Title

Default administrator account is used to access the administration tool. (Cat I impact)

Discussion

The default administrator account, “admin”, does not provide an audit trail of who logged in and the default password may be easily guessed or be publicly known. If system administrators use the “admin” account, this could potentially allow modifications to the Sun Ray system with no user accountability. Also, unauthorized users may gain access to the administration tool and make modifications that disable the Sun Ray system. Therefore, system administrators will have individual user accounts to administer the Sun Ray Server, and the “admin” account will be removed to ensure that audit trails are present.

Check Content

1. Open a terminal command line on the Sun Ray server. Perform the following: # /opt/SUNWut/sbin/utadminuser admin If the admin user is returned, this is a finding. 2. Then verify that the following /etc/pam.conf file has the following entries: Use the following command to locate them. # cat /etc/pam.conf | grep utadmingui # added to utadmingui by Sun Ray Server Software -- utadmingui utadmingui auth requisite pam_authtok_get.so.1 utadmingui auth required pam_dhkeys.so.1 utadmingui auth required pam_unix_cred.so.1 utadmingui auth required pam_unix_auth.so.1 If the above entries are not in the /etc/pam.conf file, then the alternate username specified to administer the Sun Ray administration tool will not work. If above entries are not in the pam.conf file, this is a finding.

Fix Text

Configure individual usernames to access the Sun Ray administration console.

Additional Identifiers

Rule ID:

Vulnerability ID: V-16071

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.