Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Securing your Wazuh installation API section is changing every password #8048

Merged
merged 2 commits into from
Dec 19, 2024
Merged

Securing your Wazuh installation API section is changing every password #8048

merged 2 commits into from
Dec 19, 2024

Conversation

guidomodarelli
Copy link

@guidomodarelli guidomodarelli commented Dec 18, 2024
edited by javimed
Loading

Description

During wazuh/wazuh#27183 it was found that https://documentation.wazuh.com/current/installation-guide/wazuh-dashboard/step-by-step.html#securing-your-wazuh-installation, in particular the Distributed Deployment tab, the following step is changing every password, while only should change API

image

This could be an issue if the Wazuh Manager co-exist with Wazuh Dashboard in the same host.

Current behavior when the Wazuh Master node and Wazuh Dashboard coexist on the same host

  • Step 1
root@host1:/home/vagrant# /usr/share/wazuh-indexer/plugins/opensearch-security/tools/wazuh-passwords-tool.sh --change-all
11/12/2024 14:40:07 INFO: Updating the internal users.
11/12/2024 14:40:11 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
11/12/2024 14:40:11 INFO: Wazuh API admin credentials not provided, Wazuh API passwords not changed.
11/12/2024 14:40:21 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password.
11/12/2024 14:40:49 INFO: The password for user admin is iEmuZf3ttp5ANFGyHzL?u?m68WO1d9Hp
11/12/2024 14:40:49 INFO: The password for user anomalyadmin is yxP0r4y2WNGCcwIkeI+.4Jd6Fma4zF0M
11/12/2024 14:40:49 INFO: The password for user kibanaserver is U9qWxUeT7YnPZOWdlksw5HEB+1.Jinvk
11/12/2024 14:40:49 INFO: The password for user kibanaro is LiDAb0nvRCnlOpj6EmH?2CCCo8EmU7gF
11/12/2024 14:40:49 INFO: The password for user logstash is LMpc3Isb98L*owj*c4n45JA3wqs?V?A2
11/12/2024 14:40:49 INFO: The password for user readall is B3pzRh.sY?YycQGj?Tld3CiT6bEL94rP
11/12/2024 14:40:49 INFO: The password for user snapshotrestore is QhN+yDiQc+q*Q1*7F88e.eEmUrOSfRgj
11/12/2024 14:40:49 WARNING: Wazuh indexer passwords changed. Remember to update the password in the Wazuh dashboard, Wazuh server, and Filebeat nodes if necessary, and restart the services.
  • Step 2
root@host1:/home/vagrant# curl -sO https://packages.wazuh.com/4.9/wazuh-passwords-tool.sh
bash wazuh-passwords-tool.sh --api --change-all --admin-user wazuh --admin-password wazuh
11/12/2024 14:41:05 INFO: Updating the internal users.
11/12/2024 14:41:09 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
11/12/2024 14:41:21 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password.
11/12/2024 14:41:45 INFO: The password for user admin is *ERWBUJYcoocwG?CRYfoHSnW7q0itdbh
11/12/2024 14:41:45 INFO: The password for user anomalyadmin is lhPFuWCjv*FlIMadgmNJo+7yYrV7f0vH
11/12/2024 14:41:45 INFO: The password for user kibanaserver is pSqT3?3eBspjKdBeQnSpCgsB.O?o9c8k
11/12/2024 14:41:45 INFO: The password for user kibanaro is tFS8z4ZnlKyc2c1w0G92IYrtySkqc+nX
11/12/2024 14:41:45 INFO: The password for user logstash is gmTiv5OKbx6GGJU2DQjdoTNltdAMMc?a
11/12/2024 14:41:45 INFO: The password for user readall is axSddng6vT7UzgIIv.Gq.PyTnq.8Z*LZ
11/12/2024 14:41:45 INFO: The password for user snapshotrestore is Et5vPBqXDJN72PHSB1paFMNgS+jhpyg+
11/12/2024 14:41:45 WARNING: Wazuh indexer passwords changed. Remember to update the password in the Wazuh dashboard, Wazuh server, and Filebeat nodes if necessary, and restart the services.
11/12/2024 14:41:47 INFO: The password for Wazuh API user wazuh is XFfgvv+Pm+olUvN3hRGSx*rIVQkVFQcE
11/12/2024 14:41:48 INFO: The password for Wazuh API user wazuh-wui is KcIFIovRmAeUho.+shLUs3FJMu*0Pvaa

Expected behavior when the Wazuh Master node and Wazuh Dashboard coexist on the same host

  • Step 1
root@host1:/home/vagrant# /usr/share/wazuh-indexer/plugins/opensearch-security/tools/wazuh-passwords-tool.sh --change-all
11/12/2024 14:40:07 INFO: Updating the internal users.
11/12/2024 14:40:11 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
11/12/2024 14:40:11 INFO: Wazuh API admin credentials not provided, Wazuh API passwords not changed.
11/12/2024 14:40:21 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password.
11/12/2024 14:40:49 INFO: The password for user admin is iEmuZf3ttp5ANFGyHzL?u?m68WO1d9Hp
11/12/2024 14:40:49 INFO: The password for user anomalyadmin is yxP0r4y2WNGCcwIkeI+.4Jd6Fma4zF0M
11/12/2024 14:40:49 INFO: The password for user kibanaserver is U9qWxUeT7YnPZOWdlksw5HEB+1.Jinvk
11/12/2024 14:40:49 INFO: The password for user kibanaro is LiDAb0nvRCnlOpj6EmH?2CCCo8EmU7gF
11/12/2024 14:40:49 INFO: The password for user logstash is LMpc3Isb98L*owj*c4n45JA3wqs?V?A2
11/12/2024 14:40:49 INFO: The password for user readall is B3pzRh.sY?YycQGj?Tld3CiT6bEL94rP
11/12/2024 14:40:49 INFO: The password for user snapshotrestore is QhN+yDiQc+q*Q1*7F88e.eEmUrOSfRgj
11/12/2024 14:40:49 WARNING: Wazuh indexer passwords changed. Remember to update the password in the Wazuh dashboard, Wazuh server, and Filebeat nodes if necessary, and restart the services.
  • Step 2
root@host1:/home/vagrant# curl -sO https://packages.wazuh.com/4.9/wazuh-passwords-tool.sh
bash wazuh-passwords-tool.sh --api --change-all --admin-user wazuh --admin-password wazuh
11/12/2024 14:41:47 INFO: The password for Wazuh API user wazuh is XFfgvv+Pm+olUvN3hRGSx*rIVQkVFQcE
11/12/2024 14:41:48 INFO: The password for Wazuh API user wazuh-wui is KcIFIovRmAeUho.+shLUs3FJMu*0Pvaa

Checks

Docs building

  • Compiles without warnings.

Code formatting and web optimization

  • Uses three spaces indentation.
  • Adds or updates meta descriptions accordingly.
  • Updates the redirects.js script if necessary (check this guide).

Writing style

  • Uses present tense, active voice, and semi-formal registry.
  • Uses short, simple sentences.
  • Uses bold for user interface elements, italics for key terms or emphasis, and code font for Bash commands, file names, REST paths, and code.

@guidomodarelli guidomodarelli requested a review from a team December 18, 2024 20:25
@guidomodarelli guidomodarelli linked an issue Dec 18, 2024 that may be closed by this pull request
Securing your Wazuh installation API section is changing every password #8025
Open
@guidomodarelli guidomodarelli self-assigned this Dec 18, 2024
@javimed javimed added level/task Task issue type/change Change requested labels Dec 19, 2024
JuanGarriuz
JuanGarriuz approved these changes Dec 19, 2024
View reviewed changes
Copy link
Member

@JuanGarriuz JuanGarriuz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

image

LGTM!!

@javimed javimed merged commit d3348b0 into 4.9 Dec 19, 2024
3 checks passed
@javimed javimed deleted the change/8025-securing-your-wazuh-installation-api-section-is-changing-every-password-merge-into-4.9 branch December 19, 2024 11:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@JuanGarriuz JuanGarriuz JuanGarriuz approved these changes

@javimed javimed javimed approved these changes

Assignees

@guidomodarelli guidomodarelli

Labels
level/task Task issue type/change Change requested
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Securing your Wazuh installation API section is changing every password
3 participants
@guidomodarelli @javimed @JuanGarriuz