No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

OceanStor 9000 V100R001C01 Security Maintenance 08

Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
WushanFS

WushanFS

WushanFS is used to store unstructured data such as video. This section lists the accounts used in WushanFS and introduces the management methods.

Overview of Account Information

This section lists the accounts used in WushanFS.

Table 1-1 lists the accounts.

NOTE:
Change the default system accounts after first logging in, and change the password periodically.
Table 1-1  System account list

System Type

Account

Default Password

Change Method

Description

Operating system

root

Root@storage

Changing the Password of Operating System Account root

Log in to the operating system as user root for system maintenance.

The account will be locked if entering the wrong password three times.

Clean the system

root

Clean@storage

Changing the Password of the Clean Script

Log in to the system as user root and restore the system to default settings.

SmartKit

admin

Admin@storage

Changing the Password of SmartKit account admin

Use the default account to log in to the system and implement deployment. After the deployment is complete, log in to the system as the super administrator to expand and upgrade the system.

The account will be locked if entering the wrong password three times.

DeviceManager and CLI

admin

Admin@storage

Changing the Password of DeviceManager and CLI Account admin

Log in to DeviceManager or CLI using the admin account to manage OceanStor 9000.

The account will be locked if entering the wrong password three times by default. You can set the allowed times after you loging in DeviceManager and choose Settings > Permission Settings > Security Policy.

DeviceManager and CLI

securityAdmin

Admin@storage

Changing the Password of DeviceManager and CLI Account securityAdmin

Data encryption administrator that can manage key files, including regenerating, backing up, and recovering key files.

The account will be locked if entering the wrong password three times by default. You can set the allowed times after you loging in DeviceManager and choose Settings > Permission Settings > Security Policy.

IPMI

admin

Admin@storage

Changing the Password of IPMI Account admin

Manage and maintain the node device.

The account will be locked if entering the wrong password three times.

SNMP

Kaimse

Admin@123

Changing the Password of SNMP Account Kaimse

Connect to a third-party network management system.

The account will be locked if entering the wrong password three times.

NOTE:

When you start SNMP for the first time, change the default password.

SFTP

omsftp

Omsftp@Storage

Changing the Password of SFTP Account omsftp

SFTP is used to transfer data between SystemReporter and OceanStor 9000.

The account will be locked if entering the wrong password three times.

Resource user

default_user

user_default@123

Changing the Password of Resource User Account default_user

The default local authentication user.

It can be set as an access account of CIFS and FTP shared directories.

The account will be locked if entering the wrong password three times.

There are some internal system accounts. They can only be used for system management and not allowed to change those passwords. Table 1-2 describes the internal system account list.
Table 1-2  Internal system account list

System User

Usage

ismUser

Account for starting the DeviceManager

bin

Built-in Linux account, related to binary programs

daemon

System account for controlling background processes

lp

Printer account

mail

Account that has processes and files related to emails

games

Account for games

wwwrun

Account for running Apache

ftp

Account for File Transfer Protocol (FTP)

nobody

Default anonymous Linux account

messagebus

Account for transmitting messages among system processes

haldaemon

Account for monitoring hardware status changes

sshd

SSHD daemon

at

Account for running the daemon of batch processing jobs

uuidd

Account for running the UUID library daemon and for generating time-based UUIDs in a secure and unique manner

postfix

Account for the Postfix service

polkituser

Account for enhancing the permissions of and setting permission policies for non-root users

ntp

Account for Network Time Protocol (NTP)

pulse

Account for the PulseAudio service

suse-ncc

Account for registering with the Novell website after connecting to the website through YaST

gdm

Account for managing the GNOME monitor

man

Account for viewing reference documents built in the system

news

Account used by various news servers and related programs in various modes

uucp

Account that has the UNIX-to-UNIX copy (UUCP) tool and file, and runs the UUCP program

dhcpd

Account for the DHCPD service

Changing the Password of an Account

For security purposes, you need to periodically change the passwords of related accounts used in WushanFS. New passwords must meet the complexity rules.

Changing the Password of Operating System Account root

The following methods can be used:

  • Log in to the system using PuTTY as user root. Enter passwd and set a new password for user root.
  • Log in to DeviceManager as super administrator, choose Settings > Cluster Settings > Cluster Node Settings, select the nodes whose passwords you want to change, and click Change Password of User Root.
  • CLI command method:
    1. Use SSH to log in remotely to the management storage node (marked with WushanFS management IP address) as user root.
    2. Run /startup_disk/image/ISM/ism_ap/CLI/ismcli/start.sh -u admin -ip 127.0.0.1 -port 8080 to log in to the CLI.
    3. Run change system root_password to enter a password as prompted.

Password rule:

When changing the password using PuTTY, the rule is that: a password must be at least 8 characters in length and contains special characters and at least two types of lowercase letters, uppercase letters, and digits. It cannot be the same as the user name or the user name typed backwards. It cannot be the same as the used passwords or part of one used password.

When changing the password using CLI or DeviceManager, the rule is that: a password must be 8 to 16 characters in length and contains special characters and at least two types of lowercase letters, uppercase letters, and digits. It cannot be the same as the user name or the user name typed backwards.

Modify the file /etc/pam.d/common-password may lead to disable the password complexity policy. This operation has security risks, so you are advised not to perform this operation.
Changing the Password of SmartKit account admin

After logging in to the system, click Change Password in the upper right corner of the main window.

