The documented way to change admin/wazuh-wui passwords do not work #838
Comments
|
Hello @chenri2006, what concrete steps have you followed? If you follow the documentation: https://documentation.wazuh.com/current/deployment-options/docker/wazuh-container.html#change-the-password-of-an-existing-user step by step, you should be able to change the password from users without any problem.
This is not correct, to change the passwords it is not useful to just specify the one you want, it is necessary to carry out a series of steps in order. Regarding the modified files:
For all users except In the case of the user
You must use a password that is secure, if not, when doing
|
|
I am having some what the same issue, I changed the passwords in the in the locations needed but for some reason the manager cannot talk to the indexer as getting 401 Unauthorized and I cannot work out where the hell I am going wrong |
|
I have the same problem. I can't change Wazuh 4.4.1 admin password in Docker. Does anyone have the solution? |
|
*this may no be relevant as I was doing integration changes
I noticed that the docker compose file replaces the ossec.conf on every
start with the wazuh_manager.conf file
docker compose stop
so you need to do your edits in the wazuh_manager.conf
then docker compose start
ossec.conf is in wazuh_etc volume
wazuh_etc:/var/ossec/etc/ossec.conf
wazuh_manager.conf location
wazuh-docker/single-node/config/wazuh_cluster/wazuh_manager.conf
test on non production system
pb...
…On Sat, 27 May 2023 at 03:38, renanolnunes ***@***.***> wrote:
I have the same problem. I can't change Wazuh 4.4.1 admin password in
Docker. Does anyone have the solution?
—
Reply to this email directly, view it on GitHub
<#838 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAG3AU4I4AKBJE4U6F2SPGDXIDS75ANCNFSM6AAAAAAX5JTTPQ>
.
You are receiving this because you are subscribed to this thread.Message
ID: ***@***.***>
--
cheers pb...
|
|
@pblakez This issue is not related to you issue, I would suggest you open a new issue with your issue. @renanolnunes yes I do have the solution as I have managed to work out what needed doing, right at this moment I am in the process of writing a blog post that has the tips, fixes and recommendations for Wazuh to make this easier. Will post the link when I publish it |
|
here is the information everyone needs to be able to update things and have a smooth experience https://cybermon.uk/posts/wazuh_docker/ |
|
Hello, clarifications about the post: About: Wazuh Certs Creator ImageThis problem has been found by some users and in general it has been related to connection problems from the user himself, such as a firewall or the ISP, Wazuh provides this file in a public and accessible way. This file is provided through a bucket in AWS S3: https://packages.wazuh.com/4.4/wazuh-certs-tool.sh Alternatively, said file can be obtained through the We understand that it is a nuisance that, depending on the network of each user, there may be certain problems, but it is necessary to clarify that there are an infinite number of network configurations and it is not realistic to contemplate all of them, in fact, I don't quite understand the part where you mention that you had problems but that it worked on your network, if they are different networks it is clear that it is a problem of the network where it failed Regarding the recommendation:Originally the script was associated with the image itself since it was stored in the wazuh-docker repository https://github.com/wazuh/wazuh-docker/tree/ad678638adc4c36ef89bc80e6878628e2b0cc97c/indexer_certs_creator/config, because this tool was duplicated in multiple locations it was decided to centralize it, since if a user can download it from S3, the execution of a Docker image can also, but we return to the beginning, there are countless network configurations and in the end, it is the user's own responsibility to manage them for give network access. About: Updating Default PasswordsAn internal document is currently being worked on between the @wazuh/cicd team and @wazuh/documentation to do a Docker documentation rework, but in principle, the only thing that might be missing is the About: Internal users and hash.shI understand that you mean the following code: Keep in mind that the Wazuh indexer is a fork of OpenSearch, just like the Wazuh dashboard is a fork of OpenSearch Dashboard, so many files will have comments of their own code. If you look at OpenSearch itself, it is easy to reproduce it, since not even in OpenSearch itself said reference is correct: As I mentioned, this is a fork and we do not have complete control over the OpenSearch code, but we are currently working on our own fork of OpenSearch and OpenSearch Dashboard so that this kind of situation doesn't happen again. On the other hand, in our documentation, it is possible to observe that we correctly indicate where these files are: |
|
Thanks for the info(Did not know certain things with regards to opensearch was a fork), with regards to the it works in my network, was when I used the cert generator image. I understand that it is a public repo where the bash script can be downloaded, but no matter what I did at my job would work and I allowed it out via the proxy. Having it builtin though even though it duplicates code does remove a lot of the roadblocks most people will run into having it include in the container image. With regards to documentation, as it currently still stands finding things in the documentation is not easy and can and seems to make it impossible for people to find things with how its laid out currently. A big thing that needs to be kept in mind is making things clear as possible and accessibility better. What I mean by this is not having to drill into different locations in the documentation, you want everything just there or at most 1 click away. This means for people like me who are Nureo Diverse makes it easier to understand and just all round nicer, this in-turn makes it better for everyone Nureo Diverse or not. Hope that makes sense? I struggle to get my points across as I struggle with explaining things and just want to make things better for everyone :-) |
|
The documented way does work, if it is followed very carefully and if one understands the real use of wazuh-wui. My initial report was about a simpler way to change passwords. That is, before one carries out those docker operations, one should be able to change the references to the passwords in docker-compose.yml and then docker operations should be able to use the customized passwords for admin/wazuh-wui and generate whatever are needed. Now I confirm that this process does NOT work for changing the password for 'admin', but it does work for changing the password for 'wazuh-wui'. This is very odd. There seems to be some hidden reference to the admin default password 'SecretPassword' that is not found in the git checkout. My assumption is that the reference to this default admin password is buried in one of the layers of a docker image used by wazuh that is based on docker. I also think that the name wazuh-wui is misleading. Because of 'wui' part which I take to mean 'web ui', I thought it would work for logging into wazuh dashboard. But now I am convinced that it will never work for that purpose. It is used for accessing the wazuh api only. So a more appropriate name for this account should be wazuh-api and not wazuh-wui. It is unfortunate that the change of admin password has to be so complicated. But given the nature of docker images and layers, I suppose we have to live with this, at least for the docker based wazuh distribution. |
|
To change the admin password look at my blog post, it tells you how to change it, which I left in a previous comment.
