AltostratusHi, we are on ver 11.2 and we have a PCI audit requirement to disable the local admin account on our network devices wherever we can. We only want to use remote LDAP authentication. Is there a way to disable the admin and the root accounts?. I was going through this article - http://support.f5.com/kb/en-us/solutions/public/12000/100/sol12173.html which says you cannot delete them, BUT can they be disabled?
Thnx
Employee
[root@ve11a:Active:Changes Pending] config tmsh list sys db systemauth.disablerootlogin one-line
sys db systemauth.disablerootlogin { value "false" }
10 Settings to Lock Down your BIG-IP by David
https://devcentral.f5.com/blogs/us/10-settings-to-lock-down-your-big-ip
Altostratus
NimbostratusYou can disable the admin user:
1, Log in to the BIG-IP command line as the root user.
2, Disable the administrative user by typing the following command:
userdel admin
3, To verify that the user has been disabled, you can view if the administrative user no longer exists in the /etc/passwd file:
grep ^admin: /etc/passwd
If the administrative user has been disabled, no command output will exist.
http://support.f5.com/kb/en-us/solutions/public/14000/900/sol14943.html