Changing kibanserver password makes wazuh-dashboard loose connectivity with opensearch
4,242 views
Skip to first unread message
Srijan Nandi
Jun 23, 2022, 8:04:06 AM6/23/22
to Wazuh mailing list
Hi,
It seems that changing the read only user 'kibanaserver' password makes wazuh-dashboard loose connectivity with Opensearch.
We get the following error in wazuh-clusert.log:
[2022-06-23T17:03:18,853][WARN ][o.o.s.a.BackendRegistry ] [indexer-node-1] Authentication finally failed for kibanaserver from x.x.x.x:xxxxx
[2022-06-23T17:03:21,355][WARN ][o.o.s.a.BackendRegistry ] [indexer-node-1] Authentication finally failed for kibanaserver from x.x.x.x:xxxxx
[2022-06-23T17:03:23,857][WARN ][o.o.s.a.BackendRegistry ] [indexer-node-1] Authentication finally failed for kibanaserver from x.x.x.x:xxxxx
[2022-06-23T17:03:21,355][WARN ][o.o.s.a.BackendRegistry ] [indexer-node-1] Authentication finally failed for kibanaserver from x.x.x.x:xxxxx
[2022-06-23T17:03:23,857][WARN ][o.o.s.a.BackendRegistry ] [indexer-node-1] Authentication finally failed for kibanaserver from x.x.x.x:xxxxx
I even tried putting the new password in the opensearch_dashboards.yml file under
opensearch.username:
opensearch.password:
However, it does not seem to have any effect. The user kibanaserver is hard coded somewhere with kibanaserver as the default password.
Changing the password back to kibanaserver, connect wazuh-dashboard to opensearch..
Thanks and Regards,
-=Srijan Nandi
Nicolas Agustin Guevara Pihen
Jun 23, 2022, 11:32:46 AM6/23/22
to Wazuh mailing list
Hello
Srijan, thank you for using Wazuh!
Could you kindly share with me the following information?
Could you kindly share with me the following information?
- The version of Wazuh that you are currently using.
- The method that you are following to change the password.
I will be looking forward to your answer!
Regards,
Srijan Nandi
Jun 23, 2022, 11:45:11 PM6/23/22
to Wazuh mailing list
Hello Nicolas,
The Wazuh version I am using is 4.3.4
{"WAZUH_VERSION":"v4.3.4"},{"WAZUH_REVISION":"40316"}
I am using the 'wazuh-passwords-tool.sh' script to change the passwords.
/usr/share/wazuh-indexer/plugins/opensearch-security/tools/wazuh-passwords-tool.sh --change-all
As soon as I run the above script, it changes all the password including kibanaserver. This is when I start getting the below mentioned errors:
The Wazuh version I am using is 4.3.4
{"WAZUH_VERSION":"v4.3.4"},{"WAZUH_REVISION":"40316"}
I am using the 'wazuh-passwords-tool.sh' script to change the passwords.
/usr/share/wazuh-indexer/plugins/opensearch-security/tools/wazuh-passwords-tool.sh --change-all
As soon as I run the above script, it changes all the password including kibanaserver. This is when I start getting the below mentioned errors:
2022-06-23T17:03:18,853][WARN ][o.o.s.a.BackendRegistry ] [indexer-node-1] Authentication finally failed for kibanaserver from x.x.x.x:xxxxx
[2022-06-23T17:03:21,355][WARN ][o.o.s.a.BackendRegistry ] [indexer-node-1] Authentication finally failed for kibanaserver from x.x.x.x:xxxxx
[2022-06-23T17:03:23,857][WARN ][o.o.s.a.BackendRegistry ] [indexer-node-1] Authentication finally failed for kibanaserver from x.x.x.x:xxxxx
Even changing the username and password in the opensearch_dashboards.yml does not resolve the issue.
Finally to resolve it, I have to run the 'wazuh-passwords-tool.sh' again to revert the kibanaserver password to default kibanaserver. Then only it works.
Finally to resolve it, I have to run the 'wazuh-passwords-tool.sh' again to revert the kibanaserver password to default kibanaserver. Then only it works.
Thanks and Regards,
-=Srijan Nandi
Nicolas Agustin Guevara Pihen
Jun 24, 2022, 11:46:10 AM6/24/22
to Wazuh mailing list
Hello Srijan,
In Wazuh Dashboard, the opensearch.username and opensearch.password settings are stored in the Wazuh dashboard keystore.
You can verify that with the following command:
/usr/share/wazuh-dashboard/bin/opensearch-dashboards-keystore --allow-root list
The expected output is:
opensearch.username
opensearch.password
After changing the kibanaserver password, you need the opensearch.password with the following command:
/usr/share/wazuh-dashboard/bin/opensearch-dashboards-keystore --allow-root add opensearch.password
It will ask you if you want to overwrite the existing configuration and after that, to enter the new password.
Once you change that setting, you need to restart the wazuh-dashboard.
I hope you find this information helpful.
Regards,
In Wazuh Dashboard, the opensearch.username and opensearch.password settings are stored in the Wazuh dashboard keystore.
You can verify that with the following command:
/usr/share/wazuh-dashboard/bin/opensearch-dashboards-keystore --allow-root list
The expected output is:
opensearch.username
opensearch.password
After changing the kibanaserver password, you need the opensearch.password with the following command:
/usr/share/wazuh-dashboard/bin/opensearch-dashboards-keystore --allow-root add opensearch.password
It will ask you if you want to overwrite the existing configuration and after that, to enter the new password.
Once you change that setting, you need to restart the wazuh-dashboard.
I hope you find this information helpful.
Regards,
Srijan Nandi
Jun 27, 2022, 9:13:03 AM6/27/22
to Wazuh mailing list
Thank you, Nicolas. This resolved the issue.
Regards,
-=Srijan Nandi
Reply all
Reply to author
Forward
0 new messages