Difference between revisions of "Vuln ssh noadmin"
m |
m |
||
| Line 13: | Line 13: | ||
Step 1: Log into the ASL GUI, click on Configuration and select the ASL configuration menu option. This will open the ASL configuration screen. | Step 1: Log into the ASL GUI, click on Configuration and select the ASL configuration menu option. This will open the ASL configuration screen. | ||
| − | Step 2: Scroll down to ADMIN_USERS and set this to the users on your system that you have configured SSH keys for. | + | Step 2: Scroll down to ADMIN_USERS and set this to the users on your system that you have configured SSH keys for. |
| − | Step | + | https://www.atomicorp.com/wiki/index.php?title=ASL_Configuration#ADMIN_USERS |
| + | |||
| + | Step 3: Click the "update" button. | ||
This will resolve this vulnerability. | This will resolve this vulnerability. | ||
Revision as of 11:08, 31 May 2015
Vulnerability
No Administrative users are defined
Explanation
Administrative users are the users that maintain this system, that should su or sudo to root. This test verifies that administrative users are defined. It is not recommended to manage the system by directly logging in as root.
Next Steps
If this risk is unacceptable for your system, then you will want to disable this capability in PHP.
Step 1: Log into the ASL GUI, click on Configuration and select the ASL configuration menu option. This will open the ASL configuration screen.
Step 2: Scroll down to ADMIN_USERS and set this to the users on your system that you have configured SSH keys for.
https://www.atomicorp.com/wiki/index.php?title=ASL_Configuration#ADMIN_USERS
Step 3: Click the "update" button.
This will resolve this vulnerability.
