PDA

View Full Version : Update default passwords



skar
08-16-12, 01:11 PM
Unlike when you install a Linux distribution yourself on a PC and choose your own passwords, the software on the WARP comes pre-installed. This means it has several default passwords on it. The first thing you should do when you receive your WARP is change these default passwords. These passwords will be known to anyone who reads the PIKA Forums or release documentation so provide the easiest way for a hacker to access your WARP. There are default passwords for the following things:



Root user of the Linux system
The MySQL database
The FreePBX GUI


You should also make sure your passwords are secure. Some simple rules for making a secure password are:



Use both upper- and lower-case letters


Include one or more numerical digits

Include one or more special characters, e.g. @, #, $ etc.

Use a password a minimum length of 8 characters with at least one character from each of the above 4 points and at least 5 unique characters.

Do not use words found in a dictionary or any of your user's personal information such as username, birthday

Do not use passwords that match the format of calendar dates, license plate numbers, telephone numbers, or other common numbers.

Do not use company name or an abbreviation.


Linux System Users

The root user for the PIKA WARP has a very simple password of “pikapika” This password is made simple so that it is easy to update. To update this password simply use the passwd command on the command line to create a new password. You should use a secure password as described above. This will look like:


root@openwarp:~# passwd
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
root@openwarp:~#



It is recommended that you should add some sort of password strength enforcement to the WARP. An example of an application for this on the Debian system is “libpam-passwdqc”. You can install this using apt-get at the command line. For example:


root@openwarp:~# apt-get install libpam-passwdqc



Now when you run the passwd command you will get enforcement checking of your password and even a suggested one.


root@openwarp:~# passwd

You can now choose the new password or passphrase.

A valid password should be a mix of upper and lower case letters,
digits and other characters. You can use an 8 character long
password with characters from at least 3 of these 4 classes, or
a 7 character long password containing characters from all the
classes. An upper case letter that begins the password and a
digit that ends it do not count towards the number of character
classes used.

A passphrase should be of at least 3 words, 11 to 40 characters
long, and contain enough different characters.

Alternatively, if no one else can see your terminal now, you can
pick this as your password: "Powder6Vague$use".

Enter new password:
Re-type new password:
passwd: password updated successfully
root@openwarp:~#



In addition to securing the root users password, you should also create a system user with admin privileges. The reason for this is you should never allow the root user to remotely log in to the system. We will discuss this further in a future article. You should log in as the system user and then run as root only when required.

To add a system user with admin privileges, you would do the following. Your username here should also not be easily guessed, like your company name for example.


root@openwarp:~# adduser sample
Adding user `sample' ...
Adding new group `sample' (1000) ...
Adding new user `sample' (1000) with group `sample' ...
Creating home directory `/home/sample' ...
Copying files from `/etc/skel' ...

You can now choose the new password or passphrase.

A valid password should be a mix of upper and lower case letters,
digits, and other characters. You can use an 8 character long
password with characters from at least 3 of these 4 classes, or
a 7 character long password containing characters from all the
classes. An upper case letter that begins the password and a
digit that ends it do not count towards the number of character
classes used.

A passphrase should be of at least 3 words, 11 to 40 characters
long, and contain enough different characters.

Alternatively, if no one else can see your terminal now, you can
pick this as your password: "humble+Skinny-baby".

Enter new password:
Re-type new password:
passwd: password updated successfully
Changing the user information for sample
Enter the new value, or press ENTER for the default
Full Name []: Sample User
Room Number []:
Work Phone []:
Home Phone []:
Other []:
Is the information correct? [Y/n] y
root@openwarp:~# echo -e "sample\tALL=(ALL)\tALL" >> /etc/sudoers



You should now use this user to administer your system and only use su and sudo as required.

MySQL Password


There is also a default password for both the admin and asterisk users in the MySQL database. These passwords are also used in the FreePBX GUI and Asterisk configuration files. These all need to be updated.

Let's start with updating the FreePBX GUI and Asterisk conf files to use a new password. PIKA has supplied an easy to use script to do this for you automatically. Run the following command as shown in the example below to change the password to h@RD3R0ne


root@openwarp:~# /var/lib/asterisk/bin/update_mysql_password.sh
Please enter the root users password to MYSQL database.
The default is amp109 if you have not changed it.
amp109

Please enter the new password you want:
h@RD3R0ne

Please confirm the new password you want
h@RD3R0ne

.....

root@openwarp:~#




Once this is complete you should also update the root user password in the MySQL database. The command above only updates it for the asterisk user. To do this, you need to log in to the MySQL database and the CLI, update the passwords and restart the MySQL server. This is shown in example below where we set our new password to be T0ugh3rP@$$


root@openwarp:~# mysql --user=root --password=amp109
mysql> UPDATE mysql.user SET Password=PASSWORD('T0ugh3rP@$$') WHERE User='root';
mysql> FLUSH PRIVILEGES;
mysql> quit
root@openwarp:~# /etc/init.d/mysql restart
root@openwarp:~#



FreePBX Password


The FreePBX GUI also has a default password of admin for the admin user. To change this we just need to login in to FreePBX and change the password. Once you log in to FreePBX with user “admin” and password “admin”, go to the Administrators tab on the left then select the admin user as show below.

http://outgoingftp.pikatech.com/forum/freepbx-admin.png


Once on the admin user, use the password field to change the password. Make sure you type it correctly as it does not do a confirmation of the password. It is also recommended that you change the name of the admin user to another username. Having a non-default username makes the system harder to break into since hackers know need to crack both a username and password.

carlostico
05-02-13, 06:32 PM
This is not working on the new release 3.0.2

carlostico
05-03-13, 12:35 AM
This is not working on the new release 3.0.2
Have been trying to change it with no success , tried all the traditional ways but always having problems how is the correct way to do it ?

carlostico
05-03-13, 12:44 AM
Have been trying to change it with no success , tried all the traditional ways but always having problems how is the correct way to do it ?
What about this:
For security reasons, you may want to change the asterisk password in FreePBX.
This can be achieved by following these steps.


Open a shell session
Enter the mysql shell command such as

# mysql --user=root --password=<original password is amp109>

Update the asterisk password

mysql> UPDATE mysql.user SET Password=PASSWORD('<original password is amp109>') WHERE User='asterisk';

mysql> FLUSH PRIVILEGES;

mysql> exit

Modify parameter AMPDBPASS in /etc/amportal.conf.
Modify AMPDBPASS in /var/www/html/admin/functions.inc.php
Modify AMPDBPASS in /var/www/html/admin/modules/framework/htdocs/admin/functions.inc.php