Procedure to change password for user apg in MySQL DB
search cancel

Procedure to change password for user apg in MySQL DB

book

Article ID: 433629

calendar_today

Updated On:

Products

VMware Smart Assurance

Issue/Introduction

As result of the PEN test you need to change the default password of user apg that writes and reads from the MySQL DB. Is there anywhere a description of the steps?

Environment

Watch4net|M&R 7.8.x and above.

Resolution

  • Backup Data: If possible, take a backup of the MySQL data directory before making any changes.

 

  • Verify Plugin Authentication: Log into your MySQL client as the root user and run the following command to ensure the plugin value is mysql_native_password for each apg user entry:

    • SELECT user, host, plugin FROM mysql.user WHERE user='apg';

 

  • Update the Password: Update the password using the ALTER USER command. Run this for each host entry found in the previous step:

    • ALTER USER 'apg'@'<hostname>' IDENTIFIED BY 'NEW_PASSWORD';

      • (Note: Replace <hostname> with the specific hosts returned from step 2, such as 'localhost')

    • FLUSH PRIVILEGES;

 

  • Generate Encrypted String: Generate an encrypted string for the new password using the provided utility: /

    • /opt/APG/bin/crypt-pass.sh NEW_PASSWORD

 

  • Update Configuration Files: After the password has been changed, you have to update APG's configuration files.Here's a list of the modules that connect to the databases, and the files to update:

    • Frontend Server / Tomcat
      • /opt/APG/Web-Servers/Tomcat/Default/conf/server.xml
      • /opt/APG/Tools/Frontend-Search/Default/conf/frontend-search.xml
      • /opt/APG/Tools/Frontend-Report-Generator/Default/conf/report-generation-config.xml
      • /opt/APG/Tools/Administration-Tool/Default/conf/master-accessor-service-conf.xml
      • /opt/APG/Tools/WhatIf-Scenario-CLI/Default/conf/whatif-scenario-cli-conf.xml
    • Backend Server
      • /opt/APG/Backends/APG-Backend/Default/conf/mysql.xml
      • /opt/APG/Tools/Topology/Default/conf/topology-refresh-config.xml
      • /opt/APG/Tools/MySQL-Maintenance-Tool/Default/conf/mysql-root-apg.xml
      • /opt/APG/Tools/MySQL-Maintenance-Tool/Default/conf/mysql-root-mysql.xml
      • /opt/APG/Tools/MySQL-Maintenance-Tool/Default/conf/mysql.xml
      • /opt/APG/Tools/Administration-Tool/Default/conf/master-accessor-service-conf.xml
      • /opt/APG/Event-Processing/Generic-Live-Writer/<instance>/conf/generic-live-writer.xml

 

  • Update Resource Links: 

    • To list links: /opt/APG/bin/manage-resources.sh list

    • To describe link: /opt/APG/bin/manage-resources.sh get <link_name>

    • To update link: /opt/APG/bin/manage-resources.sh update '<updated_json>'

 

  • Restart Services: Finally, restart all M&R services to apply the new credentials.

Powered by Wolken Software