Category: Security issue
The root account is unlocked. A password has been assigned to it, allowing users to access it using the su command.
Under normal circumstances, the root user account should be locked. It should not have a password assigned to it, and it should never be used directly by users. FMOS provides the necessary tools to deploy, manage, and maintain the Security Intelligence Platform suite, so there is never any reason to use the root account directly.
Once the root account has been unlocked, the security, reliability, and consistency of a machine running FMOS can no longer be guaranteed. Because of this, it is impossible for FireMon to offer support for such systems. FireMon will be unable to reproduce or diagnose issues that arise on systems with an unlocked root account, and as such cannot offer any assistance in resolving them.
Once the root account has been unlocked, FireMon will be unable to support the system. The security of the system is completely compromised, and any data stored on the system is at risk of being lost or stolen.
FMOS does not provide any mechanism to unlock the root account on a system running in a production environment. Unlocking the account, therefore, requires a deliberate attempt to circumvent the security of the system.
If the root account has ever been unlocked, even temporarily, there is no way to guarantee the security and consistency of the system. If a user has ever had the ability to execute arbitrary privileged operations, it is impossible to ensure that the user did not install a "back door" access method, allowing access to the root account even if it is locked again.
A system that has been compromised in this way cannot be recovered. Data must be copied to another system, for example by using a backup, and fully audited to ensure that it was not damaged. Further, because the Security Intelligence Platform, by its nature, handles sensitive credentials for network devices, those devices may also be at risk of compromise. Any credentials accessible to SIP should be invalidated immediately.