Enabling STIG compliance - BlueCat Integrity - 9.4.0

Address Manager Administration Guide

Locale
English
Product name
BlueCat Integrity
Version
9.4.0

How to enable STIG compliance on Address Manager or DNS/DHCP Server. For more information on STIG compliance, refer to STIG.

Note: The bluecat user account is for use by STIG customers only. STIG customers MUST enable the bluecat user account by configuring a password BEFORE enabling STIG. The bluecat user password must comply with STIG-compliant password policies. Customers are also recommended to set STIG compliant passwords for the admin and root accounts before enabling STIG compliance.

To enable STIG compliance:

  1. Log in to the Address Manager Administration Console as the administrator.
  2. From Main Session mode, type configure system and press ENTER.
  3. Type set stig-compliance enable and press ENTER.
    Proteus:configure:system> set stig-compliance enable
  4. At the prompt, type Y/y and press ENTER to confirm your selection. The Address Manager server reboots to implement the changes.
    Note: With STIG compliance enabled, direct root access is no longer available through either SSH or an attached console.
  5. Log in again with the bluecat account and the newly changed password.
  6. With STIG compliance enabled, type the following command to become a root user:
    su -
  7. Type the root password. You now have root access.
    Note:
    • As part of the enhanced security policy, Address Manager user accounts are required to be maintained regularly. The passwords for the admin account and bluecat account expire every 60 days (the root password never expires). In order to prevent database replication failure, make sure to change admin and bluecat passwords every 60 days.