Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Question] demo users in config/wazuh_indexer/internal_users.yml #802

Open
daweedm opened this issue Mar 31, 2023 · 3 comments
Open

[Question] demo users in config/wazuh_indexer/internal_users.yml #802

daweedm opened this issue Mar 31, 2023 · 3 comments

Comments

@daweedm
Copy link

daweedm commented Mar 31, 2023
edited

Hello,

For security reasons, I wanted to change the default passwords that are set in config/wazuh_indexer/internal_users.yml.

Can we change the default password set for the following users : kibanaserver, kibanaro, logstash, readall, snapshotrestore ?

I've found in the issues here how to change the password for the admin user (by using opensearch tools & replacing the values in docker-compose.yml environment variables).
But I can't figure out where the others password are hardcoded in this projet. I've tried to remove them (as they are labelled as "demo") but once I removed them, the dashboard won't start (logs states something like : can't login with kibanaserver).

So, I guess that these "demo users" are mandatory to the project.

Are these "demo" accounts internal and only accessible between the docker containers or should we worry about theses password usable by a user outside of the docker's internal network ?
@daweedm
Copy link
Author

daweedm commented Apr 1, 2023

According to the doc : https://documentation.wazuh.com/current/user-manual/user-administration/password-management.html only the "kibanaserver" user seems to be required. Does this mean that we can safely delete the other users ? If no, how can we change these password in the context of this docker containers ?

@vcerenu
Copy link
Member

vcerenu commented Apr 3, 2023

Hello @daweedm

The admin and kibanaserver users have a utility within the system, the first as the main user of the deployment and the second as the communication user between Wazuh indexer and Wazuh dashboard.

To modify the password of admin user you must also modify the INDEXER_PASSWORD variable within the docker_compose.yml that you use to deploy.
To modify the password of kibanaserver user you must add the parameters DASHBOARD_USERNAME and DASHBOARD_PASSWORD inside docker_compose.yml file, in the declaration of wazuh.dashboard service.
If you want to delete the others, there is no problem, these users are examples and you can delete them or change their password to use them. You can also modify their permissions by mounting the role_mapping.yml file in the same directory where we mounted the internal_users.yml file, in order to assign roles to the users that you create new ones within the internal_users.yml file.

- ./config/wazuh_indexer/roles_mapping.yml:/usr/share/wazuh-indexer/opensearch-security/roles_mapping.yml

@daweedm
Copy link
Author

daweedm commented Apr 3, 2023

@vcerenu thanks a lot for your response.

I have a last question about the communication between the indexer and the dashboard for the kibanaserver user:

I see in the docker-compose.yml file that the indexer has a mapped port to the host :

   # indexer
    ports:
      - "9200:9200"

My question is : is the kibanaserver user (1) used by the dashboard's front-end to communicate with the indexer through the port 9200 in the "public network" or (2) is that kibanaserver user used by the dashboard's backend to to authenticate in the "private network" that is created using the links below ?

# dashboard
links:
      - wazuh.indexer:wazuh.indexer
      - wazuh.manager:wazuh.manager

I'm asking because if (2), I guess there is no need to change the kibanaserver (in that case I'm wondering why the port 9200 is mapped to the host) while if (1), everyone should change the password for kibanaserver if the dashboard is publicly exposed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@daweedm @vcerenu