Control: 3.2 Change default Administrator login names and passwords for applications
Description
Change the default settings for the administrator login names and passwords of the application software that you install on Lightsail instances.
Default administrator login names and passwords for applications used on Lightsail instances can be used by hackers and individuals to break into your servers.
Remediation
To process and apply the latest updates for the application you are using is a manual process. Often dependent on the application itself and the operating system you are utilizing for the Lightsail instance.
From the Console:
- Login to AWS Console using https://console.aws.amazon.com.
- Click
All services, clickLightsailunder Compute. - This will open up the Lightsail console.
- Select the
Instanceyou want to update thedefault administratorsettings. - Make sure the instance status is
running. - Click on
Snapshots. - Under Manual snapshots click on
+ Create snapshot. - Give it a name you will recognize.
- Click on
create.
while in process it will show Snapshotting...
- Once the date and time and snapshot name appears it is completed.
- Click on
Connect. - Run the process to change either the
default administratorname or password or both. - Repeat steps no. 4 – 12 to apply any application
default administratorchanges required on the Lightsail instances that you are running.
Usage
Run the control in your terminal:
powerpipe control run aws_compliance.control.cis_compute_service_v100_3_2Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run aws_compliance.control.cis_compute_service_v100_3_2 --shareSQL
This control uses a named query:
select 'arn:' || partition || ':::' || account_id as resource, 'info' as status, 'Manual verification required.' as reason , account_idfrom aws_account;