API Guide
Table Of Contents
- Dell EMC SmartFabric OS10 Security Best Practices Guide May 2021
- Contents
- OS10 security best practices
Configuration:
OS10(config)# aaa authentication login {console | default} local
OS10(config)# exit
OS10# write memory
● console—Configure authentication methods for console logins.
● default—Configure authentication methods for SSH and Telnet logins.
● local—Use the local username, password, and role entries configured with the username password role command.
Enable AAA login authentication with a fallback option
Rationale: Configuring AAA authentication with a fallback option provides resiliency while authentication. If one method fails,
the system uses the other method of authentication.
Configuration:
OS10(config)# aaa authentication login {console | default} {local | group radius | group
tacacs+}
OS10(config)# exit
OS10# write memory
● console—Configure authentication methods for console logins.
● default—Configure authentication methods for SSH and Telnet logins.
● local—Use the local username, password, and role entries configured with the username password role command.
● group radius—Use the RADIUS servers configured with the radius-server host command.
● group tacacs+—Use the TACACS+ servers configured with the tacacs-server host command.
The authentication methods in the method list work in the order they are configured.
Enable AAA accounting for commands
Rationale: AAA accounting for commands records login and command information about console connections and remote
connections, such as Telnet and SSH.
Configuration:
OS10(config)# aaa accounting commands all {console | default} {start-stop | stop-only |
none} [logging] [group tacacs+]
OS10(config)# exit
OS10# write memory
● commands all—Record all user-entered commands. RADIUS accounting does not support this option.
● console—Record all user authentication and logins or all user-entered commands in OS10 sessions on console connections.
● default—Record all user authentication and logins or all user-entered commands in OS10 sessions on remote connections;
for example, Telnet and SSH.
● start-stop—Send a start notice when a process begins, and a stop notice when the process ends.
● stop-only—Send only a stop notice when a process ends.
● none—No accounting notices are sent.
● logging—Logs all accounting notices in syslog.
● group tacacs+—Logs all accounting notices on the first reachable TACACS+ server.
Enable AAA accounting for authentication events
Rationale: AAA accounting for authentication events records login and command information about console connections and
remote connections, such as Telnet and SSH.
Configuration:
OS10(config)# aaa accounting exec {console | default} {start-stop | stop-only | none}
[logging] [group tacacs+]
OS10(config)# exit
OS10# write memory
● console—Record all user authentication and logins or all user-entered commands in OS10 sessions on console connections.
● default—Record all user authentication and logins or all user-entered commands in OS10 sessions on remote connections;
for example, Telnet and SSH.
● start-stop—Send a start notice when a process begins, and a stop notice when the process ends.
OS10 security best practices
13