Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixed API password change to match the user in wazuh.yml #2946

Merged
merged 4 commits into from May 13, 2024
Merged

Fixed API password change to match the user in wazuh.yml #2946

merged 4 commits into from May 13, 2024

Conversation

CarlosALgit
Copy link
Member

Related: wazuh/wazuh#22751

Description

The problem was that the Password Tool modified the password on wazuh.yml always to the one used by the user wazuh-wui.
Now, the fix done is that the Password Tool takes into account which user appears on wazuh.yml and updates the password to match the user.

Logs example

These changes have been done by storing a variable with the username on the wazuh.yml with the following line:

wazuh_yml_user=$(grep "username:" /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml | awk -F ': ' '{print $2}')

Then, the condition to update the Api Password has been changed for matching the user recovered from the file:

if [ "${api_users[i]}" == "${wazuh_yml_user}" ] && [ -n "${dashboard_installed}" ]; then
    passwords_changeDashboardApiPassword "${api_passwords[i]}"
fi

Tests

To test the changes I used a VM with Ubuntu 22.04 and updated the Password Tool with the changes mentioned above. Then I ran the script with the username on /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml equal to wazuh and checked that the password on the file is the one correspondent to wazuh user and not to wazuh-wui like it was before.

I ran the Password Tool with the user wazuh in the wazuh.yml file. The output was the following:
imagen

And the wazuh.yml file contains the password matching the user wazuh:
imagen

I did the same verification with the wazuh-wui user. I ran the Password Tool. The output was this:
imagen

And the wazuh.yml file contains the password matching the user wazuh-wui:
imagen

@CarlosALgit CarlosALgit requested a review from a team May 10, 2024 11:02
@CarlosALgit CarlosALgit self-assigned this May 10, 2024
c-bordon
c-bordon previously approved these changes May 10, 2024
View reviewed changes
@CarlosALgit
Copy link
Member Author

CarlosALgit commented May 13, 2024
edited

Update Report

Description

I realized by doing more tests that the variable took on more values than expected. In fact, it took all the occurrences of username: existing in the file, which made the fix not work correctly. I solved this by changing the way the username was collected to:

wazuh_yml_user=$(awk '/- default:/ {found=1} found && /username:/ {print $2}' /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml)

Tests

I attach more tests in AIO installation.

With wazuh configured as user The password generated by the Passwords Tool: 
root@ubuntu-focal:/home/vagrant/wazuh-packages/unattended_installer# ./wazuh-passwords-tool.sh -a -au wazuh -ap hua18+OvqQ?3n2iJENlQMTO+dsxZ2Oq+
13/05/2024 09:24:03 INFO: The password for user admin is SqC?JeOw*Y30IZIt?pdM7xo60k8cScdJ
13/05/2024 09:24:03 INFO: The password for user kibanaserver is 6QQjc+gz*P5O41J*bhJh67*IhmStsTFh
13/05/2024 09:24:03 INFO: The password for user kibanaro is +5oP4WdS6gWbHy?iLL1nF**3Vlk+nKba
13/05/2024 09:24:03 INFO: The password for user logstash is eGF?u65R04KbInUtt8Cc1UCDxvO5N?st
13/05/2024 09:24:03 INFO: The password for user readall is 5GZ9sgPnTodoXJeLcKhG+c14LeCJHknE
13/05/2024 09:24:03 INFO: The password for user snapshotrestore is T3ZIZ5DRXPR42h5UUSvT?hE.bl5iFYWy
13/05/2024 09:24:03 WARNING: Wazuh indexer passwords changed. Remember to update the password in the Wazuh dashboard and Filebeat nodes if necessary, and restart the services.
13/05/2024 09:24:05 INFO: The password for Wazuh API user wazuh is Ny7zRcEGzKCKTrKkjBXU?XlWBdcbt16T
13/05/2024 09:24:05 INFO: Updated wazuh-wui user password in wazuh dashboard. Remember to restart the service.
13/05/2024 09:24:10 INFO: The password for Wazuh API user wazuh-wui is 1Qbgd2LTnz1MwvBuEp5VQ+Efzo9CzfpR

The updated Password in the wazuh.yml:

hosts:
  - default:
      url: https://localhost
      port: 55000
      username: wazuh
      password: "Ny7zRcEGzKCKTrKkjBXU?XlWBdcbt16T"
      run_as: false
With wazuh-wui configured as user

The password generated by the Passwords Tool:

root@ubuntu-focal:/home/vagrant/wazuh-packages/unattended_installer# ./wazuh-passwords-tool.sh -a -au wazuh -ap Ny7zRcEGzKCKTrKkjBXU?XlWBdcbt16T
13/05/2024 09:28:10 INFO: The password for user admin is 9V1wlJV0CGi22Bc+ODzAkqgv5cceBkhY
13/05/2024 09:28:10 INFO: The password for user kibanaserver is NmM+hAovr?w7ik5YagbzZ+*h?b+s6jN8
13/05/2024 09:28:10 INFO: The password for user kibanaro is YxegeLzobS.mGd0Wl9kwwi.bbWhSrVns
13/05/2024 09:28:10 INFO: The password for user logstash is 15F?j.OAQ2bL8w?nH.Kh6.jgozDfC4fp
13/05/2024 09:28:10 INFO: The password for user readall is 2pcuhv.a9N62LH+klJZtMNCXFQ4x9RZ?
13/05/2024 09:28:10 INFO: The password for user snapshotrestore is mpqOzV?TP0s?0KZaF.Zj7?FyHoEauwAF
13/05/2024 09:28:10 WARNING: Wazuh indexer passwords changed. Remember to update the password in the Wazuh dashboard and Filebeat nodes if necessary, and restart the services.
13/05/2024 09:28:12 INFO: The password for Wazuh API user wazuh is .UETxk7Odc47JwY2BdX1liRxYQR7AT.*
13/05/2024 09:28:12 INFO: The password for Wazuh API user wazuh-wui is Ueaa9hsjyLfLhsyn42KJZQb7dHO*3Da.
13/05/2024 09:28:12 INFO: Updated wazuh-wui user password in wazuh dashboard. Remember to restart the service.

The updated Password in the wazuh.yml:

hosts:
  - default:
      url: https://localhost
      port: 55000
      username: wazuh-wui
      password: "Ueaa9hsjyLfLhsyn42KJZQb7dHO*3Da."
      run_as: false

@CarlosALgit CarlosALgit requested review from c-bordon and a team May 13, 2024 09:35
@CarlosALgit CarlosALgit removed the request for review from c-bordon May 13, 2024 10:51
@teddytpc1 teddytpc1 linked an issue May 13, 2024 that may be closed by this pull request
Failing to connect to API in Web UI after changing API user passwords using wazuh-passwords-tool.sh wazuh/wazuh#22751
Closed
@teddytpc1 teddytpc1 merged commit c299d71 into master May 13, 2024
2 of 5 checks passed
@teddytpc1 teddytpc1 deleted the bug/22751-failing-connexion-api-after-changing-passwords branch May 13, 2024 13:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@teddytpc1 teddytpc1 teddytpc1 approved these changes

@davidcr01 davidcr01 davidcr01 approved these changes

@c-bordon c-bordon c-bordon left review comments

Assignees

@CarlosALgit CarlosALgit

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Failing to connect to API in Web UI after changing API user passwords using wazuh-passwords-tool.sh
4 participants
@CarlosALgit @teddytpc1 @c-bordon @davidcr01