Dell MX9116n SmartFabric OS10 Security Best Practices Guide July 2020 - Page 4
OS10 security best practices, On first boot - default password
View all Dell MX9116n manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 4 highlights
1 OS10 security best practices This document provides a set of recommendations for securing switches that run Dell EMC SmartFabric OS10. For detailed configuration, see the Dell EMC SmartFabric OS10 User Guide. You can find Dell EMC documentation at https://www.dell.com/support/. Applicability The recommendations provided in this document apply up to Dell EMC SmartFabric OS10.5.1.x. On first boot When you boot the switch for the first time, the system performs Zero-touch deployment (ZTD). ZTD automates OS10 image upgrade, runs a CLI batch file to configure the switch, and runs post-ZTD scripts to perform additional functions. ZTD is enabled by default on the system. If you do not use ZTD, you may disable ZTD using the ztd cancel command. After first login to OS10, change the default password and upgrade O10 to the latest version which may contain new features and security fixes. Change the default CLI password Rationale: When you log in to the switch for the first time, the system prompts you to enter a username to enter the command-line interface. To log in to OS10 for the first time, enter admin as the username and the password. Change the default admin password after your first login to something secure or create at least one OS10 user with the sysadmin role and delete the default admin username. The system saves the new password for future logins. After you change the password using the CLI, use the write memory command to save the configuration. Configuration: OS10# configure terminal % Error: ZTD is in progress(configuration is locked). OS10# ztd cancel OS10# configure terminal OS10(config)# username admin password new-password role sysadmin OS10(config)# exit OS10# write memory Change the default linuxadmin password Rationale: You use the Linux shell for troubleshooting and diagnostic purposes. After the first OS10 login, enter linuxadmin for both the default Linux shell username and password and change the default linuxadmin password. The system saves the new password for future logins. After you change the password using the CLI, use the write memory command to save the configuration. Configuration: OS10# configure terminal OS10(config)# system-user linuxadmin password {clear-text-password | hashed-password} OS10(config)# exit OS10# write memory Disable the linuxadmin account Rationale: If you do not want your users to access the Linux shell, disable the linuxadmin account. Configuration: OS10(config)# system-user linuxadmin disable OS10(config)# exit OS10# write memory Disable access to Linux commands 4 OS10 security best practices