谷姐靓号网Oracle Cloud Infrastructure Identity - Rotate Credentials
Oracle Cloud Infrastructure Customer,
Oracle has identified security vulnerability CVE-2022-21503 that affected the Oracle Cloud Infrastructure (OCI) Identity service. As a result of this vulnerability, administrators and their designees with read-access to the OCI audit-records in your tenancy could have viewed some credentials in clear text. For this reason, several of your users' console UI passwords must be changed by July 18, 2022:
• When those users log in to the OCI console, the login process will prompt them to change their console passwords.
• If any of those users does not log in to the OCI console by July 18, 2022, that user's console password will expire.
• Once a user's console password has expired, that user cannot log in. The user can either reset that console password (if the user has a verified email-address) or ask an administrator to reset the user's console password.
• Once an expired console password has been reset, the user can log in to the OCI console and the login process will prompt the user to change the console password.
How do I find the console passwords that must be changed?
To find which credentials your users must change, use Cloud Shell in the Oracle Cloud Admin Console to run the tool that Oracle has provided. You can rerun this tool periodically to track your progress in rotating affected credentials. The benefit of using Cloud Shell is that Cloud Shell comes packaged with the necessary Python interpreter and dependencies required to run the script. Cloud Shell also performs authentication with no extra configuration.
• Most administrators already have the necessary permissions to access Cloud Shell. They can click the Cloud Shell icon and type the command, "identity-audit-tool."
• If you have not already set up Cloud Shell, see the topic entitled "Using Cloud Shell" in the public documentation: https://docs.oracle.com/en-us/iaas/Content/API/Concepts/cloudshellgettingstarted.htm. Follow those instructions before running the command.
The identity-audit-tool command scans your OCI tenancy for credentials that you must rotate and gives the following results:
• If the tool encounters an error, the tool displays output that describes the error.
• If the tool finds no credential that you must rotate, it prints one line: "Found no affected credential."
• If the tool finds at least one credential that you must rotate, the tool prints a line of output for each credential that you must rotate. The tool also writes output to a comma-separated-value (CSV) file called "audit.csv." NOTE: The tool will overwrite any file named "audit.csv" in your home directory in CloudShell. The CSV file might be more convenient for analysis or for automated remediation. That CSV file contains a line of output for each credential that you must rotate. Each line of output includes values for the credential ID, credential type, credential status, user name, user OCID, and created date.
If the script indicates that an audit report was written, you can download the output file "audit.csv" from Cloud Shell with the following steps:
• From the Cloud Shell menu, click Download.
• When the dialog box labeled "Download File" appears, enter the filename, such as "audit.csv." Click the Download button.
• When the File Transfers dialog indicates that the download of audit.csv is complete, you can use that file locally
热议
推荐楼 sotandlat 昨天04:48
改密码呗
改什么的密码啊
2楼 william 昨天04:45
改密码呗
4楼 king66 昨天07:02
改小机密码还是账号密码
5楼 chxin 昨天08:05
封号了,快把账户送给我吧
6楼 meppy 昨天08:12
封号了,快把账户送给我吧
留个邮箱和身份证号,以及你手持身份证的免冠照片,我发给你
7楼 skyland 昨天08:31
普通用户没必要处理,基本都无关
8楼 galesaur 昨天08:50
7月18号之前最好改密码,不改的话下次无法登录,必须用注册邮箱改密码才能登录,要是注册邮箱收不到邮件,抱歉,你号没了
9楼 ryuwz 1小时前
king66 发表于 2022-6-15 07:02
改小机密码还是账号密码
改账号密码
10楼 hchen 9分钟前
718前不登陆改密码的话要给你点 color see see
申明:本文内容由网友收集分享,仅供学习参考使用。如文中内容侵犯到您的利益,请在文章下方留言,本站会第一时间进行处理。
评论前必须登录!
立即登录 注册