Security notes

Changing default password

After installation it is possible to authorize in the system web interface using the standard account with maximum rights:

login: admin
password: saymon

After the first login with the admin user, the system will require you to change the password.

Restricting access to databases

It is recommended to configure authorization in databases in order to restrict access to information.

Detailed instructions are provided in the developer documentation:

MongoDB - https://docs.mongodb.com/guides/server/auth/
Redis - https://redis.io/topics/security

Accounts for access to databases need to be added to the corresponding sections of the server configuration file.

As an additional option, access to cli-utilities provided with databases, can be restricted:

$sudo chmod 700 /usr/bin/mongo
$sudo chmod 700 /usr/bin/redis-cli

Restricting access to configuration files

The server configuration file contains passwords for connecting to databases. It is recommended to restrict access to these files with the following command:

$sudo chmod 700 /etc/saymon/