10-21-2015 07:41 AM - edited 03-12-2019 05:47 AM
I have the SourceFire appliance in my network. The previous network admin did not leave any password for this device. I am unable to get into it or reset the PW. I tried the below, it reset it like it shows, but still no luck getting in via GUI or console. Is there anything else I can do? I also tried instead of the passwd i tried passwd admin but it gives an error saying username not found. Can anyone help out?
SW Version 4.9
1) Power cycle your appliance by pressing the reset button. Refer to the Sourcefire 3D Sensor Installation Guide in the Hardware Specifications section for the model of your appliance for the location of the reset button.
2) At the Lilo prompt type:
3D-4.9.0 init=/bin/sh
—> The system will boot in to shell prompt;
3)Mount the linux drive.
mount -o remount,rw /
4) After you mount the drive type
passwd
Solved! Go to Solution.
10-22-2015 11:17 AM
Hi,
Try username as root and you should be able to login.
Regards,
Aastha
10-21-2015 04:12 PM
Hi,
Try following this article and see if that helps:
http://www.cisco.com/c/en/us/support/docs/security/firesight-management-center/118631-technote-firesight-00.html
Also send the snapshot of the exact error.
Regards,
Aastha
10-22-2015 07:40 AM
I dont know what is happening. I was looking at a webpage yesterday that had the instruction on how to reset the password but i can no longer find the page. The instructions you provided are not working. When I reboot the system and press the arrow at LILO, I enter (3D-4.9.0 single) and the reboot but it dosen't boot to the menu where I can enter the configs. I found a page yesterday that said to type 3D-4.9.0 single and some more and then reboot. I can't find the page today which is really starting to get to me.
10-22-2015 11:10 AM
Hi,
Once your appliance starts booting up, cancel the countdown at the LILO Boot Menu by pressing any key on your keyboard
3D-4.9.0 init=/bin/sh
--> The system will boot in to shell prompt;
Mount the linux drive.
mount -o remount,rw /
After you mount the drive type
passwd
And then you should be able to change the password.Apparently the command passwd admin was introduced in 4.10.
Let me know if that works.
Regards,
Aastha
Rate the post if it helps!!!!
10-22-2015 11:17 AM
I did that and i was able to change it. What I dont understand is what I am changing the password for? Once I reboot the system after the password change, I sitll can't get in with the username "admin" and the new password
10-22-2015 11:17 AM
Hi,
Try username as root and you should be able to login.
Regards,
Aastha
10-22-2015 11:25 AM
that worked!! How can I reset the password for the 3D senors in GUI via the console? Or atleast create new username and password for GUI sensor access
10-22-2015 11:50 AM
Ok, so i actually configured an IP on thr device.
configure-network
I assigned 10.153.0.19 IP to it. Once I was done, it gave me a message:
"Please go to https://10.153.0.19 to finish installation"
But when I go there, all I get is a all blank screen.
Any advice?
10-22-2015 12:35 PM
Hi,
Check the connectivity . Try pinging the default g/w from the device and so on.
Once that is confirmed , we might need to check for httpsd errors
Login on the device via SSH.
>expert
Escalate the privilege to root.
admin>sudo su
Password>Enter root password
Pmtool status | grep httpsd
You can try to restart the service : “pmtool restartbyid httpsd”
Also check:
++ cd /var/log/httpd
++ls –l
++ more httpsd_access_log
I would definately recommend you to upgrade the device from 4.9 to latest because its already EOL.
Regards,
Aastha
Rate if it helps!!!!
10-22-2015 12:42 PM
thanks, i only get this
root@Sourcefire3D:~# sudo su
root@Sourcefire3D:~#
root@Sourcefire3D:~#
root@Sourcefire3D:~# sudo
usage: sudo -h | -K | -k | -L | -l | -V | -v
usage: sudo [-bEHPS] [-p prompt] [-u username|#uid] [VAR=value]
{-i | -s | <command>}
usage: sudo -e [-S] [-p prompt] [-u username|#uid] file ...
10-22-2015 12:48 PM
Hi,
Oh that is to become a root user and I see you are already root so you should be able to execute the commands given.
Check the pmtool status for httpsd service and see if its running , try to restart it and check for any errors .
Regards,
Aastha
10-22-2015 12:50 PM
i tried but it's not taking the commands
root@Sourcefire3D:~# pmtool restartbyid httpsd
sh: pmtool: command not found
root@Sourcefire3D:~# pmtool restartbyid httpsd
sh: pmtool: command not found
root@Sourcefire3D:~#
root@Sourcefire3D:~#
root@Sourcefire3D:~#
root@Sourcefire3D:~# pmtool status
sh: pmtool: command not found
root@Sourcefire3D:~# Pmtool status | grep httpsd
sh: Pmtool: command not found
10-22-2015 12:59 PM
Hi ,
Try pmtool status |grep -i Down or Pmtool status | grep httpd or just pmtool status to see if the service is running or not.
There could be multiple issues because the version that you are on is very old .I would recommend you to upgrade it and if you still face issues open up a case with TAC , because they might need to check the Tshoot.
Regards,
Aastha
10-22-2015 01:40 PM
how do I upgrade this thing? Will it drop my network? I have been rebooting via console and nothing was happeing
10-22-2015 02:29 PM
Hi,
Probably you can upgrade to 4.10 and then migrate from 4.10. Check the link : https://support.sourcefire.com/sections/1/sub_sections/53
The migration guide is present in there or if this is brand new device then you can reimage the device. For reimage :
http://www.cisco.com/c/en/us/support/docs/security/firesight-management-center/118308-technote-firesight-00.html#anc4
Regards,
Aastha
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide