Wazuh password tool should work for users created through the UI #2503
Assignees
Labels
Comments
Update ReportInvestigating the problemThis issue aims to update the Related issue: https://github.com/wazuh/external-devel-requests/issues/286 The main problem remains when both the UI and the Password tool is used, so modifying the Wazuh dashboard package to update the A possible approach is to make a prevent backup and update the users created with the UI in the Tasks
|
Update ReportReproducing the errorAfter creating an internal user using the UI, and trying to change the password for this user, it is proved that the reported error is reproduced. I tried to create the internal user "test" and grant it administrator permissions. The followed documentation is:
root@ubuntu22:/home/vagrant# cat /etc/wazuh-indexer/opensearch-security/internal_users.yml
---
_meta:
type: "internalusers"
config_version: 2
admin:
hash: $2y$12$HlvII7krWtQCY3f/N1M9duf6fd8wvTEZb4OIQra/J.2R/kPEY8R9K
reserved: true
backend_roles:
- "admin"
description: "Demo admin user"
kibanaserver:
hash: $2y$12$lWUKidjrHsYIv1VRCQ2WmeUujquFGOQ/Qa6R9FSRR3r2KNpYNRMX.
reserved: true
description: "Demo kibanaserver user"
kibanaro:
hash: $2y$12$BRu39WNdTbFuKfA3WJCLn.WgIouq5P5g0WohaHjDWwwSC2h3ui/xy
reserved: false
backend_roles:
- "kibanauser"
- "readall"
attributes:
attribute1: "value1"
attribute2: "value2"
attribute3: "value3"
description: "Demo kibanaro user"
logstash:
hash: $2y$12$eqahAw1npViCk81Uws7lQuV1mzj.0u3KZaiDq5UE4aUwhvoTCqwFG
reserved: false
backend_roles:
- "logstash"
description: "Demo logstash user"
readall:
hash: $2y$12$DPEJHCWa6X2oiPhqm5PnCeqsIcpaXMuZTvXF7/ExGe1CiIbfXK1.6
reserved: false
backend_roles:
- "readall"
description: "Demo readall user"
snapshotrestore:
hash: $2y$12$8y31lrpwFuXy8BGiNdglk.O5CPVN/zXsosqeSW1a604j8HdRN8C16
reserved: false
backend_roles:
- "snapshotrestore"
description: "Demo snapshotrestore user"
root@ubuntu22:/home/vagrant# curl -so wazuh-passwords-tool.sh https://packages.wazuh.com/4.5/wazuh-passwords-tool.sh
root@ubuntu22:/home/vagrant# bash wazuh-passwords-tool.sh -u test -p Secr3tP4ssw*rd
18/10/2023 16:53:57 ERROR: The given user does not exist
|
Update ReportPoCThe following test has been performed in order to test if the workaround is valid:
Prevent backuproot@ubuntu22:/home/vagrant# export OPENSEARCH_CONF_DIR=/etc/wazuh-indexer
root@ubuntu22:/home/vagrant# export JAVA_HOME=/usr/share/wazuh-indexer/jdk/
root@ubuntu22:/home/vagrant# /usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh -backup /etc/wazuh-indexer/backup -icl -p 9200 -nhnv -cacert /etc/wazuh-indexer/certs/root-ca.pem -cert /etc/wazuh-indexer/certs/admin.pem -key /etc/wazuh-indexer/certs/admin-key.pem -h 127.0.0.1
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.6.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml
SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml
Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml
SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml
Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml
SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml
Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml
SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml
Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml
SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml
Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml
SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml
Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml
SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml
Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml
SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml
Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml
SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml
Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml
SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml
root@ubuntu22:/home/vagrant# cat /etc/wazuh-indexer/backup/
action_groups.yml audit.yml internal_users.yml roles_mapping.yml tenants.yml
allowlist.yml config.yml nodes_dn.yml roles.yml whitelist.yml
root@ubuntu22:/home/vagrant# cat /etc/wazuh-indexer/backup/internal_users.yml
---
logstash:
hash: "$2y$12$QWz9m94r9JBlqqzQL/WAi.gMfXF/dmWJDff5pVSAsFIpg60ATpiHW"
reserved: false
hidden: false
backend_roles:
- "logstash"
attributes: {}
description: "Demo logstash user"
opendistro_security_roles: []
static: false
test:
hash: "$2y$12$Ugyy6q7J07MCx0H8MfaFMeLdSDMHyCm9zrDLRskoOaZai7gHFab8u"
reserved: false
hidden: false
backend_roles:
- "test"
attributes:
description: "test"
opendistro_security_roles: []
static: false
snapshotrestore:
hash: "$2y$12$ltIFypP3QJFZ1z0lBgV5IuY8AHl8C/pUmozn/JuMn41TZrNOrUXoC"
reserved: false
hidden: false
backend_roles:
- "snapshotrestore"
attributes: {}
description: "Demo snapshotrestore user"
opendistro_security_roles: []
static: false
_meta:
type: "internalusers"
config_version: 2
admin:
hash: "$2y$12$DNjFMB0W7CLoPXBFfgv2JuArgzy3jYplrHPtoSAUcAZxg2K2Xn26C"
reserved: true
hidden: false
backend_roles:
- "admin"
attributes: {}
description: "Demo admin user"
opendistro_security_roles: []
static: false
kibanaserver:
hash: "$2y$12$SPzywAk5rK6HbBlGE0kbCOqv.AKviEiyJdJDsVjcw7..O/dx5Apja"
reserved: true
hidden: false
backend_roles: []
attributes: {}
description: "Demo kibanaserver user"
opendistro_security_roles: []
static: false
kibanaro:
hash: "$2y$12$7uJ7kRivQMrND0p4eaRMMOmweR8yFNeYfJ.0s.ePNbNmqMnUCy0MO"
reserved: false
hidden: false
backend_roles:
- "kibanauser"
- "readall"
attributes:
attribute1: "value1"
attribute2: "value2"
attribute3: "value3"
description: "Demo kibanaro user"
opendistro_security_roles: []
static: false
readall:
hash: "$2y$12$zJTIipqjMwSBjc8PLnZ37.PHDKK4uu6/GYJi8c0hw5Z/Yubbn.H86"
reserved: false
hidden: false
backend_roles:
- "readall"
attributes: {}
description: "Demo readall user"
opendistro_security_roles: []
static: falseThe test user is in the internal_users.yml file. Copy `internal_users.yml` file and run the `securityadmin` toolroot@ubuntu22:/home/vagrant# /usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh -f /etc/wazuh-indexer/backup/internal_users.yml -t internalusers -p 9200 -nhnv -cacert /etc/wazuh-indexer/certs/root-ca.pem -cert /etc/wazuh-indexer/certs/admin.pem -key /etc/wazuh-indexer/certs/admin-key.pem -icl -h 127.0.0.1
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.6.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Populate config from /home/vagrant
Force type: internalusers
Will update '/internalusers' with /etc/wazuh-indexer/backup/internal_users.yml
SUCC: Configuration for 'internalusers' created or updated
SUCC: Expected 1 config types for node {"updated_config_types":["internalusers"],"updated_config_size":1,"message":null} is 1 (["internalusers"]) due to: null
Done with success
root@ubuntu22:/home/vagrant# cp /etc/wazuh-indexer/backup/internal_users.yml /etc/wazuh-indexer/opensearch-security/internal_users.yml
root@ubuntu22:/home/vagrant# rm -rf /etc/wazuh-indexer/backup/Change the password of the UI created userroot@ubuntu22:/home/vagrant# bash wazuh-passwords-tool.sh -u test
+ main -u test
+ umask 177
+ common_checkRoot
+ '[' 0 -ne 0 ']'
+ '[' -n -u ']'
+ '[' -n -u ']'
+ case "${1}" in
+ '[' -z test ']'
+ nuser=test
+ shift 2
+ '[' -n '' ']'
+ export JAVA_HOME=/usr/share/wazuh-indexer/jdk/
+ JAVA_HOME=/usr/share/wazuh-indexer/jdk/
+ '[' -n '' ']'
+ '[' -n '' ']'
+ common_checkSystem
++ command -v yum
+ '[' -n '' ']'
++ command -v apt-get
+ '[' -n /usr/bin/apt-get ']'
+ sys_type=apt-get
+ sep==
+ common_checkInstalled
+ wazuh_installed=
+ indexer_installed=
+ filebeat_installed=
+ dashboard_installed=
+ '[' apt-get == yum ']'
+ '[' apt-get == apt-get ']'
++ apt list --installed
++ grep wazuh-manager
+ wazuh_installed='wazuh-manager/stable,now 4.5.4-1 amd64 [installed]'
+ '[' -d /var/ossec ']'
+ wazuh_remaining_files=1
+ '[' apt-get == yum ']'
+ '[' apt-get == apt-get ']'
++ grep wazuh-indexer
++ apt list --installed
+ indexer_installed='wazuh-indexer/stable,now 4.5.4-1 amd64 [installed]'
+ '[' -d /var/lib/wazuh-indexer/ ']'
+ indexer_remaining_files=1
+ '[' apt-get == yum ']'
+ '[' apt-get == apt-get ']'
++ apt list --installed
++ grep filebeat
+ filebeat_installed='filebeat/stable,now 7.10.2 amd64 [installed]'
+ '[' -d /var/lib/filebeat/ ']'
+ filebeat_remaining_files=1
+ '[' apt-get == yum ']'
+ '[' apt-get == apt-get ']'
++ apt list --installed
++ grep wazuh-dashboard
+ dashboard_installed='wazuh-dashboard/stable,now 4.5.4-1 amd64 [installed]'
+ '[' -d /var/lib/wazuh-dashboard/ ']'
+ '[' -d /usr/share/wazuh-dashboard ']'
+ dashboard_remaining_files=1
+ '[' -n '' ']'
+ '[' -n test ']'
+ '[' -n '' ']'
+ '[' -n '' ']'
+ '[' -n test ']'
+ '[' -n '' ']'
+ '[' -n '' ']'
+ '[' -z test ']'
+ '[' -z test ']'
+ '[' -n test ']'
+ '[' -n '' ']'
+ '[' -n 'wazuh-indexer/stable,now 4.5.4-1 amd64 [installed]' ']'
+ passwords_readUsers
++ grep -B 1 hash: /etc/wazuh-indexer/opensearch-security/internal_users.yml
++ grep -v -
++ grep -v hash:
++ awk '{ print substr( $0, 1, length($0)-1 ) }'
+ susers='logstash
test
snapshotrestore
admin
kibanaserver
kibanaro
readall'
+ mapfile -t users
+ passwords_checkUser
+ '[' -n '' ']'
+ for i in "${!users[@]}"
+ '[' logstash == test ']'
+ for i in "${!users[@]}"
+ '[' test == test ']'
+ exists=1
+ for i in "${!users[@]}"
+ '[' snapshotrestore == test ']'
+ for i in "${!users[@]}"
+ '[' admin == test ']'
+ for i in "${!users[@]}"
+ '[' kibanaserver == test ']'
+ for i in "${!users[@]}"
+ '[' kibanaro == test ']'
+ for i in "${!users[@]}"
+ '[' readall == test ']'
+ '[' -z 1 ']'
+ '[' -n test ']'
+ '[' -z '' ']'
+ autopass=1
+ passwords_generatePassword
+ '[' -n test ']'
+ common_logger -d 'Generating random password.'
++ date '+%d/%m/%Y %H:%M:%S'
+ now='24/10/2023 16:32:18'
+ mtype=INFO:
+ debugLogger=
+ nolog=
+ '[' -n -d ']'
+ '[' -n -d ']'
+ case ${1} in
+ debugLogger=1
+ mtype=DEBUG:
+ shift 1
+ '[' -n 'Generating random password.' ']'
+ case ${1} in
+ message='Generating random password.'
+ shift 1
+ '[' -n '' ']'
+ '[' -z 1 ']'
+ '[' -n 1 ']'
+ '[' -n '' ']'
++ tr -dc 'A-Za-z0-9.*+?'
++ head -c 28
++ echo
+ pass='qllOCHEeZnO2APkGOW3+P?3CkbYu'
++ tr -dc '.*+?'
++ head -c 1
++ echo
+ special_char='?'
++ tr -dc a-z
++ head -c 1
++ echo
+ minus_char=z
++ tr -dc A-Z
++ head -c 1
++ echo
+ mayus_char=N
++ tr -dc 0-9
++ head -c 1
++ echo
+ number_char=7
++ echo 'qllOCHEeZnO2APkGOW3+P?3CkbYu?zN7'
++ tr -d '\n'
++ shuf
++ fold -w1
+ password='zGe2CZOP+YA?3u3knEllWNPH?7kCOqOb'
+ '[' 0 '!=' 0 ']'
+ '[' -n test ']'
+ '[' -n 'zGe2CZOP+YA?3u3knEllWNPH?7kCOqOb' ']'
+ passwords_checkPassword 'zGe2CZOP+YA?3u3knEllWNPH?7kCOqOb'
+ echo 'zGe2CZOP+YA?3u3knEllWNPH?7kCOqOb'
+ grep -q '[A-Z]'
+ echo 'zGe2CZOP+YA?3u3knEllWNPH?7kCOqOb'
+ grep -q '[a-z]'
+ echo 'zGe2CZOP+YA?3u3knEllWNPH?7kCOqOb'
+ grep -q '[0-9]'
+ echo 'zGe2CZOP+YA?3u3knEllWNPH?7kCOqOb'
+ grep -q '[.*+?-]'
+ '[' 32 -lt 8 ']'
+ '[' 32 -gt 64 ']'
+ '[' -n '' ']'
+ '[' -n '' ']'
+ '[' -n '' ']'
+ '[' -z '' ']'
+ '[' -n 'wazuh-indexer/stable,now 4.5.4-1 amd64 [installed]' ']'
+ passwords_getNetworkHost
++ grep -hr network.host: /etc/wazuh-indexer/opensearch.yml
+ IP='network.host: "127.0.0.1"'
+ NH='network.host: '
+ IP='"127.0.0.1"'
+ [[ "127.0.0.1" =~ _.*_ ]]
+ '[' '"127.0.0.1"' == 0.0.0.0 ']'
+ passwords_generateHash
+ '[' -n '' ']'
+ common_logger 'Generating password hash'
++ date '+%d/%m/%Y %H:%M:%S'
+ now='24/10/2023 16:32:18'
+ mtype=INFO:
+ debugLogger=
+ nolog=
+ '[' -n 'Generating password hash' ']'
+ '[' -n 'Generating password hash' ']'
+ case ${1} in
+ message='Generating password hash'
+ shift 1
+ '[' -n '' ']'
+ '[' -z '' ']'
+ '[' 0 -eq 0 ']'
+ '[' -z '' ']'
+ printf '%s\n' '24/10/2023 16:32:18 INFO: Generating password hash'
+ tee -a /var/log/wazuh-passwords-tool.log
24/10/2023 16:32:18 INFO: Generating password hash
++ bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/hash.sh -p 'zGe2CZOP+YA?3u3knEllWNPH?7kCOqOb'
++ tail -n 1
++ grep -A 2 issues
+ hash='$2y$12$P7JNYqOE.AwnvxKPp7TCEOHd2iBg9P3Mke5GybDrTaj6wD.6H9MSy'
+ '[' 0 '!=' 0 ']'
+ common_logger -d 'Password hash generated.'
++ date '+%d/%m/%Y %H:%M:%S'
+ now='24/10/2023 16:32:19'
+ mtype=INFO:
+ debugLogger=
+ nolog=
+ '[' -n -d ']'
+ '[' -n -d ']'
+ case ${1} in
+ debugLogger=1
+ mtype=DEBUG:
+ shift 1
+ '[' -n 'Password hash generated.' ']'
+ case ${1} in
+ message='Password hash generated.'
+ shift 1
+ '[' -n '' ']'
+ '[' -z 1 ']'
+ '[' -n 1 ']'
+ '[' -n '' ']'
+ passwords_changePassword
+ '[' -n '' ']'
+ '[' -z '' ']'
+ '[' -n 'wazuh-indexer/stable,now 4.5.4-1 amd64 [installed]' ']'
+ eval 'mkdir /etc/wazuh-indexer/backup/ 2>/dev/null'
++ mkdir /etc/wazuh-indexer/backup/
+ eval 'cp /etc/wazuh-indexer/opensearch-security/* /etc/wazuh-indexer/backup/ 2>/dev/null'
++ cp /etc/wazuh-indexer/opensearch-security/action_groups.yml /etc/wazuh-indexer/opensearch-security/allowlist.yml /etc/wazuh-indexer/opensearch-security/audit.yml /etc/wazuh-indexer/opensearch-security/config.yml /etc/wazuh-indexer/opensearch-security/internal_users.yml /etc/wazuh-indexer/opensearch-security/nodes_dn.yml /etc/wazuh-indexer/opensearch-security/opensearch.yml.example /etc/wazuh-indexer/opensearch-security/roles_mapping.yml /etc/wazuh-indexer/opensearch-security/roles.yml /etc/wazuh-indexer/opensearch-security/tenants.yml /etc/wazuh-indexer/opensearch-security/whitelist.yml /etc/wazuh-indexer/backup/
+ passwords_createBackUp
+ '[' -z 'wazuh-indexer/stable,now 4.5.4-1 amd64 [installed]' ']'
+ '[' -n 'wazuh-indexer/stable,now 4.5.4-1 amd64 [installed]' ']'
++ grep 'plugins.security.ssl.transport.pemtrustedcas_filepath: ' /etc/wazuh-indexer/opensearch.yml
+ capem='plugins.security.ssl.transport.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem'
+ rcapem='plugins.security.ssl.transport.pemtrustedcas_filepath: '
+ capem=/etc/wazuh-indexer/certs/root-ca.pem
+ [[ -z '' ]]
+ passwords_readAdmincerts
+ [[ -f /etc/wazuh-indexer/certs/admin.pem ]]
+ adminpem=/etc/wazuh-indexer/certs/admin.pem
+ [[ -f /etc/wazuh-indexer/certs/admin-key.pem ]]
+ adminkey=/etc/wazuh-indexer/certs/admin-key.pem
+ common_logger -d 'Creating password backup.'
++ date '+%d/%m/%Y %H:%M:%S'
+ now='24/10/2023 16:32:19'
+ mtype=INFO:
+ debugLogger=
+ nolog=
+ '[' -n -d ']'
+ '[' -n -d ']'
+ case ${1} in
+ debugLogger=1
+ mtype=DEBUG:
+ shift 1
+ '[' -n 'Creating password backup.' ']'
+ case ${1} in
+ message='Creating password backup.'
+ shift 1
+ '[' -n '' ']'
+ '[' -z 1 ']'
+ '[' -n 1 ']'
+ '[' -n '' ']'
+ eval 'mkdir /etc/wazuh-indexer/backup >> /var/log/wazuh-passwords-tool.log 2>&1'
++ mkdir /etc/wazuh-indexer/backup
+ eval 'JAVA_HOME=/usr/share/wazuh-indexer/jdk/ OPENSEARCH_CONF_DIR=/etc/wazuh-indexer /usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh -backup /etc/wazuh-indexer/backup -icl -p 9200 -nhnv -cacert /etc/wazuh-indexer/certs/root-ca.pem -cert /etc/wazuh-indexer/certs/admin.pem -key /etc/wazuh-indexer/certs/admin-key.pem -h "127.0.0.1" >> /var/log/wazuh-passwords-tool.log 2>&1'
++ JAVA_HOME=/usr/share/wazuh-indexer/jdk/
++ OPENSEARCH_CONF_DIR=/etc/wazuh-indexer
++ /usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh -backup /etc/wazuh-indexer/backup -icl -p 9200 -nhnv -cacert /etc/wazuh-indexer/certs/root-ca.pem -cert /etc/wazuh-indexer/certs/admin.pem -key /etc/wazuh-indexer/certs/admin-key.pem -h 127.0.0.1
+ '[' 0 '!=' 0 ']'
+ common_logger -d 'Password backup created in /etc/wazuh-indexer/backup.'
++ date '+%d/%m/%Y %H:%M:%S'
+ now='24/10/2023 16:32:23'
+ mtype=INFO:
+ debugLogger=
+ nolog=
+ '[' -n -d ']'
+ '[' -n -d ']'
+ case ${1} in
+ debugLogger=1
+ mtype=DEBUG:
+ shift 1
+ '[' -n 'Password backup created in /etc/wazuh-indexer/backup.' ']'
+ case ${1} in
+ message='Password backup created in /etc/wazuh-indexer/backup.'
+ shift 1
+ '[' -n '' ']'
+ '[' -z 1 ']'
+ '[' -n 1 ']'
+ '[' -n '' ']'
+ '[' -n 'wazuh-indexer/stable,now 4.5.4-1 amd64 [installed]' ']'
+ '[' -f /etc/wazuh-indexer/backup/internal_users.yml ']'
+ awk -v 'new=$2y$12$P7JNYqOE.AwnvxKPp7TCEOHd2iBg9P3Mke5GybDrTaj6wD.6H9MSy' 'prev=="test:"{sub(/\042.*/,""); $0=$0 new} {prev=$1} 1' /etc/wazuh-indexer/backup/internal_users.yml
+ mv -f internal_users.yml_tmp /etc/wazuh-indexer/backup/internal_users.yml
+ '[' test == admin ']'
+ '[' test == kibanaserver ']'
+ '[' test == admin ']'
+ '[' -n '' ']'
+ '[' test == kibanaserver ']'
+ '[' -n '' ']'
+ passwords_runSecurityAdmin
+ '[' -z 'wazuh-indexer/stable,now 4.5.4-1 amd64 [installed]' ']'
+ '[' -n 'wazuh-indexer/stable,now 4.5.4-1 amd64 [installed]' ']'
++ grep 'plugins.security.ssl.transport.pemtrustedcas_filepath: ' /etc/wazuh-indexer/opensearch.yml
+ capem='plugins.security.ssl.transport.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem'
+ rcapem='plugins.security.ssl.transport.pemtrustedcas_filepath: '
+ capem=/etc/wazuh-indexer/certs/root-ca.pem
+ [[ -z /etc/wazuh-indexer/certs/admin.pem ]]
+ [[ -z /etc/wazuh-indexer/certs/admin-key.pem ]]
+ common_logger -d 'Loading new passwords changes.'
++ date '+%d/%m/%Y %H:%M:%S'
+ now='24/10/2023 16:32:23'
+ mtype=INFO:
+ debugLogger=
+ nolog=
+ '[' -n -d ']'
+ '[' -n -d ']'
+ case ${1} in
+ debugLogger=1
+ mtype=DEBUG:
+ shift 1
+ '[' -n 'Loading new passwords changes.' ']'
+ case ${1} in
+ message='Loading new passwords changes.'
+ shift 1
+ '[' -n '' ']'
+ '[' -z 1 ']'
+ '[' -n 1 ']'
+ '[' -n '' ']'
+ eval 'OPENSEARCH_CONF_DIR=/etc/wazuh-indexer /usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh -f /etc/wazuh-indexer/backup/internal_users.yml -t internalusers -p 9200 -nhnv -cacert /etc/wazuh-indexer/certs/root-ca.pem -cert /etc/wazuh-indexer/certs/admin.pem -key /etc/wazuh-indexer/certs/admin-key.pem -icl -h "127.0.0.1" >> /var/log/wazuh-passwords-tool.log 2>&1'
++ OPENSEARCH_CONF_DIR=/etc/wazuh-indexer
++ /usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh -f /etc/wazuh-indexer/backup/internal_users.yml -t internalusers -p 9200 -nhnv -cacert /etc/wazuh-indexer/certs/root-ca.pem -cert /etc/wazuh-indexer/certs/admin.pem -key /etc/wazuh-indexer/certs/admin-key.pem -icl -h 127.0.0.1
+ '[' 0 '!=' 0 ']'
+ eval 'cp /etc/wazuh-indexer/backup/internal_users.yml /etc/wazuh-indexer/opensearch-security/internal_users.yml'
++ cp /etc/wazuh-indexer/backup/internal_users.yml /etc/wazuh-indexer/opensearch-security/internal_users.yml
+ eval 'rm -rf /etc/wazuh-indexer/backup/ >> /var/log/wazuh-passwords-tool.log 2>&1'
++ rm -rf /etc/wazuh-indexer/backup/
+ [[ -n test ]]
+ [[ -n 1 ]]
+ common_logger -nl 'The password for user test is zGe2CZOP+YA?3u3knEllWNPH?7kCOqOb'
++ date '+%d/%m/%Y %H:%M:%S'
+ now='24/10/2023 16:32:26'
+ mtype=INFO:
+ debugLogger=
+ nolog=
+ '[' -n -nl ']'
+ '[' -n -nl ']'
+ case ${1} in
+ nolog=1
+ shift 1
+ '[' -n 'The password for user test is zGe2CZOP+YA?3u3knEllWNPH?7kCOqOb' ']'
+ case ${1} in
+ message='The password for user test is zGe2CZOP+YA?3u3knEllWNPH?7kCOqOb'
+ shift 1
+ '[' -n '' ']'
+ '[' -z '' ']'
+ '[' 0 -eq 0 ']'
+ '[' -z 1 ']'
+ printf '%b\n' '24/10/2023 16:32:26 INFO: The password for user test is zGe2CZOP+YA?3u3knEllWNPH?7kCOqOb'
24/10/2023 16:32:26 INFO: The password for user test is zGe2CZOP+YA?3u3knEllWNPH?7kCOqOb
+ common_logger -w 'Password changed. Remember to update the password in the Wazuh dashboard and Filebeat nodes if necessary, and restart the services.'
++ date '+%d/%m/%Y %H:%M:%S'
+ now='24/10/2023 16:32:26'
+ mtype=INFO:
+ debugLogger=
+ nolog=
+ '[' -n -w ']'
+ '[' -n -w ']'
+ case ${1} in
+ mtype=WARNING:
+ shift 1
+ '[' -n 'Password changed. Remember to update the password in the Wazuh dashboard and Filebeat nodes if necessary, and restart the services.' ']'
+ case ${1} in
+ message='Password changed. Remember to update the password in the Wazuh dashboard and Filebeat nodes if necessary, and restart the services.'
+ shift 1
+ '[' -n '' ']'
+ '[' -z '' ']'
+ '[' 0 -eq 0 ']'
+ '[' -z '' ']'
+ tee -a /var/log/wazuh-passwords-tool.log
+ printf '%s\n' '24/10/2023 16:32:26 WARNING: Password changed. Remember to update the password in the Wazuh dashboard and Filebeat nodes if necessary, and restart the services.'
24/10/2023 16:32:26 WARNING: Password changed. Remember to update the password in the Wazuh dashboard and Filebeat nodes if necessary, and restart the services.
+ [[ -n test ]]
+ [[ -z 1 ]]
+ '[' -n '' ']'
+ '[' -n '' ']'
+ '[' -n '' ']'The hash in the logstash:
hash: "$2y$12$QWz9m94r9JBlqqzQL/WAi.gMfXF/dmWJDff5pVSAsFIpg60ATpiHW"
reserved: false
hidden: false
backend_roles:
- "logstash"
attributes: {}
description: "Demo logstash user"
opendistro_security_roles: []
static: false
test:
hash: $2y$12$P7JNYqOE.AwnvxKPp7TCEOHd2iBg9P3Mke5GybDrTaj6wD.6H9MSy
reserved: false
hidden: false
backend_roles:
- "test"
attributes:
description: "test"
opendistro_security_roles: []
static: falseBefore change: Notes:
|
Update ReportTesting changing single user
🟢 Checking that the "test2" user is not in the `internal_users.yml` fileroot@ubuntu22:/home/vagrant# cat /etc/wazuh-indexer/opensearch-security/internal_users.yml | grep test2🟢 The user is recognized and the password is changedroot@ubuntu22:/home/vagrant# bash wazuh-passwords-tool.sh -u test2
25/10/2023 10:04:07 INFO: Updating the internal users.
25/10/2023 10:04:11 INFO: Generating password hash
25/10/2023 10:04:18 INFO: The password for user test2 is JDe0869LYjuAovXb*NVe?G+zG*aU?v9+
25/10/2023 10:04:18 WARNING: Password changed. Remember to update the password in the Wazuh dashboard and Filebeat nodes if necessary, and restart the services.
root@ubuntu22:/home/vagrant# cat /etc/wazuh-indexer/opensearch-security/internal_users.yml
---
logstash:
hash: "$2y$12$QWz9m94r9JBlqqzQL/WAi.gMfXF/dmWJDff5pVSAsFIpg60ATpiHW"
reserved: false
hidden: false
backend_roles:
- "logstash"
attributes: {}
description: "Demo logstash user"
opendistro_security_roles: []
static: false
test2:
hash: "$2y$12$DLKpAZjZ5RA7zF9xPR9uReWcoirbS94x5rLb0KdgcWgyU1GR/jEB6"
reserved: false
hidden: false
backend_roles:
- "test"
attributes:
description: "Testing again"
opendistro_security_roles: []
static: false🟢 The backup of the previous internal user is done. Notice that the test2 user has a different hash.root@ubuntu22:/home/vagrant# cat /etc/wazuh-indexer/internal_users_backup/internal_users_20231025_100407.yml.bkp
---
logstash:
hash: "$2y$12$QWz9m94r9JBlqqzQL/WAi.gMfXF/dmWJDff5pVSAsFIpg60ATpiHW"
reserved: false
hidden: false
backend_roles:
- "logstash"
attributes: {}
description: "Demo logstash user"
opendistro_security_roles: []
static: false
test2:
hash: "$2y$12$CtvwYEuEz2PkCkThmvUeVeaZfhPrIVYE7zbdVqhjJ5M7ZXjKmUmhy"
reserved: false
hidden: false
backend_roles:
- "test"
attributes:
description: "Testing again"
opendistro_security_roles: []
static: false🟢 If the user "test2" is deleted in the UI, the internal users are updated but the user is not recognizedroot@ubuntu22:/home/vagrant# bash wazuh-passwords-tool.sh -u test2
25/10/2023 10:09:58 INFO: Updating the internal users.
25/10/2023 10:10:02 ERROR: The given user does not exist
root@ubuntu22:/home/vagrant# cat /etc/wazuh-indexer/opensearch-security/internal_users.yml | grep test2
root@ubuntu22:/home/vagrant# Testing changing all users
🟢 Checking that the "test_change_all" user is not in the `internal_users.yml` fileroot@ubuntu22:/home/vagrant# cat /etc/wazuh-indexer/opensearch-security/internal_users.yml | grep test_change_all
root@ubuntu22:/home/vagrant# 🟢 All the passwords are changed, including the "test_change_all" user passwordroot@ubuntu22:/home/vagrant# bash wazuh-passwords-tool.sh -a
25/10/2023 10:14:46 INFO: Updating the internal users.
25/10/2023 10:14:49 INFO: Wazuh API admin credentials not provided, Wazuh API passwords not changed.
25/10/2023 10:15:13 INFO: The password for user logstash is Q?KwM9Gw1teDTcvUGz0Z*3.qWbB.iVji
25/10/2023 10:15:13 INFO: The password for user test is fPtdKWt3eWMFV902.toZWuk.6appg93l
25/10/2023 10:15:13 INFO: The password for user snapshotrestore is p3NZTNtL9?L6c4?RvhN4UIA.l?+E8OUe
25/10/2023 10:15:13 INFO: The password for user test_change_all is pVU3VZP7uNxjK.2KaA+GrL7ilozVModm
25/10/2023 10:15:13 INFO: The password for user admin is Ts3+u07JNbgv4Esq3m6*zFs6fJBx4g99
25/10/2023 10:15:13 INFO: The password for user kibanaserver is pjNC0*DQGBrdZm1WQtaEvgI9*zd*LdGn
25/10/2023 10:15:13 INFO: The password for user kibanaro is uUsn*963qZyXK5x.bYrA1lszb5sqS*ql
25/10/2023 10:15:13 INFO: The password for user readall is Qg5?gdSBUK++B0+hh0AnE9SxZ?4o5SZN
25/10/2023 10:15:13 WARNING: Wazuh indexer passwords changed. Remember to update the password in the Wazuh dashboard and Filebeat nodes if necessary, and restart the services.
root@ubuntu22:/home/vagrant# 🟢 "test_change_all" is contained in the internal users fileroot@ubuntu22:/home/vagrant# cat /etc/wazuh-indexer/opensearch-security/internal_users.yml
---
logstash:
hash: $2y$12$gKGJfOc845SkSMPijhN85uMlTTForKQGeVhZW3lfbKpi7jyB6xfI2
reserved: false
hidden: false
backend_roles:
- "logstash"
attributes: {}
description: "Demo logstash user"
opendistro_security_roles: []
static: false
...
test_change_all:
hash: $2y$12$baL20FnCYdZbU8nAabb/vuURxGabW9kWR0LVdhqmcgjGkZxx8OVhm
reserved: false
hidden: false
backend_roles:
- "test_change_all"
attributes:
description: "Testing changing all passwords"
opendistro_security_roles: []
static: falseThe Wazuh UI is accessible in every test after changing the passwords and no errors were generated. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
The Wazuh password tool should work for users created through the UI.
The text was updated successfully, but these errors were encountered: