Hello, While evaluating our exadata 1/4 rack I noticed the following issues.
Oracle Exadata leaf switch logins >From Oracle.com "Oracle Exadata is the only database machine that provides >extreme performance for both data warehousing and OLTP applications, making it >the ideal platform for consolidating on private clouds. It is a complete >package of servers, storage, networking, and software that is massively >scalable, secure, and redundant. With Oracle Exadata customers can reduce IT >costs through consolidation, store up to ten times more data, improve >performance of all applications, deliver a faster time-to-market by >eliminating systems integration trial and error, and make better business >decisions in real time." http://www.oracle.com/us/products/database/exadata/overview/index.html The oracle engineered solution contains two leaf switches and in larger installations a spine switch. The installation I worked with didn't have a spine switch, but the two leaf switches were configured with three logins with easily guessable passwords and a shadow file that was world readable. There are three accounts with easily guessable default passwords on the exadata inifiniband switches: ilom-admin,ilom-operator and nm2user. passwords are same as logins rux0r:~ meep0$ ssh [email protected] "cat /conf/shadow" The shadow file is world readable: [root@exad-1swib2 ~]# ls -l /conf/shadow -rw-r--r-- 1 root root 749 Dec 23 2011 /conf/shadow Vendor: notified 3/12/2012 Oracle pointed me at a doc stating you should rotate these passwords after installation (as far as I recall these engineer solutions are configured/installed by them onsite.). They also weren't concerned about the lax permissions of /etc/shadow. Larry W. Cashdollar http://vapid.dhs.org @_larry0
