Forgot Wazuh API (elastic search ) password
4,101 views
Skip to first unread message
Tanvi Shahasane
Aug 11, 2021, 7:45:45 AM8/11/21
to Wazuh mailing list
I deployed wazuh on Centos 8 using unattended installation. I did store the username and password. But password is incorrect. How can I retrieve the password? Please help. I have configured all settings on wazuh manager and added agents, generated reports also. Now I need to share them with my Manager and Team, But cannot
I ran the following command
curl -so ~/unattended-installation.sh https://packages.wazuh.com/resources/4.1/open-distro/unattended-installation/unattended-installation.sh && bash ~/unattended-installation.sh
curl -so ~/unattended-installation.sh https://packages.wazuh.com/resources/4.1/open-distro/unattended-installation/unattended-installation.sh && bash ~/unattended-installation.sh
Please help me to get my wazuh api password
Alexander Bohorquez
Aug 11, 2021, 8:36:19 AM8/11/21
to Wazuh mailing list
Hello Tanvi,
Thank you for using Wazuh!
The Wazuh API users wazuh and wazuh-wui are created by default, with wazuh and wazuh-wui as their passwords, respectively. Did you ever change these default passwords?
If you still have access to Kibana/Wazuh App it means that the Wazuh credentials in the Kibana config files are correct then you could check them in the file: "/usr/share/kibana/data/wazuh/config/wazuh.yml". At the end of the file you must have the credentials of one of the users. Example:
hosts:
- default:
url: https: // localhost
port: 55000
username: wazuh-wui
password: wazuh-wui
On the other hand, if you need to change the password of any of these users, I leave you the following reference using a Wazuh API request: https://documentation.wazuh.com/current/user-manual/api/securing_api.html
I hope this information helps. Please let me know if you have any questions!
Tanvi Shahasane
Aug 12, 2021, 7:59:24 AM8/12/21
to Wazuh mailing list
Dear Sir,
I had stored this username and password in a text file. I used these credentials to login to kibana (https://<wazuh_server_ip>). I also configured all settings on wazuh manager and added agents, generated reports etc. But that file got accidentally deleted yesterday. Now l don't have the password to access the wazuh's web interface. Please help me retrieve my password or reset it.
Thank you for the prompt reply. I will try and explain my problem scenario again.
1) I followed the steps given on wazuh's documentation link "Unattended installation - All-in-one deployment (wazuh.com)"
2) I ran the script - "curl -so ~/unattended-installation.sh https://packages.wazuh.com/resources/4.1/open-distro/unattended-installation/unattended-installation.sh && bash ~/unattended-installation.sh" on the centos 8 server
2) I ran the script - "curl -so ~/unattended-installation.sh https://packages.wazuh.com/resources/4.1/open-distro/unattended-installation/unattended-installation.sh && bash ~/unattended-installation.sh" on the centos 8 server
3) I received the output with username - wazuh and password - (a long autogenerated string).
("The credentials are wazuh : vhDpq7YcwA08BLTmcdeYeJmXPU_VD31f." ) This example of long autogenerated string, is copied from wazuh's documentation page for your reference).
Alexander Bohorquez
Aug 18, 2021, 3:50:55 PM8/18/21
to Wazuh mailing list
Hello Tanvi,
Sorry for the delay,
Generally, in the filebeat configuration located at /etc/filebeat/filebeat.yml is the user and password configuration to authenticate with Elasticsearch. As I see in the execution of the script you are using Opendistro.
Within the Filebeat configuration you should have something like this:
username: "admin"
password: "admin"
Could you try logging in with those credentials?
Secondly,
You could follow the instructions in this guide to change the password for a specific user:
Where you could change the password of the user "wazuh".
Could you check the above and tell me the result?
Best regards,
Alexander Bohorquez
Reply all
Reply to author
Forward
0 new messages