Versions Compared

Old Version 1

changes.mady.by.user Simon May

Saved on

compared with

New Version 2

changes.mady.by.user Simon May

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

This is a checklist of default settings that should be changed to secure your Opmantek Applications.

1. General

1.1 Configuring SSL for web access to GUI

 If you are using the Opmantek VM, refer to this wiki:

https://community.opmantek.com/display/opCommon/Configuring+Virtual+Host+SSL+or+TLS+on+the+Opmantek+Virtual+Machine

 

Some additional information not on the page. Skip steps 1-2 if you don’t want to use a self-signed cert. Just place your trust authority signed certs in the /etc/ssl/certs directory

  •  Run the openssl command from the directory where you want to save the certs. Default is /etc/ssl/certs
  •  openssl command should be updated to include an identifier for the certs
Code Block
openssl req -x509 -newkey rsa:4096 -keyout <identifier>.key.pem -out <identifier>.cert.pem -days 365 -nodes

# for example, if the server is named "batman", run the following

openssl req -x509 -newkey rsa:4096 -keyout batman.key.pem -out batman.cert.pem -days 365 -nodes
  • update ssl.conf to point to the new certs. ssl.conf can be found in these locations by default:

 On debian|ubuntu:

/etc/apache2/conf-available/ssl.conf

 

On centos|redhat:

/etc/httpd/conf/ssl.conf

 

  • Update these settings:



SSLCertificateFile /etc/ssl/certs/batman.cert.pem
SSLCertificateKeyFile /etc/ssl/certs/batman.key.pem


  1. update virtual host configs as per doc
  2. Restart apache

 

systemctl restart apache2

 

or

 

service httpd restart

 

1.2. Change default passwords

For web users, nmis and admin, needs to be done in NMIS and Open-AudIT

 

1.1.1.     NMIS

Details on how to change to NMIS default passwords can be found here:

 

https://community.opmantek.com/display/NMIS/Default+Credentials+%28Passwords%29+for+NMIS8+and+NMIS9+VMs

 

1.1.2.     Open-AudIT

Details on how to change the default Open-AudIT passwords can be found here:

 

https://community.opmantek.com/display/OA/Information+about+default+users+and+passwords

 

 

1.2. Remove unrequired users from system,

e.g. dc_ops, etc.

 

2.   Opmantek VM specific

 

2.1. Change omkadmin Linux user password:

           

If you are root:

passwd omkadmin

If you are logged in as omkadmin:

passwd

 

 

3.   Linux Specific

Some extended things which are more about hardening Linux, we could refer to some existing internet pages.

Decide on only permitting SSH keys (no passwords to the VM).

Password required for SUDO access