[tac_plus] TAC+ and Solarwinds Orion NCM don't play well together

Matt Almgren matta at surveymonkey.com
Fri Oct 23 07:46:53 UTC 2015


 "make sure .cloginrc has proper/strict permissions"

This is the one that our auditor says goes against PCI rules.  The file itself has passwords in clear text. If an attacker gets root on that box, your network devices can be compromised. I don't want to argue the risks involved here, as they are high, but very low probability. The idea is to limit the attackers ability to compromise more than just one system. But still passwords in the clear is failing PCI requirements. 

-- iMatt

> On Oct 21, 2015, at 3:08 PM, Aaron Wasserott <aaron.wasserott at viawest.com> wrote:
> 
> make sure .cloginrc has proper/strict permissions


More information about the tac_plus mailing list