Wazuh API authentication question.
821 views
Skip to first unread message
Viktor Nguyen
Apr 19, 2022, 3:53:25 AM4/19/22
to Wazuh mailing list
Hello.
I see that for Wazuh API authentication, we're using the JWT token.
I see that for Wazuh API authentication, we're using the JWT token.
The token will be expired after a period of time (default 900s)
I have a monitor system that use a simple HTTP request to get the number of active/inactive agent and trigger alert if there is inactive agent. Because it's simple HTTP request, it can not follow the scheme :
1. use basic auth to get the JWT token
2. use JWT token to request to API endpoint.
So, is there anyway I can set a specific token that never expired or disable the expired function of JWT token?
Víctor Fernández Poyatos
Apr 19, 2022, 4:15:17 AM4/19/22
to Wazuh mailing list
Hello sonbeo,
For security reasons, you cannot disable the JWT authentication mechanism from the Wazuh API. Also, all the tokens must have an expiration time.
The best option here would be to add some script or mechanism to renew the token you're passing to your monitor system but, if you cannot do that, you could increase the expiration time using the PUT /security/config endpoint. This, in addition to being insecure, is not an optimal solution as you would have to update the token at some point but I do not believe there is nothing else you can do given the circunstances.
Let me know if you need anything else.
Regards,
Víctor
For security reasons, you cannot disable the JWT authentication mechanism from the Wazuh API. Also, all the tokens must have an expiration time.
The best option here would be to add some script or mechanism to renew the token you're passing to your monitor system but, if you cannot do that, you could increase the expiration time using the PUT /security/config endpoint. This, in addition to being insecure, is not an optimal solution as you would have to update the token at some point but I do not believe there is nothing else you can do given the circunstances.
Let me know if you need anything else.
Regards,
Víctor
Viktor Nguyen
Apr 19, 2022, 4:17:04 AM4/19/22
to Wazuh mailing list
Hi Victor,
Thank you for your prompt answer.
Can u tell me what is the maximum expiration time of JWT token?
Message has been deleted
Message has been deleted
John Soliani
Feb 14, 2023, 5:35:29 PM2/14/23
to Wazuh mailing list
Hello Viktor
My apologies for the delay on this, I was searching for another thing and I saw this post. Allow me to answer your question so other users checking this will find the answer.
I have changed the “auth_token_exp_timeout” value from 900 (seconds by default, 15 minutes) to 99,999,999 seconds (about 1157 days, over 3 years, not sure if its the maximum supported, but will do for most cases).
How to do this? Follow these steps:
- echo "auth_token_exp_timeout: 99999999" >> /var/ossec/api/configuration/security/security.yaml // add the parameter to change the default value.
- /var/ossec/bin/wazuh-control restart (old versions use ossec-control instead) // apply the change.
- TOK=$(curl -k -u wazuh-wui:wazuh-wui https://<WazuhManagerIP>:55000/security/user/authenticate?raw=true) // default user is wazuh-wui, default password is wazuh-wui, change them if needed.
- curl -k -XGET "https://<WazuhManagerIP>:55000/security/config" -H "Authorization: Bearer $TOK" // Verify the setting is applied.
Hope this helps!
John.-
Reply all
Reply to author
Forward
0 new messages