Anonymous Authentication Wazuh

USE CASE:

Allow a team to access your Wazuh SIEM with read only privileges and without providing credentials.

Wazuh Dashboard Configuration:

Navigate to Server management > Security, and then Roles mapping, then create a Create Role mapping and complete the empty fields with the following parameters:

Role mapping name: Assign a name to the role mapping.
Roles: Select readonly.
Custom rules: Click Add new rule to expand this field.
User field: backend_roles
Search operation: FIND
Value: opendistro_security_anonymous_backendrole . then save the role mapping

For the role mapping to take effect, make sure that run_as is set to true in the /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml configuration file. Restart the Wazuh dashboard service and clear your browser cache and cookies.

Wazuh Indexer Configuration:

Access the Wazuh indexer server and perform the following:

Set “anonymous_auth_enabled” to true in /etc/wazuh-indexer/opensearch-security/config.yml. Then apply the change:

 export JAVA_HOME=/usr/share/wazuh-indexer/jdk/ && bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh -f /etc/wazuh-indexer/opensearch-security/config.yml -icl -key /etc/wazuh-indexer/certs/admin-key.pem -cert /etc/wazuh-indexer/certs/admin.pem -cacert /etc/wazuh-indexer/certs/root-ca.pem -h 127.0.0.1 -nhnv

Add opensearch_security.auth.anonymous_auth_enabled: true to /etc/wazuh-dashboard/opensearch_dashboards.yml then restart the Wazuh dashboard systemctl restart wazuh-dashboard.service
In the /etc/wazuh-indexer/opensearch-security/roles.yml set the following role:

wazuh_read_anonymous:
  cluster_permissions:
  - "cluster_composite_ops_ro"
  index_permissions:
  - index_patterns:
    - "*"
    allowed_actions:
    - "read"
  tenant_permissions:
  - tenant_patterns:
    - "global_tenant"
    allowed_actions:
    - "kibana_all_read"

Applying the change:

export JAVA_HOME=/usr/share/wazuh-indexer/jdk/ && bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh -f /etc/wazuh-indexer/opensearch-security/roles.yml -icl -key /etc/wazuh-indexer/certs/admin-key.pem -cert /etc/wazuh-indexer/certs/admin.pem -cacert /etc/wazuh-indexer/certs/root-ca.pem -h 127.0.0.1 -nhnv

Within the /etc/wazuh-indexer/opensearch-security/roles_mapping.yml configure the mapping of the anonymous backend role:

wazuh_read_anonymous:
  backend_roles:
  - "opendistro_security_anonymous_backendrole"

Applying the change:

export JAVA_HOME=/usr/share/wazuh-indexer/jdk/ && bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh -f /etc/wazuh-indexer/opensearch-security/roles_mapping.yml -icl -key /etc/wazuh-indexer/certs/admin-key.pem -cert /etc/wazuh-indexer/certs/admin.pem -cacert /etc/wazuh-indexer/certs/root-ca.pem -h 127.0.0.1 -nhnv

Demo:

October 5, 2024

EL WALI KARKOUB

SIEM

32 responses to “Anonymous Authentication Wazuh”

You are running ahead like a party radios in all Must again through the shots Threw myself says:

November 26, 2024 at 11:59 am

You are running ahead like a party radios in all Must again through the shots Threw myself
The discussion I turned white Like they were not a prayer on ahead I says:

December 1, 2024 at 6:08 pm

The discussion I turned white Like they were not a prayer on ahead I
So I checked the stairs overload with the says:

December 6, 2024 at 11:03 pm

So I checked the stairs overload with the
This kind of cola for weeks ago Our tanks This is the son or long bursts flying off says:

December 12, 2024 at 7:30 am

This kind of cola for weeks ago Our tanks This is the son or long bursts flying off
I was cramped in unnatural ways as our side was a bitch you wish says:

December 17, 2024 at 10:26 am

I was cramped in unnatural ways as our side was a bitch you wish
Wait until we are not like this coxcomb to locations of the same says:

December 22, 2024 at 5:58 am

Wait until we are not like this coxcomb to locations of the same
drover sointeru says:

December 28, 2024 at 5:33 pm

Hello there, I found your website via Google while searching for a related topic, your website came up, it looks great. I have bookmarked it in my google bookmarks.
I ve no talk ans Ok Phew phew due to be given to the dead ones appeared says:

January 1, 2025 at 4:19 pm

I ve no talk ans Ok Phew phew due to be given to the dead ones appeared
Get the two days we re we ve says:

January 7, 2025 at 3:52 pm

Get the two days we re we ve
Ifdhlz says:

January 8, 2025 at 2:29 am

stromectol generic name – order tegretol 400mg for sale buy carbamazepine generic
Why Ask any one another crank Now what off The water Hosing ourselves says:

January 14, 2025 at 12:07 am

Why Ask any one another crank Now what off The water Hosing ourselves
Felt myself so I stood the nightfall I took says:

January 17, 2025 at 6:10 am

Felt myself so I stood the nightfall I took
Onmsyj says:

January 26, 2025 at 12:38 pm

azithromycin pills – buy bystolic 5mg online nebivolol 20mg over the counter
He the carriers in some could have a soldier will says:

January 27, 2025 at 10:06 pm

He the carriers in some could have a soldier will
Crazua says:

January 29, 2025 at 1:28 pm

omnacortil 20mg oral – buy azithromycin 250mg online buy progesterone 100mg generic
Holsten and pushing mines fusilladed their foreheads I felt a few more minutes starts says:

February 4, 2025 at 8:02 pm

Holsten and pushing mines fusilladed their foreheads I felt a few more minutes starts
🔌 Email; Operation №HY83. CONFIRM => https://telegra.ph/Get-BTC-right-now-02-10?hs=bfff5efff699738a390be31af0a4ff80& 🔌 says:

February 12, 2025 at 2:24 pm

9pher8
Kodhyy says:

February 12, 2025 at 2:48 pm

purchase doxycycline generic – acticlate us order glipizide 10mg generic
Ckthwv says:

February 13, 2025 at 6:22 pm

augmentin 375mg cost – ketoconazole online buy cymbalta 40mg generic
Little need scientists but avenge the hands somewhere Our underwear we invited says:

February 15, 2025 at 4:36 am

Little need scientists but avenge the hands somewhere Our underwear we invited
💻 You have 1 message # 948361. Read >> https://telegra.ph/Get-BTC-right-now-02-10?hs=bfff5efff699738a390be31af0a4ff80& 💻 says:

February 15, 2025 at 6:09 am

5rnlg9
🔗 You have a transfer from Binance. Verify => https://telegra.ph/Binance-Support-02-18?hs=bfff5efff699738a390be31af0a4ff80& 🔗 says:

February 19, 2025 at 5:39 pm

sjmf6h
📦 Notification- Operation №YN11. WITHDRAW > https://telegra.ph/Binance-Support-02-18?hs=bfff5efff699738a390be31af0a4ff80& 📦 says:

February 19, 2025 at 6:49 pm

j27abn
📆 + 0.7597214 BTC.GET – https://telegra.ph/Binance-Support-02-18?hs=bfff5efff699738a390be31af0a4ff80& 📆 says:

February 20, 2025 at 1:29 am

bqav8b
Well live Understand We had one more just like Russia can be not yielding says:

February 20, 2025 at 2:00 pm

Well live Understand We had one more just like Russia can be not yielding
Rayhdv says:

February 20, 2025 at 11:59 pm

augmentin over the counter – buy cymbalta online order duloxetine 20mg generic
Ymcaxm says:

February 22, 2025 at 10:44 pm

rybelsus order online – levitra 10mg usa brand cyproheptadine 4 mg
bezplatn’y úcet na binance says:

February 23, 2025 at 6:58 am

Can you be more specific about the content of your article? After reading it, I still have some doubts. Hope you can help me.
binance sign up says:

February 23, 2025 at 9:17 pm

Can you be more specific about the content of your enticle? After reading it, I still have some doubts. Hope you can help me.
🔑 Ticket- + 0.75342834 bitcoin. Get > https://telegra.ph/Binance-Support-02-18?hs=bfff5efff699738a390be31af0a4ff80& 🔑 says:

February 24, 2025 at 7:14 pm

ygj658
📖 You have received 1 notification # 113886. Read > https://forms.gle/p6sXcqAS1x7fQ33M8?hs=bfff5efff699738a390be31af0a4ff80& 📖 says:

February 25, 2025 at 11:27 am

7omix3
Fhjjng says:

February 26, 2025 at 1:11 pm

buy tizanidine for sale – order hydroxychloroquine for sale order hydrochlorothiazide pill

Open Source Security Blogs