- Copyright and Trademark Information
- Table of Contents
- List of Figures
- List of Tables
- play_arrow Overview
- play_arrow Installation
- play_arrow Installation Tasks Overview
-
- Installing or Upgrading the CTPView Server OS
- Saving the CTPView Configuration Settings and Data (CTPView Server Menu)
- Creating More Disk Space on the CTPView Server (CTPView)
- Creating More Disk Space on the CTPView Server (CTPView Server Menu)
- Installing the CTPView Server OS (CTPView Server CLI)
- Restoring CTPView Software Configuration Settings and Data (CTPView)
- Restoring CTPView Software Configuration Settings and Data with the Restore Utility (CTPView Server Menu)
- Restoring CTPView Software Data by Manually Synchronizing the CTPView Server (CTPView)
- Reviewing the Installation Log for Errors (CTPView Server CLI)
- Verifying the CTPView Server OS Installation (CTPView)
- Validating the CTPView Server Configuration (CTPView)
- play_arrow Upgrade Tasks for Only the CTPView Software
-
- Configuring the CTPView Administrative Settings
- Preparing a New Server
- Changing the BIOS Menu Password (CTPView Server CLI)
- Changing the Server's Default User Account Password (CTPView Server CLI)
- Changing the Server's Root Account Password (CTPView Server CLI)
- Changing the GRUB Boot Loader Password (CTPView Server Menu)
- Changing the PostgreSQL Apache Account Password (CTPView Server Menu)
- Changing the PostgreSQL Administrator Account Password (CTPView Server Menu)
- Configuring IP ACLs for Restricting Access to Resources (CTPView Server Menu)
- Configuring the Network Access (CTPView Server Menu)
- Creating a Self-Signed Web Certificate (CTPView Server Menu)
- Enabling OpenSSL Authentication of Users by Creating a Self-Signed Web Certificate (CTPView Server Menu)
- Importing Certificates Issued by a Third-Party CA (CTPView Server Menu)
- Updating the CTPView Software
- Logging In with a Browser (CTPView)
- Changing the CTPView GUI Default User Account Password (CTPView)
- Creating a New Global_Admin Account (CTPView)
- Configuring Subdomains in Hostnames (CTPView Server Menu)
- play_arrow Upgrade Tasks for CTPOS
- play_arrow Default Accounts and Passwords
- play_arrow Understanding CTPView Upgrade Files
- play_arrow Administration
- play_arrow Managing and Displaying Users (CTPView)
- Managing CTPView Users with the CTPView Admin Center
- Accessing the CTPView Admin Center (CTPView)
- Monitoring CTPView Users (CTPView)
- Adding New CTPView Users (CTPView)
- Modifying CTPView User Properties (CTPView)
- Monitoring CTPView Groups (CTPView)
- Modifying CTPView User Group Affiliation (CTPView)
- Adding a New CTPView User Group (CTPView)
- Modifying CTPView User Group Default Properties (CTPView)
- play_arrow Deleting Users and Groups (CTPView)
- play_arrow Managing User Passwords (CTPView)
- play_arrow Configuring User Login Properties (CTPView)
- Logging Out a CTPView User (CTPView)
- Configuring Automatic Logout for a CTPView User (CTPView)
- Configuring the Number of Login Attempts Allowed Before Lockout (CTPView)
- Configuring a Lockout Period for CTPView Users (CTPView)
- Clearing CTPView User Counters (CTPView)
- Reinstating Locked-Out IP Addresses (CTPView)
- Creating an Access Filter to Allow or Deny IP Addresses (CTPView)
- Removing an IP Access Filter (CTPView)
- Understanding CTPView GUI User Levels
- CTPOS and CTPView Software Password Requirements
- play_arrow Managing the CTPView Server (CTPView)
- Adding and Removing CTP Platforms Managed by CTPView Software (CTPView)
- Adding and Removing Host Groups (CTPView)
- Adding and Removing SNMP Communities (CTPView)
- Managing CTP Platforms in the Network (CTPView)
- Configuring Email Notifications (CTPView)
- Setting the CTPView Server Start-Up Banner (CTPView)
- Setting the CTP Platforms Login Banner (CTPView)
- Configuring an SSH Connection to a CTP Platform that Persists Through the Session (CTPView)
- Setting the CTPView Server Clock (CTPView)
- Setting the CTPOS Clock (CTP Menu)
-
- Accessing the NTP Server Settings Window (CTPView)
- Stopping the NTP Daemon (CTPView)
- Adding an NTP Peer (CTPView)
- Removing an NTP Peer (CTPView)
- Synchronizing the CTPView Server to an NTP Peer (CTPView)
- Adding NTP Network Clients (CTPView)
- Removing an NTP Network Client (CTPView)
- Modifying the Netmask of an NTP Network Client (CTPView)
- play_arrow NTP Authentication Overview on CTP Devices
- Configuring NTP Authentication Using the System Query Page (CTPView)
- Configuring NTP Authentication Using the System Configuration Page (CTPView)
- Configuring NetRef Settings (CTPView)
- Setting a Limit on File Transfer Bandwidth Between the CTPView Server and CTP Platforms (CTPView)
- Restoring CTPView Software Configuration Settings and Data (CTPView)
- Restoring CTPView Software Data by Manually Synchronizing the CTPView Server (CTPView)
- play_arrow Monitoring CTP Platforms (CTPView)
- Monitoring the Network with the CTPView Software (CTPView)
- Changing the Display Settings for CTPView Network Monitoring (CTPView)
- Displaying Runtime Query Results for a CTP Platform (CTPView)
- Overriding CTP Platform Network Status and Adding Comments (CTPView)
- Saving CTP Platform Configurations (CTPView)
- Setting an Audible Alert for CTP Platform Status (CTPView)
- Displaying CTPView Network Reports (CTPView)
- Field Descriptions in CTPView Network Reports (CTPView)
- Displaying Network Statistics (CTPView)
- Displaying the Management and Circuit Interface Settings (CTP Menu)
- play_arrow Changing CTPView GUI Settings
-
- Accessing the CTPView Server Configuration Menu (CTPView Server Menu)
- play_arrow Managing CTPView Users (CTPView Server Menu)
- Unlocking a User Account (CTP Menu)
- play_arrow Adding a VLAN Interface to a Node (CTP Menu)
- Configuring Separate Interfaces for Management and Circuit Traffic (CTP Menu)
- Accessing the Security Profile Configuration Menu (CTP Menu)
- Classification of CTPView Shell Account Users
-
- Setting the CTPView Server Start-Up Banner (CTPView Server Menu)
- Establishing an SSH Connection (CTP Menu)
- Saving the CTPView Configuration Settings and Data (CTPView Server Menu)
- Creating More Disk Space on the CTPView Server (CTPView Server Menu)
- Restoring CTPView Software Configuration Settings and Data with the Restore Utility (CTPView Server Menu)
- Restarting the PostgreSQL Server (CTPView Server Menu)
- Setting the Logging Level (CTPView Server Menu)
-
- Resetting the Default System Administrator Account (CTPView Server Menu)
- Resetting the Data File Permissions (CTPView Server Menu)
- Resetting the CTPView System Files to the Default Values (CTPView Server Menu)
- Burning an Image of CTPOS to a CompactFlash Card (CTPView Server Menu)
- Resetting the Default Firewall Settings (CTPView Server Menu)
-
- Changing Passwords to Improve Access Security
- Changing the BIOS Menu Password (CTPView Server CLI)
- Changing the Server's Root Account Password (CTPView Server CLI)
- Changing the GRUB Boot Loader Password (CTPView Server Menu)
- Changing the PostgreSQL Apache Account Password (CTPView Server Menu)
- Changing the PostgreSQL Administrator Account Password (CTPView Server Menu)
- play_arrow Troubleshooting
- play_arrow Restoring CLI Access to the CTPView Server
- Restoring Access to a CTPView Server
- Accessing a Shell on the CTPView Server (CTPView Server CLI)
- Setting a New Password for a Nonroot User Account (CTPView Server CLI)
- Setting a New Password for a Root User Account (CTPView Server CLI)
- Creating a Nonroot User Account and Password (CTPView Server CLI)
- play_arrow Restoring Browser Access to a CTPView Server
- play_arrow Changing a CTPOS User Password
Unlocking User Accounts for Which Password Has Expired
To support the U.S. Department of Defense Joint Interoperability Test Command (JITC) requirements, when the security level of the CTP Series platforms is set as high, the JITC high security mode requires that the CTP device must automatically disable accounts after a 35-day period of account inactivity. This requirement- standard denotes that the passwords of all those user accounts that do not login to the CTP device or CTPView server for the past 35 days are locked. You can unlock those user accounts in compliance with the JITC specification.
A lockout warning message is displayed only for System Administrator and CTP Administrator accounts and not for other user accounts. The lockout warning messages are recorded in the network syslog file to inform the list of those system administrator accounts, which are due to be locked in next 10 days.
All the users authorized to access the syslog file can view the lockout warning messages. The lockout warning messages are started to be sent from 10 days before the date on which the account is bound to be locked. For example, when an account is due to be locked because of not having been accessed for the last 25 days, the first warning message is sent on 25th day, the second warning message is sent on the 26th day, and so on, until the 35th day is reached and the account is locked. All the users whose accounts are locked can request the system administrators or root access-privileged users to unlock the accounts for them.
A script “reset_pw_lock <user>” is added on the CTP device and the CTPView server. You can run the “reset_pw_lock <user>” script to unlock the user accounts.
Script to Monitor the Duration of Inactivity of User Accounts
The “activity_check” script file that is already available on the CTP Series platforms and CTPView server at the /etc/cron.daily/activity_check path is enhanced to send the lockout warning messages to the network syslog. Currently, this file is used to lock the user accounts after a 35-day period of account inactivity.
The following sequence of events occur with the “activity_check” script that is used for sending the lockout warning messages.
If the user account is not already locked, then the script identifies the date on which the user was logged in. If the user has not logged in for the last 25 days, and if the user is a system administrator, then a warning message is generated and transmitted to the syslog with the severity level of the log greater than 8.
If the user account is not already locked, then the script determines the date on which the user account was created. If the user has not logged in for the last 25 days, and if the user is a system administrator, then a warning message is generated and transmitted to the syslog with the severity level of the log greater than 8.
Script to Reset the Expired User Accounts
The reset_pw_lock script is added to the CTP device CTP Box and CTPView server in the /bin folder. This script can also be run in shell or CLI mode. With locked user accounts (in which the user cannot log in to shell), the user needs to manually change to single-user mode to run this script. The script can be run by entering the reset_pw_lock <user> command. The script unlocks the password of only the user specified in the command. With multiple users, you can enter the command as reset_pw_lock <user1> <user2> .... When you run this script, it unlocks the password of the specified user account, performs the mounting operations, and reboots the system. The activity_check script file is modified to send the lockout warning message to the network syslog. The reset_pw_lock script is added to unlock the password of disabled user accounts.
