Re: [OSL | CCIE_Security] OEQ-related question about IPS "Service" account

[Mulholland, Michael]

folks

when you try to add a user account via the gui you get the following choices

[cid:342580616@22022011-203F]


Michael Mulholland CISSP CCSP JNCIA-FWV
Firewall/Network Administrator | ESSC | Ext 73146



________________________________
From: ccie_security-boun...@onlinestudylist.com 
[mailto:ccie_security-boun...@onlinestudylist.com] On Behalf Of Basem Hanna
Sent: 22 February 2011 14:57
To: Tyson Scott; 'Kingsley Charles'
Cc: ccie_security@onlinestudylist.com
Subject: Re: [OSL | CCIE_Security] OEQ-related question about IPS "Service" 
account

Just to prove Tyson's point I tested for everyone:

sensor# sho users all
    CLI ID   User    Privilege
*   443      cisco   administrator

I then added a new service account called "ME"

sensor# sho user all
    CLI ID   User    Privilege
*   465      cisco   administrator
             ME      service

Then I Logged in using the "ME" account

-bash-2.05b$ grep ME /etc/passwd
ME:x:102:50::/home/ME:/bin/bash
-bash-2.05b$ grep service /etc/passwd
-bash-2.05b$ <no output for  username service>

-B

From: ccie_security-boun...@onlinestudylist.com 
[mailto:ccie_security-boun...@onlinestudylist.com] On Behalf Of Tyson Scott
Sent: Tuesday, February 22, 2011 8:15 AM
To: 'Kingsley Charles'; 'Tyson Scott'
Cc: ccie_security@onlinestudylist.com
Subject: Re: [OSL | CCIE_Security] OEQ-related question about IPS "Service" 
account

Copy paste from the documentation.  Again service is a user role.  What I am 
trying to get to is that it isn't a built in user.

Users Pane Field Definitions
The following fields are found in the Users pane:
*Username-The username. The value is a string 1 to 64 characters in length that 
matches the pattern ^[A-Za-z0-9()+:,_/-]+$.
*Role-The user role. The values are Administrator, Operator, Service, and 
Viewer. The default is Viewer.

I know it says service account when talking about the creation of the user but 
why I am trying to differentiate the two is that it is not already created.  
You have to create a user and assign the role of service.  Service is a user 
role.

Regards,

Tyson Scott - CCIE #13513 R&S, Security, and SP
Managing Partner / Sr. Instructor - IPexpert, Inc.
Mailto: tsc...@ipexpert.com<mailto:tsc...@ipexpert.com>
Telephone: +1.810.326.1444, ext. 208
Live Assistance, Please visit: 
www.ipexpert.com/chat<http://www.ipexpert.com/chat>
eFax: +1.810.454.0130

IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio 
Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, 
Voice, Security & Service Provider) certification(s) with training locations 
throughout the United States, Europe, South Asia and Australia. Be sure to 
visit our online communities at 
www.ipexpert.com/communities<http://www.ipexpert.com/communities> and our 
public website at www.ipexpert.com<http://www.ipexpert.com/>

From: Kingsley Charles [mailto:kingsley.char...@gmail.com]
Sent: Monday, February 21, 2011 11:47 PM
To: Tyson Scott
Cc: Mark Senteza; ccie_security@onlinestudylist.com
Subject: Re: [OSL | CCIE_Security] OEQ-related question about IPS "Service" 
account

Hi Tyson

But it is still a built-in account in the sensor.

With regards
Kings
On Tue, Feb 22, 2011 at 8:01 AM, Tyson Scott 
<tsc...@ipexpert.com<mailto:tsc...@ipexpert.com>> wrote:
service isn't an account it is a user role.  So there are 4 user roles.

Regards,

Tyson Scott - CCIE #13513 R&S, Security, and SP
Managing Partner / Sr. Instructor - IPexpert, Inc.
Mailto: tsc...@ipexpert.com<mailto:tsc...@ipexpert.com>
Telephone: +1.810.326.1444, ext. 208
Live Assistance, Please visit: 
www.ipexpert.com/chat<http://www.ipexpert.com/chat>
eFax: +1.810.454.0130

IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio 
Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, 
Voice, Security & Service Provider) certification(s) with training locations 
throughout the United States, Europe, South Asia and Australia. Be sure to 
visit our online communities at 
www.ipexpert.com/communities<http://www.ipexpert.com/communities> and our 
public website at www.ipexpert.com<http://www.ipexpert.com/>

From: 
ccie_security-boun...@onlinestudylist.com<mailto:ccie_security-boun...@onlinestudylist.com>
 
[mailto:ccie_security-boun...@onlinestudylist.com<mailto:ccie_security-boun...@onlinestudylist.com>]
 On Behalf Of Mark Senteza
Sent: Monday, February 21, 2011 8:20 PM
To: ccie_security@onlinestudylist.com<mailto:ccie_security@onlinestudylist.com>
Subject: [OSL | CCIE_Security] OEQ-related question about IPS "Service" account

Hello all,

Is the "service" account considered a "built-in" user role ?

If asked how many built-in user roles does the IPS sensor have and what are 
they, would the "Service" account be amongst them ?

Mark

_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com<http://www.ipexpert.com>

<<inline: Outlook.jpg>>

<<inline: image001.png>>

_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com