Setting the Password on First Login to FileWave Appliances (15.5+)

What

Starting from FileWave version 15.5.0, there have been important changes to the default login process and security features of the FileWave Appliance:

1.  Disabled Root Login: The root user is now disabled from logging in directly to enhance security.
2. New Default User - User: fwadmin (as of 15.4.0), default password: filewave.
3. Mandatory Password Change: On the first login, fwadmin will be prompted to change the password. It’s crucial to choose a secure password and keep a record of it.
4. Sudo Access: The fwadmin user has sudo privileges to perform administrative tasks that require root access.
5. Enhanced Security with Fail2Ban: Fail2Ban has been added to protect against unauthorized access attempts. It will temporarily block IP addresses after a number of failed login attempts.

For security, the account for root is disabled as of version 15.4.0.

These changes apply to new Debian-based Appliances starting from version 15.5.0 and onward.

Existing Debian Appliances will not have these changes implemented unless you manually make the changes or migrate to a new Appliance.

When/Why

These changes have been implemented to strengthen the security of your FileWave Appliance:

• Prevent Unauthorized Access: Disabling direct root login reduces the risk of unauthorized access, as root accounts are common targets for attackers.
• Enforce Stronger Passwords: Prompting a password change on first login ensures that default credentials are not used, which are often exploited.
• Monitor and Block Attacks: Fail2Ban helps in detecting and preventing brute-force attacks by banning IP addresses that show malicious signs.
• Promote Best Security Practices: Encouraging the use of sudo and secure passwords aligns with industry best practices for system administration.

Existing Appliances

To benefit from these changes either:

• Manually Implement the Changes: Adjust your current Appliance settings to match the new security configurations.
• Migrate to a New Appliance: Set up a new Appliance with version 15.5.0 or later and migrate your data accordingly.

How

First Login and Password Change

1. Access the Appliance: Connect to your FileWave Appliance via SSH or console.
2. Login as fwadmin: Use the username fwadmin and the default password filewave.
3. Change Password: You will be prompted to change the password immediately.
   • Enter New Password: Choose a strong, unique password.
   • Confirm New Password: Re-enter the password to confirm.
4. Note the Password: Keep the new password in a secure place.

Using Sudo for Administrative Tasks

Run Commands with Sudo: Prefix administrative commands with sudo.

sudo apt-get update

Enter Password When Prompted: You may be asked for your fwadmin password when executing sudo commands.

Fail2Ban Security Measures

• Automatic IP Blocking: After several failed login attempts, Fail2Ban will block the offending IP address temporarily.
• Check Ban Status:
  

  sudo fail2ban-client status sshd

• Unban an IP (if necessary):
  

  sudo fail2ban-client set sshd unbanip <IP_ADDRESS>

Best Practices

• Do Not Expose SSH to the Internet: Keep SSH access limited to trusted networks.
• Use Strong Passwords: Incorporate letters, numbers, and special characters.
• Regularly Update the Appliance: Keep your system updated to patch vulnerabilities.
• Monitor Access Logs: Regularly check logs for any unauthorized access attempts.

Related Content

• FileWave Version 15.5.0