Koozali.org: home of the SME Server

How do I change the Server Manager Admin password?

silasp

How do I change the Server Manager Admin password?
« on: March 02, 2006, 11:45:47 PM »
Hello.
Sorry, this seems like a really silly question: but how do I change the Server Manager Admin password?

It is easy enough to change the linux account passwords using (eg):
passwd root
passwd admin

http://no.longer.valid/phpwiki/index.php/TroubleshootingFAQ#lostPassword

But that doesn't change the apache access passwords.
Is there some sort of password changing utility, or do I need to go and find the .htaccess file or similar?

I ask because our server appears to have been hacked - someone changed the passwords for Server Manager and CUPS and I have no idea how to change them back!

Cheers,
Silas.

Offline dsemuk

  • ****
  • 269
  • +0/-0
How do I change the Server Manager Admin password?
« Reply #1 on: March 04, 2006, 12:13:22 AM »
Hello Silas

If your SME server has been hacked I would suggest the first course of action is to report the potential problem via security@contribs.org rather than on these boards.

I noticed from your other posts that you have been updating to 7pre from v6, if your passwords have become messed up as a reult of the update(s) I suggest you report a bug on the bug tracker.

I know this doesn't help your immediate problem, but I feel it is your best plan of action at the moment.

If any of the ddevelopers see your plight, they may suggest a fix, but the bug tracker is your best way of reaching them.

Dave
--
Esmith/Mitel/SME server  :-D...

silasp

How do I change the Server Manager Admin password?
« Reply #2 on: March 05, 2006, 04:12:43 AM »
Cheers, Dave, thanks for the reply.
You are correct in observing that I am getting ready to upgrade to SME 7. But I haven't actually done this yet. My main server (the one I think has been hacked) is still running SME 6.

I think it has been hacked for the following reasons:
[1] The admin password that once worked for the SME server-manager website / CUPS admin website now fails to work - and I have not modified anything on the server.
(I did execute a "yum update" a couple of days ago, but could still log in to server-manager after the update.)

[2] The command:
cat /var/log/messages* | grep "Accepted password for root"
reveals some IP addresses that aren't mine. Of course, really pro hackers probably would have edited the logfile so that their tracks were covered.

I have changed my security policies and passwords, so that side of things should be ok for the moment.

But I still have the original problem of not being able to access server-manager or cups. I have been doing backups for a while, so even if some knowlegable person could tell me which files to restore to fix up the http access passwords it would be a great help.

Kind regards,
Silas.

P.S. I will email a copy of this post to security@contribs.org

Offline smeghead

  • *
  • 557
  • +0/-0
How do I change the Server Manager Admin password?
« Reply #3 on: March 05, 2006, 10:58:34 AM »
The root password and admin password are changed in sync when performed via the Server Manager.  If they are no longer in sync you could run:

passwd admin

at the root prompt and set the admin password to the same as the root passwd.

This should allow the Server Manager to work (& prob CUPS).  When you get into Server Manager go to the user page and reset the admin password again and ensure that everthing that needs to be done within SME is executed via the template routine underpinning the password change event; please be sure to use a complex password of upper & lower alpha, non-alpha, numbers, etc and at least 8 chars if not more (I usually use a minimum of 12).

HTH
..................

Offline pfloor

  • ****
  • 889
  • +1/-0
How do I change the Server Manager Admin password?
« Reply #4 on: March 05, 2006, 05:57:29 PM »
silasp,

You are the second person to report this issue in the last few days.  If you haven't done so already, could you please email security@contribs.org about this.

Thanks,

Paul
In life, you must either "Push, Pull or Get out of the way!"

Offline CharlieBrady

  • *
  • 6,918
  • +3/-0
Re: How do I change the Server Manager Admin password?
« Reply #5 on: March 06, 2006, 12:09:29 AM »
Quote from: "silasp"

It is easy enough to change the linux account passwords using (eg):
passwd root
passwd admin

http://no.longer.valid/phpwiki/index.php/TroubleshootingFAQ#lostPassword

But that doesn't change the apache access passwords.


No, you are wrong. Apache access for the manager directly uses the login password.

Quote

I ask because our server appears to have been hacked - someone changed the passwords for Server Manager and CUPS and I have no idea how to change them back!


If someone has hacked your server, you have more to do than just change passwords back. You should assume they have compromised all accounts and passwords, and will be able to re-attack your system, and are using your system to attack others. You should plan to reinstall a clean system, make it up to date, and change all passwords, before connecting to the Internet.

There's good general advice here:

http://www.cert.org/tech_tips/win-UNIX-system_compromise.html

Offline gordonr

  • *
  • 646
  • +0/-0
    • http://www.smeserver.com.au/
Re: How do I change the Server Manager Admin password?
« Reply #6 on: March 06, 2006, 01:53:29 AM »
Quote from: "silasp"
Hello.
Sorry, this seems like a really silly question: but how do I change the Server Manager Admin password?

If you change the password on the admin account from the Users panel and it will reset the admin and root passwords, and do both the shadow and smbpasswd versions. If you do them from the command line, they will get out of sync.

However, your potential security issue should be examined first - thank you for reporting it to the security list.

Everyone - security issues to security_at_lists.contribs.org and only there, please.
............