Reputation: 41
Wazuh - How to change admin password for web interface
I just installed WAZUH from its OVA.
The web interface is admin/admin
When I click reset password from the web interface i get this error
Failed to reset password. {"status":"FORBIDDEN","message":"Resource 'admin' is read-only."}
enter wazug admin password reset screenshot
I've googled/scanned documentation and can't find out how to change it.
I've looked through /usr/share/elasticsearch/plugins/opendistro_security/securityconfig/config.yml and cant see an option either?
A simple fix but its not just appearing for me via searching/reading the manual
I plan to secure the admin password then create a user account to do my work
Thanks in adavance
Upvotes: 4
Views: 44194
Answers (4)
Reputation: 51
run this command: curl -so wazuh-passwords-tool.sh https://packages.wazuh.com/4.5/wazuh-passwords-tool.sh
then run this after: bash wazuh-passwords-tool.sh -a #this command will change all wazuh services that need password plus the admin, note the password and use the admin one to login again.
WARNING: Wazuh indexer passwords changed. Remember to update the password in the Wazuh dashboard and Filebeat nodes if necessary, and restart the services. hope it helps anyone struggling.
Upvotes: 1
Reputation: 31
For changing the password, first you have to download the wazuh-passwords-tool.sh script:
$ curl -so wazuh-passwords-tool.sh https://packages.wazuh.com/4.4/wazuh-passwords-tool.sh
Then, run the following command:
sudo bash wazuh-passwords-tool.sh -u admin -p <mypassword>
Please replace with your expected password for the user admin.
Upvotes: 3
Reputation: 11
If running Wazuh on Kubernetes and you need to change the default passwords look for the following files:
elastic-cred-secret.yamlinternal_users.yamlwazuh-api-cred-secret.yamlwazuh-authd-pass-secret.yaml
The one caveat is you have to base64 encode the password before updating in the aforementioned files. Afterward, do kubectl patch or apply and your password will be updated.
Upvotes: 1
Reputation: 9
The admin and kibanaserver users are set to read-only as security measures, that is why it is not possible to change the password using the WUI and it must be changed in the configuration files.
This section of documentation talks about changing it: https://documentation.wazuh.com/4.0/user-manual/elasticsearch/elastic_tuning.html
Remember to update the new password in /etc/filebeat/filebeat.yml and /etc/kibana/kibana.yml if necessary.
I hope this information is helpful to you.
Best regards.
Upvotes: 0
Related Questions
- How to setup password for elasticsearch users?
- Change Elasticsearch password with Ansible
- Elastic Search - Xpack security password change
- Open Distro for Elasticsearch: reset default admin password
- Change default password in elasticsearch using .yml file
- Change default admin password on WSO2 DAS
- How to modify the password of elasticsearch in docker
- How to change default elasticsearch password in docker-compose?
- Reset admin password for Kibana
- How to change password for MySQL Console in WAMP 2.5