Create a custom account for VCSA scan
This article describes how to create a custom login for VCSA scan in Movere.
Before you begin
- This script should be run as root user in a bash shell only.
- Ensure that PostgreSQL database and /opt/vmware/vpostgres/current/bin/psql binary are running.
- Sign in to VCDB by running the
/opt/vmware/vpostgres/current/bin/psql -U postgres -d VCDB
command. - Once logged into the VCDB shell [VCDB=#], ensure that psql is running. To quit and return to the bash shell, enter the command
\q
and press Enter. - Do not make any changes to the script. Save it as a .sh file, for example, AddMovereUser.sh. Right-click to paste the code
:wq
to save and exit. - Grant execution rights to this script using the
chmod +x AddMovereUser.sh
command. - Execute the script:
./AddMovereUser.sh
- Sign in to VCDB by running the
- The username should be in lowercase only.
- The user will be prompted for password twice. This password will be used for the Linux user and the VCDB user.
- Enter the password once.
- Re-enter the same password. If the passwords do not match, the script will exit immediately.
Create non-root user account for VCSA scan
To create a non-root user account for VCSA scan, use the script below:
# Exit immediately if any of the commands below throw an error
set -e
echo "Please enter the username you wish to create account with (ex. movere):"
read username
if [ -z "$username" ];
then
echo "Received no input for username, using default username: movere"
username='movere'
fi
echo "Please enter the password for the user $username:"
read -s password1
echo "Please re-type the same password:"
read -s password2
if [ $password1 != $password2 ];
then
echo "Entered passwords do not match, exiting"
exit 1
fi
echo "Adding linux user"
echo "command: useradd -r $username"
useradd -r $username
echo "Setting password for the user $username"
echo "command: echo \"$username:entered_password\" | chpasswd"
echo "$username:$password1" | chpasswd
echo "Changing shell for user $username to bash shell"
echo "command: chsh -s /bin/bash $username"
chsh -s /bin/bash $username
echo "Creating user $username in PostgreSQL database VCDB, this will be used by Movere to access PostgreSQL database"
echo "Creating user $username in VCDB"
echo "command: /opt/vmware/vpostgres/current/bin/psql -U postgres -c \"CREATE USER $username\""
/opt/vmware/vpostgres/current/bin/psql -U postgres -c "CREATE USER $username"
echo "Altering user $username with provided password"
echo "command: /opt/vmware/vpostgres/current/bin/psql -U postgres -c \"ALTER USER $username PASSWORD 'your_entered_password'\""
/opt/vmware/vpostgres/current/bin/psql -U postgres -c "ALTER USER $username PASSWORD '$password1'"
echo "Granting usage on schema vc to user $username"
echo "command: /opt/vmware/vpostgres/current/bin/psql -U postgres -d VCDB -c \"GRANT USAGE ON SCHEMA vc TO $username\""
/opt/vmware/vpostgres/current/bin/psql -U postgres -d VCDB -c "GRANT USAGE ON SCHEMA vc TO $username"
echo "Granting select on all tables in schema vc to user $username"
echo "command: /opt/vmware/vpostgres/current/bin/psql -U postgres -d VCDB -c \"GRANT SELECT ON ALL TABLES IN SCHEMA vc TO $username\""
/opt/vmware/vpostgres/current/bin/psql -U postgres -d VCDB -c "GRANT SELECT ON ALL TABLES IN SCHEMA vc TO $username"
Next steps
Learn about scanning in Movere.