Documentation Center
AlienVault® USM Appliance™

Recovering Lost Root Password on USM Appliance

Version: 5.x
Deployment: All deployments

In case you lost the root password to your USM Appliance and would require a reset, follow the procedures below. You need to do it this way because the GRUB timeout on USM Appliance is set to 0.

For USM Appliance Hardware and Virtual Machines

Note: You don't need to reinstall or reset the appliance. The purpose of booting from the AlienVault OSSIM® ISO is only for you to reset the root password.

  1. Download the newest AlienVault OSSIM ISO that can be found at https://www.alienvault.com/products/ossim/download.
  2. Prepare the ISO for the appliance that you will be resetting. For example if you are working on a hardware appliance, convert the ISO to a bootable USB (see this document for details).
  3. On the AlienVault appliance that you need to reset the root password, boot from the USB containing the AlienVault OSSIM ISO. You may need to press Esc on your keyboard to reach the BIOS in order to change the boot menu.
  4. Select to install AlienVault OSSIM <version_number>.
  5. Select your keyboard and language.
  6. When you reach the menu to configure the network, press Esc on your keyboard to bring up the Debian installer main menu.
  7. Select Execute A Shell and then select Continue.
  8. Mount the partitions from the shell by typing mount -t ext4 /dev/sda1 /mnt.
  9. Type chroot /mnt.
  10. Type passwd, which will then prompt you to enter the new password twice.
  11. Type exit.
  12. Type umount /mnt.
  13. Type reboot to restart the system.

Once the system restarts your root password will be changed to the one you specified in step #10, and you can then login to the AlienVault appliance using the new password.

For USM Appliance AMI

  1. Shutdown the USM Appliance AMI instance.
  2. Deploy a Debian machine in the same zone on Amazon Cloud where your USM Appliance AMI instance is deployed.
  3. In the Volume section, detach the volume from the USM Appliance AMI instance and attach it to the Debian machine.
  4. Start the Debian machine.
  5. Connect to the Debian machine by using SSH and mount the USM Appliance disk.
  6. On the mounted disk, type chroot, then passwd to reset the root password.
  7. Unmount the disk and then shutdown the Debian machine.
  8. Detach the volume from the Debian machine and attach it to the USM Appliance AMI instance again.
  9. Start the USM Appliance AMI instance.