Wazuh API authorization
472 views
Skip to first unread message
zestrells
Mar 21, 2017, 9:56:56 AM3/21/17
to Wazuh mailing list
Hello Everyone,
So I have been running into a problem at work since last Friday with configuring a new api account with htpasswd for wazuh. The only curveball is that it is being deployed through docker, so I would like this account to be persistent and never go away. I have tried making an user and pass on the host computer and "ADD" or "COPY" in the Dockerfile. Please let me know if there is any help through this, thank you !
Jesus Linares
Mar 21, 2017, 7:50:46 PM3/21/17
to Wazuh mailing list
Hi,
the API credentials are stored at: /var/ossec/api/configuration/auth. This file is generated with htpasswd (/var/ossec/api/node_modules/htpasswd/bin/htpasswd).
Maybe you can overwrite that file or create a symbolic link to your persistent "auth file".
Let me know if it works.
Regards.
zestrells
Mar 22, 2017, 9:22:38 AM3/22/17
to Wazuh mailing list
So I have tried to make a new user and password under htpasswd through that directory directly in the wazuh container. I have also tried to create the API login credential through a script that runs during the "docker-compose up --build" phase. I will try and create a symbolic link, even though when I am in the container and ls -la I don't see any links being made between the default API credential and htpasswd. The only place I see a symbolic link is for htpasswd -> /var/ossec/api/node_modules/htpasswd/bin/htpasswd. Let me know if there is anything I can do. Thanks!
Jose Luis Ruiz
Mar 27, 2017, 11:09:04 AM3/27/17
to Wazuh mailing list, zestrells
Hello,
If you are using the new wazuh-docker (https://github.com/wazuh/wazuh-docker), you can use a persistent volume; in your docker-compose.yml file, uncomment the volume section in the wazuh container, and set your path under my-path option, with this option you will have wazuh-manager and wazuh-api configuration in a persistent volume and your changes will not overwritten.
[root@localhost ~]# tree
.
├── docker-compose.yml
└── wazuh
├── api
│ ├── app.js
│ ├── configuration
│ │ ├── auth
│ │ │ ├── htpasswd -> /var/ossec/api/node_modules/htpasswd/bin/htpasswd
│ │ │ └── user
│ │ ├── config.js
│ │ └── ssl
version: '2'
services:
wazuh:
image: wazuh/wazuh
hostname: wazuh-manager
restart: always
ports:
- "1514/udp:1514/udp"
- "1515:1515"
- "514/udp:514/udp"
- "55000:55000"
networks:
- docker_elk
volumes:
- my-path:/var/ossec/data
depends_on:
- elasticsearch
logstash:
image: wazuh/wazuh-logstash
hostname: logstash
restart: always
command: -f /etc/logstash/conf.d/
# volumes:
# - my-path:/etc/logstash/conf.d
links:
- kibana
- elasticsearch
ports:
- "5000:5000"
networks:
- docker_elk
depends_on:
- elasticsearch
environment:
- LS_HEAP_SIZE=2048m
elasticsearch:
image: elasticsearch:5.2.2
hostname: elasticsearch
restart: always
command: elasticsearch -E node.name="node-1" -E cluster.name="wazuh" -E network.host=0.0.0.0
ports:
- "9200:9200"
- "9300:9300"
environment:
ES_JAVA_OPTS: "-Xms2g -Xmx2g"
# volumes:
# - my-path:/usr/share/elasticsearch/data
networks:
- docker_elk
kibana:
image: wazuh/wazuh-kibana
hostname: kibana
restart: always
ports:
- "5601:5601"
networks:
- docker_elk
depends_on:
- elasticsearch
entrypoint: sh wait-for-it.sh elasticsearch
networks:
docker_elk:
driver: bridge
ipam:
config:
- subnet: 172.25.0.0/24
--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To post to this group, send email to wa...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/5831e961-e3b9-40d6-9e7d-4ab10ef8c5c9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages