1.7 Linux Access Gateway

You need to develop a security policy for the following:

1.7.1 Default User Accounts

The Linux Access Gateway is installed with two user accounts: config and root with the password as novell. The Novell Access Manager 3.0 SP4 Installation Guide provides the following instructions for changes the passwords. Before your Access Gateway is placed in a production environment, make sure you have complete them.

  1. Log in as root and change the password.

    1. At the login prompt, enter root.

    2. At the password prompt, enter novell.

    3. To change the password, enter passwd.

    4. Enter a password.

    5. Confirm the password by entering it again.

  2. To change the password for the config user, enter the following commands:

    1. Enter passwd config.

    2. Enter a new password.

    3. Confirm the password by entering it again.

1.7.2 The SSH Protocol

Before you enable the SSH protocol, it requires an LDAPS listener on port 636, on all IP addresses configured for the Linux Access Gateway. It cannot be restricted to a single IP address:

If SSH is enabled, the Linux Access Gateway needs to be installed behind a firewall appliance, and the firewall needs to block port 636 for SSH.

For more information about installing the Access Gateway behind a firewall, see Setting Up Firewalls in the Novell Access Manager 3.0 SP4 Setup Guide.

1.7.3 The Via Header

By default, the Via header is enabled and sent with requests. The Via header contains the version and build number of the Linux Access Gateway. If you have enabled telnet, this version information is available from a telnet command. If your security policy considers this a security risk, you need to disable the Via header.

  1. In the Administration Console, click Access Manager > Access Gateways > Edit > Reverse Proxies/Authentication.

  2. In the Embedded Service Provider section, make sure that the Enable Via Header option is not selected.

    This is a global option that affects all defined reverse proxies and proxy services.

  3. Click OK twice, then update the Access Gateway.