c-bordon
commented
5 days ago Update report
After carrying out new tests with the fixes applied in the unattended, it was detected that Wazuh dashboard is installed correctly:
[root@centos8 ~]# bash wazuh-install.sh -a
24/06/2024 17:26:07 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0
24/06/2024 17:26:07 INFO: Verbose logging redirected to /var/log/wazuh-install.log
24/06/2024 17:26:07 INFO: Verifying that your system meets the recommended minimum hardware requirements.
24/06/2024 17:26:08 INFO: Wazuh web interface port will be 443.
24/06/2024 17:26:08 WARNING: The system has Firewalld enabled. Please ensure that traffic is allowed on these ports: 1515, 1514, 443.
24/06/2024 17:26:09 INFO: Wazuh development repository added.
24/06/2024 17:26:09 INFO: --- Configuration files ---
24/06/2024 17:26:09 INFO: Generating configuration files.
24/06/2024 17:26:09 INFO: Generating the root certificate.
24/06/2024 17:26:10 INFO: Generating Admin certificates.
24/06/2024 17:26:10 INFO: Generating Wazuh indexer certificates.
24/06/2024 17:26:10 INFO: Generating Filebeat certificates.
24/06/2024 17:26:10 INFO: Generating Wazuh dashboard certificates.
24/06/2024 17:26:10 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
24/06/2024 17:26:10 INFO: --- Wazuh indexer ---
24/06/2024 17:26:10 INFO: Starting Wazuh indexer installation.
24/06/2024 17:28:29 INFO: Wazuh indexer installation finished.
24/06/2024 17:28:29 INFO: Wazuh indexer post-install configuration finished.
24/06/2024 17:28:29 INFO: Starting service wazuh-indexer.
24/06/2024 17:28:39 INFO: wazuh-indexer service started.
24/06/2024 17:28:39 INFO: Initializing Wazuh indexer cluster security settings.
24/06/2024 17:28:43 INFO: Wazuh indexer cluster security configuration initialized.
24/06/2024 17:28:43 INFO: Wazuh indexer cluster initialized.
24/06/2024 17:28:43 INFO: --- Wazuh server ---
24/06/2024 17:28:43 INFO: Starting the Wazuh manager installation.
24/06/2024 17:30:28 INFO: Wazuh manager installation finished.
24/06/2024 17:30:28 INFO: Wazuh manager vulnerability detection configuration finished.
24/06/2024 17:30:28 INFO: Starting service wazuh-manager.
24/06/2024 17:30:41 INFO: wazuh-manager service started.
24/06/2024 17:30:41 INFO: Starting Filebeat installation.
24/06/2024 17:30:49 INFO: Filebeat installation finished.
24/06/2024 17:30:51 INFO: Filebeat post-install configuration finished.
24/06/2024 17:30:51 INFO: Starting service filebeat.
24/06/2024 17:30:51 INFO: filebeat service started.
24/06/2024 17:30:51 INFO: --- Wazuh dashboard ---
24/06/2024 17:30:51 INFO: Starting Wazuh dashboard installation.
24/06/2024 17:32:56 INFO: Wazuh dashboard installation finished.
24/06/2024 17:32:56 INFO: Wazuh dashboard post-install configuration finished.
24/06/2024 17:32:56 INFO: Starting service wazuh-dashboard.
24/06/2024 17:32:56 INFO: wazuh-dashboard service started.
24/06/2024 17:32:56 INFO: Updating the internal users.
24/06/2024 17:32:59 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
24/06/2024 17:33:07 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password.
24/06/2024 17:33:38 INFO: Initializing Wazuh dashboard web application.
24/06/2024 17:33:39 INFO: Wazuh dashboard web application initialized.
24/06/2024 17:33:39 INFO: --- Summary ---
24/06/2024 17:33:39 INFO: You can access the web interface https://<wazuh-dashboard-ip>:443
User: admin
Password: jzD3C*81mHTN0ySUb+3X3aHTPNxRph1G
24/06/2024 17:33:40 INFO: Installation finished.I ran tests again with Step by Step to rule out, and the installation was successful despite the permission denied message:
[root@centos8 ~]# curl -sO https://packages-dev.wazuh.com/4.9/wazuh-certs-tool.sh
[root@centos8 ~]# curl -sO https://packages-dev.wazuh.com/4.9/config.yml
[root@centos8 ~]# vi config.yml
[root@centos8 ~]# bash ./wazuh-certs-tool.sh -A
25/06/2024 12:29:18 INFO: Verbose logging redirected to /root/wazuh-certificates-tool.log
25/06/2024 12:29:18 INFO: Generating the root certificate.
25/06/2024 12:29:18 INFO: Generating Admin certificates.
25/06/2024 12:29:18 INFO: Admin certificates created.
25/06/2024 12:29:18 INFO: Generating Wazuh indexer certificates.
25/06/2024 12:29:18 INFO: Wazuh indexer certificates created.
25/06/2024 12:29:18 INFO: Generating Filebeat certificates.
25/06/2024 12:29:18 INFO: Wazuh Filebeat certificates created.
25/06/2024 12:29:18 INFO: Generating Wazuh dashboard certificates.
25/06/2024 12:29:18 INFO: Wazuh dashboard certificates created.
[root@centos8 ~]# tar -cvf ./wazuh-certificates.tar -C ./wazuh-certificates/ .
./
./root-ca.key
./root-ca.pem
./admin-key.pem
./admin.pem
./node-1-key.pem
./node-1.pem
./wazuh-1-key.pem
./wazuh-1.pem
./dashboard-key.pem
./dashboard.pem
[root@centos8 ~]# rm -rf ./wazuh-certificates
[root@centos8 ~]# yum install coreutils -y
CentOS Linux 8 - AppStream 4.3 MB/s | 8.4 MB 00:01
CentOS Linux 8 - BaseOS 6.9 MB/s | 4.6 MB 00:00
CentOS Linux 8 - Extras 92 kB/s | 10 kB 00:00
Extra Packages for Enterprise Linux 8 - x86_64 4.3 MB/s | 14 MB 00:03
Package coreutils-8.30-12.el8.x86_64 is already installed.
Dependencies resolved.
Nothing to do.
Complete!
[root@centos8 ~]# rpm --import https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
[root@centos8 ~]# echo -e '[wazuh]\ngpgcheck=1\ngpgkey=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH\nenabled=1\nname=EL-$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1' | tee /etc/yum.repos.d/wazuh.repo
[wazuh]
gpgcheck=1
gpgkey=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
enabled=1
name=EL-$releasever - Wazuh
baseurl=https://packages-dev.wazuh.com/pre-release/yum/
protect=1
[root@centos8 ~]# yum -y install wazuh-indexer
EL-8 - Wazuh 5.1 MB/s | 26 MB 00:05
Last metadata expiration check: 0:00:08 ago on Tue 25 Jun 2024 12:30:31 PM UTC.
Dependencies resolved.
============================================================================================================================================================================================================================================
Package Architecture Version Repository Size
============================================================================================================================================================================================================================================
Installing:
wazuh-indexer x86_64 4.9.0-1 wazuh 813 M
Transaction Summary
============================================================================================================================================================================================================================================
Install 1 Package
Total download size: 813 M
Installed size: 1.0 G
Downloading Packages:
wazuh-indexer-4.9.0-1.x86_64.rpm 9.6 MB/s | 813 MB 01:24
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total 9.6 MB/s | 813 MB 01:24
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Running scriptlet: wazuh-indexer-4.9.0-1.x86_64 1/1
Installing : wazuh-indexer-4.9.0-1.x86_64 1/1
Running scriptlet: wazuh-indexer-4.9.0-1.x86_64 1/1
### NOT starting on installation, please execute the following statements to configure wazuh-indexer service to start automatically using systemd
sudo systemctl daemon-reload
sudo systemctl enable wazuh-indexer.service
### You can start wazuh-indexer service by executing
sudo systemctl start wazuh-indexer.service
Verifying : wazuh-indexer-4.9.0-1.x86_64 1/1
Installed:
wazuh-indexer-4.9.0-1.x86_64
Complete!
[root@centos8 ~]# vi /etc/wazuh-indexer/opensearch.yml
[root@centos8 ~]# NODE_NAME=node-1
[root@centos8 ~]# mkdir /etc/wazuh-indexer/certs
[root@centos8 ~]# tar -xf ./wazuh-certificates.tar -C /etc/wazuh-indexer/certs/ ./$NODE_NAME.pem ./$NODE_NAME-key.pem ./admin.pem ./admin-key.pem ./root-ca.pem
[root@centos8 ~]# mv -n /etc/wazuh-indexer/certs/$NODE_NAME.pem /etc/wazuh-indexer/certs/indexer.pem
[root@centos8 ~]# mv -n /etc/wazuh-indexer/certs/$NODE_NAME-key.pem /etc/wazuh-indexer/certs/indexer-key.pem
[root@centos8 ~]# chmod 500 /etc/wazuh-indexer/certs
[root@centos8 ~]# chmod 400 /etc/wazuh-indexer/certs/*
[root@centos8 ~]# chown -R wazuh-indexer:wazuh-indexer /etc/wazuh-indexer/certs
[root@centos8 ~]# systemctl daemon-reload
[root@centos8 ~]# systemctl enable wazuh-indexer
Synchronizing state of wazuh-indexer.service with SysV service script with /usr/lib/systemd/systemd-sysv-install.
Executing: /usr/lib/systemd/systemd-sysv-install enable wazuh-indexer
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service → /usr/lib/systemd/system/wazuh-indexer.service.
[root@centos8 ~]# systemctl start wazuh-indexer
[root@centos8 ~]# /usr/share/wazuh-indexer/bin/indexer-security-init.sh
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.13.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index does not exists, attempt to create it ... done (0-all replicas)
Populate config from /etc/wazuh-indexer/opensearch-security/
Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml
SUCC: Configuration for 'config' created or updated
Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml
SUCC: Configuration for 'roles' created or updated
Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml
SUCC: Configuration for 'rolesmapping' created or updated
Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml
SUCC: Configuration for 'internalusers' created or updated
Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml
SUCC: Configuration for 'actiongroups' created or updated
Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml
SUCC: Configuration for 'tenants' created or updated
Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml
SUCC: Configuration for 'nodesdn' created or updated
Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml
SUCC: Configuration for 'whitelist' created or updated
Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml
SUCC: Configuration for 'audit' created or updated
Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml
SUCC: Configuration for 'allowlist' created or updated
SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null
Done with success
[root@centos8 ~]# yum -y install wazuh-manager
CentOS Linux 8 - AppStream 7.8 kB/s | 4.3 kB 00:00
CentOS Linux 8 - BaseOS 26 kB/s | 3.9 kB 00:00
CentOS Linux 8 - Extras 13 kB/s | 1.5 kB 00:00
Extra Packages for Enterprise Linux 8 - x86_64 84 kB/s | 90 kB 00:01
Dependencies resolved.
============================================================================================================================================================================================================================================
Package Architecture Version Repository Size
============================================================================================================================================================================================================================================
Installing:
wazuh-manager x86_64 4.9.0-1 wazuh 300 M
Transaction Summary
============================================================================================================================================================================================================================================
Install 1 Package
Total download size: 300 M
Installed size: 893 M
Downloading Packages:
wazuh-manager-4.9.0-1.x86_64.rpm 8.9 MB/s | 300 MB 00:33
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total 8.9 MB/s | 300 MB 00:33
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Running scriptlet: wazuh-manager-4.9.0-1.x86_64 1/1
Installing : wazuh-manager-4.9.0-1.x86_64 1/1
Running scriptlet: wazuh-manager-4.9.0-1.x86_64 1/1
Verifying : wazuh-manager-4.9.0-1.x86_64 1/1
Installed:
wazuh-manager-4.9.0-1.x86_64
Complete!
[root@centos8 ~]# var/ossec/bin/wazuh-keystore -f indexer -k username -v admin
-bash: var/ossec/bin/wazuh-keystore: No such file or directory
[root@centos8 ~]# /var/ossec/bin/wazuh-keystore -f indexer -k username -v admin
[root@centos8 ~]# /var/ossec/bin/wazuh-keystore -f indexer -k password -v admin
[root@centos8 ~]# vi /var/ossec/etc/ossec.conf
[root@centos8 ~]# yum -y install filebeat
EL-8 - Wazuh 2.5 kB/s | 3.4 kB 00:01
Dependencies resolved.
============================================================================================================================================================================================================================================
Package Architecture Version Repository Size
============================================================================================================================================================================================================================================
Installing:
filebeat x86_64 7.10.2-1 wazuh 21 M
Transaction Summary
============================================================================================================================================================================================================================================
Install 1 Package
Total download size: 21 M
Installed size: 70 M
Downloading Packages:
filebeat-oss-7.10.2-x86_64.rpm 6.2 MB/s | 21 MB 00:03
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total 6.2 MB/s | 21 MB 00:03
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : filebeat-7.10.2-1.x86_64 1/1
Running scriptlet: filebeat-7.10.2-1.x86_64 1/1
Verifying : filebeat-7.10.2-1.x86_64 1/1
Installed:
filebeat-7.10.2-1.x86_64
Complete!
[root@centos8 ~]# curl -so /etc/filebeat/filebeat.yml https://packages-dev.wazuh.com/4.9/tpl/wazuh/filebeat/filebeat.yml
[root@centos8 ~]# vi /etc/filebeat/filebeat.yml
[root@centos8 ~]# filebeat keystore create
Created filebeat keystore
[root@centos8 ~]# echo admin | filebeat keystore add username --stdin --force
Successfully updated the keystore
[root@centos8 ~]# echo admin | filebeat keystore add password --stdin --force
Successfully updated the keystore
[root@centos8 ~]# curl -so /etc/filebeat/wazuh-template.json https://raw.githubusercontent.com/wazuh/wazuh/v4.9.0-alpha1/extensions/elasticsearch/7.x/wazuh-template.json
[root@centos8 ~]# curl -s https://packages-dev.wazuh.com/pre-release/filebeat/wazuh-filebeat-0.4.tar.gz | tar -xvz -C /usr/share/filebeat/module
wazuh/
wazuh/_meta/
wazuh/_meta/docs.asciidoc
wazuh/_meta/fields.yml
wazuh/_meta/config.yml
wazuh/alerts/
wazuh/alerts/config/
wazuh/alerts/config/alerts.yml
wazuh/alerts/manifest.yml
wazuh/alerts/ingest/
wazuh/alerts/ingest/pipeline.json
wazuh/module.yml
wazuh/archives/
wazuh/archives/config/
wazuh/archives/config/archives.yml
wazuh/archives/manifest.yml
wazuh/archives/ingest/
wazuh/archives/ingest/pipeline.json
[root@centos8 ~]# ls -la
total 100
dr-xr-x---. 2 root root 217 Jun 25 12:38 .
dr-xr-xr-x. 17 root root 224 Nov 1 2023 ..
-rw-r--r--. 1 root root 18 May 11 2019 .bash_logout
-rw-r--r--. 1 root root 176 May 11 2019 .bash_profile
-rw-r--r--. 1 root root 176 May 11 2019 .bashrc
-rw-------. 1 root root 610 Jun 25 12:29 config.yml
-rw-r--r--. 1 root root 100 May 11 2019 .cshrc
-rw-r--r--. 1 root root 129 May 11 2019 .tcshrc
-rw-------. 1 root root 3640 Jun 25 12:38 .viminfo
-rw-r--r--. 1 root root 30720 Jun 25 12:29 wazuh-certificates.tar
-rw-------. 1 root root 641 Jun 25 12:29 wazuh-certificates-tool.log
-rw-r--r--. 1 root root 36475 Jun 25 12:28 wazuh-certs-tool.sh
[root@centos8 ~]# cat config.yml
nodes:
# Wazuh indexer nodes
indexer:
- name: node-1
ip: "127.0.0.1"
#- name: node-2
# ip: "<indexer-node-ip>"
#- name: node-3
# ip: "<indexer-node-ip>"
# Wazuh server nodes
# If there is more than one Wazuh server
# node, each one must have a node_type
server:
- name: wazuh-1
ip: "127.0.0.1"
# node_type: master
#- name: wazuh-2
# ip: "<wazuh-manager-ip>"
# node_type: worker
#- name: wazuh-3
# ip: "<wazuh-manager-ip>"
# node_type: worker
# Wazuh dashboard nodes
dashboard:
- name: dashboard
ip: "127.0.0.1"
[root@centos8 ~]# NODE_NAME=wazuh-1
[root@centos8 ~]# mkdir /etc/filebeat/certs
[root@centos8 ~]# tar -xf ./wazuh-certificates.tar -C /etc/filebeat/certs/ ./$NODE_NAME.pem ./$NODE_NAME-key.pem ./root-ca.pem
[root@centos8 ~]# mv -n /etc/filebeat/certs/$NODE_NAME.pem /etc/filebeat/certs/filebeat.pem
[root@centos8 ~]# mv -n /etc/filebeat/certs/$NODE_NAME-key.pem /etc/filebeat/certs/filebeat-key.pem
[root@centos8 ~]# chmod 500 /etc/filebeat/certs
[root@centos8 ~]# chmod 400 /etc/filebeat/certs/*
[root@centos8 ~]# chown -R root:root /etc/filebeat/certs
[root@centos8 ~]# systemctl daemon-reload
[root@centos8 ~]# systemctl enable wazuh-manager
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-manager.service → /usr/lib/systemd/system/wazuh-manager.service.
[root@centos8 ~]# systemctl start wazuh-manager
[root@centos8 ~]# systemctl status wazuh-manager
● wazuh-manager.service - Wazuh manager
Loaded: loaded (/usr/lib/systemd/system/wazuh-manager.service; enabled; vendor preset: disabled)
Active: active (running) since Tue 2024-06-25 12:40:13 UTC; 5s ago
Process: 5997 ExecStart=/usr/bin/env /var/ossec/bin/wazuh-control start (code=exited, status=0/SUCCESS)
Tasks: 163 (limit: 49489)
Memory: 2.8G
CGroup: /system.slice/wazuh-manager.service
├─6062 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py
├─6102 /var/ossec/bin/wazuh-authd
├─6116 /var/ossec/bin/wazuh-db
├─6132 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py
├─6135 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py
├─6138 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py
├─6151 /var/ossec/bin/wazuh-execd
├─6166 /var/ossec/bin/wazuh-analysisd
├─6176 /var/ossec/bin/wazuh-syscheckd
├─6244 /var/ossec/bin/wazuh-remoted
├─6280 /var/ossec/bin/wazuh-logcollector
├─6329 /var/ossec/bin/wazuh-monitord
└─6376 /var/ossec/bin/wazuh-modulesd
Jun 25 12:40:06 centos8.localdomain env[5997]: Started wazuh-analysisd...
Jun 25 12:40:07 centos8.localdomain env[5997]: Started wazuh-syscheckd...
Jun 25 12:40:08 centos8.localdomain env[5997]: Started wazuh-remoted...
Jun 25 12:40:09 centos8.localdomain env[5997]: Started wazuh-logcollector...
Jun 25 12:40:10 centos8.localdomain env[5997]: Started wazuh-monitord...
Jun 25 12:40:10 centos8.localdomain env[5997]: 2024/06/25 12:40:10 wazuh-modulesd:router: INFO: Loaded router module.
Jun 25 12:40:10 centos8.localdomain env[5997]: 2024/06/25 12:40:10 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
Jun 25 12:40:11 centos8.localdomain env[5997]: Started wazuh-modulesd...
Jun 25 12:40:13 centos8.localdomain env[5997]: Completed.
Jun 25 12:40:13 centos8.localdomain systemd[1]: Started Wazuh manager.
[root@centos8 ~]# systemctl daemon-reload
[root@centos8 ~]# systemctl enable filebeat
Synchronizing state of filebeat.service with SysV service script with /usr/lib/systemd/systemd-sysv-install.
Executing: /usr/lib/systemd/systemd-sysv-install enable filebeat
Created symlink /etc/systemd/system/multi-user.target.wants/filebeat.service → /usr/lib/systemd/system/filebeat.service.
[root@centos8 ~]# systemctl start filebeat
[root@centos8 ~]# filebeat test output
elasticsearch: https://127.0.0.1:9200...
parse url... OK
connection...
parse host... OK
dns lookup... OK
addresses: 127.0.0.1
dial up... OK
TLS...
security: server's certificate chain verification is enabled
handshake... OK
TLS version: TLSv1.3
dial up... OK
talk to server... OK
version: 7.10.2
[root@centos8 ~]# yum install libcap -y
Last metadata expiration check: 0:02:20 ago on Tue 25 Jun 2024 12:38:22 PM UTC.
Package libcap-2.26-5.el8.x86_64 is already installed.
Dependencies resolved.
Nothing to do.
Complete!
[root@centos8 ~]# yum -y install wazuh-dashboard
Last metadata expiration check: 0:02:25 ago on Tue 25 Jun 2024 12:38:22 PM UTC.
Dependencies resolved.
============================================================================================================================================================================================================================================
Package Architecture Version Repository Size
============================================================================================================================================================================================================================================
Installing:
wazuh-dashboard x86_64 4.9.0-1 wazuh 260 M
Transaction Summary
============================================================================================================================================================================================================================================
Install 1 Package
Total download size: 260 M
Installed size: 888 M
Downloading Packages:
wazuh-dashboard-4.9.0-1.x86_64.rpm 8.6 MB/s | 260 MB 00:30
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total 8.6 MB/s | 260 MB 00:30
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Running scriptlet: wazuh-dashboard-4.9.0-1.x86_64 1/1
Installing : wazuh-dashboard-4.9.0-1.x86_64 1/1
Running scriptlet: wazuh-dashboard-4.9.0-1.x86_64 1/1
Verifying : wazuh-dashboard-4.9.0-1.x86_64 1/1
Installed:
wazuh-dashboard-4.9.0-1.x86_64
Complete!
[root@centos8 ~]# NODE_NAME=dashboard
[root@centos8 ~]# vi /etc/wazuh-dashboard/opensearch_dashboards.yml
[root@centos8 ~]# mkdir /etc/wazuh-dashboard/certs
[root@centos8 ~]# tar -xf ./wazuh-certificates.tar -C /etc/wazuh-dashboard/certs/ ./$NODE_NAME.pem ./$NODE_NAME-key.pem ./root-ca.pem
[root@centos8 ~]# mv -n /etc/wazuh-dashboard/certs/$NODE_NAME.pem /etc/wazuh-dashboard/certs/dashboard.pem
[root@centos8 ~]# mv -n /etc/wazuh-dashboard/certs/$NODE_NAME-key.pem /etc/wazuh-dashboard/certs/dashboard-key.pem
[root@centos8 ~]# chmod 500 /etc/wazuh-dashboard/certs
[root@centos8 ~]# chmod 400 /etc/wazuh-dashboard/certs/*
[root@centos8 ~]# chown -R wazuh-dashboard:wazuh-dashboard /etc/wazuh-dashboard/certs
[root@centos8 ~]# systemctl daemon-reload
[root@centos8 ~]# systemctl enable wazuh-dashboard
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service → /etc/systemd/system/wazuh-dashboard.service.
[root@centos8 ~]# systemctl start wazuh-dashboard
[root@centos8 ~]# ip add
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 08:00:27:1d:95:95 brd ff:ff:ff:ff:ff:ff
inet 10.0.2.15/24 brd 10.0.2.255 scope global dynamic noprefixroute eth0
valid_lft 84686sec preferred_lft 84686sec
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 08:00:27:ae:bb:ba brd ff:ff:ff:ff:ff:ff
inet 192.168.57.177/24 brd 192.168.57.255 scope global noprefixroute eth1
valid_lft forever preferred_lft forever
[root@centos8 ~]# systemctl status wazuh-dashboard.service
● wazuh-dashboard.service - wazuh-dashboard
Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; enabled; vendor preset: disabled)
Active: active (running) since Tue 2024-06-25 12:43:07 UTC; 33s ago
Main PID: 8195 (node)
Tasks: 11 (limit: 49489)
Memory: 223.0M
CGroup: /system.slice/wazuh-dashboard.service
└─8195 /usr/share/wazuh-dashboard/node/bin/node /usr/share/wazuh-dashboard/src/cli/dist -c /etc/wazuh-dashboard/opensearch_dashboards.yml
Jun 25 12:43:07 centos8.localdomain systemd[1]: Started wazuh-dashboard.
Jun 25 12:43:07 centos8.localdomain systemd[8195]: wazuh-dashboard.service: Failed to connect stdout to the journal socket, ignoring: Permission denied
Tostti
Related https://github.com/wazuh/wazuh-packages/issues/3013
A problem is detected when installing pre-release package 4.9.0-1 in YUM environments.
A test is carried out on Centos 8 and also on Amazon Linux 2. The error is the following:
The installation was carried out using the installation assistant and step by step and the result was the same.