Recovering the Sensor's Password

Recovering the Sensor's Password

Recovering the password on any device is of significant importance. This procedure should be documented early in the deployment of the sensor. Once the default password on a Solaris-based Cisco Secure IDS Sensor is changed from the default 'attack', it is up to the administrator to maintain the passwords. In the event of a lost or forgotten password, password recovery procedures may need to be performed.

Start Sidebar
Designing & Planning: Before You Begin

In order to carry out the password recovery procedures, you will need the following:

  • Solaris for Intel CD-ROM.

  • Solaris Device Configuration Assistant disk (boot disk). This can be downloaded from the Sun support Web site. http://soldc.sun.com/support/drivers/dca_diskettes/. Cisco does not maintain this diskette on the Cisco Web site and cannot guarantee the whereabouts of the information on the Sun Web site.

  • Console access to the workstation.

End Sidebar

To recover your password, perform the following steps:

  1. Insert the boot disk.

  2. Insert the CD into the CD-ROM and power off the sensor.

  3. After ten seconds, power on the sensor. The sensor will boot from the boot disk and display the Configuration Assistant screen.

  4. Press F3 to scan the system for boot devices. A list of boot devices is displayed.

  5. Select the CD-ROM drive and put an X next to it using the Spacebar.

  6. Press F2 to continue. The sensor boots from the CD-ROM.

  7. A display for selecting the install type appears. Select Option 2, Jumpstart.

  8. When prompted, choose Option 0 for English language.

  9. The next screen is an additional prompt for English ANSI. Choose Option 0.

  10. The sensor boots and the Solaris Installation screen appears.

  11. Press Ctrl + C to stop the installation script and be dropped to a prompt.

  12. Type mount -F ufs /dev/dsk/c0t0d0s0 /mnt.

  13. The "/" partition is now mounted at the "/mnt" mount point. At this time, the "/etc/shadow" file can be edited to remove the root password. Type cd /mnt/etc.

  14. In order to read the data correctly, set the shell environment by Typing TERM=ansi.

  15. Type export TERM.

  16. To edit the shadow file, type vi shadow.

  17. The line to edit is root:gNyrpgZhdfxPQ:9078::::::

  18. The encrypted password is the second field separated by ":".

  19. Delete that second field by moving the cursor to the beginning of the encrypted password and use the "x" to delete each character. The finished record should look like this: root:: 9078::::::.

  20. Type :wq! to write the file and quit the editor.

  21. Remove the disk and CD-ROM from the drives.

  22. To reboot, type init 6.

  23. At the login screen, login as root. When prompted for a password, press Enter. You are logged in to the sensor as root. Set a new password.