ORC 32 ‐ Root password change within 1 Hr - michaelthielemans/ProjectHosting GitHub Wiki

Standardized Process for Changing Root Passwords

  1. Prepare a List of Servers:

    • Compile a list of all servers where the root password needs to be changed.

  2. Notify Affected Parties:

    • Inform all system administrators and relevant personnel about the scheduled password change.

  3. Verify Current Access:

    • Ensure that you have current root access to all servers on the list.

  4. Generate New Passwords:

    • Use a secure method to generate new, strong passwords for each server.

  5. Change the Passwords:

    • Execute the password change process either manually or through an automation script.

  6. Verify New Passwords:

    • Confirm that the new passwords work and that you have root access with them.

  7. Document the Changes:

    • Update your records with the new passwords and the time of the change.

  8. Audit:

    • Perform an audit to ensure all passwords have been changed successfully.

Automation Script for Changing Root Passwords

#!/bin/bash
# Script to change root passwords on a list of servers

# List of server hostnames or IPs
SERVER_LIST=('server1' 'server2' 'server3')

# New password
NEW_PASS='new_secure_password'

# Function to change password
change_pass() {
    echo "Changing password for $1"
    ssh root@$1 "echo 'root:$NEW_PASS' | chpasswd"
}

# Loop through each server and change the password
for SERVER in "${SERVER_LIST[@]}"; do
    change_pass "$SERVER"
done

# Log the action
echo "Root passwords changed on $(date)" >> /var/log/root_pass_change.log

Usage:

sudo ./change_root_pass.sh

Important Notes:

  • Replace 'server1' 'server2' 'server3' with your actual server hostnames or IPs.
  • Set NEW_PASS to the actual new password you wish to use.
  • Ensure SSH key-based authentication is set up for root access to avoid password prompts.
  • Run this script with caution and test on a non-critical server first.

This script will change the root password on each server listed in SERVER_LIST. Make sure to save the script as change_root_pass.sh, give it executable permissions with chmod +x, and run it with root privileges. Always remember to handle root passwords with the utmost care to maintain system security.