The following steps are recommended to secure your on-premise VisibleThread server.
Note: You will need to login to the Linux terminal either remotely (using SSH e.g. Putty) or have direct terminal access to carry out the following steps.
1. Change the password for the OS/Linux users
Out of the box, both root and visiblethread user's have their password set to "password". Note: the visiblethread user has sudo (or root) privileges.
To get started, login to the terminal as the visiblethread user. Then you can :
- change the visiblethread user's password : passwd
change the root user's password : sudo passwd root
- or disable root user login : sudo passwd -l root
2. Change the sandboxAdmin web application password
VisibleThread contains an administration web application to create sandboxes, upload licenses and administer users. This web app is available at (Note: sandboxAdmin is case sensitive in this url !) : https://your-visiblethread-server/sandboxAdmin
Out of the box, the credentials to access the sandboxAdmin are visiblethread/password. To change this credential please see this support article : How-do-I-change-the-default-SandBox-admin-password
3. Install an SSL certificate
The VisibleThread web application is only available over https. Any requests to http will automatically redirect to https. Out of the box, the VisibleThread web application uses a self-signed certificate. It is best practice to install a properly signed SSL certificate. See this support article for details : How-to-install-an-SSL-certificate-on-a-deployed-VisibleThread-Server