Re: Admins locked out of Vsec appliance

Colin_Campbell1 · ‎2019-06-30

Hi,

Vsec in AWS with idle account lockout enabled. All admins are now locked out. I have access to the filesystem by detaching it from the appliance and attaching to another linux instance. That means I can edit files before re-attaching the storage to the firewall. I have tried editing the password and shadow files but they appear to be overwritten on startup, presumably from something in /config/db/. I did some hunting around and found all the "passwd:" entries in /config/db/initial. That got me thinking ...

Can I manually modify, ie edit, /config/db/initial? If I do, will initial_db be rebuilt from the modified version? If not I suspect a rebuild is headed my way.

Colin

Colin_Campbell1 · ‎2019-06-30

Hi,

Looks like the "one-time script option" posted by Phoneboy in response to another similar question will be my saviour. I have tested adding another user (R80 mgmt to R77.30 firewall) successfully so I'm just waiting for my broken system to be restarted.

Colin

PhoneBoy · ‎2019-06-30

Yeah, you can't really modify /config/db/initial as there are other database files involved.
Using the "run script" option in SmartConsole or similar is definitely a way to fix it.

See: https://community.checkpoint.com/t5/General-Management-Topics/Forgot-admin-password-in-CLI/m-p/56894...

Colin_Campbell1 · ‎2019-06-30

Hi,

Yep. Did the "Run script" thing but ended up having to create a new user. Seems that once a user has been disabled there is no coming back from that. Is that by design or an R80 "feature"?

Colin

PhoneBoy · ‎2019-07-01

Sounds more like a bug the TAC should investigate.

Are you a member of CheckMates?

Admins locked out of Vsec appliance