Default administrator account is used to access the administration tool.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-16071	SUN0070	SV-17058r1_rule	ECCD-1 ECCD-2	High

Description
The default administrator account, “admin”, does not provide an audit trail of who logged in and the default password may be easily guessed or be publicly known. If system administrators use the “admin” account, this could potentially allow modifications to the Sun Ray system with no user accountability. Also, unauthorized users may gain access to the administration tool and make modifications that disable the Sun Ray system. Therefore, system administrators will have individual user accounts to administer the Sun Ray Server, and the “admin” account will be removed to ensure that audit trails are present.

Description

The default administrator account, “admin”, does not provide an audit trail of who logged in and the default password may be easily guessed or be publicly known. If system administrators use the “admin” account, this could potentially allow modifications to the Sun Ray system with no user accountability. Also, unauthorized users may gain access to the administration tool and make modifications that disable the Sun Ray system. Therefore, system administrators will have individual user accounts to administer the Sun Ray Server, and the “admin” account will be removed to ensure that audit trails are present.

STIG	Date
Sun Ray 4 STIG	2015-04-02

Details

Check Text ( C-17114r1_chk )
1. Open a terminal command line on the Sun Ray server. Perform the following: # /opt/SUNWut/sbin/utadminuser admin If the admin user is returned, this is a finding. 2. Then verify that the following /etc/pam.conf file has the following entries: Use the following command to locate them. # cat /etc/pam.conf \| grep utadmingui # added to utadmingui by Sun Ray Server Software -- utadmingui utadmingui auth requisite pam_authtok_get.so.1 utadmingui auth required pam_dhkeys.so.1 utadmingui auth required pam_unix_cred.so.1 utadmingui auth required pam_unix_auth.so.1 If the above entries are not in the /etc/pam.conf file, then the alternate username specified to administer the Sun Ray administration tool will not work. If above entries are not in the pam.conf file, this is a finding.

Check Text ( C-17114r1_chk )

1. Open a terminal command line on the Sun Ray server. Perform the following:
# /opt/SUNWut/sbin/utadminuser
admin

If the admin user is returned, this is a finding.

2. Then verify that the following /etc/pam.conf file has the following entries:
Use the following command to locate them.
# cat /etc/pam.conf | grep utadmingui

# added to utadmingui by Sun Ray Server Software -- utadmingui
utadmingui auth requisite pam_authtok_get.so.1
utadmingui auth required pam_dhkeys.so.1
utadmingui auth required pam_unix_cred.so.1
utadmingui auth required pam_unix_auth.so.1

If the above entries are not in the /etc/pam.conf file, then the alternate username specified to administer the Sun Ray administration tool will not work.

If above entries are not in the pam.conf file, this is a finding.

Fix Text (F-16176r1_fix)
Configure individual usernames to access the Sun Ray administration console.