wazuh ALL-in-one ES账号密码位置(version:4.4)
ALL-in-one ES账号密码位置
ALL-in-one安装的账号密码其实默认就是webUI访问的账号密码。
也可以用证书私钥的方式访问ES,参考wazuh-install.sh安装脚本
截取的相关代码,如下第1行、18行红色标记:
indexer_cert_path="/etc/wazuh-indexer/certs" function indexer_initialize() { common_logger "Initializing Wazuh indexer cluster security settings." i=0 until curl -XGET https://"${indexer_node_ips[pos]}":9200/ -uadmin:admin -k --max-time 120 --silent --output /dev/null || [ "${i}" -eq 12 ]; do sleep 10 i=$((i+1)) done if [ ${i} -eq 12 ]; then common_logger -e "Cannot initialize Wazuh indexer cluster." installCommon_rollBack exit 1 fi if [ -n "${AIO}" ]; then eval "sudo -u wazuh-indexer JAVA_HOME=/usr/share/wazuh-indexer/jdk/ OPENSEARCH_CONF_DIR=/etc/wazuh-indexer /usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh -cd /etc/wazuh-indexer/opensearch-security -icl -p 9200 -nhnv -cacert ${indexer_cert_path}/root-ca.pem -cert ${indexer_cert_path}/admin.pem -key ${indexer_cert_path}/admin-key.pem -h 127.0.0.1 ${debug}" fi if [ "${#indexer_node_names[@]}" -eq 1 ] && [ -z "${AIO}" ]; then installCommon_changePasswords fi common_logger "Wazuh indexer cluster initialized." }
查看账号密码是否正确的方式:
curl --cert /home/admin.pem --key /home/admin-key.pem -k "https://localhost:9200/_cat/indices?v"