Removed step 5 (manual restart via Runtipi interface) from the indexer
password change procedure. In Runtipi, clicking "Mettre à jour" already
restarts the application automatically, making the manual restart step
redundant.
Renumbered subsequent steps:
- Old step 6 → New step 5 (securityadmin.sh)
- Old step 7 → New step 6 (Update env vars)
- Old step 8 → New step 7 (Test passwords)
This simplifies the procedure and avoids confusion for users.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Changed the API password test command to use localhost:55000 instead
of VOTRE_IP:55000 for better clarity since the command is executed
from the server itself via SSH.
This is more consistent with other local testing commands.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Docker exec does not interpret wildcards (*) in container names.
Replaced all `docker exec -it wazuh-runtipi_*-container-name` commands
with `docker exec -it $(docker ps --filter "name=container" --format "{{.Names}}")`.
This ensures the commands work correctly on all systems.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Merged update and restart steps into one since they're done
together in Runtipi interface (Update then Restart button).
Renumbered step 5 to step 4 (verification).
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Removed the "one-liner" docker exec approach and kept only
the manual method (entering the container).
This is simpler and easier to follow:
1. Enter container
2. View current config with cat
3. Replace password with sed
4. Verify with grep
5. Exit
User preference: keep it straightforward with one clear method
instead of multiple alternatives.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
The actual wazuh.yml file has passwords WITHOUT quotes:
password: MyS3cr37P450r.*-
But the sed command was searching FOR quotes:
password: "MyS3cr37P450r.*-"
This caused the sed command to not match and not replace anything.
Fixed by removing quotes from the sed pattern to match the actual
YAML format used by Wazuh.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
The dashboard container doesn't have vi or nano installed.
Replaced manual editing instructions with automated sed command.
Changes:
- Added one-liner sed command to replace password directly
- Added verification command to check the change
- Kept manual alternative for troubleshooting
- Escaped special characters in regex (. and *)
This makes the password change procedure much simpler and
doesn't require installing additional tools in the container.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
According to official Wazuh documentation, changing the API password
requires updating BOTH:
1. The wazuh.yml file in the dashboard container
2. The API_PASSWORD environment variable
Previous documentation only mentioned step 2, which is incomplete.
Added:
- Step to edit /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml
- Warning that this file is not in a persistent volume
- Link to official documentation
- vi editor instructions for YAML modification
Fixes incomplete API password change procedure.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Port 9200 is not exposed to the host (security by design).
Updated all OpenSearch API test commands to use docker exec
from within Wazuh containers instead of direct host access.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Add concise testing commands after password change procedure:
- Test admin via Dashboard and API
- Test kibanaserver via API
- Security test to verify old passwords no longer work
Simple, clear, and actionable for users.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Simplify the confusing find the exact path step by showing that
wildcards work directly with nano. Add fallback instructions with
concrete example if wildcards do not work.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Add detailed, actionable instructions for changing Wazuh passwords
adapted for Runtipi deployment:
- Complete hash.sh interaction examples
- Step-by-step internal_users.yml editing guide
- Full securityadmin.sh command sequence with expected output
- Runtipi UI navigation instructions
- API password testing commands
- Clear distinction between Indexer vs API procedures
This matches the official Wazuh documentation but adapted for
Runtipi paths and workflow.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Remove misleading suggestion that setting passwords in Runtipi form
before installation can bypass the official hash.sh + securityadmin.sh
procedure. Make it clear this is the ONLY supported method.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Add documentation for post-installation health verification via
the Wazuh web interface at /app/logs#/health-check endpoint.
This provides users with a visual alternative to the CLI script.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
CRITICAL CORRECTION: Removed the "Méthode 1: Avant l'Installation" which
was not based on official Wazuh documentation and is non-functional.
The ONLY supported method for changing passwords in Wazuh Docker is the
post-installation procedure using hash.sh and securityadmin.sh tools.
Changes:
- Removed misleading "Méthode 1" that suggested pre-install env vars work
- Added clear security warning that default passwords are public
- Emphasized that post-installation procedure is MANDATORY
- Clarified that Runtipi env vars alone are NOT sufficient for security
- Updated title to "OBLIGATOIRE pour Production" (mandatory)
This aligns documentation with official Wazuh security procedures:
https://documentation.wazuh.com/current/deployment-options/docker/changing-default-password.html🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Replaced the simplified password change instructions with the official
Wazuh Docker deployment procedure from:
https://documentation.wazuh.com/current/deployment-options/docker/changing-default-password.html
Changes:
- Added reference link to official Wazuh documentation
- Updated Méthode 2 with official hash generation procedure using hash.sh
- Added complete securityadmin.sh command with correct paths
- Specified password requirements (8-64 chars with symbols for API)
- Added warning about complexity of post-install password changes
- Emphasized pre-installation password configuration as best practice
This ensures users follow the correct and secure procedure for changing
passwords in Wazuh Docker deployments.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Based on Kubernetes configuration analysis from wazuh-kubernetes-main repository.
Changes to docker-compose.json:
- Add resource limits (CPU/RAM) to all services based on K8s recommendations
* Indexer: 0.5-1.0 CPU, 1-2GB RAM
* Manager: 1.0-2.0 CPU, 1-2GB RAM
* Dashboard: 0.2-0.4 CPU, 512MB-2GB RAM
- Add Log4j security flag: -Dlog4j2.formatMsgNoLookups=true (CVE-2021-44228)
- Add DISABLE_INSTALL_DEMO_CONFIG=true for indexer security
- Add WAZUH_NODE_TYPE=master for explicit node configuration
- Add SERVER_SSL_ENABLED=true for dashboard
Changes to metadata/description.md:
- Update prerequisites with CPU/RAM/Disk requirements
- Add "Variables d'Environnement Techniques" section
- Rewrite "Limites de Ressources" with K8s-based recommendations
- Update "Espace Disque" with production storage requirements
- Add new section "Considérations de Production et Scaling"
* Single-node deployment limitations
* HA configuration with Kubernetes
* Scaling recommendations
* Production security checklist
* Backup script for critical volumes
All improvements follow official Wazuh Kubernetes production configurations
for optimal stability and security.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Changed all disk size references from ~7-8GB, 7,4G, and ~5GB to consistent 7 GB format for professional appearance.
Updated files:
- description.md (2 occurrences)
- wazuh-health-check.sh (4 occurrences)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Corrected resource limits section to reflect actual docker-compose.json configuration.
Uses Java heap and ulimits, not deploy.resources.limits.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Update health check SSL verification message to be informative instead of warning
- Health check now accepts both 'full' and 'certificate' SSL modes
- Fix description.md to match actual implementation (no dashboard watchdog)
- Correct init-manager.sh and init-dashboard.sh documentation examples
- Replace obsolete dashboard migration section with actual manager persistence logic
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Added Wazuh 4.14.1 SIEM/XDR application for Runtipi
- Simplified init scripts following official Wazuh Docker patterns
- Complete documentation in French (description.md)
- Health check diagnostic script (wazuh-health-check.sh)
- SSL/TLS certificates auto-generation
- Whoami test application included
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
