Closed DFolchA closed 1 year ago
I reproduced the steps and the error is displayed as commented above.
The research of @DFolchA was very complete. Besides, I noticed that the admin.key
file is no longer used. In the latest documentation is not mentioned https://documentation.wazuh.com/4.2/user-manual/certificates.html and in the cert-tool the created key is admin-key.pem
and not admin.key
.
https://github.com/wazuh/wazuh-packages/blob/79815b296658de20bb2f7f7bc773b7bb132a9cd8/unattended_installer/cert_tool/certFunctions.sh#L58-L65
Because of this, the check of the admin.key
will be removed.
Also, I noticed that in the builder.sh
script of the Installation Assitant, the name of the cert-tool and the password-tool were not correctly specified.
To aboard this problem, the steps to follow are:
adminkey
and adminpem
to the default values. This action will be performed in the passwordVariables.sh
.passwords_readAdmincerts
function, the checks of the files will be over the variables and not over the hardcoded path. Change passwords with :green_circle: Default paths
root@ubuntu-focal:/home/vagrant# ./wazuh-passwords-tool.sh -a
10/02/2023 12:47:30 INFO: Wazuh API admin credentials not provided, Wazuh API passwords not changed.
10/02/2023 12:47:45 INFO: The password for user admin is 2L2OnyYBwlpZDkd9KfK7Ffi5BZZm?Acp
10/02/2023 12:47:45 INFO: The password for user kibanaserver is c69OeXcsy+nTyknBEakCgcDEMjv679hJ
10/02/2023 12:47:45 INFO: The password for user kibanaro is Pw+JgploEY*XkCgSzAwhGwA7T*xTvYZp
10/02/2023 12:47:45 INFO: The password for user logstash is 2mcm22j30jRUDO5oCEj2bzc0Wj?QMX7y
10/02/2023 12:47:45 INFO: The password for user readall is 2WB6wiF8bUI5Xsi*mt9XgETBPaPRFkj5
10/02/2023 12:47:45 INFO: The password for user snapshotrestore is +wDc3rbW7XglDhTJnLnzLsir0Tl?hfiZ
10/02/2023 12:47:45 WARNING: Wazuh indexer passwords changed. Remember to update the password in the Wazuh dashboard and Filebeat nodes if necessary, and restart the services.
root@ubuntu-focal:/home/vagrant#
:green_circle: Certificate path changed and default certificate key
root@ubuntu-focal:/home/vagrant# ./wazuh-passwords-tool.sh -c /home/vagrant/admin.pem -a
10/02/2023 12:49:19 INFO: Wazuh API admin credentials not provided, Wazuh API passwords not changed.
10/02/2023 12:49:35 INFO: The password for user admin is 1TJB0gjQr+PIRhkrS+.21eqF7TuVuFFa
10/02/2023 12:49:35 INFO: The password for user kibanaserver is whGu*9.3Stm9xKR9RjJHUMD*.+ikUc++
10/02/2023 12:49:35 INFO: The password for user kibanaro is dcPCeqVSNe?N1e.sHarTAf98?.?KuKzh
10/02/2023 12:49:35 INFO: The password for user logstash is 0+ASFXLafrRv7B3e66ctxwzM+k.1v58Y
10/02/2023 12:49:35 INFO: The password for user readall is LDS*zjJ9u3Yk?aSbRWF?R5?tYC+23HO.
10/02/2023 12:49:35 INFO: The password for user snapshotrestore is *1D6GhScp9lYW7qxSMs45TYaMgdf35+z
10/02/2023 12:49:35 WARNING: Wazuh indexer passwords changed. Remember to update the password in the Wazuh dashboard and Filebeat nodes if necessary, and restart the services.
root@ubuntu-focal:/home/vagrant#
:green_circle: Certificate key path changed and default certificate
root@ubuntu-focal:/home/vagrant# ./wazuh-passwords-tool.sh -k /home/vagrant/admin-key.pem -a
10/02/2023 12:55:19 INFO: Wazuh API admin credentials not provided, Wazuh API passwords not changed.
10/02/2023 12:55:34 INFO: The password for user admin is B6wNQHaMAt?Hi.kP6KuyvL9GFIgJvg0p
10/02/2023 12:55:34 INFO: The password for user kibanaserver is T2Cu7?wnYn5stagdWJIZHSAUKR1UzLJ4
10/02/2023 12:55:34 INFO: The password for user kibanaro is yFQ*OoinCwMMJQAknKeavcnj6Vhr2hlE
10/02/2023 12:55:34 INFO: The password for user logstash is WsjBE72tV4Vi4JMazwPtHy1huaC?HMyK
10/02/2023 12:55:34 INFO: The password for user readall is vDwU45h25z95orBvDSBCN?jz2W3GWX1*
10/02/2023 12:55:34 INFO: The password for user snapshotrestore is 1CjjSKF+NEP??R0yyyb*Xl2TJuChoJjN
10/02/2023 12:55:34 WARNING: Wazuh indexer passwords changed. Remember to update the password in the Wazuh dashboard and Filebeat nodes if necessary, and restart the services.
root@ubuntu-focal:/home/vagrant#
:green_circle: Both changed
root@ubuntu-focal:/home/vagrant# ./wazuh-passwords-tool.sh -c /home/vagrant/admin.pem -k /home/vagrant/admin-key.pem -a
10/02/2023 12:39:58 INFO: Wazuh API admin credentials not provided, Wazuh API passwords not changed.
10/02/2023 12:40:14 INFO: The password for user admin is 8EONv3joCTF.yfz4XgeuYaB3RwH6.IQt
10/02/2023 12:40:14 INFO: The password for user kibanaserver is 72gaB*.hm*NCr6ajqMFiMg.Qyr85hY0f
10/02/2023 12:40:14 INFO: The password for user kibanaro is qg.BVOQIv5lmvukLl6jDQFln855U+xuY
10/02/2023 12:40:14 INFO: The password for user logstash is xnYq?0W0Yp8vEX1beWicP3h0BVvr12G4
10/02/2023 12:40:14 INFO: The password for user readall is T1K0OPhoN*2BqWQx8z3UNuPuHnLkNYN3
10/02/2023 12:40:14 INFO: The password for user snapshotrestore is Vpo5GmjyffEr*2UmgFdEn20kKoj6HcrD
10/02/2023 12:40:14 WARNING: Wazuh indexer passwords changed. Remember to update the password in the Wazuh dashboard and Filebeat nodes if necessary, and restart the services.
root@ubuntu-focal:/home/vagrant# nano wazuh-passwords-tool.sh
After doing the above development, I noticed the Installation Assistant uses the adminpem
and adminkey
variables, which are now defined in the passwordsVariables.sh
. This change makes the Installation Assistant not know the value of these variables.
To solve this issue, I created a new file inside the common_functions
folder, called commonVariables.sh
, which should contain all the common variables used in the different tools.
For now, this file contains the following lines:
adminpem="/etc/wazuh-indexer/certs/admin.pem"
adminkey="/etc/wazuh-indexer/certs/admin-key.pem"
This file is now loaded in the different tools. This task is performed in the builder.sh
script.
A new related issue has been created: https://github.com/wazuh/wazuh-packages/issues/2092
Here are some manual tests with the latest changes:
:green_circle: Install the Wazuh indexer and start the cluster
:green_circle: Install the Wazuh manager
:green_circle: Install the Wazuh dashboard
:green_circle: AIO installation
:green_circle: Change passwords with default paths
:green_circle: Change passwords with changed paths
:green_circle: Change passwords with changed key
:green_circle: Change passwords with changed certificate
wazuh-passwords-tool.sh
Note: this issue is already present in 4.3.x
We found that the
wazuh-passwords-tool.sh
script fails when using a different path for the admin certificate and key, other than/etc/wazuh-indexer/certs/admin.pem
and/etc/wazuh-indexer/certs/admin.key
.If we use a different path but the files
/etc/wazuh-indexer/certs/admin.pem
and/etc/wazuh-indexer/certs/admin.key
exist, the script uses those files:If we use a different path and those files do not exist, then the script fails indicating that we need to specify the path:
This error comes from the following lines: https://github.com/wazuh/wazuh-packages/blob/79815b296658de20bb2f7f7bc773b7bb132a9cd8/unattended_installer/passwords_tool/passwordsFunctions.sh#L361-L375
We need to define the default path as a variable and change that variable if the corresponding flag is used and then change the conditional in those lines: