Difference between revisions of "creating a new user on secureplatform via CLI"
| Line 21: | Line 21: | ||
3) edit /etc/passwd...set UID and GUID to zero and default shell to /bin/cpshell. Failure to set the shell to cpshell will allow the user account root privileges immediately upon login. This would not be secure. | 3) edit /etc/passwd...set UID and GUID to zero and default shell to /bin/cpshell. Failure to set the shell to cpshell will allow the user account root privileges immediately upon login. This would not be secure. | ||
| − | Example /etc/passwd | + | Example /etc/passwd lines |
before editing | before editing | ||
john:x:1002:1002::/home/admin:/bin/bash | john:x:1002:1002::/home/admin:/bin/bash | ||
| − | + | what is should look like after editing | |
john:x:0:0::/home/admin:/bin/cpshell | john:x:0:0::/home/admin:/bin/cpshell | ||
4) test you login with ssh. after a successful login, execute the "expert" command to gain root. | 4) test you login with ssh. after a successful login, execute the "expert" command to gain root. | ||
[[category:sysadmin]] | [[category:sysadmin]] | ||
Revision as of 21:45, 18 July 2013
The following instructions are performed using the root (Expert) account.
1) create user account with the standard linux useradd command...
[Expert@chkpfw]# useradd -d /home/username username
2) set the user password
[Expert@chkpfw]# /usr/bin/passwd username New UNIX password: Retype new UNIX password: passwd: all authentication tokens updated successfully.
*** note *** the full path is required in the above command because Check Point aliases passwd to...
alias passwd='/bin/expert_passwd'
If you fail to execute the passwd binary by using the full path, you most likely won't be setting the user password, but the expert password... which is actually the password for the root account
Example of the incorrect way to reset a user password from the root (Expert) account:
[Expert@chkpfw]# passwd john Enter new expert password: <<< if you see this prompt you messed up!
3) edit /etc/passwd...set UID and GUID to zero and default shell to /bin/cpshell. Failure to set the shell to cpshell will allow the user account root privileges immediately upon login. This would not be secure.
Example /etc/passwd lines
before editing
john:x:1002:1002::/home/admin:/bin/bash
what is should look like after editing
john:x:0:0::/home/admin:/bin/cpshell
4) test you login with ssh. after a successful login, execute the "expert" command to gain root.
