RADIUS server uid is not 0 for Check Point

Vendor

Check Point

Description

When configuring access through RADIUS, it is important to set the uid granted to the user to 0 so they have root access.

Remediation Steps

Set the Super User UID to 0. In clish: "set aaa radius-servers super-user-uid 0" or via the webUI set it under User Management -> Authentication Servers.

How does this work?

indeni parses the gaia configuration database in /config/active and retreive the currently configured RADIUS super user id. It is also possible to list them using clish, but that generates a large amount of logs in /var/log/messages when done repeatedly.

Why is this important?

The RADIUS super user ID is the UID the user has when entering expert mode. If this is not 0 (root) and instead the default of 96, then the user will not have permission to access some file and tools.

Without Indeni how would you find this?

An administrator could login and manually run the command.

View Source Code
single