Versions Compared

Version Old Version 1 New Version Current
Changes made by

Juan Tomás Alonso Nieto

Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Note

Known limitation: EA cannot subscribe to Analytic/Debug channels. These type of channels, which are based in .ETL files instead of .EVTX files, cannot be subscribed due to a limitation included in the Windows OS. EA will not gather events included in those channels even if they are included in the configuration.

If you are experiencing issues while adding new event channels, perform a EA backing store refresh to ensure the new configurations take effect.

Change password of root user in MySQL service (self creating dockerized MySQL service by deployment)

We strongly recommend that you change the default root password of MySQL service for security reasons.

The default value for the password of the root user configured in MySQL service when it is deployed as docker container is very insecure.

If this value is not changed during deployment configuration then replace it now with a more robust one.

The next steps are designed to do it without redeploying the EA manager and related components.

  1. Check if the MySQL service has configured the default password. Run the command in the server where MySQL container was deployed.

    Code Block
    sudo /usr/local/bin/docker-compose -f /srv/deam-internal-services/docker-compose.yaml exec mysql mysql -u root --password=toor

    If the login action ended without an error with a similar output such as:

    Code Block
    mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 10
Server version: 5.7.37 MySQL Community Server (GPL)

Copyright (c) 2000, 2022, Oracle and/or its affiliates.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql>

    Then the default password (toor) was configured for the root user of MySQL. Continue with next steps to change it.

  2. Change the password in docker-compose file. Run the commands in the server where the MySQL container was deployed.
    Edit /srv/deam-internal-services/docker-compose.yaml file

    Code Block
    sudo vim  /srv/deam-internal-services/docker-compose.yaml

    Find the configuration property with the MySQL root password:

    Code Block
    version: '3'

...

services:
  mysql:

    ...

    environment:
      MYSQL_ROOT_PASSWORD: "toor"

    Replace the value of the password with a stronger value (<<NEW PASSWORD HERE>> in the code snipped bellow). Be carefully to maintain line indentation.

    Code Block
          MYSQL_ROOT_PASSWORD: "<<NEW PASSWORD HERE>>"

  3. Change the password in running MySQL service. Run the commands in the server where MySQL container was deployed.
    Log in to the MySQL service as the root user using the default password:

    Code Block
    sudo /usr/local/bin/docker-compose -f /srv/deam-internal-services/docker-compose.yaml exec mysql mysql -u root --password=toor

    Change the root password using the same value selected in the previous step (replacing <<NEW PASSWORD HERE>>)

    Code Block
    ALTER USER 'root'@'localhost' IDENTIFIED BY '<<NEW PASSWORD HERE>>';

    Press Ctrl + D to exit from MySQL-client session

  4. Additionally you should edit your inventory file and add deam_mysql_root_password var with the value of the password previously chosen, to prevent changes to the default password during future aplatform upgrade or similar procedure.

    Code Block
    all:
  vars:
    deam_mysql_root_password: <<NEW PASSWORD HERE>>

EA Client operations

Start/Stop EA Client

...