Default CentOS Configuration for PCoIP Management Console

After installation, the CentOS operating system on which your PCoIP Management Console virtual appliance runs has the following default configuration. For further recommendations on how to improve security for your PCoIP Management Console, see Securing the PCoIP Management Console.

Default PCoIP Management Console CentOS Configuration

Configuration Description
Installed packages The following applications have been installed on the CentOS operating system for PCoIP Management Console:
  • Text editor (from the CentOS repo): vim
  • man
  • python-argparse
  • redhat-lsb-core
  • NetworkManager-tui
  • iptables-services
  • Python (from the Python project)
  • Java Platform: Openjdk-1.8 configured with weak ciphers and hashes disabled
  • PostgreSQL-server >=9.2.0 (from the PostgreSQL project)
  • PostgreSQL-contrib >=9.2.0
  • openssl
  • epel-release

Important: Dependencies
Installed packages may have included other additional dependencies.

PCoIP Management Console users Note: Root user is not used for PCoIP Management Console administration
For security reasons, the root user is not used for PCoIP Management Console administration. This user account has a large, randomly-generated password that is not published. It is critical to change this password immediately after installing your PCoIP Management Console.

The following PCoIP Management Console virtual machine users are created by default:

  • admin: Default administrative user; has sudo privileges; default password is ManagementConsole2015.
    Note: To secure your PCoIP Management Console, it is critical to change this password immediately after installing the PCoIP Management Console.
  • mcconsole: No login shell; can use restricted sudo to manage PCoIP Management Console web UI components; has no password.
  • mcdaemon: No login shell; has no password.
  • postgres: Has login shell due to PostgreSQL limitations; has no password.

Security Security-Enhanced Linux (SELinux) is enabled with a default configuration.
The PCoIP Management Console SSH server is disabled by default. You can use vSphere Client to access the PCoIP Management Console’s virtual machine console.

Note: SSH access for the admin user
Although the PCoIP Management Console permits you to re-enable the SSH server (temporarily or permanently), for security reasons it only allows SSH access for the admin user while the SSH server is enabled.

Default firewall port settings are as follows:
  • Port 22: Allow incoming SSH connections on TCP port 22.
  • Ports 80, 443, 8080 and 8443: Allow incoming web UI connection on TCP ports 80, 443, 8080, and 8443. The firewall redirects port 80 to port 8080 and port 443 to port 8443. The web UI server listens for HTTP connections on port 8080 and HTTPS connections on port 8443.
  • Port 5172: Allow incoming PCoIP Management Protocol connections on TCP port 5172.
  • Allow all outgoing traffic.
Open file limit The maximum number of open files for all OS processes is 65,535.
IPv6 IPv6 is disabled.
NTP By default, CentOS 7.x uses chrony as an NTP client. NTP traffic to outside sources can be found by entering the chronyc sources -v command to provide a verbose listing of NTP servers chrony is syncing too. Configuration changes can be made by editing the /etc/chrony.conf file. See Chrony Configuration for further information.
PCoIP Management Console directories and scripts The following scripts and files are included on the PCoIP Management Console virtual machine:
/opt/teradici/scripts
  • enable_admin.sh: Enables the PCoIP Management Console’s web UI admin user. This is useful if you disable the admin Web UI account from PCoIP Management Console Enterprise and subsequently transition to PCoIP Management Console Free without re-enabling the account from the web UI. In this situation, you must run this script from the PCoIP Management Console’s virtual machine console before the user can log in to the [PCoIP Management Console web UI.
  • port80_disable.sh: Disables the PCoIP Management Console’s HTTP port (port 80).
  • port80_enable.sh: Enables the PCoIP Management Console’s HTTP port (port 80).
  • reset_admin_password.sh: Reverts the password for the PCoIP Management Console’s web interface admin user to its default value (password). This is useful if the password to the admin user web UI account becomes lost and the user needs a way to get logged in again.
  • remove_ldaps_certificate.sh: Removes the uploaded Active Directory Certificate
  • import_ldaps_certificate.sh: Imports and activates the uploaded Active Directory Certificate
/opt/teradici/database/legacy/migration_script
  • migrate_mc1_profile.sh: Imports individual PCoIP Management Console 1 profiles into your PCoIP Management Console release 2 or later.
/opt/teradici/log
Contains PCoIP Management console log files.