Results 1 to 4 of 4

Thread: Update default passwords

  1. #1
    skar Guest

    Default Update default passwords

    Unlike when you install a Linux distribution yourself on a PC and choose your own passwords, the software on the WARP comes pre-installed. This means it has several default passwords on it. The first thing you should do when you receive your WARP is change these default passwords. These passwords will be known to anyone who reads the PIKA Forums or release documentation so provide the easiest way for a hacker to access your WARP. There are default passwords for the following things:


    1. Root user of the Linux system
    2. The MySQL database
    3. The FreePBX GUI


    You should also make sure your passwords are secure. Some simple rules for making a secure password are:


    1. Use both upper- and lower-case letters

    2. Include one or more numerical digits
    3. Include one or more special characters, e.g. @, #, $ etc.
    4. Use a password a minimum length of 8 characters with at least one character from each of the above 4 points and at least 5 unique characters.
    5. Do not use words found in a dictionary or any of your user's personal information such as username, birthday
    6. Do not use passwords that match the format of calendar dates, license plate numbers, telephone numbers, or other common numbers.
    7. Do not use company name or an abbreviation.


    Linux System Users

    The root user for the PIKA WARP has a very simple password of “pikapika” This password is made simple so that it is easy to update. To update this password simply use the passwd command on the command line to create a new password. You should use a secure password as described above. This will look like:

    Code:
    root@openwarp:~# passwd 
    Enter new UNIX password: 
    Retype new UNIX password: 
    passwd: password updated successfully
    root@openwarp:~#
    It is recommended that you should add some sort of password strength enforcement to the WARP. An example of an application for this on the Debian system is “libpam-passwdqc”. You can install this using apt-get at the command line. For example:

    Code:
    root@openwarp:~# apt-get install libpam-passwdqc
    Now when you run the passwd command you will get enforcement checking of your password and even a suggested one.

    Code:
    root@openwarp:~# passwd
     
    You can now choose the new password or passphrase.
     
    A valid password should be a mix of upper and lower case letters,
    digits and other characters.  You can use an 8 character long
    password with characters from at least 3 of these 4 classes, or
    a 7 character long password containing characters from all the
    classes.  An upper case letter that begins the password and a
    digit that ends it do not count towards the number of character
    classes used.
     
    A passphrase should be of at least 3 words, 11 to 40 characters
    long, and contain enough different characters.
     
    Alternatively, if no one else can see your terminal now, you can
    pick this as your password: "Powder6Vague$use".
     
    Enter new password: 
    Re-type new password: 
    passwd: password updated successfully
    root@openwarp:~#
    In addition to securing the root users password, you should also create a system user with admin privileges. The reason for this is you should never allow the root user to remotely log in to the system. We will discuss this further in a future article. You should log in as the system user and then run as root only when required.

    To add a system user with admin privileges, you would do the following. Your username here should also not be easily guessed, like your company name for example.

    Code:
    root@openwarp:~# adduser sample
    Adding user `sample' ...
    Adding new group `sample' (1000) ...
    Adding new user `sample' (1000) with group `sample' ...
    Creating home directory `/home/sample' ...
    Copying files from `/etc/skel' ...
     
    You can now choose the new password or passphrase.
     
    A valid password should be a mix of upper and lower case letters,
    digits, and other characters.  You can use an 8 character long
    password with characters from at least 3 of these 4 classes, or
    a 7 character long password containing characters from all the
    classes.  An upper case letter that begins the password and a
    digit that ends it do not count towards the number of character
    classes used.
     
    A passphrase should be of at least 3 words, 11 to 40 characters
    long, and contain enough different characters.
     
    Alternatively, if no one else can see your terminal now, you can
    pick this as your password: "humble+Skinny-baby".
     
    Enter new password:
    Re-type new password:
    passwd: password updated successfully
    Changing the user information for sample
    Enter the new value, or press ENTER for the default
            Full Name []: Sample User
            Room Number []:
            Work Phone []:
            Home Phone []:
            Other []:
    Is the information correct? [Y/n] y
    root@openwarp:~# echo -e "sample\tALL=(ALL)\tALL" >> /etc/sudoers
    You should now use this user to administer your system and only use su and sudo as required.

    MySQL Password


    There is also a default password for both the admin and asterisk users in the MySQL database. These passwords are also used in the FreePBX GUI and Asterisk configuration files. These all need to be updated.

    Let's start with updating the FreePBX GUI and Asterisk conf files to use a new password. PIKA has supplied an easy to use script to do this for you automatically. Run the following command as shown in the example below to change the password to h@RD3R0ne

    Code:
    root@openwarp:~# /var/lib/asterisk/bin/update_mysql_password.sh
    Please enter the root users password to MYSQL database.
    The default is amp109 if you have not changed it.
    amp109
     
    Please enter the new password you want:
    h@RD3R0ne
     
    Please confirm the new password you want
    h@RD3R0ne
     
    .....
     
    root@openwarp:~#

    Once this is complete you should also update the root user password in the MySQL database. The command above only updates it for the asterisk user. To do this, you need to log in to the MySQL database and the CLI, update the passwords and restart the MySQL server. This is shown in example below where we set our new password to be T0ugh3rP@$$

    Code:
    root@openwarp:~#  mysql --user=root --password=amp109
                mysql> UPDATE mysql.user SET Password=PASSWORD('T0ugh3rP@$$') WHERE User='root';
                mysql> FLUSH PRIVILEGES;
                mysql> quit
    root@openwarp:~# /etc/init.d/mysql restart
    root@openwarp:~#
    FreePBX Password


    The FreePBX GUI also has a default password of admin for the admin user. To change this we just need to login in to FreePBX and change the password. Once you log in to FreePBX with user “admin” and password “admin”, go to the Administrators tab on the left then select the admin user as show below.




    Once on the admin user, use the password field to change the password. Make sure you type it correctly as it does not do a confirmation of the password. It is also recommended that you change the name of the admin user to another username. Having a non-default username makes the system harder to break into since hackers know need to crack both a username and password.

  2. #2
    carlostico Guest

    Default

    This is not working on the new release 3.0.2

  3. #3
    carlostico Guest

    Default

    Quote Originally Posted by carlostico View Post
    This is not working on the new release 3.0.2
    Have been trying to change it with no success , tried all the traditional ways but always having problems how is the correct way to do it ?

  4. #4
    carlostico Guest

    Default

    Quote Originally Posted by carlostico View Post
    Have been trying to change it with no success , tried all the traditional ways but always having problems how is the correct way to do it ?
    What about this:
    For security reasons, you may want to change the asterisk password in FreePBX.
    This can be achieved by following these steps.

    1. Open a shell session
    2. Enter the mysql shell command such as
      # mysql --user=root --password=
    3. Update the asterisk password
      mysql> UPDATE mysql.user SET Password=PASSWORD('') WHERE User='asterisk';
      mysql> FLUSH PRIVILEGES;
      mysql> exit
    4. Modify parameter AMPDBPASS in /etc/amportal.conf.
    5. Modify AMPDBPASS in /var/www/html/admin/functions.inc.php
    6. Modify AMPDBPASS in /var/www/html/admin/modules/framework/htdocs/admin/functions.inc.php

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •