4.1. Log in as admin

Once turned on the appliance will boot up. The boot process can be monitored via serial console. The boot process of the virtual appliance can be monitored in the hypervisor (VirtualBox or VMWare).

../_images/boot-vbox.png

Boot screen of the appliance

After the boot process is completed you can log into the system locally. The default login is user: admin with password: admin. At the login prompt (if not already configured) the GSM reminds you that no web user has been configured (see section Web admin user).

4.1.1. Authorization Concept

The GSM offers two different levels of access. There is a user level and a system level. The user level access is available via the graphical web interface or the OpenVAS management protocol (OMP). The system level is only available via console or secure shell protocol (SSH).

4.1.1.1. User Level Access

The user level access does support the management of users, groups and fine-grained permissions via either the web interface or OMP. Further details may be found in section User management and section User Management. While the user level may be access either via the web interface or the OpenVAS management protocol (OMP) the OMP access is turned of by default on all devices but sensors. Furthermore in its delivery state no account has been defined on all GSM devices for accessing the user level. Thus no unauthorized access is possible between the commissioning and the configuration of the device.

4.1.1.2. System Level Access

The system level is only available via the console or SSH. Only one account is supported: admin. This account is to be used for all system administration of the GSM. This unprivileged user may not directly modify any system files but can only instruct the system to modify some configurations.

The privileged account root should only be used in emergencies in consultation with the Greenbone support team. If any modifications are done without consultation you are not entitled to receive assistance by the Greenbone support team anymore.

When delivered by Greenbone the user admin is assigned the password admin. During the first setup this password should be changed. Trivial passwords are declined. This includes the password admin as well. Because the GSM ONE is configured to use DHCP the SSH service is disabled on the GSM ONE by default. All other models disable DHCP and use the IP address 192.168.0.1/24. They also enable the SSH service. On these systems the usage of strong passwords or the disabling of the SSH service is recommended.

If the SSH service is enabled only admin may login remotely. The root login is disabled via SSH. The privileged user root may only login via Console. In delivery state the user root does not have any password and is directly able to login. Using su to switch from the admin user to the root user is disabled by default. It may be enabled using superuser and superuserpassword (see section Superuser).

Enabling the password for root should only be done briefly in emergencies. To remind the admin user of this setting it is displayed during the login process including the root-password in clear text.