search

wazuh / wazuh-api

Wazuh - RESTful API
https://wazuh.com
GNU General Public License v2.0
68 stars 57 forks source link

wazuh-api crash when FIPS enabled on Redhat/CentOS 7 #496

Closed Llandros closed 4 years ago

Llandros commented 4 years ago

/var/ossec/logs/api.log

WazuhAPI 2020-09-24 12:02:21 : Error: error:060800A3:digital envelope routines:EVP_DigestInit_ex:disabled for fips at Error (native) at new Hash (crypto.js:57:18) at Object.Hash (crypto.js:56:12) at module.exports (/var/ossec/api/node_modules/apache-md5/src/index.js:65:24) at Basic.validate (/var/ossec/api/node_modules/http-auth/src/auth/basic.js:34:29) at options.users.forEach.user (/var/ossec/api/node_modules/http-auth/src/auth/basic.js:96:56) at Array.forEach (native) at Basic.findUser (/var/ossec/api/node_modules/http-auth/src/auth/basic.js:95:32) at Basic.isAuthenticated (/var/ossec/api/node_modules/http-auth/src/auth/base.js:124:22) at Basic.check (/var/ossec/api/node_modules/http-auth/src/auth/base.js:82:14) WazuhAPI 2020-09-24 12:02:21 : Exiting...

It looks like this was being addressed in PR:

166

Looks like it failed merge and then maybe was forgotten or addressed somewhere else?

CarlosRS9 commented 4 years ago

Hello @Llandros,

Could you please provide us more details about this issue? Were you trying to start the Wazuh API or tried to use an endpoint when this error appeared? With this additional information I may be able to help you.

Regarding that PR, I have taken a look at the PR #166 and I have been able to verify that the code merged in that PR is still present in our Wazuh API latest version. Why do you think the merge process failed or the change was forgotten or addressed somewhere else?

Llandros commented 4 years ago

Hey @CarlosRS9

Thanks for the followup.

O.S and Versions: Red Hat Enterprise Linux Server release 7.6 (Maipo)q wazuh-manager-3.13.1-1.x86_64 wazuh-api-3.13.1-1.x86_64 kibana-7.9.1-1.x86_64 Wazuh plugin: 3.13.1 elasticsearch-7.9.1-1.x86_64

I can reproduce the issue by doing the following: 1) Confirm FIPS status enabled sysctl crypto.fips_enabled crypto.fips_enabled = 1

2) confirm all services started including the wazuh-api

3) Open browser and go to https://hostname.domain/app/wazuh

wazuh-api service immediately crashes with error in the api.log stating:

WazuhAPI 2020-10-09 15:31:51 : Error: error:060800A3:digital envelope routines:EVP_DigestInit_ex:disabled for fips at Error (native) at new Hash (crypto.js:57:18) at Object.Hash (crypto.js:56:12) at module.exports (/var/ossec/api/node_modules/apache-md5/src/index.js:65:24) at Basic.validate (/var/ossec/api/node_modules/http-auth/src/auth/basic.js:34:29) at options.users.forEach.user (/var/ossec/api/node_modules/http-auth/src/auth/basic.js:96:56) at Array.forEach (native) at Basic.findUser (/var/ossec/api/node_modules/http-auth/src/auth/basic.js:95:32) at Basic.isAuthenticated (/var/ossec/api/node_modules/http-auth/src/auth/base.js:124:22) at Basic.check (/var/ossec/api/node_modules/http-auth/src/auth/base.js:82:14)

If I disable FIPS the api starts up fine and no crash issue.

In regards to the PR, I must have mis-read. It just looks like the merge failed but that was just the build check. Sorry for the confusion.

Llandros commented 4 years ago

I have finally found my issue.

While I was running through the steps to reproduce, I found the NodeJS version provided by the Redhat repos is 6.x (specifically running v6.17.1) Though the Wazuh documentation notes:

NodeJS >= 4.6.1 is required in order to run the Wazuh API https://documentation.wazuh.com/3.13/installation-guide/installing-wazuh-manager/linux/rhel/wazuh_server_packages_rhel.html#wazuh-server-packages-rhel NodeJS v6.17.1 causes the wazuh-api service to crash in FIPS mode.

Updating to v10.22.1 has resolved the crash issue.

It might be beneficial to update the documentation to more strongly recommend v10.x, especially as there has been effort to make Wazuh FIPS mode compatible