Basic Security: Difference between revisions
No edit summary |
No edit summary |
||
| Line 1: | Line 1: | ||
This is a basic guideline for securing TELEM-GWM. It is assumed that reader is familiar with TELEM-GWM configuration software gws.exe. | This is a basic guideline for securing TELEM-GWM. It is assumed that reader is familiar with TELEM-GWM configuration software gws.exe and has used Linux command line interface before. | ||
== Account Management == | == Account Management == | ||
| Line 38: | Line 38: | ||
<br /> | <br /> | ||
gws.exe can be used to change passwords by pressing “Change Password” at “SSH Settings” dialog. | gws.exe can be used to change passwords by pressing “Change Password” at “SSH Settings” dialog. | ||
=== Adding New Users and Removing Old Accounts === | |||
New user can be created with command adduser. For instance: | |||
<pre> | |||
root@Telem-GWM ~ $ adduser myco | |||
Changing password for myco | |||
New password: | |||
Retype password: | |||
Password for myco changed by root | |||
root@Telem-GWM | |||
</pre> | |||
creates new user myco. If new user needs the ability to configure the device it needs to be in the group gws. This can be done with command adduser. For instance: | |||
<pre> | |||
root@Telem-GWM ~ $ adduser -G gws myco2 | |||
Changing password for myco2 | |||
New password: | |||
Retype password: | |||
Password for myco2 changed by root | |||
root@Telem-GWM ~ $ | |||
</pre> | |||
creates new user myco2 and adds it to group gws so that myco2 can change configuration. | |||
Now user martem can be deleted with command deluser. For instance: | |||
<pre> | |||
root@Telem-GWM ~ $ deluser martem | |||
root@Telem-GWM ~ $ rm -r /home/martem/ | |||
root@Telem-GWM ~ $ | |||
</pre> | |||
deletes user martem and it's home directory. | |||
Revision as of 05:31, 27 May 2013
This is a basic guideline for securing TELEM-GWM. It is assumed that reader is familiar with TELEM-GWM configuration software gws.exe and has used Linux command line interface before.
Account Management
As the configuration of the TELEM-GWM is done over SSH it is important to change the default accounts passwords. As a minimum change the passwords for users martem and root.
Changing the Default Account Credentials
TELEM-GWM chips with default accounts and known passwords. By default two accounts have passwords set. Only user martem can be used for changing the configuration of the device as root is not permit by SSH daemon configuration.
Here is the default /etc/shadow files content:
root@Telem-GWM ~ $ cat /etc/shadow root:$1$Urv3LxYa$hf.UwazXZLYQmhZ2KWfdk1:10933:0:99999:7::: bin:*:10933:0:99999:7::: daemon:*:10933:0:99999:7::: adm:*:10933:0:99999:7::: lp:*:10933:0:99999:7::: sync:*:10933:0:99999:7::: shutdown:*:10933:0:99999:7::: halt:*:10933:0:99999:7::: uucp:*:10933:0:99999:7::: operator:*:10933:0:99999:7::: nobody:*:10933:0:99999:7::: default:*:10933:0:99999:7::: martem:$1$9Z9vTc0h$eWWGwJgXC6H2o65V1p0Tl1:14477:0:99999:7::: root@Telem-GWM ~ $
From command prompt issue command passwd to change current users password. For instance:
root@Telem-GWM ~ $ passwd Changing password for root New password: Retype password: Password for root changed by root root@Telem-GWM ~ $
changes password for root. Similarly password for user martem can be changed.
gws.exe can be used to change passwords by pressing “Change Password” at “SSH Settings” dialog.
Adding New Users and Removing Old Accounts
New user can be created with command adduser. For instance:
root@Telem-GWM ~ $ adduser myco Changing password for myco New password: Retype password: Password for myco changed by root root@Telem-GWM
creates new user myco. If new user needs the ability to configure the device it needs to be in the group gws. This can be done with command adduser. For instance:
root@Telem-GWM ~ $ adduser -G gws myco2 Changing password for myco2 New password: Retype password: Password for myco2 changed by root root@Telem-GWM ~ $
creates new user myco2 and adds it to group gws so that myco2 can change configuration.
Now user martem can be deleted with command deluser. For instance:
root@Telem-GWM ~ $ deluser martem root@Telem-GWM ~ $ rm -r /home/martem/ root@Telem-GWM ~ $
deletes user martem and it's home directory.