The storage system must be configured to have only 1 emergency account which can be accessed without LDAP, and which has full administrator capabilities.

An XCCDF Rule

Description

While LDAP allows the storage system to support stronger authentication and provides additional auditing, it also places a dependency on an external entity in the operational environment. The existence of a single local account with a strong password means that administrators can continue to access the storage system in the event the LDAP system is temporarily unavailable.

ID: SV-237824r647881_rule
Version: HP3P-32-001501
Severity: High
References: CCI-001682
Updated: 23 days ago

Remediation Templates

Display users with the following command:

cli% showuser

If the accounts "3parbrowse", "3paredit", or "3parservice" exist, see HP3P-32-001504 for removal instructions specific to these accounts.
If the account "3parcimuser" exists see HP3P-32-001002 for removal instructions specific to that account.

Otherwise, remove all accounts except "3paradm", "3parsvc", "3parsnmpuser", and "3parcimuser" using the following command:

cli% removeuser <username>

Confirm the operation with "y".

The storage system must be configured to have only 1 emergency account which can be accessed without LDAP, and which has full administrator capabilities.

Description

Remediation Templates

A Manual Procedure