Riverbed Optimization System (RiOS) must disable the local Shark and Monitor accounts so they cannot be used as shared accounts by users.

An XCCDF Rule

Description

<VulnDiscussion>The Monitor and Shark accounts which are default group accounts with shared credentials. Monitor and Shark accounts are not enabled by default, but cannot be deleted since these network tools are designed to look for that account. Monitor is a read-only account for auditor's configuration management. Shark is used to access packet captures. If the credentials for these accounts are changed, the function of the system will not be adversely impacted.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-77327r1_rule
Severity: Medium
References: CCI-002142
Updated: about 1 year ago

Configure RiOS to enforce assigned privilege level for each administrator in accordance with site documented requirements.

Navigate to the device Management Console
Navigate to Configure >> Security >> User Permissions

Remove all values of "Roles and Permissions" for the Monitor and Shark accounts
Click "Apply" to save the changes
Navigate to the top of the web page and click "Save" to write changes to memory

Riverbed Optimization System (RiOS) must disable the local Shark and Monitor accounts so they cannot be used as shared accounts by users.

Description

Remediation - Manual Procedure