Skip to content

Appliance Users

The SecretZero Appliance provides two pre-configured users available to end users via the Appliance Manager terminal. These users are user0 and user0_bgl. Below is a detailed description of their roles, access levels, and intended use cases.

1. user0

  • Description:
    user0 is the default user that administrators use to access the terminal within the Appliance Manager. This user has limited access and privileges designed to allow basic administrative operations.

  • Privileges:

  • Start and stop services running on the appliance.
  • Reboot the appliance.

  • Read all logs, including service logs.

  • Home Directory Overview:
    When logged in as user0, the following directory structure can be found in /home/user0:

Directory and File Structure in /home/user0

The following table explains the directories and files available in the /home/user0 directory when logged in as user0:

Directory/File Contents Description
Certificates Access, CA, LDAP, WEB Directory containing certificates used for privileged access and securing services.
Certificates/Access securitaas, securitaas-cert.pub Certificates for privileged access. These should be downloaded and stored securely outside the appliance.
Certificates/CA crl.crl, rootCA.crt, rootCA.key, rootCA-new.cer, rootCA-new.crt, securitaas.pub, securitaas.pub-new Contains public certificates to be distributed to Linux (securitaas.pub) and Windows (.crt files) servers.
Certificates/LDAP Empty by default Directory for storing SSL certificates for the LDAP server.
Certificates/WEB Empty by default Directory for storing SSL certificates for the web server.
recordings Empty by default Mount point for the NFS drive where session recordings are stored.
Upgradefile Empty by default Directory where upgrade files should be copied during appliance upgrades.
utils close_ssh.sh, CockpitManager 1.0.0.exe, nfs_mount.sh, open_ssh.sh, soagentsetup-1.0.5.zip Directory containing utility scripts and software for managing appliance operations.

Utility Scripts and Software in utils

File Description
open_ssh.sh Script to open SSH connections to the appliance (for professional services only).
close_ssh.sh Script to close SSH connections to the appliance (for professional services only).
CockpitManager 1.0.0.exe Appliance Manager executable.
nfs_mount.sh Script for managing NFS mounts.
soagentsetup-1.0.5.zip Installer for the SecretZero Agent.

Notes

  • The user0 account provides limited privileges and should only be used by administrators.
  • SSL certificates for the LDAP and web servers must be placed in the respective directories (Certificates/LDAP and Certificates/WEB) to be picked up by the appliance.
  • Breakglass access using user0_bgl should only be used in emergency situations.

Explanation of Directories and Files

Certificates

Access

  • securitaas and securitaas-cert.pub:
    These certificates are used for privileged access to the appliance. They should be downloaded and securely stored outside the appliance.

CA

  • Contains public certificates (rootCA.crt, securitaas.pub, etc.) to be distributed to Windows and Linux servers. These files are not sensitive.
  • Linux: Use securitaas.pub.
  • Windows: Use .crt files.

LDAP and WEB

  • SSL certificates for the LDAP and web servers should be copied into these directories. The appliance automatically picks up and applies these certificates.

recordings

  • This is the NFS mount point where session recordings are stored.

Upgradefile

  • Contains files needed for upgrading the appliance. Copy upgrade files here during the upgrade process.

utils

  • Contains utility scripts and software:
  • open_ssh.sh and close_ssh.sh:
    Used to manage SSH connections to the appliance.
    Note: These should only be used by professional services.
  • CockpitManager 1.0.0.exe:
    The Appliance Manager executable.
  • nfs_mount.sh:
    Used to manage NFS mounts.
  • soagentsetup-1.0.5.zip:
    Contains the installer for the SecretZero Agent.

Important Note:

Despite having limited access, the user0 account should only be used by administrators to ensure proper security and governance.

2. user0_bgl

Description:

user0_bgl is a Breakglass user designed for emergency use cases. This user should only be used if the user0 login is unavailable (e.g., if the application is down and unable to generate a token).

Use Cases:

  • Access the Appliance Manager directly through the browser for critical operations.
  • Obtain a temporary token in scenarios where the app is down.

Access:

  • The user0_bgl username and password are set during the bootstrap process.
  • To log in, use a browser and navigate to:
    https://<IPAddress>:9090

Important Note:

The user0_bgl credentials should be securely stored and only accessed by authorized personnel in emergency situations.