The API daemon is not able to start up when installed from sources:
# ./install_api.sh
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-api.service → /etc/systemd/system/wazuh-api.service.
Generating RSA private key, 4096 bit long modulus (2 primes)
HTTPS enabled.
Key: /var/ossec/api/configuration/ssl/server.key.
Certificate: /var/ossec/api/configuration/ssl/server.crt
API URL: https://host_ip:55000/
user: 'foo'
password: 'bar'
Configuration: /var/ossec/api/configuration
Test: curl -u foo:bar -k https://127.0.0.1:55000?pretty
Note: You can configure the API executing /var/ossec/api/scripts/configure_api.sh
### [API installed successfully] ###
However, the service is not running:
# systemctl status Wazuh-api
● wazuh-api.service - Wazuh API daemon
Loaded: loaded (/etc/systemd/system/wazuh-api.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Sun 2019-10-20 20:18:15 GMT; 50min ago
If I restart the service, it works properly:
# systemctl start wazuh-api
# systemctl status wazuh-api
● wazuh-api.service - Wazuh API daemon
Loaded: loaded (/etc/systemd/system/wazuh-api.service; enabled; vendor preset: enabled)
Active: active (running) since Sun 2019-10-20 21:10:35 GMT; 14s ago
This is the error trace:
# grep nodejs /var/log/syslog
Oct 20 20:18:15 buster nodejs[25474]: fs.js:115
Oct 20 20:18:15 buster nodejs[25474]: throw err;
Oct 20 20:18:15 buster nodejs[25474]: ^
Oct 20 20:18:15 buster nodejs[25474]: Error: ENOENT: no such file or directory, open '/var/ossec/api/configuration/ssl/server.crt'
Oct 20 20:18:15 buster nodejs[25474]: at Object.openSync (fs.js:439:3)
Oct 20 20:18:15 buster nodejs[25474]: at Object.readFileSync (fs.js:344:35)
Oct 20 20:18:15 buster nodejs[25474]: at Object.<anonymous> (/var/ossec/api/app.js:64:23)
Oct 20 20:18:15 buster nodejs[25474]: at Module._compile (internal/modules/cjs/loader.js:689:30)
Oct 20 20:18:15 buster nodejs[25474]: at Object.Module._extensions..js (internal/modules/cjs/loader.js:700:10)
Oct 20 20:18:15 buster nodejs[25474]: at Module.load (internal/modules/cjs/loader.js:599:32)
Oct 20 20:18:15 buster nodejs[25474]: at tryModuleLoad (internal/modules/cjs/loader.js:538:12)
Oct 20 20:18:15 buster nodejs[25474]: at Function.Module._load (internal/modules/cjs/loader.js:530:3)
Oct 20 20:18:15 buster nodejs[25474]: at Function.Module.runMain (internal/modules/cjs/loader.js:742:12)
Oct 20 20:18:15 buster nodejs[25474]: at startup (internal/bootstrap/node.js:283:19)
According to the installation log, I think that the installer is setting up and starting the service before creating the SSL certificates. That would explain that the API could not read the certificate on first startup.
Possible fix
If I'm right, swapping the service setup and the SSL certificate creation (install_api.sh:438-454) should solve the problem.
The API daemon is not able to start up when installed from sources:
However, the service is not running:
If I restart the service, it works properly:
This is the error trace:
According to the installation log, I think that the installer is setting up and starting the service before creating the SSL certificates. That would explain that the API could not read the certificate on first startup.
Possible fix
If I'm right, swapping the service setup and the SSL certificate creation (install_api.sh:438-454) should solve the problem.