search

wazuh / wazuh-docker

Wazuh - Docker containers
https://wazuh.com
Other
647 stars 347 forks source link

Changing Default Passwords : securityadmin.sh script fails , "which" is not found ? #1432

Open decyphertek-io opened 1 month ago

decyphertek-io commented 1 month ago

Wazuh : Changing Default Passwords

I have a script that worked in version 4.7.3 , now testing it in version 4.8.0 , it states that it fails. It says that line 31 requires which and does not exist. I tried to install it, no root access. I even tried to wget the binary, wget not installed. Can you make sure that the next release has which installed. This is the current way to update passwords for Opensearch. I know that it will be deprecated, except there is no other way to change the default passwords.

#!/bin/bash

(cat << EOF
INDEXER_PASSWORD=$(openssl rand -hex 8 | tr -d '\n')
API_PASSWORD='!'$(openssl rand -hex 6 | sed 's/\(.\{2\}\)/\U&/; s/\(.\{2\}\)/\L&/2' | tr -d '\n')$(openssl rand -hex 1 | tr -dc '0-9' | tr -d '\n')$(openssl rand -hex 1 | tr -dc '!@#$%^&*()_+-=' | tr -d '\n')
DASHBOARD_PASSWORD=$(openssl rand -hex 8 | tr -d '\n')
EOF
) > /home/adminotaur/.docker/wazuh-docker/single-node/.env

# Source the passwords
source /home/adminotaur/.docker/wazuh-docker/single-node/.env

# Generate password hashes
INDEXER_HASH=$(echo -n $INDEXER_PASSWORD | docker run --rm -i wazuh/wazuh-indexer:4.8.0 bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/hash.sh -p $INDEXER_PASSWORD | tail -n 1)
DASHBOARD_HASH=$(echo -n $DASHBOARD_PASSWORD | docker run --rm -i wazuh/wazuh-indexer:4.8.0 bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/hash.sh -p $DASHBOARD_PASSWORD | tail -n 1)

# Update configuration files with the new password hashes
sed -i "s|decyphertek|$INDEXER_HASH|g" /home/adminotaur/.docker/wazuh-docker/single-node/config/wazuh_indexer/internal_users.yml
sed -i "s|adminotaur|$DASHBOARD_HASH|g" /home/adminotaur/.docker/wazuh-docker/single-node/config/wazuh_indexer/internal_users.yml
sed -i "s|decyphertek|$API_PASSWORD|g" /home/adminotaur/.docker/wazuh-docker/single-node/config/wazuh_dashboard/wazuh.yml

# Run docker-compose commands
cd /home/adminotaur/.docker/wazuh-docker/single-node/
/usr/bin/docker compose -f generate-indexer-certs.yml run --rm generator
/usr/bin/docker compose pull 
/usr/bin/docker compose up -d

# Configure the Wazuh indexer
docker exec -it single-node-wazuh.indexer-1 bash -c 'export INSTALLATION_DIR=/usr/share/wazuh-indexer; export CACERT=$INSTALLATION_DIR/certs/root-ca.pem; export KEY=$INSTALLATION_DIR/certs/admin-key.pem; export CERT=$INSTALLATION_DIR/certs/admin.pem; export JAVA_HOME=/usr/share/wazuh-indexer/jdk'
sleep 120
docker exec -it single-node-wazuh.indexer-1 bash -c 'bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh -cd /usr/share/wazuh-indexer/opensearch-security/ -nhnv -cacert  $CACERT -cert $CERT -key $KEY -p 9200 -icl'
docker restart single-node-wazuh.manager-1

ERROR:

adminotaur@siem-build:~/.docker/wazuh-docker/single-node$ docker exec -it single-node-wazuh.indexer-1 bash -c 'bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh -cd /usr/share/wazuh-indexer/opensearch-security/ -nhnv -cacert  $CACERT -cert $CERT -key $KEY -p 9200 -icl'
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
/usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh: line 31: which: command not found
WARNING: nor OPENSEARCH_JAVA_HOME nor JAVA_HOME is set, will use
decyphertek-io commented 1 month ago

Wazuh-passwords-tool.sh

It appears that Wazuh has a password tool script. Except the docs still say to run the securityadmin.sh script.

https://documentation.wazuh.com/current/deployment-options/docker/wazuh-container.html 5.Wait for the Wazuh indexer to initialize properly. The waiting time can vary from two to five minutes. It depends on the size of the cluster, the assigned resources, and the speed of the network. Then, run the securityadmin.sh script to apply all changes.

bash-5.2$ ls
SECURITY_ADMIN_TESTS.md  audit_config_migrater.sh  hash.sh  securityadmin.sh  wazuh-certs-tool.sh  wazuh-passwords-tool.sh