Forum Discussion
AltostratusHow to find when a user account was created
Good day all,
I am new to F5 so apologies for all the silly questions, I have a question about user accounts. I have 2 Big-IP F5s running in tenant configuration, both running 17.1.2.1. I was looking at the user accounts and I see 2 accounts no one knows about
2kgb8
mgwe0
I was reading in the docs that the default are admin and root, so I am assuming that the above is just a normal user account that I can just delete and it will have no affect on the system. I was trying to look at
/var/log/audit
tmsh list auth user all
audit only goes back a few days and the second command just shows the user config but nothing about when these where created. I also check
/var/log/user.log
but same results. Is there any other place I should be looking? I just wanted to verify that those 2 account are actually nothing and when I delete them it will have no adverse affect other than whoever user account those are will no longer be able to log in anymore.
Thank you in advance!!!
Warren
2 Replies
david598ballNimbostratus
Hello,
To verify unknown user accounts on Big-IP F5 systems, check /var/log/secure for authentication logs and /config/bigip_user.conf for user account details. If these accounts are not tied to system processes or critical configurations, deleting them should only affect their ability to log in. Ensure you have backups and consult your organization's security policy before proceeding.
Best Regards,
David Ball
wgranadaHi David
I checked those and all I see is myself, the /config/bigip_user.conf show those accounts configured but nothing more. These accounts where here prior to me coming on board so just wanted to make sure this was just a regular user account before I delete it. I know the defaults are Root and Adim, I see those there.
Thank you
Warren
