Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Installation assistant Wazuh API default password change #1548

Merged
merged 45 commits into from
Jun 8, 2022
Merged

Installation assistant Wazuh API default password change #1548

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
45 commits
Select commit Hold shift + click to select a range
fd27e47
Added function to generate new passwords for the API
miguelfdez99 May 13, 2022
b6866c9
Added function to change API passswords
miguelfdez99 May 13, 2022
171d256
Added function to update wazuh-wui API passsword
miguelfdez99 May 13, 2022
9f4155d
Update API status function to get the password from the passwords file
miguelfdez99 May 13, 2022
2822e6b
Change version to test it in jenkins
miguelfdez99 May 13, 2022
362e7f7
Change version to test it in jenkins
miguelfdez99 May 13, 2022
f769633
Fix typo
miguelfdez99 May 13, 2022
06b1918
Change version
miguelfdez99 May 16, 2022
888ecfe
Change regular expression characters
miguelfdez99 May 16, 2022
59e05f3
Added file check
miguelfdez99 May 16, 2022
424c75c
Change version
miguelfdez99 May 16, 2022
a8b3617
Delete newline
miguelfdez99 May 16, 2022
3ede3ff
Delete newline
miguelfdez99 May 16, 2022
342ed72
Added functions from installCommon to passwords
miguelfdez99 May 20, 2022
c563e90
Added API option to password tool
miguelfdez99 May 23, 2022
6297b26
Update API password function
miguelfdez99 May 24, 2022
c77d1d9
Added new options to password tool
miguelfdez99 May 24, 2022
c4362c2
Change pattern for API password generation
miguelfdez99 May 24, 2022
bb0d889
Change shift call twice to shift 2
miguelfdez99 May 25, 2022
9e22306
Change version to test it in jenkins
miguelfdez99 May 25, 2022
6fe1ccb
Update version
miguelfdez99 May 25, 2022
409e15a
Added storing API passwords in different file
miguelfdez99 May 27, 2022
d3e7a30
Change strings quoting
miguelfdez99 May 27, 2022
b07aba8
Change dashboard revision version
miguelfdez99 May 30, 2022
f59e46c
Merge branch '4.3' of https://github.com/wazuh/wazuh-packages into 15…
DFolchA Jun 2, 2022
39d59da
Remove pasword api file and fix typos
DFolchA Jun 2, 2022
ae865dc
Set version to 4.3.3
DFolchA Jun 3, 2022
2e046bc
Use correct file variable
DFolchA Jun 3, 2022
f04bb3f
Update version in test
DFolchA Jun 3, 2022
a501b5e
Use old generate password function
DFolchA Jun 6, 2022
83e3500
Modify passwords_generatePassword to generate correct password format
DFolchA Jun 6, 2022
86a2a61
Merge branch '4.3' of https://github.com/wazuh/wazuh-packages into 15…
DFolchA Jun 6, 2022
5a99ea0
Correct password string possible values
DFolchA Jun 6, 2022
eecad12
Add " to variable
DFolchA Jun 6, 2022
c910060
Add ' to installCommon_readPasswordFileUsers
DFolchA Jun 7, 2022
1ccfd05
Remove ' from password generation
DFolchA Jun 7, 2022
91d0ba5
Set pasword file strings between ''
DFolchA Jun 7, 2022
bcd7dc3
Add print to test
DFolchA Jun 7, 2022
9bf4c86
Get api password correctly from file
DFolchA Jun 7, 2022
57ec492
Remove ' and " when getting sfileusers and sfilepasswords
DFolchA Jun 8, 2022
ca5a7b5
Remove echo
DFolchA Jun 8, 2022
c8c49c9
Removed blank spaces
alberpilot Jun 8, 2022
b4c8c78
Remove unnecessary function
DFolchA Jun 8, 2022
ac09720
Merge branch '1523-unattended-change-password-api' of https://github.…
DFolchA Jun 8, 2022
d1488db
Merge branch '4.3' of https://github.com/wazuh/wazuh-packages into 15…
DFolchA Jun 8, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
34 changes: 26 additions & 8 deletions unattended_installer/passwords_tool/passwordsFunctions.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -417,16 +417,34 @@ function passwords_createPasswordAPI() {

function passwords_changePasswordAPI() {
alberpilot marked this conversation as resolved.
Show resolved Hide resolved

password_wazuh=$(< /tmp/wazuh-install-files/passwords.wazuh awk '$2 == "wazuh" {getline;print;}' | awk -F': ' '{print $2}')
password_wazuh_wui=$(< /tmp/wazuh-install-files/passwords.wazuh awk '$2 == "wazuh_wui" {getline;print;}' | awk -F': ' '{print $2}')
WAZUH_PASS='{"password":"'"$password_wazuh"'"}'
WAZUH_WUI_PASS='{"password":"'"$password_wazuh_wui"'"}'
#Change API password tool

if [[ -n "${nuser}" ]] && [[ -n "${password}" ]] && [[ -n "${currentPassword}" ]]; then
if [[ -n "${adminUser}" ]] && [[ -n "${adminPassword}" ]]; then
password_api="${password}"
WAZUH_PASS_API='{"password":"'"$password_api"'"}'
TOKEN_API=$(curl -s -u "${adminUser}":"${adminPassword}" -k -X GET "https://localhost:55000/security/user/authenticate?raw=true")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ [shellcheck] reported by reviewdog 🐶
adminUser is referenced but not assigned. SC2154

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ [shellcheck] reported by reviewdog 🐶
adminPassword is referenced but not assigned. SC2154

eval 'curl -s -k -X PUT -H "Authorization: Bearer $TOKEN_API" -H "Content-Type: application/json" -d "$WAZUH_PASS_API" "https://localhost:55000/security/users/${id}" -o /dev/null'
common_logger -nl $'\nThe new password for user '${nuser}' is '${password}''
else
password_api="${password}"
WAZUH_PASS_API='{"password":"'"$password_api"'"}'
TOKEN_API=$(curl -s -u "${nuser}":"${currentPassword}" -k -X GET "https://localhost:55000/security/user/authenticate?raw=true")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ [shellcheck] reported by reviewdog 🐶
TOKEN_API appears unused. Verify use (or export if used externally). SC2034

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ [shellcheck] reported by reviewdog 🐶
currentPassword is referenced but not assigned. SC2154

eval 'curl -s -k -X PUT -H "Authorization: Bearer $TOKEN_API" -H "Content-Type: application/json" -d "$WAZUH_PASS_API" "https://localhost:55000/security/users/${id}" -o /dev/null'
common_logger -nl $'\nThe new password for user '${nuser}' is '${password}''
fi
else
password_wazuh=$(< /tmp/wazuh-install-files/passwords.wazuh awk '$2 == "wazuh" {getline;print;}' | awk -F': ' '{print $2}')
password_wazuh_wui=$(< /tmp/wazuh-install-files/passwords.wazuh awk '$2 == "wazuh_wui" {getline;print;}' | awk -F': ' '{print $2}')
WAZUH_PASS='{"password":"'"$password_wazuh"'"}'
WAZUH_WUI_PASS='{"password":"'"$password_wazuh_wui"'"}'

TOKEN=$(curl -s -u wazuh:wazuh -k -X GET "https://localhost:55000/security/user/authenticate?raw=true")
eval 'curl -s -k -X PUT -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" -d "$WAZUH_PASS" "https://localhost:55000/security/users/1" -o /dev/null'
TOKEN=$(curl -s -u wazuh:wazuh -k -X GET "https://localhost:55000/security/user/authenticate?raw=true")
eval 'curl -s -k -X PUT -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" -d "$WAZUH_PASS" "https://localhost:55000/security/users/1" -o /dev/null'

TOKEN_WUI=$(curl -s -u wazuh-wui:wazuh-wui -k -X GET "https://localhost:55000/security/user/authenticate?raw=true")
eval 'curl -s -k -X PUT -H "Authorization: Bearer $TOKEN_WUI" -H "Content-Type: application/json" -d "$WAZUH_WUI_PASS" "https://localhost:55000/security/users/2" -o /dev/null'
TOKEN_WUI=$(curl -s -u wazuh-wui:wazuh-wui -k -X GET "https://localhost:55000/security/user/authenticate?raw=true")
eval 'curl -s -k -X PUT -H "Authorization: Bearer $TOKEN_WUI" -H "Content-Type: application/json" -d "$WAZUH_WUI_PASS" "https://localhost:55000/security/users/2" -o /dev/null'
fi

}

Expand Down
53 changes: 51 additions & 2 deletions unattended_installer/passwords_tool/passwordsMain.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,12 @@ function getHelp() {
echo -e " -a, --change-all"
echo -e " Changes all the Wazuh indexer user passwords and prints them on screen."
echo -e ""
echo -e " -ai, --api-id <currentPassword> <id>"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Avoid options with more than one variable.

echo -e " Change the Wazuh API password given the current password and id, it needs --user and --password"
echo -e ""
echo -e " -ad, --admin <adminUser> <adminPassword>"
echo -e " Admin credentials for Wazuh API it is needed when the user given it is not an administrator"
echo -e ""
echo -e " -u, --user <user>"
echo -e " Indicates the name of the user whose password will be changed."
echo -e " If no password specified it will generate a random one."
Expand Down Expand Up @@ -71,6 +77,42 @@ function main() {
changeall=1
shift 1
;;
"-ai"|"--api-id")
api=1
if [ -z ${2} ]; then
echo "Argument --api-id needs a second argument"
getHelp
exit 1
fi
if [ -z ${3} ]; then
echo "Argument --api-id needs a third argument"
getHelp
exit 1
fi
currentPassword=${2}
id=${3}
shift
shift
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You can use shift 2 instead of shift twice

shift
;;
"-ad"|"--admin")
api=1
if [ -z ${2} ]; then
echo "Argument --admin needs a second argument"
getHelp
exit 1
fi
if [ -z ${3} ]; then
echo "Argument --admin needs a third argument"
getHelp
exit 1
fi
adminUser=${2}
adminPassword=${3}
shift
shift
shift
;;
"-u"|"--user")
if [ -z ${2} ]; then
echo "Argument --user needs a second argument"
Expand Down Expand Up @@ -155,6 +197,8 @@ function main() {
common_checkSystem
common_checkInstalled

if [ -z "${api}" ]; then

if [ -n "${p_file}" ] && [ ! -f "${p_file}" ]; then
getHelp
fi
Expand Down Expand Up @@ -212,10 +256,15 @@ function main() {
passwords_changePassword
passwords_runSecurityAdmin

else
else
if [ -z "${nuser}" ] && [ -n "${password}" ]; then
getHelp
fi

passwords_changePasswordAPI
fi
else
getHelp

fi

}