Manualshelf

API Guide

ManualsBrandsDell ManualsAccess PlatformsEMC Networking MX9116n
12345678910
OS10 security best practices
This document provides a set of recommendations for securing switches that run Dell EMC SmartFabric OS10. For detailed
configuration, see the Dell EMC SmartFabric OS10 User Guide.
You can find Dell EMC documentation at https://www.dell.com/support/.
Applicability
The recommendations that are provided in this document apply up to Dell EMC SmartFabric OS10.5.1.x.
On first boot
When you boot the switch for the first time, the system performs Zero-touch deployment (ZTD). ZTD automates OS10 image
upgrade, runs a CLI batch file to configure the switch, and runs post-ZTD scripts to perform additional functions. ZTD is enabled
by default on the system. If you do not use ZTD, you may disable ZTD using the ztd cancel command. After first login to
OS10, change the default password and upgrade O10 to the latest version which may contain new features and security fixes.
Change the default CLI password
Rationale: When you log in to the switch for the first time, the system prompts you to enter a username to enter the
command-line interface. To log in to OS10 for the first time, enter admin as the username and the password. Change the
default admin password after your first login to something secure or create at least one OS10 user with the sysadmin role
and delete the default admin username. The system saves the new password for future logins. After you change the password
using the CLI, use the write memory command to save the configuration.
Configuration:
OS10# configure terminal
% Error: ZTD is in progress(configuration is locked).
OS10# ztd cancel
OS10# configure terminal
OS10(config)# username admin password new-password role sysadmin
OS10(config)# exit
OS10# write memory
To delete the default admin user name, log in to a different account with the sysadmin role, and do the following:
OS10(config)# no username admin
Use the following command to view the details of all users configured on the system:
OS10# show running-configuration users
Change the default linuxadmin password
Rationale: You use the Linux shell for troubleshooting and diagnostic purposes. After the first OS10 login, enter linuxadmin
for both the default Linux shell username and password and change the default linuxadmin password. The system saves the
new password for future logins. After you change the password using the CLI, use the write memory command to save the
configuration.
Configuration:
OS10# configure terminal
OS10(config)# system-user linuxadmin password {clear-text-password | hashed-password}
OS10(config)# exit
OS10# write memory
Disable the linuxadmin account
1
4 OS10 security best practices