Open c-bordon opened 6 days ago
After carrying out new tests with the fixes applied in the unattended, it was detected that Wazuh dashboard is installed correctly:
[root@centos8 ~]# bash wazuh-install.sh -a
24/06/2024 17:26:07 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0
24/06/2024 17:26:07 INFO: Verbose logging redirected to /var/log/wazuh-install.log
24/06/2024 17:26:07 INFO: Verifying that your system meets the recommended minimum hardware requirements.
24/06/2024 17:26:08 INFO: Wazuh web interface port will be 443.
24/06/2024 17:26:08 WARNING: The system has Firewalld enabled. Please ensure that traffic is allowed on these ports: 1515, 1514, 443.
24/06/2024 17:26:09 INFO: Wazuh development repository added.
24/06/2024 17:26:09 INFO: --- Configuration files ---
24/06/2024 17:26:09 INFO: Generating configuration files.
24/06/2024 17:26:09 INFO: Generating the root certificate.
24/06/2024 17:26:10 INFO: Generating Admin certificates.
24/06/2024 17:26:10 INFO: Generating Wazuh indexer certificates.
24/06/2024 17:26:10 INFO: Generating Filebeat certificates.
24/06/2024 17:26:10 INFO: Generating Wazuh dashboard certificates.
24/06/2024 17:26:10 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
24/06/2024 17:26:10 INFO: --- Wazuh indexer ---
24/06/2024 17:26:10 INFO: Starting Wazuh indexer installation.
24/06/2024 17:28:29 INFO: Wazuh indexer installation finished.
24/06/2024 17:28:29 INFO: Wazuh indexer post-install configuration finished.
24/06/2024 17:28:29 INFO: Starting service wazuh-indexer.
24/06/2024 17:28:39 INFO: wazuh-indexer service started.
24/06/2024 17:28:39 INFO: Initializing Wazuh indexer cluster security settings.
24/06/2024 17:28:43 INFO: Wazuh indexer cluster security configuration initialized.
24/06/2024 17:28:43 INFO: Wazuh indexer cluster initialized.
24/06/2024 17:28:43 INFO: --- Wazuh server ---
24/06/2024 17:28:43 INFO: Starting the Wazuh manager installation.
24/06/2024 17:30:28 INFO: Wazuh manager installation finished.
24/06/2024 17:30:28 INFO: Wazuh manager vulnerability detection configuration finished.
24/06/2024 17:30:28 INFO: Starting service wazuh-manager.
24/06/2024 17:30:41 INFO: wazuh-manager service started.
24/06/2024 17:30:41 INFO: Starting Filebeat installation.
24/06/2024 17:30:49 INFO: Filebeat installation finished.
24/06/2024 17:30:51 INFO: Filebeat post-install configuration finished.
24/06/2024 17:30:51 INFO: Starting service filebeat.
24/06/2024 17:30:51 INFO: filebeat service started.
24/06/2024 17:30:51 INFO: --- Wazuh dashboard ---
24/06/2024 17:30:51 INFO: Starting Wazuh dashboard installation.
24/06/2024 17:32:56 INFO: Wazuh dashboard installation finished.
24/06/2024 17:32:56 INFO: Wazuh dashboard post-install configuration finished.
24/06/2024 17:32:56 INFO: Starting service wazuh-dashboard.
24/06/2024 17:32:56 INFO: wazuh-dashboard service started.
24/06/2024 17:32:56 INFO: Updating the internal users.
24/06/2024 17:32:59 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
24/06/2024 17:33:07 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password.
24/06/2024 17:33:38 INFO: Initializing Wazuh dashboard web application.
24/06/2024 17:33:39 INFO: Wazuh dashboard web application initialized.
24/06/2024 17:33:39 INFO: --- Summary ---
24/06/2024 17:33:39 INFO: You can access the web interface https://<wazuh-dashboard-ip>:443
User: admin
Password: jzD3C*81mHTN0ySUb+3X3aHTPNxRph1G
24/06/2024 17:33:40 INFO: Installation finished.
I ran tests again with Step by Step to rule out, and the installation was successful despite the permission denied message:
[root@centos8 ~]# curl -sO https://packages-dev.wazuh.com/4.9/wazuh-certs-tool.sh
[root@centos8 ~]# curl -sO https://packages-dev.wazuh.com/4.9/config.yml
[root@centos8 ~]# vi config.yml
[root@centos8 ~]# bash ./wazuh-certs-tool.sh -A
25/06/2024 12:29:18 INFO: Verbose logging redirected to /root/wazuh-certificates-tool.log
25/06/2024 12:29:18 INFO: Generating the root certificate.
25/06/2024 12:29:18 INFO: Generating Admin certificates.
25/06/2024 12:29:18 INFO: Admin certificates created.
25/06/2024 12:29:18 INFO: Generating Wazuh indexer certificates.
25/06/2024 12:29:18 INFO: Wazuh indexer certificates created.
25/06/2024 12:29:18 INFO: Generating Filebeat certificates.
25/06/2024 12:29:18 INFO: Wazuh Filebeat certificates created.
25/06/2024 12:29:18 INFO: Generating Wazuh dashboard certificates.
25/06/2024 12:29:18 INFO: Wazuh dashboard certificates created.
[root@centos8 ~]# tar -cvf ./wazuh-certificates.tar -C ./wazuh-certificates/ .
./
./root-ca.key
./root-ca.pem
./admin-key.pem
./admin.pem
./node-1-key.pem
./node-1.pem
./wazuh-1-key.pem
./wazuh-1.pem
./dashboard-key.pem
./dashboard.pem
[root@centos8 ~]# rm -rf ./wazuh-certificates
[root@centos8 ~]# yum install coreutils -y
CentOS Linux 8 - AppStream 4.3 MB/s | 8.4 MB 00:01
CentOS Linux 8 - BaseOS 6.9 MB/s | 4.6 MB 00:00
CentOS Linux 8 - Extras 92 kB/s | 10 kB 00:00
Extra Packages for Enterprise Linux 8 - x86_64 4.3 MB/s | 14 MB 00:03
Package coreutils-8.30-12.el8.x86_64 is already installed.
Dependencies resolved.
Nothing to do.
Complete!
[root@centos8 ~]# rpm --import https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
[root@centos8 ~]# echo -e '[wazuh]\ngpgcheck=1\ngpgkey=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH\nenabled=1\nname=EL-$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1' | tee /etc/yum.repos.d/wazuh.repo
[wazuh]
gpgcheck=1
gpgkey=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
enabled=1
name=EL-$releasever - Wazuh
baseurl=https://packages-dev.wazuh.com/pre-release/yum/
protect=1
[root@centos8 ~]# yum -y install wazuh-indexer
EL-8 - Wazuh 5.1 MB/s | 26 MB 00:05
Last metadata expiration check: 0:00:08 ago on Tue 25 Jun 2024 12:30:31 PM UTC.
Dependencies resolved.
============================================================================================================================================================================================================================================
Package Architecture Version Repository Size
============================================================================================================================================================================================================================================
Installing:
wazuh-indexer x86_64 4.9.0-1 wazuh 813 M
Transaction Summary
============================================================================================================================================================================================================================================
Install 1 Package
Total download size: 813 M
Installed size: 1.0 G
Downloading Packages:
wazuh-indexer-4.9.0-1.x86_64.rpm 9.6 MB/s | 813 MB 01:24
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total 9.6 MB/s | 813 MB 01:24
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Running scriptlet: wazuh-indexer-4.9.0-1.x86_64 1/1
Installing : wazuh-indexer-4.9.0-1.x86_64 1/1
Running scriptlet: wazuh-indexer-4.9.0-1.x86_64 1/1
### NOT starting on installation, please execute the following statements to configure wazuh-indexer service to start automatically using systemd
sudo systemctl daemon-reload
sudo systemctl enable wazuh-indexer.service
### You can start wazuh-indexer service by executing
sudo systemctl start wazuh-indexer.service
Verifying : wazuh-indexer-4.9.0-1.x86_64 1/1
Installed:
wazuh-indexer-4.9.0-1.x86_64
Complete!
[root@centos8 ~]# vi /etc/wazuh-indexer/opensearch.yml
[root@centos8 ~]# NODE_NAME=node-1
[root@centos8 ~]# mkdir /etc/wazuh-indexer/certs
[root@centos8 ~]# tar -xf ./wazuh-certificates.tar -C /etc/wazuh-indexer/certs/ ./$NODE_NAME.pem ./$NODE_NAME-key.pem ./admin.pem ./admin-key.pem ./root-ca.pem
[root@centos8 ~]# mv -n /etc/wazuh-indexer/certs/$NODE_NAME.pem /etc/wazuh-indexer/certs/indexer.pem
[root@centos8 ~]# mv -n /etc/wazuh-indexer/certs/$NODE_NAME-key.pem /etc/wazuh-indexer/certs/indexer-key.pem
[root@centos8 ~]# chmod 500 /etc/wazuh-indexer/certs
[root@centos8 ~]# chmod 400 /etc/wazuh-indexer/certs/*
[root@centos8 ~]# chown -R wazuh-indexer:wazuh-indexer /etc/wazuh-indexer/certs
[root@centos8 ~]# systemctl daemon-reload
[root@centos8 ~]# systemctl enable wazuh-indexer
Synchronizing state of wazuh-indexer.service with SysV service script with /usr/lib/systemd/systemd-sysv-install.
Executing: /usr/lib/systemd/systemd-sysv-install enable wazuh-indexer
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service → /usr/lib/systemd/system/wazuh-indexer.service.
[root@centos8 ~]# systemctl start wazuh-indexer
[root@centos8 ~]# /usr/share/wazuh-indexer/bin/indexer-security-init.sh
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.13.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index does not exists, attempt to create it ... done (0-all replicas)
Populate config from /etc/wazuh-indexer/opensearch-security/
Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml
SUCC: Configuration for 'config' created or updated
Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml
SUCC: Configuration for 'roles' created or updated
Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml
SUCC: Configuration for 'rolesmapping' created or updated
Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml
SUCC: Configuration for 'internalusers' created or updated
Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml
SUCC: Configuration for 'actiongroups' created or updated
Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml
SUCC: Configuration for 'tenants' created or updated
Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml
SUCC: Configuration for 'nodesdn' created or updated
Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml
SUCC: Configuration for 'whitelist' created or updated
Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml
SUCC: Configuration for 'audit' created or updated
Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml
SUCC: Configuration for 'allowlist' created or updated
SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null
Done with success
[root@centos8 ~]# yum -y install wazuh-manager
CentOS Linux 8 - AppStream 7.8 kB/s | 4.3 kB 00:00
CentOS Linux 8 - BaseOS 26 kB/s | 3.9 kB 00:00
CentOS Linux 8 - Extras 13 kB/s | 1.5 kB 00:00
Extra Packages for Enterprise Linux 8 - x86_64 84 kB/s | 90 kB 00:01
Dependencies resolved.
============================================================================================================================================================================================================================================
Package Architecture Version Repository Size
============================================================================================================================================================================================================================================
Installing:
wazuh-manager x86_64 4.9.0-1 wazuh 300 M
Transaction Summary
============================================================================================================================================================================================================================================
Install 1 Package
Total download size: 300 M
Installed size: 893 M
Downloading Packages:
wazuh-manager-4.9.0-1.x86_64.rpm 8.9 MB/s | 300 MB 00:33
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total 8.9 MB/s | 300 MB 00:33
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Running scriptlet: wazuh-manager-4.9.0-1.x86_64 1/1
Installing : wazuh-manager-4.9.0-1.x86_64 1/1
Running scriptlet: wazuh-manager-4.9.0-1.x86_64 1/1
Verifying : wazuh-manager-4.9.0-1.x86_64 1/1
Installed:
wazuh-manager-4.9.0-1.x86_64
Complete!
[root@centos8 ~]# var/ossec/bin/wazuh-keystore -f indexer -k username -v admin
-bash: var/ossec/bin/wazuh-keystore: No such file or directory
[root@centos8 ~]# /var/ossec/bin/wazuh-keystore -f indexer -k username -v admin
[root@centos8 ~]# /var/ossec/bin/wazuh-keystore -f indexer -k password -v admin
[root@centos8 ~]# vi /var/ossec/etc/ossec.conf
[root@centos8 ~]# yum -y install filebeat
EL-8 - Wazuh 2.5 kB/s | 3.4 kB 00:01
Dependencies resolved.
============================================================================================================================================================================================================================================
Package Architecture Version Repository Size
============================================================================================================================================================================================================================================
Installing:
filebeat x86_64 7.10.2-1 wazuh 21 M
Transaction Summary
============================================================================================================================================================================================================================================
Install 1 Package
Total download size: 21 M
Installed size: 70 M
Downloading Packages:
filebeat-oss-7.10.2-x86_64.rpm 6.2 MB/s | 21 MB 00:03
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total 6.2 MB/s | 21 MB 00:03
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : filebeat-7.10.2-1.x86_64 1/1
Running scriptlet: filebeat-7.10.2-1.x86_64 1/1
Verifying : filebeat-7.10.2-1.x86_64 1/1
Installed:
filebeat-7.10.2-1.x86_64
Complete!
[root@centos8 ~]# curl -so /etc/filebeat/filebeat.yml https://packages-dev.wazuh.com/4.9/tpl/wazuh/filebeat/filebeat.yml
[root@centos8 ~]# vi /etc/filebeat/filebeat.yml
[root@centos8 ~]# filebeat keystore create
Created filebeat keystore
[root@centos8 ~]# echo admin | filebeat keystore add username --stdin --force
Successfully updated the keystore
[root@centos8 ~]# echo admin | filebeat keystore add password --stdin --force
Successfully updated the keystore
[root@centos8 ~]# curl -so /etc/filebeat/wazuh-template.json https://raw.githubusercontent.com/wazuh/wazuh/v4.9.0-alpha1/extensions/elasticsearch/7.x/wazuh-template.json
[root@centos8 ~]# curl -s https://packages-dev.wazuh.com/pre-release/filebeat/wazuh-filebeat-0.4.tar.gz | tar -xvz -C /usr/share/filebeat/module
wazuh/
wazuh/_meta/
wazuh/_meta/docs.asciidoc
wazuh/_meta/fields.yml
wazuh/_meta/config.yml
wazuh/alerts/
wazuh/alerts/config/
wazuh/alerts/config/alerts.yml
wazuh/alerts/manifest.yml
wazuh/alerts/ingest/
wazuh/alerts/ingest/pipeline.json
wazuh/module.yml
wazuh/archives/
wazuh/archives/config/
wazuh/archives/config/archives.yml
wazuh/archives/manifest.yml
wazuh/archives/ingest/
wazuh/archives/ingest/pipeline.json
[root@centos8 ~]# ls -la
total 100
dr-xr-x---. 2 root root 217 Jun 25 12:38 .
dr-xr-xr-x. 17 root root 224 Nov 1 2023 ..
-rw-r--r--. 1 root root 18 May 11 2019 .bash_logout
-rw-r--r--. 1 root root 176 May 11 2019 .bash_profile
-rw-r--r--. 1 root root 176 May 11 2019 .bashrc
-rw-------. 1 root root 610 Jun 25 12:29 config.yml
-rw-r--r--. 1 root root 100 May 11 2019 .cshrc
-rw-r--r--. 1 root root 129 May 11 2019 .tcshrc
-rw-------. 1 root root 3640 Jun 25 12:38 .viminfo
-rw-r--r--. 1 root root 30720 Jun 25 12:29 wazuh-certificates.tar
-rw-------. 1 root root 641 Jun 25 12:29 wazuh-certificates-tool.log
-rw-r--r--. 1 root root 36475 Jun 25 12:28 wazuh-certs-tool.sh
[root@centos8 ~]# cat config.yml
nodes:
# Wazuh indexer nodes
indexer:
- name: node-1
ip: "127.0.0.1"
#- name: node-2
# ip: "<indexer-node-ip>"
#- name: node-3
# ip: "<indexer-node-ip>"
# Wazuh server nodes
# If there is more than one Wazuh server
# node, each one must have a node_type
server:
- name: wazuh-1
ip: "127.0.0.1"
# node_type: master
#- name: wazuh-2
# ip: "<wazuh-manager-ip>"
# node_type: worker
#- name: wazuh-3
# ip: "<wazuh-manager-ip>"
# node_type: worker
# Wazuh dashboard nodes
dashboard:
- name: dashboard
ip: "127.0.0.1"
[root@centos8 ~]# NODE_NAME=wazuh-1
[root@centos8 ~]# mkdir /etc/filebeat/certs
[root@centos8 ~]# tar -xf ./wazuh-certificates.tar -C /etc/filebeat/certs/ ./$NODE_NAME.pem ./$NODE_NAME-key.pem ./root-ca.pem
[root@centos8 ~]# mv -n /etc/filebeat/certs/$NODE_NAME.pem /etc/filebeat/certs/filebeat.pem
[root@centos8 ~]# mv -n /etc/filebeat/certs/$NODE_NAME-key.pem /etc/filebeat/certs/filebeat-key.pem
[root@centos8 ~]# chmod 500 /etc/filebeat/certs
[root@centos8 ~]# chmod 400 /etc/filebeat/certs/*
[root@centos8 ~]# chown -R root:root /etc/filebeat/certs
[root@centos8 ~]# systemctl daemon-reload
[root@centos8 ~]# systemctl enable wazuh-manager
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-manager.service → /usr/lib/systemd/system/wazuh-manager.service.
[root@centos8 ~]# systemctl start wazuh-manager
[root@centos8 ~]# systemctl status wazuh-manager
● wazuh-manager.service - Wazuh manager
Loaded: loaded (/usr/lib/systemd/system/wazuh-manager.service; enabled; vendor preset: disabled)
Active: active (running) since Tue 2024-06-25 12:40:13 UTC; 5s ago
Process: 5997 ExecStart=/usr/bin/env /var/ossec/bin/wazuh-control start (code=exited, status=0/SUCCESS)
Tasks: 163 (limit: 49489)
Memory: 2.8G
CGroup: /system.slice/wazuh-manager.service
├─6062 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py
├─6102 /var/ossec/bin/wazuh-authd
├─6116 /var/ossec/bin/wazuh-db
├─6132 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py
├─6135 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py
├─6138 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py
├─6151 /var/ossec/bin/wazuh-execd
├─6166 /var/ossec/bin/wazuh-analysisd
├─6176 /var/ossec/bin/wazuh-syscheckd
├─6244 /var/ossec/bin/wazuh-remoted
├─6280 /var/ossec/bin/wazuh-logcollector
├─6329 /var/ossec/bin/wazuh-monitord
└─6376 /var/ossec/bin/wazuh-modulesd
Jun 25 12:40:06 centos8.localdomain env[5997]: Started wazuh-analysisd...
Jun 25 12:40:07 centos8.localdomain env[5997]: Started wazuh-syscheckd...
Jun 25 12:40:08 centos8.localdomain env[5997]: Started wazuh-remoted...
Jun 25 12:40:09 centos8.localdomain env[5997]: Started wazuh-logcollector...
Jun 25 12:40:10 centos8.localdomain env[5997]: Started wazuh-monitord...
Jun 25 12:40:10 centos8.localdomain env[5997]: 2024/06/25 12:40:10 wazuh-modulesd:router: INFO: Loaded router module.
Jun 25 12:40:10 centos8.localdomain env[5997]: 2024/06/25 12:40:10 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
Jun 25 12:40:11 centos8.localdomain env[5997]: Started wazuh-modulesd...
Jun 25 12:40:13 centos8.localdomain env[5997]: Completed.
Jun 25 12:40:13 centos8.localdomain systemd[1]: Started Wazuh manager.
[root@centos8 ~]# systemctl daemon-reload
[root@centos8 ~]# systemctl enable filebeat
Synchronizing state of filebeat.service with SysV service script with /usr/lib/systemd/systemd-sysv-install.
Executing: /usr/lib/systemd/systemd-sysv-install enable filebeat
Created symlink /etc/systemd/system/multi-user.target.wants/filebeat.service → /usr/lib/systemd/system/filebeat.service.
[root@centos8 ~]# systemctl start filebeat
[root@centos8 ~]# filebeat test output
elasticsearch: https://127.0.0.1:9200...
parse url... OK
connection...
parse host... OK
dns lookup... OK
addresses: 127.0.0.1
dial up... OK
TLS...
security: server's certificate chain verification is enabled
handshake... OK
TLS version: TLSv1.3
dial up... OK
talk to server... OK
version: 7.10.2
[root@centos8 ~]# yum install libcap -y
Last metadata expiration check: 0:02:20 ago on Tue 25 Jun 2024 12:38:22 PM UTC.
Package libcap-2.26-5.el8.x86_64 is already installed.
Dependencies resolved.
Nothing to do.
Complete!
[root@centos8 ~]# yum -y install wazuh-dashboard
Last metadata expiration check: 0:02:25 ago on Tue 25 Jun 2024 12:38:22 PM UTC.
Dependencies resolved.
============================================================================================================================================================================================================================================
Package Architecture Version Repository Size
============================================================================================================================================================================================================================================
Installing:
wazuh-dashboard x86_64 4.9.0-1 wazuh 260 M
Transaction Summary
============================================================================================================================================================================================================================================
Install 1 Package
Total download size: 260 M
Installed size: 888 M
Downloading Packages:
wazuh-dashboard-4.9.0-1.x86_64.rpm 8.6 MB/s | 260 MB 00:30
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total 8.6 MB/s | 260 MB 00:30
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Running scriptlet: wazuh-dashboard-4.9.0-1.x86_64 1/1
Installing : wazuh-dashboard-4.9.0-1.x86_64 1/1
Running scriptlet: wazuh-dashboard-4.9.0-1.x86_64 1/1
Verifying : wazuh-dashboard-4.9.0-1.x86_64 1/1
Installed:
wazuh-dashboard-4.9.0-1.x86_64
Complete!
[root@centos8 ~]# NODE_NAME=dashboard
[root@centos8 ~]# vi /etc/wazuh-dashboard/opensearch_dashboards.yml
[root@centos8 ~]# mkdir /etc/wazuh-dashboard/certs
[root@centos8 ~]# tar -xf ./wazuh-certificates.tar -C /etc/wazuh-dashboard/certs/ ./$NODE_NAME.pem ./$NODE_NAME-key.pem ./root-ca.pem
[root@centos8 ~]# mv -n /etc/wazuh-dashboard/certs/$NODE_NAME.pem /etc/wazuh-dashboard/certs/dashboard.pem
[root@centos8 ~]# mv -n /etc/wazuh-dashboard/certs/$NODE_NAME-key.pem /etc/wazuh-dashboard/certs/dashboard-key.pem
[root@centos8 ~]# chmod 500 /etc/wazuh-dashboard/certs
[root@centos8 ~]# chmod 400 /etc/wazuh-dashboard/certs/*
[root@centos8 ~]# chown -R wazuh-dashboard:wazuh-dashboard /etc/wazuh-dashboard/certs
[root@centos8 ~]# systemctl daemon-reload
[root@centos8 ~]# systemctl enable wazuh-dashboard
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service → /etc/systemd/system/wazuh-dashboard.service.
[root@centos8 ~]# systemctl start wazuh-dashboard
[root@centos8 ~]# ip add
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 08:00:27:1d:95:95 brd ff:ff:ff:ff:ff:ff
inet 10.0.2.15/24 brd 10.0.2.255 scope global dynamic noprefixroute eth0
valid_lft 84686sec preferred_lft 84686sec
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 08:00:27:ae:bb:ba brd ff:ff:ff:ff:ff:ff
inet 192.168.57.177/24 brd 192.168.57.255 scope global noprefixroute eth1
valid_lft forever preferred_lft forever
[root@centos8 ~]# systemctl status wazuh-dashboard.service
● wazuh-dashboard.service - wazuh-dashboard
Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; enabled; vendor preset: disabled)
Active: active (running) since Tue 2024-06-25 12:43:07 UTC; 33s ago
Main PID: 8195 (node)
Tasks: 11 (limit: 49489)
Memory: 223.0M
CGroup: /system.slice/wazuh-dashboard.service
└─8195 /usr/share/wazuh-dashboard/node/bin/node /usr/share/wazuh-dashboard/src/cli/dist -c /etc/wazuh-dashboard/opensearch_dashboards.yml
Jun 25 12:43:07 centos8.localdomain systemd[1]: Started wazuh-dashboard.
Jun 25 12:43:07 centos8.localdomain systemd[8195]: wazuh-dashboard.service: Failed to connect stdout to the journal socket, ignoring: Permission denied
The error was reproducible, using CentOS 8.
After some tests concluded that the error only occured if all the components were installed. However, installing only the Dashboard didn't produced the error
Based in the previous evidence, a test was done installing step by step the Indexer and then the Dashboard, showing again the error
Did more tests. If the Dashboard was installed before the Indexer, it will continue working until restarting it. After that, the error happened again.
Reviewing the system files, found that the installation of the Indexer is changing the /run
permissions and ownership.
Before installing:
[root@localhost vagrant]# ls -l /
total 16
lrwxrwxrwx. 1 root root 7 Jun 22 2021 bin -> usr/bin
dr-xr-xr-x. 5 root root 4096 Dec 19 2021 boot
drwxr-xr-x. 18 root root 2880 Jun 27 08:46 dev
drwxr-xr-x. 87 root root 8192 Jun 27 11:48 etc
drwxr-xr-x. 3 root root 21 Dec 19 2021 home
lrwxrwxrwx. 1 root root 7 Jun 22 2021 lib -> usr/lib
lrwxrwxrwx. 1 root root 9 Jun 22 2021 lib64 -> usr/lib64
drwxr-xr-x. 2 root root 6 Jun 22 2021 media
drwxr-xr-x. 2 root root 6 Jun 22 2021 mnt
drwxr-xr-x. 3 root root 39 Dec 19 2021 opt
dr-xr-xr-x. 130 root root 0 Jun 27 08:46 proc
dr-xr-x---. 2 root root 91 Dec 19 2021 root
drwxr-xr-x. 26 root root 840 Jun 27 08:53 run
lrwxrwxrwx. 1 root root 8 Jun 22 2021 sbin -> usr/sbin
drwxr-xr-x. 2 root root 6 Jun 22 2021 srv
dr-xr-xr-x. 13 root root 0 Jun 27 08:46 sys
drwxrwxrwt. 3 root root 85 Jun 28 08:04 tmp
drwxr-xr-x. 12 root root 144 Dec 19 2021 usr
drwxrwxrwx. 1 vagrant vagrant 0 Jun 27 08:40 vagrant
drwxr-xr-x. 20 root root 278 Dec 19 2021 var
After installing:
[root@localhost vagrant]# ls -l /
total 16
lrwxrwxrwx. 1 root root 7 Jun 22 2021 bin -> usr/bin
dr-xr-xr-x. 5 root root 4096 Dec 19 2021 boot
drwxr-xr-x. 18 root root 2880 Jun 27 08:30 dev
drwxr-xr-x. 88 root root 8192 Jun 27 15:14 etc
drwxr-xr-x. 3 root root 21 Dec 19 2021 home
lrwxrwxrwx. 1 root root 7 Jun 22 2021 lib -> usr/lib
lrwxrwxrwx. 1 root root 9 Jun 22 2021 lib64 -> usr/lib64
drwxr-xr-x. 2 root root 6 Jun 22 2021 media
drwxr-xr-x. 2 root root 6 Jun 22 2021 mnt
drwxr-xr-x. 3 root root 39 Dec 19 2021 opt
dr-xr-xr-x. 134 root root 0 Jun 27 08:30 proc
dr-xr-x---. 2 root root 91 Dec 19 2021 root
drwxr-x---. 27 wazuh-indexer wazuh-indexer 860 Jun 28 11:08 run
lrwxrwxrwx. 1 root root 8 Jun 22 2021 sbin -> usr/sbin
drwxr-xr-x. 2 root root 6 Jun 22 2021 srv
dr-xr-xr-x. 13 root root 0 Jun 27 08:30 sys
drwxrwxrwt. 6 root root 229 Jun 28 11:09 tmp
drwxr-xr-x. 12 root root 144 Dec 19 2021 usr
drwxrwxrwx. 1 vagrant vagrant 0 May 24 17:14 vagrant
drwxr-xr-x. 20 root root 278 Dec 19 2021 var
As this is a system folder, it can affect not only the Wazuh dashboard, but the overall system function.
This should be investigated by @wazuh/devel-indexer
Related https://github.com/wazuh/wazuh-packages/issues/3013
A problem is detected when installing pre-release package 4.9.0-1 in YUM environments.
A test is carried out on Centos 8 and also on Amazon Linux 2. The error is the following:
The installation was carried out using the installation assistant and step by step and the result was the same.