It is important to understand the components that make up a panagenda virtual appliance in order to secure and maintain them properly.
Base Operating System
The operating system contained in the virtual appliance is Alma Linux 9. When a virtual image is packaged and published for download, panagenda takes great care to update all installed packages to their latest versions and applies security updates for the operating system. All passwords are set to default passwords as described in the Setup Guides for each product.
Once the virtual appliance is deployed in the customer environment, the customer's own network and security teams take control and responsibility over securing and maintaining the operating system. This allows you as the customer to apply your own security policies according to your internal guidelines. It also means you control how and when which updates are applied to packages installed directly on the operating system.
panagenda recommends
panagenda strongly recommends that all default passwords (e.g. Linux "root" user, Web-UI "config" user) are changed after setup and periodic operating system security updates are enabled!
The customer has root access to the virtual appliance. This allows you to
and are free to manage accounts, change passwords, adapt security policies, etc. according to your internal guidelines. It is built on CentOS 7 with a special emphasis on security. One of the key parts in that is that only three services are open to the network: HTTP / HTTPS to serve the web application and SSH for management purposes. Per default, nothing inside the appliance beyond operating system update checks communicates to the internet. It is recommend to allow internet communication with a CentOS update/security repository or provide an internal one. No data collected inside the customer environment leaves or needs to leave the premises at any point during data collection or analysis.