Good day!!!
Today i faced with new problem. An admin password for
Checkpoint Firewall Appliance. The problem is that, default factory password
does not work at all. Ok!
Description
There is a solicitation comes from Network team asking
for support on solving admin password to enter into Checkpoint Firewall
Smart-1, because default factory doesnt work. They ran default factory
procedure to reset the password but some errors occurred every
time they tried.
Assumptions
The appliance´s model is something like IP128x, Operating System IPSO-6.2-GA039-04.14.2010-225515-1, Application R75/R71, BIOS Version V2.15.13,
Problem definition
Every time they ran the procedure to reset the
password, went for bootmgr, run /etc/overpw, bla bla bla... it gives same error like:
fcks ....
...
/dev/ad0s4f: NO WRITE ACCESS
/dev/ad0s4f: UNEXPECTED INCONSISTENCY; RUN fsck
MANUALLY.
mount_v9fs: not found
mkdir: /var/tmp2: Read-only file system
/etc/overpw: cannot create /tmp/forget.XX:
No such file or directory
/etc/overpw: cannot create /tmp/forget.XX: No
such file or directory
mv: /tmp/forget.XX: No such file or directory
Admin password changed. You may
enter ^D to continue booting.
THIS IS A TEMPORARY PASSWORD CHANGE.
PLEASE USE VOYAGER TO CREATE A
PERMENANT PASSWORD FOR THE USER ADMIN.
|
After ^D it asks for login and password, giving the
some answer like incorrect password which i conclude that it does not
assume the new password at all.
Solution (workarround)
One thing i realize is that we can make our own very cheap
firewall running any unix flavour and customize as we want. Looking inside the
appliance i figured out that it´s running freeBSD. I mean /etc/overpw has a
bug. Let´s do it:
- boot into single-user mode (follow freeBSD or
Checkpoint Firewall Factory procedure)
- Unmount the file system: #umount -af
- Mount the file system again with read-write
flags: #mount -afw -t ufs
- Test if it has write access with #fsck you
will notice that only root partition is not writable but /config and /preserve are:
# fsck
**
/dev/ad0s4f (NO WRITE)
** Last
Mounted on /
** Root file
system
** Phase 1 -
Check Blocks and Sizes
** Phase 2 -
Check Pathnames
** Phase 3 -
Check Connectivity
** Phase 4 -
Check Reference Counts
** Phase 5 -
Check Cyl groups
1762 files,
39170 used, 199233 free (29 frags, 49801 blocks, 0.0% fragmentation)
**
/dev/ad0s4a
** Last
Mounted on /config
** Phase 1 -
Check Blocks and Sizes
** Phase 2 -
Check Pathnames
** Phase 3 -
Check Connectivity
** Phase 4 -
Check Reference Counts
** Phase 5 -
Check Cyl groups
6 files, 45
used, 15990 free (10 frags, 3995 blocks, 0.1% fragmentation)
**
/dev/ad0s4h
** Last
Mounted on /preserve
** Phase 1 -
Check Blocks and Sizes
** Phase 2 -
Check Pathnames
** Phase 3 -
Check Connectivity
** Phase 4 -
Check Reference Counts
** Phase 5 -
Check Cyl groups
2905 files,
397072 used, 198435 free (163 frags, 49568 blocks, 0.0% fragmentation)
- Change to /config directory because it is writable partition that we want and the right place to find the password file: #cd /config follow
the steps to change the admin password.
- Generate encrypted password and store into a
variable called passwd like: #passwd=`/bin/fpasswd
-- 123456`
- Read and store the password file into a
variable called originalconfig like: #originalconfig= `readlink
/config/active`
- Now grep the line passwd:admin:passwd
out of the originalfile to tmpfile like: #grep -v
"^passwd:admin:passwd" $originalconfig
> tmpfile
- Insert the some line
into temporary file with new password, using the following command: #echo "passwd:admin:passwd $passwd"
>> tmpfile
- Replace the original
password file originalconfig with new temporary file which has the
line with new password like: #mv tmpfile $originalconfig
- At last, press crtl-D
to reboot the FreeBSD
Fellows, be carefull with plicas(`) and the spaces when copy-past the commands. lol
That´s all folks
