Just thinking out loud here, but what are they going to do with root? Cisco will probably drill into their heads the consequences of playing around. They'll log in a couple of times then get bored because they can't do anything.<br>
<br>This is just another example of a corporate policy that doesn't really solve a problem, or wasn't well thought out and affects more things than was attended.<br><br>Sean<br><br><div class="gmail_quote">On Wed, Mar 25, 2009 at 8:55 AM, Tim Reimers <span dir="ltr"><<a href="mailto:treimers@ashevillenc.gov">treimers@ashevillenc.gov</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">But Paul's question is about the DoD policy requiring that they have the<br>
root password on file, isn't it?<br>
<br>
Hopefully he can correct their perception that this is a vanilla Linux<br>
server that they have to patch and maintain just as any other Linux<br>
server.<br>
<br>
I'd think that Cisco's statements indicating that they require Cisco<br>
approve and provide all patches,<br>
instead doing what many people do - watching security lists or<br>
kernel-dev or some such, and patching according to what info they see<br>
there.<br>
<br>
I've had similar problems with customer perceptions and Linux in the<br>
past-<br>
though those customers were upset that Symantec never listed Linux as<br>
vulnerable to the VOD (virus of the day)<br>
they thought Symantec wasn't doing a good job, and maybe a better<br>
company would properly show that Linux was vulnerable to<br>
things that Windows was.<br>
<br>
<br>
Tim Reimers<br>
Systems Analyst II<br>
Information Technology Services<br>
City of Asheville<br>
70 Court Plaza<br>
Asheville, NC 28801<br>
phone - 828-259-5512<br>
<a href="mailto:treimers@ashevillenc.gov">treimers@ashevillenc.gov</a><br>
<br>
-----Original Message-----<br>
From: <a href="mailto:cisco-voip-bounces@puck.nether.net">cisco-voip-bounces@puck.nether.net</a><br>
[mailto:<a href="mailto:cisco-voip-bounces@puck.nether.net">cisco-voip-bounces@puck.nether.net</a>] On Behalf Of Matthew Saskin<br>
Sent: Tuesday, March 24, 2009 10:53 PM<br>
To: Paul; <a href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</a><br>
Subject: Re: [cisco-voip] Usage of superuser account on Linux-based CUCM<br>
<br>
Have had to do it with TAC supervision to fix multiple defects,<br>
including 6.0.1 CDR issues, 4x to 6x upgrade issues, etc<br>
<br>
Don't need it for any day-to-day activities, and access via TAC is<br>
typically a very quick process when required,<br>
<br>
-matt<br>
<br>
<br>
On 3/24/09, Paul <<a href="mailto:asobihoudai@yahoo.com">asobihoudai@yahoo.com</a>> wrote:<br>
><br>
> I'm wondering how many of you out there have felt the need to access<br>
> the superuser account under CUCM? My understanding is that only TAC<br>
> has access to root# and only uses it in the rare case that they need<br>
> to peek into the internals of the appliance.<br>
><br>
> I'm asking this because the US Department of Defense apparently thinks<br>
<br>
> they're required to have root# to all of their boxes, appliance or<br>
> not. I think this is a problem of their perception that Linux-based<br>
> CUCM is a vanilla-application running on top of Linux.<br>
><br>
><br>
><br>
><br>
><br>
> _______________________________________________<br>
> cisco-voip mailing list<br>
> <a href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</a><br>
> <a href="https://puck.nether.net/mailman/listinfo/cisco-voip" target="_blank">https://puck.nether.net/mailman/listinfo/cisco-voip</a><br>
><br>
_______________________________________________<br>
cisco-voip mailing list<br>
<a href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</a><br>
<a href="https://puck.nether.net/mailman/listinfo/cisco-voip" target="_blank">https://puck.nether.net/mailman/listinfo/cisco-voip</a><br>
_______________________________________________<br>
cisco-voip mailing list<br>
<a href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</a><br>
<a href="https://puck.nether.net/mailman/listinfo/cisco-voip" target="_blank">https://puck.nether.net/mailman/listinfo/cisco-voip</a><br>
</blockquote></div><br><br clear="all"><br>-- <br>Sean Walberg <<a href="mailto:sean@ertw.com">sean@ertw.com</a>> <a href="http://ertw.com/">http://ertw.com/</a><br>