Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

wazuh-passwords-tool.sh and installation assistant do not change internal users #2439

Closed
micsinyei opened this issue Sep 11, 2023 · 1 comment
Closed

wazuh-passwords-tool.sh and installation assistant do not change internal users #2439

micsinyei opened this issue Sep 11, 2023 · 1 comment

Comments

@micsinyei
Copy link

The issue affects the OVA,AMI and quick installation plus it block the backup as well.

The issue originates from this. The issue both affects the password change and the quick installation.
I believe the following line is incorrect(probably a copy-paste error)
awk -v new=${hashes[i]} 'prev=="'${users[i]}':"{sub(/\042.*/,""); $0=$0 new} {prev=$1} 1' /etc/wazuh-indexer/backup/internal_users.yml > internal_users.yml_tmp && mv -f internal_users.yml_tmp /etc/wazuh-indexer/backup/internal_users.yml

The last part moves the modified file back to the backup, it should be the opensearch-security
My suggestion is the following:
awk -v new=${hashes[i]} 'prev=="'${users[i]}':"{sub(/\042.*/,""); $0=$0 new} {prev=$1} 1' /etc/wazuh-indexer/backup/internal_users.yml > internal_users.yml_tmp && mv -f internal_users.yml_tmp /etc/wazuh-indexer/opensearch-security/internal_users.yml
chown wazuh-indexer:wazuh-indexer /etc/wazuh-indexer/opensearch-security/internal_users.yml
Running as root, the permissions also need to be changed.

Multiple occurrence! Function for reference:
`function passwords_changePassword() {

if [ -n "${changeall}" ]; then
    if [ -n "${indexer_installed}" ] && [ -z ${no_indexer_backup} ]; then
        eval "mkdir /etc/wazuh-indexer/backup/ 2>/dev/null"
        eval "cp /etc/wazuh-indexer/opensearch-security/* /etc/wazuh-indexer/backup/ 2>/dev/null"
        passwords_createBackUp
    fi
    for i in "${!passwords[@]}"
    do
        if [ -n "${indexer_installed}" ] && [ -f "/etc/wazuh-indexer/backup/internal_users.yml" ]; then
            awk -v new=${hashes[i]} 'prev=="'${users[i]}':"{sub(/\042.*/,""); $0=$0 new} {prev=$1} 1' /etc/wazuh-indexer/backup/internal_users.yml > internal_users.yml_tmp && mv -f internal_users.yml_tmp /etc/wazuh-indexer/backup/internal_users.yml
        fi

        if [ "${users[i]}" == "admin" ]; then
            adminpass=${passwords[i]}
        elif [ "${users[i]}" == "kibanaserver" ]; then
            dashpass=${passwords[i]}
        fi

    done
else
    if [ -z "${api}" ] && [ -n "${indexer_installed}" ]; then
        eval "mkdir /etc/wazuh-indexer/backup/ 2>/dev/null"
        eval "cp /etc/wazuh-indexer/opensearch-security/* /etc/wazuh-indexer/backup/ 2>/dev/null"
        passwords_createBackUp
    fi
    if [ -n "${indexer_installed}" ] && [ -f "/etc/wazuh-indexer/backup/internal_users.yml" ]; then
        awk -v new="${hash}" 'prev=="'${nuser}':"{sub(/\042.*/,""); $0=$0 new} {prev=$1} 1' /etc/wazuh-indexer/backup/internal_users.yml > internal_users.yml_tmp && mv -f internal_users.yml_tmp /etc/wazuh-indexer/backup/internal_users.yml
    fi

    if [ "${nuser}" == "admin" ]; then
        adminpass=${password}
    elif [ "${nuser}" == "kibanaserver" ]; then
        dashpass=${password}
    fi

fi

if [ "${nuser}" == "admin" ] || [ -n "${changeall}" ]; then
    if [ -n "${filebeat_installed}" ]; then
        if filebeat keystore list | grep -q password ; then
            eval "echo ${adminpass} | filebeat keystore add password --force --stdin ${debug}"
        else
            wazuhold=$(grep "password:" /etc/filebeat/filebeat.yml )
            ra="  password: "
            wazuhold="${wazuhold//$ra}"
            conf="$(awk '{sub("password: .*", "password: '"${adminpass}"'")}1' /etc/filebeat/filebeat.yml)"
            echo "${conf}" > /etc/filebeat/filebeat.yml
        fi
        passwords_restartService "filebeat"
    fi
fi

if [ "$nuser" == "kibanaserver" ] || [ -n "$changeall" ]; then
    if [ -n "${dashboard_installed}" ] && [ -n "${dashpass}" ]; then
        if /usr/share/wazuh-dashboard/bin/opensearch-dashboards-keystore --allow-root list | grep -q opensearch.password; then
            eval "echo ${dashpass} | /usr/share/wazuh-dashboard/bin/opensearch-dashboards-keystore --allow-root add -f --stdin opensearch.password ${debug_pass}"
        else
            wazuhdashold=$(grep "password:" /etc/wazuh-dashboard/opensearch_dashboards.yml )
            rk="opensearch.password: "
            wazuhdashold="${wazuhdashold//$rk}"
            conf="$(awk '{sub("opensearch.password: .*", "opensearch.password: '"${dashpass}"'")}1' /etc/wazuh-dashboard/opensearch_dashboards.yml)"
            echo "${conf}" > /etc/wazuh-dashboard/opensearch_dashboards.yml
        fi
        passwords_restartService "wazuh-dashboard"
    fi
fi

}`
@micsinyei micsinyei changed the title wazuh-passwords-tool.sh and installation assistant does not change internal users wazuh-passwords-tool.sh and installation assistant do not change internal users Sep 11, 2023
@teddytpc1
Copy link
Member

Thanks for reporting this.
I will close this issue because it's duplicated: #2454.
It will be included for v4.5.3.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@micsinyei @teddytpc1