Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Wazuh installation assistant modifies wazuh-api passwords #2883

Open
2 tasks done
pro-akim opened this issue Mar 14, 2024 · 0 comments · Fixed by #2957 · May be fixed by wazuh/wazuh-documentation#7322
Open
2 tasks done

Wazuh installation assistant modifies wazuh-api passwords #2883

pro-akim opened this issue Mar 14, 2024 · 0 comments · Fixed by #2957 · May be fixed by wazuh/wazuh-documentation#7322
Assignees
@CarlosALgit
Labels
level/task Subtask issue type/bug Bug issue

Comments

@pro-akim
Copy link
Member

pro-akim commented Mar 14, 2024
edited by CarlosALgit

Wazuh version Install type Action performed Platform
4.7.2 Installation Assitant Install Any

Installing Wazuh server with the wizard, after installation the default user:password (wazuh:wazuh) is modified.

Centos7 
[root@centos7 vagrant]# bash wazuh-install.sh --wazuh-server wazuh-1
14/03/2024 13:37:31 INFO: Starting Wazuh installation assistant. Wazuh version: 4.7.3
14/03/2024 13:37:31 INFO: Verbose logging redirected to /var/log/wazuh-install.log
14/03/2024 13:37:38 WARNING: The system has Firewalld enabled. Please ensure that traffic is allowed on these ports: 1514, 1515, 1516, 55000.
14/03/2024 13:37:39 INFO: Wazuh repository added.
14/03/2024 13:37:39 INFO: --- Wazuh server ---
14/03/2024 13:37:39 INFO: Starting the Wazuh manager installation.
14/03/2024 13:39:18 INFO: Wazuh manager installation finished.
14/03/2024 13:39:18 INFO: Starting service wazuh-manager.
14/03/2024 13:39:32 INFO: wazuh-manager service started.
14/03/2024 13:39:32 INFO: Starting Filebeat installation.
14/03/2024 13:39:51 INFO: Filebeat installation finished.
14/03/2024 13:39:52 INFO: Filebeat post-install configuration finished.
14/03/2024 13:39:57 INFO: Starting service filebeat.
14/03/2024 13:39:57 INFO: filebeat service started.
14/03/2024 13:39:57 INFO: Installation finished.

[1]+  Done                    TOKEN=$(curl -u wazuh:wazuh -k -X POST "https://localhost:55000/security/user/authenticate?raw=true")
[root@centos7 vagrant]# TOKEN=$(curl -u wazuh:wazuh -k -X POST "https://localhost:55000/security/user/authenticate?raw=true") && echo $TOKEN
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100    59  100    59    0     0    206      0 --:--:-- --:--:-- --:--:--   206
{"title": "Unauthorized", "detail": "Invalid credentials"}

[root@centos7 vagrant]# TOKEN=$(curl -u admin:admin -k -X POST "https://localhost:55000/security/user/authenticate?raw=true") && echo $TOKEN
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100    59  100    59    0     0    405      0 --:--:-- --:--:-- --:--:--   409
{"title": "Unauthorized", "detail": "Invalid credentials"}

[root@centos7 vagrant]# cat /var/ossec/logs/api.log 
2024/03/14 13:39:23 INFO: HTTPS is enabled but cannot find the private key and/or certificate. Attempting to generate them
2024/03/14 13:39:23 INFO: Generated private key file in WAZUH_PATH/api/configuration/ssl/server.key
2024/03/14 13:39:23 INFO: Generated certificate file in WAZUH_PATH/api/configuration/ssl/server.crt
2024/03/14 13:39:23 INFO: Checking RBAC database integrity...
2024/03/14 13:39:23 INFO: RBAC database not found. Initializing
2024/03/14 13:39:28 INFO: /var/ossec/api/configuration/security/rbac.db database created successfully
2024/03/14 13:39:28 INFO: RBAC database integrity check finished successfully
2024/03/14 13:39:34 INFO: Listening on 0.0.0.0:55000..
2024/03/14 13:39:54 INFO: wazuh 127.0.0.1 "POST /security/user/authenticate" with parameters {"raw": "true"} and body {} done in 0.415s: 200
2024/03/14 13:39:54 INFO: wazuh 127.0.0.1 "GET /security/users" with parameters {"pretty": "true"} and body {} done in 0.107s: 200
2024/03/14 13:39:55 INFO: wazuh 127.0.0.1 "GET /security/users" with parameters {"pretty": "true"} and body {} done in 0.014s: 200
2024/03/14 13:39:55 INFO: wazuh 127.0.0.1 "PUT /security/users/1" with parameters {} and body {"password": "****"} done in 0.236s: 200
2024/03/14 13:39:57 INFO: wazuh 127.0.0.1 "POST /security/user/authenticate" with parameters {"raw": "true"} and body {} done in 0.303s: 200
2024/03/14 13:39:57 INFO: wazuh 127.0.0.1 "PUT /security/users/2" with parameters {} and body {"password": "****"} done in 0.245s: 200
2024/03/14 13:40:55 INFO: wazuh 127.0.0.1 "POST /security/user/authenticate" with parameters {"raw": "true"} and body {} done in 0.153s: 401

[root@centos7 vagrant]# systemctl disable firewalld.service
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.

[root@centos7 vagrant]# TOKEN=$(curl -u wazuh:wazuh -k -X POST "https://localhost:55000/security/user/authenticate?raw=true") && echo $TOKEN
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100    59  100    59    0     0    207      0 --:--:-- --:--:-- --:--:--   207
{"title": "Unauthorized", "detail": "Invalid credentials"}

[root@centos7 vagrant]# netstat -tuln
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 0.0.0.0:1514            0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:1515            0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:55000           0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN     
tcp6       0      0 :::22                   :::*                    LISTEN     
udp        0      0 0.0.0.0:68              0.0.0.0:*                          
udp        0      0 127.0.0.1:323           0.0.0.0:*                          
udp6       0      0 ::1:323                 :::*
Ubuntu22.04 
root@ubuntu-jammy:/home/vagrant# bash wazuh-install.sh --wazuh-server wazuh-1
14/03/2024 13:45:50 INFO: Starting Wazuh installation assistant. Wazuh version: 4.7.3
14/03/2024 13:45:50 INFO: Verbose logging redirected to /var/log/wazuh-install.log
14/03/2024 13:46:01 INFO: --- Dependencies ----
14/03/2024 13:46:01 INFO: Installing apt-transport-https.
14/03/2024 13:46:07 INFO: Wazuh repository added.
14/03/2024 13:46:07 INFO: --- Wazuh server ---
14/03/2024 13:46:07 INFO: Starting the Wazuh manager installation.
14/03/2024 13:47:21 INFO: Wazuh manager installation finished.
14/03/2024 13:47:21 INFO: Starting service wazuh-manager.
14/03/2024 13:47:38 INFO: wazuh-manager service started.
14/03/2024 13:47:38 INFO: Starting Filebeat installation.
14/03/2024 13:47:46 INFO: Filebeat installation finished.
14/03/2024 13:47:47 INFO: Filebeat post-install configuration finished.
14/03/2024 13:47:52 INFO: Starting service filebeat.
14/03/2024 13:47:53 INFO: filebeat service started.
14/03/2024 13:47:53 INFO: Installation finished.
root@ubuntu-jammy:/home/vagrant# TOKEN=$(curl -u wazuh:wazuh -k -X POST "https://localhost:55000/security/user/authenticate?raw=true") && echo $TOKEN
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100    59  100    59    0     0    163      0 --:--:-- --:--:-- --:--:--   163
{"title": "Unauthorized", "detail": "Invalid credentials"}

root@ubuntu-jammy:/home/vagrant# TOKEN=$(curl -u admin:admin -k -X POST "https://localhost:55000/security/user/authenticate?raw=true") && echo $TOKEN
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100    59  100    59    0     0   2415      0 --:--:-- --:--:-- --:--:--  2458
{"title": "Unauthorized", "detail": "Invalid credentials"}


root@ubuntu-jammy:/home/vagrant# cat /var/ossec/logs/api.log 
2024/03/14 13:47:27 INFO: HTTPS is enabled but cannot find the private key and/or certificate. Attempting to generate them
2024/03/14 13:47:28 INFO: Generated private key file in WAZUH_PATH/api/configuration/ssl/server.key
2024/03/14 13:47:28 INFO: Generated certificate file in WAZUH_PATH/api/configuration/ssl/server.crt
2024/03/14 13:47:28 INFO: Checking RBAC database integrity...
2024/03/14 13:47:28 INFO: RBAC database not found. Initializing
2024/03/14 13:47:30 INFO: /var/ossec/api/configuration/security/rbac.db database created successfully
2024/03/14 13:47:30 INFO: RBAC database integrity check finished successfully
2024/03/14 13:47:35 INFO: Listening on 0.0.0.0:55000..
2024/03/14 13:47:49 INFO: wazuh 127.0.0.1 "POST /security/user/authenticate" with parameters {"raw": "true"} and body {} done in 0.614s: 200
2024/03/14 13:47:49 INFO: wazuh 127.0.0.1 "GET /security/users" with parameters {"pretty": "true"} and body {} done in 0.195s: 200
2024/03/14 13:47:49 INFO: wazuh 127.0.0.1 "GET /security/users" with parameters {"pretty": "true"} and body {} done in 0.025s: 200
2024/03/14 13:47:50 INFO: wazuh 127.0.0.1 "PUT /security/users/1" with parameters {} and body {"password": "****"} done in 0.376s: 200
2024/03/14 13:47:52 INFO: wazuh 127.0.0.1 "POST /security/user/authenticate" with parameters {"raw": "true"} and body {} done in 0.499s: 200
2024/03/14 13:47:52 INFO: wazuh 127.0.0.1 "PUT /security/users/2" with parameters {} and body {"password": "****"} done in 0.409s: 200
2024/03/14 13:47:56 INFO: wazuh 127.0.0.1 "POST /security/user/authenticate" with parameters {"raw": "true"} and body {} done in 0.341s: 401

root@ubuntu-jammy:/home/vagrant# systemctl disable firewalld.service
Failed to disable unit: Unit file firewalld.service does not exist.
root@ubuntu-jammy:/home/vagrant# TOKEN=$(curl -u wazuh:wazuh -k -X POST "https://localhost:55000/security/user/authenticate?raw=true") && echo $TOKEN
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100    59  100    59    0     0    168      0 --:--:-- --:--:-- --:--:--   168
{"title": "Unauthorized", "detail": "Invalid credentials"}

root@ubuntu-jammy:/home/vagrant# netstat -tuln
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:55000           0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:1514            0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:1515            0.0.0.0:*               LISTEN     
tcp6       0      0 :::22                   :::*                    LISTEN     
udp        0      0 127.0.0.53:53           0.0.0.0:*                          
udp        0      0 10.0.2.15:68            0.0.0.0:*

Checking the passwords:

root@ubuntu-jammy:/home/vagrant# tar -xvf wazuh-install-files.tar 
wazuh-install-files/
wazuh-install-files/admin-key.pem
wazuh-install-files/admin.pem
wazuh-install-files/dashboard-key.pem
wazuh-install-files/dashboard.pem
wazuh-install-files/node-1-key.pem
wazuh-install-files/node-1.pem
wazuh-install-files/root-ca.key
wazuh-install-files/root-ca.pem
wazuh-install-files/wazuh-1-key.pem
wazuh-install-files/wazuh-1.pem
wazuh-install-files/wazuh-2-key.pem
wazuh-install-files/wazuh-2.pem
wazuh-install-files/clusterkey
wazuh-install-files/wazuh-passwords.txt
wazuh-install-files/config.yml
root@ubuntu-jammy:/home/vagrant# cat wazuh-install-files/wazuh-passwords.txt 


root@ubuntu-jammy:/home/vagrant# cat wazuh-install-files/wazuh-passwords.txt | grep api
  api_username: 'wazuh'
  api_password: 'X1VtrT.UGZGUV6nY?ZfU99bwz*9RmHZc'
  api_username: 'wazuh-wui'
  api_password: 'ibF*ZnwH15bhJ617AmxBx13dDCqc.zIU'

root@ubuntu-jammy:/home/vagrant# TOKEN=$(curl -u wazuh:X1VtrT.UGZGUV6nY?ZfU99bwz*9RmHZc -k -X POST "https://localhost:55000/security/user/authenticate?raw=true") && echo $TOKEN
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   398  100   398    0     0    407      0 --:--:-- --:--:-- --:--:--   407
eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNzEwNDI4OTA1LCJleHAiOjE3MTA0Mjk4MDUsInN1YiI6IndhenVoIiwicnVuX2FzIjpmYWxzZSwicmJhY19yb2xlcyI6WzFdLCJyYmFjX21vZGUiOiJ3aGl0ZSJ9.ACDP7b6AUaGW7RCfTGxYxL4UTt3bA4gamR-INJnQGM_qj8iOibtHQVhJfNQT0Oud_IBRymJQBhot3JHO2wv7wMR7AEEZaba9l90uP-Z1lT1F69dJ0WgG8G3kEURlPXDa-mxQUEjhCZvi3MoD65dB_gTaJJoTOKXA3Vg7Fxpg8kbVLHOw

The documentation does not mention anything regarding this change

Tasks:

  • Fix the output (show the password or how to get the password after the installation)
  • Documentation should report this behavior
@pro-akim pro-akim added level/task Subtask issue type/bug Bug issue labels Mar 14, 2024
@pro-akim pro-akim changed the title Wazuh installation wizard modifies wazuh-api passwords Wazuh installation assistant modifies wazuh-api passwords Mar 14, 2024
@pro-akim pro-akim mentioned this issue Mar 14, 2024
Closed
6 tasks
@teddytpc1 teddytpc1 assigned CarlosALgit and unassigned Enaraque May 13, 2024
@CarlosALgit CarlosALgit mentioned this issue May 20, 2024
Merged
@CarlosALgit CarlosALgit linked a pull request May 20, 2024 that will close this issue
Print on console the wazuh user's password when installing Wazuh server. #2957
Merged
@CarlosALgit CarlosALgit linked a pull request May 22, 2024 that will close this issue
Open
@c-bordon c-bordon reopened this May 22, 2024
@teddytpc1 teddytpc1 linked a pull request May 22, 2024 that will close this issue
Add note about the changed paswords when installing. wazuh/wazuh-documentation#7322
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@CarlosALgit CarlosALgit

Labels
level/task Subtask issue type/bug Bug issue
Projects
Release 5.0.0
Status: Backlog
Milestone
No milestone
4 participants
@c-bordon @Enaraque @CarlosALgit @pro-akim