Change username from admin to xxx
Khaedir Sul
it it possible to change username from admin to newusername in wazuh?
thanks
Md. Nazmur Sakib
Hi Khaedir,
admin: is the default administrator account of the Wazuh indexer. It's used to log in to the Wazuh dashboard and for communications between Filebeat and the Wazuh indexer. It is also responsible for creating other users. I cannot find any direct reference to changing the admin user's password in Wazuh or OpenSearch documents.
It is possible to make changes to the password of the admin user. You can follow this document:
Changing the password for single user
You can make a new admin user, you can follow this document:
Creating and setting a Wazuh admin user
If your need is specific to changing the name of the admin user to a different name, let me know. It will explore more on this and will share with you a possible workaround.
Khaedir Sul
thank you
Md. Nazmur Sakib
Md. Nazmur Sakib
You can follow these steps to delete the default admin user and replace it with a new admin user.
Log out of the Wazuh Dashboard.
On any of the Wazuh indexer node, go to this configuration file.
/etc/wazuh-indexer/opensearch-security/internal_users.yml
Add the block highlighted in Green. Replace the myadmin with your new admin user name.
_meta:
type: "internalusers"
config_version: 2
admin:
hash: "$2y$12$2M3rd5wkddLuEJ8DzZanFeyV7lHs2LilMO.k0fr615cknepWQxejy"
reserved: true
backend_roles:
- "admin"
description: "Demo admin user"
myadmin:
hash: "$2y$12$XOOCBNq0rngU8GVcxqI4A.bulaKyS56WW4z8tAJbPWk1ewzSWXZX2"
reserved: true
backend_roles:
- "admin"
description: "Demo myadmin user"
anomalyadmin:
Run this command to load the indexer users from the configuration file.
/usr/share/wazuh-indexer/bin/indexer-security-init.sh
Next, log in to the dashboard with your old admin user.
Click the upper-left menu icon ☰ to open the menu on the Wazuh dashboard, go to Server management > Security, and then Roles mapping to open the page.
Click Create Role mapping and complete the empty fields with the following parameters:
Role mapping name: Assign a name to the role mapping.
Roles: Select administrator.
Internal users: Select the new admin user created previously.
Click Save role mapping to save and map the user with Wazuh as administrator.
And log out of the Wazuh dashboard.
Now again on your indexer node, go to /etc/wazuh-indexer/opensearch-security/internal_users.yml
Remove the block highlighted in Red. Replace the myadmin with your admin user name.
_meta:
type: "internalusers"
config_version: 2
admin:
hash: "$2y$12$2M3rd5wkddLuEJ8DzZanFeyV7lHs2LilMO.k0fr615cknepWQxejy"
reserved: true
backend_roles:
- "admin"
description: "Demo admin user"
myadmin:
Run this command to load the indexer users from the configuration file.
/usr/share/wazuh-indexer/bin/indexer-security-init.sh
Chnage the password of your new admin user with this command
bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/wazuh-passwords-tool.sh -u myadmin -p MyPassword1234.@
Replace myadmin with your new admin username
Replace MyPassword1234.@ with your new admin password
Now go to the Wazuh Manager node.
Replace <CUSTOM_USERNAME> and <CUSTOM_PASSWORD> with your new admin username and password.
echo <CUSTOM_USERNAME> | filebeat keystore add username --stdin --force
echo <CUSTOM_PASSWORD> | filebeat keystore add password --stdin --force
Restart Filebeat to apply the changes.
systemctl restart filebeat
Check if the filebeat is working with this command.
filebeat test output
Do is to all the manager nodes if you have multiple Wazuh Manager nodes.
Now go to the Wazuh Dashboard node:
/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml configuration file.
Restart the Wazuh dashboard service
systemctl restart wazuh-dashboard
Now log in with your new admin user and let me know if you face any issues.