|
Check for Authentication Errors:
Review Apache error logs for failed authentication attempts:
tail -f /var/log/httpd/ssl_error_log
Example output:
AH01618: user admin not found: /svn
AH01618: user 10003 not found: /fwdupload
Repeated 'user not found' entries indicate that the /etc/httpd/accounts/passwds file is missing valid credentials.
Also check for PUT failures returning HTTP 401:
tail -f /var/log/httpd/ssl_access_log
Example output:
[31/Oct/2025:09:56:21 -0400] "PUT /phoenix/rest/windowsAgent/update HTTP/1.0" 401 998
Verify the Password File on All Cluster Nodes (Supervisor, Worker, Collector):
Inspect the password file:
cat /etc/httpd/accounts/passwds
* If it is blank, the file was cleared or never populated.
* If it is corrupted or contains invalid characters, authentication will fail.
Regenerate the Admin Password Entry on the Supervisor:
Run the following command to recreate the admin entry and generate the correct SHA password:
htpasswd -bs /etc/httpd/accounts/passwds admin "$(phLicenseTool --showSvnPassword)"
Explanation:
-
htpasswd – Apache tool for managing password files.
-
-b – Supply password on command line.
-
-s – Use SHA encryption.
-
/etc/httpd/accounts/passwds: Destination file for credentials.
-
$(phLicenseTool --showSvnPassword): Retrieves the current SVN password from FortiSIEM’s license configuration.
Example output:
admin:{SHA}95P2HbtznbnqP1+nld4iTzM4QSk=
Note:
The command displays the correct hash but does not automatically write it into the file.
Manually Update the Password File:
Make a backup and edit the file:
cp /etc/httpd/accounts/passwds /etc/httpd/accounts/passwds.bak
vi /etc/httpd/accounts/passwds
Paste the generated admin SHA line and save the file.
Restart Apache:
systemctl restart httpd
Verify:
Monitor the access log for successful authentication:
tail -f /var/log/httpd/ssl_access_log
Expected output:
Entries should now show 200 instead of 401, for example:
127.0.0.1 - admin "GET /svn HTTP/1.1" 200 -
|
