FortiSOAR Knowledge Base
FortiSOAR: Security Orchestration and Response software provides innovative case management, automation, and orchestration. It pulls together all of an organization's tools, helps unify operations, and reduce alert fatigue, context switching, and the mean time to respond to incidents.
shubhijai
Staff
Staff
Article Id 277563
Description This article describes the process of resetting the password of 'csadmin' user in Single User Mode.
Scope FortiSOAR Node.
Solution

Steps to Reset 'csadmin' password:

  • Login to ESXI and open the console of the virtual machine.
  • Navigate to the Grub boot menu, and press the 'e' key on the keyboard. This will open the Grub boot editing interface:

Screenshot 2023-10-05 at 5.04.48 PM.png

  • Edit the Grub boot configuration by pressing 'e' on the keyboard to open the below screen:
shubhijai_1-1696504040814.png

 

  • Find the kernel line starting with 'linux' and add rd.break enforcing=0 at the end of the line as shown in the above screenshot.
  • After editing is done, press Ctrl+X to initiate the booting process which then Starts the Emergency mode scripting Shell. 

 

shubhijai_2-1696504040819.png

 

 

  • To reset the csadmin password, it is necessary to have the read and write access to the sysroot filesystem. Run the below command to mount the filesystem in read-write mode:

mount -o remount,rw /sysroot

 

  • Now, use the 'chroot' command to change the current root directory running process so that it is possible to access the file of the Sysroot.

chroot /sysroot

 

  • Finally, it is possible to reset the csadmin password using 'passwd' command. Run the below command and enter a new password for csadmin user:

passwd csadmin       
  
 

shubhijai_3-1696504040825.png

 

  • Now, simply exit the Sysroot. Run the below command:

exit

 

  • Make the filesystem again read-only by running the below command:

mount -o remount,ro /sysroot

 

  • Again, exit the session and reboot. Run below command:

exit  

shubhijai_4-1696504040825.png

 

  • Log in again with csadmin user in the ESXI console enter its newly set password and run the 'sudo su' command:

$ sudo su

 

  • After resetting the password, it is recommended to clean the /etc/shadow that stores system passwords in an encrypted format to remove any residue entries and enable SELinux policies:

restorecon /etc/shadow

setenforce 1

 

  • Finally, it is possible to SSH to the virtual machine using the new password of csadmin user.