3.6.2 wazuhAPI认证

wazuhAPI是wazuh管理端提供的WEB API，默认地址：https://192.168.1.200:55000/。默认安装之后，采用的是HTTPS通信，并且有默认就有两个账号：wazuh/wazuh和wazuh-wui/wazuh-wui。

wazuhAPI鉴权机制是采用JWT（JSON Web Token）生成凭据令牌。

[root@wazuh-manager ~]# curl -u wazuh:wazuh -k -X GET "https://localhost:55000/security/user/authenticate?raw=true"
eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNjI1MTUwNTEyLCJleHAiOjE2MjUxNTE0MTIsInN1YiI6IndhenVoIiwicnVuX2FzIjpmYWxzZSwicmJhY19yb2xlcyI6WzFdLCJyYmFjX21vZGUiOiJ3aGl0ZSJ9.yixg7ehywiMGJ3hNjVcRk_RX-XG-k5YaDm-hSLhVgVM

修改默认密码，先获取用户ID。

输入对应用户ID和新密码就可以更新密码。

PUT /security/users/1 HTTP/1.1
Host: 192.168.1.200:55000
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:87.0) Gecko/20100101 Firefox/87.0
Accept: */*
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Content-Type: application/json
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNjI1MTUxNTMzLCJleHAiOjE2MjUxNTI0MzMsInN1YiI6IndhenVoIiwicnVuX2FzIjpmYWxzZSwicmJhY19yb2xlcyI6WzFdLCJyYmFjX21vZGUiOiJ3aGl0ZSJ9.XvcPi-Qx_PqmJQKzrMacsEcMuzWT2ghUdMoSGLQiIkI
Connection: close
Content-Length: 62


{
"password": "FXKNECzaW4qOL$QO",
"allow_run_as": false
}