Forum Discussion
AltocumulusScrubbing F5 config for username configuration
Dear Community,
I have gotten a few requests recently to investigate the use of usernames "by the F5". One such request was for the repeated failed login attempts "by the F5" using a certain username "SYSTEM". The logs were showing the attempts coming from the F5 Self IP. However, when I scrubbed the F5 config for any configuration that uses the username "SYSTEM", it came up empty.
I had another request for us to investigate the F5's use of a certain service account user, we will call it "svc_storage". They wanted to change the password of this service account and reached out to me because "they saw the F5 was using this account". However, when I scrubbed the entire running config for the use of "svc_storage" again, it turned up nothing.
I have been using the TMSH: "show running-config | grep" command to search for any configuration of these users. Is there a better way to do it?
I am also noticing that this command doesnt seem to return any iApp configurations either. Does this require a separate CLI command?
I hope my questions make sense. Thank you.
1 Reply
PeteWhiteEmployee
Can you provide more information - is this a backend server and a monitor has a username/password, or an authentication server, or what?
Regarding iApps, these are created in a separate folder, so you should use the recursive command eg `tmsh list ltm virtual recursive`. You can see other configuration in the /config/partitions directory and you can check the various /config/bigip* files
