Difference between revisions of "Vuln ssh noadmin"

From Atomicorp Wiki
Jump to: navigation, search
m (Next Steps)
m (Next Steps)
Line 9: Line 9:
 
= Next Steps =
 
= Next Steps =
  
If this risk is unacceptable for your system, then you will want to disable this capability on your system:
+
If this risk is unacceptable for your system, then you will want to configure administrative users for your system.  Please follow the steps below:
  
 
Step 1: Log into the ASL GUI, click on Configuration and select the ASL configuration menu option.  This will open the ASL configuration screen.   
 
Step 1: Log into the ASL GUI, click on Configuration and select the ASL configuration menu option.  This will open the ASL configuration screen.   
Line 16: Line 16:
  
 
https://www.atomicorp.com/wiki/index.php?title=ASL_Configuration#ADMIN_USERS  
 
https://www.atomicorp.com/wiki/index.php?title=ASL_Configuration#ADMIN_USERS  
 +
 +
If you need assistance setting up SSH keys for these users, please see the [[SSH keys]] article.
  
 
Step 3: Check to make sure you have correctly configured your admin users accounts by following the instructions in this document [[SSH keys]].
 
Step 3: Check to make sure you have correctly configured your admin users accounts by following the instructions in this document [[SSH keys]].

Revision as of 12:18, 31 May 2015

Vulnerability

No Administrative users are defined

Explanation

Administrative users are the users that maintain this system, that should su or sudo to root. This test verifies that administrative users are defined. It is not recommended to manage the system by directly logging in as root.

Next Steps

If this risk is unacceptable for your system, then you will want to configure administrative users for your system. Please follow the steps below:

Step 1: Log into the ASL GUI, click on Configuration and select the ASL configuration menu option. This will open the ASL configuration screen.

Step 2: Scroll down to ADMIN_USERS and set this to the users on your system that you have configured SSH keys for.

https://www.atomicorp.com/wiki/index.php?title=ASL_Configuration#ADMIN_USERS

If you need assistance setting up SSH keys for these users, please see the SSH keys article.

Step 3: Check to make sure you have correctly configured your admin users accounts by following the instructions in this document SSH keys.

Step 4: Click the "update" button.

This will resolve this vulnerability.

Personal tools