<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
"password on file" is another interesting perception. even with the
remote accounts that TAC uses the account expires after max of 30
days. root is not always active to have a password to store in a file.<br>
<br>
i know enterprising linux enthusiasts can hack in by other means, but
most of those require physical access to the server.<br>
<br>
On Wednesday, March 25, 2009 9:55:00 AM, Tim Reimers
<a class="moz-txt-link-rfc2396E" href="mailto:treimers@ashevillenc.gov"><treimers@ashevillenc.gov></a> wrote:<br>
<blockquote
cite="mid:F3B7C0E8920C414E943AFBF3577D95D90CB1C793@coa-exchange2k3.asheville.local"
type="cite">
<pre wrap="">But Paul's question is about the DoD policy requiring that they have the
root password on file, isn't it?
Hopefully he can correct their perception that this is a vanilla Linux
server that they have to patch and maintain just as any other Linux
server.
I'd think that Cisco's statements indicating that they require Cisco
approve and provide all patches,
instead doing what many people do - watching security lists or
kernel-dev or some such, and patching according to what info they see
there.
I've had similar problems with customer perceptions and Linux in the
past-
though those customers were upset that Symantec never listed Linux as
vulnerable to the VOD (virus of the day)
they thought Symantec wasn't doing a good job, and maybe a better
company would properly show that Linux was vulnerable to
things that Windows was.
Tim Reimers
Systems Analyst II
Information Technology Services
City of Asheville
70 Court Plaza
Asheville, NC 28801
phone - 828-259-5512
<a class="moz-txt-link-abbreviated" href="mailto:treimers@ashevillenc.gov">treimers@ashevillenc.gov</a>
-----Original Message-----
From: <a class="moz-txt-link-abbreviated" href="mailto:cisco-voip-bounces@puck.nether.net">cisco-voip-bounces@puck.nether.net</a>
[<a class="moz-txt-link-freetext" href="mailto:cisco-voip-bounces@puck.nether.net">mailto:cisco-voip-bounces@puck.nether.net</a>] On Behalf Of Matthew Saskin
Sent: Tuesday, March 24, 2009 10:53 PM
To: Paul; <a class="moz-txt-link-abbreviated" href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</a>
Subject: Re: [cisco-voip] Usage of superuser account on Linux-based CUCM
Have had to do it with TAC supervision to fix multiple defects,
including 6.0.1 CDR issues, 4x to 6x upgrade issues, etc
Don't need it for any day-to-day activities, and access via TAC is
typically a very quick process when required,
-matt
On 3/24/09, Paul <a class="moz-txt-link-rfc2396E" href="mailto:asobihoudai@yahoo.com"><asobihoudai@yahoo.com></a> wrote:
</pre>
<blockquote type="cite">
<pre wrap="">I'm wondering how many of you out there have felt the need to access
the superuser account under CUCM? My understanding is that only TAC
has access to root# and only uses it in the rare case that they need
to peek into the internals of the appliance.
I'm asking this because the US Department of Defense apparently thinks
</pre>
</blockquote>
<pre wrap=""><!---->
</pre>
<blockquote type="cite">
<pre wrap="">they're required to have root# to all of their boxes, appliance or
not. I think this is a problem of their perception that Linux-based
CUCM is a vanilla-application running on top of Linux.
_______________________________________________
cisco-voip mailing list
<a class="moz-txt-link-abbreviated" href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</a>
<a class="moz-txt-link-freetext" href="https://puck.nether.net/mailman/listinfo/cisco-voip">https://puck.nether.net/mailman/listinfo/cisco-voip</a>
</pre>
</blockquote>
<pre wrap=""><!---->_______________________________________________
cisco-voip mailing list
<a class="moz-txt-link-abbreviated" href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</a>
<a class="moz-txt-link-freetext" href="https://puck.nether.net/mailman/listinfo/cisco-voip">https://puck.nether.net/mailman/listinfo/cisco-voip</a>
_______________________________________________
cisco-voip mailing list
<a class="moz-txt-link-abbreviated" href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</a>
<a class="moz-txt-link-freetext" href="https://puck.nether.net/mailman/listinfo/cisco-voip">https://puck.nether.net/mailman/listinfo/cisco-voip</a>
</pre>
</blockquote>
<br>
</body>
</html>