Today we ran into a situation we needed to recover the Gaia Admin password of a Logserver which was hosted on VMware. Therefore we could not use the procedure to create a EmergenDisk USB flash drive from sk92663. Problem is that we cannot boot from USB when using a VMware guest. We’ve also ignored sk106490 as this was not a Security Gateway.
We’ve used Google to find some answers on this particular subject. We found a few possible answers (here and here) with instructions that did not completely work on a lab machine (running on R80.10). Furthermore we liked the idea by fixing this nicely in the Gaia configuration database instead of manually editing OS files like /etc/passwd or /etc/shadow files.
So we used the best of aforementioned sites and successfully reset the admin password with this procedure on R80.10:
- Configure the Check Point VM to use a recent Ubuntu Desktop ISO and boot from CD-ROM. Select Try Ubuntu so you will have a Live environment without installing Ubuntu.
- Open the Terminal application.
- Enter the following command: sudo su –
- Create a mounting point: mkdir /mnt/cp
- Mount the Gaia filesystem: mount /dev/mapper/vg_splat-lv_current /mnt/cp
- Change the root directory to the Gaia root: chroot /mnt/cp
- Backup the current Gaia configuration database: cp /config/db/initial_db /config/db/initial_db_backup
- Connect to the Gaia configuration database: sqlite3 /config/db/initial_db
- Query the database using SQLite to locate the current admin password. The last line is the current password hash:
SELECT * from revisions WHERE binding=”passwd:admin:passwd”;
- Update the database using SQLite to change the password to ‘admin’. Replace the text old-pw-hash below with the last hash from step 9:
UPDATE revisions SET value=”$1$zIVyrIdj$1LBW7Pg6XOcXYIgFPTppY.” WHERE binding=”passwd:admin:passwd” AND VALUE=’old-pw-hash‘;
- Exit SQLite by entering the following command: .exit
- Exit chroot and go back to Ubuntu: exit
- Unmount the Gaia filesystem: umount /mnt/cp
- Reboot the Check Point VM by entering: reboot
- Login to the console, SSH or Gaia Portal using user admin and password admin.
- When in CLISH or Gaia Portal don’t forget to change the password for user admin (and document it!)
Thanks to the original authors from which this instruction is combined from.
Also posted to my blog: How to recover Gaia Admin password on VMware – checkpointengineer
My blog: https://checkpoint.engineer