STIGQter: STIG Summary: HPE 3PAR StoreServ 3.2.x Security Technical Implementation Guide Version: 1 Release: 3 Benchmark Date: 28 Jul 2017:

The storage system must be configured to have only 1 emergency account which can be accessed without LDAP, and which has full administrator capabilities.

DISA Rule

SV-85123r2_rule

Vulnerability Number

V-70501

Group Title

SRG-OS-000123-GPOS-00064

Rule Version

HP3P-32-001501

Severity

CAT I

CCI(s)

CCI-001682 - The information system automatically removes or disables emergency accounts after an organization-defined time period for each type of account.

Weight

Fix Recommendation

Display users with the following command:

cli% showuser

If the accounts "3parbrowse", "3paredit", or "3parservice" exist, see HP3P-32-001504 for removal instructions specific to these accounts.

If the account "3parcimuser" exists see HP3P-32-001002 for removal instructions specific to that account.

Otherwise, remove all accounts except "3paradm", "3parsvc", "3parsnmpuser", and "3parcimuser" using the following command:

cli% removeuser <username>

Confirm the operation with "y".

Check Contents

Verify that only essential local accounts are configured. Enter the following command:

cli% showuser

If the output shows users other than the four accounts below, this is a finding:

3paradm
3parsvc
3parsnmpuser
3parcimuser

Vulnerability Number

V-70501

Documentable

False

Rule Version

HP3P-32-001501

Severity Override Guidance

Check Content Reference

Target Key

3013

The storage system must be configured to have only 1 emergency account which can be accessed without LDAP, and which has full administrator capabilities.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments