Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-237824 | HP3P-32-001501 | SV-237824r647881_rule | High |
Description |
---|
While LDAP allows the storage system to support stronger authentication and provides additional auditing, it also places a dependency on an external entity in the operational environment. The existence of a single local account with a strong password means that administrators can continue to access the storage system in the event the LDAP system is temporarily unavailable. |
STIG | Date |
---|---|
HPE 3PAR StoreServ 3.2.x Security Technical Implementation Guide | 2021-11-23 |
Check Text ( C-41034r647879_chk ) |
---|
Verify that only essential local accounts are configured. Enter the following command: cli% showuser If the output shows users other than the four accounts below, this is a finding: 3paradm 3parsvc 3parsnmpuser 3parcimuser |
Fix Text (F-40993r647880_fix) |
---|
Display users with the following command: cli% showuser If the accounts "3parbrowse", "3paredit", or "3parservice" exist, see HP3P-32-001504 for removal instructions specific to these accounts. If the account "3parcimuser" exists see HP3P-32-001002 for removal instructions specific to that account. Otherwise, remove all accounts except "3paradm", "3parsvc", "3parsnmpuser", and "3parcimuser" using the following command: cli% removeuser Confirm the operation with "y". |