3.7. Hardening

Changing the default password

After installation of versions pre 5.2.0, a default user was created with a predefined password. This user may still exist in a post 5.2.0 version, if it was upgraded from an earlier version.

Change this predefined password as soon as possible, following these steps:

  1. Log in using the default user account's name and password (admin / admin),

  2. Go to Settings > Password and change the password here.

Running the service as an unprivileged account

Linux

By default the mdcentralmgmt service is running as the unprivileged centralmgmt account.

Windows

By default the mdcentralmgmt (OPSWAT Metadefender Central Management) service is running as the privileged Local System account.

To run the Windows service with another Windows account (we will use the Local Service account as an example below) follow these steps:

  1. Grant read and write permissions to the target account for the installation folder and all other external files and folders that are configured to be read and written by the Central Management service (e.g.: logfile Windows Registry entry).

  2. Stop the OPSWAT Metadefender Central Management service

    > net stop mdcentralmgmt
  3. Open the Administrative Tools > Services window on your Windows server.

    images/download/attachments/27533884/image2018-6-5_15-8-23.png
  4. Right click the OPSWAT Metadefender Central Management entry and select the Properties > Log On dialog.

  5. Change the service user account to the target user account.

    images/download/attachments/27533884/image2018-6-5_14-14-14.png
  6. Start the OPSWAT Metadefender Central Management service

    > net start mdcentralmgmt