Enhance the security of the database password

The ed25519 security module is available in the database container provided with Cyberwatch to enhance password security. This feature allows you to use the ed25519 hash algorithm, which is more secure than the native algorithm.

Prerequisites

  • The Cyberwatch instance must already be running and operational
  • Access to the database container is required

Enhance security for existing installations

To enhance database security for an existing installation, you can modify the olympe user to use ed25519 authentication.

  1. Access the database container:

    sudo cyberwatch exec db bash

  2. Once inside the container, retrieve the necessary passwords:

    MYSQL_PWD=$(cat /run/secrets/db/mysql-password)
MYSQL_ROOT_PWD=$(cat /run/secrets/db/mysql-root-password)

  3. Modify the olympe user to use ed25519 authentication:

mariadb -u root -p"${MYSQL_ROOT_PWD}" -e "ALTER USER 'olympe'@'%' IDENTIFIED VIA ed25519 USING PASSWORD('${MYSQL_PWD}');"

Verification

To verify that the modification has been successfully applied, you can check the logs of the sidekiq_node container:

sudo cyberwatch logs sidekiq_node

The sidekiq_node container should continue to function normally, confirming that ed25519 authentication is properly configured.

Back to top