Goline Logo

News

  • Route RPKI validation April 1st, 2022
    RPKI is a security framework by which network owners can validate and secure the critical route updates or Border Gateway Protocol (BGP) announcements between public Internet networks. BGP is essentially the central nervous system of the Internet and one of its fundamental building blocks. The main function of BGP is to facilitate efficient routing between Autonomous Systems (AS), by building and maintaining the Internet routing table. The Internet routing table is effectively the navigation system of the Internet and without it, traffic would be unable to flow between its constituent networks. Unfortunately, routing equipment alone cannot distinguish between legitimate and malicious routing announcements,...
  • RIPE – Atlas Anchor February 17th, 2022
    We have become an even more integral part of the RIPE Atlas project by hosting an anchor, a device that allows for latency analysis of traffic between autonomous systems.https://atlas.ripe.net/probes/7073/RIPE Atlas anchors play an integral role in the RIPE Atlas network by acting both as enhanced RIPE Atlas probes with more measurement capacity, as well as regional measurement targets within the greater RIPE Atlas network. Anchors are able to perform many more measurements than a regular RIPE Atlas probe, and the large amount of data they collect is made available to everyone. In addition, anchors act as powerful targets that can...
  • MANRS June 20th, 2020
    GOLINE firmly believes in initiatives to protect networks, improve security and resilience of the global routing system. Therefore we decided to support the MANRS project and join as participants.Mutually Agreed Norms for Routing Security (MANRS) is a global initiative, supported by the Internet Society, that provides crucial fixes to reduce the most common routing threats. MANRS offers specific actions via four programs for Network Operators, Internet Exchange Points, CDN and Cloud Providers, and Equipment Vendors. Requirements for Participation Please read the full MANRS Actions document before applying. You can become a participant if you meet these requirements: You (or your company) support...

Root Access on Linux-based UC appliances

Paolo Caparrelli Cisco 22 June 2022

Root Access on Linux-based Cisco UC appliances

 

There are many posts on Internet teaching you how to get root access on CUCM.  This is not a secret.  Since CUCM is Linux-based, the method is pretty straight forward – use a Linux boot CD to boot into rescue mode and modify the relevant files.  Here's a simple walk through.

Assuming CUCM was already installed.  Boot the box with a Linux installation CD (e.g. RedHat).  Type "linux rescue" in the boot prompt.

 
Chose language.  Default is 'English':


Choose keyboard.  Default is 'US':


We don't need to set up network.  Thus choose 'No' here.


Choose "Continue" to mount the CUCM file system.


The following message is telling you that the CUCM file system has been mounted under /mnt/sysimage.  If you want to map the root directory to the CUCM file system (which is recommended), you may use command "chroot /mnt/sysimage".


Below are the commands and explanations.


chroot /mnt/sysimage

This is to map the root directory to CUCM file system.

cd /etc

Change the working directory to /etc, where most of the system configuration files are stored.

rm securetty

Remove file "securetty" to allow remote connections with root.

passwd root

Reset (change) password for the root user.  Type a password that is easy for you to remember.  Retype it to confirm.  If the password was changed successfully, you'll see the prompt "passwd: all authentication token updated successfully".

Notes:
  • If you typed a simple password, you might get a warning like "BAD PASSWORD: it is based on a dictionary word".  Just ignore it and retype to confirm.
  • There's no screen display for the password you're typing.  Type carefully.

The following steps require some basic knowledge of the vi editor.  If you're not familiar with vi, please search Internet for vi commands help.

 
vi passwd

Change the passwd file so the root user has a shell (command line interpreter) to use.  Use vi commands.  Change the line
 To 

Save and exit file.

For those who are not familiar with vi, here are the command sequence (case-sensitive):
  1. Type /s to search for character 's'
  2. Type D to delete to the end of line
  3. Type A to enter append mode
  4. Type bin/bash to set the shell
  5. Press ESC key (it's a key on the upper-left corner of your keyboard) to exit append mode
  6. Type :wq to save and exit file.

vi ssh/sshd_config

Change the sshd_config file so you can SSH as root (it's disabled by default).  Use vi commands.  Change the line
To
 
Save and exit file.

For those who are not familiar with vi, here are the command sequence (case-sensitive):
  1. Type /Per to search for the word begins with 'Per'
  2. Type X to delete the letter on the left (which is '#' in this case)
  3. Type :wq! to save and exit this read-only file

Back to command prompt and type exit command twice to reboot the system.


Use a SSH client (such as putty) to test.  You should be able to SSH into CUCM with root account.

This method applies to all Linux-based appliances such as Unity Connection, CUPS, CER, UCCX (Linux version), etc. 

P.S. If the active partition is /PartB, you might run into an error like this:
Just hit "Enter" key to get to the shell.  Then use the following commands:

mount –bind /dev /mnt/sysimage/dev
chroot /mnt/sysimage

===================================================
Updated 3/13/2015:

I got many comments that "this works on CUCM version xx but didn't work on version yy".

Please understand that CUCM is just an application running on top of the RedHat Linux (which Cisco uses for many of its "appliances").

The rooting process is more OS related than application related.  If it didn't work, there could be only two reasons:

1) Some steps were missed or weren't done right (most likely).
or
2) RedHat changed how the authentication works between versions (very unlikely).

In a nutshell, the rooting is not specific to CUCM.  It's not even specific to Cisco.  You may root any appliance that is based on a common OS (such as Linux).

Last but not the least, this still works on my CUCM 10.5.  :)

0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x