cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

EWA Report Security Issues Highlighted

Former Member

on ‎08-28-2013 5:12 PM

0 Kudos

Hi All,

As I am generating EWA Report in every week.I am getting some issues regarding the same for Production Server.

As of now we are in the Kernel of 701 with patch level 196.Can anyone please help me out for the same.Screenshot is attached.

Please help me out as it is a production issue guys.

Kindly Suggest.

Many Thanks

Ajitabh

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

Reagan
Product and Topic Expert
Product and Topic Expert
‎09-02-2013 4:56 PM
0 Kudos

Hello

1.Default Passwords of Standard Users

Based on the last screen shot you have provided the problem is not the password PASS. The problem is that the SAP* user is not present on clients 000 and 001.

In that case one can connect to the SAP system using SAP* user with the default password PASS.

You need to create the user SAP* in the missing client and set a non standard password.

Most importantly you need to make sure that the profile parameter login/no_automatic_user_sapstar is set to 1.

2.Users Authorized to Display all Tables
3.Users Authorized to Reset/Change Users Passwords

This needs to be addressed to the SAP Security & Authorizations team or if you are sure that some users shouldn't be having these privileges then you may revoke them.

Lastly the EWA data screenshot you have provided is just warnings.

Regards

RB

Show replies
Show replies
Former Member
‎09-05-2013 1:40 PM
0 Kudos

Hi Reagan,

In our company I have to solve these Issues,as I am into SAP Basis.

@Rishi:The Problem is still showing in EWA Report for the Default User's Password Issue.

Can you guys please Suggest?

Many Thanks

Ajitabh

Reagan
Product and Topic Expert
Product and Topic Expert
‎09-05-2013 1:47 PM
0 Kudos

Hello

The Problem is still showing in EWA Report for the Default User's Password Issue

Did you read what I suggested ?

From the screen shot you have provided this is what I see

"Does not exist. Logon possible with p/w PASS"

And here is what I suggested:

Based on the last screen shot you have provided the problem is not the password PASS. The problem is that the SAP* user is not present on clients 000 and 001.
In that case one can connect to the SAP system using SAP* user with the default password PASS.
You need to create the user SAP* in the missing client and set a non standard password.
Most importantly you need to make sure that the profile parameter login/no_automatic_user_sapstar is set to 1.

Regards

RB

Former Member
‎09-05-2013 1:56 PM
0 Kudos

Hi Reagan,

I have set the Profile Parameter before only as you have suggested,That means I just have to create the sap* user manually with sap_all and sap_new authorizations in client 000 & 001,with non standard password.That's it?

Ok I will do the same and let you know as it will be resolved.Now I have to resolve the point no.3,4,5 and 6.I have attached the screenshot for the same.Can you please help me out?

Many Thanks

Ajitabh

Former Member
‎09-08-2013 9:14 AM
0 Kudos

Hi Guys,

Can you please help me out for the issue?

Many Thanks

Ajitabh

Former Member
‎09-08-2013 9:54 AM
0 Kudos

Hi,

from the screen shot it looks like.

So many user have access of

Object 1: S_TCODE with TCD=SE16, TCD=SE16N, TCD=SE17, TCD=SM30, or TCD=SM31

Object 2: S_TABU_DIS with ACTVT = 03 or 02 and DICBERCLS = *

So please check how users have access to these table.

How number that you get in EWA is same as SUIM.

How many user have access to se38,SP01 display other user spool and su01 change password.

All these are secuirty related issues and you need to get Authorization team involved in to it to which all user to have what access.

thanks

Rishi Abrol



,

Reagan
Product and Topic Expert
Product and Topic Expert
‎09-08-2013 10:48 AM
0 Kudos

Hello Ajitabh

The screenshot is not pointing out an error instead these are just warnings.

The report is saying that there are users who are having those authorizations.

Are you sure that those users do not need those authorizations ?

Again like I said before these are tasks for SAP Security and Authorizations team.

I suggest you to head here to find a solution if you desperately need an answer.

http://scn.sap.com/community/security

Regards

RB

Former Member
‎08-28-2013 9:16 PM
0 Kudos

Hi Guys,

Can anyone help me out for the same?I am eagerly waiting for for your replies guys.

Many Thanks

Ajitabh

Show replies
Show replies
bxiv
Active Contributor
‎08-29-2013 12:48 AM
0 Kudos

While keeping your kernel up to date is a good performance and security practice, most of the alerts you posted are being flagged due to end users having more access then what SAP recommends.  For example they may only want 10 accounts to be able to display all tables in the system, as soon as you have 11 accounts have that authorization EW kicks in to let you know the security team is not meeting recommended standards.

You also have 2 performance issues which I would resolve first as security won't be the problem if you are out of resources...

Former Member
‎08-29-2013 1:43 AM
0 Kudos

Hi Ajitabh,

Your kernel version is out of maintenance.

Note 1629598 - SAP Kernel 720 will replace older kernel versions

Most of the issues looks to be security related issues.

So please try to install kernel 7.20_EXT and see in sandbox . You will see that the alerts will get fixed.

Please find the note to install kernel 7.20_EXT.

Note 1636252 - Installing a 7.20 kernel in SAP Web AS 7.00/7.01/7.10/7.11

But if you still want to be on the same kernel try to go to the below link and download latest kernel

1761275 - Kernels 6.20, 7.00, 7.01, 7.11 & 8.00 disappeared from Service Market Place

Please note if you have any issues related to the current kernel SAP will not able to support you as you are running kernel with is out of maintenance.

Thanks

Rishi Abrol

Former Member
‎08-29-2013 6:49 AM
0 Kudos

HI Rishi,

We are in the Patch Level of 196 of Kernel 701,which is latest one in SMP.

I want to know how to fix the User related issues?Kindly help me out.

As my Client need answer for the same?Is there any specific SAP Note for the same

or any way to perform this activity?I have attached the list of users from EWA Report.

Many Thanks

Ajitabh

Former Member
‎08-29-2013 7:17 AM
0 Kudos

Hi,

You need to go to each section and check what is the issues.

Here are some of the sample notes.

1859691 - EWA check on "Users with critical authorizations" - how to match the numbers

1610103 - EarlyWatch Alert Report : section Default Password of Standard Users

Note 1726102 - EWA: "Default Passwords of Standard Users": User TMSADM

1899201 - EWA is reporting a different number for users authorized to display all tables disagrees with SUIM

Thanks

Rishi Abrol

Former Member
‎08-29-2013 7:25 AM
0 Kudos

Missed to attach these notes.

Note 863362 - Security checks in the SAP EarlyWatch Alert

1827876 - Clarification on the EarlyWatch Alert (EWA) sub-check - Users Authorized to Reset/Change User Passwords

Thanks

Rishi Abrol

Former Member
‎08-29-2013 6:15 PM
0 Kudos

Hi Rishi,

Thanks for your helpful SAP Notes.I want to resolve the Issues one by one,which are as below:

  1. 1.Default Passwords of Standard Users
  2. 2.Users Authorized to Display all Tables
  3. 3.Users Authorized to Reset/Change Users Passwords

When I want to solve the 1st one.I ran the report RSUSR003 through SA38 in Production Server, I have attached the screen shot for the output.I want to know what action should be taken to resolve this?Can you please help me out???

Kindly Suggest

Ajitabh



Former Member
‎08-30-2013 1:52 AM
0 Kudos

Hi Ajitabh,

Please follow this section.

Ensure that:
- User SAP* exists in all clients
- Users SAP*, DDIC, SAPCPIC, and EARLYWATCH have non-default passwords in all clients
- Profile parameter login/no_automatic_user_sapstar is set to 1.

For more information, see Protecting Standard Users" and "Profile Parameters for Logon and Password (Login Parameters)" either on SAP Help Portal or in the SAP NetWeaver AS ABAP Security Guide.

I think that the password of SAP* is pass . Please follow the comments in EWA and you will be able to fix all the issues.

Another think that the parameters in rz10 is login/no_automatic_user_sapstar=0 you need to change it to 1 and get system rebooted.

Thanks

Rishi Abrol

Former Member
‎08-31-2013 8:27 AM
0 Kudos

Hi Rishi,

I have changed the password according to me other than the standard passwords.I have attached the screenshot,which I am getting after executing the Report RSUSR003.I want to know is everything fixed related to Default User's Password Issue?Can you please suggest please?

It is really urgent.

Many Thanks

Ajitabh

Former Member
‎08-31-2013 1:23 PM
0 Kudos

HI,

I think that the password of SAP* is still pass. so please change then.

Have you set the parameter and rebooted the system.

Once above two things are done you would be good with this one.

Thanks

Rishi Abrol

Former Member
‎01-30-2014 2:19 PM
0 Kudos

hi all, I see TMSADM is not showing up here but might nevertheless be a security issue with this user.

OSS note 1552894 might be applicable?

Ask a Question