1. Manuals
  2. Brands
  3. Fidelis Manuals
  4. Network Hardware
  5. Common Criteria
  6. Configuration manual

Appendix B Security Best Practices; User Access; Change The Default Account Passwords; Command Line Session Inactivity Timeout - Fidelis Common Criteria Configuration Manual

Hide thumbs
Table of Contents

Advertisement

'C=' – two letter country specification. See openssl documentation for details.
'ST=' – state.
'L=' – locale / city.
'O=' – organization name.
'OU=' – organizational unit.
'CN=' – common name
All fields in the Distinguished Name (DN) are optional, except for Common Name (CN).
For example,
/FSS/bin/cert_manager --subsystem=internal --action=export-csr --csr-
outfile=/tmp/sensor1_internal.csr --subject-
dn='/O=MyCompanyName/CN=sensor1.mycompany.local'
2.
Send the generated CSR to your desired Certificate Authority (CA) for it to issue a certificate. Each
CA may have different procedures for issuing certificates. Contact your CA for detailed instructions.
Note: for "--subsystem=internal", the certificate, generated from the CSR created on the TOE component
as described above, must be signed by Certification Authority in a way that also adds X509v3 extension
Subject Alternative Name that contains IPv4 and IPv4-mapped IPv6 or IPv6 address of the component to
the certificate. For example, the component with IPv4 address '192.168.1.40', hostname 'sensor1', and
domain 'mycompany.local', should have Subject Alternative Name, as follows:
X509v3 extensions:
X509v3 Subject Alternative Name:
IP Address:191.168.1.40, IP Address: 0:0:0:0:0:FFFF:C0A8:128,
DNS:sensor1, DNS:sensor1.mycompany.local
In Common Criteria-compliant mode of operation, the verifyhost parameter in configuration file
/FSS/etc/ssl.cf must be set to "1".

Appendix B Security Best Practices

User Access

Change the Default Account Passwords

When you receive the Fidelis system, you receive an initial login and password for command line access.
You should change this password. To do this:
1.
Connect to the appliance CLI via console using the fidelis account and default password .
2. Change the password using the command: /usr/bin/passwd
3. Repeat for each sensor and K2.

Command Line Session Inactivity Timeout

To force command line sessions, including local console sessions, to log out after a certain period of
inactivity:
1.
As the root user, create the file: /etc/profile.d/autologout.sh
2.
Set the permissions of /etc/profile.d/autologout.sh by running the following command:
# chmod 0644 /etc/profile.d/autologout.sh
Fidelis Network Common Criteria Configuration Guide Version 9.0.3
4
www.fidelissecurity.com

Advertisement

Table of Contents
loading

Related Manuals for Fidelis Common Criteria

Related Content for Fidelis Common Criteria

Table of Contents