Enabling STIG compliance - BlueCat Address Manager - 9.4.0

Address Manager Administration Guide

Product name
BlueCat Address Manager

How to enable STIG compliance on Address Manager or DNS/DHCP Server.

Note: The bluecat user account is for use by STIG customers only. STIG customers MUST change the default bluecat user password BEFORE enabling STIG. The bluecat user password must comply with STIG-compliant password policies.

To enable STIG compliance:

  1. From Main Session mode, type configure system and press ENTER.
  2. Type set stig-compliance enable and press ENTER.
    Proteus:configure:system> set stig-compliance enable
  3. At the prompt, type Y/y and press ENTER to confirm your selection. The Address Manager server restarts to implement the changes.
    Note: With STIG compliance enabled, direct root access is no longer available through either SSH or an attached console.
  4. Log in again with username bluecat and the newly changed password.
  5. With STIG compliance enabled, type the following command to become a root user:
    su -
  6. Type the root password. You now have root access.
    • As a best practice, BlueCat recommends that you also change the default admin and root login account password at this time.
    • As part of the enhanced security policy, Address Manager user accounts are required to be maintained regularly. The passwords for the admin account and bluecat account expire every 60 days (the root password never expires). In order to prevent database replication failure, make sure to change admin and bluecat passwords every 60 days.