Changing Wazuh GUI password

44 views
Skip to first unread message

Emar Flix

unread,
Mar 2, 2026, 2:19:52 AM (3 days ago) Mar 2
to Wazuh | Mailing List

Hi, 

I want to change the admin user password used to log in to the Wazuh Dashboard web interface.
The GUI shows: "Resource 'admin' is reserved" and does not allow changing it.

What is the recommended and safe way to update the admin password in a production cluster?

Thank you for attention.

Md. Nazmur Sakib

unread,
Mar 2, 2026, 2:44:44 AM (3 days ago) Mar 2
to Wazuh | Mailing List

Hi Emar,



To change the admin password that you use for login to the GUI. Run this command on your indexer server

Open a terminal on your Wazuh indexer server and run this command.

bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/wazuh-passwords-tool.sh -u admin -p Secr3tP4ssw*rd


Replace the Secr3tP4ssw*rd with your password.



The password must have a length between 8 and 64 characters and contain at least one upper case letter, one lower case letter, a number and one of the following symbols: .*+?-.

Ref: Password management
If you use the tool in an all-in-one deployment, it automatically updates the passwords where necessary. If you use it in a distributed environment, you may have to update the password on other components.



For admin users, you just need to update the password in the filebeat and Wazuh manager’s keystore.

Open a terminal on the Wazuh manager keystore and run this command.


echo <ADMIN_PASSWORD> | filebeat keystore add password --stdin --force

echo '<ADMIN_PASSWORD>' | /var/ossec/bin/wazuh-keystore -f indexer -k password


Restart Filebeat to apply the changes.

systemctl restart filebeat


See Changing the passwords in a distributed environment for more details.

Let me know if this works for you or if you need any further help with this.

Md. Nazmur Sakib

unread,
Mar 2, 2026, 2:46:59 AM (3 days ago) Mar 2
to Wazuh | Mailing List
Also, I would like to mention that the indexer admin user's password cannot be changed from the GUI; you need to use the command line on the server.

Emar Flix

unread,
Mar 2, 2026, 5:06:59 AM (3 days ago) Mar 2
to Wazuh | Mailing List
Thank you for your answer Nazmur. My deployment type is clustered deployment. there is 3 indexer,  1 dashboard and 3 manager server. I shold do this in every components or just one of them. And aslo how can I create new user in this architecture?

Md. Nazmur Sakib yazdı, 2 mart 2026, bazar ertəsi, 11:44:44 UTC+4:

Md. Nazmur Sakib

unread,
Mar 2, 2026, 6:35:32 AM (3 days ago) Mar 2
to Wazuh | Mailing List
You only need to run this on one of your indexer servers to chnage the password.

bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/wazuh-passwords-tool.sh -u admin -p Secr3tP4ssw*rd

But you need to update the password keystore in all of your Wazuh manager nodes.

echo <ADMIN_PASSWORD> | filebeat keystore add password --stdin --force

echo '<ADMIN_PASSWORD>' | /var/ossec/bin/wazuh-keystore -f indexer -k password


Restart Filebeat to apply the changes.

systemctl restart filebeat


See Changing the passwords in a distributed environment for more details.

Emar Flix

unread,
Mar 3, 2026, 1:59:31 PM (yesterday) Mar 3
to Wazuh | Mailing List
Thank you for your answer, Mr. Nazmur.
You know I have two cluster and between them there is CCR (PR and DR). I did it both of them and they actualy works normal. but to be sure Idelete autofollow rules and stop replication for todays indexes. But now my DR inexer can't get logs form manager. I faced this error:  illegal_state_exception: Expected valid sequence number for replicate op but was unassigned (status=500)

is it related with password changing or anythink else?  

Md. Nazmur Sakib yazdı, 2 mart 2026, bazar ertəsi, 15:35:32 UTC+4:
Reply all
Reply to author
Forward
0 new messages