On 8 Jun 2023, at 16:59, chenri ***@***.***> wrote:
The documented way does work, if it is followed very carefully and if one understands the real use of wazuh-wui.
My initial report was about a simpler way to change passwords. That is, before one carries out those docker operations, one should be able to change the references to the passwords in
docker-compose.yml
config/wazuh_dashboard/wazuh.yml
and then docker operations should be able to use the customized passwords for admin/wazuh-wui and generate whatever are needed. Now I confirm that this process does NOT work for changing the password for 'admin', but it does work for changing the password for 'wazuh-wui'. This is very odd. There seems to be some hidden reference to the admin default password 'SecretPassword' that is not found in the git checkout. My assumption is that the reference to this default admin password is buried in one of the layers of a docker image used by wazuh that is based on docker.
I also think that the name wazuh-wui is misleading. Because of 'wui' part which I take to mean 'web ui', I thought it would work for logging into wazuh dashboard. But now I am convinced that it will never work for that purpose. It is used for accessing the wazuh api only. So a more appropriate name for this account should be wazuh-api and not wazuh-wui.
It is unfortunate that the change of admin password has to be so complicated. But given the nature of docker images and layers, I suppose we have to live with this, at least for the docker based wazuh distribution.
—
Reply to this email directly, view it on GitHub<#838 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AA3V2QTKKTBDVW7HJSW5LQ3XKHZELANCNFSM6AAAAAAX5JTTPQ>.
You are receiving this because you commented.Message ID: ***@***.***>
|
Thanks J.Townsend. I have confirmed your way of changing the password. So now both admin and wazuh-wui passwords can be changed before the docker startup. This simplifies greatly the process of changing passwords. I agree with you that a tool like the python script you provided should be available inside the git repo so that the user can get a self-contained distribution to change the passwords before starting up the containers. |
|
Thank you all for your contributions, I have communicated your comments to the team responsible for the repository so that they take them into account |
|
I've had an issue in which the API just stops working after I change the admin password. It changes the password as it should, but the API doesn't connect anymore which wasn't a problembefore changing the password; it worked fine. This error occurred when I followed the instructions from here. I'm deploying the single-node one. |
|
Look for my comment with my blog post, will tell you how to sort everything out
On 8 Jul 2023, at 18:52, Alberto Rosario ***@***.***> wrote:
I've had an issue in which the API just stops working after I change the admin password. This error occurred when I folowed the instructions from here<https://documentation.wazuh.com/current/deployment-options/docker/wazuh-container.html#change-pwd-existing-usr>
—
Reply to this email directly, view it on GitHub<#838 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AA3V2QSMRJWDLH5BJQMXEPLXPGM7JANCNFSM6AAAAAAX5JTTPQ>.
