Root password has been changed

[Justin]

Hi everyone,

I have a problem.
Since a couple of weeks someone changed our root password, but this person is not working at our place anymore.
It's not documented so we are kinda searching for option.

I already cloned it and tried to reset with the "single" method, and changing the password.
But sadly enough, not everything is working after that password reset.

Can you please help me out to change the root password without having the issues.
I have access to another user, but this one is not a superuser/root.

Kind regards.

[shawniverson]

Changing root should have no effect on the functioning of the appliance.

What specific issue(s) are you having?

[Rob.M.P]

Have you checked the network settings of the E.F.A?

Cloning a vm may cause issues with networking on a Linux OS. The cloned vm may have a different MAC address and the linux config files will not have updated to mirror this.

[shawniverson]

Good point, yes, cloning may wreck havoc on the interaface in udev.

[Justin]

Good point, yes, cloning may wreck havoc on the interaface in udev.

I have not cloned it anymore.
Just made a Snapshot and changed it after the snapshot was completed.

Everything is working, except for the Mailwatch page. Webmin and all the other applications are working as far as i can see.
Any ideas on fixing this?

[darky83]

Well changing the password will probably not be the issue, the root password is only used for 'root' and for webmin

The normal 'user' username and password are used for everything else.
When you say Mailwatch is not working what do you mean exactly, the page is not loading or you just can't login?

[Justin]

Well changing the password will probably not be the issue, the root password is only used for 'root' and for webmin

The normal 'user' username and password are used for everything else.
When you say Mailwatch is not working what do you mean exactly, the page is not loading or you just can't login?

Webmin is functioning. But when i go to mx01.server.com it does not load anything.

One more thing i just found out, webmin mailscanner module is saying "MailScanner has not been configured correctly. You must use the module configuration to set it before this module will work."
When i press save it does nothing, it just jumps back to this message

It is scanning mail etc, this is working fine.

Thanks for helping so far!

[darky83]

That is weird, by default we don't have the mailscanner plugin in webmin (as webmin causes issues with efa settings) so something is changed.

If the webpage is not loading the apache might not be started or the local firewall is misconfigured, is it possible to provide some info?
I created a little script that will provide me with some debug info:

first login with SSH to the box and than choose option 1 to get to the command line then run:

Code: Select all

wget http://dl.efa-project.org/debug/send-debug-report.sh
chmod 700 send-debug-report.sh
sudo ./send-debug-report.sh

It will ask for your normal user password and that will be it, it will send some info to info@efa-project.org
maybe I can find the cause of your problem there

[Justin]

That is weird, by default we don't have the mailscanner plugin in webmin (as webmin causes issues with efa settings) so something is changed.

If the webpage is not loading the apache might not be started or the local firewall is misconfigured, is it possible to provide some info?
I created a little script that will provide me with some debug info:

first login with SSH to the box and than choose option 1 to get to the command line then run:

Code: Select all

wget http://dl.efa-project.org/debug/send-debug-report.sh
chmod 700 send-debug-report.sh
sudo ./send-debug-report.sh

It will ask for your normal user password and that will be it, it will send some info to info@efa-project.org
maybe I can find the cause of your problem there

Please check the log.
"All done, please notify on the forums that the report is send"

Please note: This server has not been set-up by myself. This person is not working for us anymore.

[darky83]

Received it,

The first issue I see is that the IP settings have been manually changed (without using EFA-Config)
You have an public IP set on eth1 but all config items in EFA-Config point to an private IP on eth0 (172.16.x.x range)

So something is broken after the cloning, seems that your NIC ID has changed so the systems configuration is wrong.

Can you plan some downtime for this system? (as in do you have an backup MX setup?) first thing I would do is try to reconfigure the IP settings using EFA-Config from the vmware console (do not try it using SSH in your case).

If that won't work the most easy way in my opinion is to just start over as I can't say if there are any other manual changes made to the system which may cause all kind of issues.

[Justin]

Received it,

The first issue I see is that the IP settings have been manually changed (without using EFA-Config)
You have an public IP set on eth1 but all config items in EFA-Config point to an private IP on eth0 (172.16.x.x range)

So something is broken after the cloning, seems that your NIC ID has changed so the systems configuration is wrong.

Can you plan some downtime for this system? (as in do you have an backup MX setup?) first thing I would do is try to reconfigure the IP settings using EFA-Config from the vmware console (do not try it using SSH in your case).

If that won't work the most easy way in my opinion is to just start over as I can't say if there are any other manual changes made to the system which may cause all kind of issues.

Thank you for your reply.
I will try to gather some downtime, since i have installed a backup mx server last week which i (stress)tested yesterday.
If this wont help, i will reinstall the whole thing.

Weirdest part is, the mailscanner page is not functioning anymore after i changed the root password.

[darky83]

Probably due to something else that has been manually modified on the system.

Mailwatch uses the SQL password from EFA-Config and this is completely different from the root password, there should not be any link between these two, so my best guess is that modifications are made in the mailwatch config and mysql so that these are linked but that is just a best guess.

Reinstall and move over the user data from the old to the new setup would be your best option I guess, as you don't know what your former admin has changed on the system you might even run into different issues with updates in the future, so to prevent that starting over with an clean system might be your best choice.

Everything is fixable but sometimes just reinstall is the fastest and easiest choice.

[Justin]

Probably due to something else that has been manually modified on the system.

Mailwatch uses the SQL password from EFA-Config and this is completely different from the root password, there should not be any link between these two, so my best guess is that modifications are made in the mailwatch config and mysql so that these are linked but that is just a best guess.

Reinstall and move over the user data from the old to the new setup would be your best option I guess, as you don't know what your former admin has changed on the system you might even run into different issues with updates in the future, so to prevent that starting over with an clean system might be your best choice.

Everything is fixable but sometimes just reinstall is the fastest and easiest choice.

Thanks for your opinion.
I will reinstall it like you said, this will be a fresh start without any future trouble.
Do you have any guide for the "old to new" data transfer?

[darky83]

Not really an guide but I created an small script once when I had to move to an different host.

Note that there is no error checking or whatsoever also note to make sure you have enough disk space available on your root disk, I used this once for a small system so there was hardly any data, if you have more disk usage in /var than you have available in on your root filesystem ( / ) then change the script to backup and restore from something other than /root/migrate-efa (or create a symlink from /root/migrate-efa to some other larger drive (like /var/migrate-efa)



first create an new VM and run the EFA initial configuration make sure everything is the same except for the IP (you can change it later using EFA-Config), just make sure the hostname and domain name are the same as your current/previous system.

Then on your old system run the following script:

backup.sh

Code: Select all

#!/bin/bash

/etc/init.d/saslauthd stop
/etc/init.d/MailScanner stop
/etc/init.d/sqlgrey stop
/etc/init.d/webmin stop
/etc/init.d/httpd stop

MYSQLROOTPWD="`grep MYSQLROOTPWD /etc/EFA-Config | sed 's/.*://'`"

mkdir /root/migrate-efa
mysqldump --user=root --password=$MYSQLROOTPWD --add-drop-table --events efa > /root/migrate-efa/efa.dump
mysqldump --user=root --password=$MYSQLROOTPWD --add-drop-table --events mailscanner > /root/migrate-efa/mailscanner.dump
mysqldump --user=root --password=$MYSQLROOTPWD --add-drop-table --events sqlgrey > /root/migrate-efa/sqlgrey.dump
mysqldump --user=root --password=$MYSQLROOTPWD --add-drop-table --events sa_bayes > /root/migrate-efa/sa_bayes.dump

cp /etc/postfix/transport /root/migrate-efa/transport
tar -cvzf /root/migrate-efa/quarantine.tar.gz  /var/spool/MailScanner/quarantine/


tar -cvzf /root/migrate-efa.tar.gz /root/migrate-efa

This will backup all essential databases and mail queues and place it in /root/migrate-efa.tar.gz
then copy this file over to the new host and make sure it is on the new host as /root/migrate-efa.tar.gz

Turn of your old machine and don't turn it on again! (if you do you need to start over as items have changed)..

On the new host:

as root on the new host login as root and make sure the file you just uploaded is in /root/migrate-efa.tar.gz
then run the following script import.sh:

Code: Select all

#!/bin/sh


MYSQLROOTPWD="`grep MYSQLROOTPWD /etc/EFA-Config | sed 's/.*://'`"

/etc/init.d/saslauthd stop
/etc/init.d/MailScanner stop
/etc/init.d/sqlgrey stop
/etc/init.d/webmin stop
/etc/init.d/httpd stop

backupold="/root/migrate-efa-backup-old"
mkdir $backupold
mysqldump --user=root --password=$MYSQLROOTPWD --add-drop-table --events efa > $backupold/efa.dump
mysqldump --user=root --password=$MYSQLROOTPWD --add-drop-table --events mailscanner > $backupold/mailscanner.dump
mysqldump --user=root --password=$MYSQLROOTPWD --add-drop-table --events sqlgrey > $backupold/sqlgrey.dump
mysqldump --user=root --password=$MYSQLROOTPWD --add-drop-table --events sa_bayes > $backupold/sa_bayes.dump

cp /etc/postfix/transport $backupold/transport
tar -cvzf $backupold/quarantine.tar.gz  /var/spool/MailScanner/quarantine/



#################
cd /root
tar -xvzf /root/migrate-efa.tar.gz
BASE=/root/root/migrate-efa

mysql --user=root --password=$MYSQLROOTPWD efa < $BASE/efa.dump
mysql --user=root --password=$MYSQLROOTPWD mailscanner < $BASE/mailscanner.dump
mysql --user=root --password=$MYSQLROOTPWD sqlgrey < $BASE/sqlgrey.dump
mysql --user=root --password=$MYSQLROOTPWD sa_bayes < $BASE/sa_bayes.dump

rm -f /etc/postfix/transport
cp -f $BASE/transport /etc/postfix/transport
postmap /etc/postfix/transport

cd /
tar -xvzf $BASE/quarantine.tar.gz


/etc/init.d/saslauthd start
/etc/init.d/MailScanner start
/etc/init.d/sqlgrey start
/etc/init.d/webmin start
/etc/init.d/httpd start

Reboot your system and you should be ready to go, test if things work and if they do use EFA-Config to change the IP from the new machine to the IP the previous machine had and you have migrated the data...

[Justin]

Not really an guide but I created an small script once when I had to move to an different host.
...

I reinstalled the machine, and it's working better then before. Did not import the old config, as i want it to be as clean as possible.
Whitelist will grow in time, but it's functional.

Thanks for all the help!