Password for securityonion user on Live DVD
Mike Pilkington
Is there a password for the "securityonion" user on the Live DVD? I
want to have someone plop the DVD in a server, reboot it, and let me
SSH into it to configure it. However, I just tested it in a VM and I
was not able to SSH with the "securityonion" account. I tried a
password of "securityonion", and a few others, but none worked. Can
you provide that password?
Thanks, Mike
Doug Burks
Yes, there is a password for the "securityonion" user on the LiveDVD,
but it is randomly generated by the remaster process. You should be
able to do something like this to set the password to whatever you
want:
sudo passwd securityonion
Please let us know whether or not that helps!
Thanks,
--
Doug Burks, GSE, CISSP | http://securityonion.blogspot.com
President, Greater Augusta ISSA | http://augusta.issa.org
Doug Burks is teaching SANS SEC503 Intrusion Detection In-Depth in
Portland 8/22 - 8/27 | http://goo.gl/699uF
Mike Pilkington
not be able to change the password. This is a headless server and I
want it to be a "plug and play" scenario. That being said, can you
suggest a way I could remaster the DVD configured with my own
password? Or is that not realistic?
Thanks, Mike
Doug Burks
like KVM, iLO, or DRAC?
You could install on a temp machine, create a new account with known
password, and run through the remaster process to create your own ISO.
Once you booted the new ISO on the headless server, you'd then have
to figure out which IP address the machine got from DHCP in order to
SSH to it.
Hope that helps!
Thanks,
--
Doug Burks, GSE, CISSP | http://securityonion.blogspot.com
President, Greater Augusta ISSA | http://augusta.issa.org
Doug Burks is teaching SANS SEC503 Intrusion Detection In-Depth in
Portland 8/22 - 8/27 | http://goo.gl/699uF
Mike Pilkington
So would you recommend using "remastersys"? I found this article:
http://www.ubuntugeek.com/creating-custom-ubuntu-live-cd-with-remastersys.html
It looks pretty straightforward, but there are several options and I'm
not sure which to use. Would you recommend "sudo remastersys dist"
or "sudo remastersys backup custom.iso"? Or something else?
Thanks!
Doug Burks
Onion. I use "sudo remastersys dist" when building Security Onion.
Regards,
--
Doug Burks, GSE, CISSP | http://securityonion.blogspot.com
President, Greater Augusta ISSA | http://augusta.issa.org
Doug Burks is teaching SANS SEC503 Intrusion Detection In-Depth in
Portland 8/22 - 8/27 | http://goo.gl/699uF
Mike Pilkington
I learned.
Some notes:
• The purpose of this exercise is to create a customized Security
Onion Live DVD that will allow me to SSH to it upon boot up of the
DVD. This allows for emergency remote installs or even short-term
Live DVD network analysis (non-NSM) from a generic PC hardware
platform at a remote location.
• The username created in step 2 below will become the hostname of the
Live DVD. Don't know why this is, but it's important to keep in mind,
particularly with regard to the next note...
• Security Onion (Xubuntu) supports/particpates in dynamic DNS. So if
your environment supports it too, when your machine boots, it will be
registered with the *username* (not hostname) you create in step 2
below. This threw me off at first, but now that you know, the good
news is that even you can easily connect to the remote machine by name
(username) if you are using dynamic DNS.
Steps to custom ISO creation:
1. Installed SO to a new VM
2. Created a temp user with command "sudo adduser <username>"
3. Edit /usr/bin/remastersys shell script and comment out these 4
lines which would delete the SSH keys (if these keys get deleted
during the remastersys process, you won't be able to SSH to the Live
DVD):
#rm -rf $WORKDIR/dummysys/etc/ssh/ssh_host_rsa_key
#rm -rf $WORKDIR/dummysys/etc/ssh/ssh_host_dsa_key.pub
#rm -rf $WORKDIR/dummysys/etc/ssh/ssh_host_dsa_key
#rm -rf $WORKDIR/dummysys/etc/ssh/ssh_host_rsa_key.pub
4. Further customize the install as you see fit. For me, I wanted to
update the firewall to allow access only from my network:
sudo ufw delete allow 80/tcp
sudo ufw delete allow 22/tcp
sudo ufw allow from 10.10.10.0/24 to any
sudo ufw status (to verify configuration)
5. Create the new DVD image with the command "sudo remastersys backup
so-customized.iso". I used the 'backup' option from remastersys so
that the temp user I created would be left as-is.
6. Test your ISO. You will find it in /home/remastersys/remastersys.
Thanks Doug for your continued help and for this great Distro!
Mike
Doug Burks
Great job! Thanks for sharing your notes. Here's what I do before
remastering to solve the SSH key dilemma:
cd /etc/init
cp ssh.conf ssh.conf.orig
vi ssh.conf
# Add these three lines to ssh.conf:
ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N ""
ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N ""
mv /etc/init/ssh.conf.orig /etc/init/ssh.conf
This ensures that each installation generates its own unique ssh keys.
You may not care if all your installations have the same key, I'm
just throwing this out there in the interest of information sharing.
Thanks again for sharing!
Regards,
--
Doug Burks, GSE, CISSP | http://securityonion.blogspot.com
President, Greater Augusta ISSA | http://augusta.issa.org
Doug Burks is teaching SANS SEC503 Intrusion Detection In-Depth in
Portland 8/22 - 8/27 | http://goo.gl/699uF