Unlike when you install a Linux distribution yourself on a PC and choose your own passwords, the software on the WARP comes pre-installed. This means it has several default passwords on it. The first thing you should do when you receive your WARP is change these default passwords. These passwords will be known to anyone who reads the PIKA Forums or release documentation so provide the easiest way for a hacker to access your WARP. There are default passwords for the following things:
- Root user of the Linux system
- The MySQL database
- The FreePBX GUI
You should also make sure your passwords are secure. Some simple rules for making a secure password are:
- Use both upper- and lower-case letters
- Include one or more numerical digits
- Include one or more special characters, e.g. @, #, $ etc.
- Use a password a minimum length of 8 characters with at least one character from each of the above 4 points and at least 5 unique characters.
- Do not use words found in a dictionary or any of your user's personal information such as username, birthday
- Do not use passwords that match the format of calendar dates, license plate numbers, telephone numbers, or other common numbers.
- Do not use company name or an abbreviation.
Linux System Users
The root user for the PIKA WARP has a very simple password of “pikapika” This password is made simple so that it is easy to update. To update this password simply use the passwd command on the command line to create a new password. You should use a secure password as described above. This will look like:
Code:
root@openwarp:~# passwd
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
root@openwarp:~#
It is recommended that you should add some sort of password strength enforcement to the WARP. An example of an application for this on the Debian system is “libpam-passwdqc”. You can install this using apt-get at the command line. For example:
Code:
root@openwarp:~# apt-get install libpam-passwdqc
Now when you run the passwd command you will get enforcement checking of your password and even a suggested one.
Code:
root@openwarp:~# passwd
You can now choose the new password or passphrase.
A valid password should be a mix of upper and lower case letters,
digits and other characters. You can use an 8 character long
password with characters from at least 3 of these 4 classes, or
a 7 character long password containing characters from all the
classes. An upper case letter that begins the password and a
digit that ends it do not count towards the number of character
classes used.
A passphrase should be of at least 3 words, 11 to 40 characters
long, and contain enough different characters.
Alternatively, if no one else can see your terminal now, you can
pick this as your password: "Powder6Vague$use".
Enter new password:
Re-type new password:
passwd: password updated successfully
root@openwarp:~#
In addition to securing the root users password, you should also create a system user with admin privileges. The reason for this is you should never allow the root user to remotely log in to the system. We will discuss this further in a future article. You should log in as the system user and then run as root only when required.
To add a system user with admin privileges, you would do the following. Your username here should also not be easily guessed, like your company name for example.
Code:
root@openwarp:~# adduser sample
Adding user `sample' ...
Adding new group `sample' (1000) ...
Adding new user `sample' (1000) with group `sample' ...
Creating home directory `/home/sample' ...
Copying files from `/etc/skel' ...
You can now choose the new password or passphrase.
A valid password should be a mix of upper and lower case letters,
digits, and other characters. You can use an 8 character long
password with characters from at least 3 of these 4 classes, or
a 7 character long password containing characters from all the
classes. An upper case letter that begins the password and a
digit that ends it do not count towards the number of character
classes used.
A passphrase should be of at least 3 words, 11 to 40 characters
long, and contain enough different characters.
Alternatively, if no one else can see your terminal now, you can
pick this as your password: "humble+Skinny-baby".
Enter new password:
Re-type new password:
passwd: password updated successfully
Changing the user information for sample
Enter the new value, or press ENTER for the default
Full Name []: Sample User
Room Number []:
Work Phone []:
Home Phone []:
Other []:
Is the information correct? [Y/n] y
root@openwarp:~# echo -e "sample\tALL=(ALL)\tALL" >> /etc/sudoers
You should now use this user to administer your system and only use su and sudo as required.
MySQL Password
There is also a default password for both the admin and asterisk users in the MySQL database. These passwords are also used in the FreePBX GUI and Asterisk configuration files. These all need to be updated.
Let's start with updating the FreePBX GUI and Asterisk conf files to use a new password. PIKA has supplied an easy to use script to do this for you automatically. Run the following command as shown in the example below to change the password to h@RD3R0ne
Code:
root@openwarp:~# /var/lib/asterisk/bin/update_mysql_password.sh
Please enter the root users password to MYSQL database.
The default is amp109 if you have not changed it.
amp109
Please enter the new password you want:
h@RD3R0ne
Please confirm the new password you want
h@RD3R0ne
.....
root@openwarp:~#
Once this is complete you should also update the root user password in the MySQL database. The command above only updates it for the asterisk user. To do this, you need to log in to the MySQL database and the CLI, update the passwords and restart the MySQL server. This is shown in example below where we set our new password to be T0ugh3rP@$$
Code:
root@openwarp:~# mysql --user=root --password=amp109
mysql> UPDATE mysql.user SET Password=PASSWORD('T0ugh3rP@$$') WHERE User='root';
mysql> FLUSH PRIVILEGES;
mysql> quit
root@openwarp:~# /etc/init.d/mysql restart
root@openwarp:~#
FreePBX Password
The FreePBX GUI also has a default password of admin for the admin user. To change this we just need to login in to FreePBX and change the password. Once you log in to FreePBX with user “admin” and password “admin”, go to the Administrators tab on the left then select the admin user as show below.
Once on the admin user, use the password field to change the password. Make sure you type it correctly as it does not do a confirmation of the password. It is also recommended that you change the name of the admin user to another username. Having a non-default username makes the system harder to break into since hackers know need to crack both a username and password.
Update default passwords
Reply With Quote
Originally Posted by carlostico
