Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Duminda_SAT
Contributor

Need to Rename or disable GAIA Admin Account

Jump to solution

Hi Please help me to Disable or Rename GAIA Admin account due to compliance requirements.

Thank you,

Duminda Lakmal.

0 Kudos
1 Solution

Accepted Solutions
the_rock
Champion
Champion

You cannot really disable or delete default admin account. As @G_W_Albrecht , you can create new admin account and then edit to give it a different name.

View solution in original post

10 Replies

- Login to GAiA WebGUI

- on the left go to User Management > Users

- define new admin user with admin role

- select and edit the user admin to nologin role

CCSE CCTE CCSM SMB Specialist
the_rock
Champion
Champion

You cannot really disable or delete default admin account. As @G_W_Albrecht , you can create new admin account and then edit to give it a different name.

Note:
If it is an SMS and you also use the "admin" account in the SmartConsole, you must also change the account with "cpconfig".

_Val_
Admin
Admin

I am curious, what exact compliance issues are there with that admin account?

A lot of assessors don't like default usernames (like 'admin' specifically on Check Point boxes), predictable usernames (like 'admin', 'root', 'Administrator', and so on), or accounts with admin privileges whose usernames identify them as admin accounts (like 'BobZAdmin').

I routinely get all three complaints from assessors for every single box I manage.

0 Kudos
the_rock
Champion
Champion

I think you would have to pay someone at CP a LOT of money to change that : - )

0 Kudos

The "BobZAdmin" example is because it's also a compliance issue if administrators don't have separate accounts for administrative actions, but the compliance assessors don't like the privileged accounts to have the substring "admin" in their usernames.

The default username 'admin' hits all three of those compliance complaints.

Setting its password hash to "*" is enough to prevent a user from logging in as 'admin', and doesn't risk breaking other stuff. Specifically, setting the shell to /sbin/nologin causes interactive sessions to fail, so if you log in as an unprivileged user (logging in as UID 0 is yet another compliance issue), you can't elevate to root privileges.

0 Kudos
_Val_
Admin
Admin

Open an RFE 🙂

0 Kudos
masher
Employee
Employee
0 Kudos