ACCESS "/agents" WAZUH API ENDPOINT FAILS
91 views
Skip to first unread message
Oscar Piñeros
Dec 29, 2023, 4:19:34 PM12/29/23
to Wazuh | Mailing List
Hi Wazuh Team,
I have an application in angular/typescript and I try to access wazuh api.
I get JWT token with this script:
GetTokenWazuh(): Observable<any> {
const user = "wazuh-wui";
const pwd = “XXXXXXXXXXXXXXXXXX”;
const autenticacionUrl = `https://wazuhsrv.wayuu.com:55000/security/user/authenticate`;
const credentials = {
user: user,
pwd: pwd
};
const auth = encode('wazuh-wui:XXXXXXXXXXXXXXXXXX');
const httpOptions = {
headers: new HttpHeaders({
'Host': 'wazuh.wayuu.com:55000',
'Access-Control-Allow-Origin': 'https://wazuhsrv.wayuu.com:55000',
'Access-Control-Allow-Headers': '*',
'Access-Control-Allow-Methods': 'GET, POST, OPTIONS, PUT, DELETE',
'Access-Control-Request-Headers': 'access-control-allow-methods,access-control-allow-origin,authorization,content-type',
'Cache-Control': 'no-cache',
'DNT': '1',
'Origin': 'http://core.wayuu.com:4200',
'Authorization': `Basic ${auth}`,
'X-Skip-Cert-Check': 'true',
'rejectunauthorized': 'false'
}),
withCredentials: true
};
return this.httpClient.post(autenticacionUrl, credentials, httpOptions);
};
This working fine, wazuh API response with JWT Token:
wazuh api.log
2023/12/29 20:32:59 DEBUG2: Receiving headers {'Host': 'wazuhsrv.wayuu.com:55000', 'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:121.0) Gecko/20100101 Firefox/121.0', 'Accept': '*/*', 'Accept-Language': 'es-ES,es;q=0.8,en-US;q=0.5,en;q=0.3', 'Accept-Encoding': 'gzip, deflate, br', 'Access-Control-Request-Method': 'POST', 'Access-Control-Request-Headers': 'access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,authorization,cache-control,content-type,rejectunauthorized,x-skip-cert-check', 'Referer': 'http://core.wayuu.com:4200/', 'Origin': 'http://core.wayuu.com:4200', 'DNT': '1', 'Connection': 'keep-alive', 'Sec-Fetch-Dest': 'empty', 'Sec-Fetch-Mode': 'cors', 'Sec-Fetch-Site': 'cross-site'}
2023/12/29 20:32:59 INFO: unknown_user 192.168.200.101 "OPTIONS /security/user/authenticate" with parameters {} and body {} done in 0.018s: 200
2023/12/29 20:32:59 DEBUG2: Receiving headers {'Host': 'wazuhsrv.wayuu.com:55000', 'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:121.0) Gecko/20100101 Firefox/121.0', 'Accept': 'application/json, text/plain, */*', 'Accept-Language': 'es-ES,es;q=0.8,en-US;q=0.5,en;q=0.3', 'Accept-Encoding': 'gzip, deflate, br', 'Access-Control-Allow-Origin': 'https://wazuhsrv.wayuu.com:55000', 'Access-Control-Allow-Headers': '*', 'Access-Control-Allow-Methods': 'GET, POST, OPTIONS, PUT, DELETE', 'Cache-Control': 'no-cache', 'Authorization': 'Basic d2F6dWgtd3VpOmhELkVUbT9BK2xKWCpUaXN1eDE5WVd0aTRRWmRya3gw', 'X-Skip-Cert-Check': 'true', 'rejectunauthorized': 'false', 'Content-Type': 'application/json', 'Content-Length': '61', 'Origin': 'http://core.wayuu.com:4200', 'DNT': '1', 'Connection': 'keep-alive', 'Referer': 'http://core.wayuu.com:4200/', 'Sec-Fetch-Dest': 'empty', 'Sec-Fetch-Mode': 'cors', 'Sec-Fetch-Site': 'cross-site'}
2023/12/29 20:32:59 DEBUG: Getting data and status code
2023/12/29 20:32:59 DEBUG2: Receiving parameters {'user': 'wazuh-wui', 'password': '****'}
2023/12/29 20:32:59 DEBUG2: Starting to execute request locally
2023/12/29 20:33:00 DEBUG2: Finished executing request locally
2023/12/29 20:33:00 DEBUG2: Time calculating request result: 0.732s
2023/12/29 20:33:00 DEBUG2: Receiving parameters {'user_id': 'wazuh-wui'}
2023/12/29 20:33:00 DEBUG2: Starting to execute request locally
2023/12/29 20:33:00 DEBUG2: Finished executing request locally
2023/12/29 20:33:00 DEBUG2: Time calculating request result: 0.611s
2023/12/29 20:33:00 DEBUG2: Receiving parameters {}
2023/12/29 20:33:00 DEBUG2: Starting to execute request locally
2023/12/29 20:33:00 DEBUG2: Finished executing request locally
2023/12/29 20:33:00 DEBUG2: Time calculating request result: 0.008s
2023/12/29 20:33:00 INFO: wazuh-wui 192.168.200.101 "POST /security/user/authenticate" with parameters {} and body {"user": "wazuh-wui", "pwd": “XXXXXXXX”} done in 1.383s: 200
With the JWT token I access to "/syscollector/001/hardware" endpoint, and it’s working:
GetInventoryDevice():Observable<any> {
const httpOptions = {
headers: new HttpHeaders({
'Access-Control-Allow-Origin': 'https://192.168.200.116:55000',
'Access-Control-Allow-Headers': '*',
'Access-Control-Allow-Methods': 'GET, POST, OPTIONS, PUT, DELETE',
'Access-Control-Request-Headers': 'access-control-allow-methods,access-control-allow-origin,authorization,content-type',
'Content-Type': 'application/json',
'Accept': '*',
'Accept-Encoding': 'gzip; deflate; br',
'Connection': 'keep-alive',
'Host': 'wazuhsrv.wayuu.com:55000',
'X-Skip-Cert-Check': 'true',
'rejectunauthorized': 'false',
'Authorization': 'Bearer eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNzAzODgwNzg5LCJleHAiOjE3MDM4ODE2ODksInN1YiI6IndhenVoLXd1aSIsInJ1bl9hcyI6ZmFsc2UsInJiYWNfcm9sZXMiOlsxXSwicmJhY19tb2RlIjoiYmxhY2sifQ.AWwya3T9RYYyald1Z9kSHNI0dUGduKAnkR5ayTqpGmLZs3a5ck7QhbnAj8CTjELVia7mwCgOdOxu6FQTrB88LOJkARqTsQj8BZ1j-1gTOaKO90veEY2O3nm1Qr1GCpWYeN3_BLoPSMV5NZVpCt521Q04izD4xXj3W6MDS_9LESML1LfE'
}),
};
return this.httpClient.get<any>('https://wazuhsrv.wayuu.com:55000/syscollector/001/hardware', httpOptions );
};
wazuh api.log result:
2023/12/29 20:42:41 DEBUG2: Receiving headers {'Host': 'wazuhsrv.wayuu.com:55000', 'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:121.0) Gecko/20100101 Firefox/121.0', 'Accept': '*/*', 'Accept-Language': 'es-ES,es;q=0.8,en-US;q=0.5,en;q=0.3', 'Accept-Encoding': 'gzip, deflate, br', 'Access-Control-Request-Method': 'POST', 'Access-Control-Request-Headers': 'access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,authorization,cache-control,content-type,rejectunauthorized,x-skip-cert-check', 'Referer': 'http://core.wayuu.com:4200/', 'Origin': 'http://core.wayuu.com:4200', 'DNT': '1', 'Connection': 'keep-alive', 'Sec-Fetch-Dest': 'empty', 'Sec-Fetch-Mode': 'cors', 'Sec-Fetch-Site': 'cross-site'}
2023/12/29 20:42:41 INFO: unknown_user 192.168.200.101 "OPTIONS /security/user/authenticate" with parameters {} and body {} done in 0.002s: 200
2023/12/29 20:42:41 DEBUG2: Receiving headers {'Host': 'wazuhsrv.wayuu.com:55000', 'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:121.0) Gecko/20100101 Firefox/121.0', 'Accept': 'application/json, text/plain, */*', 'Accept-Language': 'es-ES,es;q=0.8,en-US;q=0.5,en;q=0.3', 'Accept-Encoding': 'gzip, deflate, br', 'Access-Control-Allow-Origin': 'https://wazuhsrv.wayuu.com:55000', 'Access-Control-Allow-Headers': '*', 'Access-Control-Allow-Methods': 'GET, POST, OPTIONS, PUT, DELETE', 'Cache-Control': 'no-cache', 'Authorization': 'Basic d2F6dWgtd3VpOmhELkVUbT9BK2xKWCpUaXN1eDE5WVd0aTRRWmRya3gw', 'X-Skip-Cert-Check': 'true', 'rejectunauthorized': 'false', 'Content-Type': 'application/json', 'Content-Length': '61', 'Origin': 'http://core.wayuu.com:4200', 'DNT': '1', 'Connection': 'keep-alive', 'Referer': 'http://core.wayuu.com:4200/', 'Sec-Fetch-Dest': 'empty', 'Sec-Fetch-Mode': 'cors', 'Sec-Fetch-Site': 'cross-site'}
2023/12/29 20:42:41 DEBUG: Getting data and status code
2023/12/29 20:42:41 DEBUG2: Receiving parameters {'user': 'wazuh-wui', 'password': '****'}
2023/12/29 20:42:41 DEBUG2: Starting to execute request locally
2023/12/29 20:42:41 DEBUG2: Finished executing request locally
2023/12/29 20:42:41 DEBUG2: Time calculating request result: 0.658s
2023/12/29 20:42:41 DEBUG2: Receiving parameters {'user_id': 'wazuh-wui'}
2023/12/29 20:42:41 DEBUG2: Starting to execute request locally
2023/12/29 20:42:42 DEBUG2: Finished executing request locally
2023/12/29 20:42:42 DEBUG2: Time calculating request result: 0.358s
2023/12/29 20:42:42 DEBUG2: Receiving parameters {}
2023/12/29 20:42:42 DEBUG2: Starting to execute request locally
2023/12/29 20:42:42 DEBUG2: Finished executing request locally
2023/12/29 20:42:42 DEBUG2: Time calculating request result: 0.016s
2023/12/29 20:42:42 INFO: wazuh-wui 192.168.200.101 "POST /security/user/authenticate" with parameters {} and body {"user": "wazuh-wui", "pwd": "hD.ETm?A+lJX*Tisux19YWti4QZdrkx0"} done in 1.043s: 200
2023/12/29 20:42:42 DEBUG2: Receiving headers {'Host': 'wazuhsrv.wayuu.com:55000', 'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:121.0) Gecko/20100101 Firefox/121.0', 'Accept': '*/*', 'Accept-Language': 'es-ES,es;q=0.8,en-US;q=0.5,en;q=0.3', 'Accept-Encoding': 'gzip, deflate, br', 'Access-Control-Request-Method': 'GET', 'Access-Control-Request-Headers': 'access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,authorization,content-type,rejectunauthorized,x-skip-cert-check', 'Referer': 'http://core.wayuu.com:4200/', 'Origin': 'http://core.wayuu.com:4200', 'DNT': '1', 'Connection': 'keep-alive', 'Sec-Fetch-Dest': 'empty', 'Sec-Fetch-Mode': 'cors', 'Sec-Fetch-Site': 'cross-site'}
2023/12/29 20:42:42 INFO: unknown_user 192.168.200.101 "OPTIONS /syscollector/001/hardware" with parameters {} and body {} done in 0.006s: 200
2023/12/29 20:42:42 DEBUG2: Receiving headers {'Host': 'wazuhsrv.wayuu.com:55000', 'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:121.0) Gecko/20100101 Firefox/121.0', 'Accept': '*', 'Accept-Language': 'es-ES,es;q=0.8,en-US;q=0.5,en;q=0.3', 'Accept-Encoding': 'gzip, deflate, br', 'Access-Control-Allow-Origin': 'https://192.168.200.116:55000', 'Access-Control-Allow-Headers': '*', 'Access-Control-Allow-Methods': 'GET, POST, OPTIONS, PUT, DELETE', 'Content-Type': 'application/json', 'X-Skip-Cert-Check': 'true', 'rejectunauthorized': 'false', 'Authorization': 'Bearer eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNzAzODgyNTYyLCJleHAiOjE3MDM4ODM0NjIsInN1YiI6IndhenVoLXd1aSIsInJ1bl9hcyI6ZmFsc2UsInJiYWNfcm9sZXMiOlsxXSwicmJhY19tb2RlIjoiYmxhY2sifQ.Aa9EbS95WbWu24q-IPOxsz7TODu7YIv_o7wlPpYtSwvl9JacH1sjXb01MFNqBtP0f6eNe5pbSfhJsJSvwkwHibyeAATyyCZTbeAOOAIzAI-Fk8ZJgcbcMSvYu1fSVGezXG5s9wn0X3xvFqFM0tDsF_SIn1RwLLLoJX7L2g8H8i0KjNeM', 'Origin': 'http://core.wayuu.com:4200', 'DNT': '1', 'Connection': 'keep-alive', 'Referer': 'http://core.wayuu.com:4200/', 'Sec-Fetch-Dest': 'empty', 'Sec-Fetch-Mode': 'cors', 'Sec-Fetch-Site': 'cross-site'}
2023/12/29 20:42:42 DEBUG: Getting data and status code
2023/12/29 20:42:42 DEBUG: Decoded token {'username': 'wazuh-wui', 'roles': (1,), 'token_nbf_time': 1703882562, 'run_as': False, 'origin_node_type': 'master'}
2023/12/29 20:42:42 DEBUG2: Starting to execute request locally
2023/12/29 20:42:42 DEBUG2: Finished executing request locally
2023/12/29 20:42:42 DEBUG2: Time calculating request result: 0.085s
2023/12/29 20:42:42 DEBUG2: Receiving parameters {}
2023/12/29 20:42:42 DEBUG2: Starting to execute request locally
2023/12/29 20:42:42 DEBUG2: Finished executing request locally
2023/12/29 20:42:42 DEBUG2: Time calculating request result: 0.009s
2023/12/29 20:42:42 DEBUG2: Receiving parameters {'agent_list': ['001'], 'element_type': 'hardware'}
2023/12/29 20:42:42 DEBUG2: Starting to execute request locally
2023/12/29 20:42:42 DEBUG2: Finished executing request locally
2023/12/29 20:42:42 DEBUG2: Time calculating request result: 0.021s
2023/12/29 20:42:42 INFO: wazuh-wui 192.168.200.101 "GET /syscollector/001/hardware" with parameters {} and body {} done in 0.140s: 200
Working Fine, response code is 200, but when I try access to "/agents" endpoint with the same script:
GetInventoryDevice():Observable<any> {
const httpOptions = {
headers: new HttpHeaders({
'Access-Control-Allow-Origin': 'https://192.168.200.116:55000',
'Access-Control-Allow-Headers': '*',
'Access-Control-Allow-Methods': 'GET, POST, OPTIONS, PUT, DELETE',
'Access-Control-Request-Headers': 'access-control-allow-methods,access-control-allow-origin,authorization,content-type',
'Content-Type': 'application/json',
'Accept': '*',
'Accept-Encoding': 'gzip; deflate; br',
'Connection': 'keep-alive',
'Host': 'wazuhsrv.wayuu.com:55000',
'X-Skip-Cert-Check': 'true',
'rejectunauthorized': 'false',
'Authorization': 'Bearer eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNzAzODgwNzg5LCJleHAiOjE3MDM4ODE2ODksInN1YiI6IndhenVoLXd1aSIsInJ1bl9hcyI6ZmFsc2UsInJiYWNfcm9sZXMiOlsxXSwicmJhY19tb2RlIjoiYmxhY2sifQ.AWwya3T9RYYyald1Z9kSHNI0dUGduKAnkR5ayTqpGmLZs3a5ck7QhbnAj8CTjELVia7mwCgOdOxu6FQTrB88LOJkARqTsQj8BZ1j-1gTOaKO90veEY2O3nm1Qr1GCpWYeN3_BLoPSMV5NZVpCt521Q04izD4xXj3W6MDS_9LESML1LfE'
}),
};
return this.httpClient.get<any>('https://wazuhsrv.wayuu.com:55000/agents’, httpOptions );
};
Not working:
wazuh api.log result:
2023/12/29 20:47:23 DEBUG2: Receiving headers {'Host': 'wazuhsrv.wayuu.com:55000', 'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:121.0) Gecko/20100101 Firefox/121.0', 'Accept': '*/*', 'Accept-Language': 'es-ES,es;q=0.8,en-US;q=0.5,en;q=0.3', 'Accept-Encoding': 'gzip, deflate, br', 'Access-Control-Request-Method': 'POST', 'Access-Control-Request-Headers': 'access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,authorization,cache-control,content-type,rejectunauthorized,x-skip-cert-check', 'Referer': 'http://core.wayuu.com:4200/', 'Origin': 'http://core.wayuu.com:4200', 'DNT': '1', 'Connection': 'keep-alive', 'Sec-Fetch-Dest': 'empty', 'Sec-Fetch-Mode': 'cors', 'Sec-Fetch-Site': 'cross-site'}
2023/12/29 20:47:23 INFO: unknown_user 192.168.200.101 "OPTIONS /security/user/authenticate" with parameters {} and body {} done in 0.002s: 200
2023/12/29 20:47:23 DEBUG2: Receiving headers {'Host': 'wazuhsrv.wayuu.com:55000', 'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:121.0) Gecko/20100101 Firefox/121.0', 'Accept': 'application/json, text/plain, */*', 'Accept-Language': 'es-ES,es;q=0.8,en-US;q=0.5,en;q=0.3', 'Accept-Encoding': 'gzip, deflate, br', 'Access-Control-Allow-Origin': 'https://wazuhsrv.wayuu.com:55000', 'Access-Control-Allow-Headers': '*', 'Access-Control-Allow-Methods': 'GET, POST, OPTIONS, PUT, DELETE', 'Cache-Control': 'no-cache', 'Authorization': 'Basic d2F6dWgtd3VpOmhELkVUbT9BK2xKWCpUaXN1eDE5WVd0aTRRWmRya3gw', 'X-Skip-Cert-Check': 'true', 'rejectunauthorized': 'false', 'Content-Type': 'application/json', 'Content-Length': '61', 'Origin': 'http://core.wayuu.com:4200', 'DNT': '1', 'Connection': 'keep-alive', 'Referer': 'http://core.wayuu.com:4200/', 'Sec-Fetch-Dest': 'empty', 'Sec-Fetch-Mode': 'cors', 'Sec-Fetch-Site': 'cross-site'}
2023/12/29 20:47:23 DEBUG: Getting data and status code
2023/12/29 20:47:23 DEBUG2: Receiving parameters {'user': 'wazuh-wui', 'password': '****'}
2023/12/29 20:47:23 DEBUG2: Starting to execute request locally
2023/12/29 20:47:24 DEBUG2: Finished executing request locally
2023/12/29 20:47:24 DEBUG2: Time calculating request result: 0.509s
2023/12/29 20:47:24 DEBUG2: Receiving parameters {'user_id': 'wazuh-wui'}
2023/12/29 20:47:24 DEBUG2: Starting to execute request locally
2023/12/29 20:47:24 DEBUG2: Finished executing request locally
2023/12/29 20:47:24 DEBUG2: Time calculating request result: 0.205s
2023/12/29 20:47:24 DEBUG2: Receiving parameters {}
2023/12/29 20:47:24 DEBUG2: Starting to execute request locally
2023/12/29 20:47:24 DEBUG2: Finished executing request locally
2023/12/29 20:47:24 DEBUG2: Time calculating request result: 0.007s
2023/12/29 20:47:24 INFO: wazuh-wui 192.168.200.101 "POST /security/user/authenticate" with parameters {} and body {"user": "wazuh-wui", "pwd": "hD.ETm?A+lJX*Tisux19YWti4QZdrkx0"} done in 0.727s: 200
2023/12/29 20:47:25 DEBUG2: Receiving headers {'Host': 'wazuhsrv.wayuu.com:55000', 'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:121.0) Gecko/20100101 Firefox/121.0', 'Accept': '*/*', 'Accept-Language': 'es-ES,es;q=0.8,en-US;q=0.5,en;q=0.3', 'Accept-Encoding': 'gzip, deflate, br', 'Access-Control-Request-Method': 'GET', 'Access-Control-Request-Headers': 'access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,authorization,content-type,rejectunauthorized,x-skip-cert-check', 'Referer': 'http://core.wayuu.com:4200/', 'Origin': 'http://core.wayuu.com:4200', 'DNT': '1', 'Connection': 'keep-alive', 'Sec-Fetch-Dest': 'empty', 'Sec-Fetch-Mode': 'cors', 'Sec-Fetch-Site': 'cross-site'}
2023/12/29 20:47:25 INFO: unknown_user 192.168.200.101 "OPTIONS /agents" with parameters {} and body {} done in 0.002s: 403
Response code is 403.
Note: With postman I don’t have any problem.
I was reading all wazuh api documentation and I don’t know what is the problem with my Angular/Typesript scripts.
could anybody help me? I would really appreciate it.
Thanks,
Regards and Happy new year!!!
I have an application in angular/typescript and I try to access wazuh api.
I get JWT token with this script:
GetTokenWazuh(): Observable<any> {
const user = "wazuh-wui";
const pwd = “XXXXXXXXXXXXXXXXXX”;
const autenticacionUrl = `https://wazuhsrv.wayuu.com:55000/security/user/authenticate`;
const credentials = {
user: user,
pwd: pwd
};
const auth = encode('wazuh-wui:XXXXXXXXXXXXXXXXXX');
const httpOptions = {
headers: new HttpHeaders({
'Host': 'wazuh.wayuu.com:55000',
'Access-Control-Allow-Origin': 'https://wazuhsrv.wayuu.com:55000',
'Access-Control-Allow-Headers': '*',
'Access-Control-Allow-Methods': 'GET, POST, OPTIONS, PUT, DELETE',
'Access-Control-Request-Headers': 'access-control-allow-methods,access-control-allow-origin,authorization,content-type',
'Cache-Control': 'no-cache',
'DNT': '1',
'Origin': 'http://core.wayuu.com:4200',
'Authorization': `Basic ${auth}`,
'X-Skip-Cert-Check': 'true',
'rejectunauthorized': 'false'
}),
withCredentials: true
};
return this.httpClient.post(autenticacionUrl, credentials, httpOptions);
};
This working fine, wazuh API response with JWT Token:
wazuh api.log
2023/12/29 20:32:59 DEBUG2: Receiving headers {'Host': 'wazuhsrv.wayuu.com:55000', 'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:121.0) Gecko/20100101 Firefox/121.0', 'Accept': '*/*', 'Accept-Language': 'es-ES,es;q=0.8,en-US;q=0.5,en;q=0.3', 'Accept-Encoding': 'gzip, deflate, br', 'Access-Control-Request-Method': 'POST', 'Access-Control-Request-Headers': 'access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,authorization,cache-control,content-type,rejectunauthorized,x-skip-cert-check', 'Referer': 'http://core.wayuu.com:4200/', 'Origin': 'http://core.wayuu.com:4200', 'DNT': '1', 'Connection': 'keep-alive', 'Sec-Fetch-Dest': 'empty', 'Sec-Fetch-Mode': 'cors', 'Sec-Fetch-Site': 'cross-site'}
2023/12/29 20:32:59 INFO: unknown_user 192.168.200.101 "OPTIONS /security/user/authenticate" with parameters {} and body {} done in 0.018s: 200
2023/12/29 20:32:59 DEBUG2: Receiving headers {'Host': 'wazuhsrv.wayuu.com:55000', 'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:121.0) Gecko/20100101 Firefox/121.0', 'Accept': 'application/json, text/plain, */*', 'Accept-Language': 'es-ES,es;q=0.8,en-US;q=0.5,en;q=0.3', 'Accept-Encoding': 'gzip, deflate, br', 'Access-Control-Allow-Origin': 'https://wazuhsrv.wayuu.com:55000', 'Access-Control-Allow-Headers': '*', 'Access-Control-Allow-Methods': 'GET, POST, OPTIONS, PUT, DELETE', 'Cache-Control': 'no-cache', 'Authorization': 'Basic d2F6dWgtd3VpOmhELkVUbT9BK2xKWCpUaXN1eDE5WVd0aTRRWmRya3gw', 'X-Skip-Cert-Check': 'true', 'rejectunauthorized': 'false', 'Content-Type': 'application/json', 'Content-Length': '61', 'Origin': 'http://core.wayuu.com:4200', 'DNT': '1', 'Connection': 'keep-alive', 'Referer': 'http://core.wayuu.com:4200/', 'Sec-Fetch-Dest': 'empty', 'Sec-Fetch-Mode': 'cors', 'Sec-Fetch-Site': 'cross-site'}
2023/12/29 20:32:59 DEBUG: Getting data and status code
2023/12/29 20:32:59 DEBUG2: Receiving parameters {'user': 'wazuh-wui', 'password': '****'}
2023/12/29 20:32:59 DEBUG2: Starting to execute request locally
2023/12/29 20:33:00 DEBUG2: Finished executing request locally
2023/12/29 20:33:00 DEBUG2: Time calculating request result: 0.732s
2023/12/29 20:33:00 DEBUG2: Receiving parameters {'user_id': 'wazuh-wui'}
2023/12/29 20:33:00 DEBUG2: Starting to execute request locally
2023/12/29 20:33:00 DEBUG2: Finished executing request locally
2023/12/29 20:33:00 DEBUG2: Time calculating request result: 0.611s
2023/12/29 20:33:00 DEBUG2: Receiving parameters {}
2023/12/29 20:33:00 DEBUG2: Starting to execute request locally
2023/12/29 20:33:00 DEBUG2: Finished executing request locally
2023/12/29 20:33:00 DEBUG2: Time calculating request result: 0.008s
2023/12/29 20:33:00 INFO: wazuh-wui 192.168.200.101 "POST /security/user/authenticate" with parameters {} and body {"user": "wazuh-wui", "pwd": “XXXXXXXX”} done in 1.383s: 200
With the JWT token I access to "/syscollector/001/hardware" endpoint, and it’s working:
GetInventoryDevice():Observable<any> {
const httpOptions = {
headers: new HttpHeaders({
'Access-Control-Allow-Origin': 'https://192.168.200.116:55000',
'Access-Control-Allow-Headers': '*',
'Access-Control-Allow-Methods': 'GET, POST, OPTIONS, PUT, DELETE',
'Access-Control-Request-Headers': 'access-control-allow-methods,access-control-allow-origin,authorization,content-type',
'Content-Type': 'application/json',
'Accept': '*',
'Accept-Encoding': 'gzip; deflate; br',
'Connection': 'keep-alive',
'Host': 'wazuhsrv.wayuu.com:55000',
'X-Skip-Cert-Check': 'true',
'rejectunauthorized': 'false',
'Authorization': 'Bearer eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNzAzODgwNzg5LCJleHAiOjE3MDM4ODE2ODksInN1YiI6IndhenVoLXd1aSIsInJ1bl9hcyI6ZmFsc2UsInJiYWNfcm9sZXMiOlsxXSwicmJhY19tb2RlIjoiYmxhY2sifQ.AWwya3T9RYYyald1Z9kSHNI0dUGduKAnkR5ayTqpGmLZs3a5ck7QhbnAj8CTjELVia7mwCgOdOxu6FQTrB88LOJkARqTsQj8BZ1j-1gTOaKO90veEY2O3nm1Qr1GCpWYeN3_BLoPSMV5NZVpCt521Q04izD4xXj3W6MDS_9LESML1LfE'
}),
};
return this.httpClient.get<any>('https://wazuhsrv.wayuu.com:55000/syscollector/001/hardware', httpOptions );
};
wazuh api.log result:
2023/12/29 20:42:41 DEBUG2: Receiving headers {'Host': 'wazuhsrv.wayuu.com:55000', 'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:121.0) Gecko/20100101 Firefox/121.0', 'Accept': '*/*', 'Accept-Language': 'es-ES,es;q=0.8,en-US;q=0.5,en;q=0.3', 'Accept-Encoding': 'gzip, deflate, br', 'Access-Control-Request-Method': 'POST', 'Access-Control-Request-Headers': 'access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,authorization,cache-control,content-type,rejectunauthorized,x-skip-cert-check', 'Referer': 'http://core.wayuu.com:4200/', 'Origin': 'http://core.wayuu.com:4200', 'DNT': '1', 'Connection': 'keep-alive', 'Sec-Fetch-Dest': 'empty', 'Sec-Fetch-Mode': 'cors', 'Sec-Fetch-Site': 'cross-site'}
2023/12/29 20:42:41 INFO: unknown_user 192.168.200.101 "OPTIONS /security/user/authenticate" with parameters {} and body {} done in 0.002s: 200
2023/12/29 20:42:41 DEBUG2: Receiving headers {'Host': 'wazuhsrv.wayuu.com:55000', 'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:121.0) Gecko/20100101 Firefox/121.0', 'Accept': 'application/json, text/plain, */*', 'Accept-Language': 'es-ES,es;q=0.8,en-US;q=0.5,en;q=0.3', 'Accept-Encoding': 'gzip, deflate, br', 'Access-Control-Allow-Origin': 'https://wazuhsrv.wayuu.com:55000', 'Access-Control-Allow-Headers': '*', 'Access-Control-Allow-Methods': 'GET, POST, OPTIONS, PUT, DELETE', 'Cache-Control': 'no-cache', 'Authorization': 'Basic d2F6dWgtd3VpOmhELkVUbT9BK2xKWCpUaXN1eDE5WVd0aTRRWmRya3gw', 'X-Skip-Cert-Check': 'true', 'rejectunauthorized': 'false', 'Content-Type': 'application/json', 'Content-Length': '61', 'Origin': 'http://core.wayuu.com:4200', 'DNT': '1', 'Connection': 'keep-alive', 'Referer': 'http://core.wayuu.com:4200/', 'Sec-Fetch-Dest': 'empty', 'Sec-Fetch-Mode': 'cors', 'Sec-Fetch-Site': 'cross-site'}
2023/12/29 20:42:41 DEBUG: Getting data and status code
2023/12/29 20:42:41 DEBUG2: Receiving parameters {'user': 'wazuh-wui', 'password': '****'}
2023/12/29 20:42:41 DEBUG2: Starting to execute request locally
2023/12/29 20:42:41 DEBUG2: Finished executing request locally
2023/12/29 20:42:41 DEBUG2: Time calculating request result: 0.658s
2023/12/29 20:42:41 DEBUG2: Receiving parameters {'user_id': 'wazuh-wui'}
2023/12/29 20:42:41 DEBUG2: Starting to execute request locally
2023/12/29 20:42:42 DEBUG2: Finished executing request locally
2023/12/29 20:42:42 DEBUG2: Time calculating request result: 0.358s
2023/12/29 20:42:42 DEBUG2: Receiving parameters {}
2023/12/29 20:42:42 DEBUG2: Starting to execute request locally
2023/12/29 20:42:42 DEBUG2: Finished executing request locally
2023/12/29 20:42:42 DEBUG2: Time calculating request result: 0.016s
2023/12/29 20:42:42 INFO: wazuh-wui 192.168.200.101 "POST /security/user/authenticate" with parameters {} and body {"user": "wazuh-wui", "pwd": "hD.ETm?A+lJX*Tisux19YWti4QZdrkx0"} done in 1.043s: 200
2023/12/29 20:42:42 DEBUG2: Receiving headers {'Host': 'wazuhsrv.wayuu.com:55000', 'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:121.0) Gecko/20100101 Firefox/121.0', 'Accept': '*/*', 'Accept-Language': 'es-ES,es;q=0.8,en-US;q=0.5,en;q=0.3', 'Accept-Encoding': 'gzip, deflate, br', 'Access-Control-Request-Method': 'GET', 'Access-Control-Request-Headers': 'access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,authorization,content-type,rejectunauthorized,x-skip-cert-check', 'Referer': 'http://core.wayuu.com:4200/', 'Origin': 'http://core.wayuu.com:4200', 'DNT': '1', 'Connection': 'keep-alive', 'Sec-Fetch-Dest': 'empty', 'Sec-Fetch-Mode': 'cors', 'Sec-Fetch-Site': 'cross-site'}
2023/12/29 20:42:42 INFO: unknown_user 192.168.200.101 "OPTIONS /syscollector/001/hardware" with parameters {} and body {} done in 0.006s: 200
2023/12/29 20:42:42 DEBUG2: Receiving headers {'Host': 'wazuhsrv.wayuu.com:55000', 'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:121.0) Gecko/20100101 Firefox/121.0', 'Accept': '*', 'Accept-Language': 'es-ES,es;q=0.8,en-US;q=0.5,en;q=0.3', 'Accept-Encoding': 'gzip, deflate, br', 'Access-Control-Allow-Origin': 'https://192.168.200.116:55000', 'Access-Control-Allow-Headers': '*', 'Access-Control-Allow-Methods': 'GET, POST, OPTIONS, PUT, DELETE', 'Content-Type': 'application/json', 'X-Skip-Cert-Check': 'true', 'rejectunauthorized': 'false', 'Authorization': 'Bearer eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNzAzODgyNTYyLCJleHAiOjE3MDM4ODM0NjIsInN1YiI6IndhenVoLXd1aSIsInJ1bl9hcyI6ZmFsc2UsInJiYWNfcm9sZXMiOlsxXSwicmJhY19tb2RlIjoiYmxhY2sifQ.Aa9EbS95WbWu24q-IPOxsz7TODu7YIv_o7wlPpYtSwvl9JacH1sjXb01MFNqBtP0f6eNe5pbSfhJsJSvwkwHibyeAATyyCZTbeAOOAIzAI-Fk8ZJgcbcMSvYu1fSVGezXG5s9wn0X3xvFqFM0tDsF_SIn1RwLLLoJX7L2g8H8i0KjNeM', 'Origin': 'http://core.wayuu.com:4200', 'DNT': '1', 'Connection': 'keep-alive', 'Referer': 'http://core.wayuu.com:4200/', 'Sec-Fetch-Dest': 'empty', 'Sec-Fetch-Mode': 'cors', 'Sec-Fetch-Site': 'cross-site'}
2023/12/29 20:42:42 DEBUG: Getting data and status code
2023/12/29 20:42:42 DEBUG: Decoded token {'username': 'wazuh-wui', 'roles': (1,), 'token_nbf_time': 1703882562, 'run_as': False, 'origin_node_type': 'master'}
2023/12/29 20:42:42 DEBUG2: Starting to execute request locally
2023/12/29 20:42:42 DEBUG2: Finished executing request locally
2023/12/29 20:42:42 DEBUG2: Time calculating request result: 0.085s
2023/12/29 20:42:42 DEBUG2: Receiving parameters {}
2023/12/29 20:42:42 DEBUG2: Starting to execute request locally
2023/12/29 20:42:42 DEBUG2: Finished executing request locally
2023/12/29 20:42:42 DEBUG2: Time calculating request result: 0.009s
2023/12/29 20:42:42 DEBUG2: Receiving parameters {'agent_list': ['001'], 'element_type': 'hardware'}
2023/12/29 20:42:42 DEBUG2: Starting to execute request locally
2023/12/29 20:42:42 DEBUG2: Finished executing request locally
2023/12/29 20:42:42 DEBUG2: Time calculating request result: 0.021s
2023/12/29 20:42:42 INFO: wazuh-wui 192.168.200.101 "GET /syscollector/001/hardware" with parameters {} and body {} done in 0.140s: 200
Working Fine, response code is 200, but when I try access to "/agents" endpoint with the same script:
GetInventoryDevice():Observable<any> {
const httpOptions = {
headers: new HttpHeaders({
'Access-Control-Allow-Origin': 'https://192.168.200.116:55000',
'Access-Control-Allow-Headers': '*',
'Access-Control-Allow-Methods': 'GET, POST, OPTIONS, PUT, DELETE',
'Access-Control-Request-Headers': 'access-control-allow-methods,access-control-allow-origin,authorization,content-type',
'Content-Type': 'application/json',
'Accept': '*',
'Accept-Encoding': 'gzip; deflate; br',
'Connection': 'keep-alive',
'Host': 'wazuhsrv.wayuu.com:55000',
'X-Skip-Cert-Check': 'true',
'rejectunauthorized': 'false',
'Authorization': 'Bearer eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNzAzODgwNzg5LCJleHAiOjE3MDM4ODE2ODksInN1YiI6IndhenVoLXd1aSIsInJ1bl9hcyI6ZmFsc2UsInJiYWNfcm9sZXMiOlsxXSwicmJhY19tb2RlIjoiYmxhY2sifQ.AWwya3T9RYYyald1Z9kSHNI0dUGduKAnkR5ayTqpGmLZs3a5ck7QhbnAj8CTjELVia7mwCgOdOxu6FQTrB88LOJkARqTsQj8BZ1j-1gTOaKO90veEY2O3nm1Qr1GCpWYeN3_BLoPSMV5NZVpCt521Q04izD4xXj3W6MDS_9LESML1LfE'
}),
};
return this.httpClient.get<any>('https://wazuhsrv.wayuu.com:55000/agents’, httpOptions );
};
Not working:
wazuh api.log result:
2023/12/29 20:47:23 DEBUG2: Receiving headers {'Host': 'wazuhsrv.wayuu.com:55000', 'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:121.0) Gecko/20100101 Firefox/121.0', 'Accept': '*/*', 'Accept-Language': 'es-ES,es;q=0.8,en-US;q=0.5,en;q=0.3', 'Accept-Encoding': 'gzip, deflate, br', 'Access-Control-Request-Method': 'POST', 'Access-Control-Request-Headers': 'access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,authorization,cache-control,content-type,rejectunauthorized,x-skip-cert-check', 'Referer': 'http://core.wayuu.com:4200/', 'Origin': 'http://core.wayuu.com:4200', 'DNT': '1', 'Connection': 'keep-alive', 'Sec-Fetch-Dest': 'empty', 'Sec-Fetch-Mode': 'cors', 'Sec-Fetch-Site': 'cross-site'}
2023/12/29 20:47:23 INFO: unknown_user 192.168.200.101 "OPTIONS /security/user/authenticate" with parameters {} and body {} done in 0.002s: 200
2023/12/29 20:47:23 DEBUG2: Receiving headers {'Host': 'wazuhsrv.wayuu.com:55000', 'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:121.0) Gecko/20100101 Firefox/121.0', 'Accept': 'application/json, text/plain, */*', 'Accept-Language': 'es-ES,es;q=0.8,en-US;q=0.5,en;q=0.3', 'Accept-Encoding': 'gzip, deflate, br', 'Access-Control-Allow-Origin': 'https://wazuhsrv.wayuu.com:55000', 'Access-Control-Allow-Headers': '*', 'Access-Control-Allow-Methods': 'GET, POST, OPTIONS, PUT, DELETE', 'Cache-Control': 'no-cache', 'Authorization': 'Basic d2F6dWgtd3VpOmhELkVUbT9BK2xKWCpUaXN1eDE5WVd0aTRRWmRya3gw', 'X-Skip-Cert-Check': 'true', 'rejectunauthorized': 'false', 'Content-Type': 'application/json', 'Content-Length': '61', 'Origin': 'http://core.wayuu.com:4200', 'DNT': '1', 'Connection': 'keep-alive', 'Referer': 'http://core.wayuu.com:4200/', 'Sec-Fetch-Dest': 'empty', 'Sec-Fetch-Mode': 'cors', 'Sec-Fetch-Site': 'cross-site'}
2023/12/29 20:47:23 DEBUG: Getting data and status code
2023/12/29 20:47:23 DEBUG2: Receiving parameters {'user': 'wazuh-wui', 'password': '****'}
2023/12/29 20:47:23 DEBUG2: Starting to execute request locally
2023/12/29 20:47:24 DEBUG2: Finished executing request locally
2023/12/29 20:47:24 DEBUG2: Time calculating request result: 0.509s
2023/12/29 20:47:24 DEBUG2: Receiving parameters {'user_id': 'wazuh-wui'}
2023/12/29 20:47:24 DEBUG2: Starting to execute request locally
2023/12/29 20:47:24 DEBUG2: Finished executing request locally
2023/12/29 20:47:24 DEBUG2: Time calculating request result: 0.205s
2023/12/29 20:47:24 DEBUG2: Receiving parameters {}
2023/12/29 20:47:24 DEBUG2: Starting to execute request locally
2023/12/29 20:47:24 DEBUG2: Finished executing request locally
2023/12/29 20:47:24 DEBUG2: Time calculating request result: 0.007s
2023/12/29 20:47:24 INFO: wazuh-wui 192.168.200.101 "POST /security/user/authenticate" with parameters {} and body {"user": "wazuh-wui", "pwd": "hD.ETm?A+lJX*Tisux19YWti4QZdrkx0"} done in 0.727s: 200
2023/12/29 20:47:25 DEBUG2: Receiving headers {'Host': 'wazuhsrv.wayuu.com:55000', 'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:121.0) Gecko/20100101 Firefox/121.0', 'Accept': '*/*', 'Accept-Language': 'es-ES,es;q=0.8,en-US;q=0.5,en;q=0.3', 'Accept-Encoding': 'gzip, deflate, br', 'Access-Control-Request-Method': 'GET', 'Access-Control-Request-Headers': 'access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,authorization,content-type,rejectunauthorized,x-skip-cert-check', 'Referer': 'http://core.wayuu.com:4200/', 'Origin': 'http://core.wayuu.com:4200', 'DNT': '1', 'Connection': 'keep-alive', 'Sec-Fetch-Dest': 'empty', 'Sec-Fetch-Mode': 'cors', 'Sec-Fetch-Site': 'cross-site'}
2023/12/29 20:47:25 INFO: unknown_user 192.168.200.101 "OPTIONS /agents" with parameters {} and body {} done in 0.002s: 403
Response code is 403.
Note: With postman I don’t have any problem.
I was reading all wazuh api documentation and I don’t know what is the problem with my Angular/Typesript scripts.
could anybody help me? I would really appreciate it.
Thanks,
Regards and Happy new year!!!
Md. Nazmur Sakib
Jan 8, 2024, 12:31:18 AM1/8/24
to Wazuh | Mailing List
Hi Oscar Piñeros,
Hope you are doing well. Thank you for using Wazuh.
Sorry for the late response. Can you share what is the current status of the issue?
Regards
Md. Nazmur Sakib
Oscar Piñeros
Jan 8, 2024, 4:08:43 PM1/8/24
to Wazuh | Mailing List
Hi Nazmur,
I have not been able to solve the issue.
Md. Nazmur Sakib
Jan 9, 2024, 4:27:19 AM1/9/24
to Wazuh | Mailing List
Hi Oscar Piñeros,
Hope you are doing well today.
I was testing the Wazuh API using JWT and it is working properly for GET /agents
From Wazuh manager server:
From another server:
In both cases it worked. I believe you have some issue in your Angular/Typesript scripts. Unfortunately I do not have expatriates on it. I would request you to recheck your script.
Let us know if you need any other information.
Regards
Md. Nazmur Sakib
Reply all
Reply to author
Forward
0 new messages