Manually Define an Uninstall Password

You can manually add an uninstall password to Cybereason sensors for Cybereason On-Prem environments.

The uninstall password is a flag contained within the uninstall command. It is not mandatory, however it can be used to secure the uninstall sensor process. This feature is only available on Windows machines.

For information on supported characters and best practices, see Sensor Uninstall Password - Supported Characters and Best Practices.

To define an uninstall password:

  1. Run the SSH command to connect to the Registration instance (or to the Detection instance if the Registration server does not exist).

  2. Run the following command to create a hashed password:

    python /opt/puppet-cybereason/activeprobe/code/ -p '<desired password>'

    Note: Type the command manually, the password value must be between single quotations.

  3. If the file does not exist, run the following:

    import argparse
    import base64
    import hashlib
    def analyzeArguments():
        parser = argparse.ArgumentParser(description='hash uninstall password ')
        parser.add_argument('-p', "--password", help="The password you want to hash ", dest='password', default=None)
        parser.add_argument('-s', "--salt", help="the salt to use when hashing the password", dest='salt', default='oren')
        args = parser.parse_args()
        return args
    if __name__ == "__main__":
        args = analyzeArguments()
        hash_object = hashlib.sha1()
        stringToHash = args.password + args.salt
        hashedStringBase64 = base64.b64encode(hash_object.digest())
        print hashedStringBase64

    The output should display the hashed password that you will enter in the ap_configuration file.

  4. Run the following command to edit the ap_configuration file:

    vim /opt/puppet-cybereason/manage/management/ap_configuration.json
  5. Enter the hashed password next to uninstall_password_value inside quotation marks. For example: “uninstall_password_value”: “pass-hash”

  6. Configure the new packages with the uninstall value:

    /opt/puppet-cybereason/ -p
  7. To publish the new packages to the Detection servers, run the following command: