Fixed bugs for offline installation with the installation assistant #3074

c-bordon · 2024-08-15T15:58:06Z

After testing on a machine without internet access, a couple of errors were detected which were corrected with the changes in this PR:

Tests

Wazuh indexer:

ubuntu@ip-172-31-46-83:~$ sudo bash wazuh-install.sh --offline-installation --wazuh-indexer node-1
15/08/2024 15:15:55 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0
15/08/2024 15:15:55 INFO: Verbose logging redirected to /var/log/wazuh-install.log
15/08/2024 15:15:55 INFO: Checking installed dependencies for Offline installation.
15/08/2024 15:16:01 INFO: Verifying that your system meets the recommended minimum hardware requirements.
15/08/2024 15:16:02 INFO: Checking prerequisites for Offline installation.
15/08/2024 15:16:05 INFO: Checking wazuh-offline.tar.gz file.
15/08/2024 15:16:06 INFO: --- Wazuh indexer ---
15/08/2024 15:16:06 INFO: Starting Wazuh indexer installation.
15/08/2024 15:16:34 INFO: Wazuh indexer installation finished.
15/08/2024 15:16:35 INFO: Wazuh indexer post-install configuration finished.
15/08/2024 15:16:35 INFO: Starting service wazuh-indexer.
15/08/2024 15:17:01 INFO: wazuh-indexer service started.
15/08/2024 15:17:01 INFO: Initializing Wazuh indexer cluster security settings.
15/08/2024 15:17:05 INFO: Wazuh indexer cluster initialized.
15/08/2024 15:17:05 INFO: Installation finished.
ubuntu@ip-172-31-46-83:~$ sudo bash wazuh-install.sh --start-cluster --offline-installation -v
15/08/2024 15:17:24 DEBUG: Checking root permissions.
15/08/2024 15:17:24 DEBUG: Checking sudo package.
15/08/2024 15:17:24 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0
15/08/2024 15:17:24 INFO: Verbose logging redirected to /var/log/wazuh-install.log
15/08/2024 15:17:24 DEBUG: APT package manager will be used.
15/08/2024 15:17:24 DEBUG: Checking system distribution.
15/08/2024 15:17:24 DEBUG: Detected distribution name: ubuntu
15/08/2024 15:17:24 DEBUG: Detected distribution version: 22
15/08/2024 15:17:24 INFO: Checking installed dependencies for Offline installation.
15/08/2024 15:17:26 DEBUG: Offline dependencies are installed.
15/08/2024 15:17:26 DEBUG: Checking Wazuh installation.
15/08/2024 15:17:28 DEBUG: There are Wazuh indexer remaining files.
15/08/2024 15:17:29 DEBUG: Checking system architecture.
15/08/2024 15:17:29 INFO: Verifying that your system meets the recommended minimum hardware requirements.
15/08/2024 15:17:29 DEBUG: CPU cores detected: 2
15/08/2024 15:17:29 DEBUG: Free RAM memory detected: 7833
15/08/2024 15:17:29 DEBUG: Checking previous certificate existence.
15/08/2024 15:17:29 INFO: Checking wazuh-offline.tar.gz file.
15/08/2024 15:17:29 DEBUG: wazuh-offline.tar.gz was found correctly.
15/08/2024 15:17:29 DEBUG: Extracting files from wazuh-offline.tar.gz
15/08/2024 15:17:29 DEBUG: Offline files extracted successfully.
15/08/2024 15:17:29 DEBUG: Extracting Wazuh configuration.
15/08/2024 15:17:29 DEBUG: Reading configuration file.
15/08/2024 15:17:29 DEBUG: Checking if 127.0.0.1 is private.
15/08/2024 15:17:29 DEBUG: Checking if 127.0.0.1 is private.
15/08/2024 15:17:29 DEBUG: Checking if 127.0.0.1 is private.
15/08/2024 15:17:29 DEBUG: Starting Wazuh indexer cluster.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.13.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-indexer-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index does not exists, attempt to create it ... done (0-all replicas)
Populate config from /etc/wazuh-indexer/opensearch-security/
Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml 
   SUCC: Configuration for 'config' created or updated
Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml 
   SUCC: Configuration for 'roles' created or updated
Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml 
   SUCC: Configuration for 'rolesmapping' created or updated
Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml 
   SUCC: Configuration for 'internalusers' created or updated
Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml 
   SUCC: Configuration for 'actiongroups' created or updated
Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml 
   SUCC: Configuration for 'tenants' created or updated
Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml 
   SUCC: Configuration for 'nodesdn' created or updated
Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml 
   SUCC: Configuration for 'whitelist' created or updated
Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml 
   SUCC: Configuration for 'audit' created or updated
Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml 
   SUCC: Configuration for 'allowlist' created or updated
SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null
Done with success
15/08/2024 15:17:35 INFO: Wazuh indexer cluster security configuration initialized.
15/08/2024 15:17:35 DEBUG: Waiting for Wazuh indexer to be ready. wazuh-indexer status: 503
15/08/2024 15:17:40 DEBUG: Waiting for Wazuh indexer to be ready. wazuh-indexer status: 503
15/08/2024 15:17:46 DEBUG: Inserted wazuh-alerts template into the Wazuh indexer cluster.
15/08/2024 15:17:46 DEBUG: Setting Wazuh indexer cluster passwords.
15/08/2024 15:17:46 DEBUG: Checking Wazuh installation.
15/08/2024 15:17:47 DEBUG: There are Wazuh indexer remaining files.
15/08/2024 15:17:48 INFO: Updating the internal users.
15/08/2024 15:17:48 DEBUG: Creating password backup.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.13.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-indexer-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml 
   SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml
Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml 
   SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml
Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml 
   SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml
Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml 
   SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml
Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml 
   SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml
Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml 
   SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml
Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml 
   SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml
Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml 
   SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml
Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml 
   SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml
Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml 
   SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml
15/08/2024 15:17:53 DEBUG: Password backup created in /etc/wazuh-indexer/backup.
15/08/2024 15:17:53 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
15/08/2024 15:17:53 DEBUG: The internal users have been updated before changing the passwords.
15/08/2024 15:17:53 DEBUG: Generating password hashes.
15/08/2024 15:18:03 DEBUG: Password hashes generated.
15/08/2024 15:18:03 DEBUG: Creating password backup.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.13.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-indexer-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml 
   SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml
Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml 
   SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml
Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml 
   SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml
Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml 
   SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml
Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml 
   SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml
Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml 
   SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml
Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml 
   SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml
Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml 
   SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml
Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml 
   SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml
Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml 
   SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml
15/08/2024 15:18:07 DEBUG: Password backup created in /etc/wazuh-indexer/backup.
15/08/2024 15:18:07 DEBUG: Running security admin tool.
15/08/2024 15:18:08 DEBUG: Loading new passwords changes.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.13.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-indexer-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Populate config from /home/ubuntu
Force type: internalusers
Will update '/internalusers' with /etc/wazuh-indexer/backup/internal_users.yml 
   SUCC: Configuration for 'internalusers' created or updated
SUCC: Expected 1 config types for node {"updated_config_types":["internalusers"],"updated_config_size":1,"message":null} is 1 (["internalusers"]) due to: null
Done with success
15/08/2024 15:18:12 DEBUG: Passwords changed.
15/08/2024 15:18:12 INFO: Wazuh indexer cluster started.
ubuntu@ip-172-31-46-83:~$ sudo tar -axf wazuh-install-files.tar wazuh-install-files/wazuh-passwords.txt -O | grep -P "\'admin\'" -A 1
  indexer_username: 'admin'
  indexer_password: 'nBbBGIVxUwarL?C6gaFwp4nxKghYEyLb'
ubuntu@ip-172-31-46-83:~$ curl -k -u admin:nBbBGIVxUwarL?C6gaFwp4nxKghYEyLb https://127.0.0.1:9200
{
  "name" : "node-1",
  "cluster_name" : "wazuh-indexer-cluster",
  "cluster_uuid" : "2QpMf9ZaR2GPPjZDSNIKeQ",
  "version" : {
    "number" : "7.10.2",
    "build_type" : "deb",
    "build_hash" : "521f27c3793bc1d0d250a81a237dce08b28d0ffc",
    "build_date" : "2024-08-09T09:32:04.236040Z",
    "build_snapshot" : false,
    "lucene_version" : "9.10.0",
    "minimum_wire_compatibility_version" : "7.10.0",
    "minimum_index_compatibility_version" : "7.0.0"
  },
  "tagline" : "The OpenSearch Project: https://opensearch.org/"
}
ubuntu@ip-172-31-46-83:~$ curl -k -u admin:nBbBGIVxUwarL?C6gaFwp4nxKghYEyLb https://127.0.0.1:9200/_cat/nodes?v
ip        heap.percent ram.percent cpu load_1m load_5m load_15m node.role node.roles                               cluster_manager name
127.0.0.1           49          52  27    0.42    0.51     0.45 dimr      data,ingest,master,remote_cluster_client *               node-1

Wazuh manager:

ubuntu@ip-172-31-46-83:~$ sudo bash wazuh-install.sh --offline-installation --wazuh-server wazuh-1 -v
15/08/2024 15:19:49 DEBUG: Checking root permissions.
15/08/2024 15:19:49 DEBUG: Checking sudo package.
15/08/2024 15:19:49 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0
15/08/2024 15:19:49 INFO: Verbose logging redirected to /var/log/wazuh-install.log
15/08/2024 15:19:49 DEBUG: APT package manager will be used.
15/08/2024 15:19:49 DEBUG: Checking system distribution.
15/08/2024 15:19:49 DEBUG: Detected distribution name: ubuntu
15/08/2024 15:19:49 DEBUG: Detected distribution version: 22
15/08/2024 15:19:49 INFO: Checking installed dependencies for Offline installation.
15/08/2024 15:19:52 DEBUG: Offline dependencies are installed.
15/08/2024 15:19:52 DEBUG: Checking Wazuh installation.
15/08/2024 15:19:53 DEBUG: There are Wazuh indexer remaining files.
15/08/2024 15:19:54 DEBUG: Checking system architecture.
15/08/2024 15:19:54 INFO: Verifying that your system meets the recommended minimum hardware requirements.
15/08/2024 15:19:54 DEBUG: CPU cores detected: 2
15/08/2024 15:19:54 DEBUG: Free RAM memory detected: 7833
15/08/2024 15:19:54 DEBUG: Checking previous certificate existence.
15/08/2024 15:19:54 DEBUG: Checking ports availability.
15/08/2024 15:19:56 INFO: Checking prerequisites for Offline installation.
15/08/2024 15:19:58 DEBUG: Offline prerequisites are installed.
15/08/2024 15:19:58 INFO: Checking wazuh-offline.tar.gz file.
15/08/2024 15:19:58 DEBUG: wazuh-offline.tar.gz was found correctly.
15/08/2024 15:19:58 DEBUG: Extracting files from wazuh-offline.tar.gz
15/08/2024 15:19:58 DEBUG: Offline files extracted successfully.
15/08/2024 15:19:58 DEBUG: Checking curl tool version.
15/08/2024 15:19:58 DEBUG: Extracting Wazuh configuration.
15/08/2024 15:19:58 DEBUG: Reading configuration file.
15/08/2024 15:19:59 DEBUG: Checking if 127.0.0.1 is private.
15/08/2024 15:19:59 DEBUG: Checking if 127.0.0.1 is private.
15/08/2024 15:19:59 DEBUG: Checking if 127.0.0.1 is private.
15/08/2024 15:19:59 DEBUG: Checking node names in the configuration file.
15/08/2024 15:19:59 INFO: --- Wazuh server ---
15/08/2024 15:19:59 INFO: Starting the Wazuh manager installation.
Reading package lists... Building dependency tree... Reading state information... Suggested packages: expect The following NEW packages will be installed: wazuh-manager 0 upgraded, 1 newly installed, 0 to remove and 32 not upgraded. Need to get 0 B/322 MB of archives. After this operation, 891 MB of additional disk space will be used. Get:1 /home/ubuntu/wazuh-offline/wazuh-packages/wazuh-manager_4.9.0-1_amd64.deb wazuh-manager amd64 4.9.0-1 [322 MB] Selecting previous NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 6.5.0-1022-aws NEEDRESTART-KEXP: 6.5.0-1022-aws NEEDRESTART-KSTA: 1
15/08/2024 15:22:04 DEBUG: Checking Wazuh installation.
15/08/2024 15:22:04 DEBUG: There are Wazuh remaining files.
15/08/2024 15:22:05 DEBUG: There are Wazuh indexer remaining files.
15/08/2024 15:22:06 INFO: Wazuh manager installation finished.
15/08/2024 15:22:06 DEBUG: Configuring Wazuh manager.
15/08/2024 15:22:06 DEBUG: Setting provisional Wazuh indexer password.
15/08/2024 15:22:06 INFO: Wazuh manager vulnerability detection configuration finished.
15/08/2024 15:22:06 INFO: Starting service wazuh-manager.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-manager.service → /lib/systemd/system/wazuh-manager.service.
15/08/2024 15:22:31 INFO: wazuh-manager service started.
15/08/2024 15:22:31 INFO: Starting Filebeat installation.
Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: filebeat 0 upgraded, 1 newly installed, 0 to remove and 32 not upgraded. Need to get 0 B/22.1 MB of archives NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 6.5.0-1022-aws NEEDRESTART-KEXP: 6.5.0-1022-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: wazuh-manager.serviceeb filebeat amd64 7.10.2 [22.1 MB] Selecting previously unselected package filebeat.
15/08/2024 15:22:43 DEBUG: Checking Wazuh installation.
15/08/2024 15:22:43 DEBUG: There are Wazuh remaining files.
15/08/2024 15:22:44 DEBUG: There are Wazuh indexer remaining files.
15/08/2024 15:22:45 DEBUG: There are Filebeat remaining files.
15/08/2024 15:22:45 INFO: Filebeat installation finished.
15/08/2024 15:22:45 DEBUG: Configuring Filebeat.
wazuh/
wazuh/_meta/
wazuh/_meta/docs.asciidoc
wazuh/_meta/fields.yml
wazuh/_meta/config.yml
wazuh/alerts/
wazuh/alerts/config/
wazuh/alerts/config/alerts.yml
wazuh/alerts/manifest.yml
wazuh/alerts/ingest/
wazuh/alerts/ingest/pipeline.json
wazuh/module.yml
wazuh/archives/
wazuh/archives/config/
wazuh/archives/config/archives.yml
wazuh/archives/manifest.yml
wazuh/archives/ingest/
wazuh/archives/ingest/pipeline.json
15/08/2024 15:22:46 DEBUG: Copying Filebeat certificates.
Created filebeat keystore
Successfully updated the keystore
Successfully updated the keystore
15/08/2024 15:22:46 INFO: Filebeat post-install configuration finished.
15/08/2024 15:22:46 DEBUG: Setting Wazuh indexer cluster passwords.
15/08/2024 15:22:46 DEBUG: Checking Wazuh installation.
15/08/2024 15:22:47 DEBUG: There are Wazuh remaining files.
15/08/2024 15:22:48 DEBUG: There are Wazuh indexer remaining files.
15/08/2024 15:22:49 DEBUG: There are Filebeat remaining files.
Successfully updated the keystore
Successfully updated the keystore
15/08/2024 15:22:51 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password.
15/08/2024 15:22:51 DEBUG: Restarting filebeat service...
15/08/2024 15:22:52 DEBUG: filebeat started.
15/08/2024 15:22:52 DEBUG: Restarting wazuh-manager service...
15/08/2024 15:23:17 DEBUG: wazuh-manager started.
15/08/2024 15:23:17 DEBUG: Changing API passwords.
15/08/2024 15:23:19 INFO: Starting service filebeat.
Synchronizing state of filebeat.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable filebeat
Created symlink /etc/systemd/system/multi-user.target.wants/filebeat.service → /lib/systemd/system/filebeat.service.
15/08/2024 15:23:22 INFO: filebeat service started.
15/08/2024 15:23:22 INFO: Installation finished.
ubuntu@ip-172-31-46-83:~$ sudo systemctl status wazuh-manager.service 
● wazuh-manager.service - Wazuh manager
     Loaded: loaded (/lib/systemd/system/wazuh-manager.service; enabled; vendor preset: enabled)
     Active: active (running) since Thu 2024-08-15 15:23:17 UTC; 1min 31s ago
      Tasks: 146 (limit: 9381)
     Memory: 5.1G
        CPU: 1min 34.258s
     CGroup: /system.slice/wazuh-manager.service
             ├─111354 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py
             ├─111355 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py
             ├─111358 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py
             ├─111361 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py
             ├─111403 /var/ossec/bin/wazuh-authd
             ├─111420 /var/ossec/bin/wazuh-db
             ├─111445 /var/ossec/bin/wazuh-execd
             ├─111459 /var/ossec/bin/wazuh-analysisd
             ├─111471 /var/ossec/bin/wazuh-syscheckd
             ├─111518 /var/ossec/bin/wazuh-remoted
             ├─111552 /var/ossec/bin/wazuh-logcollector
             ├─111572 /var/ossec/bin/wazuh-monitord
             └─111594 /var/ossec/bin/wazuh-modulesd

Aug 15 15:23:09 ip-172-31-46-83 env[111290]: Started wazuh-analysisd...
Aug 15 15:23:10 ip-172-31-46-83 env[111290]: Started wazuh-syscheckd...
Aug 15 15:23:11 ip-172-31-46-83 env[111290]: Started wazuh-remoted...
Aug 15 15:23:12 ip-172-31-46-83 env[111290]: Started wazuh-logcollector...
Aug 15 15:23:13 ip-172-31-46-83 env[111290]: Started wazuh-monitord...
Aug 15 15:23:13 ip-172-31-46-83 env[111590]: 2024/08/15 15:23:13 wazuh-modulesd:router: INFO: Loaded router module.
Aug 15 15:23:13 ip-172-31-46-83 env[111590]: 2024/08/15 15:23:13 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
Aug 15 15:23:14 ip-172-31-46-83 env[111290]: Started wazuh-modulesd...
Aug 15 15:23:16 ip-172-31-46-83 env[111290]: Completed.
Aug 15 15:23:17 ip-172-31-46-83 systemd[1]: Started Wazuh manager.
ubuntu@ip-172-31-46-83:~$ sudo systemctl status filebeat
● filebeat.service - Filebeat sends log files to Logstash or directly to Elasticsearch.
     Loaded: loaded (/lib/systemd/system/filebeat.service; enabled; vendor preset: enabled)
     Active: active (running) since Thu 2024-08-15 15:22:52 UTC; 2min 2s ago
       Docs: https://www.elastic.co/products/beats/filebeat
   Main PID: 111033 (filebeat)
      Tasks: 8 (limit: 9381)
     Memory: 11.7M
        CPU: 165ms
     CGroup: /system.slice/filebeat.service
             └─111033 /usr/share/filebeat/bin/filebeat --environment systemd -c /etc/filebeat/filebeat.yml --path.home /usr/share/filebeat --path.config /etc/filebeat --path.data /var/lib/filebeat --path.logs /var/log/filebeat

Aug 15 15:22:52 ip-172-31-46-83 systemd[1]: Started Filebeat sends log files to Logstash or directly to Elasticsearch..

Wazuh dashboard:

ubuntu@ip-172-31-46-83:~$ sudo bash wazuh-install.sh --offline-installation --wazuh-dashboard dashboard -v
15/08/2024 15:45:34 DEBUG: Checking root permissions.
15/08/2024 15:45:34 DEBUG: Checking sudo package.
15/08/2024 15:45:34 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0
15/08/2024 15:45:34 INFO: Verbose logging redirected to /var/log/wazuh-install.log
15/08/2024 15:45:34 DEBUG: APT package manager will be used.
15/08/2024 15:45:34 DEBUG: Checking system distribution.
15/08/2024 15:45:34 DEBUG: Detected distribution name: ubuntu
15/08/2024 15:45:34 DEBUG: Detected distribution version: 22
15/08/2024 15:45:34 INFO: Checking installed dependencies for Offline installation.
15/08/2024 15:45:37 DEBUG: Offline dependencies are installed.
15/08/2024 15:45:37 DEBUG: Checking Wazuh installation.
15/08/2024 15:45:38 DEBUG: There are Wazuh remaining files.
15/08/2024 15:45:39 DEBUG: There are Wazuh indexer remaining files.
15/08/2024 15:45:39 DEBUG: There are Filebeat remaining files.
15/08/2024 15:45:40 DEBUG: Checking system architecture.
15/08/2024 15:45:40 INFO: Verifying that your system meets the recommended minimum hardware requirements.
15/08/2024 15:45:40 DEBUG: CPU cores detected: 2
15/08/2024 15:45:40 DEBUG: Free RAM memory detected: 7833
15/08/2024 15:45:40 DEBUG: Checking previous certificate existence.
15/08/2024 15:45:40 INFO: Wazuh web interface port will be 443.
15/08/2024 15:45:40 DEBUG: Checking ports availability.
15/08/2024 15:45:41 INFO: Checking prerequisites for Offline installation.
15/08/2024 15:45:45 DEBUG: Offline prerequisites are installed.
15/08/2024 15:45:45 INFO: Checking wazuh-offline.tar.gz file.
15/08/2024 15:45:45 DEBUG: wazuh-offline.tar.gz was found correctly.
15/08/2024 15:45:45 DEBUG: Extracting files from wazuh-offline.tar.gz
15/08/2024 15:45:45 DEBUG: Offline files extracted successfully.
15/08/2024 15:45:45 DEBUG: Checking curl tool version.
15/08/2024 15:45:45 DEBUG: Extracting Wazuh configuration.
15/08/2024 15:45:45 DEBUG: Reading configuration file.
15/08/2024 15:45:45 DEBUG: Checking if 127.0.0.1 is private.
15/08/2024 15:45:45 DEBUG: Checking if 127.0.0.1 is private.
15/08/2024 15:45:45 DEBUG: Checking if 127.0.0.1 is private.
15/08/2024 15:45:45 DEBUG: Checking node names in the configuration file.
15/08/2024 15:45:45 INFO: --- Wazuh dashboard ----
15/08/2024 15:45:45 INFO: Starting Wazuh dashboard installation.
Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: wazuh-dashboard 0 upgraded, 1 newly installed, 0 to remove and 32 not upgraded. Need to get 0 B/166 MB of archives. After this operation, 935 MB of additional disk space will be used. Get:1 /home/ubuntu/wazuh-offline/wazuh-packages/wazuh-dashboard_4.9.0-1_amd64.deb wazuh-dashboard amd64 4.9.0-1 [166 MB] Selecting previously unselected package NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 6.5.0-1022-aws NEEDRESTART-KEXP: 6.5.0-1022-aws NEEDRESTART-KSTA: 1
15/08/2024 15:46:51 DEBUG: Checking Wazuh installation.
15/08/2024 15:46:52 DEBUG: There are Wazuh remaining files.
15/08/2024 15:46:53 DEBUG: There are Wazuh indexer remaining files.
15/08/2024 15:46:53 DEBUG: There are Filebeat remaining files.
15/08/2024 15:46:54 DEBUG: There are Wazuh dashboard remaining files.
15/08/2024 15:46:54 INFO: Wazuh dashboard installation finished.
15/08/2024 15:46:54 DEBUG: Configuring Wazuh dashboard.
15/08/2024 15:46:54 DEBUG: Copying Wazuh dashboard certificates.
15/08/2024 15:46:54 DEBUG: Wazuh dashboard certificate setup finished.
15/08/2024 15:46:54 INFO: Wazuh dashboard post-install configuration finished.
15/08/2024 15:46:54 INFO: Starting service wazuh-dashboard.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service → /etc/systemd/system/wazuh-dashboard.service.
15/08/2024 15:46:55 INFO: wazuh-dashboard service started.
15/08/2024 15:46:55 DEBUG: Setting Wazuh indexer cluster passwords.
15/08/2024 15:46:55 DEBUG: Checking Wazuh installation.
15/08/2024 15:46:55 DEBUG: There are Wazuh remaining files.
15/08/2024 15:46:56 DEBUG: There are Wazuh indexer remaining files.
15/08/2024 15:46:57 DEBUG: There are Filebeat remaining files.
15/08/2024 15:46:57 DEBUG: There are Wazuh dashboard remaining files.
Successfully updated the keystore
Successfully updated the keystore
15/08/2024 15:46:58 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password.
15/08/2024 15:46:58 DEBUG: Restarting filebeat service...
15/08/2024 15:46:59 DEBUG: filebeat started.
15/08/2024 15:46:59 DEBUG: Restarting wazuh-manager service...
15/08/2024 15:47:22 DEBUG: wazuh-manager started.
15/08/2024 15:47:24 DEBUG: Restarting wazuh-dashboard service...
15/08/2024 15:47:25 DEBUG: wazuh-dashboard started.
15/08/2024 15:47:25 DEBUG: Changing API passwords.
15/08/2024 15:47:45 INFO: Initializing Wazuh dashboard web application.
15/08/2024 15:47:46 DEBUG: Wazuh dashboard connection was successful.
15/08/2024 15:47:46 INFO: Wazuh dashboard web application initialized.
15/08/2024 15:47:46 INFO: --- Summary ---
15/08/2024 15:47:46 INFO: You can access the web interface https://<wazuh-dashboard-ip>:443
    User: admin
    Password: nBbBGIVxUwarL?C6gaFwp4nxKghYEyLb
15/08/2024 15:47:46 INFO: Installation finished.

c-bordon · 2024-08-15T17:37:31Z

All in One installation

AIO

ubuntu@ip-172-31-46-83:~$ sudo bash wazuh-install.sh --offline-installation -a -v
15/08/2024 17:25:31 DEBUG: Checking root permissions.
15/08/2024 17:25:31 DEBUG: Checking sudo package.
15/08/2024 17:25:31 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0
15/08/2024 17:25:31 INFO: Verbose logging redirected to /var/log/wazuh-install.log
15/08/2024 17:25:31 DEBUG: APT package manager will be used.
15/08/2024 17:25:32 DEBUG: Checking system distribution.
15/08/2024 17:25:32 DEBUG: Detected distribution name: ubuntu
15/08/2024 17:25:32 DEBUG: Detected distribution version: 22
15/08/2024 17:25:32 INFO: Checking installed dependencies for Offline installation.
15/08/2024 17:25:35 DEBUG: Offline dependencies are installed.
15/08/2024 17:25:35 DEBUG: Checking Wazuh installation.
15/08/2024 17:25:37 DEBUG: Checking system architecture.
15/08/2024 17:25:37 INFO: Verifying that your system meets the recommended minimum hardware requirements.
15/08/2024 17:25:37 DEBUG: CPU cores detected: 2
15/08/2024 17:25:37 DEBUG: Free RAM memory detected: 7833
15/08/2024 17:25:37 INFO: Wazuh web interface port will be 443.
15/08/2024 17:25:37 DEBUG: Checking ports availability.
15/08/2024 17:25:39 INFO: Checking prerequisites for Offline installation.
15/08/2024 17:25:45 DEBUG: Offline prerequisites are installed.
15/08/2024 17:25:45 INFO: Checking wazuh-offline.tar.gz file.
15/08/2024 17:25:45 DEBUG: wazuh-offline.tar.gz was found correctly.
15/08/2024 17:25:45 DEBUG: Extracting files from wazuh-offline.tar.gz
15/08/2024 17:25:45 DEBUG: Offline files extracted successfully.
15/08/2024 17:25:45 DEBUG: Checking curl tool version.
15/08/2024 17:25:45 INFO: --- Configuration files ---
15/08/2024 17:25:45 INFO: Generating configuration files.
15/08/2024 17:25:46 DEBUG: Creating Wazuh certificates.
15/08/2024 17:25:46 DEBUG: Reading configuration file.
15/08/2024 17:25:46 DEBUG: Checking if 127.0.0.1 is private.
15/08/2024 17:25:46 DEBUG: Checking if 127.0.0.1 is private.
15/08/2024 17:25:46 DEBUG: Checking if 127.0.0.1 is private.
15/08/2024 17:25:46 INFO: Generating the root certificate.
15/08/2024 17:25:46 INFO: Generating Admin certificates.
15/08/2024 17:25:46 DEBUG: Generating Admin private key.
15/08/2024 17:25:47 DEBUG: Converting Admin private key to PKCS8 format.
15/08/2024 17:25:47 DEBUG: Generating Admin CSR.
15/08/2024 17:25:47 DEBUG: Creating Admin certificate.
15/08/2024 17:25:47 INFO: Generating Wazuh indexer certificates.
15/08/2024 17:25:47 DEBUG: Creating the certificates for wazuh-indexer indexer node.
15/08/2024 17:25:47 DEBUG: Generating certificate configuration.
15/08/2024 17:25:47 DEBUG: Creating the Wazuh indexer tmp key pair.
15/08/2024 17:25:47 DEBUG: Creating the Wazuh indexer certificates.
15/08/2024 17:25:47 INFO: Generating Filebeat certificates.
15/08/2024 17:25:47 DEBUG: Generating the certificates for wazuh-server server node.
15/08/2024 17:25:47 DEBUG: Generating certificate configuration.
15/08/2024 17:25:47 DEBUG: Creating the Wazuh server tmp key pair.
15/08/2024 17:25:48 DEBUG: Creating the Wazuh server certificates.
15/08/2024 17:25:48 INFO: Generating Wazuh dashboard certificates.
15/08/2024 17:25:48 DEBUG: Generating certificate configuration.
15/08/2024 17:25:48 DEBUG: Creating the Wazuh dashboard tmp key pair.
15/08/2024 17:25:48 DEBUG: Creating the Wazuh dashboard certificates.
15/08/2024 17:25:48 DEBUG: Cleaning certificate files.
15/08/2024 17:25:48 DEBUG: Generating password file.
15/08/2024 17:25:48 DEBUG: Generating random passwords.
15/08/2024 17:25:49 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
15/08/2024 17:25:49 DEBUG: Extracting Wazuh configuration.
15/08/2024 17:25:49 DEBUG: Reading configuration file.
15/08/2024 17:25:49 DEBUG: Checking if 127.0.0.1 is private.
15/08/2024 17:25:49 DEBUG: Checking if 127.0.0.1 is private.
15/08/2024 17:25:49 DEBUG: Checking if 127.0.0.1 is private.
15/08/2024 17:25:49 INFO: --- Wazuh indexer ---
15/08/2024 17:25:49 INFO: Starting Wazuh indexer installation.
Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: wazuh-indexer 0 upgraded, 1 newly installed, 0 to remove and 32 not upgraded. Need to get 0 B/850 MB of archives. After this operation, 1077 MB of additional disk space will be used. Get:1 /home/ubuntu/wazuh-offline/wazuh-packages/wazuh-indexer_4.9.0-1_amd64.deb wazuh-indexer amd64 4.9.0-1 [850 MB] Selecting previously unselected package wazu NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 6.5.0-1022-aws NEEDRESTART-KEXP: 6.5.0-1022-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: filebeat.servicestemd
15/08/2024 17:26:19 DEBUG: Checking Wazuh installation.
15/08/2024 17:26:20 DEBUG: There are Wazuh indexer remaining files.
15/08/2024 17:26:22 INFO: Wazuh indexer installation finished.
15/08/2024 17:26:22 DEBUG: Configuring Wazuh indexer.
15/08/2024 17:26:22 DEBUG: Copying Wazuh indexer certificates.
15/08/2024 17:26:22 INFO: Wazuh indexer post-install configuration finished.
15/08/2024 17:26:22 INFO: Starting service wazuh-indexer.
Synchronizing state of wazuh-indexer.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable wazuh-indexer
15/08/2024 17:26:48 INFO: wazuh-indexer service started.
15/08/2024 17:26:48 INFO: Initializing Wazuh indexer cluster security settings.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.13.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index does not exists, attempt to create it ... done (0-all replicas)
Populate config from /etc/wazuh-indexer/opensearch-security/
Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml 
   SUCC: Configuration for 'config' created or updated
Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml 
   SUCC: Configuration for 'roles' created or updated
Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml 
   SUCC: Configuration for 'rolesmapping' created or updated
Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml 
   SUCC: Configuration for 'internalusers' created or updated
Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml 
   SUCC: Configuration for 'actiongroups' created or updated
Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml 
   SUCC: Configuration for 'tenants' created or updated
Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml 
   SUCC: Configuration for 'nodesdn' created or updated
Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml 
   SUCC: Configuration for 'whitelist' created or updated
Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml 
   SUCC: Configuration for 'audit' created or updated
Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml 
   SUCC: Configuration for 'allowlist' created or updated
SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null
Done with success
15/08/2024 17:26:56 INFO: Wazuh indexer cluster security configuration initialized.
15/08/2024 17:26:56 INFO: Wazuh indexer cluster initialized.
15/08/2024 17:26:56 INFO: --- Wazuh server ---
15/08/2024 17:26:56 INFO: Starting the Wazuh manager installation.
Reading package lists... Building dependency tree... Reading state information... Suggested packages: expect The following NEW packages will be installed: wazuh-manager 0 upgraded, 1 newly installed, 0 to remove and 32 not upgraded. Need to get 0 B/322 MB of archives. After this operation, 891 MB of additional disk space will be used. Get:1 /home/ubuntu/wazuh-offline/wazuh-packages/wazuh-manager_4.9.0-1_amd64.deb wazuh-manager amd64 4.9.0-1 [322 MB] Selecting previous NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 6.5.0-1022-aws NEEDRESTART-KEXP: 6.5.0-1022-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: filebeat.service
15/08/2024 17:28:54 DEBUG: Checking Wazuh installation.
15/08/2024 17:28:55 DEBUG: There are Wazuh remaining files.
15/08/2024 17:28:56 DEBUG: There are Wazuh indexer remaining files.
15/08/2024 17:28:57 INFO: Wazuh manager installation finished.
15/08/2024 17:28:57 DEBUG: Configuring Wazuh manager.
15/08/2024 17:28:57 DEBUG: Setting provisional Wazuh indexer password.
15/08/2024 17:28:57 INFO: Wazuh manager vulnerability detection configuration finished.
15/08/2024 17:28:57 INFO: Starting service wazuh-manager.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-manager.service → /lib/systemd/system/wazuh-manager.service.
15/08/2024 17:29:22 INFO: wazuh-manager service started.
15/08/2024 17:29:22 INFO: Starting Filebeat installation.
Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: filebeat 0 upgraded, 1 newly installed, 0 to remove and 32 not upgraded. Need to get 0 B/22.1 MB of archives NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 6.5.0-1022-aws NEEDRESTART-KEXP: 6.5.0-1022-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: filebeat.serviced64.deb filebeat amd64 7.10.2 [22.1 MB] Selecting previously unselected package filebeat.
15/08/2024 17:29:32 DEBUG: Checking Wazuh installation.
15/08/2024 17:29:33 DEBUG: There are Wazuh remaining files.
15/08/2024 17:29:34 DEBUG: There are Wazuh indexer remaining files.
15/08/2024 17:29:34 DEBUG: There are Filebeat remaining files.
15/08/2024 17:29:35 INFO: Filebeat installation finished.
15/08/2024 17:29:35 DEBUG: Configuring Filebeat.
wazuh/
wazuh/_meta/
wazuh/_meta/docs.asciidoc
wazuh/_meta/fields.yml
wazuh/_meta/config.yml
wazuh/alerts/
wazuh/alerts/config/
wazuh/alerts/config/alerts.yml
wazuh/alerts/manifest.yml
wazuh/alerts/ingest/
wazuh/alerts/ingest/pipeline.json
wazuh/module.yml
wazuh/archives/
wazuh/archives/config/
wazuh/archives/config/archives.yml
wazuh/archives/manifest.yml
wazuh/archives/ingest/
wazuh/archives/ingest/pipeline.json
15/08/2024 17:29:35 DEBUG: Copying Filebeat certificates.
Created filebeat keystore
Successfully updated the keystore
Successfully updated the keystore
15/08/2024 17:29:36 INFO: Filebeat post-install configuration finished.
15/08/2024 17:29:36 INFO: Starting service filebeat.
Synchronizing state of filebeat.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable filebeat
Created symlink /etc/systemd/system/multi-user.target.wants/filebeat.service → /lib/systemd/system/filebeat.service.
15/08/2024 17:29:38 INFO: filebeat service started.
15/08/2024 17:29:38 INFO: --- Wazuh dashboard ---
15/08/2024 17:29:38 INFO: Starting Wazuh dashboard installation.
Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: wazuh-dashboard 0 upgraded, 1 newly installed, 0 to remove and 32 not upgraded. Need to get 0 B/166 MB of archives. After this operation, 935 MB of additional disk space will be used. Get:1 /home/ubuntu/wazuh-offline/wazuh-packages/wazuh-dashboard_4.9.0-1_amd64.deb wazuh-dashboard amd64 4.9.0-1 [166 MB] Selecting previously unselected package NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 6.5.0-1022-aws NEEDRESTART-KEXP: 6.5.0-1022-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: filebeat.service
15/08/2024 17:31:59 DEBUG: Checking Wazuh installation.
15/08/2024 17:31:59 DEBUG: There are Wazuh remaining files.
15/08/2024 17:32:00 DEBUG: There are Wazuh indexer remaining files.
15/08/2024 17:32:01 DEBUG: There are Filebeat remaining files.
15/08/2024 17:32:02 DEBUG: There are Wazuh dashboard remaining files.
15/08/2024 17:32:02 INFO: Wazuh dashboard installation finished.
15/08/2024 17:32:02 DEBUG: Configuring Wazuh dashboard.
15/08/2024 17:32:02 DEBUG: Copying Wazuh dashboard certificates.
15/08/2024 17:32:02 DEBUG: Wazuh dashboard certificate setup finished.
15/08/2024 17:32:02 INFO: Wazuh dashboard post-install configuration finished.
15/08/2024 17:32:02 INFO: Starting service wazuh-dashboard.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service → /etc/systemd/system/wazuh-dashboard.service.
15/08/2024 17:32:03 INFO: wazuh-dashboard service started.
15/08/2024 17:32:03 DEBUG: Setting Wazuh indexer cluster passwords.
15/08/2024 17:32:03 DEBUG: Checking Wazuh installation.
15/08/2024 17:32:03 DEBUG: There are Wazuh remaining files.
15/08/2024 17:32:04 DEBUG: There are Wazuh indexer remaining files.
15/08/2024 17:32:05 DEBUG: There are Filebeat remaining files.
15/08/2024 17:32:05 DEBUG: There are Wazuh dashboard remaining files.
15/08/2024 17:32:05 INFO: Updating the internal users.
15/08/2024 17:32:05 DEBUG: Creating password backup.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.13.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml 
   SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml
Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml 
   SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml
Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml 
   SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml
Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml 
   SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml
Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml 
   SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml
Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml 
   SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml
Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml 
   SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml
Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml 
   SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml
Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml 
   SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml
Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml 
   SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml
15/08/2024 17:32:14 DEBUG: Password backup created in /etc/wazuh-indexer/backup.
15/08/2024 17:32:14 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
15/08/2024 17:32:14 DEBUG: The internal users have been updated before changing the passwords.
15/08/2024 17:32:16 DEBUG: Generating password hashes.
15/08/2024 17:32:26 DEBUG: Password hashes generated.
15/08/2024 17:32:26 DEBUG: Creating password backup.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.13.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml 
   SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml
Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml 
   SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml
Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml 
   SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml
Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml 
   SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml
Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml 
   SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml
Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml 
   SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml
Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml 
   SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml
Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml 
   SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml
Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml 
   SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml
Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml 
   SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml
15/08/2024 17:32:31 DEBUG: Password backup created in /etc/wazuh-indexer/backup.
Successfully updated the keystore
Successfully updated the keystore
15/08/2024 17:32:31 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password.
15/08/2024 17:32:31 DEBUG: Restarting filebeat service...
15/08/2024 17:32:32 DEBUG: filebeat started.
15/08/2024 17:32:32 DEBUG: Restarting wazuh-manager service...
15/08/2024 17:34:00 DEBUG: wazuh-manager started.
15/08/2024 17:34:02 DEBUG: Restarting wazuh-dashboard service...
15/08/2024 17:34:03 DEBUG: wazuh-dashboard started.
15/08/2024 17:34:03 DEBUG: Running security admin tool.
15/08/2024 17:34:03 DEBUG: Loading new passwords changes.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.13.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Populate config from /home/ubuntu
Force type: internalusers
Will update '/internalusers' with /etc/wazuh-indexer/backup/internal_users.yml 
   SUCC: Configuration for 'internalusers' created or updated
SUCC: Expected 1 config types for node {"updated_config_types":["internalusers"],"updated_config_size":1,"message":null} is 1 (["internalusers"]) due to: null
Done with success
15/08/2024 17:34:12 DEBUG: Passwords changed.
15/08/2024 17:34:12 DEBUG: Changing API passwords.
15/08/2024 17:34:20 INFO: Initializing Wazuh dashboard web application.
15/08/2024 17:34:20 INFO: Wazuh dashboard web application not yet initialized. Waiting...
15/08/2024 17:34:36 INFO: Wazuh dashboard web application not yet initialized. Waiting...
15/08/2024 17:34:51 INFO: Wazuh dashboard web application initialized.
15/08/2024 17:34:51 INFO: --- Summary ---
15/08/2024 17:34:51 INFO: You can access the web interface https://<wazuh-dashboard-ip>:443
    User: admin
    Password: dwx.h6jD9ar3?YwSHCh8ujAHDz?6d7lU
15/08/2024 17:34:51 INFO: Installation finished.

