | SNMP authentication algorithm strength |
| K1328I00P515 | Dell EMC ECS | Authentication | SNMP community string |
| K1328I00P520 | Dell EMC ECS | Authorization | Bucket permission |
| K1328I00P525 | Dell EMC ECS | Authorization | Default group directory exec permission |
| K1328I00P530 | Dell EMC ECS | Authorization | Default group directory read permission |
| K1328I00P535 | Dell EMC ECS | Authorization | Default group directory write permission |
| K1328I00P540 | Dell EMC ECS | Authorization | Default group file exec permission |
| K1328I00P545 | Dell EMC ECS | Authorization | Default group file read permission |
| K1328I00P550 | Dell EMC ECS | Authorization | Default group file write permission |
| K1328I00P555 | Dell EMC ECS | Authorization | S3 bucket acl |
| K1328I00P560 | Dell EMC ECS | Backup and Recovery | Bucket auto-commit configuration |
| K1328I00P565 | Dell EMC ECS | Backup and Recovery | Bucket compliance status |
| K1328I00P570 | Dell EMC ECS | Backup and Recovery | Bucket retention enforcemnt |
| K1328I00P575 | Dell EMC ECS | Backup and Recovery | Bucket retention settings |
| K1328I00P580 | Dell EMC ECS | Backup and Recovery | Default bucket retention |
| K1328I00P585 | Dell EMC ECS | Backup and Recovery | Default object lock retention |
| K1328I00P590 | Dell EMC ECS | Backup and Recovery | Default object lock retention mode |
| K1328I00P595 | Dell EMC ECS | Backup and Recovery | Fixed retention configuration |
| K1328I00P600 | Dell EMC ECS | Backup and Recovery | Full replication |
| K1328I00P605 | Dell EMC ECS | Backup and Recovery | Namespace compliance status |
| K1328I00P610 | Dell EMC ECS | Backup and Recovery | Namespace retention policy configuration |
| K1328I00P615 | Dell EMC ECS | Backup and Recovery | Replication configuration |
| K1328I00P620 | Dell EMC ECS | Backup and Recovery | Replication mode |
| K1328I00P625 | Dell EMC ECS | Backup and Recovery | RPO alert |
| K1328I00P630 | Dell EMC ECS | Backup and Recovery | S3 Bucket lock configuration |
| K1328I00P635 | Dell EMC ECS | Backup and Recovery | S3 Bucket Versioning |
| K1328I00P640 | Dell EMC ECS | Backup and Recovery | Variable retention configuration |
| K1328I00P645 | Dell EMC ECS | Backup and Recovery | Varray protection |
| K1328I00P650 | Dell EMC ECS | Configuration Management | DNS server configuration |
| K1328I00P655 | Dell EMC ECS | Configuration Management | DNS server redundancy |
| K1328I00P660 | Dell EMC ECS | Configuration Management | DNS service status |
| K1328I00P665 | Dell EMC ECS | Configuration Management | ECS CLI version |
| K1328I00P670 | Dell EMC ECS | Configuration Management | ECS streamer version |
| K1328I00P675 | Dell EMC ECS | Configuration Management | Fcli health |
| K1328I00P680 | Dell EMC ECS | Configuration Management | Firmware version |
| K1328I00P685 | Dell EMC ECS | Configuration Management | NFS version |
| K1328I00P690 | Dell EMC ECS | Configuration Management | Node list (MACHINES) |
| K1328I00P695 | Dell EMC ECS | Configuration Management | Target ECS version |
| K1328I00P700 | Dell EMC ECS | Configuration Management | Target node version |
| K1328I00P705 | Dell EMC ECS | Configuration Management | xDoctor Auto update status |
| K1328I00P710 | Dell EMC ECS | Configuration Management | xDoctor version |
| K1328I00P715 | Dell EMC ECS | Encryption | Data encryption enforcement (namespace) |
| K1328I00P720 | Dell EMC ECS | Encryption | Email SSL |
| K1328I00P725 | Dell EMC ECS | Encryption | Event encryption |
| K1328I00P730 | Dell EMC ECS | Encryption | Openssl configuration |
| K1328I00P735 | Dell EMC ECS | Encryption | Server side encryption |
| K1328I00P740 | Dell EMC ECS | Encryption | SMTP TLS |
| K1328I00P745 | Dell EMC ECS | Encryption | SNMP privacy |
| K1328I00P750 | Dell EMC ECS | Encryption | SNMP privacy algorithm strength |
| K1328I00P755 | Dell EMC ECS | Encryption | SSL certificate status |
| K1328I00P760 | Dell EMC ECS | Encryption | TLS level |
| K1328I00P765 | Dell EMC ECS | Encryption | Truststore accept_all_certificates |
| K1328I00P770 | Dell EMC ECS | Encryption | Use of secure LDAP |
| K1328I00P775 | Dell EMC ECS | Encryption | VDC encryption |
| K1328I00P780 | Dell EMC ECS | Encryption | xDoctor Auto update secure protocol |
| K1328I00P785 | Dell EMC ECS | Information Security | Management, data and replication separation |
| K1328I00P790 | Dell EMC ECS | Information Security | NFS exports |
| K1328I00P795 | Dell EMC ECS | Information Security | Support data scrubbing |
| K1328I00P800 | Dell EMC ECS | Inventory | ECS CLI client list |
| K1328I00P805 | Dell EMC ECS | Inventory | ECS node list |
| K1328I00P810 | Dell EMC ECS | Inventory | ECS streamer |
| K1328I00P815 | Dell EMC ECS | Inventory | ECS switch list |
| K1328I00P820 | Dell EMC ECS | Inventory | ECS system list |
| K1328I00P825 | Dell EMC ECS | Monitoring | Alert policy configuration |
| K1328I00P830 | Dell EMC ECS | Monitoring | Call home state |
| K1328I00P835 | Dell EMC ECS | Monitoring | Email events status |
| K1328I00P840 | Dell EMC ECS | Monitoring | ESRS configuration |
| K1328I00P845 | Dell EMC ECS | Monitoring | ESRS status |
| K1328I00P850 | Dell EMC ECS | Monitoring | IPMI alerting |
| K1328I00P855 | Dell EMC ECS | Monitoring | SNMP service status |
| K1328I00P860 | Dell EMC ECS | Services and Protocols | Filesystem access |
| K1328I00P865 | Dell EMC ECS | Services and Protocols | IPMI status |
| K1328I00P870 | Dell EMC ECS | Services and Protocols | IPv6 status |
| K1328I00P875 | Dell EMC ECS | Services and Protocols | Telnet service status |
| K1328I00P880 | Dell EMC ECS | Services and Protocols | Unused services (atmos) |
| K1328I00P885 | Dell EMC ECS | Services and Protocols | Unused services (s3) |
| K1328I00P890 | Dell EMC ECS | Services and Protocols | Unused services (swift) |
| K1328I00P895 | Dell EMC ECS | Services and Protocols | Unused services (nfs) |
| K1328I00P900 | Dell EMC ECS | Services and Protocols | Unused services (hdfs) |
| K1328I00P905 | Dell EMC ECS | Services and Protocols | Unused services (cas) |
| K1328I00P910 | Dell EMC ECS | Services and Protocols | Unused ports |
| K1328I00P915 | Dell EMC ECS | Services and Protocols | Disable SNMP if not used |
| K1328I00P920 | Dell EMC ECS | Services and Protocols | Disable remote support if not used |
| ... and more. |
|
Interested to learn about StorageGuard secure configuration checks for Dell EMC ECS?
|
||
|
|
|
|
Comments
0 comments
Please sign in to leave a comment.