cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5104
Views
5
Helpful
18
Replies

SourceFire now FireSIGHT?

zackgil861
Beginner
Beginner

I have the SourceFire appliance in my network. The previous network admin did not leave any password for this device. I am unable to get into it or reset the PW. I tried the below, it reset it like it shows, but still no luck getting in via GUI or console. Is there anything else I can do? I also tried instead of the passwd i tried passwd admin but it gives an error saying username not found. Can anyone help out?

SW Version 4.9

1) Power cycle your appliance by pressing the reset button. Refer to the Sourcefire 3D Sensor Installation Guide in the Hardware Specifications section for the model of your appliance for the location of the reset button.

2) At the Lilo prompt type:

3D-4.9.0 init=/bin/sh

—> The system will boot in to shell prompt;

3)Mount the linux drive.

mount -o remount,rw /

4) After you mount the drive type

passwd

1 Accepted Solution

Accepted Solutions

Hi,

 

Try username as root and you should be able to login.

Regards,

Aastha

View solution in original post

18 Replies 18

Aastha Bhardwaj
Cisco Employee
Cisco Employee

Hi,

Try following this article and see if that helps:

http://www.cisco.com/c/en/us/support/docs/security/firesight-management-center/118631-technote-firesight-00.html

Also send the snapshot of the exact error.

 

Regards,

Aastha

I dont know what is happening. I was looking at a webpage yesterday that had the instruction on how to reset the password but i can no longer find the page. The instructions you provided are not working. When I reboot the system and press the arrow at LILO, I enter (3D-4.9.0 single) and the reboot but it dosen't boot to the menu where I can enter the configs. I found a page yesterday that said to type 3D-4.9.0 single and some more and then reboot. I can't find the page today which is really starting to get to me.

Hi,

Once your appliance starts booting up, cancel the countdown at the LILO Boot Menu by pressing any key on your keyboard

3D-4.9.0 init=/bin/sh

--> The system will boot in to shell prompt;

Mount the linux drive.
mount -o remount,rw /

After you mount the drive type
passwd

 

And then you should be able to change the password.Apparently the command passwd admin was introduced in 4.10.

Let me know if that works.

 

Regards,

Aastha

 

Rate the post if it helps!!!!

I did that and i was able to change it. What I dont understand is what I am changing the password for? Once I reboot the system after the password change, I sitll can't get in with the username "admin" and the new password

Hi,

 

Try username as root and you should be able to login.

Regards,

Aastha

that worked!! How can I reset the password for the 3D senors in GUI via the console? Or atleast create new username and password for GUI sensor access

Ok, so i actually configured an IP on thr device.

configure-network

I assigned 10.153.0.19 IP to it. Once I was done, it gave me a message:

 

"Please go to https://10.153.0.19 to finish installation"

 

But when I go there, all I get is a all blank screen.

 

Any advice?

Hi,

 

Check the connectivity . Try pinging the default g/w from the device and so on.

Once that is confirmed , we might need to check for httpsd errors


Login on the device via SSH.
>expert

Escalate the privilege to root.

admin>sudo su
Password>Enter root password

Pmtool status | grep httpsd

You can try to restart the service : “pmtool restartbyid httpsd”

Also check:

++ cd /var/log/httpd
++ls –l
++ more httpsd_access_log

I would definately recommend you to upgrade the device from 4.9 to latest because its already EOL.

Regards,

Aastha

Rate if it helps!!!!

thanks, i only get this

 

root@Sourcefire3D:~# sudo su
root@Sourcefire3D:~#
root@Sourcefire3D:~#
root@Sourcefire3D:~# sudo
usage: sudo -h | -K | -k | -L | -l | -V | -v
usage: sudo [-bEHPS] [-p prompt] [-u username|#uid] [VAR=value]
            {-i | -s | <command>}
usage: sudo -e [-S] [-p prompt] [-u username|#uid] file ...

Hi,

 

Oh that is to become a root user and I see you are already root so you should be able to execute the commands given.

Check the pmtool status for httpsd service and see if its running , try to restart it and check for any errors .

 

Regards,

Aastha

i tried but it's not taking the commands

 

root@Sourcefire3D:~# pmtool restartbyid httpsd
sh: pmtool: command not found
root@Sourcefire3D:~# pmtool restartbyid httpsd
sh: pmtool: command not found
root@Sourcefire3D:~#
root@Sourcefire3D:~#
root@Sourcefire3D:~#
root@Sourcefire3D:~# pmtool status
sh: pmtool: command not found
root@Sourcefire3D:~# Pmtool status | grep httpsd
sh: Pmtool: command not found

Hi ,

 

Try pmtool status |grep -i Down or  Pmtool status | grep httpd  or just pmtool status to see if the service is running or not.

There could be multiple issues because the version that you are on is very old .I would recommend you to upgrade it and if you still face issues open up a case with TAC , because they might need to check the Tshoot.

 

Regards,

Aastha

how do I upgrade this thing? Will it drop my network? I have been rebooting via console and nothing was happeing

Hi,

 

Probably you can upgrade to 4.10 and then migrate from 4.10. Check the link : https://support.sourcefire.com/sections/1/sub_sections/53

 

The migration guide is present in there or if this is brand new device then you can reimage the device. For reimage :

http://www.cisco.com/c/en/us/support/docs/security/firesight-management-center/118308-technote-firesight-00.html#anc4

 

Regards,

Aastha

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers