Transcription
Using the X-Series Command LineInterface (CLI)CLI Guide Websense X-Series Appliances v8.1.xWebsense X-Series appliances are configured and maintained through a command lineinterface (CLI). The CLI is a text-based user interface for configuring, monitoring, andtroubleshooting the appliance.The CLI allows you to write scripts to execute configuration changes and performupdates across multiple blades more efficiently.This guide describes the syntax and usage of each CLI command, including: Conventions, page 1 System configuration, page 10 Maintenance and support, page 24ConventionsCLI Guide Websense X-Series Appliances v8.1.xAdministrators who are new to the Websense appliance CLI may benefit from thesequick summaries: Logon and authentication, page 2 CLI modes (context) and account privileges, page 3 Command syntax, page 9 Help for CLI commands, page 9 2015 Websense, Inc.
Using the X-Series Command Line Interface (CLI)Logon and authenticationAfter the X10G hardware is set up, you will execute the firstboot wizard through theCMC to boot each blade appliance into the correct security mode (Web or Email) andpolicy mode (for Web appliances), and to give each blade a name and IP address.See the X10G Getting Started Guide for full setup details.ImportantMake sure that Microsoft SQL Server is installed andrunning, and that you have database credentials ready.To support TRITON AP-WEB, the network needs one—and only one—policy source machine to manage policyand configuration data for your deployment. That servermust be set up first. This can be a server that is off-chassis(recommended) or the blade in SLOT-1.The Getting Started Guide provides important assistancewith off-chassis policy source setup.When you are ready to start booting the blades:1. Power on a blade.2. Log on to the CMC.a. Enter the IP address of the CMC into a browser that has connectivity to thenetwork the chassis is on.http:// CMC IP address Replace CMC IP address with the address assigned to the CMC duringinitial configuration of the chassis.b. If there is a security warning, continue to the address and enter the CMClogon credentials.3. On the home screen, select SLOT-N from the list on the left, where “N” is the slotof the blade being configured. If the policy source machine will be a blade server,configure it first in SLOT-1.4. Select Launch Remote Console on the upper right. A new command-linewindow opens.If it fails to open, look in the blade iDRAC window (launched when youattempted to open the console), and:a. Go to Overview Server Virtual Console.b. Change the Plug-in Type from Native to Java or Java to Native.c. Click Apply and then Launch Virtual Console (upper left).5. In the console, accept the subscription agreement if prompted. You are nowentering the firstboot wizard.Command Line Interface 2
Using the X-Series Command Line Interface (CLI)Choose initialization settings such as the appliance name, IP address, time and date,and, for web protection products, the policy mode.You have an opportunity to change these settings before you exit firstboot. All exceptone setting can be changed later, through the CLI.ImportantAfter firstboot has been run to completion, you cannotchange the security mode or policy mode without reimaging the blade.In addition, if you assign a default VLAN ID duringfirstboot, then later want to configure the blade to beVLAN-unaware, you must re-image.At the conclusion of firstboot, you are logged on as admin automatically. Your logonsession is timed out after 15 minutes, unless you log out prior to that.From that point forward, the account name and password are required for logging on.CLI modes (context) and account privilegesTipBe sure to enable CLI remote access if you plan to usePuTTY or other remote tool to access the CLI.set access ssh --status onBy default, only the admin account is enabled on each blade. This is the accountwhose password you set during the firstboot process.Three working contexts are supported by the Command Line Interface (CLI) and areavailable to every person logged on as admin: The view context (default) is for displaying status and settings. The config context is for changing settings and enabling/disabling options. The diagnose context is an aid to troubleshooting, providing support for systemand network test commands.Immediately after logon, an admin is always working in the view context.To move to the diagnose context, enter diagnose on the command line.To move from view context to the config context, enter the config command. Theadmin password is required for this context switch. Only one person logged in as admin can be working in config context at a time.Command Line Interface 3
Using the X-Series Command Line Interface (CLI) If needed, a person logged in as admin who is working in the view context canuse the following command to immediately bump the admin who is working inthe config context:clear session --configThis moves the administrator who had been working in config context back intothe view context.A person logged in as admin can optionally enable two accounts: an audit account forcolleagues who need to view settings, and a technical support account for use by aWebsense technician (websense-ts).To summarize the differences between the admin and audit accounts: The admin account has full privileges in the view, config, and diagnose contexts.The audit account can work only in the view context and can use only show andexit commands.Command Line Interface 4
Using the X-Series Command Line Interface (CLI)Basic account managementA person who is logged in as admin can view, enable, and disable the audit accountstatus and can change the password for the admin and audit accounts.Configure accountsAction and SyntaxDetailsshow account adminChange the password for the adminaccount.You must know the current admin password tomake this change.set account admin--password password The admin password is first set when you runthe firstboot script.The password must be 8 to 15 character ilength and it must include:At least one uppercase character At least one lowercase character At least one number At least one character in the set:(!#%&'()* ,-./; ?@[] { } Exclude all of the following: See if the audit account is enabled ordisabled.The special characters: space : \ "Not repeat the previous 3 passwords for theaccountThe device’s hostnameThe user name of any appliance serviceaccount (admin, root, websense-ts, audit)Common appliance related terms, such asappliance, and filteringCommon Websense names, such as:TRITON, AP-WEB, AP-EMAIL,ContentGateway, PolicyBroker,PolicyDatabase, PolicyServer,DirectoryAgent, StateServer, Multiplexer,UsageMonitor, ControlService, orNetworkAgent)The audit account is disabled by default.show account audit --statusCommand Line Interface 5
Using the X-Series Command Line Interface (CLI)Action and SyntaxDetailsEnable or disable the audit account.The --status and --password parameters cannotbe used at the same time.set account audit--status on off Set or change the audit account password.set account audit--password password The password must be 8 to 15 character inlength and it must include:At least one uppercase characterAt least one lowercase character At least one number At least one character in the set:(!#%&'()* ,-./; ?@[] { } Exclude all of the following: Enable or disable remote CLI access viaSSH.The special characters: space : \ "Not repeat the previous 3 passwords for theaccountThe device’s hostnameThe user name of any appliance serviceaccount (admin, root, websense-ts, audit)Common appliance related terms, such asappliance, and filteringCommon Websense names, such as:TRITON, AP-WEB, AP-EMAIL,ContentGateway, PolicyBroker,PolicyDatabase, PolicyServer,DirectoryAgent, StateServer, Multiplexer,UsageMonitor, ControlService, orNetworkAgent)SSH status is enabled or disabled for all activeaccounts.set access ssh--status on off Display whether remote CLI access viaSSH is enabled or disabled.show access ssh --statusDisplay the admin account email address.show account emailDefine an email address to use for adminaccount password recovery.set account email--address address A temporary password is sent to this emailaddress when you request automated passwordrecovery help.You must also define an SMTP server. (Seenext command.)Websense Technical Support can alsomanually issue a temporary password if youprovide the security code you see in theappliance iDRAC console.Command Line Interface 6
Using the X-Series Command Line Interface (CLI)Action and SyntaxDetailsDisplay the SMTP server settings usedwith the admin email address to facilitatepassword recovery.Displays:show account smtp Define an SMTP server for use duringadmin account password recovery.set account smtp--host location --port port --user name Server IP address or hostnameServer portServer user nameServer passwordPassword recovery requires you to define:1. An SMTP server2. A valid email address to receive atemporary passwordThe host location can be either the SMTPserver’s IPv4 address or its hostname.The SMTP port is optional (set to 25, bydefault).The user is the account to use to connect to theSMTP serverFor admin account password recovery,enter Ctrl P.If you have lost or forgotten your adminpassword, you can either:Have a temporary password sent to theemail address configured on the blade. Contact Websense Technical Support toreceive a temporary password by providingthe security code displayed on theappliance iDRAC console.Use the temporary password to log on to theblade and enter a new password within 1 hour.If you are not able to set a new password withinthe hour, you’ll need to start the passwordrecovery process over, by obtaining a newtemporary password. The password must be at least 8 characters butless than 15 characters. The password mustcontain at least one letter and one number.Delete the password recovery emailaddress.delete account emailDelete SMTP settings.delete account smtpCommand Line Interface 7
Using the X-Series Command Line Interface (CLI)Action and SyntaxDetailsShow Websense Technical Supportaccount access or activity history.The --status and --history parameters cannot beused at the same time.show account websense-ts--statusThe activity history includes both local andremote access via the websense-ts account.show account websense-ts--historyEnable or disable access for WebsenseTechnical Support.set account websense-ts--status on off A temporary passcode is generated when youenable this access. Websense TechnicalSupport retrieves the passcode from a specialURL.To allow Technical Support remote access,SSH access must also be enabled via the “setaccess ssh --status on” commandWhen a technician uses the websense-tsaccount, the session ends automatically after15 minutes of inactivity.View the logon history of the websense-tsaccount with:show account websense-ts--historySession managementAction and SyntaxDetailsEnter the appliance CLI config context.Audit accounts do not have access to thiscontext. The admin password is required.configShow connection information for activeCLI sessions.show sessionEnd a config mode session immediately.clear session --configExit the current config context.exitEnds the session for whichever admin is inconfig mode, and allows another admin toenter config mode.If you are working in the config or diagnosecontexts, you return to the view context.If you are in the view context, your sessionends and you exit the appliance CLI.Command Line Interface 8
Using the X-Series Command Line Interface (CLI)Command syntaxThe CLI syntax follows this format:Command Option ParameterTypically, verbs such as show, set, and save are used to view status or statistics, tochange the configuration, and to initiate actions.For example:# set system clock --date yyyy/mm/dd In this example: set system is the command. clock is the option. --date is the parameter, which takes a value in the format yyyy/mm/dd.Some commands have options and parameters, while others do not. Please refer toHelp for CLI commands, page 9, for more details.Help for CLI commandsAssistance is built into the CLI.Use the help command to access information at any level.# help# help show# help show logUse the special character (? the question mark) to display help for the currentcommand path without pressing Enter and without losing the current input.# ?# show ?# show system ?Command Line Interface 9
Using the X-Series Command Line Interface (CLI)System configurationCLI Guide Websense X-Series Appliances v8.1.xUse the System Configuration commands of the security blade CLI to view, set, orchange: Time and date, page 10 Host name and description, page 12 Filestore definition and file save commands, page 13 Appliance interface configuration, page 14 Static routes, page 16. SNMP monitoring (polling), page 18 SNMP traps and queries, page 21Time and dateAction and SyntaxDetailsView the system date and time.The time and date format is:show system clockyyyy/mm/ddhh:mm:ssSet system time and date manually.set system clock--date yyyy/mm/dd --time hh:mm:ss Stop all Websense services before changingthe time. Then, set the time and make certainthat the time is consistent across all serversrunning Websense services. Finally, startWebsense services.If you do not stop the services first, clientupdates and policy changes entered after thetime reset are not saved.Note that instead of setting the time manually,you can synchronize with a Network TimeProtocol (NTP) server. See “set system ntp”below.View the configured time zone.show system timezoneView supported timezone formats.show system timezone-listSet the timezone for this security blade.set system timezone--zone zone string GMT (Greenwich Mean Time), the default, isalso known as UTC (Universal Time,Coordinated). Other time zones are calculatedby adding or subtracting from GMT. GMT issometimes chosen to provide a common timestamp for geographically distributed systems.Command Line Interface 10
Using the X-Series Command Line Interface (CLI)Action and SyntaxDetailsView the configured NTP servers.show system ntpConfigure timezone synchronization withup to 3 NTP servers.set system ntp{--status on off --server server1 , server2 , server3 }To synchronize with a Network Time Protocol(NTP) server (www.ntp.org.), set the status to“on” and enter the address of a primary NTPserver. The secondary and tertiary servers areoptional.If you synchronize the system clock with anNTP server, NTP protocol packets and theirresponse packets must be allowed on anyfirewall or NAT device between a securityblade and the NTP server. Ensure that you haveoutbound connectivity to the NTP servers. Adda firewall rule that allows outbound traffic toUDP port 123 for the NTP server.If interface P1 on a security blade is notconnected to the Internet, then you mustprovide a way for interface P1 to reach an NTPserver. One solution is to install an NTP serveron the local network where interface P1 canreach it.Command Line Interface 11
Using the X-Series Command Line Interface (CLI)Host name and descriptionAction and SyntaxDetailsView the security blade hostname anddescription.These values are set initially during thefirstboot wizard.show system hostChange the hostname and description forthe security blade.set system host--name name --description" description "Name: The hostname may be 1 - 60 characterslong.The first character must be a letter. Other characters can be letters, numbers,dashes, or periods. The name cannot end with a period. The name cannot have 2 periods in a row.For Web mode blades where Content Gatewaywill be configured to perform IntegratedWindows Authentication (IWA), the hostnamecannot exceed 11 characters, excluding thedomain name. In addition, if the hostname is changed after theblade has been joined to a domain, IWA willimmediately stop working and will not workagain until the domain is unjoined and then rejoined with the new hostname.For more information, see the “IntegratedWindows Authentication” topic in the ContentGateway Manager Help.Description (optional): A unique appliancedescription to help you identify and managethe system. Must be in quotation marksMay contain up to 100 charactersCommand Line Interface 12
Using the X-Series Command Line Interface (CLI)Filestore definition and file save commandsAction and SyntaxDetailsDisplay all filestore aliases.A filestore is a remote storage location that youdefine for storing backup and configurationfiles.show filestoreDefine a remote location to host backupand configuration files.set filestore--alias name --type ftp samba tftp --host ip address --path share directory [--user user name ][--port port ] --alias: Provide a unique name for theremote storage location.The alias must be between 1 and 60characters and begin with a letter. It maycontain letters, numbers, periods, andhyphens, but may not contain 2 consecutiveperiods, nor end with a period. --type: Specify the protocol to use toconnect to the filestore (FTP, Samba, orTFTP).-- host: Provide the IP address of themachine hosting the filestore.--path: Give the directory path to the sharedlocation on the remote server.--user (optional): Provide a user accountwith full permissions to the filestore.--port (optional): Specify a port to use toconnect to the filestore. Delete one or more filestore aliases.delete filestore--alias filestore alias Save the appliance MIB file to thespecified location.You can specify a comma-separated list offilestore aliases:delete filestore--alias ftp-fs1,samba-fs5Saves the MIB file to a remote storage locationdefined by the “set filestore” command.save mibfile--location filestore alias Summarize configuration data and save itto a specified location.save configsummary--location filestore alias Save SNMP trap events settings forediting or later use.save trap--location filestore alias [--default]Zip a log file and save it to a remotefilestore.save log --module all app --type file type --location filestore alias Saves your configuration data to a remotestorage location defined by the “set filestore”command.May be requested by Websense TechnicalSupport for analyzing unexpected behavior.Saves default trap settings for editing. If“--default” is not specified, saves current trapsettings.Specify which module logs to save, which typeof logs to save, and where to save the file.The module options are all or app, both ofwhich currently save logs for all modules.The log types are all, system, or audit.Command Line Interface 13
Using the X-Series Command Line Interface (CLI)Appliance interface configurationAction and SyntaxDetailsDisplay the current network interfaceconfiguration.show interfaceConfigure appliance interface in IPv4settings.set interface ipv4--interface p1 p2 --ip ipv4 address --mask ipv4 netmask --gateway ipv4 address (Email only) Configure appliance virtualIP address settings.set interface ipv4--interface p1 p2 --vip virtual ip address The interface name must be p1 or p2.IP address, netmask, and gateway definitionsmust use IPv4 format.Specify a single virtual IPv4 address.You can assign up to 10 virtual IP addresses toan interface, entered one at a time.(Web only) Enable or disable IPv6 supporton an appliance.set interface ipv6--status on off (Web only) Configure appliance interfacein IPv6 settings.set interface ipv6--interface p1 p2 --ip ipv6 address --prefixlen integer --gateway ipv6 address Configure appliance DNS settings.set interface dns--dns1 ip address [--dns2 ip address ][--dns3 ip address ]The interface name must be p1 or p2.IP address and gateway definitions must useIPv6 format.The prefixlen parameter sets the prefix lengthof the IPv6 address. It must be an integerbetween 1 and 128.Enter the IP address of the primary domainname server.You can optionally also specify a second andthird DNS server.For Email appliances, IP addresses must beentered in IPv4 format only.Web appliances support IPv4 or IPv6 format.Enable or disable optional interface P2.set interface p2--status on off Configure appliance VLAN settings.set interface vlan--interface p1 p2 --vid integer Determines whether the interface is enabled(on) or disabled (off).Assign a VLAN ID to an interface. The VLANID must be an integer in the range 2 - 4094.In order for blades to receive VLAN traffic, theA1 and A2 switches must be configured forVLAN support. See the Switch ConfigurationGuide for details.Command Line Interface 14
