wazuh · alberpilot · Jun 8, 2022 · May 13, 2022 · May 13, 2022 · May 13, 2022
diff --git a/tests/unattended/install/test_unattended.py b/tests/unattended/install/test_unattended.py
@@ -96,7 +96,7 @@ def get_wazuh_api_status():
     host = get_indexer_ip()
     port = 55000
     user = 'wazuh'
-    password = 'wazuh'
+    password = get_password("wazuh")
     login_endpoint = 'security/user/authenticate'
 
     login_url = f"{protocol}://{host}:{port}/{login_endpoint}"

diff --git a/unattended_installer/install_functions/installCommon.sh b/unattended_installer/install_functions/installCommon.sh
@@ -274,7 +274,7 @@ function installCommon_installPrerequisites() {
 
 function installCommon_readPasswordFileUsers() {
 
-    filecorrect=$(grep -Ev '^#|^\s*$' "${p_file}" | grep -Pzc '\A(\s*username:[ \t]+\w+\s*password:[ \t]+[A-Za-z0-9_\-]+\s*)+\Z')
+    filecorrect=$(grep -Ev '^#|^\s*$' "${p_file}" | grep -Pzc '\A(\s*username:[ \t]+\w+\s*password:[ \t]+[A-Za-z0-9.*+?()[{\|]+\s*)+\Z')
     if [[ "${filecorrect}" -ne 1 ]]; then
         common_logger -e "The password file doesn't have a correct format.
 
@@ -528,3 +528,29 @@ function installCommon_startService() {
     fi
 
 }
+
+function installCommon_changePasswordAPI() {
+
+    password_wazuh=$(cat /tmp/wazuh-install-files/passwords.wazuh | awk -F': ' '{print $2}' | tail -n 6 | head -n 1)
+    password_wazuh_wui=$(cat /tmp/wazuh-install-files/passwords.wazuh | awk -F': ' '{print $2}' | tail -n 2 | head -n 1)
+    WAZUH_PASS='{"password":"'"$password_wazuh"'"}'
+    WAZUH_WUI_PASS='{"password":"'"$password_wazuh_wui"'"}'
+
+    TOKEN=$(curl -s -u wazuh:wazuh -k -X GET "https://localhost:55000/security/user/authenticate?raw=true")
+    eval 'curl -s -k -X PUT -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" -d "$WAZUH_PASS" "https://localhost:55000/security/users/1" -o /dev/null'
+
+    TOKEN_WUI=$(curl -s -u wazuh-wui:wazuh-wui -k -X GET "https://localhost:55000/security/user/authenticate?raw=true")
+    eval 'curl -s -k -X PUT -H "Authorization: Bearer $TOKEN_WUI" -H "Content-Type: application/json" -d "$WAZUH_WUI_PASS" "https://localhost:55000/security/users/2" -o /dev/null'
+
+}
+
+function installCommon_updateDashborad_WUI_Password() {
+
+    if [ -f "/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml" ]; then
+        password_wazuh_wui=$(cat /tmp/wazuh-install-files/passwords.wazuh | awk -F': ' '{print $2}' | tail -n 2 | head -n 1)
+        eval 'sed -i "s|password: wazuh-wui|password: ${password_wazuh_wui}|g" /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml'
+    else
+        echo "ERROR: File /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml does not exist"
+    fi
+
+}
diff --git a/unattended_installer/install_functions/installMain.sh b/unattended_installer/install_functions/installMain.sh
@@ -290,6 +290,7 @@ function main() {
         installCommon_changePasswords
         installCommon_startService "wazuh-dashboard"
         dashboard_initialize
+        installCommon_updateDashborad_WUI_Password
 
     fi
 
@@ -306,6 +307,7 @@ function main() {
         filebeat_install
         filebeat_configure
         installCommon_changePasswords
+        installCommon_changePasswordAPI
         installCommon_startService "filebeat"
     fi
 
@@ -329,7 +331,10 @@ function main() {
         dashboard_configure
         installCommon_startService "wazuh-dashboard"
         installCommon_changePasswords
+        installCommon_changePasswordAPI
         dashboard_initializeAIO
+        installCommon_updateDashborad_WUI_Password
+
     fi
 
 # -------------- Offline case  ------------------------------------------

diff --git a/unattended_installer/passwords_tool/passwordsFunctions.sh b/unattended_installer/passwords_tool/passwordsFunctions.sh
@@ -177,6 +177,7 @@ function passwords_generatePasswordFile() {
         echo "  password: ${passwords[${i}]}" >> "${gen_file}"
         echo ""	>> "${gen_file}"
     done
+    passwords_createPasswordAPI
 
 }
 
@@ -217,7 +218,7 @@ function passwords_readAdmincerts() {
 }
 
 function passwords_readFileUsers() {
-    filecorrect=$(grep -Ev '^#|^\s*$' "${p_file}" | grep -Pzc '\A(\s*username:[ \t]+\w+\s*password:[ \t]+[A-Za-z0-9_\-]+\s*)+\Z')
+    filecorrect=$(grep -Ev '^#|^\s*$' "${p_file}" | grep -Pzc '\A(\s*username:[ \t]+\w+\s*password:[ \t]+[A-Za-z0-9.*+?()[{\|]+\s*)+\Z')
     if [[ "${filecorrect}" -ne 1 ]]; then
         common_logger -e "The password file doesn't have a correct format.
 
@@ -380,3 +381,19 @@ function passwords_runSecurityAdmin() {
     fi
 
 }
+
+function passwords_createPasswordAPI() {
+
+    password_wazuh=$(tr -dc 'A-Za-z0-9.*+?()[{\|' </dev/urandom | head -c"${1:-32}";echo;)
+    password_wazuh_wui=$(tr -dc 'A-Za-z0-9.*+?()[{\|' </dev/urandom | head -c"${1:-32}";echo;)
+
+    echo "# New password for wazuh API" >> "${gen_file}"
+    echo "  username: wazuh" >> "${gen_file}"
+    echo "  password: $password_wazuh" >> "${gen_file}"
+    echo ""	>> "${gen_file}"
+    echo "# New password for wazuh-wui API" >> "${gen_file}"
+    echo "  username: wazuh_wui" >> "${gen_file}"
+    echo "  password: $password_wazuh_wui" >> "${gen_file}"
+    echo ""	>> "${gen_file}"
+
+}