Change admin password on Docker Multi-node
142 views
Skip to first unread message
Le Petit Prince
Jun 9, 2023, 9:38:10 AM6/9/23
to Wazuh mailing list
Hello,
First of all, I wanted to thank you for the work you did on Wazuh and I apologize for my English, I use a translator.
I am contacting you because I have a problem. After deploying a multi-node Wazuh solution via Docker, I can't change the internal user admin password. I tried this command on one of the wazuh indexer node:
/usr/share/wazuh-indexer/plugins/opensearch-security/tools/wazuh-passwords-tool.sh --change-all
However I only get the following error:
Wazuh API admin credentials not provided, Wazuh API passwords not changed.
Thanks for your help !
First of all, I wanted to thank you for the work you did on Wazuh and I apologize for my English, I use a translator.
I am contacting you because I have a problem. After deploying a multi-node Wazuh solution via Docker, I can't change the internal user admin password. I tried this command on one of the wazuh indexer node:
/usr/share/wazuh-indexer/plugins/opensearch-security/tools/wazuh-passwords-tool.sh --change-all
However I only get the following error:
Wazuh API admin credentials not provided, Wazuh API passwords not changed.
Thanks for your help !
Lucio Donda
Jun 9, 2023, 10:37:35 AM6/9/23
to Wazuh mailing list
Hi Petit Prince,
Don't worry about your English! I was looking for some documentation about it and it looks like that message appears always (it has an INFO keyword at the start of the line).
Were you able to use that new password ? If not then follow the next steps on the link I shared even if the message appears.
If that's not you case, does that message appears with an ERROR word at the beginning? And after that, do you see any error trying to login to the dashboard?
Let me know!
Don't worry about your English! I was looking for some documentation about it and it looks like that message appears always (it has an INFO keyword at the start of the line).
Were you able to use that new password ? If not then follow the next steps on the link I shared even if the message appears.
If that's not you case, does that message appears with an ERROR word at the beginning? And after that, do you see any error trying to login to the dashboard?
Let me know!
Le Petit Prince
Jul 13, 2023, 10:35:30 AM7/13/23
to Wazuh mailing list
Hello,
Thank you for your help. I'm so sorry, I completely forgot I contacted you about this issue.
So, I followed the documentation you linked by reinstalling a clean version of wazuh docker in multi-node. I had to modify the bash command :
/usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh -cd /usr/share/wazuh-indexer/opensearch-security/ -nhnv -cacert $CACERT - cert $CERT -key $KEY -p 9200 -icl
by adding the -h option and the ip of my wazuh indexer (if I did not add this option I had an error that told me that port 9200 did not was not open). The problem is that after this step, when I open my wazuh dashboard on my browser, I get a 500 error: Internal Server Error
Thank you for your help. I'm so sorry, I completely forgot I contacted you about this issue.
So, I followed the documentation you linked by reinstalling a clean version of wazuh docker in multi-node. I had to modify the bash command :
/usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh -cd /usr/share/wazuh-indexer/opensearch-security/ -nhnv -cacert $CACERT - cert $CERT -key $KEY -p 9200 -icl
by adding the -h option and the ip of my wazuh indexer (if I did not add this option I had an error that told me that port 9200 did not was not open). The problem is that after this step, when I open my wazuh dashboard on my browser, I get a 500 error: Internal Server Error
Lucio Donda
Jul 13, 2023, 11:21:23 AM7/13/23
to Wazuh mailing list
Hi There!
In order to have a general idea of your scenario I will ask you to execute and share with us the output of the next commands:
* wazuh-control:
# /var/ossec/bin/wazuh-control status
* manager:
systemctl status wazuh-manager
* Indexer:
cat /var/log/wazuh-indexer/wazuh-cluster.log | grep -i -E "error|warn"
For more info here -> https://documentation.wazuh.com/current/user-manual/wazuh-dashboard/troubleshooting.html
Besides that, did you end all the steps on the installation ok?
Let us know and we'll continue from there!
Have a great day!
In order to have a general idea of your scenario I will ask you to execute and share with us the output of the next commands:
* wazuh-control:
# /var/ossec/bin/wazuh-control status
* manager:
systemctl status wazuh-manager
* Indexer:
cat /var/log/wazuh-indexer/wazuh-cluster.log | grep -i -E "error|warn"
For more info here -> https://documentation.wazuh.com/current/user-manual/wazuh-dashboard/troubleshooting.html
Besides that, did you end all the steps on the installation ok?
Let us know and we'll continue from there!
Have a great day!
Le Petit Prince
Jul 18, 2023, 9:15:45 AM7/18/23
to Wazuh mailing list
Thank you very much for your answer ! We decided to switch to a single node architecture and we had no problem changing the password by following the documentation you have linked. However, I would have a question about the internal_users already present in the internal_users.yml file in config/wazuh_indexer/, what are their uses and can I delete them or are they essential to the proper functioning of the service?
Thank you in advance for your answer ! Wishing you a good day;
Thank you in advance for your answer ! Wishing you a good day;
Lucio Donda
Jul 18, 2023, 9:48:47 AM7/18/23
to Wazuh mailing list
I'm glad you're not still stuck on that error.
Regarding interna_users:
The internal_users.yml file is used when the Wazuh indexer cluster is started for the first time and the security was initiated. This means, that if you do some changes after the cluster security was already configured, these will not apply directly.
I'm guessing that deleting that file (or at least its content) shouldn't cause an error, but I didn't test it so If you do that try to back it up first, and beware that you will do it at your own risk.
Either way, I must ask, why would you want to delete it? Do you see any possible security issues there?
You too have a great day!
Regarding interna_users:
The internal_users.yml file is used when the Wazuh indexer cluster is started for the first time and the security was initiated. This means, that if you do some changes after the cluster security was already configured, these will not apply directly.
I'm guessing that deleting that file (or at least its content) shouldn't cause an error, but I didn't test it so If you do that try to back it up first, and beware that you will do it at your own risk.
Either way, I must ask, why would you want to delete it? Do you see any possible security issues there?
You too have a great day!
Le Petit Prince
Jul 19, 2023, 9:13:01 AM7/19/23
to Wazuh mailing list
Indeed, I deleted the accounts without having any error (except when I delete the kibanaserver user). Since I don't know what these users are for, I don't know if they can pose a security threat but I think it's always best to keep entries to a minimum. So if I can do without non-essential access accounts, I do.
Thank you for your responsiveness and support. Wishing you a good day !
Thank you for your responsiveness and support. Wishing you a good day !
Lucio Donda
Jul 19, 2023, 9:39:58 AM7/19/23
to Wazuh mailing list
Awesome, glad to hear that!
Have a great day you too!
Have a great day you too!
Reply all
Reply to author
Forward
0 new messages