Version 13 (modified by 3 years ago) (diff) | ,
---|
Authen Key Request
Ref:here
We get secert.key from
root@b0964626fefc:~# /omd/sites/GV/var/thruk/secret.key
Then we request with
[krit@mini SiteDemo]$ curl -H 'X-Thruk-Auth-Key: d942be681455b3e9d6e883d2f9be29c4299830c383306cd6987d68f637bjei22_1' -H 'X-Thruk-Auth-User: omdadmin' -gk 'https://192.168.112.174:5688/demo/thruk/r/hosts'
check password
edit file /omd/versions/4.40-labs-edition/share/thruk/plugins/plugins-available/conf/lib/Thruk/Controller/conf.pm
This conf.pm file was attached in this page around line number 1472.
# change password? if($c->req->parameters->{'save'}) { return unless Thruk::Utils::check_csrf($c); my $old = $c->req->parameters->{'data.old'} || ''; my $pass1 = $c->req->parameters->{'data.password'} || ''; my $pass2 = $c->req->parameters->{'data.password2'} || ''; my $min_length = $c->config->{'user_password_min_length'} || 5; if($has_minus_v && !$old) { Thruk::Utils::set_message($c, 'fail_message', "Current password missing"); } elsif($pass1 eq '' || $pass2 eq '') { Thruk::Utils::set_message($c, 'fail_message', "New password cannot be empty"); } # check pass1 has any UPPER char elsif($pass1 !~ /[A-Z]/ ) { Thruk::Utils::set_message($c, 'fail_message', "New password should contain some UPPER case"); } # check pass1 has any digit elsif($pass1 !~ /[0-9]/ ) { Thruk::Utils::set_message($c, 'fail_message', "New password should contain some Digit "); } # check pass1 has any @ # * = symbol elsif($pass1 !~ /[@#*=]/ ) { Thruk::Utils::set_message($c, 'fail_message', "New password should contain some symbol @#*= "); } # check pass1 =~ mean match any space bar elsif($pass1 =~ / / ) { Thruk::Utils::set_message($c, 'fail_message', "New password contain some white space "); } #elsif($pass1 =~ /^\d*$/) { # Thruk::Utils::set_message($c, 'fail_message', "New password contain only number"); #} #elsif($pass1 =~ /[^\w\s]/) { # Thruk::Utils::set_message($c, 'fail_message', "New password contain non char"); #} elsif(length($pass1) < $min_length) { Thruk::Utils::set_message($c, 'fail_message', "New password must have at least ".$min_length." characters."); } #elsif($pass1 ne '' && $pass1 eq $pass2) { elsif($pass1 ne '' && $pass1 eq $pass2 ) { my $err = _htpasswd_password($c, $user, $pass1, $old); if($err) { _error("changing password for ".$user." failed: ".$err); Thruk::Utils::set_message($c, 'fail_message', "Password change failed."); } else { _audit_log("configtool", "new password set for user ".$user); Thruk::Utils::set_message($c, 'success_message', "Password changed successfully"); } } return $c->redirect_to('conf.cgi?action=user_password'); }
Disable password change set to 1, disable user api_key set to 0, we also can define the min char of password by put following text in /etc/thruk/thruk_local.conf file.
max_api_keys_per_user = 0 disable_user_password_change = 1 user_password_min_length = 5
delete session
Session was locate at ~/var/thruk/session. We want to remove admin1 from the list of session files so we need to find the user admin1 from context in every session file then delete all that files.
OMD[monitor@501264b41d2d]:~/var/thruk/sessions$ grep -l -null admin1 ./* | xargs rm
or we replace username="admin1" in all session file with username="" with command sed -i 's/admin1/ /g'. Then all session files will auto delete, if user try to click something on the web page.
OMD[monitor@501264b41d2d]:~/var/thruk/sessions$ grep -l -null admin1 ./* | xargs sed -i 's/admin1//g'
Attachments (1)
- conf.pm (113.5 KB) - added by 3 years ago.
Download all attachments as: .zip