Using the X-Series Command Line Interface (CLI)Appliance vswitch configurationAction and SyntaxDetailsShow the virtual switch STP bridgepriority setting.Output:show vswitchSet the virtual switch STP bridge priorityvalue.set vswitch stp--priority 4096-61440 stp:priority: stp bridge value Priority: An integer in the range 4096-61440.For an explanation of Spanning Tree Protocolbridge priorities, including how the root isdetermined, see any quality text on layer 2switching.Command Line Interface 15
Using the X-Series Command Line Interface (CLI)Static routesAction and SyntaxDetailsDisplay the list of configured static IPv4routes.show route(Web only) Display the list of configuredstatic IPv6 routes.show route6Add a static route in IPv4 format.set route--dest ipv4 address --interface p1 p2 --mask ipv4 netmask --gateway ipv4 address (Web only) Add a static route in IPv6format.set route6--dest ipv6 address --interface p1 p2 --prefixlen integer --gateway ipv6 address Delete a single IPv4 static route.delete route--dest ip address --mask ipv4 netmask [--interface p1 p2 ][--gateway ip address ](Web only) Delete a single IPv6 staticroute.delete route6--dest ipv6 address --prefixlen integer [--interface p1 p2 ][--gateway ipv6 address ]Export IPv4 static routes.save route--location filestore alias (Web only) Export IPv6 static routes.save route6--location filestore alias Destination IP address must be in IPv4 format(okay to specify subnet instead).The interface name must be p1 or p2.Netmask must be in IPv4 format and must bethe subnet mask of the IP address.Gateway (next hop) must be in IPv4 format.The interface name must be p1 or p2.IP address and gateway definitions must useIPv6 format.The prefixlen parameter sets the prefix lengthof the IPv6 address. It must be an integerbetween 1 and 128.To delete multiple IPv4 routes in a batch, usethe “load route” command (described later inthis table).To delete multiple IPv6 routes in a batch, usethe “load route6” command (described later inthis table).Saves IPv4 static routes to a remote storagelocation defined by the “set filestore”command.Saves IPv6 static routes to a remote storagelocation defined by the “set filestore”command.Command Line Interface 16
Using the X-Series Command Line Interface (CLI)Action and SyntaxDetailsAdd or delete one or more IPv4 staticroute definitions via a text file.The system can handle a maximum of 5000routes. Each line in the file defines one route.load route--file file name --location filestore alias --action add del The line format is: destination address netmask gateway p1 p2 A blank space separates parameters on a singleline.The following characters serve as separatorsbetween lines (individual routes):\r\nUse the --action parameter to specify whetherto add or delete the routes in the file.(Web only) Add or delete one or moreIPv6 static route definitions via a text file.load route6--file file name --location filestore alias --action add del The system can handle a maximum of 5000routes. Each line in the file defines one route.The line format is: destination address prefix length gateway p1 p2 A blank space separates parameters on a singleline.The following characters serve as separatorsbetween lines (individual routes):\r\nUse the --action parameter to specify whetherto add or delete the routes in the file.Appliance statusAction and SyntaxDetailsShow current CPU usage, refreshed every4 seconds.Press Ctrl C to quit.show cpuShow system memory usage, refreshedevery 4 seconds.Press Ctrl C to quit.show memView disk IO activity for a selectedmodule, refreshed every 4 seconds.show diskioYou will be given a choice of modules afteryou enter the command. The modules varydepending on whether the appliance securitymode is Web or Email.Press Ctrl C to quit.Command Line Interface 17
Using the X-Series Command Line Interface (CLI)Action and SyntaxDetailsDisplay disk statistics for all partitions.Results are shown in these areas:show diskspacedisk positiontotal space used space free space rateThe partitions vary depending on whether theappliance security mode is Web or Email. Show network traffic statistics.show bandwidthDisplays bandwidth statistics for each enabledinterface. Includes:Data (byte)Packets Packets dropped Error Rate (Mbps) StatusData is refreshed every 5 seconds. Press Ctrl C to quit.SNMP monitoring (polling)Action and SyntaxDetailsShow SNMP monitor server information.show snmp configEnable or disable SNMP monitoring(polling).set snmp service--status on off Configure SNMP v1 monitoring.set snmp v1--community name Configure SNMP v2c monitoring.set snmp v2c--community name SNMP monitor service and SNMP trapsettings are independent, but SNMP monitorservice must be enabled before you activate theSNMP trap configuration.Community name for the appliance. From 5 to64 characters long with no spaces. All otherASCII characters can be used.Community name for the appliance. From 5 to64 characters long with no spaces. All otherASCII characters can be used.Command Line Interface 18
