Unable to change / retrieve wazuh api password
799 views
Skip to first unread message
Stephane b
Mar 11, 2024, 5:57:28 AM3/11/24
to Wazuh | Mailing List
Good morning,
i want to update all wazuh agents with one command.
I notice that this is not possible via the command:
/var/ossec/bin/agent_upgrade -a all
Shame :)
I try via the api, the documentation page says the default user/password is wazuh:wazuh
Ref: https://documentation.wazuh.com/4.7/user-manual/api/getting-started.html#logging-into-the-wazuh-api
cmd: curl -u wazuh:wazuh -k -X POST "https://localhost:55000/security/user/authenticate"
resp: {"title": "Unauthorized", "detail": "Invalid credentials"}
I try via the login / password which allows me to access the web interface, same result.
I followed the documentation from https://documentation.wazuh.com/current/user-manual/user-administration/password-management.html and grabbed the wazuh-passwords-tool.sh and tried the argument "-A" for the api but not knowing the current password, it doesn't work.
I tried the "-a" argument, here is the answer:
# bash wazuh-passwords-tool.sh -a
09/03/2024 09:12:51 INFO: Wazuh API admin credentials not provided, Wazuh API passwords not changed.
03/09/2024 09:13:07 INFO: The password for user admin is ***
09/03/2024 09:13:07 INFO: The password for user ... is ***
The agent and server installation was done with version 4.7 via:
1. > curl -sO https://packages.wazuh.com/4.7/wazuh-install.sh
2. > sudo bash wazuh-install.sh -a
I seem to have encountered problems with the first command, hence the second "-a".
After this command, I don't remember seeing any user other than the one for the web interface that I noted and which works.
How to change this API password? or how to find it?
i want to update all wazuh agents with one command.
I notice that this is not possible via the command:
/var/ossec/bin/agent_upgrade -a all
Shame :)
I try via the api, the documentation page says the default user/password is wazuh:wazuh
Ref: https://documentation.wazuh.com/4.7/user-manual/api/getting-started.html#logging-into-the-wazuh-api
cmd: curl -u wazuh:wazuh -k -X POST "https://localhost:55000/security/user/authenticate"
resp: {"title": "Unauthorized", "detail": "Invalid credentials"}
I try via the login / password which allows me to access the web interface, same result.
I followed the documentation from https://documentation.wazuh.com/current/user-manual/user-administration/password-management.html and grabbed the wazuh-passwords-tool.sh and tried the argument "-A" for the api but not knowing the current password, it doesn't work.
I tried the "-a" argument, here is the answer:
# bash wazuh-passwords-tool.sh -a
09/03/2024 09:12:51 INFO: Wazuh API admin credentials not provided, Wazuh API passwords not changed.
03/09/2024 09:13:07 INFO: The password for user admin is ***
09/03/2024 09:13:07 INFO: The password for user ... is ***
The agent and server installation was done with version 4.7 via:
1. > curl -sO https://packages.wazuh.com/4.7/wazuh-install.sh
2. > sudo bash wazuh-install.sh -a
I seem to have encountered problems with the first command, hence the second "-a".
After this command, I don't remember seeing any user other than the one for the web interface that I noted and which works.
How to change this API password? or how to find it?
Regards.
Steph
Rafael Bailon Robles
Mar 11, 2024, 7:54:24 AM3/11/24
to Wazuh | Mailing List
Hello, thanks for using Wazuh! I have reviewed your case. It seems that you have followed this guide for installing Wazuh
In that case, all passwords can be found by running the following command `sudo tar -O -xvf wazuh-install-files.tar wazuh-install-files/wazuh-passwords.txt`. I have tried a clean installation and the user is `wazuh`. The password is generated randomly so you need to consult the file to obtain it.
To change the passwords you can use `/usr/share/wazuh-indexer/plugins/opensearch-security/tools/wazuh-passwords-tool.sh` as indicated in the documentation
The command would be something like this `wazuh-passwords-tool.sh -A --user <user> --password <password> --admin-user <adminUser> --admin-password <adminPassword>`
In that case, all passwords can be found by running the following command `sudo tar -O -xvf wazuh-install-files.tar wazuh-install-files/wazuh-passwords.txt`. I have tried a clean installation and the user is `wazuh`. The password is generated randomly so you need to consult the file to obtain it.
To change the passwords you can use `/usr/share/wazuh-indexer/plugins/opensearch-security/tools/wazuh-passwords-tool.sh` as indicated in the documentation
The command would be something like this `wazuh-passwords-tool.sh -A --user <user> --password <password> --admin-user <adminUser> --admin-password <adminPassword>`
I hope you find it useful
Stephane b
Mar 11, 2024, 3:36:24 PM3/11/24
to Wazuh | Mailing List
Hello Rafael !
Thanks for your response and support !
You are right, i found the password with your command `sudo tar -O -xvf wazuh-install-files.tar wazuh-install-files/wazuh-passwords.txt`
thanks :)
Reply all
Reply to author
Forward
0 new messages