Wazuh - How to change admin password for web interface

Question

I just installed WAZUH from its OVA.

The web interface is admin/admin

When I click reset password from the web interface i get this error

Failed to reset password. {"status":"FORBIDDEN","message":"Resource 'admin' is read-only."}

enter wazug admin password reset screenshot

I've googled/scanned documentation and can't find out how to change it.

I've looked through /usr/share/elasticsearch/plugins/opendistro_security/securityconfig/config.yml and cant see an option either?

A simple fix but its not just appearing for me via searching/reading the manual

I plan to secure the admin password then create a user account to do my work

Thanks in adavance

Answer 1

For changing the password, first you have to download the wazuh-passwords-tool.sh script:

$ curl -so wazuh-passwords-tool.sh https://packages.wazuh.com/4.4/wazuh-passwords-tool.sh

Then, run the following command:

sudo bash wazuh-passwords-tool.sh -u admin -p <mypassword>

Please replace with your expected password for the user admin.

Answer 2

If running Wazuh on Kubernetes and you need to change the default passwords look for the following files:

• elastic-cred-secret.yaml
• internal_users.yaml
• wazuh-api-cred-secret.yaml
• wazuh-authd-pass-secret.yaml

The one caveat is you have to base64 encode the password before updating in the aforementioned files. Afterward, do kubectl patch or apply and your password will be updated.