search

wazuh / wazuh-installation-assistant

Wazuh - Installation assistant
https://wazuh.com/
GNU General Public License v2.0
0 stars 3 forks source link

Solve bugs when changing passwords in the manager, indexer and dashboard services. #86

Closed c-bordon closed 2 weeks ago

c-bordon commented 2 weeks ago

related: https://github.com/wazuh/wazuh-packages/pull/2968 related: https://github.com/wazuh/wazuh-installation-assistant/issues/78

Test

root@ubuntu-jammy:~# bash wazuh-passwords-tool.sh -gf wazuh-passwords_update.txt.
root@ubuntu-jammy:~# cat wazuh-passwords_update.txt. 
# Admin user for the web user interface and Wazuh indexer. Use this user to log in to Wazuh dashboard
  indexer_username: 'admin'
  indexer_password: '6bmHa3u7Pa5F50c1G2MI*MG+efnpLLQn'

# Anomaly detection user for the web user interface
  indexer_username: 'anomalyadmin'
  indexer_password: 'uGFBKFriTfo1Y5h24Sj9GRq?LgE5seG5'

# Wazuh dashboard user for establishing the connection with Wazuh indexer
  indexer_username: 'kibanaserver'
  indexer_password: 'celNOV1OuepZXdsR*2ePm6xHFaSsnUkD'

# Regular Dashboard user, only has read permissions to all indices and all permissions on the .kibana index
  indexer_username: 'kibanaro'
  indexer_password: '6tf+S8.S4Xn0L91aU.59Nqy27K54XCTt'

# Filebeat user for CRUD operations on Wazuh indices
  indexer_username: 'logstash'
  indexer_password: 'eThLjeuchqqbG9w?CKUv.oLXPmGXxw90'

# User with READ access to all indices
  indexer_username: 'readall'
  indexer_password: '0os81flsm0syuijbsXZZRAFSbz+LVmJk'

# User with permissions to perform snapshot and restore operations
  indexer_username: 'snapshotrestore'
  indexer_password: '*+25PBMi1st*CRg4ajeA.FkNQWgz.5Ja'

# Password for wazuh API user
  api_username: 'wazuh'
  api_password: 'C3zy1Epi?iPwVm6g8zlNiGBHtn.vQc?m'

# Password for wazuh-wui API user
  api_username: 'wazuh-wui'
  api_password: '5Otn2le+ceEPRscGtTyDLTTM.Bl4v5*d'

root@ubuntu-jammy:~# bash wazuh-passwords-tool.sh --change-all -f wazuh-passwords_update.txt.
30/09/2024 13:57:58 INFO: Updating the internal users.
30/09/2024 13:58:00 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
30/09/2024 13:58:00 INFO: Wazuh API admin credentials not provided, Wazuh API passwords not changed.
30/09/2024 13:58:05 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password.
30/09/2024 13:58:06 INFO: The new password for Filebeat is 6bmHa3u7Pa5F50c1G2MI*MG+efnpLLQn
30/09/2024 13:58:31 INFO: The password for user admin is 6bmHa3u7Pa5F50c1G2MI*MG+efnpLLQn
30/09/2024 13:58:31 INFO: The password for user anomalyadmin is uGFBKFriTfo1Y5h24Sj9GRq?LgE5seG5
30/09/2024 13:58:31 INFO: The password for user kibanaserver is celNOV1OuepZXdsR*2ePm6xHFaSsnUkD
30/09/2024 13:58:31 INFO: The password for user kibanaro is 6tf+S8.S4Xn0L91aU.59Nqy27K54XCTt
30/09/2024 13:58:31 INFO: The password for user logstash is eThLjeuchqqbG9w?CKUv.oLXPmGXxw90
30/09/2024 13:58:31 INFO: The password for user readall is 0os81flsm0syuijbsXZZRAFSbz+LVmJk
30/09/2024 13:58:31 INFO: The password for user snapshotrestore is *+25PBMi1st*CRg4ajeA.FkNQWgz.5Ja
30/09/2024 13:58:31 WARNING: Wazuh indexer passwords changed. Remember to update the password in the Wazuh dashboard, Wazuh server, and Filebeat nodes if necessary, and restart the services.
root@ubuntu-jammy:~# filebeat test output
elasticsearch: https://127.0.0.1:9200...
  parse url... OK
  connection...
    parse host... OK
    dns lookup... OK
    addresses: 127.0.0.1
    dial up... OK
  TLS...
    security: server's certificate chain verification is enabled
    handshake... OK
    TLS version: TLSv1.2
    dial up... OK
  talk to server... OK
  version: 7.10.2