Change api password Docker deployment

Nik Andreevich

unread,

Aug 30, 2022, 6:09:52 AM8/30/22

to Wazuh mailing list

Hello, I use Wazuh in docker deploy in single-node mode (v4.3.6) & I try to change API_PASSWORD. First of all I follow this dock-page https://documentation.wazuh.com/current/user-manual/api/securing-api.html to secure my wazuh API. I execute : PUT /security/users/2 (for wazuh-wui user) but I cannot edit this file /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml cause i have no rights. And I get the error:
Снимок экрана 2022-08-30 в 13.08.47.png

How to change API default password in docker-deploy scheme?

Also, if I try to install Wazuh from docker from zero and change password in doker-compose.yml file before installation i'v got API credential error too.

Many thanks.

elw...@wazuh.com

unread,

Aug 30, 2022, 7:33:18 AM8/30/22

to Wazuh mailing list

Hello Nikas,

I am assuming that you have deployed the single node deployment from https://documentation.wazuh.com/current/deployment-options/docker/wazuh-container.html#single-node-deployment.

To change the API password following is the process:

Edit your docker-compose.yml file and change the environment variable API_PASSWORD to your new password (must be a combination of numbers, characters and letters). for example newPassword2021*- :

# Wazuh App Copyright (C) 2017, Wazuh Inc. (License GPLv2)
version: '3.7'

services:
wazuh.manager:
image: wazuh/wazuh-manager:4.3.7
hostname: wazuh.manager
restart: always
ports:
- "1514:1514"
- "1515:1515"
- "514:514/udp"
- "55000:55000"
environment:
- INDEXER_URL=https://wazuh.indexer:9200
- INDEXER_USERNAME=admin
- INDEXER_PASSWORD=SecretPassword
- FILEBEAT_SSL_VERIFICATION_MODE=full
- SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/root-ca.pem
- SSL_CERTIFICATE=/etc/ssl/filebeat.pem
- SSL_KEY=/etc/ssl/filebeat.key
- API_USERNAME=wazuh-wui
- API_PASSWORD=newPassword2021*-
volumes:
- wazuh_api_configuration:/var/ossec/api/configuration
- wazuh_etc:/var/ossec/etc
- wazuh_logs:/var/ossec/logs
- wazuh_queue:/var/ossec/queue
- wazuh_var_multigroups:/var/ossec/var/multigroups
- wazuh_integrations:/var/ossec/integrations
- wazuh_active_response:/var/ossec/active-response/bin
- wazuh_agentless:/var/ossec/agentless
- wazuh_wodles:/var/ossec/wodles
- filebeat_etc:/etc/filebeat
- filebeat_var:/var/lib/filebeat
- ./config/wazuh_indexer_ssl_certs/root-ca-manager.pem:/etc/ssl/root-ca.pem
- ./config/wazuh_indexer_ssl_certs/wazuh.manager.pem:/etc/ssl/filebeat.pem
- ./config/wazuh_indexer_ssl_certs/wazuh.manager-key.pem:/etc/ssl/filebeat.key
- ./config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf

wazuh.indexer:
image: wazuh/wazuh-indexer:4.3.7
hostname: wazuh.indexer
restart: always
ports:
- "9200:9200"
environment:
- "OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m"
ulimits:
memlock:
soft: -1
hard: -1
nofile:
soft: 65536
hard: 65536
volumes:
- wazuh-indexer-data:/var/lib/wazuh-indexer
- ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/config/certs/root-ca.pem
- ./config/wazuh_indexer_ssl_certs/wazuh.indexer-key.pem:/usr/share/wazuh-indexer/config/certs/wazuh.indexer.key
- ./config/wazuh_indexer_ssl_certs/wazuh.indexer.pem:/usr/share/wazuh-indexer/config/certs/wazuh.indexer.pem
- ./config/wazuh_indexer_ssl_certs/admin.pem:/usr/share/wazuh-indexer/config/certs/admin.pem
- ./config/wazuh_indexer_ssl_certs/admin-key.pem:/usr/share/wazuh-indexer/config/certs/admin-key.pem
- ./config/wazuh_indexer/wazuh.indexer.yml:/usr/share/wazuh-indexer/config/opensearch.yml
- ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/internal_users.yml

wazuh.dashboard:
image: wazuh/wazuh-dashboard:4.3.7
hostname: wazuh.dashboard
restart: always
ports:
- 443:5601
environment:
- INDEXER_USERNAME=admin
- INDEXER_PASSWORD=SecretPassword
- WAZUH_API_URL=https://wazuh.manager
- API_USERNAME=wazuh-wui
- API_PASSWORD=newPassword2021*-
volumes:
- ./config/wazuh_indexer_ssl_certs/wazuh.dashboard.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem
- ./config/wazuh_indexer_ssl_certs/wazuh.dashboard-key.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem
- ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-dashboard/certs/root-ca.pem
- ./config/wazuh_dashboard/opensearch_dashboards.yml:/usr/share/wazuh-dashboard/config/opensearch_dashboards.yml
- ./config/wazuh_dashboard/wazuh.yml:/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml
depends_on:
- wazuh.indexer
links:
- wazuh.indexer:wazuh.indexer
- wazuh.manager:wazuh.manager

volumes:
wazuh_api_configuration:
wazuh_etc:
wazuh_logs:
wazuh_queue:
wazuh_var_multigroups:
wazuh_integrations:
wazuh_active_response:
wazuh_agentless:
wazuh_wodles:
filebeat_etc:
filebeat_var:
wazuh-indexer-data:
Edit the file config/wazuh_dashboard/wazuh.yml to the new credentials:

hosts:
- 1513629884013:
url: "https://wazuh.manager"
port: 55000
username: wazuh-wui
password: newPassword2021*-
run_as: false
Apply the changes by running: docker-compose up -d

I hope this helps.

Regards,
Wali

Nik Andreevich

unread,

Aug 30, 2022, 8:00:43 AM8/30/22

to Wazuh mailing list

config/wazuh_dashboard/wazuh.yml

Oh yes thank you! I forget about this file%)

So, now it work with 3 steps:

1) use PUT /security/users/id (https://documentation.wazuh.com/current/user-manual/api/reference.html#operation/api.controllers.security_controller.update_user)

2) change password in docker-compose.yml

3) change password in config/wazuh_dashboard/wazuh.yml file.

Very strange is plain-text password in wazuh.yml file. Do you know some way to secure this? Some .env maybe?

вторник, 30 августа 2022 г. в 14:33:18 UTC+3, elw...@wazuh.com:

elw...@wazuh.com

unread,

Aug 31, 2022, 2:59:48 AM8/31/22

to Wazuh mailing list

Hello,

Glad it is working now.

Regarding your question, we consider in the future using Keystore or having an option to store the password hash instead of the file.

Regards.
Wali

Reply all

Reply to author

Forward