By now we have completed several steps with regard to our Sourcefire deployment. We have Defense Center up and running, our modules are installed, set up and connected to Defense Center. We did lots of work in order to make all of this happen. But, we have other things on our mind and under our fingers. So, after a while, we came to a realization that we forgot our SFR module password. It happens. We have to make passwords complex, change them often, never write them down, make them different among systems we are in charge of, … So the outcome is what it is. Not to worry, the solution is pretty straight forward.
First we need to access our ASA box that hosts the module. If we are able to log in to the ASA box and obtain the privilege level fifteen, then the module will trust us and let us reset its password to the defaults, which are admin/Sourcefire, as we recall.
So, from the ASA command prompt, we issue:
asa/pri/act# session sfr do password-reset
No return message or anything, but that’s all that takes. For hardware module in 5585-Xs, instead of “session sfr do password-reset” we use “session 1 do password-reset”.
Now we can log in to our SFR module:
asa/pri/act# session sfr console
Opening console session with module sfr.
Connected to module sfr. Escape character sequence is ‘CTRL-^X’.
sfr-bl-1 login: admin
Last login: Mon Apr 20 00:58:59 on ttyS1
And now we should change this default password:
> configure password
Enter current password:
Enter new password:
Confirm new password:
Believe it or not, it’s that simple.
Thanks for reading!