Manualshelf

API Guide

ManualsBrandsDell ManualsAccess PlatformsEMC Networking MX9116n
12345678910
Rationale: If you do not want your users to access the Linux shell, disable the linuxadmin account.
Configuration:
OS10(config)# system-user linuxadmin disable
OS10(config)# exit
OS10# write memory
Disable access to Linux commands
Rationale: Even if you disable the linuxadmin user, users can access Linux commands using the system command. To
disable access to Linux commands completely, use the system-cli command.
Configuration:
OS10(config)# system-cli disable
OS10(config)# exit
OS10# write memory
Disable unused interfaces
Rationale: To prevent unauthorized users from connecting to your network on front-end interfaces, disable the interfaces that
you are not using.
Configuration:
OS10(config)# interface range ethernet 1/1/10-1/1/32
OS10(conf-range-eth1/1/10-1/1/32)# shutdown
OS10(conf-range-eth1/1/10-1/1/32)# end
OS10# write memory
Enable bootloader protection
Rationale: To prevent unauthorized users with malicious intent from accessing your switch, protect the bootloader using a
GRUB password.
Configuration:
OS10# boot protect enable username username password password
OS10# write memory
Check if bootloader protection is enabled
Use the following command to view the status of bootloader protection on the system:
OS10# show boot protect
Boot protection enabled
Authorized users: root linuxadmin admin
Password rules
Strict password rules ensure better security of the device.
Enable strong passwords
Rationale: Strong passwords make it difficult guess your passwords. By default, strong password check is enabled on the
system which checks if the password contains at least characters with alphanumeric and special characters. If strong password
check is disabled, enable it.
Configuration:
OS10(config)# no service simple-password
OS10(config)# exit
OS10# write memory
OS10 security best practices
5