For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

sandy16's avatar
sandy16
Icon for Altostratus rankAltostratus
Feb 13, 2013

disabling the admin and root accounts.

Hi, we are on ver 11.2 and we have a PCI audit requirement to disable the local admin account on our network devices wherever we can. We only want to use remote LDAP authentication. Is there a way to disable the admin and the root accounts?. I was going through this article - http://support.f5.com/kb/en-us/solutions/public/12000/100/sol12173.html which says you cannot delete them, BUT can they be disabled?

 

 

Thnx

 

management
monitoring

3 Replies

  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Feb 14, 2013
    i do not see a way to disable "admin" account but for "root" account, you can use SystemAuth.DisableRootLogin db key.

     

     

    [root@ve11a:Active:Changes Pending] config tmsh list sys db systemauth.disablerootlogin one-line

     

    sys db systemauth.disablerootlogin { value "false" }

     

     

    10 Settings to Lock Down your BIG-IP by David

     

    https://devcentral.f5.com/blogs/us/10-settings-to-lock-down-your-big-ip
  • matbel_119218's avatar
    matbel_119218
    Icon for Nimbostratus rankNimbostratus
    Jun 04, 2014

    You can disable the admin user:

    1, Log in to the BIG-IP command line as the root user.

    2, Disable the administrative user by typing the following command:

        userdel admin

    3, To verify that the user has been disabled, you can view if the administrative user no longer exists in the /etc/passwd file:

        grep ^admin: /etc/passwd

    If the administrative user has been disabled, no command output will exist.

    http://support.f5.com/kb/en-us/solutions/public/14000/900/sol14943.html