How to enable STIG compliance on Address Manager or DNS/DHCP Server. For more information on STIG compliance, refer to STIG.
Note: The bluecat user account
is for use by STIG customers only. STIG customers
MUST enable the bluecat user account by configuring a
password BEFORE enabling STIG. The bluecat user password
must comply with STIG-compliant password policies. Customers are
also recommended to set STIG compliant passwords for the admin
and root accounts before enabling STIG compliance.
To enable STIG compliance:
-
Log in to the Address Manager Administration Console as the
administrator.
-
From Main Session mode, type configure system and
press ENTER.
-
Type set stig-compliance enable and press
ENTER.
Proteus:configure:system> set stig-compliance enable
-
At the prompt, type
Y/y and press ENTER to confirm
your selection. The Address Manager server reboots to implement the
changes.
Note: With STIG compliance enabled,
direct root access is no longer available through either SSH or an attached
console.
-
Log in again with the bluecat account and the newly
changed password.
-
With STIG compliance enabled, type the following command to become a root
user:
-
Type the root password. You now have root access.
Note:
- As part of the enhanced security policy, Address Manager user
accounts are required to be maintained regularly. The passwords for the
admin account and bluecat account expire every 60 days (the root password
never expires). In order to prevent database replication failure, make sure
to change admin and bluecat passwords every 60 days.