Security Onion passwords
Sephiroth Storm
few other things. I have a little linux experience. I created my user
account, but I cannot of course download security updates or install a
needed secondary Ethernet driver without admin privileges. I looked at
the etc/passwd file to see if securityonion was in the file (/etc/
sudoers is not readable), and the account is not there. root appears
to be the only admin account UID 0.
i've tried logging in and sudo'ing with a blank password,
"securityonion" and "password" to no avail. I would prefer not to use
john to crack the password. Any ideas?
Doug Burks
Thanks for using Security Onion!
Are you running from the Live environment or did you perform an
installation? If running Live, you should be logged in as
"securityonion" and you should be able to use sudo without being
prompted for password. Since you said that "securityonion" was not in
/etc/passwd, I assume you performed an installation. In that case,
you should be logging in with the user you created in the installer.
You should then be able to use sudo and enter your user password when
prompted.
For more information about sudo, please see:
https://help.ubuntu.com/community/RootSudo
Please let us know whether or not that helps.
Thanks,
--
Doug Burks, GSE, CISSP
President, Greater Augusta ISSA
http://augusta.issa.org
http://securityonion.blogspot.com
Sephiroth Storm
You are correct, I did perform an install first. Indeed, While
waiting for a response I did find out that my user account did have
sudo privileges. So the question is, the FAQ states there is no root
password when one certainly exists, whats the deal?
On Jun 8, 7:18 pm, Doug Burks <doug.bu...@gmail.com> wrote:
> Hi Sephiroth,
>
> Thanks for using Security Onion!
>
> Are you running from the Live environment or did you perform an
> installation? If running Live, you should be logged in as
> "securityonion" and you should be able to use sudo without being
> prompted for password. Since you said that "securityonion" was not in
> /etc/passwd, I assume you performed an installation. In that case,
> you should be logging in with the user you created in the installer.
> You should then be able to use sudo and enter your user password when
> prompted.
>
> For more information about sudo, please see:https://help.ubuntu.com/community/RootSudo
>
> Please let us know whether or not that helps.
>
> Thanks,
> --
> Doug Burks, GSE, CISSP
Doug Burks
The FAQ is correct. There is *no* root password. The root account is
locked. From the link I sent earlier:
"By default, the Root account password is locked in Ubuntu. This means
that you cannot login as Root directly or use the su command to become
the Root user."
You can confirm that there is *no* root password by running the
following command:
sudo grep root /etc/shadow
Notice that the second field is an "x", meaning there is no password
and the account is locked.
For more information, please see:
http://en.wikipedia.org/wiki/Shadow_password
Thanks,
--
Doug Burks, GSE, CISSP
President, Greater Augusta ISSA
http://augusta.issa.org
http://securityonion.blogspot.com
Sephiroth Storm
Its a SHA 2 hash if i'm not mistaken, so I have no way of cracking it.
I was unaware of anyway to lock an account, thats a good piece of
knowledge.
root:$6$AlvPANXN$U01UG4dM95nb/
tAdSZe0bFxOuT0E9PX2SgxI2GLWp5QQJHTvxzpDhtW4nk4XZqLozPKzTj13jM1elzfdPV0M71:15133:0:99999:7:::
> locked. From the link I sent earlier:
> "By default, the Root account password is locked in Ubuntu. This means
> that you cannot login as Root directly or use the su command to become
> the Root user."
>
> You can confirm that there is *no* root password by running the
> following command:
> sudo grep root /etc/shadow
>
> Notice that the second field is an "x", meaning there is no password
> and the account is locked.
>
> For more information, please see:http://en.wikipedia.org/wiki/Shadow_password
>
> Thanks,
> --
> Doug Burks, GSE, CISSP
Doug Burks
If the root account on your box has a password, you must have set it.
Perhaps you did something like this?
sudo passwd
Or perhaps this?
sudo -i
passwd
Either one of these would have set the password for the root account.
If you would like to lock the root account to return to the default
configuration, you can do this:
sudo passwd -l root
Thanks,
--
Doug Burks, GSE, CISSP
President, Greater Augusta ISSA
http://augusta.issa.org
http://securityonion.blogspot.com
Girish Sp
Happy to use security onion, performed the installation,
But problem is I forgot the SETUP password...
how can I recover the Password not !!!
Gmail : Giris...@gmail.com
Thanks and regards
Girish
Doug Burks
When you say SETUP password, which password are you referring to? The
password used to login to your Ubuntu account, or the password used to
login to Sguil/Squert/ELSA?
> You received this message because you are subscribed to the Google Groups "security-onion" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
> To post to this group, send email to securit...@googlegroups.com.
> Visit this group at https://groups.google.com/group/security-onion.
> For more options, visit https://groups.google.com/d/optout.
--
Doug Burks
Need Security Onion Training or Commercial Support?
http://securityonionsolutions.com
Kamal
I am facing the same issue. I, want to change the password (The password to login to Ubuntu account), but I can't find how I can do that. If I connect through ssh(putty) and change the password there on the console, it doesn't replicate the same when I fire up the ubuntu box (VM) and try the new password set up on using ssh.
Wes
In the future, please open a new thread instead of replying to an old one:
If you are looking to change the password for the Ubuntu user you could do:
sudo passwd user
If you are looking to recover the password for the Ubuntu user, you could do something similar to the following (at console/machine):
https://help.ubuntu.com/community/LostPassword
If you are looking to reset the password for the Security Onion user (Sguil/Squert/ELSA), you could do:
sudo nsm_server_user-passwd
Then specify the name of the user, etc.
Thanks,
Wes