...
This is a checklist of default settings that should be changed to secure your Opmantek Applications.
1. General Configuration
1.1 Configuring SSL for web access to GUI
If you are using the Opmantek VM, refer to this wiki:
https://docs.community.opmantekfirstwave.com/wiki/display/opCommon/Configuring+Virtual+Host+SSL+or+TLS+on+the+Opmantek+Virtual+Machine
Some additional information not on the page. Skip steps 1-2 if you don’t want to use a self-signed cert. Just place your trust authority signed certs in the /etc/ssl/certs directory
...
Code Block |
---|
#depending on the linux flavour used, the apache restart command with be one of the following: systemctl restart apache2 service httpd restart |
...
1.2. Change default passwords
For web users, nmis and admin, needs to be done in NMIS and Open-AudIT
1.
...
2.1
...
NMIS
Details on how to change to NMIS default passwords can be found here:
https://docs.community.opmantekfirstwave.com/wiki/display/NMIS/Default+Credentials+%28Passwords%29+for+NMIS8+and+NMIS9+VMs
1.
...
2.
...
2 Open-AudIT
Details on how to change the default Open-AudIT passwords can be found here:
https://docs.community.opmantekfirstwave.com/wiki/display/OA/Information+about+default+users+and+passwords
1.
...
3. Remove unrequired users from system
...
There are a few user accounts created by default in NMIS. You should review these accounts and remove if necessary.
To view these accounts go to: NMIS → System → System Configuration → Users
Accounts that you should consider reviewing are: dc_ops, etcwan_ops.
2. Opmantek VM specific
...
2.1. Change omkadmin Linux user password:
...
Code Block |
---|
# If you |
...
passwd omkadmin
If you are logged in as omkadmin:
passwd
...
are logged in a superuser
passwd omkadmin
# If you are logged in as omkadmin:
passwd |
3. Linux Specific
Some extended things which are more about hardening Linux, we could refer to some existing internet pages.
Decide on only permitting SSH keys (no passwords to the VM).
Password required for SUDO accessSSH keys are more secure that using password so should be considered for access to the Opmantek VM. Some details on setting up SSH keys can be found here.
SUDO is the preferred method of providing superuser privileges to users. By default, when you invoke the sudo command, you will be prompted for your own password. This function can be turned off if required (see this link). For example, you may want to temporarily to run some scripts as a superuser.