Securing the Wazuh API
By default, the communications between the Wazuh Kibana App and the Wazuh API are not encrypted. It is highly recommended that you secure the Wazuh API by following the steps below:
Enable HTTPS:
In order to enable HTTPS, you can generate your own certificate or generate it automatically by using the script
/var/ossec/api/scripts/configure_api.sh
.Note
This script allows you to change the port used by the Wazuh API to handle the incoming HTTP requests. The port 55000 is used by default.
Change the default credentials:
The
configure_api.sh
script allows you to change the API's user. If you did not use the script you can still change it as follows:# cd /var/ossec/api/configuration/auth # node htpasswd -Bc -C 10 user myUserNameBy default, you can access the Wazuh API by typing user "foo" and password "bar".
You will then need to restart the wazuh-api
and wazuh-manager
services for the change to take effect.
Bind to localhost:
If you do not need to access to the API externally, you should bind the API to
localhost
using the optionconfig.host
in the configuration file/var/ossec/api/configuration/config.js
.