NOTE:

This method is applicable to the deployment phase only. After the deployment is complete, the method of changing the password is the same as that on the DeviceManager and CLI.

The password changed by this method only effects during deployment phase. After the deployment is complete, the password will be reset to Admin@storage.

Password rule:

A password must be 8 to 32 characters in length and contains special characters and at least two types of lowercase letters, uppercase letters, and digits. It cannot be the same as the user name or the user name typed backwards.

Changing the Password of DeviceManager and CLI Account admin

The following methods can be used:

  • After logging in to the system, choose Settings > Permission Settings > User Management, select the corresponding user name, and click Properties.
  • CLI command method:
    1. Use SSH to log in remotely to the management storage node (marked with WushanFS management IP address) as user root.
    2. Run /startup_disk/image/ISM/ism_ap/CLI/ismcli/start.sh -u admin -ip 127.0.0.1 -port 8080 to log in to the CLI.
    3. Run change system user password to enter a password as prompted.
NOTE:

If the SystemReporter (dedicated report tool for WushanFS) is used, every time after you change the password, you must log in to SystemReporter to update the registered password of the WushanFS within 24 hours. Otherwise, the latest report data is unavailable.

Password rule:

A password must be 8 to 32 characters in length and contains special characters and at least two types of lowercase letters, uppercase letters, and digits. It cannot be the same as the user name or the user name typed backwards.

Changing the Password of DeviceManager and CLI Account securityAdmin

The following methods can be used:

  • After logging in to the system, choose Settings > Permission Settings > User Management, select the corresponding user name, and click Properties.
  • After logging in to the system, choose Settings > Permission Settings > User Management, select the corresponding user name, and click Modify.
  • CLI command method:
    1. Use SSH to log in remotely to the management storage node (marked with WushanFS management IP address) as user rootomuser.
    2. Run /startup_disk/image/ISM/ism_ap/CLI/ismcli/start.sh -u securityAdmin -ip 127.0.0.1 -port 8080 to log in to the CLI.
    3. Run change system user password to enter a password as prompted.

Password rule:

A password must be 8 to 32 characters in length and contains special characters and at least two types of lowercase letters, uppercase letters, and digits. It cannot be the same as the user name or the user name typed backwards.

Changing the Password of IPMI Account admin

The following methods can be used:

  • Log in to Linux OS of the storage node as user root and enter service ipmi start and ipmitool user set password 1 sequentially, and then enter the new password as prompted.
  • Press F2 to go to the BIOS interface when the system is starting up. On the Advanced screen, choose IPMI BMC Configuration > BMC Configuration > Set BMC password.

Password rule:

A password must be at least 8 characters in length and contains special characters and at least two types of lowercase letters, uppercase letters, and digits. It cannot be the same as the user name or the user name typed backwards.

Changing the Password of SNMP Account Kaimse
  1. Use SSH to log in remotely to the management storage node (marked with WushanFS management IP address) as user root.
  2. Run /startup_disk/image/ISM/ism_ap/CLI/ismcli/start.sh -u admin -ip 127.0.0.1 -port 8080 to log in to the CLI.
  3. Run show snmp usm to check usm_id, authentication protocol, and encryption protocol of user Kaimse.
  4. Run change snmp usm <usm_id> <user_name> <authenticate_protocol> <private_protocol> to enter a password as prompted.

    After you change the password, update the user password to the upper-layer network management system. If the authentication protocol and encryption protocol are also changed, update them to the upper-layer network management system accordingly.

Password rule:

A password must be 8 to 16 characters in length and contains at least two types of special characters, lowercase letters, uppercase letters, and digits. It cannot be the same as the user name or the user name typed backwards.

Changing the Password of SFTP Account omsftp
  1. Use SSH to log in remotely to the management storage node (marked with WushanFS management IP address) as user root.
  2. Run /startup_disk/image/ISM/ism_ap/CLI/ismcli/start.sh -u admin -ip 127.0.0.1 -port 8080 to log in to the CLI.
  3. Run change sftpuser information ro omsftp to enter a password as prompted.

Password rule:

A password must be 8 to 32 characters in length and contains special characters and at least two types of lowercase letters, uppercase letters, and digits. It cannot be the same as the user name or the user name typed backwards.

Changing the Password of Resource User Account default_user

On DeviceManager, choose Settings > Cluster Settings > Authentication Settings > Local Authentication User, select the corresponding user name, and click Properties.

Password rule:

A password must be 8 to 32 characters in length and contains special characters and at least two types of lowercase letters, uppercase letters, and digits. It cannot be the same as the user name or the user name typed backwards.

Changing the Password of NDMP Service
  1. Log in to DeviceManager.
  2. Choose Settings > Storage Settings > File Storage Service > NDMP Settings.
  3. Click Enable.
  4. Click Modify on the right of Password.
  5. Enter a new password, the new password again, and the original password in the New Password, Confirm Password, and Old Password text boxes respectively.

Password rule:

The new password must be 8 to 31 characters in length, contains special characters and two types of lowercase letters, uppercase letters, and digits. It cannot be the same as the user name or user name typed backwards.

Download
Updated: 2018-10-27

Document ID: EDOC1000042184

Views: 7803

Downloads: 177

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next