When your Exadata is deployed it is by default equipped with a number of standard usernames and passwords. By default all root SSH keys and user accounts will be disabled, however, a number of accounts will be open and will have the standard passwords. Good practice dictates that all standard passwords should be changed directly to ensure that nobody can misuse this and make use of the default passwords. As a quick checklist you can find the default accounts and passwords that will be enabled below and you should ensure they are closed.
Database Server:
- root/welcome1
- oracle/welcome1
- grid/welcome1
- grub/sos1Exadata
Exadata Storage Servers:
- root/welcome1
- celladmin/welcome1
- cellmonitor/welcome1
InfiniBand switches:
- root/welcome1
- nm2user/changeme
Ethernet switches:
Power distribution units (PDUs):
- admin/welcome1
- root/welcome1
Database server ILOMs:
Exadata Storage Server ILOMs:
InfiniBand ILOMs:
- ilom-admin/ilom-admin
- ilom-operator/ilom-operator
Keyboard, video, mouse (KVM):
Keeping the default passwords in use is, from a security point of view, very unwise decission and this should be changed as soon as possible. When not done the changes an attacker can gain access to your Exadata machine is increasing enormously. In many companies a default process for resetting passwords is in place for more common servers, however, Exadata servers are not implemented by the hunderds a year in a single company so processes might not always include them. Due to this it is an extra point of attention for administrators and security officers.
No comments:
Post a Comment