How to reset the Snare Central Server root password


SUMMARY

Under varying circumstances, administrators may lose their passwords to their installed Snare Central Server. There are a couple of ways to regain control. Follow the below instructions depending if you know your 'snare' password.

If 'snare' password is known

Since the snare user has effective administrator privileges, the root password may be updated. Perform the following:

  1. Boot the server normally, and log in as the snare user account.

  2. From the administration menu that pops up, choose the 'Authentication' menu option, then the 'root' user account.

 

If 'snare' password is not known

If the snare user password is unknown, perform the following:

  1. Reboot the server. Assuming the web interface is up, and the Administrator password is known, this can be done from the 'System' menu, under Administrative Tools.

  2. As soon as the server starts booting, hold down the left SHIFT key. Eventually something called a 'GRUB' menu will appear. This is the boot controller for Linux, and is responsible for bootstrapping the operating system.
    The grub boot loader has recently changed the boot command format. If you have updated your Snare Server with operating system patches, or have installed the latest version of the Snare Server, your grub screen may look slightly different.

    The interface can be controlled by the up/down cursor keys, amongst others.

  3. Select the first option at the top of the menu, or highlight the 'recovery mode' option for the latest kernel on the system (as it won't make much difference), and press the (lowercase) e key. That will take us to a simple 'editor' menu for the boot parameters associated with our chosen menu item.

  4. Use the cursor keys (up/down/left/right) to find the line that starts with "linux", highlighted in the red box below.

  5. Navigate to the end of that line, and remove the 'ro' and everything after it, or for current Snare Central Server, remove 'ro ipv6.disable=1 audit=1 audit_backlog_limit=8192 quiet splash $vt_handoff’. You can use the 'backspace' key on your keyboard.

  6. Replace that with rw init=/bin/bash as shown in the following screenshot:

  7. Once you have finished editing, hit F10 on your keyboard to boot the server. After a reasonably short period of time, it will drop you to a root level command prompt. From there, type in the following command:

 

Using your keyboard replace the following keywords.
FROM:

ro ipv6.disable=1 audit=1 audit_backlog_limit=8192 quiet splash $vt_handoff

TO:

rw init=/bin/bash

The system will now boot into a root shell.

From here you can reset the passwords.

passwd (and hit enter)

You will be prompted twice, for a replacement root password.

If you do not remember the snare user password, it may be worth setting that also:

passwd snare (and hit enter)

You will be prompted for the snare user password (twice).

Once you have completed that process, type in the following command:

exec /sbin/init(and hit enter).

The Snare Central Server should reboot, and you will be able to log into the system as root (or snare), using the passwords you have set.