You are receiving this because you commented.Message ID: ***@***.***>
|
|
So what the hell is going on here? On version 4.4.5 here, and I am at a standstill, this awesome free tool is useless at the moment if you can't even do something so basic as reset its default passwords. Yes i've read and followed everything, including the blog post, none of the bcrypt hashes work for me. Not the python code, not hash.sh, nothing. This is insane. Can't we just pass our secrets to the containers like we can with every other docker-compose project? |
|
Hello, from what I see the status of the following pull request, an enhancement to the Wazuh indexer users password change has been merged in 4.4.5 and should be available in the current documentation. @Luke-Williams9, I recommend that in addition to posting that comment, you open an issue in this repository with the problems you have so that another Wazuh member can help you to solve your problems, as well as open another issue with all your suggestions that can be incorporated into our product so that we can study and evaluate them if you think there is something we need to take into account. About
Resetting the passwords to their default values is a bad practice and a security problem that must be taken into account, for this the means are provided to change the passwords but not to a pre-defined value, it is true that this part is still being developed since, for example, it is not indicated how to change the password of the Also, I have elevated this issue again to the corresponding team for re-evaluation, we appreciate your feedback and patience, and of course, any contribution to the development of this tool is more than welcome. |
|
It's just weird dat a cybersecurity tool requires such a complex procedure for changing the freaking Admin password.. |
|
Facing the exact same issue. Exactly followed the documentation (https://documentation.wazuh.com/current/deployment-options/docker/wazuh-container.html#setting-the-new-password). To break down what i did: docker-compose down
docker run --rm -ti wazuh/wazuh-indexer:4.6.0 bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/hash.sh
# Enter Password and copy hash
vim config/wazuh_indexer/internal_users.yml
# Paste hash for admin user
vim docker-compose.yml
# Enter new password for admin in line 24 and 81 (INDEXER_PASSWORD)
docker-compose up -d
# Restart stack
docker exec -it single-node_wazuh.indexer_1 bash
# Bash into container an ran:
export INSTALLATION_DIR=/usr/share/wazuh-indexer
CACERT=$INSTALLATION_DIR/certs/root-ca.pem
KEY=$INSTALLATION_DIR/certs/admin-key.pem
CERT=$INSTALLATION_DIR/certs/admin.pem
export JAVA_HOME=/usr/share/wazuh-indexer/jdk
bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh -cd /usr/share/wazuh-indexer/opensearch-security/ -nhnv -cacert $CACERT -cert $CERT -key $KEY -p 9200 -icl
exitFor testing purpose i used It would be nice to get some feedback on this. |
Okay what i just discovered is, that you need to clear cookies i guess after running these steps. I can reproduce it and got it working by deleting cookies via devtools or using incognito. |
|
Have a look at my blog in the link above, will allow you to change it. Make sure you use the script on Ubuntu as that is where I created it and I know it works out the box
On 19 Nov 2023, at 00:40, Tim Hausotte ***@***.***> wrote:
Facing the exact same issue. Exactly followed the documentation (https://documentation.wazuh.com/current/deployment-options/docker/wazuh-container.html#setting-the-new-password).
To break down what i did:
docker-compose down
docker run --rm -ti wazuh/wazuh-indexer:4.6.0 bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/hash.sh
# Enter Password and copy hash
vim config/wazuh_indexer/internal_users.yml
# Paste hash for admin user
vim docker-compose.yml
# Enter new password for admin in line 24 and 81 (INDEXER_PASSWORD)
docker-compose up -d
# Restart stack
docker exec -it single-node_wazuh.indexer_1 bash
# Bash into container an ran:
export INSTALLATION_DIR=/usr/share/wazuh-indexer
CACERT=$INSTALLATION_DIR/certs/root-ca.pem
KEY=$INSTALLATION_DIR/certs/admin-key.pem
CERT=$INSTALLATION_DIR/certs/admin.pem
export JAVA_HOME=/usr/share/wazuh-indexer/jdk
bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh -cd /usr/share/wazuh-indexer/opensearch-security/ -nhnv -cacert $CACERT -cert $CERT -key $KEY -p 9200 -icl
exit
For testing purpose i used Sec and other passwords with and without special characters as the new password. Nothing worked.
It's hilarious when you consider for how long this problem has existed.
Ref.:
https://www.reddit.com/r/Wazuh/comments/15c6xv8/issues_resetting_wazuh_docker_manager_default/
#677 (comment)<#677 (comment)>
https://groups.google.com/g/wazuh/c/s9wuxG7rhMg/m/MuQ62TKYDgAJ
wazuh/wazuh#7772<wazuh/wazuh#7772>
It would be nice to get some feedback on this.
—
Reply to this email directly, view it on GitHub<#838 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AA3V2QSG7MEXGTN7R3BMPGLYFFIOVAVCNFSM6AAAAAAX5JTTPSVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQMJXG4YDEMBZGI>.
You are receiving this because you commented.Message ID: ***@***.***>
|
|
Please, instead of contributing an old issue with new entries, open new issues referring to this issue so we can take them into account individually. I will communicate with the team again about your comments, thanks all for your contributions. The issue is closed as the original issue was resolved. |
I run docker using single-node and branch 4.4.1. According to the doc, to change the passwords all I need to do is to replace
occurrences of 'SecretPassword' and 'MyS3cr37P450r.*-' with what we want. The files involved are:
../.github/workflows/push.yml
docker-compose.yml
config/wazuh_dashboard/wazuh.yml
I did this and then run through the docker commands to generate ssl and docker-compose up. But when I am asked to login I found that the password I chose did not get used and the default passwords get used.
Are there hidden references to these default passwords hard coded somewhere else?
Also, I tried to use docker with default passwords and then later tried to change the passwords, that procedure did not work either.
Since using a security tool such as wazuh with default passwords is a huge red flag, I hope such security related issues can be addressed with high priority.
Thanks
Richard
The text was updated successfully, but these errors were encountered: