BIG-IP v10.2.1 がリリースされていました。以下のように挙動が変更されたそうです。
Behavioral Change: When Appliance Mode is licensed, the following changes occur:
Any user that previously had access to the bash shell will now only have access to tmsh
Only the following directories are accessible via scp:
/config
/shared/images
/var/core
/var/local/scf
/var/local/ucs
/var/local/wam
/var/log
/var/tmp
The tmsh 'edit' command now invokes the nano editor instead of the vi editorその他の修正は以下の通りです。
| ID | Description |
|---|---|
| 225190 | The root account home directory (/root) permissions have been modified so as to be only user readable, writable and executable. |
| 225236 | File permissions have been tightened for numerous files and directories. |
| 225237 | Options in the smb.conf file have been corrected. |
| 225249 | File permissions for cron tables and directories have been tightened. |
| 225251 | By default, new files are now only user readable and writeable. |
| 225252 | World-writable non-public directories are now better secured using the sticky-bit. |
| 225257 | The syscheck and oprofile users have the home directory properly set to '/'. |
| 227176 | The following non-interactive user accounts have been removed: "halt", "reboot", "sync" and "shutdown". |
| 227179 | The "htpasswd" utility has been removed from the system. |
| 227180 | Ownership and permissions for the web server configuration files have been fixed. |
| 336355 | The "tomcat" user no longer has access to a shell. |
| 338154 | The file permissions for syslog-ng.conf have been modified to be user and group readable only. |
| 340033 | CTRL+C now exits imish correctly when accessed through tmsh. |
| 353934 | File and directory permissions for /shared/ssh/root now have the proper umask settings. |
| 355374 | A condition where importing a UCS file containing an ASM configuration with user-defined sets could fail, leaving the configuration corrupt, has been fixed. |
コメント