Recover passwords for wazuh and wazuh-wui user
6,103 views
Skip to first unread message
Carlos Lopez
Aug 3, 2023, 5:04:28 AM8/3/23
to wa...@googlegroups.com
Hi all,
Due to a problem with our password manager, we have lost the passwords for user wazuh and wazuh-wui. For the wazuh-ui user we have been able to recover it from the dashboard server, but is there any way to recover the wazuh user's password or reset it?
Best regards,
C. L. Martinez
Juan Cabrera
Aug 3, 2023, 5:49:13 AM8/3/23
to Wazuh mailing list
Hi Carlos,
I understand the situation you're facing with the passwords for user "wazuh" and "wazuh-wui." In Wazuh, there is a script available that allows you to change all passwords, including those for the indexer/dashboard and the Wazuh API. You can find detailed instructions in the Wazuh documentation here: link to the documentation.
If you encounter any issues or need further assistance, feel free to reach out. Best regards!
Warm regards,
Juan Cabrera
I understand the situation you're facing with the passwords for user "wazuh" and "wazuh-wui." In Wazuh, there is a script available that allows you to change all passwords, including those for the indexer/dashboard and the Wazuh API. You can find detailed instructions in the Wazuh documentation here: link to the documentation.
If you encounter any issues or need further assistance, feel free to reach out. Best regards!
Warm regards,
Juan Cabrera
Carlos Lopez
Aug 3, 2023, 5:58:27 AM8/3/23
to wa...@googlegroups.com
Thanks Juan, but according to documentation I need to know the current pass for wazuh user to execute it:
https://documentation.wazuh.com/current/installation-guide/wazuh-dashboard/step-by-step.html (I am using a distributed environment)
is that right?
Best regards,
C. L. Martinez
________________________________________
From: 'Juan Cabrera' via Wazuh mailing list <wa...@googlegroups.com>
Sent: 03 August 2023 11:49
To: Wazuh mailing list
Subject: Re: Recover passwords for wazuh and wazuh-wui user
Hi Carlos,
I understand the situation you're facing with the passwords for user "wazuh" and "wazuh-wui." In Wazuh, there is a script available that allows you to change all passwords, including those for the indexer/dashboard and the Wazuh API. You can find detailed instructions in the Wazuh documentation here: link to the documentation.<https://documentation.wazuh.com/current/user-manual/user-administration/password-management.html>
If you encounter any issues or need further assistance, feel free to reach out. Best regards!
Warm regards,
Juan Cabrera
On Thursday, August 3, 2023 at 11:04:28 AM UTC+2 Carlos Lopez wrote:
Hi all,
Due to a problem with our password manager, we have lost the passwords for user wazuh and wazuh-wui. For the wazuh-ui user we have been able to recover it from the dashboard server, but is there any way to recover the wazuh user's password or reset it?
Best regards,
C. L. Martinez
--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com<mailto:wazuh+un...@googlegroups.com>.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/2fcd9381-9594-4b7d-87ca-91aa27cae607n%40googlegroups.com<https://groups.google.com/d/msgid/wazuh/2fcd9381-9594-4b7d-87ca-91aa27cae607n%40googlegroups.com?utm_medium=email&utm_source=footer>.
https://documentation.wazuh.com/current/installation-guide/wazuh-dashboard/step-by-step.html (I am using a distributed environment)
is that right?
Best regards,
C. L. Martinez
From: 'Juan Cabrera' via Wazuh mailing list <wa...@googlegroups.com>
Sent: 03 August 2023 11:49
To: Wazuh mailing list
Subject: Re: Recover passwords for wazuh and wazuh-wui user
Hi Carlos,
I understand the situation you're facing with the passwords for user "wazuh" and "wazuh-wui." In Wazuh, there is a script available that allows you to change all passwords, including those for the indexer/dashboard and the Wazuh API. You can find detailed instructions in the Wazuh documentation here: link to the documentation.<https://documentation.wazuh.com/current/user-manual/user-administration/password-management.html>
If you encounter any issues or need further assistance, feel free to reach out. Best regards!
Warm regards,
Juan Cabrera
On Thursday, August 3, 2023 at 11:04:28 AM UTC+2 Carlos Lopez wrote:
Hi all,
Due to a problem with our password manager, we have lost the passwords for user wazuh and wazuh-wui. For the wazuh-ui user we have been able to recover it from the dashboard server, but is there any way to recover the wazuh user's password or reset it?
Best regards,
C. L. Martinez
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com<mailto:wazuh+un...@googlegroups.com>.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/2fcd9381-9594-4b7d-87ca-91aa27cae607n%40googlegroups.com<https://groups.google.com/d/msgid/wazuh/2fcd9381-9594-4b7d-87ca-91aa27cae607n%40googlegroups.com?utm_medium=email&utm_source=footer>.
Carlos Lopez
Aug 3, 2023, 6:07:44 AM8/3/23
to wa...@googlegroups.com
Uhmm ... it doesn't seem to work:
root@wzhsrv01:/tmp# sh wazuh-passwords-tool.sh -u wazuh -p OF2SWgKTCnp9yQy4Tc
03/08/2023 10:05:49 ERROR: The given user does not exist
Best regards,
C. L. Martinez
________________________________________
From: wa...@googlegroups.com <wa...@googlegroups.com> on behalf of Carlos Lopez <clo...@outlook.com>
Sent: 03 August 2023 11:58
To: wa...@googlegroups.com
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/PRAP251MB05673275E6FEAE6D8FBE9D4BDB08A%40PRAP251MB0567.EURP251.PROD.OUTLOOK.COM.
root@wzhsrv01:/tmp# sh wazuh-passwords-tool.sh -u wazuh -p OF2SWgKTCnp9yQy4Tc
03/08/2023 10:05:49 ERROR: The given user does not exist
Best regards,
C. L. Martinez
________________________________________
Sent: 03 August 2023 11:58
To: wa...@googlegroups.com
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/PRAP251MB05673275E6FEAE6D8FBE9D4BDB08A%40PRAP251MB0567.EURP251.PROD.OUTLOOK.COM.
Juan Cabrera
Aug 3, 2023, 8:21:16 AM8/3/23
to Wazuh mailing list
Hi Carlos,
Greetings! If you performed an unattended installation of Wazuh, the passwords you lost might be stored in a file. You can find more information about this in the Wazuh documentation here: link to the documentation.
Please check the provided link for instructions on how to access and retrieve the passwords from the file.
Best regards,
Juan Cabrera
Greetings! If you performed an unattended installation of Wazuh, the passwords you lost might be stored in a file. You can find more information about this in the Wazuh documentation here: link to the documentation.
Please check the provided link for instructions on how to access and retrieve the passwords from the file.
Best regards,
Juan Cabrera
Carlos Lopez
Aug 3, 2023, 8:24:39 AM8/3/23
to Wazuh mailing list, Juan Cabrera
Hi Juan,
It is not an unattended installation ... It is distributed installation: 3 wazuh-indexers nodes, 2 wazuh servers ( worker and manager)
Can i change wazuh's user pass using wazuh-wui user via API?
Best regards,
C. L. Martinez
________________________________________
From: 'Juan Cabrera' via Wazuh mailing list <wa...@googlegroups.com>
Sent: 03 August 2023 14:21
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/ced5a82f-dd8f-4390-8cf8-a1f6db3fc3e3n%40googlegroups.com<https://groups.google.com/d/msgid/wazuh/ced5a82f-dd8f-4390-8cf8-a1f6db3fc3e3n%40googlegroups.com?utm_medium=email&utm_source=footer>.
It is not an unattended installation ... It is distributed installation: 3 wazuh-indexers nodes, 2 wazuh servers ( worker and manager)
Can i change wazuh's user pass using wazuh-wui user via API?
Best regards,
C. L. Martinez
________________________________________
From: 'Juan Cabrera' via Wazuh mailing list <wa...@googlegroups.com>
To: Wazuh mailing list
Subject: Re: Recover passwords for wazuh and wazuh-wui user
Hi Carlos,
Greetings! If you performed an unattended installation of Wazuh, the passwords you lost might be stored in a file. You can find more information about this in the Wazuh documentation here: link to the documentation<https://documentation.wazuh.com/current/installation-guide/wazuh-dashboard/installation-assistant.html>.
Subject: Re: Recover passwords for wazuh and wazuh-wui user
Hi Carlos,
Juan Cabrera
Aug 3, 2023, 8:33:36 AM8/3/23
to Wazuh mailing list
Hello Carlos,
I’d like to share another method to reset the password for the wazuh user:
1. Access your master node and navigate to the python3 console:
root@wazuh-master:/# /var/ossec/framework/python/bin/python32. Once in the python3 console, import the update_user framework function and use it with the user_id and a new password. In this case, the user_id is 1 for the “wazuh” user.
>>> from wazuh.security import update_user >>> update_user(user_id="1", password="NewPassword1!").render()3. If the process was successful, you will receive the following output:
{'data': {'affected_items': [{'id': 1, 'username': 'wazuh', 'allow_run_as': True, 'roles': [1]}], 'total_affected_items': 1, 'total_failed_items': 0, 'failed_items': []}, 'message': 'User was successfully updated', 'error': 0}This indicates that the user has been updated, and the password has been reset.
Carlos Lopez
Aug 3, 2023, 11:16:08 AM8/3/23
to Wazuh mailing list, Juan Cabrera
Perfect!! ... it works .... many thanks Juan.
Best regards,
C. L. Martinez
________________________________________
From: 'Juan Cabrera' via Wazuh mailing list <wa...@googlegroups.com>
Sent: 03 August 2023 14:33
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/7b047e2b-f926-4425-b215-5f408ac63d9bn%40googlegroups.com<https://groups.google.com/d/msgid/wazuh/7b047e2b-f926-4425-b215-5f408ac63d9bn%40googlegroups.com?utm_medium=email&utm_source=footer>.
Best regards,
C. L. Martinez
________________________________________
From: 'Juan Cabrera' via Wazuh mailing list <wa...@googlegroups.com>
Reply all
Reply to author
Forward
0 new messages