davidcr01 and others added 4 commits August 14, 2024 14:30

Filebeat template insertion fixed in Offline installation

3b1b092

Fixed dependencies installation trial

1905dc2

Added -s option compatibility to the -of option

009ddb7

Fixed wazuh-template.json inject in Wazuh indexer

418f13f

c-bordon requested a review from a team August 15, 2024 15:58

c-bordon self-assigned this Aug 15, 2024

c-bordon linked an issue Aug 15, 2024 that may be closed by this pull request

Wazuh Offline Installation fails due to trying to install wazuh-templates.json with no internet connection #3072

Closed

teddytpc1 approved these changes Aug 15, 2024

View reviewed changes

c-bordon merged commit 29ca39e into 4.9.0 Aug 15, 2024
4 checks passed

c-bordon deleted the bug/3072-offline-install-fix-template-download branch August 15, 2024 18:04

c-bordon mentioned this pull request Aug 20, 2024

Error in the installation assistant when inserting the filebeat template #3081

Closed

vikman90 mentioned this pull request Aug 21, 2024

Merge 4.10.0 into master #3086

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Fixed bugs for offline installation with the installation assistant #3074

Fixed bugs for offline installation with the installation assistant #3074

c-bordon commented Aug 15, 2024

c-bordon commented Aug 15, 2024

Fixed bugs for offline installation with the installation assistant #3074

Fixed bugs for offline installation with the installation assistant #3074

Conversation

c-bordon commented Aug 15, 2024

Tests

Wazuh indexer:

Wazuh manager:

Wazuh dashboard:

c-bordon commented Aug 15, 2024

All in One installation