Need to Change Admin and Wazuh_user Passwords

[mohammadul...@gmail.com]

i, I have deployed wazuh using ova file and I would want to change the default password. I saw in the documentation that I must to use wazuh-passwords-tool.sh file to change it, but then I don't know which configuration must be change to set the new password just for admin and Wazuh_users accounts 

The other dude that I have is how can I  create a new user, I tried to create it but then I can't logon the wazuh dashboards.

Thank you.

note: as i have searched i have to download the file curl -so wazuh-passwords-tool.sh https://packages.wazuh.com/4.3/wazuh-passwords-tool.sh  and then generate new hash password  and finally  add it to below conf file 

 /etc/kibana/kibana.yml and /etc/filebeat/filebeat/filebeat.yml

but currently as i see i have only access to filebeat.yml conf and kibana.yml is not exist in the wazuh manager during deplyment of wazuh OVF ....

so i need your steps by steps advise to change the above passwords

Best Regards 

Kind Regards 

[Abdullah Al Rafi Fahim]

Hello Mohammadullah,

Thank you for using Wazuh!

Firstly, as you are using Wazuh OVA, you can change the password for your machines system user wazuh-user from default password wazuh to any custom one just by running the passwd command in your OVA while logged in with wazuh-user and providing current and new password.
 
Secondly, to change the password for Wazuh indexer user (admin), you can follow the documentation here: https://documentation.wazuh.com/current/user-manual/securing-wazuh/wazuh-indexer.html 

 
For changing the password, first you have to download the wazuh-passwords-tool.sh script:

curl -so wazuh-passwords-tool.sh https://packages.wazuh.com/4.3/wazuh-passwords-tool.sh

Then, run the following command:

bash wazuh-passwords-tool.sh -u admin -p <mypassword>

Please replace <mypassword> with your expected password for the user admin.

Lastly, to create new users with admin or read-only role, please review this documentation and follow the steps properly. https://documentation.wazuh.com/current/user-manual/wazuh-dashboard/rbac.html 

I hope this helps. Please let us know if you need anything else.

[mohammadul...@gmail.com]

Hello Mr Abdullah

hope your be fine and doing well 

thanks for your step by steps guidance its wa really helpful ,,i have successfully changed all the required password like , root. wazuh-user and also admin user , also after changing the admin password i have change the password on below .yml 

Filebeat : /etc/filebeat/filebeat.yml
Wazuh dashboard: /etc/wazuh-dashboard/opensearch_dashboards.yml

also after adding the new admin password to this .yml file i have restart the filebeat and dashboard Serices and seen that all Serices are running and operational, but when opening my wazuh GUI via Browers, giving below Erros 

{"statusCode":401,"error":"Unauthorized","message":"Response Error"}

for more info plz have a look to attached screen shot and also as the issue is urgent, we need your prompt support. 

regards 

[mohammadul...@gmail.com]

a Gentle Remainder! 

[Abdullah Al Rafi Fahim]

Hello Mohammadullah,

I am sorry for the late response! 

In the newer versions of wazuh-manager, it is no more necessary to change the password in filebeat.yml and opensearch-dashboards.yml. I believe you have tried to change the following lines of the configuration files.

For /etc/filebeat/filebeat.yml :

  username: ${username}

  password: ${password}

For /etc/wazuh-dashboard/opensearch_dashboards.yml :

# opensearch.username: kibanaserver
# opensearch.password: kibanaserver

If so, can you please revert them back to the previous settings and restart the services again? After that, try to login to your Wazuh-dashboard with the new password of admin user. 

I hope it helps. If you still have any issue there, please let us know.

[mohammadul...@gmail.com]

Hello Mr. Abdullah

i have revert the username and password back to the following... also restart the wazuh manager and even restart the wazuh VM appliance, but still no luck to login via admin password.

For /etc/filebeat/filebeat.yml :

  username: ${username}

  password: ${password}

For /etc/wazuh-dashboard/opensearch_dashboards.yml :

# opensearch.username: kibanaserver
# opensearch.password: kibanaserver

Best Regards 

[mohammadul...@gmail.com]

Hello Mr. Abdullah ,

i have searched and t shoot with many articles, but finally obligated to once again change the admin password, with the step-by-step Guidance which you have shared, now the password has has successfully generated but it see the password must be updated to filebeat.yml and dashboard.yml files but still i didn't update it . even i have restart the Wazuh Services, FileBeat Services and also Dashboard service and see its all running normally but admin user  new passwrod is still not working 

hence, we need your urgent help to solve this problem 

regards 

[Mohammadullah Mohmand]

admin user not able to login with new password ?

[Abdullah Al Rafi Fahim]

Hello Mohammadullah,

I am sorry for the late reply as I was unavailable during the weekends.

I have tried to replicate the situation exactly as yours and I found out that the issue is with the password your are trying to set (LAB.local$786@2023). I have tried it and had the same issue. I believe $786 is being considered as the value of a variable 786 and therefore we may avoid $ sign here.

To resolve the issue I have tried to change the password a little bit avoiding $ sign as LAB.local-786@2023 and it is running fine. 

Therefore, my suggestion would be to change the password again with one without $ sign. Remember that the password must have a length between 8 and 64 characters and contain at least one upper and lower case letter, a number and a symbol(.*+?-). Please only run the following command with your new password and try to login to your wazuh-dashboard with that.

bash wazuh-passwords-tool.sh -u admin -p <mypassword>

I hope it will solve your issue. Let us know how it goes.

[Mohammadullah Mohmand]

Hello Mr., Abdullah

thanks for your constant support, finally it worked for me too and now iam able to login my Wazuh Dashboard on my LAB Center with new password :) , so appreciate your efforts on this regard, & have a wonderful day ahead 

Allah Hafiz 

[Abdullah Al Rafi Fahim]

Hello  Mohammadullah,

I am happy to know that your issue is solved and you are being able to login with your updated credentials.

You are always welcome to share any of your queries regarding Wazuh in the community. Have a nice day!

[Calvin Nguyen]

Thank