Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1522
Views
10
Helpful
3
Replies

CSPC 2.7.4.1; CLI Account Locked

GREGORY LEGGETT
Level 4
Level 4

‎07-27-2018 07:59 AM

I've been trying to access the CSPC CLI without success, and it appears that our Nessus scanning appliance has locked all CLI accounts.  I can reinstall the appliance, but I would like to know how to transition these accounts so that, 1) the root can only be used locally and not for remote login to prevent it from being locked out, 2) how to create an alternate account that would not be used by Nessus for scanning access, 3) how to prevent a permanent lockout for the admin account (which is what appears to have happened).

 

GUI access is working fine.

 

Trying to work in a world of balancing security awareness and get stuff done.  By that I mean, it's impractical for me to ask the security team to not scan this appliance because it could lock the accounts; these systems need to be monitored.  It also isn't practical for me to redeploy when one of these lockout events occur; major waste of time. [Sorry for the rant!]

1 person had this problem
0 Helpful
3 Replies 3

Jarrett Pomeroy
Cisco Employee
Cisco Employee

‎07-27-2018 12:09 PM

Hello,



The CLI accounts will remain locked for only 30 minutes if too many failed authentication attempts have been made. However direct root access via SSH to the CSPC appliances is disabled by default on the images. To remotely access root, you can use the "collectorlogin" CLI account and change users over to root using "su -". Unfortunately there is no way to add new accounts for CLI or change the security settings at this time.



If scanning from Nessus application can be scheduled, you may be able to have it run during a window where CSPC is not being used for up to 30 minutes in case of CLI account lockout.



Thank you,

Jarrett


GREGORY LEGGETT
Level 4
Level 4
In response to Jarrett Pomeroy

‎07-27-2018 01:49 PM

I have tried logging back into the device, with the last known 'admin' password, but I get another message that the account is locked, "Account locked due to XXX failed logins". The Nessus has not attempted to scan the device in over 24 hours. Will the admin account password revert to another password after too many attempts (seems that I have seen mention of something like this in another discussion)?



Also, thank you for clarification of the root account and remote access.


0 Helpful

Jarrett Pomeroy
Cisco Employee
Cisco Employee
In response to GREGORY LEGGETT

‎07-27-2018 01:53 PM

Hello Gregory,



The password for the 'admin' account will not be changed during lockout. However, if after 30 minutes you are still seeing the lockout message, it may indicate that the password being used is no longer correct.



If you have access to collectorlogin and root, you can try to login and set a new password for admin using "passwd admin" command.



Thank you,

Jarrett


Customers Also Viewed These Support Documents