Has anyone created a worklet to change the root password on Linux machines? Can Secrets be leveraged maybe to have this automated on a 90-120 days basis maybe?
Root password change policy
Userlevel 1
Userlevel 1
So the code below works pretty well. I just have an nice alert come across for anyone active that things are happening.
Eval
# Define the path to the script named root_password_alert.sh
script_path="/var/lib/amagent/rotate_root_password.sh"
# Check if the script exists
if [ -f "$script_path" ]; then
# Run the script
bash "$script_path"
else
echo "Error: The script root_password_alert.sh does not exist at the specified path."
fi
chmod +x run_root_password_alert.sh
./run_root_password_alert.sh
Remediation
# Generate a random password
NEW_PASSWORD=$(openssl rand -base64 12)
# Change the root user password
echo "root:$NEW_PASSWORD" | sudo chpasswd
# Store the new password in a secret for secure access
#echo "ROOT_PASSWORD='$NEW_PASSWORD'" | sudo tee /etc/secret/root_password > /dev/null
# Output the new password for reference
echo "Root user password has been changed to: $NEW_PASSWORD"
# Define the path to the script named root_password_alert.sh
script_path="/var/lib/amagent/rotate_root_password.sh"
# Check if the script exists
if [ -f "$script_path" ]; then
# Run the script
bash "$script_path"
else
echo "Error: The script root_password_alert.sh does not exist at the specified path."
fi
chmod +x run_root_password_alert.sh
./run_root_password_alert.sh
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.