This short guide will go over the steps required to remove and replace the original “simplerisk” passwords for the SimpleRisk VM. We strongly recommend anyone using the VM to update these passwords before extensive use of the VM image.
You will want to have strong passwords to replace these with and store them securely.
Securing MySQL:
1) Log in to the VM via the console (or enable SSH access and log in that way) using user "simplerisk" and the password "simplerisk".
2) Use "sudo bash" enter the password "simplerisk"
2) Grab the current root password created when the VM booted for the first time by doing "cd /root". Now use "ls" to see the files there and finally "vi root_mysql_password.txt" or the current name used for the root password file.
3)Run the command "mysqladmin -u root -p password MyNewRootPass" to change the password for root. When prompted the original password was located in your passwords.txt.
4) Log into mysql as root with the command "mysql -u root -p" and enter the new root password.
5) Run the command "use mysql;"
6) Run the command "ALTER USER 'simplerisk'@'localhost' IDENTIFIED BY 'newPass';"
to update the password for the simplerisk user.
7) Run the command "flush privileges;"
8) Run the command "quit" to exit mysql
9) Run the command "sudo bash"
10) Run the command "cd /var/www/simplerisk/includes"
11) Edit the config.php file. Find the line that reads "DB_PASSWORD" and update the password to the value used for "newPass" above.
Setting up Your VM Disk Encryption:
Virtual Box:
1) You will first need to obtain the VM VirtualBox Extension pack to support encryption if you do not have this already it can be obtained from their website here: https://www.virtualbox.org/wiki/Downloads
Once downloaded just double-click it and it should bring up the prompts to install it in VirtualBox.
2) With the VM currently shutdown and VirtualBox open Right-Click the VM's name on the left hand side and go to the Settings menu.
3) Next as seen in the picture below from the General menu click the Disk Encryption tab and fill out the fields as seen in the screenshot. Your password will be used every time the VM is started.
4) Click "Ok" and a progress bar will be shown as your disk is encrypted. This completes the process for VirtualBox encryption.
VMWare:
(must be a paid for product such as Workstation Player Pro)
1) With the VM shut down Right Click the the name of the VM and click Settings.
2) Now go from the Hardware tab to the Options tab and find the Access Control option in the list.
3) Next click "Encrypt". Follow the prompts and define your password. You will need this password each time the VM is started. That will complete the encryption process for VMware based virtual machines.
Securing Ubuntu SimpleRisk User/Root Passwords:
1) Log in to the VM via the console (or enable SSH access and log in that way) using user "simplerisk" and password "simplerisk".
2) Once logged in type “passwd”, this will ask you for the old password which is “simplerisk” then ask you to repeat your new password twice to confirm the change. Keep this safe and readily available as you will need it in the next steps
3) Next to change the root password type “sudo passwd root” and then the password for your user which by default was “simplerisk” and now should be whatever you just set it to on the previous step.
4) Now type a new strong password for the root account, then confirm the password a second time.
Securing the Admin account in SimpleRisk:
1) We will now change the SimpleRisk "admin" password, first go ahead and login to your SimpleRisk using the following credentials:
Username: admin
Password: admin
2) Click "Admin" at the far top right and select "My Profile" from the drop down
3) Scroll down to the last section and you will see fields to enter the current password. ("admin")
4) Now enter your new strong password and repeat.
5) Finally click update and you will have updated your SimpleRisk Admin password.
You have now taken your first major steps to securing your SimpleRisk VM
If you have any questions about these steps or any concerns in general please contact us using support@simplerisk.com. Thank you.