wiki:authenkey

Version 7 (modified by krit, 3 years ago) (diff)

--

Authen Key Request

Ref:here

We get secert.key from

root@b0964626fefc:~# /omd/sites/GV/var/thruk/secret.key

Then we request with

[krit@mini SiteDemo]$ curl -H 'X-Thruk-Auth-Key: d942be681455b3e9d6e883d2f9be29c4299830c383306cd6987d68f637bjei22_1' -H 'X-Thruk-Auth-User: omdadmin' -gk 'https://192.168.112.174:5688/demo/thruk/r/hosts'

check password

edit file /omd/versions/4.40-labs-edition/share/thruk/plugins/plugins-available/conf/lib/Thruk/Controller/conf.pm
This conf.pm file was attached in this page around line number 1472.

# change password?
    if($c->req->parameters->{'save'}) {
        return unless Thruk::Utils::check_csrf($c);

        my $old        = $c->req->parameters->{'data.old'}        || '';
        my $pass1      = $c->req->parameters->{'data.password'}   || '';
        my $pass2      = $c->req->parameters->{'data.password2'}  || '';
        my $min_length = $c->config->{'user_password_min_length'} || 5;
        if($has_minus_v && !$old) {
            Thruk::Utils::set_message($c, 'fail_message', "Current password missing");
        }
        elsif($pass1 eq '' || $pass2 eq '') {
            Thruk::Utils::set_message($c, 'fail_message', "New password cannot be empty");
        }
        # check pass1 has any UPPER char
        elsif($pass1 !~ /[A-Z]/ ) {
            Thruk::Utils::set_message($c, 'fail_message', "New password should contain some UPPER case");
        }
        # check pass1 has any digit
        elsif($pass1 !~ /[0-9]/ ) {
            Thruk::Utils::set_message($c, 'fail_message', "New password should contain some Digit ");
        }
        # check pass1 has any @ # * = symbol
        elsif($pass1 !~ /[@#*=]/ ) {
            Thruk::Utils::set_message($c, 'fail_message', "New password should contain some symbol @#*= ");
        }
        # check pass1 =~ mean match any space bar
        elsif($pass1 =~ / / ) {
            Thruk::Utils::set_message($c, 'fail_message', "New password contain some white space ");
        }
        #elsif($pass1 =~ /^\d*$/) {
        #    Thruk::Utils::set_message($c, 'fail_message', "New password contain only number");
        #}
        #elsif($pass1 =~ /[^\w\s]/) {
        #    Thruk::Utils::set_message($c, 'fail_message', "New password contain non char");
        #}
        elsif(length($pass1) < $min_length) {
            Thruk::Utils::set_message($c, 'fail_message', "New password must have at least ".$min_length." characters.");
        }
        #elsif($pass1 ne '' && $pass1 eq $pass2) {
        elsif($pass1 ne '' && $pass1 eq $pass2 ) {
            my $err = _htpasswd_password($c, $user, $pass1, $old);
            if($err) {
                _error("changing password for ".$user." failed: ".$err);
                Thruk::Utils::set_message($c, 'fail_message', "Password change failed.");
            } else {
                _audit_log("configtool", "new password set for user ".$user);
                Thruk::Utils::set_message($c, 'success_message', "Password changed successfully");
            }
        }
        return $c->redirect_to('conf.cgi?action=user_password');
    }

Disable password change set to 1, disable user api_key set to 0, we also can define the min char of password by put following text in /etc/thruk/thruk_local.conf file.

max_api_keys_per_user = 0
disable_user_password_change = 1
user_password_min_length = 5

delete session

Session was locate at ~/var/thruk/session. We want to remove admin1 from the list of session files so we need to find the user admin1 from context in every session file then delete all that files.

OMD[monitor@501264b41d2d]:~/var/thruk/sessions$ grep -l -null admin1 ./* | xargs rm

Attachments (1)

Download all attachments as: .zip