STIGQter: STIG Summary: HPE 3PAR StoreServ 3.2.x Security Technical Implementation Guide Version: 1 Release: 3 Benchmark Date: 28 Jul 2017:

User credentials which would allow remote access to the system by the Service Processor must be removed from the storage system.

DISA Rule

SV-85127r2_rule

Vulnerability Number

V-70505

Group Title

SRG-OS-000125-GPOS-00065

Rule Version

HP3P-32-001504

Severity

CAT I

CCI(s)

CCI-000877 - The organization employs strong authenticators in the establishment of nonlocal maintenance and diagnostic sessions.

Weight

Fix Recommendation

Remove the Service Processor credentials from the storage system. Enter the following command:

cli% removespcredential

Note: This removes the "3paredit", "3parbrowse", and "3parservice" users, and sets the "3parsvc" password to a new random value.

Check Contents

Verify Service Processor credentials are not present.

cli% showuser

If any of the users, "3parbrowse", "3paredit", or "3parservice" exist, this is a finding

Vulnerability Number

V-70505

Documentable

False

Rule Version

HP3P-32-001504

Severity Override Guidance

Verify Service Processor credentials are not present.

cli% showuser

If any of the users, "3parbrowse", "3paredit", or "3parservice" exist, this is a finding

Check Content Reference

Target Key

3013

User credentials which would allow remote access to the system by the Service Processor must be removed from the storage system.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments