Wazuh running on Ubuntu Server DOCKER changing admin password impossible read only issues
436 views
Skip to first unread message
Julian (Redicat)
Jul 20, 2023, 2:12:21 PM7/20/23
to Wazuh mailing list
Wazuh running in docker and it's up and running i can acces web interface however the password is piss weak for admin and changing it is in read only mode for whatever reason i find this inexcusable not being able to change the password inside the user-interface....
Running the command to apply the changes as in the documentation (https://documentation.wazuh.com/current/deployment-options/docker/wazuh-container.html#change-pwd-existing-usr) running docker exec -it --user root d7118e4c6eb3 bash -c "/usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh -cd /usr/share/wazuh-indexer/opensearch-security/ -nhnv -cacert /path/to/cacert.pem -cert /path/to/cert.pem -key /path/to/key.pem -p 9200 -icl" gives me permissions denied and no way around it as far as i know i have 0 knowledge about these permissions and i am running in root/su/sudo still gives me permissions denied even though changing all these config files and passwords....
Guido Iván García
Jul 24, 2023, 8:17:03 AM7/24/23
to Wazuh mailing list
Hello Julian!
I tried to change the password, and it worked. To resolve the issue you can try these steps:
Make sure you are running the command with root privileges.
Check the file permissions for the config files and ensure that the user executing the command has the necessary permissions to access them.
Verify that the paths to the certificate and key files are correct.
Ensure that the Wazuh Indexer service is running and accessible on port 9200.
If the issue persists, you can try restarting the Wazuh container and then running the command again.
If you continue to experience permission denied errors, please provide more details about your environment and the specific error messages you are encountering so that we can assist you further.
Also, if you are not using docker, you can follow these steps to change the administrator password using the command line:
Access the terminal or command prompt. Run the following command, replacing <passwd> with the new password you want to set and "admin" with the user for whom you want to change the password:
/usr/share/wazuh-indexer/plugins/opensearch-security/tools/wazuh-passwords-tool.sh -u admin -p <passwd>
If your deployment is not an all-in-one setup, perform the following additional steps:
Set the admin password in Filebeat:
echo <admin-password> | filebeat keystore add password --stdin --force
Change the password in Filebeat configuration:
nano /etc/filebeat/filebeat.yml
filebeat test output
systemctl restart filebeat
By following these steps, you should be able to change the admin password for Wazuh without encountering the permissions issue you faced earlier. For more information on password management in Wazuh, you can refer to the official documentation here: Wazuh - Password management
I tried to change the password, and it worked. To resolve the issue you can try these steps:
Make sure you are running the command with root privileges.
Check the file permissions for the config files and ensure that the user executing the command has the necessary permissions to access them.
Verify that the paths to the certificate and key files are correct.
Ensure that the Wazuh Indexer service is running and accessible on port 9200.
If the issue persists, you can try restarting the Wazuh container and then running the command again.
If you continue to experience permission denied errors, please provide more details about your environment and the specific error messages you are encountering so that we can assist you further.
Also, if you are not using docker, you can follow these steps to change the administrator password using the command line:
Access the terminal or command prompt. Run the following command, replacing <passwd> with the new password you want to set and "admin" with the user for whom you want to change the password:
/usr/share/wazuh-indexer/plugins/opensearch-security/tools/wazuh-passwords-tool.sh -u admin -p <passwd>
If your deployment is not an all-in-one setup, perform the following additional steps:
Set the admin password in Filebeat:
echo <admin-password> | filebeat keystore add password --stdin --force
Change the password in Filebeat configuration:
nano /etc/filebeat/filebeat.yml
filebeat test output
systemctl restart filebeat
By following these steps, you should be able to change the admin password for Wazuh without encountering the permissions issue you faced earlier. For more information on password management in Wazuh, you can refer to the official documentation here: Wazuh - Password management
Reply all
Reply to author
Forward
0 new messages