6.5

Table Of Contents
Secure the vRealize Operations Manager Console
After you install vRealize Operations Manager, you must log in for the rst time and secure the console of
each node in the cluster.
Prerequisites
Install vRealize Operations Manager.
Procedure
1 Locate the node console in vCenter or by direct access.
In vCenter, press Alt+F1 to access the login prompt. For security reasons, vRealize Operations Manager
remote terminal sessions are disabled by default.
2 Log in as root.
vRealize Operations Manager does not allow you to access the command prompt until you create a root
password.
3 At the password prompt, press Enter.
4 At the old password prompt, press Enter.
5 At the prompt for a new password, enter the root password that you want and note it for future
reference.
6 Reenter the root password.
7 Log out of the console.
Change the Root Password
You can change the root password for any vRealize Operations Manager master or data node at any time by
using the console.
The root user bypasses the pam_cracklib module password complexity check, which is found in
etc/pam.d/common-password. All hardened appliances enable enforce_for_root for the pw_history module,
found in the etc/pam.d/common-password le. The system remembers the last ve passwords by default. Old
passwords are stored for each user in the /etc/security/opasswd le.
Prerequisites
Verify that the root password for the appliance meets your organization’s corporate password complexity
requirements. If the account password starts with $6$, it uses a sha512 hash. This is the standard hash for all
hardened appliances.
Procedure
1 Run the # passwd command at the root shell of the appliance.
2 To verify the hash of the root password, log in as root and run the # more /etc/shadow command.
The hash information appears.
3 If the root password does not contain a sha512 hash, run the passwd command to change it.
Secure Configuration
14 VMware, Inc.