How to reset root password from single user mode on Security Analytics

book

Article ID: 168199

calendar_today

Updated On:

Products

Security Analytics

Issue/Introduction

Please be aware that the base linux version changed between Security Analytics version 7.3.1 (Fedora) and 7.3.2 (CentOS). Make sure you follow the correct steps.

These steps only work with hardware other than the Bluecoat/Symantec S500-series hardware. If you have forgotten the root password on one of the S500 appliances, the only way to recover is to reinstall the OS from scratch.

If the root password is forgotten or if you are no longer able to authenticate as root from the CLI, the only way to reset the root password is to log in using single user mode.  This process requires console access to the appliance (via physically attached keyboard and monitor or via remote KVM).

Cause

Cannot log in as root from CLI.
Root password needs to be reset.

Resolution

The following steps will boot the appliance into single-user mode, which will allow you to reset the root password or make any other modifications as directed by Technical Support.  As part of performing these steps, you must agree to not install any scripts, packages, or other applications on the device, and to not modify or remove any Security Analytics installed components.

Version 7.3.2 and later

  1. Connect a keyboard and monitor to the appliance (or access the appliance via iDRAC remote console or any other IP KVM solution)
  2. Reboot the appliance and when you see the SoleraOS boot screen, press any key to pause the boot process
  3. Press 'e' to enter into edit mode.
  4. Scroll down to the bottom using the down arrow until you locate the 'linux16 /vmlinuz' line.
  5. Place the cursor at the end of that line and enter:  init=/bin/bash   after the 'audit=1' parameter as shown in the screenshot above.
  6. Press Ctrl-x to continue booting the appliance.
  7. You will be placed at a bash-4.2x# prompt (or something similar)
  8. Remount the root filesystem in read/write mode by entering:   mount -o remount,rw /
  9. To change the root password, enter:   passwd    and enter the new password
  10. To change the admin password or any other user's password, enter:    passwd user_name
  11. Reboot the appliance 

 

Version 7.3.1 and earlier

1.    Access the GRUB boot loader
Connect a monitor and keyboard directly to the Solera appliance. Power up the device. During the boot up process, the console will show the GRUB boot-menu for approximately 2 seconds.



During that time, hit any key to interrupt the process. This will access the GRUB boot loader menu.




2.    Modify the boot arguments

  • Once the boot process has been interrupted, the GRUB menu will post the available kernel: Solera (X.X.X.X-solera). Press ‘a’ to append the grub arguments. 
  • Remove everything from the right end of the line, from rhgb and over.  This is done by pressing backspace to remove the characters.
  • Press the left arrow, until the cursor is on the blank space to the left of acpi.
  • Press the backspace key to remove the "quiet console=tty0 console=ttyS0,9600" from the line.
  • Press the right arrow to the far right of the line.  enter the word single with a space before it
For reference you will be changing the boot line from:
ro quiet console=tty0 console=ttyS0,9600 acpi=ht pcie_aspm=off root=UUID=00ce9edf-0a60-4394-8ed2-0d49da56de47 rhgb quiet audit=1

to this:
ro acpi=ht pcie_aspm=off root=UUID=00ce9edf-0a60-4394-8ed2-0d49da56de47 single
  • Press enter to continue the boot process.

3.    Change the root password (or make other modifications as directed by Support).
After the Solera appliance has completely booted, a basic shell prompt will be presented ([[email protected] /]#). At the prompt, type passwd and hit the Enter key. You will be prompted to enter the new root password twice.  Please note that although the dialog on the screen mentions that the password must be 14 characters and contain certain characters, you may enter whatever password you like.  If you need to change other passwords, like the admin user, you can do that using passwd admin

4.    Reboot the appliance
Restart the system by entering reboot. The system will automatically reboot and the new root password will be in effect.

Attachments