The following steps are recommended to secure your on-premise VisibleThread server.
Note: You will need to login to the Linux terminal either remotely (using SSH e.g. Putty) or have direct terminal access to carry out the following steps.
1. Change the sandboxAdmin web application password ()
Note: This only applies to VT Docs v4.4.3 and below. In VT Docs v5+, there is no https://your-visiblethread-server/sandboxAdmin URL and the system is administered by a System Admin user managed by the VT Docs application. There is no longer a default username/password for VT Docs v5+
VisibleThread contains an administration web application to create sandboxes, upload licenses and administer users. This web app is available at (Note: sandboxAdmin is case sensitive in this url !) : https://your-visiblethread-server/sandboxAdmin
Out of the box, the credentials to access the sandboxAdmin are visiblethread/password. To change this credential please see this support article : How-do-I-change-the-default-SandBox-admin-password
2. Install an SSL certificate
The VisibleThread web application is only available over https. Any requests to http will automatically redirect to https. Out of the box, the VisibleThread web application uses a self-signed certificate. It is best practice to install a properly signed SSL certificate. See this support article for details : How-to-install-an-SSL-certificate-on-a-deployed-VisibleThread-Server
3. Change the password for the OS/Linux users (Ubuntu deployments only)
Out of the box, both root and visiblethread users have their password set to "password".
Note: the visiblethread user has sudo (or root) privileges.
To get started, login to the terminal as the visiblethread user. Then you can :
- change the visiblethread user's password : passwd
change the root user's password : sudo passwd root
- or disable root user login : sudo passwd -l root