Using the X-Series Command Line Interface (CLI)Action and SyntaxDetailsConfigure SNMP v3 monitoring.There are 3 levels of security available forSNMP v3 monitoring:set snmp v3--securitylevel level .No authentication or encryption:noAuthNoPrivAuthentication only:authNoPrivAuthentication and encryption:authPrivSee full syntax for each level, immediatelybelow.Configure SNMP v3 monitoring with noauthentication or encryption.set snmp v3--securitylevelnoAuthNoPriv--user username User specifies the account name to use forSNMP monitoring. Enter a user name between1 and 15 characters long, with no spaces. Onlyalphanumeric characters can be used.Command Line Interface 19
Using the X-Series Command Line Interface (CLI)Action and SyntaxDetailsConfigure SNMP v3 monitoring withauthentication only.User is the account name to use for SNMPcommunication. Enter a user name between 1and 15 characters long, with no spaces. Onlyalphanumeric characters can be used.set snmp v3--securitylevel authNoPriv--user username --authentication md5 sha SNMP authentication protocol (md5 or sha)specifies an interactive mode for entering theauthentication password.Enter an authentication password between 8and 64 characters long, with no spaces. Allother ASCII characters can be used.Sample password dialog is shown here:(config)# set snmp v3--securitylevel authNoPriv--user test--authentication md5Password: ********Confirm password: ********Configure SNMP v3 monitoring withauthentication and encryption.set snmp v3--securitylevel authPriv--user username --authentication md5 sha --encrypt des aes User is the account name to use for SNMPcommunication. Enter a name between 1 and15 characters, with no spaces. Onlyalphanumeric characters can be used.SNMP authentication protocol (md5 or sha)specifies interactive mode for enteringpassword.You are prompted for a password andencryption key. The password must be 1-64characters, and the key 8-64 characters long,with no spaces. All other ASCII characters canbe used.Example:(config)# set snmp v3--securitylevel authPriv--authentication sha--encrypt des --user testPassword: ********Confirm password: ********Encrypt key: ********Confirm encrypt key: ********Command Line Interface 20
Using the X-Series Command Line Interface (CLI)SNMP traps and queriesAction and SyntaxDetailsDisplay SNMP trap server on/off statusand version information.SNMP monitor service and SNMP trapsettings are independent, but SNMP monitorservice must be enabled before you activate theSNMP trap configuration.show trap configDisplay a table of SNMP trap events andsettings.show trap eventsSave SNMP trap events settings forediting or later use.save trap--location alias [--default]Enable or disable SNMP traps.set trap service--status on off Load SNMP trap events configurationfrom a file.Saves default trap settings for editing. If“--default” is not specified, saves current trapsettings.SNMP monitor service and SNMP trapsettings are independent, but SNMP monitorservice must be enabled to activate the SNMPtrap configuration.Enter the name of a predefined remote filestorealias.load trap--location filestore alias --file name Send a test trap to verify SNMPcommunication.test trap eventConfigure SNMP v1 traps for alerting.set trap v1--community name --ip ip address --port port Configure SNMP v2c traps for alerting.set trap v2c--community name --ip ip address --port port Enter a community name, trap server IPaddress, and port for traps sent by theappliance.The community name must be 5 to 64characters long, with no spaces. All otherASCII characters can be used.Enter a community name, trap server IPaddress, and port for traps sent by theappliance.The community name must be 5 to 64characters long, with no spaces. All otherASCII characters can be used.Command Line Interface 21
Using the X-Series Command Line Interface (CLI)Action and SyntaxDetailsConfigure SNMP v3 traps for alerting.There are 3 levels of security available forSNMP v3 traps:set trap v3--engineid id --ip ip address --port port --securitylevel level .No authentication or encryption:noAuthNoPrivAuthentication only:authNoPrivAuthentication and encryption:authPrivSee full syntax for each security level,immediately below.Configure SNMP v3 traps with noauthentic
Use the temporary password to log on to the blade and enter a new password within 1 hour. If you are not able to set a new password within the hour, you’ll need to start the password recovery process over, by obtaining a new temporary password. The password must be at least 8
