Important: To ensure the security of your data that is stored on the FMOS host, we only provide password recovery steps to people listed as AccountAdministrator for your company in our User Center.
By default, the FMOS administrator account passwords expire every 90 days and must be changed prior to expiration.
The FMOS accounts are used for the CLI login via SSH or on the server console, as well as the Server Control Panel.
These are different to the application accounts used for the HTTPS web interface.
The FMOS Rescue Console is a tool available in FMOS version 8.10 and later will be used to reset the password for the CLI account configured during installation.
Access to the Rescue Console
To access the rescue console of a FireMon server, you must connect directly to the server using a keyboard and display. If using a Virtual Machine, launch the hypervisor remote console feature.
Note: The Rescue Console cannot be accessed via an ssh session.
- To activate the rescue console, press Alt+F9 on the keyboard.
- This will change the active terminal to tty9, where the rescue console is attached.
- Once the rescue console is displayed, press Enter to activate it.
Because the rescue console provides access to sensitive system configuration, it is protected from malicious activity by requiring an “unlock code” before allowing any changes to be made. The unlock code is derived from information about the system and is thus unique for every machine. It also has an expiration time of midnight UTC for the server that the rescue code is generated for.
Please contact FireMon Support to request and receive the unlock code with the following information:
- FQDN of the server *Case Sensitive
- Original Username that was configured upon installation *This must be exact and is case sensitive.
- FMOS version
*The FQDN of the server and FMOS version can be provided by uploading a
screenshot of the Alt+F1 screen of the server console.
Caution! The rescue console will unconditionally exit 5 minutes after it has been unlocked.
Reset User Passwords
- After activating the rescue console and unlocking it with the provided code, select Reset User Password.
- Enter the user name of the user whose password is to be reset and confirm the request.
- Enter a new password twice (to confirm it was typed correctly).
Note: You must enter a strong 8 character password at the prompt using upper and lowercase letters, numbers, and symbols. - Press Enter to complete the process.
- To return to the display after using the rescue console, press Alt+F1.
- To return to the CLI and attempt to login with your new password, press Alt+F6.
- Alternatively, you can ssh to the device and login using the new customer created password.
Note: The FMOS rescue console can only reset passwords for local operating system users. It cannot be used to reset the password for Security Manager accounts or for users in external authentication systems (e.g. LDAP, RADIUS, etc.)
Note: The rescue codes are time synced, as such your FMOS host must be using the default UTC time zone.
If your FMOS host is using another time zone, then you will not be able to use rescue codes.
Comments
0 comments
Article is closed for comments.