/etc/passwd

/etc/group

/etc/shadow

/etc/gshadow

Delta

Add users and groups required by Communication Manager. Remove groups that are not required.

Yes

No

The SMI Web page Administrator Accounts allows the user to create or remove Communication Manager administrators. Communication Manager also creates Services accounts.

/etc/snmp/snmpd.conf

/var/lib/net-snmp/snmpd.conf

/etc/snmp/snmptrapd.conf

/var/lib/net-snmp/snmptrapd.conf

Delta

Administer SNMP communities (v1/v2c) and users (v3).

Administer SNMP incoming traps.

Yes

No

The SMI Web interface allows the user to create or remove SNMP users. Also, allow configuration of the trap receiver, fault, and performance filters.

/etc/hosts

Delta

Entries are added for current host and duplicated server

Yes

No

The SMI Web interface allows configuration of host names.

/etc/hostname

Replace

Update hostname with the value configured during install.

Yes

No

The SMI Web interface allows configuration of host names.

/etc/aliases

Delta

Remove decode alias.

Yes

No

Security vulnerability.

/etc/sysconfig/network-scripts/route-eth<n>

Delta

Configuration of static routes.

Yes

No

The SMI Web page Static Routes allows configuration of static routes.

/etc/sysconfig/network-scripts/ifcfg-eth<0-2>

Delta

Configuration of the Ethernet interfaces IP addresses.

No

No

The SMI Web interface allows configuration of IP addresses. The files should not be changed.

/etc/chrony.conf

Replace

Configuration of NTP servers.

Yes

No

The SMI Web interface allows configuration of NTP servers.

/etc/systemd/system/multi-user.target.wants/chronyd.service remove /etc/ntp/drift

Replace

Enable NTP.

No

Yes

Enable NTP service.

/etc/resolv.conf

Delta

Configure DNS and domain.

Yes

No

The SMI Web page Network Configuration and installation choices allows configuration of DNS, domain, search domain.

/etc/syconfig/network

Delta

Configure hostname and default gateways.

Yes

No

The SMI Web page Login Account Policy allows configuration of Web and CLI inactivity timeouts.

/etc/profile.d/umask.sh

Replace

Comments only. No operating system changes.

No

No

The file is for documentation purposes only.

/etc/login.defs

Delta

Updates UID_MIN to 1000, to keep Communication Manager logins separate. Updates the password aging control.

Set password expiration and lockout periods.

Yes

No

The SMI Web page Login Account Policy allows configuring the 'Credential Expiration parameters'.

/etc/security/limits.conf

/etc/security/pwquality.conf

Replace

Configure max number of logins and user's password complexity.

Yes

See Note

No

The SMI Web page Login Account Policy allows configuration of password complexity.

/etc/localtime

/etc/sysconfig/clock

Replace

Configure the time zone.

Yes

No

The SMI Web page Time Zone configuration allows configuration of the time zone.

/etc/pam.d/mv-auth

/etc/pam.d/crond

/etc/pam.d/cm

/etc/pam.d/smi_web

/etc/pam.d/hp-sshd

Replace

Set authorization and account policies for SSH and Web access.

Yes

See Note

No

/etc/pam.d/atd

/etc/pam.d/chfn

/etc/pam.d/chsh

/etc/pam.d/config-util

/etc/pam.d/crond

/etc/pam.d/login

/etc/pam.d/passwd

/etc/pam.d/polkit-1

/etc/pam.d/ppp

/etc/pam.d/remote

/etc/pam.d/screen

/etc/pam.d/smtp

/etc/pam.d/smtp.postfix

/etc/pam.d/sshd

/etc/pam.d/su

/etc/pam.d/sudo

/etc/pam.d/systemd-user

/etc/pam.d/vlock

Delta

Set authorization and account policies for SSH and Web access. use Communication Manager PAM stack.

Yes

See Note

No

/etc/ssh/sshd_config

/etc/ssh/hp-sshd_config

/etc/ssh/ssh_config

Replace

Configure SSH access to bash and SAT.

Yes

See Note

No

/etc/shells

Delta

Add shells: 'nologin', 'eula_shell', and 'ppp-login'.

Yes

No

Required by Communication Manager.

/etc/nsswitch.conf

Replace

Configure LDAP access.

Yes

See Note

No

/etc/rc.d/init.d/*

Replace

Communication Manager adds initialization scripts.

No

Yes

These are the initialization scripts required for Communication Manager to start after a reboot

/etc/rc.modules

Replace

Make sure upper level SCSI and software watchdog are present.

Yes

Yes

/etc/sysconfig/iptables

/etc/sysconfig/ip6tables

Replace

Configure firewall for all Communication Manager connections.

Yes

See Note

No

/etc/rsyncd.conf

Replace

Required for synchronization of Communication Manager configuration files.

No

Yes

/etc/at.deny

/etc/cron.deny

/etc/cron.allow

Delta

Remove 'at' and 'cron' capability for some service logins.

Only root is allowed to run cron.

Yes

No

Security related change.

/etc/ld.so.conf

Delta

Add paths to Communication Manager libraries.

Yes

No

/etc/issue

/etc/issue.avaya

Replace

Add default Communication Manager login banner.

Yes

No

/etc/syslog.conf

/etc/sysconfig/rsyslog

Replace

Syslog configuration.

Yes

Yes

The SMI Web page Syslog Server allows configuration of syslog.

/etc/selinux/config

Delta

Disable SELinux.

Yes

See Note

No

/etc/audit/auditd.conf

/etc/audit/rules.d/audit.rules

Replace

Configure operating system level auditing. Disabled by default.

Yes

See Note

Yes

/etc/services

Replace

Older version of the file with added Communication Manager services (SAT, H.248, messaging).

Yes

Yes

/etc/logrotate.conf

/etc/logrotate.d/chistory

/etc/logrotate.d/httpd

/etc/logrotate.d/krm_rotate

/etc/logrotate.d/syslog

/etc/logrotate.d/syslog_rotate

/etc/logrotate.d/avaya.logrotate

Replace

Configure a log rotation period and disk usage.

Yes

Yes

Changes may be lost after a Communication Manager update. Some files are for Communication Manager specific logs only.

/etc/nscd.conf

Replace

Configure Name Services cache by removing caching of hosts.

Yes

Yes

/etc/sysctl.conf

/etc/sysctl.d/99-sysctl.conf

Replace

Customized operating system and networking parameters.

Yes

Yes

Should not be changed.

/etc/httpd/conf/httpd.conf

/etc/httpd/conf.d/ssl.conf

Delta

Configure the Apache HTTP service for SMI Web interface.

No

Yes

Communication Manager requires control of the httpd configuration for the SMI Web interface. Communication Manager also adds configuration files in the same /etc/httpd/conf.d directory.

/etc/ppp/options

/etc/ppp/ip-up.local

/etc/ppp/ip-down.local

/etc/ppp/ppp-login

Replace

Set global PPP options.

Yes

Yes

/etc/sysconfig/crond

Replace

Turn off all mail from cron job.

Yes

Yes

Cron configuration files are also added to /etc/cron.d

/etc/sysconfig/init

Replace

Change the terminal font for success, failure, and warning to bold that is easier to see in color.

Yes

Yes

/etc/fstab

Delta

Add security setting for cdrom, floppy, tmpfs, sysfs if present.

Yes

No

/etc/php.ini

Replace

Configure PHP used by the SMI and other Communication Manager scripts.

Yes

Yes

/etc/systemd/system/rsyslog.socket

/etc/systemd/system/rsyslog.service

/etc/systemd/system/nbsyslog.socket

/etc/systemd/system/nbsyslog.service

/etc/systemd/system/hp-sshd.service

/etc/systemd/system/httpd.service

/etc/systemd/system/fixFstab.service

/etc/systemd/system/rngd.service

/etc/systemd/system/auto_upgr.service

Replace (add)

Services initialization scripts for systemd.

Yes

Yes

Services needed by Communication Manager.

/etc/aide.conf

/etc/cron.daily/aide

Replace

Configuration files for the AIDE intrusion detection.

Yes (See Note)

No

To enable or disable AIDE, use the command: setCMAide <enabled | disabled>

/etc/termcap

Replace (add)

This configures terminal capability for legacy terminals.

Yes

Yes

/etc/vimrc

Replace (add)

System wide vim initializations.

Yes

Yes

/etc/sysconfig/apm-scripts/apmcontinue

/etc/sysconfig/harddiskhda

/etc/sysconfig/harddiskhdc

/etc/sysconfig/i18n

/etc/sendmail.cf

/etc/man.config

Replace (add)

These files are no longer used or needed by the operating system.

Yes

Yes