526互联

wazuh ALL-in-one ES账号密码位置(version:4.4)

发布时间 2023-06-08 20:27:14作者: bonjov1

ALL-in-one ES账号密码位置

ALL-in-one安装的账号密码其实默认就是webUI访问的账号密码。
也可以用证书私钥的方式访问ES,参考wazuh-install.sh安装脚本
截取的相关代码,如下第1行、18行红色标记:
indexer_cert_path="/etc/wazuh-indexer/certs"

function indexer_initialize() {

    common_logger "Initializing Wazuh indexer cluster security settings."
    i=0
    until curl -XGET https://"${indexer_node_ips[pos]}":9200/ -uadmin:admin -k --max-time 120 --silent --output /dev/null || [ "${i}" -eq 12 ]; do
        sleep 10
        i=$((i+1))
    done
    if [ ${i} -eq 12 ]; then
        common_logger -e "Cannot initialize Wazuh indexer cluster."
        installCommon_rollBack
        exit 1
    fi

    if [ -n "${AIO}" ]; then
        eval "sudo -u wazuh-indexer JAVA_HOME=/usr/share/wazuh-indexer/jdk/ OPENSEARCH_CONF_DIR=/etc/wazuh-indexer /usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh -cd /etc/wazuh-indexer/opensearch-security -icl -p 9200 -nhnv -cacert ${indexer_cert_path}/root-ca.pem -cert ${indexer_cert_path}/admin.pem -key ${indexer_cert_path}/admin-key.pem -h 127.0.0.1 ${debug}"
    fi

    if [ "${#indexer_node_names[@]}" -eq 1 ] && [ -z "${AIO}" ]; then
        installCommon_changePasswords
    fi

    common_logger "Wazuh indexer cluster initialized."

}

 

查看账号密码是否正确的方式:

curl --cert /home/admin.pem --key /home/admin-key.pem -k "https://localhost:9200/_cat/indices?v"