Question

Root password change policy

  • 4 April 2024
  • 1 reply
  • 45 views

Userlevel 1
Badge

Has anyone created a worklet to change the root password on Linux machines? Can Secrets be leveraged maybe to have this automated on a 90-120 days basis maybe? 


1 reply

Userlevel 1
Badge

So the code below works pretty well. I just have an nice alert come across for anyone active that things are happening.

 

Eval


# Define the path to the script named root_password_alert.sh
script_path="/var/lib/amagent/rotate_root_password.sh"

# Check if the script exists
if [ -f "$script_path" ]; then
# Run the script
bash "$script_path"
else
echo "Error: The script root_password_alert.sh does not exist at the specified path."
fi
chmod +x run_root_password_alert.sh
./run_root_password_alert.sh

 

Remediation

# Generate a random password
NEW_PASSWORD=$(openssl rand -base64 12)

# Change the root user password
echo "root:$NEW_PASSWORD" | sudo chpasswd

# Store the new password in a secret for secure access
#echo "ROOT_PASSWORD='$NEW_PASSWORD'" | sudo tee /etc/secret/root_password > /dev/null

# Output the new password for reference
echo "Root user password has been changed to: $NEW_PASSWORD"

# Define the path to the script named root_password_alert.sh
script_path="/var/lib/amagent/rotate_root_password.sh"

# Check if the script exists
if [ -f "$script_path" ]; then
# Run the script
bash "$script_path"
else
echo "Error: The script root_password_alert.sh does not exist at the specified path."
fi
chmod +x run_root_password_alert.sh
./run_root_password_alert.sh

 

Reply