Creating Users in Wazuh Manager

88 views
Skip to first unread message

Namdev

unread,
Sep 17, 2021, 1:30:51 AMSep 17
to Wazuh mailing list

Dear Team,

 

Someone can tell me How to create users in Wazuh Manager with appropriate permissions.

 

1.  Create a user for Monitoring purposes only.

2.  Create a user for Configuration purposes only. Etc etc.

 

When I am trying to create user, below the error have occurred. Please check and suggest.

 

 

 

 

 

 

Sent from Mail for Windows

 

Adrián Jesús Peña Rodríguez

unread,
Sep 17, 2021, 4:07:55 AMSep 17
to Wazuh mailing list
Hi,

In order to help you, we would need more information.
 - What version of Wazuh are you running?
 - What version of Wazuh APP is installed?
 - What version of Kibana is installed?
 - Are you using Open Distro or x-pack?

In addition to these answers, please run the following requests through the devs-tools:

First, go to the devs-tools:
0.png

Then make a request to the endpoint that creates the users (POST /security/users). For this test, we are going to create a test user. Once created, we will try to enable the run_as option for it, to do this we specify the id of the user created in the endpoint PUT /security/users/user:id/run_as.
test.png

Once we solve the problem with the allow_run_as option, to create a user with monitoring permissions, we could use the readonly role.
1.png

To create a user with configuration permissions, we could use the users_admin role if we only want this user to be able to manage Wazuh's RBAC.
2.png

If you have any questions about the process, please do not hesitate to ask.

Best regards,
Adrián Peña

Namdev

unread,
Sep 18, 2021, 3:25:30 AMSep 18
to Adrián Jesús Peña Rodríguez, Wazuh mailing list

Hi Adrián Peña,

 

Below are the details as you required.

 

 - What version of Wazuh are you running? – Version 4.1.5

 - What version of Wazuh APP is installed? – Version 4.1.5

 - What version of Kibana is installed? – Version 7.10.2

 - Are you using Open Distro or x-pack? Yes, we are using Open Distro.

 

In my Scienario, we have deploy two Wazuh server. One for RnD/Testing purpose and another is for Production Environment.

 

On Production server I have created user but when I am trying to login with this user credential getting messange “INVALID USERNAME OR PASSWORD” below the snapshot for your ref.

 

 

In other hand, I am trying to create user in Testing Server getting error which I have shared with you in earlier mail.

 

As I have checked your mail, still I am not understand what to do exactly. Can you explain in brief so I can understand easily.

 

Please help.

 

 

 

 

 

 

Sent from Mail for Windows

 

From: Adrián Jesús Peña Rodríguez
Sent: 17 September 2021 13:37
To: Wazuh mailing list
Subject: Re: Creating Users in Wazuh Manager

 

Hi,

 

In order to help you, we would need more information.

 - What version of Wazuh are you running?

 - What version of Wazuh APP is installed?

 - What version of Kibana is installed?

 - Are you using Open Distro or x-pack?

 

In addition to these answers, please run the following requests through the devs-tools:

 

First, go to the devs-tools:

 

Then make a request to the endpoint that creates the users (POST /security/users). For this test, we are going to create a test user. Once created, we will try to enable the run_as option for it, to do this we specify the id of the user created in the endpoint PUT /security/users/user:id/run_as.

 

Once we solve the problem with the allow_run_as option, to create a user with monitoring permissions, we could use the readonly role.

 

To create a user with configuration permissions, we could use the users_admin role if we only want this user to be able to manage Wazuh's RBAC.

 

If you have any questions about the process, please do not hesitate to ask.

 

Best regards,

Adrián Peña

 

On Friday, September 17, 2021 at 7:30:51 AM UTC+2 namdev....@gmail.com wrote:

Dear Team,

 

Someone can tell me How to create users in Wazuh Manager with appropriate permissions.

 

1.  Create a user for Monitoring purposes only.

2.  Create a user for Configuration purposes only. Etc etc.

 

When I am trying to create user, below the error have occurred. Please check and suggest.

 

 

 

 

 

 

Sent from Mail for Windows

 

--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/e36c2001-8c43-4113-89cb-ca727fc4c941n%40googlegroups.com.

 

Adrián Jesús Peña Rodríguez

unread,
Sep 20, 2021, 4:18:55 AMSep 20
to Wazuh mailing list
Hi Namdev,

First, let's go with the problem in the RnD/Testing environment. The error when creating a user and the **allow_run_as** field is not found indicates that there is a discrepancy between the API and the APP, in our tests, using 4.1.5 we have not been able to replicate this error.

Therefore, we need to check how is the user creation endpoint in your environment. To do this you should follow the steps that I described in the previous message, we have to enter the option **Tools** in the menu of the Wazuh APP (first image). Once inside we just have to follow the steps described in the previous comment. You can see more information here: https://documentation.wazuh.com/current/user-manual/kibana-app/features/dev-tools.html?highlight=dev%20tools (this page of the documentation is not updated, we are working on a guide to performing this process).

On the other hand, the error in the production environment indicates that the user is not valid, probably does not exist. There is a difference between Wazuh API users and Open Distro users. In this case, in order to access the Wazuh APP, it is necessary to create an Open Distro user, which we will later link to an API user through the role_mapping option. It is not necessary to create a new API user to use Wazuh roles. The **run_as** option is used to avoid having to create more API users.


To perform this process it is necessary to enable the **run_as** option in **/usr/share/kibana/data/wazuh/config/wazuh.yml** to look like this:
    #-------------------------------- API entries -----------------------------------
    #The following configuration is the default structure to define an API entry.
    #
    #hosts:
    #  - <id>:
    #     url: http(s)://<url>
    #     port: <port>
    #     username: <username>
    #     password: <password>

    hosts:
    - 1513629884013:
        url: https://wazuh
        port: 55000
        username: wazuh-wui
        password: wazuh-wui
        run_as: true

Once this is done restart the process and proceed to create an Open Distro user and link it to the Wazuh role:

1º Go to the **Security** tab of Open Distro:

0.png

2º We are going to create a new user following these steps:

1.png
2.png
3.png

3º After this we need to link the user to a role, to do this go to the **Roles** section and click on **kibana_user** and follow the steps:

4.png
5.png
6.png

4º Finally, we go to the **Wazuh** section, and within this to **Roles_mapping** and we create a mapping between the user that we have just created and the role **readonly** in case we want that this user can only read:

7.png
8.png
9.png
10.png
11.png

I hope this answer helps you, as I said before we are working on a guide to performing this whole process.

Regards.
Reply all
Reply to author
Forward
0 new messages