We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Installing Wazuh server with the wizard, after installation the default user:password (wazuh:wazuh) is modified.
[root@centos7 vagrant]# bash wazuh-install.sh --wazuh-server wazuh-1 14/03/2024 13:37:31 INFO: Starting Wazuh installation assistant. Wazuh version: 4.7.3 14/03/2024 13:37:31 INFO: Verbose logging redirected to /var/log/wazuh-install.log 14/03/2024 13:37:38 WARNING: The system has Firewalld enabled. Please ensure that traffic is allowed on these ports: 1514, 1515, 1516, 55000. 14/03/2024 13:37:39 INFO: Wazuh repository added. 14/03/2024 13:37:39 INFO: --- Wazuh server --- 14/03/2024 13:37:39 INFO: Starting the Wazuh manager installation. 14/03/2024 13:39:18 INFO: Wazuh manager installation finished. 14/03/2024 13:39:18 INFO: Starting service wazuh-manager. 14/03/2024 13:39:32 INFO: wazuh-manager service started. 14/03/2024 13:39:32 INFO: Starting Filebeat installation. 14/03/2024 13:39:51 INFO: Filebeat installation finished. 14/03/2024 13:39:52 INFO: Filebeat post-install configuration finished. 14/03/2024 13:39:57 INFO: Starting service filebeat. 14/03/2024 13:39:57 INFO: filebeat service started. 14/03/2024 13:39:57 INFO: Installation finished. [1]+ Done TOKEN=$(curl -u wazuh:wazuh -k -X POST "https://localhost:55000/security/user/authenticate?raw=true") [root@centos7 vagrant]# TOKEN=$(curl -u wazuh:wazuh -k -X POST "https://localhost:55000/security/user/authenticate?raw=true") && echo $TOKEN % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 59 100 59 0 0 206 0 --:--:-- --:--:-- --:--:-- 206 {"title": "Unauthorized", "detail": "Invalid credentials"} [root@centos7 vagrant]# TOKEN=$(curl -u admin:admin -k -X POST "https://localhost:55000/security/user/authenticate?raw=true") && echo $TOKEN % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 59 100 59 0 0 405 0 --:--:-- --:--:-- --:--:-- 409 {"title": "Unauthorized", "detail": "Invalid credentials"} [root@centos7 vagrant]# cat /var/ossec/logs/api.log 2024/03/14 13:39:23 INFO: HTTPS is enabled but cannot find the private key and/or certificate. Attempting to generate them 2024/03/14 13:39:23 INFO: Generated private key file in WAZUH_PATH/api/configuration/ssl/server.key 2024/03/14 13:39:23 INFO: Generated certificate file in WAZUH_PATH/api/configuration/ssl/server.crt 2024/03/14 13:39:23 INFO: Checking RBAC database integrity... 2024/03/14 13:39:23 INFO: RBAC database not found. Initializing 2024/03/14 13:39:28 INFO: /var/ossec/api/configuration/security/rbac.db database created successfully 2024/03/14 13:39:28 INFO: RBAC database integrity check finished successfully 2024/03/14 13:39:34 INFO: Listening on 0.0.0.0:55000.. 2024/03/14 13:39:54 INFO: wazuh 127.0.0.1 "POST /security/user/authenticate" with parameters {"raw": "true"} and body {} done in 0.415s: 200 2024/03/14 13:39:54 INFO: wazuh 127.0.0.1 "GET /security/users" with parameters {"pretty": "true"} and body {} done in 0.107s: 200 2024/03/14 13:39:55 INFO: wazuh 127.0.0.1 "GET /security/users" with parameters {"pretty": "true"} and body {} done in 0.014s: 200 2024/03/14 13:39:55 INFO: wazuh 127.0.0.1 "PUT /security/users/1" with parameters {} and body {"password": "****"} done in 0.236s: 200 2024/03/14 13:39:57 INFO: wazuh 127.0.0.1 "POST /security/user/authenticate" with parameters {"raw": "true"} and body {} done in 0.303s: 200 2024/03/14 13:39:57 INFO: wazuh 127.0.0.1 "PUT /security/users/2" with parameters {} and body {"password": "****"} done in 0.245s: 200 2024/03/14 13:40:55 INFO: wazuh 127.0.0.1 "POST /security/user/authenticate" with parameters {"raw": "true"} and body {} done in 0.153s: 401 [root@centos7 vagrant]# systemctl disable firewalld.service Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service. Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service. [root@centos7 vagrant]# TOKEN=$(curl -u wazuh:wazuh -k -X POST "https://localhost:55000/security/user/authenticate?raw=true") && echo $TOKEN % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 59 100 59 0 0 207 0 --:--:-- --:--:-- --:--:-- 207 {"title": "Unauthorized", "detail": "Invalid credentials"} [root@centos7 vagrant]# netstat -tuln Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:1514 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:1515 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:55000 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN tcp6 0 0 :::22 :::* LISTEN udp 0 0 0.0.0.0:68 0.0.0.0:* udp 0 0 127.0.0.1:323 0.0.0.0:* udp6 0 0 ::1:323 :::*
root@ubuntu-jammy:/home/vagrant# bash wazuh-install.sh --wazuh-server wazuh-1 14/03/2024 13:45:50 INFO: Starting Wazuh installation assistant. Wazuh version: 4.7.3 14/03/2024 13:45:50 INFO: Verbose logging redirected to /var/log/wazuh-install.log 14/03/2024 13:46:01 INFO: --- Dependencies ---- 14/03/2024 13:46:01 INFO: Installing apt-transport-https. 14/03/2024 13:46:07 INFO: Wazuh repository added. 14/03/2024 13:46:07 INFO: --- Wazuh server --- 14/03/2024 13:46:07 INFO: Starting the Wazuh manager installation. 14/03/2024 13:47:21 INFO: Wazuh manager installation finished. 14/03/2024 13:47:21 INFO: Starting service wazuh-manager. 14/03/2024 13:47:38 INFO: wazuh-manager service started. 14/03/2024 13:47:38 INFO: Starting Filebeat installation. 14/03/2024 13:47:46 INFO: Filebeat installation finished. 14/03/2024 13:47:47 INFO: Filebeat post-install configuration finished. 14/03/2024 13:47:52 INFO: Starting service filebeat. 14/03/2024 13:47:53 INFO: filebeat service started. 14/03/2024 13:47:53 INFO: Installation finished. root@ubuntu-jammy:/home/vagrant# TOKEN=$(curl -u wazuh:wazuh -k -X POST "https://localhost:55000/security/user/authenticate?raw=true") && echo $TOKEN % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 59 100 59 0 0 163 0 --:--:-- --:--:-- --:--:-- 163 {"title": "Unauthorized", "detail": "Invalid credentials"} root@ubuntu-jammy:/home/vagrant# TOKEN=$(curl -u admin:admin -k -X POST "https://localhost:55000/security/user/authenticate?raw=true") && echo $TOKEN % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 59 100 59 0 0 2415 0 --:--:-- --:--:-- --:--:-- 2458 {"title": "Unauthorized", "detail": "Invalid credentials"} root@ubuntu-jammy:/home/vagrant# cat /var/ossec/logs/api.log 2024/03/14 13:47:27 INFO: HTTPS is enabled but cannot find the private key and/or certificate. Attempting to generate them 2024/03/14 13:47:28 INFO: Generated private key file in WAZUH_PATH/api/configuration/ssl/server.key 2024/03/14 13:47:28 INFO: Generated certificate file in WAZUH_PATH/api/configuration/ssl/server.crt 2024/03/14 13:47:28 INFO: Checking RBAC database integrity... 2024/03/14 13:47:28 INFO: RBAC database not found. Initializing 2024/03/14 13:47:30 INFO: /var/ossec/api/configuration/security/rbac.db database created successfully 2024/03/14 13:47:30 INFO: RBAC database integrity check finished successfully 2024/03/14 13:47:35 INFO: Listening on 0.0.0.0:55000.. 2024/03/14 13:47:49 INFO: wazuh 127.0.0.1 "POST /security/user/authenticate" with parameters {"raw": "true"} and body {} done in 0.614s: 200 2024/03/14 13:47:49 INFO: wazuh 127.0.0.1 "GET /security/users" with parameters {"pretty": "true"} and body {} done in 0.195s: 200 2024/03/14 13:47:49 INFO: wazuh 127.0.0.1 "GET /security/users" with parameters {"pretty": "true"} and body {} done in 0.025s: 200 2024/03/14 13:47:50 INFO: wazuh 127.0.0.1 "PUT /security/users/1" with parameters {} and body {"password": "****"} done in 0.376s: 200 2024/03/14 13:47:52 INFO: wazuh 127.0.0.1 "POST /security/user/authenticate" with parameters {"raw": "true"} and body {} done in 0.499s: 200 2024/03/14 13:47:52 INFO: wazuh 127.0.0.1 "PUT /security/users/2" with parameters {} and body {"password": "****"} done in 0.409s: 200 2024/03/14 13:47:56 INFO: wazuh 127.0.0.1 "POST /security/user/authenticate" with parameters {"raw": "true"} and body {} done in 0.341s: 401 root@ubuntu-jammy:/home/vagrant# systemctl disable firewalld.service Failed to disable unit: Unit file firewalld.service does not exist. root@ubuntu-jammy:/home/vagrant# TOKEN=$(curl -u wazuh:wazuh -k -X POST "https://localhost:55000/security/user/authenticate?raw=true") && echo $TOKEN % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 59 100 59 0 0 168 0 --:--:-- --:--:-- --:--:-- 168 {"title": "Unauthorized", "detail": "Invalid credentials"} root@ubuntu-jammy:/home/vagrant# netstat -tuln Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:55000 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:1514 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:1515 0.0.0.0:* LISTEN tcp6 0 0 :::22 :::* LISTEN udp 0 0 127.0.0.53:53 0.0.0.0:* udp 0 0 10.0.2.15:68 0.0.0.0:*
Checking the passwords:
root@ubuntu-jammy:/home/vagrant# tar -xvf wazuh-install-files.tar wazuh-install-files/ wazuh-install-files/admin-key.pem wazuh-install-files/admin.pem wazuh-install-files/dashboard-key.pem wazuh-install-files/dashboard.pem wazuh-install-files/node-1-key.pem wazuh-install-files/node-1.pem wazuh-install-files/root-ca.key wazuh-install-files/root-ca.pem wazuh-install-files/wazuh-1-key.pem wazuh-install-files/wazuh-1.pem wazuh-install-files/wazuh-2-key.pem wazuh-install-files/wazuh-2.pem wazuh-install-files/clusterkey wazuh-install-files/wazuh-passwords.txt wazuh-install-files/config.yml root@ubuntu-jammy:/home/vagrant# cat wazuh-install-files/wazuh-passwords.txt root@ubuntu-jammy:/home/vagrant# cat wazuh-install-files/wazuh-passwords.txt | grep api api_username: 'wazuh' api_password: 'X1VtrT.UGZGUV6nY?ZfU99bwz*9RmHZc' api_username: 'wazuh-wui' api_password: 'ibF*ZnwH15bhJ617AmxBx13dDCqc.zIU' root@ubuntu-jammy:/home/vagrant# TOKEN=$(curl -u wazuh:X1VtrT.UGZGUV6nY?ZfU99bwz*9RmHZc -k -X POST "https://localhost:55000/security/user/authenticate?raw=true") && echo $TOKEN % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 398 100 398 0 0 407 0 --:--:-- --:--:-- --:--:-- 407 eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNzEwNDI4OTA1LCJleHAiOjE3MTA0Mjk4MDUsInN1YiI6IndhenVoIiwicnVuX2FzIjpmYWxzZSwicmJhY19yb2xlcyI6WzFdLCJyYmFjX21vZGUiOiJ3aGl0ZSJ9.ACDP7b6AUaGW7RCfTGxYxL4UTt3bA4gamR-INJnQGM_qj8iOibtHQVhJfNQT0Oud_IBRymJQBhot3JHO2wv7wMR7AEEZaba9l90uP-Z1lT1F69dJ0WgG8G3kEURlPXDa-mxQUEjhCZvi3MoD65dB_gTaJJoTOKXA3Vg7Fxpg8kbVLHOw
The documentation does not mention anything regarding this change
Tasks:
The text was updated successfully, but these errors were encountered:
CarlosALgit
Successfully merging a pull request may close this issue.
Installing Wazuh server with the wizard, after installation the default user:password (wazuh:wazuh) is modified.
Centos7
Ubuntu22.04
Checking the passwords:
The documentation does not mention anything regarding this change
Tasks:
The text was updated successfully, but these errors were encountered: