root@ubuntu-jammy:~# bash wazuh-passwords-tool.sh -gf wazuh-passwords_update.txt.
root@ubuntu-jammy:~# cat wazuh-passwords_update.txt.
# Admin user for the web user interface and Wazuh indexer. Use this user to log in to Wazuh dashboard
indexer_username: 'admin'
indexer_password: '6bmHa3u7Pa5F50c1G2MI*MG+efnpLLQn'
# Anomaly detection user for the web user interface
indexer_username: 'anomalyadmin'
indexer_password: 'uGFBKFriTfo1Y5h24Sj9GRq?LgE5seG5'
# Wazuh dashboard user for establishing the connection with Wazuh indexer
indexer_username: 'kibanaserver'
indexer_password: 'celNOV1OuepZXdsR*2ePm6xHFaSsnUkD'
# Regular Dashboard user, only has read permissions to all indices and all permissions on the .kibana index
indexer_username: 'kibanaro'
indexer_password: '6tf+S8.S4Xn0L91aU.59Nqy27K54XCTt'
# Filebeat user for CRUD operations on Wazuh indices
indexer_username: 'logstash'
indexer_password: 'eThLjeuchqqbG9w?CKUv.oLXPmGXxw90'
# User with READ access to all indices
indexer_username: 'readall'
indexer_password: '0os81flsm0syuijbsXZZRAFSbz+LVmJk'
# User with permissions to perform snapshot and restore operations
indexer_username: 'snapshotrestore'
indexer_password: '*+25PBMi1st*CRg4ajeA.FkNQWgz.5Ja'
# Password for wazuh API user
api_username: 'wazuh'
api_password: 'C3zy1Epi?iPwVm6g8zlNiGBHtn.vQc?m'
# Password for wazuh-wui API user
api_username: 'wazuh-wui'
api_password: '5Otn2le+ceEPRscGtTyDLTTM.Bl4v5*d'
root@ubuntu-jammy:~# bash wazuh-passwords-tool.sh --change-all -f wazuh-passwords_update.txt.
30/09/2024 13:57:58 INFO: Updating the internal users.
30/09/2024 13:58:00 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
30/09/2024 13:58:00 INFO: Wazuh API admin credentials not provided, Wazuh API passwords not changed.
30/09/2024 13:58:05 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password.
30/09/2024 13:58:06 INFO: The new password for Filebeat is 6bmHa3u7Pa5F50c1G2MI*MG+efnpLLQn
30/09/2024 13:58:31 INFO: The password for user admin is 6bmHa3u7Pa5F50c1G2MI*MG+efnpLLQn
30/09/2024 13:58:31 INFO: The password for user anomalyadmin is uGFBKFriTfo1Y5h24Sj9GRq?LgE5seG5
30/09/2024 13:58:31 INFO: The password for user kibanaserver is celNOV1OuepZXdsR*2ePm6xHFaSsnUkD
30/09/2024 13:58:31 INFO: The password for user kibanaro is 6tf+S8.S4Xn0L91aU.59Nqy27K54XCTt
30/09/2024 13:58:31 INFO: The password for user logstash is eThLjeuchqqbG9w?CKUv.oLXPmGXxw90
30/09/2024 13:58:31 INFO: The password for user readall is 0os81flsm0syuijbsXZZRAFSbz+LVmJk
30/09/2024 13:58:31 INFO: The password for user snapshotrestore is *+25PBMi1st*CRg4ajeA.FkNQWgz.5Ja
30/09/2024 13:58:31 WARNING: Wazuh indexer passwords changed. Remember to update the password in the Wazuh dashboard, Wazuh server, and Filebeat nodes if necessary, and restart the services.
root@ubuntu-jammy:~# filebeat test output
elasticsearch: https://127.0.0.1:9200...
parse url... OK
connection...
parse host... OK
dns lookup... OK
addresses: 127.0.0.1
dial up... OK
TLS...
security: server's certificate chain verification is enabled
handshake... OK
TLS version: TLSv1.2
dial up... OK
talk to server... OK
version: 7.10.2
related: https://github.com/wazuh/wazuh-packages/pull/2968 related: https://github.com/wazuh/wazuh-installation-assistant/issues/78
Test