Closed Enaraque closed 1 week ago
We have found a way to use the indexer admin user in the wazuh manager
so there is no need to add another user in the API user section.
It has also been added in the dashboard that in order to change the password of wazuh-wui
, the option --api
should be set so that it does not try to change the password of kibanaserver also if there is an indexer installed on the same system.
The password file is the same as before, no new users are added
In order to change the Filebeat password, we indicate it with the user admin instead of Filebeat.
The change of passwords in the dashboard has been improved. To change API user passwords, the --api
option is used so that if the dashboard is installed on the same machine as the indexer it does not try to change kibanaserver
passwords as well.
Now when changing passwords in AIO, the message also appears when changing the Filebeat password.
Description
When changing the passwords for the different services, neither the Filebeat password in the manager nor the wazuh-wui password in the dashboard were updated. Also in the indexer there was a message indicating that there were no API users, which was a bit confusing. The steps to solve this problem have been:
Password file
In order to be able to change the filebeat password in the wazuh-manager, a new user
admin
has been created in the API users section. This user will have the same password as theadmin
user in the indexer section. This provides a way to manage the Filebeat password from the manager.Tests
When generating the passwords we can see how a new API user
admin
is generated with the same password as indexeradmin
user.Wazuh indexer
In the indexer section we had the problem that a message appeared regarding the change of API user passwords:
INFO: Wazuh API admin credentials not provided, Wazuh API passwords not changed.
Which was a bit confusing if the manager was not installed on the machine. Now every time we try to change the indexer passwords without having the manager installed, we won't get the message again.Tests
Wazuh manager
Regarding the manager, the problem was that when we changed the passwords with the
--changeall
option, the Filebeat password was not changed. Now, a new user has been added to the users section of the API calledFilebeat
. With these changes, if we put this user with his password in the password file, it will be changed correctly in the manager. Also, being a manager user, we can change the Filebeat password with the--user
and--password
option as well.Tests
When executing the
filebeat test output
command we see that the filebeat password is wrong and therefore we get the errorERROR 401 Unauthorized: Unauthorized
.--changeall
option:If we check the connection again, it reconnects:
--user
and--password
.Wazuh dashboard
With the dashboard we had the problem that we couldn't change the password for
kibanaserver
andwazuh-wui
. Like the server, we can now change the passwords of these with the--changeall
option and also with--user
and--password
.Tests
--changeall
.--user
and--password
.root@debian9:/home/vagrant/passwords_good# bash wazuh-passwords-tool.sh --user wazuh-wui --password r7jH.SQ4SMqbzVXcbJrkiyrwvWd+Gw8 28/05/2024 12:22:52 INFO: Updated wazuh-wui user password in wazuh dashboard to 'r7jH.SQ4SMqbzVXcbJrkiyrwvWd+Gw8'.
Change of all passwords where API passwords are changed as well. If we check the output of filebeat, we can see that it works correctly.
When the dashboard is installed in a distributed deployment, we can change the password of the user that communicates with the server without giving the admin credentials. In this case, as the manager is installed, we would have to specify them. If we try this, we get the following output:
If we do it with the right credentials, we can see that it does change:
Everything works correctly with the changes:![Captura de pantalla 2024-06-04 a las 14 38 34](https://github.com/wazuh/wazuh-packages/assets/74021522/a0791ac1-0b29-4308-bcdc-435d8f2971fb)