Had to change API password manually for distributed deployment using the assistant
508 views
Skip to first unread message
Joaquim António
Jan 26, 2023, 8:25:40 AM1/26/23
to Wazuh mailing list
Greetings,
We have 2 indexers, 2 servers and a dashboard running Rocky Linux 8.7 in our test environment, all installed using the installation assistant script as instructed in the documents, with the -i option since we are not using any of the recommended distributions.
When accessing the dashboard, there was not connection to the API. I ran the request suggested in the troubleshooting guide:
curl -k -X GET "https://<api_url>:55000/" -H "Authorization: Bearer $(curl -u <api_user>:<api_password> -k -X GET 'https://<api_url>:55000/security/user/authenticate?raw=true')"
and obtained the following output:
{"title": "Unauthorized", "detail": "No authorization token provided"}
Only when changing the api password using the wazuh-passwords-tool.sh script we could connect to the API. We used the correct password as it's in wazuh-install-files/wazuh-passwords.txt . What could have caused this problem? Is it because we are not installing it on a supported OS and there is something failing at some point due to that fact?
Any idea about what could cause this would be immensely appreciated, since it's an important step before we move this into production.
Best Regards,
Joaquim Antonio
Nahuel Figueroa
Jan 26, 2023, 8:59:05 AM1/26/23
to Wazuh mailing list
hello jotone88! a query, when executing the command in the API substitutes the values of <api_url> <api_user> and <api_password>?
Joaquim António
Jan 26, 2023, 9:17:22 AM1/26/23
to Wazuh mailing list
Greetings, Nahuel,
<api_url> is the master server node's address, as its listed in the "hosts" at /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml .
<api_user> is wazuh-wui
<api_password> is the password as its shown in at /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml and also wazuh-install-files/wazuh-passwords.txt .
Nahuel Figueroa
Jan 26, 2023, 9:43:09 AM1/26/23
to Wazuh mailing list
When executing curl -u <user>:<password> -k -X GET "https://<IP>:55000/security/user/authenticate?raw=true" , do you receive the expected JWT?
Also, which version are you using?
Also, which version are you using?
Joaquim António
Jan 26, 2023, 10:01:32 AM1/26/23
to Wazuh mailing list
Now that i changed the password yes. Before, after the default instalation, no. Im using v4.3.10
The instalations works (?) now, but the point is to investigate the issue and find out why I had to manually change the password, because this is important for future installs.
Thank you for answering
Nahuel Figueroa
Jan 26, 2023, 10:35:33 AM1/26/23
to Wazuh mailing list
Clearly you shouldn't change the password for it to work. I have investigated and it seems a credential problem. Although I can't guarantee anything since I don't know for sure how you were executing the steps. To get rid of the doubt I recommend Check these 3 pages, which informs step-by-step the install for indexer, dashboard and server...
Because you usses a playbook, but you make sure that certs are in their correct folder and with correct permissons at all:
https://documentation.wazuh.com/current/installation-guide/wazuh-indexer/step-by-step.html
https://documentation.wazuh.com/current/installation-guide/wazuh-server/step-by-step.html
https://documentation.wazuh.com/current/installation-guide/wazuh-dashboard/step-by-step.html
The image above, you can check at: /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml
See mine in picture attached
Also, you can generate the API password with command below (please, check first the step-by-step install page for dashboard, and validates that this will create password for other users, and see if is applicable to you be fore run this comand!!!!!!!) :
/usr/share/wazuh-indexer/plugins/opensearch-security/tools/wazuh-passwords-tool.sh --change-all --admin-user wazuh --admin-password wazuh
0 new messages