The variables `adminpem`and `adminkey` are not being correctly set on `wazuh-passwords-tool.sh`

[DFolchA]

Wazuh version	Install type	Action performed	Platform
4.4.0	wazuh-passwords-tool.sh	Change passwords	OS version

Note: this issue is already present in 4.3.x

We found that the wazuh-passwords-tool.sh script fails when using a different path for the admin certificate and key, other than /etc/wazuh-indexer/certs/admin.pem and /etc/wazuh-indexer/certs/admin.key.

If we use a different path but the files /etc/wazuh-indexer/certs/admin.pem and /etc/wazuh-indexer/certs/admin.key exist, the script uses those files:

[root@amazon2 vagrant]# ./wazuh-passwords-tool.sh -c /home/vagrant/admin.pem -a
11/01/2023 11:57:19 INFO: Wazuh API admin credentials not provided, Wazuh API passwords not changed.
11/01/2023 11:57:27 INFO: The password for user admin is trX*Q0P341Ibx+DeA?oT1OB3C*gfojDt
11/01/2023 11:57:27 INFO: The password for user kibanaserver is cNd363fhE0mrlTow1?qtxJz6PJzsm5X1
11/01/2023 11:57:27 INFO: The password for user kibanaro is SnYoQXrJk*hJSOlR?9LAw0VLR4*SRle.
11/01/2023 11:57:27 INFO: The password for user logstash is GTHmQlUJJj0fNiR*6??iggby3ndxZlch
11/01/2023 11:57:27 INFO: The password for user readall is ?JGsg3lK*AuilGc2w2QCgfH1bP8E+thw
11/01/2023 11:57:27 INFO: The password for user snapshotrestore is qnfjRw?5eI+j9TZsu222RJ2mjmzVw0Lb
11/01/2023 11:57:27 WARNING: Wazuh indexer passwords changed. Remember to update the password in the Wazuh dashboard and Filebeat nodes if necessary, and restart the services.

If we use a different path and those files do not exist, then the script fails indicating that we need to specify the path:

[root@amazon2 vagrant]# mv /etc/wazuh-indexer/certs/admin.pem /home/vagrant/admin.pem
[root@amazon2 vagrant]# ./wazuh-passwords-tool.sh -c /home/vagrant/admin.pem -a
11/01/2023 11:57:58 INFO: Wazuh API admin credentials not provided, Wazuh API passwords not changed.
11/01/2023 11:58:04 ERROR: No admin certificate indicated. Please run the script with the option -c <path-to-certificate>.

This error comes from the following lines: https://github.com/wazuh/wazuh-packages/blob/79815b296658de20bb2f7f7bc773b7bb132a9cd8/unattended_installer/passwords_tool/passwordsFunctions.sh#L361-L375

We need to define the default path as a variable and change that variable if the corresponding flag is used and then change the conditional in those lines:

    if [[ ! -f  "${adminpem} ]]; then
        common_logger -e "No admin certificate indicated. Please run the script with the option -c <path-to-certificate>."
        exit 1;
    fi

    if [[ ! -f  "${adminkey} ]]; then
        common_logger -e "No admin certificate key indicated. Please run the script with the option -k <path-to-key-certificate>."
        exit 1;
    fi

[davidcr01]

Update Report

Research

I reproduced the steps and the error is displayed as commented above.

The research of @DFolchA was very complete. Besides, I noticed that the admin.key file is no longer used. In the latest documentation is not mentioned https://documentation.wazuh.com/4.2/user-manual/certificates.html and in the cert-tool the created key is admin-key.pemand not admin.key. https://github.com/wazuh/wazuh-packages/blob/79815b296658de20bb2f7f7bc773b7bb132a9cd8/unattended_installer/cert_tool/certFunctions.sh#L58-L65

Because of this, the check of the admin.key will be removed.

Also, I noticed that in the builder.sh script of the Installation Assitant, the name of the cert-tool and the password-tool were not correctly specified.

Development

Related development tasks

To aboard this problem, the steps to follow are:

• Initialize the adminkey and adminpem to the default values. This action will be performed in the passwordVariables.sh.
• If the user indicates another path for these files, the variables will change their values. This is already implemented in the code.
• In the passwords_readAdmincerts function, the checks of the files will be over the variables and not over the hardcoded path.

Tests

Change passwords with :green_circle: Default paths

root@ubuntu-focal:/home/vagrant# ./wazuh-passwords-tool.sh -a
10/02/2023 12:47:30 INFO: Wazuh API admin credentials not provided, Wazuh API passwords not changed.
10/02/2023 12:47:45 INFO: The password for user admin is 2L2OnyYBwlpZDkd9KfK7Ffi5BZZm?Acp
10/02/2023 12:47:45 INFO: The password for user kibanaserver is c69OeXcsy+nTyknBEakCgcDEMjv679hJ
10/02/2023 12:47:45 INFO: The password for user kibanaro is Pw+JgploEY*XkCgSzAwhGwA7T*xTvYZp
10/02/2023 12:47:45 INFO: The password for user logstash is 2mcm22j30jRUDO5oCEj2bzc0Wj?QMX7y
10/02/2023 12:47:45 INFO: The password for user readall is 2WB6wiF8bUI5Xsi*mt9XgETBPaPRFkj5
10/02/2023 12:47:45 INFO: The password for user snapshotrestore is +wDc3rbW7XglDhTJnLnzLsir0Tl?hfiZ
10/02/2023 12:47:45 WARNING: Wazuh indexer passwords changed. Remember to update the password in the Wazuh dashboard and Filebeat nodes if necessary, and restart the services.
root@ubuntu-focal:/home/vagrant# 

:green_circle: Certificate path changed and default certificate key

root@ubuntu-focal:/home/vagrant# ./wazuh-passwords-tool.sh -c /home/vagrant/admin.pem -a
10/02/2023 12:49:19 INFO: Wazuh API admin credentials not provided, Wazuh API passwords not changed.
10/02/2023 12:49:35 INFO: The password for user admin is 1TJB0gjQr+PIRhkrS+.21eqF7TuVuFFa
10/02/2023 12:49:35 INFO: The password for user kibanaserver is whGu*9.3Stm9xKR9RjJHUMD*.+ikUc++
10/02/2023 12:49:35 INFO: The password for user kibanaro is dcPCeqVSNe?N1e.sHarTAf98?.?KuKzh
10/02/2023 12:49:35 INFO: The password for user logstash is 0+ASFXLafrRv7B3e66ctxwzM+k.1v58Y
10/02/2023 12:49:35 INFO: The password for user readall is LDS*zjJ9u3Yk?aSbRWF?R5?tYC+23HO.
10/02/2023 12:49:35 INFO: The password for user snapshotrestore is *1D6GhScp9lYW7qxSMs45TYaMgdf35+z
10/02/2023 12:49:35 WARNING: Wazuh indexer passwords changed. Remember to update the password in the Wazuh dashboard and Filebeat nodes if necessary, and restart the services.
root@ubuntu-focal:/home/vagrant# 

:green_circle: Certificate key path changed and default certificate

root@ubuntu-focal:/home/vagrant# ./wazuh-passwords-tool.sh -k /home/vagrant/admin-key.pem -a
10/02/2023 12:55:19 INFO: Wazuh API admin credentials not provided, Wazuh API passwords not changed.
10/02/2023 12:55:34 INFO: The password for user admin is B6wNQHaMAt?Hi.kP6KuyvL9GFIgJvg0p
10/02/2023 12:55:34 INFO: The password for user kibanaserver is T2Cu7?wnYn5stagdWJIZHSAUKR1UzLJ4
10/02/2023 12:55:34 INFO: The password for user kibanaro is yFQ*OoinCwMMJQAknKeavcnj6Vhr2hlE
10/02/2023 12:55:34 INFO: The password for user logstash is WsjBE72tV4Vi4JMazwPtHy1huaC?HMyK
10/02/2023 12:55:34 INFO: The password for user readall is vDwU45h25z95orBvDSBCN?jz2W3GWX1*
10/02/2023 12:55:34 INFO: The password for user snapshotrestore is 1CjjSKF+NEP??R0yyyb*Xl2TJuChoJjN
10/02/2023 12:55:34 WARNING: Wazuh indexer passwords changed. Remember to update the password in the Wazuh dashboard and Filebeat nodes if necessary, and restart the services.
root@ubuntu-focal:/home/vagrant# 

:green_circle: Both changed

root@ubuntu-focal:/home/vagrant# ./wazuh-passwords-tool.sh -c /home/vagrant/admin.pem -k /home/vagrant/admin-key.pem -a
10/02/2023 12:39:58 INFO: Wazuh API admin credentials not provided, Wazuh API passwords not changed.
10/02/2023 12:40:14 INFO: The password for user admin is 8EONv3joCTF.yfz4XgeuYaB3RwH6.IQt
10/02/2023 12:40:14 INFO: The password for user kibanaserver is 72gaB*.hm*NCr6ajqMFiMg.Qyr85hY0f
10/02/2023 12:40:14 INFO: The password for user kibanaro is qg.BVOQIv5lmvukLl6jDQFln855U+xuY
10/02/2023 12:40:14 INFO: The password for user logstash is xnYq?0W0Yp8vEX1beWicP3h0BVvr12G4
10/02/2023 12:40:14 INFO: The password for user readall is T1K0OPhoN*2BqWQx8z3UNuPuHnLkNYN3
10/02/2023 12:40:14 INFO: The password for user snapshotrestore is Vpo5GmjyffEr*2UmgFdEn20kKoj6HcrD
10/02/2023 12:40:14 WARNING: Wazuh indexer passwords changed. Remember to update the password in the Wazuh dashboard and Filebeat nodes if necessary, and restart the services.
root@ubuntu-focal:/home/vagrant# nano wazuh-passwords-tool.sh 

[davidcr01]

Update Report

Research

After doing the above development, I noticed the Installation Assistant uses the adminpem and adminkey variables, which are now defined in the passwordsVariables.sh. This change makes the Installation Assistant not know the value of these variables.

Development

To solve this issue, I created a new file inside the common_functions folder, called commonVariables.sh, which should contain all the common variables used in the different tools.

For now, this file contains the following lines:

adminpem="/etc/wazuh-indexer/certs/admin.pem"
adminkey="/etc/wazuh-indexer/certs/admin-key.pem"

This file is now loaded in the different tools. This task is performed in the builder.sh script.

A new related issue has been created: https://github.com/wazuh/wazuh-packages/issues/2092

[davidcr01]

Update Report

Here are some manual tests with the latest changes:

:green_circle: Install the Wazuh indexer and start the cluster

Show log

``` root@ubuntu-focal:/home/vagrant# bash wazuh-install.sh -u 14/02/2023 09:20:09 INFO: Starting Wazuh installation assistant. Wazuh version: 4.5.0 14/02/2023 09:20:09 INFO: Verbose logging redirected to /var/log/wazuh-install.log 14/02/2023 09:20:11 INFO: Wazuh dashboard not found in the system so it was not uninstalled. 14/02/2023 09:20:11 INFO: Removing Wazuh manager. 14/02/2023 09:20:23 INFO: Wazuh manager removed. 14/02/2023 09:20:23 INFO: Removing Wazuh indexer. 14/02/2023 09:20:28 INFO: Wazuh indexer removed. 14/02/2023 09:20:28 INFO: Removing Filebeat. 14/02/2023 09:20:32 INFO: Filebeat removed. root@ubuntu-focal:/home/vagrant# bash wazuh-install.sh -wi node-1 -i 14/02/2023 09:21:09 INFO: Starting Wazuh installation assistant. Wazuh version: 4.5.0 14/02/2023 09:21:09 INFO: Verbose logging redirected to /var/log/wazuh-install.log 14/02/2023 09:21:11 WARNING: Hardware and system checks ignored. 14/02/2023 09:21:22 INFO: Wazuh development repository added. 14/02/2023 09:21:22 INFO: --- Wazuh indexer --- 14/02/2023 09:21:22 INFO: Starting Wazuh indexer installation. 14/02/2023 09:22:15 INFO: Wazuh indexer installation finished. 14/02/2023 09:22:15 INFO: Wazuh indexer post-install configuration finished. 14/02/2023 09:22:15 INFO: Starting service wazuh-indexer. 14/02/2023 09:22:44 INFO: wazuh-indexer service started. 14/02/2023 09:22:44 INFO: Initializing Wazuh indexer cluster security settings. 14/02/2023 09:22:47 INFO: Wazuh indexer cluster initialized. 14/02/2023 09:22:47 INFO: Installation finished. root@ubuntu-focal:/home/vagrant# root@ubuntu-focal:/home/vagrant# bash wazuh-install.sh -s 14/02/2023 09:23:29 INFO: Starting Wazuh installation assistant. Wazuh version: 4.5.0 14/02/2023 09:23:29 INFO: Verbose logging redirected to /var/log/wazuh-install.log 14/02/2023 09:23:45 INFO: Wazuh indexer cluster security configuration initialized. 14/02/2023 09:24:26 INFO: Wazuh indexer cluster started. root@ubuntu-focal:/home/vagrant# ```

:green_circle: Install the Wazuh manager

Show log

``` root@ubuntu-focal:/home/vagrant# bash wazuh-install.sh -ws wazuh-1 14/02/2023 09:34:01 INFO: Starting Wazuh installation assistant. Wazuh version: 4.5.0 14/02/2023 09:34:01 INFO: Verbose logging redirected to /var/log/wazuh-install.log 14/02/2023 09:34:16 INFO: Wazuh development repository added. 14/02/2023 09:34:16 INFO: --- Wazuh server --- 14/02/2023 09:34:16 INFO: Starting the Wazuh manager installation. 14/02/2023 09:35:10 INFO: Wazuh manager installation finished. 14/02/2023 09:35:10 INFO: Starting service wazuh-manager. 14/02/2023 09:35:34 INFO: wazuh-manager service started. 14/02/2023 09:35:34 INFO: Starting Filebeat installation. 14/02/2023 09:35:45 INFO: Filebeat installation finished. 14/02/2023 09:35:47 INFO: Filebeat post-install configuration finished. 14/02/2023 09:35:56 INFO: Starting service filebeat. 14/02/2023 09:35:57 INFO: filebeat service started. 14/02/2023 09:35:57 INFO: Installation finished. root@ubuntu-focal:/home/vagrant# ```

:green_circle: Install the Wazuh dashboard

Show log

``` root@ubuntu-focal:/home/vagrant# bash wazuh-install.sh -wd dashboard -i 14/02/2023 09:48:10 INFO: Starting Wazuh installation assistant. Wazuh version: 4.5.0 14/02/2023 09:48:10 INFO: Verbose logging redirected to /var/log/wazuh-install.log 14/02/2023 09:48:11 WARNING: Hardware and system checks ignored. 14/02/2023 09:48:22 INFO: Wazuh development repository added. dashboard 14/02/2023 09:48:22 INFO: --- Wazuh dashboard ---- 14/02/2023 09:48:22 INFO: Starting Wazuh dashboard installation. 14/02/2023 09:49:02 INFO: Wazuh dashboard installation finished. 14/02/2023 09:49:02 INFO: Wazuh dashboard post-install configuration finished. 14/02/2023 09:49:02 INFO: Starting service wazuh-dashboard. 14/02/2023 09:49:03 INFO: wazuh-dashboard service started. 14/02/2023 09:49:28 INFO: Initializing Wazuh dashboard web application. 14/02/2023 09:49:29 INFO: Wazuh dashboard web application initialized. 14/02/2023 09:49:29 INFO: --- Summary --- 14/02/2023 09:49:29 INFO: You can access the web interface https:// User: admin Password: dGpDdEbma567LJhEM.S3j6a2Z7PqsOG8 14/02/2023 09:49:29 INFO: Installation finished. root@ubuntu-focal:/home/vagrant# ```

:green_circle: AIO installation

Show log

``` root@ubuntu-focal:/home/vagrant# bash wazuh-install.sh -a -i 14/02/2023 09:57:39 INFO: Starting Wazuh installation assistant. Wazuh version: 4.5.0 14/02/2023 09:57:39 INFO: Verbose logging redirected to /var/log/wazuh-install.log 14/02/2023 09:57:41 WARNING: Hardware and system checks ignored. 14/02/2023 09:57:51 INFO: Wazuh development repository added. 14/02/2023 09:57:51 INFO: --- Configuration files --- 14/02/2023 09:57:51 INFO: Generating configuration files. 14/02/2023 09:57:52 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation. 14/02/2023 09:57:52 INFO: --- Wazuh indexer --- 14/02/2023 09:57:52 INFO: Starting Wazuh indexer installation. 14/02/2023 09:58:34 INFO: Wazuh indexer installation finished. 14/02/2023 09:58:34 INFO: Wazuh indexer post-install configuration finished. 14/02/2023 09:58:34 INFO: Starting service wazuh-indexer. 14/02/2023 09:58:53 INFO: wazuh-indexer service started. 14/02/2023 09:58:53 INFO: Initializing Wazuh indexer cluster security settings. 14/02/2023 09:59:03 INFO: Wazuh indexer cluster initialized. 14/02/2023 09:59:03 INFO: --- Wazuh server --- 14/02/2023 09:59:03 INFO: Starting the Wazuh manager installation. 14/02/2023 09:59:46 INFO: Wazuh manager installation finished. 14/02/2023 09:59:46 INFO: Starting service wazuh-manager. 14/02/2023 10:00:08 INFO: wazuh-manager service started. 14/02/2023 10:00:08 INFO: Starting Filebeat installation. 14/02/2023 10:00:17 INFO: Filebeat installation finished. 14/02/2023 10:00:19 INFO: Filebeat post-install configuration finished. 14/02/2023 10:00:19 INFO: Starting service filebeat. 14/02/2023 10:00:20 INFO: filebeat service started. 14/02/2023 10:00:20 INFO: --- Wazuh dashboard --- 14/02/2023 10:00:20 INFO: Starting Wazuh dashboard installation. 14/02/2023 10:00:59 INFO: Wazuh dashboard installation finished. 14/02/2023 10:00:59 INFO: Wazuh dashboard post-install configuration finished. 14/02/2023 10:00:59 INFO: Starting service wazuh-dashboard. 14/02/2023 10:01:00 INFO: wazuh-dashboard service started. 14/02/2023 10:01:37 INFO: Initializing Wazuh dashboard web application. 14/02/2023 10:01:37 INFO: Wazuh dashboard web application initialized. 14/02/2023 10:01:37 INFO: --- Summary --- 14/02/2023 10:01:37 INFO: You can access the web interface https:// User: admin Password: 22C5U4cukjPnY4?T?iXxS0CV59IStARI 14/02/2023 10:01:37 INFO: Installation finished. root@ubuntu-focal:/home/vagrant# ```

:green_circle: Change passwords with default paths

Show log

``` root@ubuntu-focal:/home/vagrant# bash wazuh-passwords-tool.sh -a 14/02/2023 09:50:29 INFO: Wazuh API admin credentials not provided, Wazuh API passwords not changed. 14/02/2023 09:50:47 INFO: The password for user admin is .0uO3u38H.VIhkwSs0Iql.9tSrRbP1p1 14/02/2023 09:50:47 INFO: The password for user kibanaserver is tq*rS86sVLBps5m6ii46nzEK767xEXOW 14/02/2023 09:50:47 INFO: The password for user kibanaro is 4tCTH3OzLuyyHhUc4Ir*FCWqPFbj1w9K 14/02/2023 09:50:47 INFO: The password for user logstash is OJSw.02fhAJtqKBSYYdCIUNJso0I+amQ 14/02/2023 09:50:47 INFO: The password for user readall is s9QsWVZ1zUIe?cdJg2Rd6k?*TfCNy.g+ 14/02/2023 09:50:47 INFO: The password for user snapshotrestore is 4X*4NrDXQuvoBSV?.42l+ekksmnyvl3h 14/02/2023 09:50:47 WARNING: Wazuh indexer passwords changed. Remember to update the password in the Wazuh dashboard and Filebeat nodes if necessary, and restart the services. root@ubuntu-focal:/home/vagrant# ```

:green_circle: Change passwords with changed paths

Show log

``` root@ubuntu-focal:/home/vagrant# ./wazuh-passwords-tool.sh -c /home/vagrant/admin.pem -k /home/vagrant/admin-key.pem -a 14/02/2023 09:52:46 INFO: Wazuh API admin credentials not provided, Wazuh API passwords not changed. 14/02/2023 09:53:02 INFO: The password for user admin is 4sQ*x8NS?G7cN4LdVlk4QLet9fTYee8a 14/02/2023 09:53:02 INFO: The password for user kibanaserver is KAZEfNNsEDjrikrPuKl+skZe9thXGppx 14/02/2023 09:53:02 INFO: The password for user kibanaro is NKsg*Pl?+WiQ3j18Bpa*mHfkjGeu7miR 14/02/2023 09:53:02 INFO: The password for user logstash is TbFQRkCDIV2V7A56LlvGS?UIrpaG4o*c 14/02/2023 09:53:02 INFO: The password for user readall is nA5amYdSM0s+fAkdfwLoKirGONjX5ZE4 14/02/2023 09:53:02 INFO: The password for user snapshotrestore is vub+WO9xUxGEC5zCoYYs37i4Fvwy*tfG 14/02/2023 09:53:02 WARNING: Wazuh indexer passwords changed. Remember to update the password in the Wazuh dashboard and Filebeat nodes if necessary, and restart the services. ```

:green_circle: Change passwords with changed key

Show log

``` root@ubuntu-focal:/home/vagrant# ./wazuh-passwords-tool.sh -k /home/vagrant/admin-key.pem -a 14/02/2023 09:54:28 INFO: Wazuh API admin credentials not provided, Wazuh API passwords not changed. 14/02/2023 09:54:45 INFO: The password for user admin is esocUaph4McvDbIBRoOdiz1+a04XI3R0 14/02/2023 09:54:45 INFO: The password for user kibanaserver is xkd0Jb*crZ6FQt8AFioYXR1Vtp*tIqwl 14/02/2023 09:54:45 INFO: The password for user kibanaro is v3doXykh6RsJpQd65F*L.bPijNl4p2Hk 14/02/2023 09:54:45 INFO: The password for user logstash is iElBJNcMudynxHEOZsL*aXnxh3+9AKqJ 14/02/2023 09:54:45 INFO: The password for user readall is KYpJBXaA5IUU+8eK2z+UyBi+Pu1GywUQ 14/02/2023 09:54:45 INFO: The password for user snapshotrestore is JDQjz*t3pINC0uKeTd1KDr8xr?wnyBNV 14/02/2023 09:54:45 WARNING: Wazuh indexer passwords changed. Remember to update the password in the Wazuh dashboard and Filebeat nodes if necessary, and restart the services. root@ubuntu-focal:/home/vagrant# ```

:green_circle: Change passwords with changed certificate

Show log

``` root@ubuntu-focal:/home/vagrant# ./wazuh-passwords-tool.sh -c /home/vagrant/admin.pem -a 14/02/2023 09:56:07 INFO: Wazuh API admin credentials not provided, Wazuh API passwords not changed. 14/02/2023 09:56:24 INFO: The password for user admin is qHWLp6BolYfjkXhTt4U*EgAuXTi5QjWs 14/02/2023 09:56:24 INFO: The password for user kibanaserver is MFgm55wT3NiD4.BnX9lNqdh2G1OTD3rF 14/02/2023 09:56:24 INFO: The password for user kibanaro is Z9Fr+llZLBay2enBmjKX4d54WdIQk+0y 14/02/2023 09:56:24 INFO: The password for user logstash is n*7iAryzg?BKo9RODALzGnSZ8rpYLuUy 14/02/2023 09:56:24 INFO: The password for user readall is 0hMY+rVp7yRTF3+YgO8PZG*eWbpAFqoB 14/02/2023 09:56:24 INFO: The password for user snapshotrestore is CIhzc0rT1yXlH1QpuumNo?Yjy31UskZY 14/02/2023 09:56:24 WARNING: Wazuh indexer passwords changed. Remember to update the password in the Wazuh dashboard and Filebeat nodes if necessary, and restart the services. root@ubuntu-focal:/home/vagrant# ```