Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Changing Default Passwords : securityadmin.sh script fails , "which" is not found ? #1432

Open
decyphertek-io opened this issue Jul 14, 2024 · 2 comments
Open

Changing Default Passwords : securityadmin.sh script fails , "which" is not found ? #1432

decyphertek-io opened this issue Jul 14, 2024 · 2 comments

Comments

@decyphertek-io
Copy link

Wazuh : Changing Default Passwords

I have a script that worked in version 4.7.3 , now testing it in version 4.8.0 , it states that it fails. It says that line 31 requires
which and does not exist. I tried to install it, no root access. I even tried to wget the binary, wget not installed. Can you make
sure that the next release has which installed. This is the current way to update passwords for Opensearch. I know that it will be deprecated, except there is no other way to change the default passwords.

#!/bin/bash

(cat << EOF
INDEXER_PASSWORD=$(openssl rand -hex 8 | tr -d '\n')
API_PASSWORD='!'$(openssl rand -hex 6 | sed 's/\(.\{2\}\)/\U&/; s/\(.\{2\}\)/\L&/2' | tr -d '\n')$(openssl rand -hex 1 | tr -dc '0-9' | tr -d '\n')$(openssl rand -hex 1 | tr -dc '!@#$%^&*()_+-=' | tr -d '\n')
DASHBOARD_PASSWORD=$(openssl rand -hex 8 | tr -d '\n')
EOF
) > /home/adminotaur/.docker/wazuh-docker/single-node/.env

# Source the passwords
source /home/adminotaur/.docker/wazuh-docker/single-node/.env

# Generate password hashes
INDEXER_HASH=$(echo -n $INDEXER_PASSWORD | docker run --rm -i wazuh/wazuh-indexer:4.8.0 bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/hash.sh -p $INDEXER_PASSWORD | tail -n 1)
DASHBOARD_HASH=$(echo -n $DASHBOARD_PASSWORD | docker run --rm -i wazuh/wazuh-indexer:4.8.0 bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/hash.sh -p $DASHBOARD_PASSWORD | tail -n 1)

# Update configuration files with the new password hashes
sed -i "s|decyphertek|$INDEXER_HASH|g" /home/adminotaur/.docker/wazuh-docker/single-node/config/wazuh_indexer/internal_users.yml
sed -i "s|adminotaur|$DASHBOARD_HASH|g" /home/adminotaur/.docker/wazuh-docker/single-node/config/wazuh_indexer/internal_users.yml
sed -i "s|decyphertek|$API_PASSWORD|g" /home/adminotaur/.docker/wazuh-docker/single-node/config/wazuh_dashboard/wazuh.yml

# Run docker-compose commands
cd /home/adminotaur/.docker/wazuh-docker/single-node/
/usr/bin/docker compose -f generate-indexer-certs.yml run --rm generator
/usr/bin/docker compose pull 
/usr/bin/docker compose up -d

# Configure the Wazuh indexer
docker exec -it single-node-wazuh.indexer-1 bash -c 'export INSTALLATION_DIR=/usr/share/wazuh-indexer; export CACERT=$INSTALLATION_DIR/certs/root-ca.pem; export KEY=$INSTALLATION_DIR/certs/admin-key.pem; export CERT=$INSTALLATION_DIR/certs/admin.pem; export JAVA_HOME=/usr/share/wazuh-indexer/jdk'
sleep 120
docker exec -it single-node-wazuh.indexer-1 bash -c 'bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh -cd /usr/share/wazuh-indexer/opensearch-security/ -nhnv -cacert  $CACERT -cert $CERT -key $KEY -p 9200 -icl'
docker restart single-node-wazuh.manager-1

ERROR:

adminotaur@siem-build:~/.docker/wazuh-docker/single-node$ docker exec -it single-node-wazuh.indexer-1 bash -c 'bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh -cd /usr/share/wazuh-indexer/opensearch-security/ -nhnv -cacert  $CACERT -cert $CERT -key $KEY -p 9200 -icl'
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
/usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh: line 31: which: command not found
WARNING: nor OPENSEARCH_JAVA_HOME nor JAVA_HOME is set, will use
@decyphertek-io
Copy link
Author

decyphertek-io commented Jul 14, 2024
edited
Loading

Wazuh-passwords-tool.sh

It appears that Wazuh has a password tool script. Except the docs still say to run the securityadmin.sh script.

https://documentation.wazuh.com/current/deployment-options/docker/wazuh-container.html
5.Wait for the Wazuh indexer to initialize properly. The waiting time can vary from two to five minutes. It depends on the size of the cluster, the assigned resources, and the speed of the network. Then, run the securityadmin.sh script to apply all changes.

bash-5.2$ ls
SECURITY_ADMIN_TESTS.md  audit_config_migrater.sh  hash.sh  securityadmin.sh  wazuh-certs-tool.sh  wazuh-passwords-tool.sh

@deniskozlovzaz
Copy link

Same problem

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@deniskozlovzaz @decyphertek-io