Guardium CLI password reset

If you lose the cli or guardcli1 - guardcli9 passwords and cannot log in, follow this procedure to reset the passwords.

Symptoms

You lost the Guardium the cli or guardcli1 - guardcli9 passwords or otherwise cannot log in to the command line interface and need to reset the passwords.

Environment

This condition and its resolution apply to Guardium collectors, aggregators, and central managers as well as to standalone systems.

Resolving the problem

Use the following procedure to reset CLI account passwords:
  1. Open a Guardium VM console and log in as the rescue user. You must use the Guardium console: remote SSH access is not allowed for the rescue account.
  2. Upon logging in, the console displays a single-use passkey. Record this passkey.
  3. Contact IBM support and provide the rescue user passkey. IBM will decode the passkey and return a single-use password for the rescue user.
  4. Log in as the rescue user using the decoded password provided by IBM.
  5. Reset CLI account passwords using the following command (where <username> is cli or guardcli1 - guardcli9):
    reset password cli_user <username>
Note:
  • The rescue user passkey is immediately reset after a successful log in. However, if the console times out before the rescue passkey is decoded and used, simply log in again as the rescue user and the same passkey is displayed.
  • The rescue user can also retrieve passkeys or reset passwords for the root and cloudsupport users using commands equivalent to a standard CLI account:
    Rescue command CLI command
    show passkey root support show passkey root
    show passkey cloudsupport support show passkey cloudsupport
    reset password root support reset-password root
    reset password cloudsupport support reset-password cloudsupport
    reset password cli_user n/a