This short guide will go over the steps required to remove and replace the original “simplerisk” passwords for the SimpleRisk VM. We strongly recommend anyone using the VM to update these passwords before extensive use of the VM image. 

You will want to have strong passwords to replace these with and store them securely.

Securing MySQL:

1) Log in to the VM via the console (or enable SSH access and log in that way) using user "simplerisk" and password "simplerisk".

2) Run the command "mysqladmin -u root -p password MyNewRootPass" to change the password for root. When prompted the original password is "simplerisk".

3) Log into mysql as root with the command "mysql -u root -p" and enter the new root password.

4) Run the command "use mysql;"

5) Run the command  "SET PASSWORD FOR 'simplerisk'@'localhost' = PASSWORD('MyNewSRPass');" to update the password for the simplerisk user.

6) Run the command "flush privileges;"

7) Run the command "quit" to exit mysql

8) Run the command "sudo bash"

9) Run the command "cd /var/www/simplerisk/includes"

10) Edit the config.php file.  Find the line that reads "DB_PASSWORD" and update the password to the value used for "MyNewSRPass" above.

Securing Your Disk Encryption:

1) Use sudo bash and enter the password "simplerisk"

2) Now using the command "cryptsetup luksAddKey /dev/sda5" you will be asked to enter a current disk encryption password which will be "simplerisk".

3) Next you will enter your new strong disk encryption password.

4) Last use the command "cryptsetup luksRemoveKey /dev/sda5" and enter the original encryption password "simplerisk" this will remove the original password and you will now need to use your new password to decrypt the VM disk.

Securing Ubuntu SimpleRisk User/Root Passwords:

1) Log in to the VM via the console (or enable SSH access and log in that way) using user "simplerisk" and password "simplerisk".

2) Once logged in type “passwd”, this will ask you for the old password which is “simplerisk” then ask you to repeat your new password twice to confirm the change. Keep this safe and readily available as you will need it in the next steps

3) Next to change the root password type “sudo passwd root” and then the password for your user which by default was “simplerisk” and now should be whatever you just set it to on the previous step.

4) Now type a new strong password for the root account, then confirm the password a second time.

Securing the Admin account in SimpleRisk:

1) We will now change the SimpleRisk "admin" password, first go ahead and login to your SimpleRisk using the following credentials:

Username: admin

Password: admin

2) Click "Admin" at the far top right and select "My Profile" from the drop down

3) Scroll down to the last section and you will see fields to enter the current password. ("admin")

4) Now enter your new strong password and repeat.

5) Finally click update and you will have updated your SimpleRisk Admin password.

You have now taken your first major steps to securing your SimpleRisk VM

If you have any questions about these steps or any concerns in general please contact us using Thank you.