09-18-2020 08:50 AM
I'm evaluating Expedition to assist with an internal project, and while reviewing the installation script, I noticed a couple massive red flags.
First, the root account is given a hard-coded, easy to guess password: 'paloalto'. This is done for both the Linux host, as well as the MariaDB service. Second, the SSH service is reconfigured to allow root to log in remotely using a password. These changes occur starting on line 97 of the initSetup.sh script.
printTitleWait "Changing CLI root password to 'paloalto'"
echo -e "paloalto\npaloalto" | passwd root
printTitleWait "Installing SSHD service"
sudo apt-get install -y openssh-server
printTitle "Enabling ROOT ssh access"
filePath=/etc/ssh/sshd_config
lineToChange=$(grep -n "PermitRootLogin prohibit-password" $filePath | awk -F ':' '{print $1}')
sed -i "${lineToChange}s/.*/ PermitRootLogin yes/" $filePath;
I've reviewed multiple versions of the admin guide, hardening guide, installation video, etc. It is mentioned that it is very important to change the GUI admin account and expedition CLI user (for the older OVA build), but nothing appears to be said about the root account of the server. I've also confirmed that the root account can indeed be logged into using this password via SSH, post installation.
What in Expedition requires the ability for root to be logged into with this password? Can the CLI root account be changed, and SSH password-based login for root disabled?
09-18-2020 02:09 PM
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
