Use > Hardening > Data Flow Probe Hardening > Modify the MySQL Database Encrypted Password

Modify the PostgreSQL Database Encrypted Password

This section explains how to modify the encrypted password for the PostgreSQL database user.

  1. Create the Encrypted Form of a Password (AES, 192-bit key)

    Note: In FIPS mode, it is 256-bit key.
    1. Access the Data Flow Probe JMX console. On the probe machine, launch a Web browser and enter the following address: https://localhost:8453.

      You may have to log in with a user name and password.

      Note If you have not created a user, use the default user name sysadmin and the password to log in.

    2. Locate the Type=MainProbe service and click the link to open the Operations page.

    3. Locate the getEncryptedDBPassword operation.

    4. In the DB Password field, enter the password to be encrypted.

    5. Invoke the operation by clicking the getEncryptedDBPassword button.

      The result of the invocation is an encrypted password string, for example:

      66,85,54,78,69,117,56,65,99,90,86,117,97,75,50,112,65,53,67,114,112,65,61,61

  2. Stop the Data Flow Probe

    Start > All Programs > UCMDB > Stop Data Flow Probe

  3. Run the set_dbuser_password.cmd Script

    This script is located in the following folder: C:\UCMDB\DataFlowProbe\tools\dbscripts\set_dbuser_password.cmd

    Run the set_dbuser_password.cmd script with the new password as the first argument,and the PostgreSQL Root Account password as the second argument.

    For example:

    set_dbuser_password <my_password><root_password>.

    The password must be entered in its unencrypted form (as plain text).

  4. Update the Password in the Data Flow Probe Configuration Files

    1. The password must reside encrypted in the configuration files. To retrieve the password's encrypted form, use the getEncryptedDBPassword JMX method, as explained in step 1.

    2. Add the encrypted password to the following properties in the C:\UCMDB\DataFlowProbe\conf\DataFlowProbe.properties file.

      • appilog.agent.probe.jdbc.pwd

        For example:

        appilog.agent.probe.jdbc.user = mamprobe
        appilog.agent.probe.jdbc.pwd =
        66,85,54,78,69,117,56,65,99,90,86,117,97,75,50,112,65,53,67,114,112,65,61,61
      • appilog.agent.local.jdbc.pwd

      • appilog.agent.normalization.jdbc.pwd

  5. Start the Data Flow Probe

    Start > All Programs > UCMDB > Start Data Flow Probe

The clearProbeData Script: Usage

To recreate the database user without altering its current password, run the clearProbeData.bat script for Windows or the clearProbeData.sh script for Linux.

After running the script:

  • Review the following file for errors:
    C:\UCMDB\DataFlowProbe\runtime\log\probe_setup.log for Windows, /opt/UCMDB/DataFlowProbe/runtime/log/probe_setup.log for Linux.

  • Delete the file, as it contains the database password.

Note Do not run this script unless instructed to do so by  Software Support.