Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add a section to change the password of each user in a Docker deployment #6306

Merged
merged 9 commits into from
Aug 15, 2023
Merged

Add a section to change the password of each user in a Docker deployment #6306

Changes from 6 commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
99689b7
modify change password doc
vcerenu Aug 4, 2023
8107ed6
add wazuh-wui password steps
vcerenu Aug 4, 2023
37efea0
Add review changes
javimed Aug 7, 2023
88239c6
add note about securityadmin
vcerenu Aug 9, 2023
27db1b6
Merge branch '4.5.2' into 6279-add-a-section-to-change-the-password-o…
teddytpc1 Aug 15, 2023
1fe9c14
Add review changes
javimed Aug 15, 2023
9ee7c3e
add single and multi node option for securityadmin
vcerenu Aug 15, 2023
d432d97
add directory to opensearch.yml file
vcerenu Aug 15, 2023
9b622ec
Add review changes
javimed Aug 15, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
213 changes: 156 additions & 57 deletions source/deployment-options/docker/wazuh-container.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,6 @@
.. meta::
:description: In this section of our documentation, you will find more information about Wazuh Docker deployment: its requirements, usage, and exposed ports.

.. _wazuh-container:

Wazuh Docker deployment
=======================

Expand Down Expand Up @@ -249,19 +247,27 @@ You can modify and build the Wazuh manager, indexer, and dashboard images locall

.. _change-pwd-existing-usr:

Change the password of a Wazuh indexer user
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Change the password of Wazuh users
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

To improve security, you can change the default password of the Wazuh users. There are two types of Wazuh users:

- Wazuh indexer users
- Wazuh API users

To improve security, you can change the default password of Wazuh indexer users. For example, ``admin`` and ``kibanaserver`` users.
To change the password of these Wazuh users, perform the following steps. You must run the commands from your ``single-node/`` or ``multi-node/`` directory, depending on your Wazuh on Docker deployment.

Perform the following steps from your ``single-node/`` directory. If you have a multi-node deployment, you must adapt and perform them from your ``multi-node/`` directory.
Wazuh indexer users
~~~~~~~~~~~~~~~~~~~

To change the password of the default ``admin`` and ``kibanaserver`` users, do the following.

.. warning::

If you have custom users, add them to the ``internal_users.yml`` file. Otherwise, executing this procedure deletes them.

Setting a new hash
~~~~~~~~~~~~~~~~~~
..................

#. Stop the deployment stack if it’s running:

Expand All @@ -277,68 +283,98 @@ Setting a new hash

#. Copy the generated hash.

#. Open the ``config/wazuh_indexer/internal_users.yml`` file. Locate the block for the user you are changing password for. For example, ``admin``.
#. Open the ``config/wazuh_indexer/internal_users.yml`` file. Locate the block for the user you are changing password for.

#. Replace the hash.

.. code-block:: YAML
:emphasize-lines: 3
- ``admin`` user

...
admin:
hash: "$2y$12$K/SpwjtB.wOHJ/Nc6GVRDuc1h0rM1DfvziFRNPtk27P.c4yDr9njO"
reserved: true
backend_roles:
- "admin"
description: "Demo admin user"

kibanaserver:
hash: "$2a$12$4AcgAt3xwOWadA5s5blL6ev39OXDNhmOesEoo33eZtrq2N0YrU3H."
reserved: true
description: "Demo kibanaserver user"

kibanaro:
...
.. code-block:: YAML
:emphasize-lines: 3

...
admin:
hash: "$2y$12$K/SpwjtB.wOHJ/Nc6GVRDuc1h0rM1DfvziFRNPtk27P.c4yDr9njO"
reserved: true
backend_roles:
- "admin"
description: "Demo admin user"

...

- ``kibanaserver`` user

.. code-block:: YAML
:emphasize-lines: 3

...
kibanaserver:
hash: "$2a$12$4AcgAt3xwOWadA5s5blL6ev39OXDNhmOesEoo33eZtrq2N0YrU3H."
reserved: true
description: "Demo kibanaserver user"

...

.. _wazuh-docker-password-setting:

Setting the new password
~~~~~~~~~~~~~~~~~~~~~~~~
........................

#. Open the ``docker-compose.yml`` file. Change all occurrences of the old password with the new one. For example, change the ``INDEXER_PASSWORD`` occurrences to set the new ``admin`` user password.
#. Open the ``docker-compose.yml`` file. Change all occurrences of the old password with the new one.

.. code-block:: YAML
:emphasize-lines: 8, 20
- ``admin`` user

...
services:
wazuh.manager:
...
environment:
- INDEXER_URL=https://wazuh.indexer:9200
- INDEXER_USERNAME=admin
- INDEXER_PASSWORD=SecretPassword
- FILEBEAT_SSL_VERIFICATION_MODE=full
- SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/root-ca.pem
- SSL_CERTIFICATE=/etc/ssl/filebeat.pem
- SSL_KEY=/etc/ssl/filebeat.key
- API_USERNAME=wazuh-wui
- API_PASSWORD=MyS3cr37P450r.*-
...
wazuh.dashboard:
...
environment:
- INDEXER_USERNAME=admin
- INDEXER_PASSWORD=SecretPassword
- WAZUH_API_URL=https://wazuh.manager
- DASHBOARD_USERNAME=kibanaserver
- DASHBOARD_PASSWORD=kibanaserver
- API_USERNAME=wazuh-wui
- API_PASSWORD=MyS3cr37P450r.*-
...
.. code-block:: YAML
:emphasize-lines: 8, 20

...
services:
wazuh.manager:
...
environment:
- INDEXER_URL=https://wazuh.indexer:9200
- INDEXER_USERNAME=admin
- INDEXER_PASSWORD=SecretPassword
- FILEBEAT_SSL_VERIFICATION_MODE=full
- SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/root-ca.pem
- SSL_CERTIFICATE=/etc/ssl/filebeat.pem
- SSL_KEY=/etc/ssl/filebeat.key
- API_USERNAME=wazuh-wui
- API_PASSWORD=MyS3cr37P450r.*-
...
wazuh.dashboard:
...
environment:
- INDEXER_USERNAME=admin
- INDEXER_PASSWORD=SecretPassword
- WAZUH_API_URL=https://wazuh.manager
- DASHBOARD_USERNAME=kibanaserver
- DASHBOARD_PASSWORD=kibanaserver
- API_USERNAME=wazuh-wui
- API_PASSWORD=MyS3cr37P450r.*-
...

- ``kibanaserver`` user

.. code-block:: YAML
:emphasize-lines: 10

...
services:
wazuh.dashboard:
...
environment:
- INDEXER_USERNAME=admin
- INDEXER_PASSWORD=SecretPassword
- WAZUH_API_URL=https://wazuh.manager
- DASHBOARD_USERNAME=kibanaserver
- DASHBOARD_PASSWORD=kibanaserver
- API_USERNAME=wazuh-wui
- API_PASSWORD=MyS3cr37P450r.*-
...

Applying the changes
~~~~~~~~~~~~~~~~~~~~
....................

#. Start the deployment stack.

Expand All @@ -364,14 +400,77 @@ Applying the changes
CERT=$INSTALLATION_DIR/certs/admin.pem
export JAVA_HOME=/usr/share/wazuh-indexer/jdk

#. Run the ``securityadmin.sh`` script to apply all changes:
#. Wait for the Wazuh indexer to initialize properly. The waiting time can vary from two to five minutes. It depends on the size of the cluster, the assigned resources, and the speed of the network. Then, run the ``securityadmin.sh`` script to apply all changes.

.. code-block:: console

$ bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh -cd /usr/share/wazuh-indexer/opensearch-security/ -nhnv -cacert $CACERT -cert $CERT -key $KEY -p 9200 -icl

#. Exit the Wazuh indexer container and login with the new credentials on the Wazuh dashboard.

Wazuh API users
~~~~~~~~~~~~~~~

The ``wazuh-wui`` user is the user to connect with the Wazuh API by default. Follow these steps to change the password.

.. note::

The password for Wazuh API users must be between 8 and 64 characters long. It must contain at least one uppercase and one lowercase letter, a number, and a symbol.

#. Open the file ``config/wazuh_dashboard/wazuh.yml`` and modify the value of ``password`` parameter.

.. code-block:: YAML
:emphasize-lines: 7

...
hosts:
- 1513629884013:
url: "https://wazuh.manager"
port: 55000
username: wazuh-wui
password: "MyS3cr37P450r.*-"
run_as: false
...

#. Open the ``docker-compose.yml`` file. Change all occurrences of the old password with the new one.

.. code-block:: YAML
:emphasize-lines: 14,25

...
services:
wazuh.manager:
...
environment:
- INDEXER_URL=https://wazuh.indexer:9200
- INDEXER_USERNAME=admin
- INDEXER_PASSWORD=SecretPassword
- FILEBEAT_SSL_VERIFICATION_MODE=full
- SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/root-ca.pem
- SSL_CERTIFICATE=/etc/ssl/filebeat.pem
- SSL_KEY=/etc/ssl/filebeat.key
- API_USERNAME=wazuh-wui
- API_PASSWORD=MyS3cr37P450r.*-
...
wazuh.dashboard:
...
environment:
- INDEXER_USERNAME=admin
- INDEXER_PASSWORD=SecretPassword
- WAZUH_API_URL=https://wazuh.manager
- DASHBOARD_USERNAME=kibanaserver
- DASHBOARD_PASSWORD=kibanaserver
- API_USERNAME=wazuh-wui
- API_PASSWORD=MyS3cr37P450r.*-
...

#. Recreate the Wazuh containers:

.. code-block:: console

# docker-compose down
# docker-compose up -d

Exposed ports
-------------

Expand Down