Kindly help me with any configuration changes that can be done to avoid logging of password field in rundeck logs.
It seems even though password fields are not visible via UI but in rundeck logs it does capture it as a plaintext.
The issue still persists after upgrade to 2.6.8 version of Rundeck. Similar report is https://github.com/rundeck/rundeck/issues/1780
Can someone post a workaround for this as it is critical to either disable the debug option or fix this.
Thanks
Just for the record answer: Right now you can use the Mask Password output filter to hide any password entries on any step.
Related
I need to be able to pass password to shell command but don't want it to be available in logs. I tried finding a solution and found something called an Obfuscated class in buildbot, but it seems i'm missing something it's not working and i couldn't find any examples.
Is their some other way or if this is the only way if someone could provide an example.
secrets are supported in Buildbot since 0.9.7. http://docs.buildbot.net/latest/manual/secretsmanagement.html
Using this api to access your secret will automatically make them redacted from the build logs.
I have set up JBoss Fuse, created a fabric and installed the fabric:web feature as explained in the resource Using the Management Console. I can browse http://hostName:8181 and it shows the Management Console login screen.
However, whichever user/pass combination I try, the response is "Failed to log in, Forbidden". It also shows an icon with an exclamation mark, when I click that I see the following messages appear:
[Branding] enabled branding
[Core] Management Console started
That does not help much either. How do I know what login combination I should use? It is not clear to me what I am logging into in the first place.
In your fuse install folder under /etc there is a file called user.properties. Is the user admin with password admin filled in? If not, then at least admin user should be allowed.
If yes, try simply restarting the server. I am not sure why buy that has helped in some cases for me. Do a osgi:shutdown and then start it again.
Have you tried admin/admin?
I believe those are the default credentials.
Is there any way of changing Wildfly's Management Realm's password through config files of some sort? I kinda lost my password (my LastPass add-on for Firefox is kinda messing up with me). If there is, how?
Passwords by default are stored in
$WILDFLY_HOME/standalone/configuration/mgmt-users.properties
but passwords are hashed.
Best thing you can do is to remove the user you want and then re-add it via add-user.sh/.bat script you can find in bin folder.
If you are using WildFly the add-user utility has the ability to replace existing passwords, just run it again for a user with the same username and it should give you the option to replace the password.
Is there a way to hide few steps during an installation of an already existing installer? Like, hide the steps for the inputting of username or password? I want to hide these steps during the installation and run a batch file or script to set the default username or password instead.
Is there a possible way for this? How can I do this?
For example, installing postgreSQL, I'd like to hide the steps/windows for the username/password input, and run a batch file to set the username and password.
PS: I am not the author of the installer, I just want to modify it that way, if it is possible.
Thanks.
I already found an answer for my problem. It is performing an unattended installation where a user interaction is not needed anymore. Installation can be done in the command line where parameters can just be added (a config file can also be used for these parameters).
See the following links:
http://www.enterprisedb.com/docs/en/8.4/instguide/Postgres_Plus_Advanced_Server_Installation_Guide-15.htm#P889_74430
For command line options reference:
http://www.enterprisedb.com/docs/en/8.4/instguide/Postgres_Plus_Advanced_Server_Installation_Guide-17.htm#P1062_89370
Although this installation process only displays a progress bar, my problem is already solved since no user interaction is already needed. :)
I don't think it is possible to just hide particular one step from installer. Moreover AFAIK One Click Installer is only closed source, so you can't change its behaviour. However there are two alternative ways:
show visually that step, but with other default values, so user can simply click next
run installer in non-interactive mode (--mode unattended)
First of all check available options with Installation Guide and:
cmd>postgresql-9.0.4-1-windows_x64.exe --help
For example you can adjust --superaccount MyCustomizedUser --superpassword 12345 with such result (default is postgres and blank password):
What's the JBoss 5.x EAP default web console password?
The default credentials are:
login: admin
password: admin
But if you use EAP these credentials are turned off by default and there is no active user (security reasons :)). If you want to turn on these users, you have to edit the following file in your current profile: ./deploy/management/console-mgr.sar/web-console.war/WEB-INF/classes/web-console-users.properties. It should be enough to remove the # sign from the line with the user.
If you want to create a new user, don't forget to set up the correct groups in web-console-roles.properties file.
You can easily find information where these information are stored: just open the ./conf/login-config.xml file and find the proper security domain definition. In the case of the Web Console application, it will be web-console policy.
Also if you want to have access to JMX, you have unlock JMX Console. Just check the following files in the conf/props/ directory (in your profile): jmx-console-users.properties and jmx-console-roles.properties.
I just had to uncomment the line in jboss-eap-5.0\jboss-as\server\default\conf\props\jmx-console-users.properties
admin=admin
Thats it. Restart Jboss and I was about to get in to JBOSS JMX. Magically this even fixed the error that I used to get while shutting down Jboss from Eclipse.
I can also verify the above solution except I had to change in
**..\server\<server profile>\conf\props\jmx-console-users.properties**
If you are using Talend MDM Server, the login is:
login: admin
password: talend
See more: http://wiki.glitchdata.com/index.php?title=TOS:_Accessing_the_Talend_MDM_Server
This differs from the default JBoss login of admin/admin
The password setup file is also login-config.xml in this case.
I suggest visit Add digest auth in jmx-console and read oficial documentation for Configure admin consoles, you can add more security to your JBoss AS console and at these link explains where are the role and user/pass files that you need to change this information for your server and how you can change them. Also I recommend you quit all consoles that you don't use because they can affect to application server's performance.
Also there are others links about securing jmx-console that could help you, search in jboss as community site for them (I can't put them here for my actual reputation,sorry). Never you should has the password in plain text over conf/props/ files.
Sorry for my bad English and I hope my answer be useful for you.
just commenting the line of user and password in file
./server/default/conf/props jmx-console-users.properties worked for me
Step 1:
jmx-console-users.properties
admin=admin
Step 2:
jmx-console-roles.properties
admin=JBossAdmin,HttpInvoker
Step 3: Restart or start the JBoss instance.
Now you should good to go...
Go to the jmx console, enter JBoss login URL, then enter admin as username and admin password.
as suggested in other posts, probably you don't have any user defined. it's not advisable to manually edit the configuration files. you should use the add-user (.sh or .cmd) utility as explained in https://access.redhat.com/documentation/en-US/JBoss_Enterprise_Application_Platform/6/html/Installation_Guide/chap-Getting_Started_with_JBoss_Enterprise_Application_Platform_6.html#Add_the_Initial_User_for_the_Management_Interfaces