Solved

how to delete enable_15 on cisco ASA

Posted on 2010-11-17
10
8,843 Views
Last Modified: 2012-05-10
I have been audited for PCI and the auditor wants me to delete the enable_15 user on our ASAs. I have added other privilege level 15 accounts and when I login as the new user to the asdm,  I do not have the option of removing that username. How can I delete it?
0
Comment
Question by:jbla9028
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
10 Comments
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 34157665
Have you tried it through the CLI?
0
 
LVL 1

Author Comment

by:jbla9028
ID: 34157720
what commands do I have to run to delete the username?
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 34157811
-log in to the asa
-type: enable
-give password
-type: conf t
-type: wr t

It will now show your configuration, fine the line with the user enable_15
Copy this line and paste it back putting: no in front of it.

Like no user enable_15 blahblah

-commit to memory: wr mem

That should do it
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 1

Author Comment

by:jbla9028
ID: 34157835
doesn't seem to "know" there's a username in the CLI. I type

config t
no user enable_15

I get this output

ERROR: username <enable_15> does not exist

it does not show up in the running config as a user?
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 34157888
So do you have a user which looks like that (for example ena_15)? or do you just see the users you created?
0
 
LVL 1

Author Comment

by:jbla9028
ID: 34157915
I just see the users I've created but in the ASDM I see this enable_15 user and the auditor wants me to remove it.
0
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 34158200
username enable_15 defaulty showing ASDM, but not real username!
0
 
LVL 1

Author Comment

by:jbla9028
ID: 34158207
so is it a bug?
0
 
LVL 35

Accepted Solution

by:
Ernie Beek earned 500 total points
ID: 34158291
Ah got it.
This is a (implicit) default account which cannot be removed. It's used to give you complete access to the firewall when you issue hte 'enable' command. i.e. user gone: access gone: can't configure the firewall anymore.

There are ways to make sure users don't need to use this enable password, have a look at this:
http://cisconews.co.uk/2008/01/11/asa-7x-local-users/

Quote:

'The recommended method is to configure authentication for the enable command as follows:

Firewall(config)# aaa authentication enable console LOCAL

This forces users into their assigned privileged level by requiring their own password instead of the enable one. For example, typing the enable command from user EXEC mode now requires the user’s password, not the enable password. There is no indication of this to the user as the prompt is the same. Used in conjunction with local command authorization, this provides a basic level of security to the administration of your ASA.'
0
 
LVL 1

Author Closing Comment

by:jbla9028
ID: 34159676
thanks
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you have an ASA5510 then this sort of thing would be better handled with a CSC Module, however on an ASA5505 thats not an option, and if you want to throw in a quick solution to stop your staff going to facebook during work time, then this is the…
Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Suggested Courses
Course of the Month7 days, 11 hours left to enroll

632 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question