Enter Wazuh App Creds on Command Line

999 views
Skip to first unread message

Buddha Man

unread,
Sep 24, 2019, 8:30:31 AM9/24/19
to Wazuh mailing list
I upgraded to the latest Wazuh Manager, API and APP. The App doesn't seem to be accepting known good credentials (wondering if this is a bug). Is there a way to enter the Wazuh API creds manually on the command line?

Thanks!

Juan Carlos Rodríguez

unread,
Sep 24, 2019, 8:48:08 AM9/24/19
to Wazuh mailing list

Hi Buddha,

You can insert the credentials directly into the .wazuh index of Elasticsearch, but we’d better find a reason why it’s not letting you save them from the app.

Could you tell us what error you get when you enter the credentials?

On the other hand, and just for your information, in the next versions of Wazuh the credentials will be introduced in the configuration file of the Wazuh app, instead of in an index.

I’m waiting for your answer.

Regards,
Juan Carlos

Buddha Man

unread,
Sep 24, 2019, 12:08:14 PM9/24/19
to Wazuh mailing list
Thanks Juan,

Wazuh App Version is Kibana 7.3.2. I have uninstalled and reinstalled the app. re-added credentials using

cd /var/ossec/api/configuration/auth
node htpasswd -c user myUserName

I get the error in the app "Settings. 3005 - Wrong port being used to connect to the Wazuh API (/api/check-api)"

The api start failed with the following error:
wazuh-api.service - Wazuh API daemon
Loaded: loaded (/etc/systemd/system/wazuh-api.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Tue 2019-09-24 11:57:58 EDT; 7min ago
Process: 23184 ExecStop=/bin/kill -HUP $MAINPID (code=exited, status=0/SUCCESS)
Process: 23175 ExecStart=/usr/bin/nodejs /var/ossec/api/app.js (code=exited, status=1/FAILURE)
Main PID: 23175 (code=exited, status=1/FAILURE)

Buddha Man

unread,
Sep 24, 2019, 12:14:58 PM9/24/19
to Wazuh mailing list
More logs:

{"date":"2019-09-19T19:44:03.641Z","level":"error","location":"wazuh-api:checkAPI","message":"Some Wazuh daemons are not ready in node 'node01' (wazuh-db->failed)"}
{"date":"2019-09-19T19:44:16.121Z","level":"error","location":"wazuh-api:checkAPI","message":"Some Wazuh daemons are not ready in node 'node01' (wazuh-db->failed)"}
{"date":"2019-09-19T19:45:09.577Z","level":"error","location":"wazuh-api:checkAPI","message":"Some Wazuh daemons are not ready in node 'node01' (wazuh-db->failed)"}
{"date":"2019-09-19T19:49:34.860Z","level":"error","location":"wazuh-api:checkAPI","message":"write EPROTO 140037680183104:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:../deps/openssl/openssl/ssl/record/ssl3_record.c:252:\n"}
{"date":"2019-09-19T19:49:45.976Z","level":"error","location":"wazuh-api:checkAPI","message":"Some Wazuh daemons are not ready in node 'node01' (wazuh-db->failed)"}
{"date":"2019-09-23T14:17:46.893Z","level":"error","location":"wazuh-api:checkAPI","message":"Wrong Wazuh API credentials used"}
{"date":"2019-09-23T14:18:29.279Z","level":"error","location":"wazuh-api:checkAPI","message":"Wrong Wazuh API credentials used"}
{"date":"2019-09-24T15:48:11.469Z","level":"error","location":"wazuh-api:checkAPI","message":"connect ECONNREFUSED REDACTED IP:55000"}
{"date":"2019-09-24T15:48:24.972Z","level":"error","location":"wazuh-api:checkAPI","message":"connect ECONNREFUSED REDACTED IP:55000"}
{"date":"2019-09-24T15:53:39.528Z","level":"error","location":"wazuh-api:checkAPI","message":"connect ECONNREFUSED REDACTED IP:55000"}
{"date":"2019-09-24T16:00:56.995Z","level":"error","location":"wazuh-api:checkAPI","message":"connect ECONNREFUSED 127.0.0.1:55000"}
{"date":"2019-09-24T16:01:13.187Z","level":"error","location":"wazuh-api:checkAPI","message":"connect ECONNREFUSED REDACTED IP:55000"}
{"date":"2019-09-24T16:01:34.414Z","level":"error","location":"wazuh-api:checkAPI","message":"connect ECONNREFUSED  REDACTED IP:55000"}

Buddha Man

unread,
Sep 24, 2019, 12:25:00 PM9/24/19
to Wazuh mailing list
I ran the command to reset the api credentials twice and same result. Is there an area where they need to be entered on the manager and or validated?

Thanks!

Juan Carlos Rodríguez

unread,
Sep 27, 2019, 7:25:55 AM9/27/19
to Wazuh mailing list

Hi Buddha,

As far as I can see with the logs you send me, there is an error connecting the app to the APi because the API service is in a failed state.

Have you tried restarting the API service?

systemctl restart wazuh-api

On the other hand, it seems that also some demons are not active. Try restarting Wazuh’s manager as well.

systemctl restart wazuh-manager

Once restarted and checked that they are running correctly (systemctl status wazuh-api and systemctl status wazuh-manager), please try again to enter the API connection credentials from the KIbana app.

Let us know the results.

Regards,
Juan Carlos

Reply all
Reply to author
Forward
0 new messages