Change the password of an existing user - procedure problem

[NetBit73]

wazuh-indexer@wazuh:/certs$ export INSTALLATION_DIR=/usr/share/wazuh-indexer
wazuh-indexer@wazuh:/certs$ export OPENSEARCH_PATH_CONF=${INSTALLATION_DIR}/config
wazuh-indexer@wazuh:/certs$ CACERT=$OPENSEARCH_PATH_CONF/certs/root-ca.pem
wazuh-indexer@wazuh:/certs$ KEY=$OPENSEARCH_PATH_CONF/certs/admin-key.pem
wazuh-indexer@wazuh:/certs$ CERT=$OPENSEARCH_PATH_CONF/certs/admin.pem
wazuh-indexer@wazuh:/certs$ export JAVA_HOME=/usr/share/wazuh-indexer/jdk
wazuh-indexer@wazuh:~/certs$ bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh -cd /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/ -nhnv -cacert $CACERT -cert $CERT -key $KEY -p 9300 -icl

---

** This tool will be deprecated in the next major release of OpenSearch **
** opensearch-project/security#1755 **

---

Security Admin v7
Will connect to localhost:9300 ... done
ERR: An unexpected IllegalArgumentException occured: Could not find certificate file /usr/share/wazuh-indexer/config/certs/root-ca.pem
Trace:
java.lang.IllegalArgumentException: Could not find certificate file /usr/share/wazuh-indexer/config/certs/root-ca.pem
at org.opensearch.security.tools.SecurityAdmin.sslContext(SecurityAdmin.java:1463)
at org.opensearch.security.tools.SecurityAdmin.execute(SecurityAdmin.java:458)
at org.opensearch.security.tools.SecurityAdmin.main(SecurityAdmin.java:159)
Caused by: java.io.FileNotFoundException: /usr/share/wazuh-indexer/config/certs/root-ca.pem (No such file or directory)
at java.base/java.io.FileInputStream.open0(Native Method)
at java.base/java.io.FileInputStream.open(FileInputStream.java:216)
at java.base/java.io.FileInputStream.(FileInputStream.java:157)
at org.opensearch.security.tools.SecurityAdmin.sslContext(SecurityAdmin.java:1458)
... 2 more
wa

[s-ocando]

Hi @NetBit73!

If you're using Wazuh v4.4.0, you need to make the following changes in the Docker - Change the password of an existing user instructions:

• In step 8, remove all references to OPENSEARCH_PATH_CONF and replace it with INSTALLATION_DIR in the CACERT, KEY and CERT variables.

• In step 9, change the port to 9200 and change the configuration files directory from /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/ to /usr/share/wazuh-indexer/opensearch-security/.

Here are the modified steps:

8. Set the following variables:

export INSTALLATION_DIR=/usr/share/wazuh-indexer
CACERT=$INSTALLATION_DIR/certs/root-ca.pem
KEY=$INSTALLATION_DIR/certs/admin-key.pem
CERT=$INSTALLATION_DIR/certs/admin.pem
export JAVA_HOME=/usr/share/wazuh-indexer/jdk

9. Run the securityadmin.sh script to apply all changes:

bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh -cd /usr/share/wazuh-indexer/opensearch-security/ -nhnv -cacert  $CACERT -cert $CERT -key $KEY -p 9200 -icl

Make sure to clean your browser cache and cookies.

Thank you for bringing this issue into our attention! We'll update the documentation ASAP.

Let us know if this solves your issue.

[NetBit73]

Thank you very much. It was very helpful. I wondering if I can have another one question?
here is my log from the container:
{"log":"2023-03-30T13:16:10.262+0200\u0009ERROR\u0009[publisher_pipeline_output]\u0009pipeline/output.go:154\u0009Failed to connect to backoff(elasticsearch(https://wazuh.indexer:9200)): 401 Unauthorized: Unauthorized\n","stream":"stderr","time":"2023-03-30T11:16:10.262836321Z"}
{"log":"2023-03-30T13:16:10.262+0200\u0009INFO\u0009[publisher_pipeline_output]\u0009pipeline/output.go:145\u0009Attempting to reconnect to backoff(elasticsearch(https://wazuh.indexer:9200)) with 356 reconnect attempt(s)\n","stream":"stderr","time":"2023-03-30T11:16:10.262951965Z"}
{"log":"2023-03-30T13:16:10.262+0200\u0009INFO\u0009[publisher]\u0009pipeline/retry.go:213\u0009retryer: send wait signal to consumer\n","stream":"stderr","time":"2023-03-30T11:16:10.263008237Z"}
{"log":"2023-03-30T13:16:10.262+0200\u0009INFO\u0009[publisher]\u0009pipeline/retry.go:217\u0009 done\n","stream":"stderr","time":"2023-03-30T11:16:10.263025081Z"}

How about it?

[s-ocando]

Seems like a password mismatch. Make sure to update your admin password in the docker-compose.yml file. Edit the INDEXER_PASSWORD variable to contain the new password in the wazuh.manager and the wazuh.dashboard sections:

services:
  wazuh.manager:
    image: wazuh/wazuh-manager:4.4.0
    hostname: wazuh.manager
    restart: always
    ports:
      - "1514:1514"
      - "1515:1515"
      - "514:514/udp"
      - "55000:55000"
    environment:
      - INDEXER_URL=https://wazuh.indexer:9200/
      - INDEXER_USERNAME=admin
      - INDEXER_PASSWORD=NewPassword
      - FILEBEAT_SSL_VERIFICATION_MODE=full
      - SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/root-ca.pem
      - SSL_CERTIFICATE=/etc/ssl/filebeat.pem
...

  wazuh.dashboard:
    image: wazuh/wazuh-dashboard:4.4.0
    hostname: wazuh.dashboard
    restart: always
    ports:
      - 443:5601
    environment:
      - INDEXER_USERNAME=admin
      - INDEXER_PASSWORD=NewPassword
      - WAZUH_API_URL=https://wazuh.manager/
      - API_USERNAME=wazuh-wui
      - API_PASSWORD=MyS3cr37P450r.*-
...

Restart your environment. Let us know if this solves your issue.

[NetBit73]

I'm so embarrassed. I checked it many times. One character was missing. Thanks a lot :)

[s-ocando]

You're welcome! Glad to hear everything is working properly now :).