Description

Due to the vulnerabilities found in the Ubuntu Jammy Docker image, we need to change the base image to amazonlinux:2023.

The AL2023 image does not have vulnerabilities, according to the scan:

grype amazonlinux:2023 --scope all-layers
 ✔ Vulnerability DB                [no update available]  
 ✔ Pulled image                    
 ✔ Loaded image                                                                                                                                                                                                           amazonlinux:2023
 ✔ Parsed image                                                                                                                                                    sha256:d37f99a4f4de01d940c42f85bc05fb397c696b483f9baa0bd98ae8e82008e0e6
 ✔ Cataloged contents                                                                                                                                                     e9cee87ac71fb2d68de304322882d25cbba211fd618aa6089c50c944f60ff1b5
   ├── ✔ Packages                        [106 packages]  
   ├── ✔ File digests                    [5,056 files]  
   ├── ✔ File metadata                   [5,056 locations]  
   └── ✔ Executables                     [272 executables]  
 ✔ Scanned for vulnerabilities     [0 vulnerability matches]  
   ├── by severity: 0 critical, 0 high, 0 medium, 0 low, 0 negligible
   └── by status:   0 fixed, 0 not-fixed, 0 ignored 
No vulnerabilities found

Tasks

[x] Change the base image to amazonlinux:2023.
[x] Adapt the Dockerfiles to work with that OS (RPM).
[x] Test the Docker images build.
[x] Test the wazuh-docker single-node deployment (analyze Wazuh indexer, manager, and dashboard status, logs, etc).
[x] Test the wazuh-docker multi-node deployment (analyze Wazuh indexer, manager, and dashboard status, logs, etc).
[x] Test the wazuh-docker upgrade guide from v4.7.2 (analyze Wazuh indexer, manager, and dashboard status, logs, etc).
[ ] Test the wazuh-kubernetes deployment (analyze Wazuh indexer, manager, and dashboard status, logs, etc). https://github.com/wazuh/wazuh-kubernetes/issues/596

DRI

@teddytpc1

Update Report

Development

Currently working on the images building. Some necessary changes must be done to complete this task.

I noticed many of the common and essential dependencies of Linux distributions are not installed in the Amazon Linux 2023 Docker image. Some extra dependencies installed to create the images are:

In wazuh-indexer image:
- xz
- tar
- openssl
- shadow-utils (groupadd)
- findutils (find)
In wazuh-manager image:
- gzip
- tar
- In wazuh-dashboard image:
- xz
- tar
- shadow-utils (groupadd)

Maybe, the image does not present any vulnerabilities because of its simplicity.

:heavy_check_mark: The Wazuh Docker images were built successfully:

root@ip-172-31-41-4:/home/ubuntu/wazuh-docker# sudo docker image ls
REPOSITORY              TAG       IMAGE ID       CREATED          SIZE
wazuh/wazuh-dashboard   4.8.0     3fd955dae2ad   7 minutes ago    1.15GB
wazuh/wazuh-indexer     4.8.0     c7b6bc5e1e76   10 minutes ago   2.32GB
wazuh/wazuh-manager     4.8.0     f97337140f22   11 minutes ago   5.95GB

root@ip-172-31-41-4:/home/ubuntu/wazuh-docker# build-docker-images/build-images.sh 
[+] Building 420.2s (82/82) FINISHED                                                                                 
 => [wazuh/wazuh-dashboard:4.8.0 internal] load build definition from Dockerfile                                0.0s
 => => transferring dockerfile: 3.65kB                                                                          0.0s
 => [wazuh/wazuh-indexer:4.8.0 internal] load metadata for docker.io/library/amazonlinux:2023.3.20240131.0      0.1s
 => [wazuh/wazuh-manager:4.8.0 internal] load build definition from Dockerfile                                  0.0s
 => => transferring dockerfile: 2.30kB                                                                          0.0s
 => [wazuh/wazuh-indexer:4.8.0 internal] load build definition from Dockerfile                                  0.0s
 => => transferring dockerfile: 2.56kB                                                                          0.0s
 => [wazuh/wazuh-manager:4.8.0 internal] load .dockerignore                                                     0.0s
 => => transferring context: 2B                                                                                 0.0s
 => [wazuh/wazuh-dashboard:4.8.0 internal] load .dockerignore                                                   0.0s
 => => transferring context: 2B                                                                                 0.0s
 => [wazuh/wazuh-indexer:4.8.0 internal] load .dockerignore                                                     0.0s
 => => transferring context: 2B                                                                                 0.0s
 => CACHED [wazuh/wazuh-indexer:4.8.0  1/16] FROM docker.io/library/amazonlinux:2023.3.20240131.0@sha256:d8323  0.0s
 => CACHED [wazuh/wazuh-manager:4.8.0] https://raw.githubusercontent.com/wazuh/wazuh/4.8.0/extensions/elastics  0.1s
 => [wazuh/wazuh-manager:4.8.0 internal] load build context                                                     0.1s
 => => transferring context: 836B                                                                               0.0s
 => [wazuh/wazuh-dashboard:4.8.0 internal] load build context                                                   0.1s
 => => transferring context: 358B                                                                               0.0s
 => [wazuh/wazuh-dashboard:4.8.0 stage-1  2/13] RUN yum install shadow-utils -y                                32.3s
 => [wazuh/wazuh-dashboard:4.8.0 builder  2/17] RUN yum install curl-minimal libcap xz tar openssl -y          31.2s
 => [wazuh/wazuh-manager:4.8.0  2/16] RUN rm /bin/sh && ln -s /bin/bash /bin/sh                                 1.2s
 => [wazuh/wazuh-indexer:4.8.0 internal] load build context                                                     0.1s
 => => transferring context: 432B                                                                               0.0s
 => [wazuh/wazuh-indexer:4.8.0 stage-1  2/16] RUN yum install curl-minimal shadow-utils -y                     31.1s
 => [wazuh/wazuh-indexer:4.8.0 builder  2/10] RUN yum install curl-minimal openssl tar xz findutils shadow-ut  33.1s
 => [wazuh/wazuh-manager:4.8.0  3/16] RUN yum install curl-minimal xz gnupg tar gzip -y &&    yum clean all    31.9s
 => [wazuh/wazuh-indexer:4.8.0 stage-1  3/16] RUN getent group wazuh-indexer || groupadd -r -g 1000 wazuh-inde  1.4s
 => [wazuh/wazuh-dashboard:4.8.0 builder  3/17] RUN mkdir -p /usr/share/wazuh-dashboard                         1.2s
 => [wazuh/wazuh-dashboard:4.8.0 stage-1  3/13] RUN getent group wazuh-dashboard || groupadd -r -g 1000 wazuh-  1.3s
 => [wazuh/wazuh-dashboard:4.8.0 builder  4/17] COPY config/dl_base.sh .                                        0.1s
 => [wazuh/wazuh-indexer:4.8.0 stage-1  4/16] RUN useradd --system             --uid 1000             --no-cre  1.3s
 => [wazuh/wazuh-dashboard:4.8.0 builder  5/17] RUN bash dl_base.sh                                            59.2s
 => [wazuh/wazuh-manager:4.8.0  4/16] COPY config/check_repository.sh /                                         0.1s
 => [wazuh/wazuh-indexer:4.8.0 builder  3/10] COPY config/opensearch.yml /                                      0.1s 
 => [wazuh/wazuh-manager:4.8.0  5/16] COPY config/filebeat_module.sh /                                          0.1s 
 => [wazuh/wazuh-manager:4.8.0  6/16] COPY config/permanent_data.env config/permanent_data.sh /                 0.1s 
 => [wazuh/wazuh-indexer:4.8.0 builder  4/10] COPY config/config.sh .                                           0.1s 
 => [wazuh/wazuh-manager:4.8.0  7/16] RUN chmod 775 /check_repository.sh                                        1.0s 
 => [wazuh/wazuh-indexer:4.8.0 builder  5/10] COPY config/config.yml /                                          0.1s 
 => [wazuh/wazuh-indexer:4.8.0 builder  6/10] COPY config/action_groups.yml /                                   0.1s 
 => [wazuh/wazuh-indexer:4.8.0 builder  7/10] COPY config/internal_users.yml /                                  0.1s 
 => [wazuh/wazuh-indexer:4.8.0 builder  8/10] COPY config/roles_mapping.yml /                                   0.1s 
 => [wazuh/wazuh-dashboard:4.8.0 stage-1  4/13] RUN useradd --system             --uid 1000             --no-c  1.1s 
 => [wazuh/wazuh-indexer:4.8.0 builder  9/10] COPY config/roles.yml /                                           0.2s 
 => [wazuh/wazuh-indexer:4.8.0 stage-1  5/16] WORKDIR /usr/share/wazuh-indexer                                  0.1s 
 => [wazuh/wazuh-indexer:4.8.0 builder 10/10] RUN bash config.sh                                              159.4s 
 => [wazuh/wazuh-indexer:4.8.0 stage-1  6/16] COPY config/entrypoint.sh /                                       0.2s
 => [wazuh/wazuh-indexer:4.8.0 stage-1  7/16] COPY config/securityadmin.sh /                                    0.1s
 => [wazuh/wazuh-manager:4.8.0  8/16] RUN source /check_repository.sh                                           2.6s
 => [wazuh/wazuh-indexer:4.8.0 stage-1  8/16] COPY config/ism-check.sh /                                        0.1s
 => [wazuh/wazuh-indexer:4.8.0 stage-1  9/16] RUN chmod 700 /entrypoint.sh && chmod 700 /securityadmin.sh && c  1.5s
 => [wazuh/wazuh-dashboard:4.8.0 stage-1  5/13] COPY config/entrypoint.sh /                                     0.2s
 => [wazuh/wazuh-dashboard:4.8.0 stage-1  6/13] COPY config/wazuh_app_config.sh /                               0.3s
 => [wazuh/wazuh-dashboard:4.8.0 stage-1  7/13] RUN chmod 700 /entrypoint.sh                                    1.5s
 => [wazuh/wazuh-indexer:4.8.0 stage-1 10/16] RUN chown 1000:1000 /*.sh                                         1.5s
 => [wazuh/wazuh-manager:4.8.0  9/16] RUN yum install wazuh-manager-4.8.0-1 -y &&     yum clean all &&     c  198.6s
 => [wazuh/wazuh-dashboard:4.8.0 stage-1  8/13] RUN chmod 700 /wazuh_app_config.sh                              1.6s
 => [wazuh/wazuh-dashboard:4.8.0 stage-1  9/13] RUN chown 1000:1000 /*.sh                                       1.4s
 => [wazuh/wazuh-dashboard:4.8.0 builder  6/17] COPY config/config.sh .                                         0.1s
 => [wazuh/wazuh-dashboard:4.8.0 builder  7/17] COPY config/config.yml /                                        0.0s
 => [wazuh/wazuh-dashboard:4.8.0 builder  8/17] RUN bash config.sh                                              5.5s
 => [wazuh/wazuh-dashboard:4.8.0 builder  9/17] COPY config/install_wazuh_app.sh /                              0.1s
 => [wazuh/wazuh-dashboard:4.8.0 builder 10/17] RUN chmod 775 /install_wazuh_app.sh                             0.6s
 => [wazuh/wazuh-dashboard:4.8.0 builder 11/17] RUN bash /install_wazuh_app.sh                                 36.7s
 => [wazuh/wazuh-dashboard:4.8.0 builder 12/17] COPY config/opensearch_dashboards.yml /usr/share/wazuh-dashboa  0.1s
 => [wazuh/wazuh-dashboard:4.8.0 builder 13/17] COPY config/wazuh.yml /usr/share/wazuh-dashboard/data/wazuh/co  0.0s
 => [wazuh/wazuh-dashboard:4.8.0 builder 14/17] RUN chown 101:101 /usr/share/wazuh-dashboard/config/opensearch  0.6s
 => [wazuh/wazuh-dashboard:4.8.0 builder 15/17] RUN mkdir -p /usr/share/wazuh-dashboard/data/wazuh && chown -R  0.7s
 => [wazuh/wazuh-dashboard:4.8.0 builder 16/17] RUN mkdir -p /usr/share/wazuh-dashboard/data/wazuh/config && c  0.6s
 => [wazuh/wazuh-dashboard:4.8.0 builder 17/17] RUN mkdir -p /usr/share/wazuh-dashboard/data/wazuh/logs && cho  0.8s
 => [wazuh/wazuh-indexer:4.8.0 stage-1 11/16] COPY --from=builder --chown=1000:1000 /debian/wazuh-indexer/usr  14.6s
 => [wazuh/wazuh-indexer:4.8.0 stage-1 12/16] COPY --from=builder --chown=0:0 /debian/wazuh-indexer/usr/lib/sy  0.1s
 => [wazuh/wazuh-indexer:4.8.0 stage-1 13/16] COPY --from=builder --chown=0:0 /debian/wazuh-indexer/usr/lib/sy  0.0s
 => [wazuh/wazuh-indexer:4.8.0 stage-1 14/16] COPY --from=builder --chown=0:0 /debian/wazuh-indexer/usr/lib/tm  0.1s
 => [wazuh/wazuh-indexer:4.8.0 stage-1 15/16] RUN chown -R 1000:1000 /usr/share/wazuh-indexer                  17.0s
 => [wazuh/wazuh-manager:4.8.0 10/16] COPY config/etc/ /etc/                                                    0.1s
 => [wazuh/wazuh-manager:4.8.0 11/16] COPY --chown=root:wazuh config/create_user.py /var/ossec/framework/scrip  0.1s
 => [wazuh/wazuh-manager:4.8.0 12/16] COPY config/filebeat.yml /etc/filebeat/                                   0.0s
 => [wazuh/wazuh-manager:4.8.0 13/16] RUN chmod go-w /etc/filebeat/filebeat.yml                                 0.6s
 => [wazuh/wazuh-manager:4.8.0 14/16] ADD https://raw.githubusercontent.com/wazuh/wazuh/4.8.0/extensions/elast  0.1s
 => [wazuh/wazuh-manager:4.8.0 15/16] RUN chmod go-w /etc/filebeat/wazuh-template.json                          1.0s
 => [wazuh/wazuh-manager:4.8.0 16/16] RUN mkdir -p /var/ossec/var/multigroups &&     chown root:wazuh /var/oss  1.6s
 => [wazuh/wazuh-manager:4.8.0] exporting to image                                                             85.5s
 => => exporting layers                                                                                        85.4s
 => => writing image sha256:59934c9362f4f61639792c7545bf27b08c1046e5db74d196b801504e4a8281ed                    0.0s
 => => naming to docker.io/wazuh/wazuh-manager:4.8.0                                                            0.1s
 => [wazuh/wazuh-indexer:4.8.0 stage-1 16/16] RUN mkdir -p /var/lib/wazuh-indexer && chown 1000:1000 /var/lib/  0.6s
 => [wazuh/wazuh-indexer:4.8.0] exporting to image                                                             17.7s
 => => exporting layers                                                                                        17.7s
 => => writing image sha256:3101a6930d1acd115bb0cabae2ecbd378436063511fb789a47a42899f973399e                    0.0s
 => => naming to docker.io/wazuh/wazuh-indexer:4.8.0                                                            0.0s
 => [wazuh/wazuh-dashboard:4.8.0 stage-1 10/13] COPY --from=builder --chown=1000:1000 /usr/share/wazuh-dashbo  95.2s
 => [wazuh/wazuh-dashboard:4.8.0 stage-1 11/13] RUN mkdir -p /usr/share/wazuh-dashboard/plugins/wazuh/public/a  1.0s
 => [wazuh/wazuh-dashboard:4.8.0 stage-1 12/13] RUN chown 1000:1000 /usr/share/wazuh-dashboard/plugins/wazuh/p  0.5s
 => [wazuh/wazuh-dashboard:4.8.0 stage-1 13/13] WORKDIR /usr/share/wazuh-dashboard                              0.1s
 => [wazuh/wazuh-dashboard:4.8.0] exporting to image                                                           44.3s
 => => exporting layers                                                                                        44.3s
 => => writing image sha256:4a7271b36317379c42847176e87d1dab6c5ab0e0adaebaecc11b7d83484c5cdf                    0.0s
 => => naming to docker.io/wazuh/wazuh-dashboard:4.8.0

Vulnerability analysis

wazuh-dashboard:

root@ip-172-31-41-4:/home/ubuntu/wazuh-docker# grype 3fd955dae2ad --scope all-layers
 ✔ Vulnerability DB                [no update available]  
 ✔ Loaded image                                                                                        3fd955dae2ad
 ✔ Parsed image                             sha256:3fd955dae2ad120fa882b493722411485442ca12ec435f8e052080d2704d6fa5
 ✔ Cataloged contents                              d9910be92b172b4fcc335443ace77433fd6e6b3fe02f48893151992bac1d1aaa
   ├── ✔ Packages                        [1,963 packages]  
   ├── ✔ File digests                    [5,403 files]  
   ├── ✔ File metadata                   [5,403 locations]  
   └── ✔ Executables                     [298 executables]  
 ✔ Scanned for vulnerabilities     [28 vulnerability matches]  
   ├── by severity: 5 critical, 11 high, 12 medium, 0 low, 0 negligible
   └── by status:   8 fixed, 20 not-fixed, 0 ignored 
[0146]  WARN cataloger failed cataloger=javascript-package-cataloger error=failed to parse package.json file: unable 
[0146]  WARN cataloger failed cataloger=javascript-package-cataloger error=failed to parse package.json file: unable 
[0147]  WARN cataloger failed cataloger=javascript-package-cataloger error=failed to parse package.json file: unexpec
[0147]  WARN cataloger failed cataloger=java-archive-cataloger error=unable to read files from java archive: unable t
NAME                   INSTALLED                FIXED-IN               TYPE    VULNERABILITY        SEVERITY 
@babel/traverse        7.17.3                   7.23.2                 npm     GHSA-67hx-6x53-jw92  Critical  
@babel/traverse        7.21.2                   7.23.2                 npm     GHSA-67hx-6x53-jw92  Critical  
angular                1.8.2                                           npm     GHSA-4w4v-5hc9-xrr2  High      
angular                1.8.2                                           npm     GHSA-qwqh-hm9m-p5hr  Medium    
angular                1.8.2                                           npm     GHSA-prc3-vjfx-vhm9  Medium    
angular                1.8.2                                           npm     GHSA-m2h2-264f-f486  Medium    
angular                1.8.2                                           npm     GHSA-2vrf-hf26-jrp5  Medium    
angular                1.8.2                                           npm     GHSA-2qqx-w9hr-q5gx  Medium    
axios                  0.27.2                   1.6.0                  npm     GHSA-wf5p-g6vw-rhxx  Medium    
debug                  4.1.1                    4.3.1                  npm     GHSA-gxpj-cx7g-858c  Medium    
expat                  2.5.0-1.amzn2023.0.2     2.5.0-1.amzn2023.0.3   rpm     ALAS-2024-524        Medium    
follow-redirects       1.15.2                   1.15.4                 npm     GHSA-jchw-25xp-jwwc  Medium    
hoek                   4.2.1                                           npm     GHSA-c429-5p7v-vgjp  High      
hoek                   6.1.3                                           npm     GHSA-c429-5p7v-vgjp  High      
monorepo-symlink-test  0.0.0                                           npm     GHSA-2jcg-qqmg-46q6  Critical  
node                   18.16.0                                         binary  CVE-2023-32002       Critical  
node                   18.16.0                                         binary  CVE-2023-44487       High      
node                   18.16.0                                         binary  CVE-2023-38552       High      
node                   18.16.0                                         binary  CVE-2023-32559       High      
node                   18.16.0                                         binary  CVE-2023-32006       High      
node                   18.16.0                                         binary  CVE-2023-30590       High      
node                   18.16.0                                         binary  CVE-2023-30589       High      
node                   18.16.0                                         binary  CVE-2023-30585       High      
node                   18.16.0                                         binary  CVE-2023-30581       High      
node                   18.16.0                                         binary  CVE-2023-30588       Medium    
openssl-libs           1:3.0.8-1.amzn2023.0.10  3.0.8-1.amzn2023.0.11  rpm     ALAS-2024-520        Medium

wazuh-indexer:

root@ip-172-31-41-4:/home/ubuntu/wazuh-docker# grype c7b6bc5e1e76 --scope all-layers
 ✔ Vulnerability DB                [no update available]  
 ✔ Loaded image                                                                                        c7b6bc5e1e76
 ✔ Parsed image                             sha256:c7b6bc5e1e76e9263ad11810eef62d190c94d0a760172d30939ccfc7aebf0f16
 ✔ Cataloged contents                              8389456362c07c41f23ae9690140dbfa97d8650f155583800f3689269e41b0ef
   ├── ✔ Packages                        [751 packages]  
   ├── ✔ File digests                    [5,403 files]  
   ├── ✔ File metadata                   [5,403 locations]  
   └── ✔ Executables                     [368 executables]  
 ✔ Scanned for vulnerabilities     [14 vulnerability matches]  
   ├── by severity: 0 critical, 7 high, 7 medium, 0 low, 0 negligible
   └── by status:   14 fixed, 0 not-fixed, 0 ignored 
NAME               INSTALLED                FIXED-IN               TYPE          VULNERABILITY        SEVERITY 
bc-fips            1.0.2.3                  1.0.2.4                java-archive  GHSA-68m8-v89j-7j2p  Medium    
commons-compress   1.22                     1.24.0                 java-archive  GHSA-cgwf-w82q-5jrr  Medium    
commons-compress   1.23.0                   1.24.0                 java-archive  GHSA-cgwf-w82q-5jrr  Medium    
expat              2.5.0-1.amzn2023.0.2     2.5.0-1.amzn2023.0.3   rpm           ALAS-2024-524        Medium    
json               20230227                 20231013               java-archive  GHSA-4jq9-2xhw-jpx7  High      
netty-codec-http2  4.1.97.Final             4.1.100.Final          java-archive  GHSA-xpw8-rcwv-8f8p  High      
opensearch         2.10.0                   2.11.1                 java-archive  GHSA-6g3j-p5g6-992f  Medium    
openssl-libs       1:3.0.8-1.amzn2023.0.10  3.0.8-1.amzn2023.0.11  rpm           ALAS-2024-520        Medium    
snappy-java        1.1.10.3                 1.1.10.4               java-archive  GHSA-55g7-9cwv-5qfv  High      
xmlsec             2.3.3                    2.3.4                  java-archive  GHSA-xfrj-6vvc-3xm2  Medium

wazuh-manager:

root@ip-172-31-41-4:~/wazuh-docker# grype f97337140f22 --scope all-layers
 ✔ Vulnerability DB                [no update available]  
 ✔ Loaded image                                                                                        f97337140f22
 ✔ Parsed image                             sha256:f97337140f225a6b6167d8246d1b68034b9fb73e2a1c073593628bf46cdecf26
 ✔ Cataloged contents                              7b84f282a92aa20a25695c4421403596d09763a7083995d943f258ffff61cb79
   ├── ✔ Packages                        [314 packages]  
   ├── ✔ File digests                    [25,156 files]  
   ├── ✔ File metadata                   [25,156 locations]  
   └── ✔ Executables                     [707 executables]  
 ✔ Scanned for vulnerabilities     [113 vulnerability matches]  
   ├── by severity: 7 critical, 57 high, 44 medium, 5 low, 0 negligible
   └── by status:   42 fixed, 71 not-fixed, 0 ignored 
NAME                                  INSTALLED                             FIXED-IN                           TYPE       VULNERABILITY        SEVERITY 
Werkzeug                              2.2.3                                 2.3.8                              python     GHSA-hrfv-mqp8-q5rw  Medium    
aiohttp                               3.9.1                                 3.9.2                              python     GHSA-8qpw-xqxj-h4r2  Medium    
aiohttp                               3.9.1                                 3.9.2                              python     GHSA-5h86-8mv2-jq9f  Medium    
cryptography                          41.0.7                                42.0.0                             python     GHSA-3ww4-gg4f-jr7f  High      
cryptography                          41.0.7                                42.0.2                             python     GHSA-9v9h-cgj8-h64p  Medium    
ecdsa                                 0.16.1                                                                   python     GHSA-wj6h-64fc-37mp  High      
expat                                 2.5.0-1.amzn2023.0.2                  2.5.0-1.amzn2023.0.3               rpm        ALAS-2024-524        Medium    
github.com/containerd/containerd      v1.3.3                                1.4.13                             go-module  GHSA-crp2-qrr5-8pq7  High      
github.com/containerd/containerd      v1.3.3                                1.5.18                             go-module  GHSA-hmfx-3pcx-653p  Medium    
github.com/containerd/containerd      v1.3.3                                1.4.8                              go-module  GHSA-c72p-9xmj-rx3w  Medium    
github.com/containerd/containerd      v1.3.3                                1.4.11                             go-module  GHSA-c2h3-6mxw-7mvq  Medium    
github.com/containerd/containerd      v1.3.3                                1.6.26                             go-module  GHSA-7ww5-4wqc-m92c  Medium    
github.com/containerd/containerd      v1.3.3                                1.3.10                             go-module  GHSA-6g2q-w5j3-fwh4  Medium    
github.com/containerd/containerd      v1.3.3                                1.5.13                             go-module  GHSA-5ffw-gxpp-mxpf  Medium    
github.com/containerd/containerd      v1.3.3                                1.3.9                              go-module  GHSA-36xw-fx78-c5r4  Medium    
github.com/containerd/containerd      v1.3.3                                1.5.16                             go-module  GHSA-2qjp-425j-52j9  Medium    
github.com/containerd/containerd      v1.3.3                                1.5.18                             go-module  GHSA-259w-8hf6-59c2  Medium    
github.com/containerd/containerd      v1.3.3                                1.4.12                             go-module  GHSA-5j5w-g665-5m35  Low       
github.com/docker/distribution        v2.7.1+incompatible                   2.8.2-beta.1                       go-module  GHSA-hqxw-f8mx-cpmw  High      
github.com/docker/distribution        v2.7.1+incompatible                   2.8.0                              go-module  GHSA-qq97-vm5h-rrhg  Low       
github.com/gogo/protobuf              v1.3.1                                1.3.2                              go-module  GHSA-c3h9-896r-86jm  High      
github.com/miekg/dns                  v1.1.15                               1.1.25                             go-module  GHSA-44r7-7p62-q3fr  Medium    
github.com/opencontainers/image-spec  v1.0.2-0.20190823105129-775207bd45b6  1.0.2                              go-module  GHSA-77vh-xpmg-72qh  Low       
go.elastic.co/apm                     v1.8.1-0.20200909061013-2aef45b9cf4b  1.11.0                             go-module  GHSA-qqc5-rgcc-cjqh  Low       
golang.org/x/crypto                   v0.0.0-20200510223506-06a226fb4e37    0.0.0-20211202192323-5770296d904e  go-module  GHSA-gwc9-m7rh-j2ww  High      
golang.org/x/crypto                   v0.0.0-20200510223506-06a226fb4e37    0.0.0-20220314234659-1baeb1ce4c0b  go-module  GHSA-8c26-wmh5-6g9v  High      
golang.org/x/crypto                   v0.0.0-20200510223506-06a226fb4e37    0.0.0-20201216223049-8b5274cf687f  go-module  GHSA-3vm4-22fp-5rfm  High      
golang.org/x/crypto                   v0.0.0-20200510223506-06a226fb4e37    0.17.0                             go-module  GHSA-45x7-px36-x8w8  Medium    
golang.org/x/net                      v0.0.0-20200202094626-16171245cfb2    0.7.0                              go-module  GHSA-vvpx-j8f3-3w6h  High      
golang.org/x/net                      v0.0.0-20200202094626-16171245cfb2    0.0.0-20210520170846-37e1c6afe023  go-module  GHSA-83g2-8m93-v3w7  High      
golang.org/x/net                      v0.0.0-20200202094626-16171245cfb2    0.0.0-20220906165146-f3363e06e74c  go-module  GHSA-69cg-p879-7622  High      
golang.org/x/net                      v0.0.0-20200202094626-16171245cfb2    0.17.0                             go-module  GHSA-4374-p667-p6c8  High      
golang.org/x/net                      v0.0.0-20200202094626-16171245cfb2    0.17.0                             go-module  GHSA-qppj-fm5r-hxr3  Medium    
golang.org/x/net                      v0.0.0-20200202094626-16171245cfb2    0.0.0-20210428140749-89ef3d95e781  go-module  GHSA-h86h-8ppg-mxmh  Medium    
golang.org/x/net                      v0.0.0-20200202094626-16171245cfb2    0.13.0                             go-module  GHSA-2wrh-6pvc-2jm9  Medium    
golang.org/x/sys                      v0.0.0-20200625212154-ddb9806d33ae    0.0.0-20220412211240-33da011f77ad  go-module  GHSA-p782-xgp4-8hr8  Medium    
golang.org/x/text                     v0.3.2                                0.3.7                              go-module  GHSA-ppp9-7jff-5vj2  High      
golang.org/x/text                     v0.3.2                                0.3.8                              go-module  GHSA-69ch-w2m2-3vjp  High      
golang.org/x/text                     v0.3.2                                0.3.3                              go-module  GHSA-5rcv-m4m3-hfh7  Medium    
google.golang.org/grpc                v1.29.1                               1.56.3                             go-module  GHSA-m425-mq94-257g  High      
google.golang.org/grpc                v1.29.1                               1.56.3                             go-module  GHSA-qppj-fm5r-hxr3  Medium    
k8s.io/client-go                      v0.18.3                               0.18.14                            go-module  GHSA-8cfg-vx93-jvxw  Medium    
openssl-libs                          1:3.0.8-1.amzn2023.0.10               3.0.8-1.amzn2023.0.11              rpm        ALAS-2024-520        Medium    
stdlib                                go1.14.12                                                                go-module  CVE-2023-29405       Critical  
stdlib                                go1.14.12                                                                go-module  CVE-2023-29404       Critical  
stdlib                                go1.14.12                                                                go-module  CVE-2023-29402       Critical  
stdlib                                go1.14.12                                                                go-module  CVE-2023-24540       Critical  
stdlib                                go1.14.12                                                                go-module  CVE-2023-24538       Critical  
stdlib                                go1.14.12                                                                go-module  CVE-2022-23806       Critical  
stdlib                                go1.14.12                                                                go-module  CVE-2021-38297       Critical  
stdlib                                go1.14.12                                                                go-module  CVE-2023-45287       High      
stdlib                                go1.14.12                                                                go-module  CVE-2023-45285       High      
stdlib                                go1.14.12                                                                go-module  CVE-2023-44487       High      
stdlib                                go1.14.12                                                                go-module  CVE-2023-39323       High      
stdlib                                go1.14.12                                                                go-module  CVE-2023-29403       High      
stdlib                                go1.14.12                                                                go-module  CVE-2023-29400       High      
stdlib                                go1.14.12                                                                go-module  CVE-2023-24539       High      
stdlib                                go1.14.12                                                                go-module  CVE-2023-24537       High      
stdlib                                go1.14.12                                                                go-module  CVE-2023-24536       High      
stdlib                                go1.14.12                                                                go-module  CVE-2023-24534       High      
stdlib                                go1.14.12                                                                go-module  CVE-2022-41725       High      
stdlib                                go1.14.12                                                                go-module  CVE-2022-41724       High      
stdlib                                go1.14.12                                                                go-module  CVE-2022-41723       High      
stdlib                                go1.14.12                                                                go-module  CVE-2022-41722       High      
stdlib                                go1.14.12                                                                go-module  CVE-2022-41715       High      
stdlib                                go1.14.12                                                                go-module  CVE-2022-32189       High      
stdlib                                go1.14.12                                                                go-module  CVE-2022-30635       High      
stdlib                                go1.14.12                                                                go-module  CVE-2022-30633       High      
stdlib                                go1.14.12                                                                go-module  CVE-2022-30632       High      
stdlib                                go1.14.12                                                                go-module  CVE-2022-30631       High      
stdlib                                go1.14.12                                                                go-module  CVE-2022-30630       High      
stdlib                                go1.14.12                                                                go-module  CVE-2022-30580       High      
stdlib                                go1.14.12                                                                go-module  CVE-2022-2880        High      
stdlib                                go1.14.12                                                                go-module  CVE-2022-2879        High      
stdlib                                go1.14.12                                                                go-module  CVE-2022-28327       High      
stdlib                                go1.14.12                                                                go-module  CVE-2022-28131       High      
stdlib                                go1.14.12                                                                go-module  CVE-2022-27664       High      
stdlib                                go1.14.12                                                                go-module  CVE-2022-24921       High      
stdlib                                go1.14.12                                                                go-module  CVE-2022-24675       High      
stdlib                                go1.14.12                                                                go-module  CVE-2022-23773       High      
stdlib                                go1.14.12                                                                go-module  CVE-2022-23772       High      
stdlib                                go1.14.12                                                                go-module  CVE-2021-44716       High      
stdlib                                go1.14.12                                                                go-module  CVE-2021-41772       High      
stdlib                                go1.14.12                                                                go-module  CVE-2021-41771       High      
stdlib                                go1.14.12                                                                go-module  CVE-2021-39293       High      
stdlib                                go1.14.12                                                                go-module  CVE-2021-33198       High      
stdlib                                go1.14.12                                                                go-module  CVE-2021-33196       High      
stdlib                                go1.14.12                                                                go-module  CVE-2021-33195       High      
stdlib                                go1.14.12                                                                go-module  CVE-2021-33194       High      
stdlib                                go1.14.12                                                                go-module  CVE-2021-3115        High      
stdlib                                go1.14.12                                                                go-module  CVE-2021-29923       High      
stdlib                                go1.14.12                                                                go-module  CVE-2021-27918       High      
stdlib                                go1.14.12                                                                go-module  CVE-2023-39326       Medium    
stdlib                                go1.14.12                                                                go-module  CVE-2023-39319       Medium    
stdlib                                go1.14.12                                                                go-module  CVE-2023-39318       Medium    
stdlib                                go1.14.12                                                                go-module  CVE-2023-29409       Medium    
stdlib                                go1.14.12                                                                go-module  CVE-2023-29406       Medium    
stdlib                                go1.14.12                                                                go-module  CVE-2023-24532       Medium    
stdlib                                go1.14.12                                                                go-module  CVE-2022-41717       Medium    
stdlib                                go1.14.12                                                                go-module  CVE-2022-32148       Medium    
stdlib                                go1.14.12                                                                go-module  CVE-2022-29526       Medium    
stdlib                                go1.14.12                                                                go-module  CVE-2022-1962        Medium    
stdlib                                go1.14.12                                                                go-module  CVE-2022-1705        Medium    
stdlib                                go1.14.12                                                                go-module  CVE-2021-44717       Medium    
stdlib                                go1.14.12                                                                go-module  CVE-2021-36221       Medium    
stdlib                                go1.14.12                                                                go-module  CVE-2021-34558       Medium    
stdlib                                go1.14.12                                                                go-module  CVE-2021-33197       Medium    
stdlib                                go1.14.12                                                                go-module  CVE-2021-31525       Medium    
stdlib                                go1.14.12                                                                go-module  CVE-2021-3114        Medium    
stdlib                                go1.14.12                                                                go-module  CVE-2020-29511       Medium    
stdlib                                go1.14.12                                                                go-module  CVE-2020-29510       Medium    
stdlib                                go1.14.12                                                                go-module  CVE-2020-29509       Medium    
stdlib                                go1.14.12                                                                go-module  CVE-2022-30629       Low

Update Report

Testing

The images must be re-built again because the Wazuh manager container is not running. It seems the image needs some dependencies:

wazuh.manager-1    | /var/run/s6/etc/cont-init.d/0-wazuh-init: line 187: find: command not found
wazuh.manager-1    | /var/run/s6/etc/cont-init.d/0-wazuh-init: line 188: find: command not found
wazuh.manager-1    | Creating wazuh-authd key and cert
wazuh.manager-1    | Error executing command: 'openssl genrsa -out /var/ossec/etc/sslmanager.key 4096'.

After many testing, it was found that some extra dependencies were necessary to make all the modules of Wazuh manager work. Also, a problem was found related to the owner and group of some Wazuh manager files. Some files were with user 101 instead of wazuh, caused by the following lines:

https://github.com/wazuh/wazuh-docker/blob/d538e47eef1ec3b32d0b6e6fa348a3f492d54066/build-docker-images/wazuh-manager/config/etc/cont-init.d/0-wazuh-init#L186-L189

They were changed to: https://github.com/wazuh/wazuh-docker/blob/63ddd688840001dd21ea4475497417484003e56f/build-docker-images/wazuh-manager/config/etc/cont-init.d/0-wazuh-init#L186-L188

The change of user was removed.
The change of group was changed to 999.

These are the values of the UID and GID that take in the Docker installation in AL2023.

bash-5.2# cat /etc/passwd | grep wazuh
wazuh:x:999:999::/var/ossec:/sbin/nologin
bash-5.2#

Opened issue: https://github.com/wazuh/wazuh-docker/issues/1220

Update Report

Note: the services may take some more time than before for unknown reasons. Maybe the OS is affecting this, but it is not related to this issue.

Testing single node deployment

root@ip-172-31-41-4:/home/ubuntu/wazuh-docker# docker ps -a
CONTAINER ID   IMAGE                         COMMAND                  CREATED         STATUS         PORTS                                                                                                                                                           NAMES
ffab1126e649   wazuh/wazuh-dashboard:4.8.0   "/entrypoint.sh"         6 minutes ago   Up 6 minutes   443/tcp, 0.0.0.0:443->5601/tcp, :::443->5601/tcp                                                                                                                single-node-wazuh.dashboard-1
4434f0b15d8f   wazuh/wazuh-manager:4.8.0     "/init"                  6 minutes ago   Up 6 minutes   0.0.0.0:1514-1515->1514-1515/tcp, :::1514-1515->1514-1515/tcp, 0.0.0.0:514->514/udp, :::514->514/udp, 0.0.0.0:55000->55000/tcp, :::55000->55000/tcp, 1516/tcp   single-node-wazuh.manager-1
9f7a4bc53308   wazuh/wazuh-indexer:4.8.0     "/entrypoint.sh open…"   6 minutes ago   Up 6 minutes   0.0.0.0:9200->9200/tcp, :::9200->9200/tcp                                                                                                                       single-node-wazuh.indexer-1

Wazuh indexer logs

[2024-02-22T14:00:57,310][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] PluginService:onIndexModule index:[wazuh-monitoring-2024.8w/YdhpAPXFQde176CcB_LjUg]
[2024-02-22T14:00:57,346][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-02-22T14:00:57,459][INFO ][o.o.c.r.a.AllocationService] [wazuh.indexer] Cluster health status changed from [YELLOW] to [GREEN] (reason: [shards started [[wazuh-monitoring-2024.8w][0]]]).
[2024-02-22T14:00:57,511][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-02-22T14:00:57,539][INFO ][o.o.c.m.MetadataUpdateSettingsService] [wazuh.indexer] updating number_of_replicas to [0] for indices [wazuh-monitoring-2024.8w]
[2024-02-22T14:01:01,584][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] PluginService:onIndexModule index:[validate-template-eonxowxzrgqvkck693vuea/YFrniOtRSsm-shkR_5a0uA]
[2024-02-22T14:01:01,701][INFO ][o.o.c.m.MetadataIndexTemplateService] [wazuh.indexer] adding index template [wazuh-states-vulnerabilities_template] for index patterns [wazuh-states-vulnerabilities]
[2024-02-22T14:01:01,793][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-02-22T14:01:01,815][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] PluginService:onIndexModule index:[wazuh-states-vulnerabilities/blP1ItShSbqTZb2KtqHJ8Q]
[2024-02-22T14:01:01,858][INFO ][o.o.c.m.MetadataCreateIndexService] [wazuh.indexer] [wazuh-states-vulnerabilities] creating index, cause [api], templates [wazuh-states-vulnerabilities_template], shards [1]/[0]
[2024-02-22T14:01:01,970][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] PluginService:onIndexModule index:[wazuh-states-vulnerabilities/blP1ItShSbqTZb2KtqHJ8Q]
[2024-02-22T14:01:02,065][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-02-22T14:01:02,227][INFO ][o.o.c.r.a.AllocationService] [wazuh.indexer] Cluster health status changed from [YELLOW] to [GREEN] (reason: [shards started [[wazuh-states-vulnerabilities][0]]]).
[2024-02-22T14:01:02,309][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-02-22T14:01:06,556][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] PluginService:onIndexModule index:[wazuh-alerts-4.x-2024.02.22/qvCegos2SMKB-BI3i_xW4Q]
[2024-02-22T14:01:06,688][INFO ][o.o.c.m.MetadataMappingService] [wazuh.indexer] [wazuh-alerts-4.x-2024.02.22/qvCegos2SMKB-BI3i_xW4Q] update_mapping [_doc]
[2024-02-22T14:01:06,953][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-02-22T14:01:06,980][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] PluginService:onIndexModule index:[wazuh-alerts-4.x-2024.02.22/qvCegos2SMKB-BI3i_xW4Q]
[2024-02-22T14:01:07,119][INFO ][o.o.c.m.MetadataMappingService] [wazuh.indexer] [wazuh-alerts-4.x-2024.02.22/qvCegos2SMKB-BI3i_xW4Q] update_mapping [_doc]
[2024-02-22T14:01:07,411][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-02-22T14:01:07,417][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] PluginService:onIndexModule index:[wazuh-alerts-4.x-2024.02.22/qvCegos2SMKB-BI3i_xW4Q]
[2024-02-22T14:01:07,916][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] PluginService:onIndexModule index:[wazuh-alerts-4.x-2024.02.22/qvCegos2SMKB-BI3i_xW4Q]
[2024-02-22T14:01:08,064][INFO ][o.o.c.m.MetadataMappingService] [wazuh.indexer] [wazuh-alerts-4.x-2024.02.22/qvCegos2SMKB-BI3i_xW4Q] update_mapping [_doc]
[2024-02-22T14:01:08,194][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-02-22T14:01:08,202][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] PluginService:onIndexModule index:[wazuh-alerts-4.x-2024.02.22/qvCegos2SMKB-BI3i_xW4Q]
[2024-02-22T14:01:22,880][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] PluginService:onIndexModule index:[.kibana_1/owi9xZSESjKa5K_5ePZgHQ]
[2024-02-22T14:01:22,908][INFO ][o.o.c.m.MetadataMappingService] [wazuh.indexer] [.kibana_1/owi9xZSESjKa5K_5ePZgHQ] update_mapping [_doc]
[2024-02-22T14:01:23,026][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-02-22T14:01:38,142][INFO ][o.o.i.i.ManagedIndexCoordinator] [wazuh.indexer] Performing move cluster state metadata.
[2024-02-22T14:01:38,202][INFO ][o.o.i.i.MetadataService  ] [wazuh.indexer] ISM config index not exist, so we cancel the metadata migration job.
[2024-02-22T14:01:38,205][INFO ][o.o.i.i.ManagedIndexCoordinator] [wazuh.indexer] Performing ISM template migration.
[2024-02-22T14:01:38,214][INFO ][o.o.i.i.m.ISMTemplateService] [wazuh.indexer] Doing ISM template migration 1 time.
[2024-02-22T14:01:38,215][INFO ][o.o.i.i.m.ISMTemplateService] [wazuh.indexer] Use 2024-02-22T13:00:38.136Z as migrating ISM template last_updated_time
[2024-02-22T14:01:38,234][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] PluginService:onIndexModule index:[simulate_template_index_rd22e6t6rdemtp6wiz__ka/AHKFdNldT7OzZxXx7e9dww]
[2024-02-22T14:01:38,245][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] PluginService:onIndexModule index:[simulate_template_index_rd22e6t6rdemtp6wiz__ka/AHKFdNldT7OzZxXx7e9dww]
[2024-02-22T14:01:38,283][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] PluginService:onIndexModule index:[simulate_template_index_i5gripyuqsev21r_51bofa/bckeWdgcS3m2swWFznq0wQ]
[2024-02-22T14:01:38,304][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] PluginService:onIndexModule index:[simulate_template_index_i5gripyuqsev21r_51bofa/bckeWdgcS3m2swWFznq0wQ]
[2024-02-22T14:01:38,327][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] PluginService:onIndexModule index:[simulate_template_index_pvdbdajeq5a5zzr40emema/2WjikauzS-OZmbHLFaKkRg]
[2024-02-22T14:01:38,339][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] PluginService:onIndexModule index:[simulate_template_index_pvdbdajeq5a5zzr40emema/2WjikauzS-OZmbHLFaKkRg]
[2024-02-22T14:01:38,351][INFO ][o.o.i.i.m.ISMTemplateService] [wazuh.indexer] ISM templates: {=[ISMTemplate(indexPatterns=[ss4o_metrics-*-*], priority=1, lastUpdatedTime=2024-02-22T13:00:38.136Z), ISMTemplate(indexPatterns=[ss4o_traces-*-*], priority=1, lastUpdatedTime=2024-02-22T13:00:38.136Z), ISMTemplate(indexPatterns=[wazuh-states-vulnerabilities], priority=1, lastUpdatedTime=2024-02-22T13:00:38.136Z)]}
[2024-02-22T14:01:38,353][INFO ][o.o.i.i.m.ISMTemplateService] [wazuh.indexer] Policies to update: []
[2024-02-22T14:01:38,375][INFO ][o.o.i.i.m.ISMTemplateService] [wazuh.indexer] Failure experienced when migrating ISM Template and update ISM policies: {}
[2024-02-22T14:01:38,746][INFO ][o.o.c.s.ClusterSettings  ] [wazuh.indexer] updating [plugins.index_state_management.template_migration.control] from [0] to [-1]
[2024-02-22T14:01:38,751][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-02-22T14:01:38,757][INFO ][o.o.i.i.m.ISMTemplateService] [wazuh.indexer] Successfully update template migration setting
[2024-02-22T14:02:19,171][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] PluginService:onIndexModule index:[wazuh-alerts-4.x-2024.02.22/qvCegos2SMKB-BI3i_xW4Q]
[2024-02-22T14:02:19,207][INFO ][o.o.c.m.MetadataMappingService] [wazuh.indexer] [wazuh-alerts-4.x-2024.02.22/qvCegos2SMKB-BI3i_xW4Q] update_mapping [_doc]
[2024-02-22T14:02:19,309][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-02-22T14:02:38,142][INFO ][o.o.i.i.ManagedIndexCoordinator] [wazuh.indexer] Cancel background move metadata process.
[2024-02-22T14:02:38,144][INFO ][o.o.i.i.ManagedIndexCoordinator] [wazuh.indexer] Performing move cluster state metadata.
[2024-02-22T14:02:38,144][INFO ][o.o.i.i.MetadataService  ] [wazuh.indexer] Move metadata has finished.

Wazuh manager logs

bash-5.2# cat /var/ossec/logs/ossec.log 
2024/02/22 13:59:41 wazuh-modulesd:router: INFO: Loaded router module.
2024/02/22 13:59:41 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
2024/02/22 13:59:48 wazuh-csyslogd: INFO: Remote syslog server not configured. Clean exit.
2024/02/22 13:59:49 wazuh-dbd: INFO: Database not configured. Clean exit.
2024/02/22 13:59:49 wazuh-integratord: INFO: Remote integrations not configured. Clean exit.
2024/02/22 13:59:49 wazuh-agentlessd: INFO: Not configured. Exiting.
2024/02/22 13:59:49 wazuh-authd: INFO: Started (pid: 541).
2024/02/22 13:59:49 wazuh-authd: INFO: Accepting connections on port 1515. No password required.
2024/02/22 13:59:49 wazuh-authd: INFO: Setting network timeout to 1.000000 sec.
2024/02/22 13:59:50 wazuh-db: INFO: Started (pid: 558).
2024/02/22 13:59:50 wazuh-db: INFO: Created Global database backup "backup/db/global.db-backup-2024-02-22-13:59:50.gz"
2024/02/22 13:59:51 wazuh-execd: INFO: Started (pid: 583).
2024/02/22 13:59:53 wazuh-syscheckd: INFO: Started (pid: 612).
2024/02/22 13:59:53 wazuh-syscheckd: INFO: (6003): Monitoring path: '/bin', with options 'size | permissions | owner | group | mtime | inode | hash_md5 | hash_sha1 | hash_sha256 | scheduled'.
2024/02/22 13:59:53 wazuh-syscheckd: INFO: (6003): Monitoring path: '/boot', with options 'size | permissions | owner | group | mtime | inode | hash_md5 | hash_sha1 | hash_sha256 | scheduled'.
2024/02/22 13:59:53 wazuh-syscheckd: INFO: (6003): Monitoring path: '/etc', with options 'size | permissions | owner | group | mtime | inode | hash_md5 | hash_sha1 | hash_sha256 | scheduled'.
2024/02/22 13:59:53 wazuh-syscheckd: INFO: (6003): Monitoring path: '/sbin', with options 'size | permissions | owner | group | mtime | inode | hash_md5 | hash_sha1 | hash_sha256 | scheduled'.
2024/02/22 13:59:53 wazuh-syscheckd: INFO: (6003): Monitoring path: '/usr/bin', with options 'size | permissions | owner | group | mtime | inode | hash_md5 | hash_sha1 | hash_sha256 | scheduled'.
2024/02/22 13:59:53 wazuh-syscheckd: INFO: (6003): Monitoring path: '/usr/sbin', with options 'size | permissions | owner | group | mtime | inode | hash_md5 | hash_sha1 | hash_sha256 | scheduled'.
2024/02/22 13:59:53 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/mtab'
2024/02/22 13:59:53 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/hosts.deny'
2024/02/22 13:59:53 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/mail/statistics'
2024/02/22 13:59:53 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/random-seed'
2024/02/22 13:59:53 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/random.seed'
2024/02/22 13:59:53 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/adjtime'
2024/02/22 13:59:53 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/httpd/logs'
2024/02/22 13:59:53 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/utmpx'
2024/02/22 13:59:53 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/wtmpx'
2024/02/22 13:59:53 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/cups/certs'
2024/02/22 13:59:53 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/dumpdates'
2024/02/22 13:59:53 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/svc/volatile'
2024/02/22 13:59:53 wazuh-syscheckd: INFO: (6207): Ignore 'file' sregex '.log$|.swp$'
2024/02/22 13:59:53 wazuh-syscheckd: INFO: (6004): No diff for file: '/etc/ssl/private.key'
2024/02/22 13:59:53 wazuh-syscheckd: INFO: (6000): Starting daemon...
2024/02/22 13:59:53 wazuh-syscheckd: INFO: (6010): File integrity monitoring scan frequency: 43200 seconds
2024/02/22 13:59:53 wazuh-syscheckd: INFO: (6008): File integrity monitoring scan started.
2024/02/22 13:59:53 rootcheck: INFO: Starting rootcheck scan.
2024/02/22 13:59:54 wazuh-analysisd: INFO: Total rules enabled: '6786'
2024/02/22 13:59:54 wazuh-analysisd: INFO: Started (pid: 597).
2024/02/22 13:59:55 wazuh-remoted: INFO: Started (pid: 630). Listening on port 1514/TCP (secure).
2024/02/22 13:59:55 wazuh-remoted: INFO: (1410): Reading authentication keys file.
2024/02/22 13:59:55 wazuh-analysisd: INFO: EPS limit disabled
2024/02/22 13:59:55 wazuh-analysisd: INFO: (7200): Logtest started
2024/02/22 13:59:56 wazuh-logcollector: INFO: Monitoring output of command(360): df -P
2024/02/22 13:59:56 wazuh-logcollector: INFO: Monitoring full output of command(360): netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d
2024/02/22 13:59:56 wazuh-logcollector: INFO: Monitoring full output of command(360): last -n 20
2024/02/22 13:59:56 wazuh-logcollector: INFO: (1950): Analyzing file: '/var/ossec/logs/active-responses.log'.
2024/02/22 13:59:56 wazuh-logcollector: INFO: Started (pid: 695).
2024/02/22 13:59:57 wazuh-monitord: INFO: Started (pid: 716).
2024/02/22 13:59:57 wazuh-syscheckd: INFO: (6009): File integrity monitoring scan ended.
2024/02/22 13:59:57 wazuh-syscheckd: INFO: FIM sync module started.
2024/02/22 13:59:58 wazuh-modulesd:router: INFO: Loaded router module.
2024/02/22 13:59:58 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
2024/02/22 13:59:58 wazuh-modulesd: INFO: Started (pid: 739).
2024/02/22 13:59:58 sca: INFO: Module started.
2024/02/22 13:59:58 sca: INFO: Loaded policy '/var/ossec/ruleset/sca/cis_amazon_linux_2023.yml'
2024/02/22 13:59:58 sca: INFO: Starting Security Configuration Assessment scan.
2024/02/22 13:59:58 wazuh-modulesd:osquery: INFO: Module disabled. Exiting...
2024/02/22 13:59:58 wazuh-modulesd:router: INFO: Starting router module.
2024/02/22 13:59:58 wazuh-modulesd:content_manager: INFO: Starting content_manager module.
2024/02/22 13:59:58 wazuh-modulesd:agent-upgrade: INFO: (8153): Module Agent Upgrade started.
2024/02/22 13:59:58 wazuh-modulesd:database: INFO: Module started.
2024/02/22 13:59:58 wazuh-modulesd:vulnerability-scanner: INFO: Starting vulnerability_scanner module.
2024/02/22 13:59:58 wazuh-modulesd:ciscat: INFO: Module disabled. Exiting...
2024/02/22 13:59:58 wazuh-modulesd:download: INFO: Module started.
2024/02/22 13:59:58 wazuh-modulesd:control: INFO: Starting control thread.
2024/02/22 13:59:58 wazuh-modulesd:task-manager: INFO: (8200): Module Task Manager started.
2024/02/22 13:59:58 sca: INFO: Starting evaluation of policy: '/var/ossec/ruleset/sca/cis_amazon_linux_2023.yml'
2024/02/22 13:59:58 wazuh-modulesd:syscollector: INFO: Module started.
2024/02/22 13:59:58 wazuh-modulesd:syscollector: INFO: Starting evaluation.
2024/02/22 13:59:59 wazuh-modulesd:syscollector: INFO: Evaluation finished.
2024/02/22 13:59:59 indexer-connector: WARNING: Error initializing IndexerConnector: Couldn't connect to server, we will try again after 2 seconds.
2024/02/22 13:59:59 wazuh-modulesd:vulnerability-scanner: INFO: Starting database file decompression.
2024/02/22 14:00:01 indexer-connector: WARNING: Error initializing IndexerConnector: Couldn't connect to server, we will try again after 4 seconds.
2024/02/22 14:00:05 indexer-connector: WARNING: Error initializing IndexerConnector: Couldn't connect to server, we will try again after 8 seconds.
2024/02/22 14:00:13 indexer-connector: WARNING: Error initializing IndexerConnector: Couldn't connect to server, we will try again after 16 seconds.
2024/02/22 14:00:29 indexer-connector: WARNING: Error initializing IndexerConnector: Couldn't connect to server, we will try again after 32 seconds.
2024/02/22 14:00:53 rootcheck: INFO: Ending rootcheck scan.
2024/02/22 14:00:55 sca: INFO: Evaluation finished for policy '/var/ossec/ruleset/sca/cis_amazon_linux_2023.yml'
2024/02/22 14:00:55 sca: INFO: Security Configuration Assessment scan finished. Duration: 57 seconds.
2024/02/22 14:01:02 indexer-connector: INFO: IndexerConnector initialized.
2024/02/22 14:02:10 wazuh-modulesd:vulnerability-scanner: INFO: Database decompression finished.
2024/02/22 14:02:11 wazuh-modulesd:content-updater: INFO: Starting scheduled action for 'vulnerability_feed_manager'
2024/02/22 14:02:11 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' started
2024/02/22 14:02:11 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' finished
2024/02/22 14:02:11 wazuh-modulesd:vulnerability-scanner: INFO: Vulnerability scanner module started
bash-5.2#

Wazuh dashboard logs

bash-5.2$ cat /usr/share/wazuh-dashboard/data/wazuh/logs/wazuhapp.log | grep -i -E "error|warn"
bash-5.2$

Accessing interface

Testing multi node deployment

root@ip-172-31-41-4:/home/ubuntu# docker ps -a
CONTAINER ID   IMAGE                         COMMAND                  CREATED          STATUS         PORTS                                                                                                                                                 NAMES
66793c3a3920   nginx:stable                  "/docker-entrypoint.…"   10 minutes ago   Up 3 minutes   80/tcp, 0.0.0.0:1514->1514/tcp, :::1514->1514/tcp                                                                                                     multi-node-nginx-1
d695f1126d9e   wazuh/wazuh-dashboard:4.8.0   "/entrypoint.sh"         10 minutes ago   Up 3 minutes   443/tcp, 0.0.0.0:443->5601/tcp, :::443->5601/tcp                                                                                                      multi-node-wazuh.dashboard-1
84e71783735c   wazuh/wazuh-indexer:4.8.0     "/entrypoint.sh open…"   10 minutes ago   Up 3 minutes   0.0.0.0:9200->9200/tcp, :::9200->9200/tcp                                                                                                             multi-node-wazuh1.indexer-1
cb810dfa6859   wazuh/wazuh-indexer:4.8.0     "/entrypoint.sh open…"   10 minutes ago   Up 3 minutes   9200/tcp                                                                                                                                              multi-node-wazuh2.indexer-1
0379f08949b8   wazuh/wazuh-manager:4.8.0     "/init"                  10 minutes ago   Up 3 minutes   1514/tcp, 0.0.0.0:1515->1515/tcp, :::1515->1515/tcp, 0.0.0.0:514->514/udp, :::514->514/udp, 1516/tcp, 0.0.0.0:55000->55000/tcp, :::55000->55000/tcp   multi-node-wazuh.master-1
7f85ae4712a3   wazuh/wazuh-manager:4.8.0     "/init"                  10 minutes ago   Up 3 minutes   1514-1516/tcp, 514/udp, 55000/tcp                                                                                                                     multi-node-wazuh.worker-1
b3a41b1f4e20   wazuh/wazuh-indexer:4.8.0     "/entrypoint.sh open…"   10 minutes ago   Up 3 minutes   9200/tcp                                                                                                                                              multi-node-wazuh3.indexer-1
root@ip-172-31-41-4:/home/ubuntu#

Wazuh indexer logs

bash-5.2$ cat /var/log/wazuh-indexer/wazuh-cluster.log | grep -i -E "error|warn"
[2024-02-22T14:28:27,986][INFO ][o.o.n.Node               ] [wazuh1.indexer] JVM arguments [-Xshare:auto, -Dopensearch.networkaddress.cache.ttl=60, -Dopensearch.networkaddress.cache.negative.ttl=10, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -XX:+ShowCodeDetailsInExceptionMessages, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dio.netty.allocator.numDirectArenas=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.locale.providers=SPI,COMPAT, -XX:+UseG1GC, -XX:G1ReservePercent=25, -XX:InitiatingHeapOccupancyPercent=30, -Djava.io.tmpdir=/tmp/opensearch-7786276805363767305, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=/var/lib/wazuh-indexer, -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -Dclk.tck=100, -Djdk.attach.allowAttachSelf=true, -Djava.security.policy=file:///usr/share/wazuh-indexer/opensearch-performance-analyzer/opensearch_security.policy, --add-opens=jdk.attach/sun.tools.attach=ALL-UNNAMED, -Xms1g, -Xmx1g, -XX:MaxDirectMemorySize=536870912, -Dopensearch.path.home=/usr/share/wazuh-indexer, -Dopensearch.path.conf=/usr/share/wazuh-indexer, -Dopensearch.distribution.type=rpm, -Dopensearch.bundled_jdk=true]
[2024-02-22T14:28:54,343][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] Directory /usr/share/wazuh-indexer/.cache has insecure file permissions (should be 0700)
[2024-02-22T14:28:54,344][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] Directory /usr/share/wazuh-indexer/.cache/JNA has insecure file permissions (should be 0700)
[2024-02-22T14:28:54,368][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] Directory /usr/share/wazuh-indexer/.cache/JNA/temp has insecure file permissions (should be 0700)
[2024-02-22T14:28:54,370][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] Directory /usr/share/wazuh-indexer/logs has insecure file permissions (should be 0700)
[2024-02-22T14:28:54,371][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/opensearch.yml has insecure file permissions (should be 0600)
[2024-02-22T14:28:54,379][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/jdk/lib/jspawnhelper has insecure file permissions (should be 0600)
[2024-02-22T14:28:54,515][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/jdk/bin/jdeprscan has insecure file permissions (should be 0600)
[2024-02-22T14:28:54,534][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/jdk/bin/jps has insecure file permissions (should be 0600)
[2024-02-22T14:28:54,535][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/jdk/bin/jstack has insecure file permissions (should be 0600)
[2024-02-22T14:28:54,536][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/plugins/opensearch-security/tools/wazuh-certs-tool.sh has insecure file permissions (should be 0600)
[2024-02-22T14:28:54,538][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/opensearch-security/internal_users.yml has insecure file permissions (should be 0600)
[2024-02-22T14:28:54,539][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/performance-analyzer-rca/bin/performance-analyzer-agent has insecure file permissions (should be 0600)
[2024-02-22T14:28:54,542][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/performance-analyzer-rca/bin/performance-analyzer-rca has insecure file permissions (should be 0600)
[2024-02-22T14:28:54,546][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/bin/opensearch-env-from-file has insecure file permissions (should be 0600)
[2024-02-22T14:28:54,562][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/bin/opensearch-upgrade has insecure file permissions (should be 0600)
[2024-02-22T14:28:54,563][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/bin/opensearch-cli has insecure file permissions (should be 0600)
[2024-02-22T14:28:54,568][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/bin/opensearch-keystore has insecure file permissions (should be 0600)
[2024-02-22T14:28:54,569][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/bin/opensearch-performance-analyzer/performance-analyzer-agent has insecure file permissions (should be 0600)
[2024-02-22T14:28:54,574][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/bin/opensearch-performance-analyzer/performance-analyzer-agent-cli has insecure file permissions (should be 0600)
[2024-02-22T14:28:54,582][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/bin/opensearch-plugin has insecure file permissions (should be 0600)
[2024-02-22T14:28:54,586][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/bin/opensearch-node has insecure file permissions (should be 0600)
[2024-02-22T14:28:54,598][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/bin/opensearch-shard has insecure file permissions (should be 0600)
[2024-02-22T14:28:54,602][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/bin/opensearch has insecure file permissions (should be 0600)
[2024-02-22T14:28:54,606][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/bin/opensearch-env has insecure file permissions (should be 0600)
[2024-02-22T14:29:58,735][WARN ][o.o.s.c.Salt             ] [wazuh1.indexer] If you plan to use field masking pls configure compliance salt e1ukloTsQlOgPquJ to be a random string of 16 chars length identical on all nodes
[2024-02-22T14:29:59,177][ERROR][o.o.s.a.s.SinkProvider   ] [wazuh1.indexer] Default endpoint could not be created, auditlog will not work properly.
[2024-02-22T14:29:59,196][WARN ][o.o.s.a.r.AuditMessageRouter] [wazuh1.indexer] No default storage available, audit log may not work properly. Please check configuration.
[2024-02-22T14:30:09,433][WARN ][o.o.s.p.SQLPlugin        ] [wazuh1.indexer] Master key is a required config for using create and update datasource APIs. Please set plugins.query.datasources.encryption.masterkey config in opensearch.yml in all the cluster nodes. More details can be found here: https://github.com/opensearch-project/sql/blob/main/docs/user/ppl/admin/datasources.rst#master-key-config-for-encrypting-credential-information
[2024-02-22T14:30:24,960][WARN ][o.o.g.DanglingIndicesState] [wazuh1.indexer] gateway.auto_import_dangling_indices is disabled, dangling indices will not be automatically detected or imported and must be managed manually
[2024-02-22T14:30:34,538][ERROR][o.o.b.Bootstrap          ] [wazuh1.indexer] node validation exception
[2024-02-22T14:31:12,970][INFO ][o.o.n.Node               ] [wazuh1.indexer] JVM arguments [-Xshare:auto, -Dopensearch.networkaddress.cache.ttl=60, -Dopensearch.networkaddress.cache.negative.ttl=10, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -XX:+ShowCodeDetailsInExceptionMessages, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dio.netty.allocator.numDirectArenas=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.locale.providers=SPI,COMPAT, -XX:+UseG1GC, -XX:G1ReservePercent=25, -XX:InitiatingHeapOccupancyPercent=30, -Djava.io.tmpdir=/tmp/opensearch-7344517411175463262, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=/var/lib/wazuh-indexer, -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -Dclk.tck=100, -Djdk.attach.allowAttachSelf=true, -Djava.security.policy=file:///usr/share/wazuh-indexer/opensearch-performance-analyzer/opensearch_security.policy, --add-opens=jdk.attach/sun.tools.attach=ALL-UNNAMED, -Xms1g, -Xmx1g, -XX:MaxDirectMemorySize=536870912, -Dopensearch.path.home=/usr/share/wazuh-indexer, -Dopensearch.path.conf=/usr/share/wazuh-indexer, -Dopensearch.distribution.type=rpm, -Dopensearch.bundled_jdk=true]
[2024-02-22T14:31:34,284][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] Directory /usr/share/wazuh-indexer/.cache has insecure file permissions (should be 0700)
[2024-02-22T14:31:34,292][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] Directory /usr/share/wazuh-indexer/.cache/JNA has insecure file permissions (should be 0700)
[2024-02-22T14:31:34,293][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] Directory /usr/share/wazuh-indexer/.cache/JNA/temp has insecure file permissions (should be 0700)
[2024-02-22T14:31:34,305][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] Directory /usr/share/wazuh-indexer/logs has insecure file permissions (should be 0700)
[2024-02-22T14:31:34,310][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/opensearch.yml has insecure file permissions (should be 0600)
[2024-02-22T14:31:34,323][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/jdk/lib/jspawnhelper has insecure file permissions (should be 0600)
[2024-02-22T14:31:34,327][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/jdk/bin/jconsole has insecure file permissions (should be 0600)
[2024-02-22T14:31:34,329][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/jdk/bin/jlink has insecure file permissions (should be 0600)
[2024-02-22T14:31:34,336][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/jdk/bin/java has insecure file permissions (should be 0600)
[2024-02-22T14:31:34,343][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/jdk/bin/jdeps has insecure file permissions (should be 0600)
[2024-02-22T14:31:34,348][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/jdk/bin/javadoc has insecure file permissions (should be 0600)
[2024-02-22T14:31:34,363][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/jdk/bin/jar has insecure file permissions (should be 0600)
[2024-02-22T14:31:34,546][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/jdk/bin/jps has insecure file permissions (should be 0600)
[2024-02-22T14:31:34,558][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/jdk/bin/jstack has insecure file permissions (should be 0600)
[2024-02-22T14:31:34,563][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/plugins/opensearch-security/tools/wazuh-certs-tool.sh has insecure file permissions (should be 0600)
[2024-02-22T14:31:34,565][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/opensearch-security/internal_users.yml has insecure file permissions (should be 0600)
[2024-02-22T14:31:34,571][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/performance-analyzer-rca/bin/performance-analyzer-agent has insecure file permissions (should be 0600)
[2024-02-22T14:31:34,576][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/performance-analyzer-rca/bin/performance-analyzer-rca has insecure file permissions (should be 0600)
[2024-02-22T14:31:34,581][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/bin/opensearch-env-from-file has insecure file permissions (should be 0600)
[2024-02-22T14:31:34,585][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/bin/opensearch-upgrade has insecure file permissions (should be 0600)
[2024-02-22T14:31:34,589][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/bin/opensearch-cli has insecure file permissions (should be 0600)
[2024-02-22T14:31:34,601][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/bin/opensearch-keystore has insecure file permissions (should be 0600)
[2024-02-22T14:31:34,602][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/bin/opensearch-performance-analyzer/performance-analyzer-agent has insecure file permissions (should be 0600)
[2024-02-22T14:31:34,607][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/bin/opensearch-performance-analyzer/performance-analyzer-agent-cli has insecure file permissions (should be 0600)
[2024-02-22T14:31:34,611][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/bin/opensearch-plugin has insecure file permissions (should be 0600)
[2024-02-22T14:31:34,612][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/bin/opensearch-node has insecure file permissions (should be 0600)
[2024-02-22T14:31:34,625][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/bin/opensearch-shard has insecure file permissions (should be 0600)
[2024-02-22T14:31:34,629][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/bin/opensearch has insecure file permissions (should be 0600)
[2024-02-22T14:31:34,635][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/bin/opensearch-env has insecure file permissions (should be 0600)
[2024-02-22T14:32:53,899][WARN ][o.o.s.c.Salt             ] [wazuh1.indexer] If you plan to use field masking pls configure compliance salt e1ukloTsQlOgPquJ to be a random string of 16 chars length identical on all nodes
[2024-02-22T14:32:54,279][ERROR][o.o.s.a.s.SinkProvider   ] [wazuh1.indexer] Default endpoint could not be created, auditlog will not work properly.
[2024-02-22T14:32:54,294][WARN ][o.o.s.a.r.AuditMessageRouter] [wazuh1.indexer] No default storage available, audit log may not work properly. Please check configuration.
[2024-02-22T14:33:03,893][WARN ][o.o.s.p.SQLPlugin        ] [wazuh1.indexer] Master key is a required config for using create and update datasource APIs. Please set plugins.query.datasources.encryption.masterkey config in opensearch.yml in all the cluster nodes. More details can be found here: https://github.com/opensearch-project/sql/blob/main/docs/user/ppl/admin/datasources.rst#master-key-config-for-encrypting-credential-information
[2024-02-22T14:33:17,266][WARN ][o.o.g.DanglingIndicesState] [wazuh1.indexer] gateway.auto_import_dangling_indices is disabled, dangling indices will not be automatically detected or imported and must be managed manually
[2024-02-22T14:33:26,247][ERROR][o.o.b.Bootstrap          ] [wazuh1.indexer] node validation exception
[2024-02-22T14:34:43,015][INFO ][o.o.n.Node               ] [wazuh1.indexer] JVM arguments [-Xshare:auto, -Dopensearch.networkaddress.cache.ttl=60, -Dopensearch.networkaddress.cache.negative.ttl=10, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -XX:+ShowCodeDetailsInExceptionMessages, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dio.netty.allocator.numDirectArenas=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.locale.providers=SPI,COMPAT, -XX:+UseG1GC, -XX:G1ReservePercent=25, -XX:InitiatingHeapOccupancyPercent=30, -Djava.io.tmpdir=/tmp/opensearch-15025988817348444977, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=/var/lib/wazuh-indexer, -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -Dclk.tck=100, -Djdk.attach.allowAttachSelf=true, -Djava.security.policy=file:///usr/share/wazuh-indexer/opensearch-performance-analyzer/opensearch_security.policy, --add-opens=jdk.attach/sun.tools.attach=ALL-UNNAMED, -Xms1g, -Xmx1g, -XX:MaxDirectMemorySize=536870912, -Dopensearch.path.home=/usr/share/wazuh-indexer, -Dopensearch.path.conf=/usr/share/wazuh-indexer, -Dopensearch.distribution.type=rpm, -Dopensearch.bundled_jdk=true]
[2024-02-22T14:35:10,297][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] Directory /usr/share/wazuh-indexer/.cache has insecure file permissions (should be 0700)
[2024-02-22T14:35:10,303][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] Directory /usr/share/wazuh-indexer/.cache/JNA has insecure file permissions (should be 0700)
[2024-02-22T14:35:10,304][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] Directory /usr/share/wazuh-indexer/.cache/JNA/temp has insecure file permissions (should be 0700)
[2024-02-22T14:35:10,306][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] Directory /usr/share/wazuh-indexer/logs has insecure file permissions (should be 0700)
[2024-02-22T14:35:10,347][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/opensearch.yml has insecure file permissions (should be 0600)
[2024-02-22T14:35:10,349][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/jdk/lib/jspawnhelper has insecure file permissions (should be 0600)

[2024-02-22T14:35:10,493][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/jdk/bin/jcmd has insecure file permissions (should be 0600)
[2024-02-22T14:35:10,494][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/jdk/bin/jpackage has insecure file permissions (should be 0600)
[2024-02-22T14:35:10,495][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/jdk/bin/jdeprscan has insecure file permissions (should be 0600)
[2024-02-22T14:35:10,496][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/jdk/bin/jps has insecure file permissions (should be 0600)
[2024-02-22T14:35:10,497][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/jdk/bin/jstack has insecure file permissions (should be 0600)
[2024-02-22T14:35:10,507][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/plugins/opensearch-security/tools/wazuh-certs-tool.sh has insecure file permissions (should be 0600)
[2024-02-22T14:35:10,527][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/opensearch-security/internal_users.yml has insecure file permissions (should be 0600)
[2024-02-22T14:35:10,529][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/performance-analyzer-rca/bin/performance-analyzer-agent has insecure file permissions (should be 0600)
[2024-02-22T14:35:10,530][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/performance-analyzer-rca/bin/performance-analyzer-rca has insecure file permissions (should be 0600)
[2024-02-22T14:35:10,531][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/bin/opensearch-env-from-file has insecure file permissions (should be 0600)
[2024-02-22T14:35:10,542][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/bin/opensearch-upgrade has insecure file permissions (should be 0600)
[2024-02-22T14:35:10,543][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/bin/opensearch-cli has insecure file permissions (should be 0600)
[2024-02-22T14:35:10,544][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/bin/opensearch-keystore has insecure file permissions (should be 0600)
[2024-02-22T14:35:10,562][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/bin/opensearch-performance-analyzer/performance-analyzer-agent has insecure file permissions (should be 0600)
[2024-02-22T14:35:10,578][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/bin/opensearch-performance-analyzer/performance-analyzer-agent-cli has insecure file permissions (should be 0600)
[2024-02-22T14:35:10,579][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/bin/opensearch-plugin has insecure file permissions (should be 0600)
[2024-02-22T14:35:10,581][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/bin/opensearch-node has insecure file permissions (should be 0600)
[2024-02-22T14:35:10,585][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/bin/opensearch-shard has insecure file permissions (should be 0600)
[2024-02-22T14:35:10,594][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/bin/opensearch has insecure file permissions (should be 0600)
[2024-02-22T14:35:10,597][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/bin/opensearch-env has insecure file permissions (should be 0600)
[2024-02-22T14:36:12,739][WARN ][o.o.s.c.Salt             ] [wazuh1.indexer] If you plan to use field masking pls configure compliance salt e1ukloTsQlOgPquJ to be a random string of 16 chars length identical on all nodes
[2024-02-22T14:36:13,108][ERROR][o.o.s.a.s.SinkProvider   ] [wazuh1.indexer] Default endpoint could not be created, auditlog will not work properly.
[2024-02-22T14:36:13,123][WARN ][o.o.s.a.r.AuditMessageRouter] [wazuh1.indexer] No default storage available, audit log may not work properly. Please check configuration.
[2024-02-22T14:36:19,703][WARN ][o.o.s.p.SQLPlugin        ] [wazuh1.indexer] Master key is a required config for using create and update datasource APIs. Please set plugins.query.datasources.encryption.masterkey config in opensearch.yml in all the cluster nodes. More details can be found here: https://github.com/opensearch-project/sql/blob/main/docs/user/ppl/admin/datasources.rst#master-key-config-for-encrypting-credential-information
[2024-02-22T14:36:28,552][WARN ][o.o.g.DanglingIndicesState] [wazuh1.indexer] gateway.auto_import_dangling_indices is disabled, dangling indices will not be automatically detected or imported and must be managed manually
[2024-02-22T14:36:41,600][WARN ][o.o.p.c.s.h.ConfigOverridesClusterSettingHandler] [wazuh1.indexer] Config override setting update called with empty string. Ignoring.
[2024-02-22T14:36:43,372][ERROR][o.o.s.a.BackendRegistry  ] [wazuh1.indexer] Not yet initialized (you may need to run securityadmin)
[2024-02-22T14:36:43,478][ERROR][o.o.s.a.BackendRegistry  ] [wazuh1.indexer] Not yet initialized (you may need to run securityadmin)
[2024-02-22T14:36:43,490][ERROR][o.o.s.a.BackendRegistry  ] [wazuh1.indexer] Not yet initialized (you may need to run securityadmin)
[2024-02-22T14:36:43,507][ERROR][o.o.s.a.BackendRegistry  ] [wazuh1.indexer] Not yet initialized (you may need to run securityadmin)
[2024-02-22T14:36:44,617][WARN ][o.o.o.i.ObservabilityIndex] [wazuh1.indexer] message: index [.opensearch-observability/e-CyVJPCTwuVVnG7okfKzA] already exists
[2024-02-22T14:36:44,830][ERROR][o.o.s.a.BackendRegistry  ] [wazuh1.indexer] Not yet initialized (you may need to run securityadmin)
[2024-02-22T14:36:45,560][ERROR][o.o.s.a.BackendRegistry  ] [wazuh1.indexer] Not yet initialized (you may need to run securityadmin)
[2024-02-22T14:36:45,566][ERROR][o.o.s.a.BackendRegistry  ] [wazuh1.indexer] Not yet initialized (you may need to run securityadmin)
[2024-02-22T14:36:45,574][ERROR][o.o.s.a.BackendRegistry  ] [wazuh1.indexer] Not yet initialized (you may need to run securityadmin)
[2024-02-22T14:36:58,082][ERROR][o.o.s.a.BackendRegistry  ] [wazuh1.indexer] Not yet initialized (you may need to run securityadmin)
[2024-02-22T14:36:58,095][ERROR][o.o.s.a.BackendRegistry  ] [wazuh1.indexer] Not yet initialized (you may need to run securityadmin)
[2024-02-22T14:36:58,110][ERROR][o.o.s.a.BackendRegistry  ] [wazuh1.indexer] Not yet initialized (you may need to run securityadmin)
[2024-02-22T14:37:00,574][ERROR][o.o.s.a.BackendRegistry  ] [wazuh1.indexer] Not yet initialized (you may need to run securityadmin)
[2024-02-22T14:37:00,881][ERROR][o.o.s.a.BackendRegistry  ] [wazuh1.indexer] Not yet initialized (you may need to run securityadmin)
[2024-02-22T14:37:00,892][ERROR][o.o.s.a.BackendRegistry  ] [wazuh1.indexer] Not yet initialized (you may need to run securityadmin)
[2024-02-22T14:37:01,031][ERROR][o.o.s.a.BackendRegistry  ] [wazuh1.indexer] Not yet initialized (you may need to run securityadmin)
[2024-02-22T14:37:01,109][ERROR][o.o.s.a.BackendRegistry  ] [wazuh1.indexer] Not yet initialized (you may need to run securityadmin)

Wazuh manager logs

Normal errors of indexer connection:

bash-5.2# cat /var/ossec/logs/ossec.log | grep -i -E "error|warn"
2024/02/22 14:13:55 wazuh-logcollector: ERROR: (1103): Could not open file '/var/log/dpkg.log' due to [(2)-(No such file or directory)].
2024/02/22 14:14:02 indexer-connector: WARNING: Error initializing IndexerConnector: Couldn't connect to server, we will try again after 2 seconds.
2024/02/22 14:14:04 indexer-connector: WARNING: Error initializing IndexerConnector: Couldn't connect to server, we will try again after 4 seconds.
2024/02/22 14:14:08 indexer-connector: WARNING: Error initializing IndexerConnector: Couldn't connect to server, we will try again after 8 seconds.
2024/02/22 14:14:16 indexer-connector: WARNING: Error initializing IndexerConnector: Couldn't connect to server, we will try again after 16 seconds.
2024/02/22 14:14:28 wazuh-modulesd: WARNING: Cluster error detected
2024/02/22 14:14:29 wazuh-modulesd: WARNING: Cluster error detected
2024/02/22 14:14:30 wazuh-modulesd: WARNING: Cluster error detected
2024/02/22 14:14:32 wazuh-modulesd: WARNING: Cluster error detected
2024/02/22 14:14:33 wazuh-modulesd: WARNING: Cluster error detected
2024/02/22 14:14:33 indexer-connector: WARNING: Error initializing IndexerConnector: Couldn't connect to server, we will try again after 32 seconds.
2024/02/22 14:14:34 wazuh-modulesd: WARNING: Cluster error detected
2024/02/22 14:14:35 wazuh-modulesd: WARNING: Cluster error detected
2024/02/22 14:14:36 wazuh-modulesd: WARNING: Cluster error detected
2024/02/22 14:14:37 wazuh-modulesd: WARNING: Cluster error detected
2024/02/22 14:14:38 wazuh-modulesd: WARNING: Cluster error detected
2024/02/22 14:14:38 wazuh-modulesd: ERROR: Could not send message through the cluster after '10' attempts.
2024/02/22 14:14:38 wazuh-modulesd:agent-upgrade: ERROR: (8123): There has been an error executing the request in the tasks manager.
2024/02/22 14:24:58 wazuh-logcollector: ERROR: (1103): Could not open file '/var/log/dpkg.log' due to [(2)-(No such file or directory)].
2024/02/22 14:25:05 indexer-connector: WARNING: Error initializing IndexerConnector: Couldn't connect to server, we will try again after 2 seconds.
2024/02/22 14:25:07 indexer-connector: WARNING: Error initializing IndexerConnector: Couldn't connect to server, we will try again after 4 seconds.
2024/02/22 14:25:11 indexer-connector: WARNING: Error initializing IndexerConnector: Couldn't connect to server, we will try again after 8 seconds.
2024/02/22 14:25:19 indexer-connector: WARNING: Error initializing IndexerConnector: Couldn't connect to server, we will try again after 16 seconds.
2024/02/22 14:25:35 indexer-connector: WARNING: Error initializing IndexerConnector: Couldn't connect to server, we will try again after 32 seconds.
2024/02/22 14:26:07 indexer-connector: WARNING: Error initializing IndexerConnector: No available server, we will try again after 60 seconds.
2024/02/22 14:28:32 wazuh-logcollector: ERROR: (1103): Could not open file '/var/log/dpkg.log' due to [(2)-(No such file or directory)].
2024/02/22 14:28:39 indexer-connector: WARNING: Error initializing IndexerConnector: Couldn't connect to server, we will try again after 2 seconds.
2024/02/22 14:28:41 indexer-connector: WARNING: Error initializing IndexerConnector: Couldn't connect to server, we will try again after 4 seconds.
2024/02/22 14:28:45 indexer-connector: WARNING: Error initializing IndexerConnector: Couldn't connect to server, we will try again after 8 seconds.
2024/02/22 14:28:53 indexer-connector: WARNING: Error initializing IndexerConnector: Couldn't connect to server, we will try again after 16 seconds.
2024/02/22 14:29:05 wazuh-modulesd: WARNING: Cluster error detected
2024/02/22 14:29:06 wazuh-modulesd: WARNING: Cluster error detected
2024/02/22 14:29:09 indexer-connector: WARNING: Error initializing IndexerConnector: Couldn't connect to server, we will try again after 32 seconds.
2024/02/22 14:29:41 indexer-connector: WARNING: Error initializing IndexerConnector: No available server, we will try again after 60 seconds.
2024/02/22 14:30:41 indexer-connector: WARNING: Error initializing IndexerConnector: No available server, we will try again after 60 seconds.
2024/02/22 14:31:41 indexer-connector: WARNING: Error initializing IndexerConnector: No available server, we will try again after 60 seconds.
2024/02/22 14:32:41 indexer-connector: WARNING: Error initializing IndexerConnector: No available server, we will try again after 60 seconds.
2024/02/22 14:34:53 wazuh-logcollector: ERROR: (1103): Could not open file '/var/log/dpkg.log' due to [(2)-(No such file or directory)].
2024/02/22 14:35:00 indexer-connector: WARNING: Error initializing IndexerConnector: Couldn't connect to server, we will try again after 2 seconds.
2024/02/22 14:35:02 indexer-connector: WARNING: Error initializing IndexerConnector: Couldn't connect to server, we will try again after 4 seconds.
2024/02/22 14:35:06 indexer-connector: WARNING: Error initializing IndexerConnector: Couldn't connect to server, we will try again after 8 seconds.
2024/02/22 14:35:14 indexer-connector: WARNING: Error initializing IndexerConnector: Couldn't connect to server, we will try again after 16 seconds.
2024/02/22 14:35:27 wazuh-modulesd: WARNING: Cluster error detected
2024/02/22 14:35:28 wazuh-modulesd: WARNING: Cluster error detected
2024/02/22 14:35:29 wazuh-modulesd: WARNING: Cluster error detected
2024/02/22 14:35:30 indexer-connector: WARNING: Error initializing IndexerConnector: Couldn't connect to server, we will try again after 32 seconds.
2024/02/22 14:36:02 indexer-connector: WARNING: Error initializing IndexerConnector: No available server, we will try again after 60 seconds.
bash-5.2#

Wazuh dashboard logs

{"date":"2024-02-22T15:01:40.376Z","level":"error","location":"wazuh-check-updates:setSavedObject","message":"mapping set to strict, dynamic introduction of [uuid] within [wazuh-check-updates-available-updates.apis_available_updates] is not allowed: strict_dynamic_mapping_exception: [strict_dynamic_mapping_exception] Reason: mapping set to strict, dynamic introduction of [uuid] within [wazuh-check-updates-available-updates.apis_available_updates] is not allowed"}
{"date":"2024-02-22T15:01:40.388Z","level":"error","location":"wazuh-check-updates:getUpdates","message":"mapping set to strict, dynamic introduction of [uuid] within [wazuh-check-updates-available-updates.apis_available_updates] is not allowed: strict_dynamic_mapping_exception: [strict_dynamic_mapping_exception] Reason: mapping set to strict, dynamic introduction of [uuid] within [wazuh-check-updates-available-updates.apis_available_updates] is not allowed"}
{"date":"2024-02-22T15:02:18.796Z","level":"error","location":"wazuh-check-updates:setSavedObject","message":"mapping set to strict, dynamic introduction of [uuid] within [wazuh-check-updates-available-updates.apis_available_updates] is not allowed: strict_dynamic_mapping_exception: [strict_dynamic_mapping_exception] Reason: mapping set to strict, dynamic introduction of [uuid] within [wazuh-check-updates-available-updates.apis_available_updates] is not allowed"}
{"date":"2024-02-22T15:02:18.797Z","level":"error","location":"wazuh-check-updates:getUpdates","message":"mapping set to strict, dynamic introduction of [uuid] within [wazuh-check-updates-available-updates.apis_available_updates] is not allowed: strict_dynamic_mapping_exception: [strict_dynamic_mapping_exception] Reason: mapping set to strict, dynamic introduction of [uuid] within [wazuh-check-updates-available-updates.apis_available_updates] is not allowed"}
bash-5.2$

Accessing interface

Testing upgrade

Wazuh indexer logs

root@ip-172-31-41-4:/home/ubuntu/wazuh-docker/single-node# docker logs 35fc4df5ff95
WARNING: A terminally deprecated method in java.lang.System has been called
WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch
WARNING: System::setSecurityManager will be removed in a future release
WARNING: A terminally deprecated method in java.lang.System has been called
WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
WARNING: System::setSecurityManager will be removed in a future release
[2024-02-22T16:35:44,131][INFO ][o.o.n.Node               ] [wazuh.indexer] version[2.10.0], pid[1], build[rpm/eee49cb340edc6c4d489bcd9324dda571fc8dc03/2023-09-20T23:54:29.889267151Z], OS[Linux/6.2.0-1018-aws/amd64], JVM[Eclipse Adoptium/OpenJDK 64-Bit Server VM/17.0.8/17.0.8+7]
[2024-02-22T16:35:44,147][INFO ][o.o.n.Node               ] [wazuh.indexer] JVM home [/usr/share/wazuh-indexer/jdk], using bundled JDK/JRE [true]
[2024-02-22T16:35:44,148][INFO ][o.o.n.Node               ] [wazuh.indexer] JVM arguments [-Xshare:auto, -Dopensearch.networkaddress.cache.ttl=60, -Dopensearch.networkaddress.cache.negative.ttl=10, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -XX:+ShowCodeDetailsInExceptionMessages, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dio.netty.allocator.numDirectArenas=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.locale.providers=SPI,COMPAT, -XX:+UseG1GC, -XX:G1ReservePercent=25, -XX:InitiatingHeapOccupancyPercent=30, -Djava.io.tmpdir=/tmp/opensearch-4224180751668326418, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=/var/lib/wazuh-indexer, -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -Dclk.tck=100, -Djdk.attach.allowAttachSelf=true, -Djava.security.policy=file:///usr/share/wazuh-indexer/opensearch-performance-analyzer/opensearch_security.policy, --add-opens=jdk.attach/sun.tools.attach=ALL-UNNAMED, -Xms1g, -Xmx1g, -XX:MaxDirectMemorySize=536870912, -Dopensearch.path.home=/usr/share/wazuh-indexer, -Dopensearch.path.conf=/usr/share/wazuh-indexer, -Dopensearch.distribution.type=rpm, -Dopensearch.bundled_jdk=true]
[2024-02-22T16:35:51,402][INFO ][o.o.s.s.t.SSLConfig      ] [wazuh.indexer] SSL dual mode is disabled
[2024-02-22T16:35:51,403][INFO ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] OpenSearch Config path is /usr/share/wazuh-indexer
[2024-02-22T16:35:53,210][INFO ][o.o.s.s.DefaultSecurityKeyStore] [wazuh.indexer] JVM supports TLSv1.3
[2024-02-22T16:35:53,219][INFO ][o.o.s.s.DefaultSecurityKeyStore] [wazuh.indexer] Config directory is /usr/share/wazuh-indexer/, from there the key- and truststore files are resolved relatively
[2024-02-22T16:35:56,594][INFO ][o.o.s.s.DefaultSecurityKeyStore] [wazuh.indexer] TLS Transport Client Provider : JDK
[2024-02-22T16:35:56,595][INFO ][o.o.s.s.DefaultSecurityKeyStore] [wazuh.indexer] TLS Transport Server Provider : JDK
[2024-02-22T16:35:56,595][INFO ][o.o.s.s.DefaultSecurityKeyStore] [wazuh.indexer] TLS HTTP Provider             : JDK
[2024-02-22T16:35:56,602][INFO ][o.o.s.s.DefaultSecurityKeyStore] [wazuh.indexer] Enabled TLS protocols for transport layer : [TLSv1.3, TLSv1.2]
[2024-02-22T16:35:56,603][INFO ][o.o.s.s.DefaultSecurityKeyStore] [wazuh.indexer] Enabled TLS protocols for HTTP layer      : [TLSv1.3, TLSv1.2]
[2024-02-22T16:35:56,710][INFO ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] Clustername: opensearch
[2024-02-22T16:35:57,318][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] Directory /usr/share/wazuh-indexer/.cache has insecure file permissions (should be 0700)
[2024-02-22T16:35:57,326][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] Directory /usr/share/wazuh-indexer/.cache/JNA has insecure file permissions (should be 0700)
[2024-02-22T16:35:57,328][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] Directory /usr/share/wazuh-indexer/.cache/JNA/temp has insecure file permissions (should be 0700)
[2024-02-22T16:35:57,330][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] Directory /usr/share/wazuh-indexer/logs has insecure file permissions (should be 0700)
[2024-02-22T16:35:57,331][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/opensearch.yml has insecure file permissions (should be 0600)
[2024-02-22T16:35:57,333][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/lib/jspawnhelper has insecure file permissions (should be 0600)
[2024-02-22T16:35:57,342][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/jconsole has insecure file permissions (should be 0600)
[2024-02-22T16:35:57,343][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/jlink has insecure file permissions (should be 0600)
[2024-02-22T16:35:57,345][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/java has insecure file permissions (should be 0600)
[2024-02-22T16:35:57,346][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/jdeps has insecure file permissions (should be 0600)
[2024-02-22T16:35:57,347][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/javadoc has insecure file permissions (should be 0600)
[2024-02-22T16:35:57,348][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/jar has insecure file permissions (should be 0600)
[2024-02-22T16:35:57,349][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/jimage has insecure file permissions (should be 0600)
[2024-02-22T16:35:57,351][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/jstatd has insecure file permissions (should be 0600)
[2024-02-22T16:35:57,358][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/rmiregistry has insecure file permissions (should be 0600)
[2024-02-22T16:35:57,360][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/jdb has insecure file permissions (should be 0600)
[2024-02-22T16:35:57,362][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/jinfo has insecure file permissions (should be 0600)
[2024-02-22T16:35:57,363][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/jshell has insecure file permissions (should be 0600)
[2024-02-22T16:35:57,364][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/jstat has insecure file permissions (should be 0600)
[2024-02-22T16:35:57,367][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/jfr has insecure file permissions (should be 0600)
[2024-02-22T16:35:57,370][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/jrunscript has insecure file permissions (should be 0600)
[2024-02-22T16:35:57,371][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/keytool has insecure file permissions (should be 0600)
[2024-02-22T16:35:57,372][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/serialver has insecure file permissions (should be 0600)
[2024-02-22T16:35:57,374][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/javac has insecure file permissions (should be 0600)
[2024-02-22T16:35:57,382][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/javap has insecure file permissions (should be 0600)
[2024-02-22T16:35:57,384][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/jhsdb has insecure file permissions (should be 0600)
[2024-02-22T16:35:57,386][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/jmap has insecure file permissions (should be 0600)
[2024-02-22T16:35:57,387][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/jmod has insecure file permissions (should be 0600)
[2024-02-22T16:35:57,388][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/jarsigner has insecure file permissions (should be 0600)
[2024-02-22T16:35:57,391][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/jcmd has insecure file permissions (should be 0600)
[2024-02-22T16:35:57,399][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/jpackage has insecure file permissions (should be 0600)
[2024-02-22T16:35:57,401][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/jdeprscan has insecure file permissions (should be 0600)
[2024-02-22T16:35:57,402][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/jps has insecure file permissions (should be 0600)
[2024-02-22T16:35:57,405][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/jstack has insecure file permissions (should be 0600)
[2024-02-22T16:35:57,412][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/plugins/opensearch-security/tools/wazuh-certs-tool.sh has insecure file permissions (should be 0600)
[2024-02-22T16:35:57,413][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/opensearch-security/internal_users.yml has insecure file permissions (should be 0600)
[2024-02-22T16:35:57,418][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/performance-analyzer-rca/bin/performance-analyzer-agent has insecure file permissions (should be 0600)
[2024-02-22T16:35:57,420][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/performance-analyzer-rca/bin/performance-analyzer-rca has insecure file permissions (should be 0600)
[2024-02-22T16:35:57,420][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/bin/opensearch-env-from-file has insecure file permissions (should be 0600)
[2024-02-22T16:35:57,421][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/bin/opensearch-upgrade has insecure file permissions (should be 0600)
[2024-02-22T16:35:57,422][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/bin/opensearch-cli has insecure file permissions (should be 0600)
[2024-02-22T16:35:57,426][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/bin/opensearch-keystore has insecure file permissions (should be 0600)
[2024-02-22T16:35:57,428][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/bin/opensearch-performance-analyzer/performance-analyzer-agent has insecure file permissions (should be 0600)
[2024-02-22T16:35:57,435][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/bin/opensearch-performance-analyzer/performance-analyzer-agent-cli has insecure file permissions (should be 0600)
[2024-02-22T16:35:57,435][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/bin/opensearch-plugin has insecure file permissions (should be 0600)
[2024-02-22T16:35:57,439][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/bin/opensearch-node has insecure file permissions (should be 0600)
[2024-02-22T16:35:57,446][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/bin/opensearch-shard has insecure file permissions (should be 0600)
[2024-02-22T16:35:57,447][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/bin/opensearch has insecure file permissions (should be 0600)
[2024-02-22T16:35:57,448][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/bin/opensearch-env has insecure file permissions (should be 0600)
[2024-02-22T16:36:15,650][INFO ][o.o.p.c.c.PluginSettings ] [wazuh.indexer] Trying to create directory /dev/shm/performanceanalyzer/.
[2024-02-22T16:36:15,658][INFO ][o.o.p.c.c.PluginSettings ] [wazuh.indexer] Config: metricsLocation: /dev/shm/performanceanalyzer/, metricsDeletionInterval: 1, httpsEnabled: false, cleanup-metrics-db-files: true, batch-metrics-retention-period-minutes: 7, rpc-port: 9650, webservice-port 9600
[2024-02-22T16:36:18,146][INFO ][o.o.i.r.ReindexPlugin    ] [wazuh.indexer] ReindexPlugin reloadSPI called
[2024-02-22T16:36:18,153][INFO ][o.o.i.r.ReindexPlugin    ] [wazuh.indexer] Unable to find any implementation for RemoteReindexExtension
[2024-02-22T16:36:18,433][INFO ][o.o.j.JobSchedulerPlugin ] [wazuh.indexer] Loaded scheduler extension: reports-scheduler, index: .opendistro-reports-definitions
[2024-02-22T16:36:18,448][INFO ][o.o.j.JobSchedulerPlugin ] [wazuh.indexer] Loaded scheduler extension: opendistro_anomaly_detector, index: .opendistro-anomaly-detector-jobs
[2024-02-22T16:36:18,450][INFO ][o.o.j.JobSchedulerPlugin ] [wazuh.indexer] Loaded scheduler extension: opendistro-index-management, index: .opendistro-ism-config
[2024-02-22T16:36:18,453][INFO ][o.o.j.JobSchedulerPlugin ] [wazuh.indexer] Loaded scheduler extension: scheduler_geospatial_ip2geo_datasource, index: .scheduler-geospatial-ip2geo-datasource
[2024-02-22T16:36:18,476][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [aggs-matrix-stats]
[2024-02-22T16:36:18,486][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [analysis-common]
[2024-02-22T16:36:18,486][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [geo]
[2024-02-22T16:36:18,487][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [ingest-common]
[2024-02-22T16:36:18,487][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [ingest-geoip]
[2024-02-22T16:36:18,487][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [ingest-user-agent]
[2024-02-22T16:36:18,487][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [lang-expression]
[2024-02-22T16:36:18,488][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [lang-mustache]
[2024-02-22T16:36:18,488][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [lang-painless]
[2024-02-22T16:36:18,489][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [mapper-extras]
[2024-02-22T16:36:18,498][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [opensearch-dashboards]
[2024-02-22T16:36:18,498][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [parent-join]
[2024-02-22T16:36:18,499][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [percolator]
[2024-02-22T16:36:18,499][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [rank-eval]
[2024-02-22T16:36:18,499][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [reindex]
[2024-02-22T16:36:18,500][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [repository-url]
[2024-02-22T16:36:18,500][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [search-pipeline-common]
[2024-02-22T16:36:18,501][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [systemd]
[2024-02-22T16:36:18,501][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [transport-netty4]
[2024-02-22T16:36:18,502][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded plugin [opensearch-alerting]
[2024-02-22T16:36:18,510][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded plugin [opensearch-anomaly-detection]
[2024-02-22T16:36:18,510][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded plugin [opensearch-asynchronous-search]
[2024-02-22T16:36:18,511][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded plugin [opensearch-cross-cluster-replication]
[2024-02-22T16:36:18,511][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded plugin [opensearch-custom-codecs]
[2024-02-22T16:36:18,511][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded plugin [opensearch-geospatial]
[2024-02-22T16:36:18,512][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded plugin [opensearch-index-management]
[2024-02-22T16:36:18,512][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded plugin [opensearch-job-scheduler]
[2024-02-22T16:36:18,513][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded plugin [opensearch-knn]
[2024-02-22T16:36:18,513][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded plugin [opensearch-ml]
[2024-02-22T16:36:18,515][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded plugin [opensearch-neural-search]
[2024-02-22T16:36:18,516][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded plugin [opensearch-notifications]
[2024-02-22T16:36:18,516][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded plugin [opensearch-notifications-core]
[2024-02-22T16:36:18,517][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded plugin [opensearch-observability]
[2024-02-22T16:36:18,517][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded plugin [opensearch-performance-analyzer]
[2024-02-22T16:36:18,518][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded plugin [opensearch-reports-scheduler]
[2024-02-22T16:36:18,518][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded plugin [opensearch-security]
[2024-02-22T16:36:18,519][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded plugin [opensearch-security-analytics]
[2024-02-22T16:36:18,530][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded plugin [opensearch-sql]
[2024-02-22T16:36:18,776][INFO ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] Disabled https compression by default to mitigate BREACH attacks. You can enable it by setting 'http.compression: true' in opensearch.yml
[2024-02-22T16:36:18,803][INFO ][o.o.e.ExtensionsManager  ] [wazuh.indexer] ExtensionsManager initialized
[2024-02-22T16:36:18,911][INFO ][o.o.e.NodeEnvironment    ] [wazuh.indexer] using [1] data paths, mounts [[/var/lib/wazuh-indexer (/dev/root)]], net usable_space [30.8gb], net total_space [57.9gb], types [ext4]
[2024-02-22T16:36:18,914][INFO ][o.o.e.NodeEnvironment    ] [wazuh.indexer] heap size [1gb], compressed ordinary object pointers [true]
[2024-02-22T16:36:19,469][INFO ][o.o.n.Node               ] [wazuh.indexer] node name [wazuh.indexer], node ID [vtyMB1BsQ2Sw-IrYWAn5Mg], cluster name [opensearch], roles [ingest, remote_cluster_client, data, cluster_manager]
[2024-02-22T16:36:34,427][INFO ][o.o.n.p.NeuralSearch     ] [wazuh.indexer] Registering hybrid query phase searcher with feature flag [plugins.neural_search.hybrid_search_disabled]
[2024-02-22T16:36:35,498][WARN ][o.o.s.c.Salt             ] [wazuh.indexer] If you plan to use field masking pls configure compliance salt e1ukloTsQlOgPquJ to be a random string of 16 chars length identical on all nodes
[2024-02-22T16:36:35,632][ERROR][o.o.s.a.s.SinkProvider   ] [wazuh.indexer] Default endpoint could not be created, auditlog will not work properly.
[2024-02-22T16:36:35,636][WARN ][o.o.s.a.r.AuditMessageRouter] [wazuh.indexer] No default storage available, audit log may not work properly. Please check configuration.
[2024-02-22T16:36:35,646][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] Message routing enabled: false
[2024-02-22T16:36:35,810][INFO ][o.o.s.f.SecurityFilter   ] [wazuh.indexer] <NONE> indices are made immutable.
[2024-02-22T16:36:36,984][INFO ][o.o.a.b.ADCircuitBreakerService] [wazuh.indexer] Registered memory breaker.
[2024-02-22T16:36:38,605][INFO ][o.o.m.b.MLCircuitBreakerService] [wazuh.indexer] Registered ML memory breaker.
[2024-02-22T16:36:38,610][INFO ][o.o.m.b.MLCircuitBreakerService] [wazuh.indexer] Registered ML disk breaker.
[2024-02-22T16:36:38,611][INFO ][o.o.m.b.MLCircuitBreakerService] [wazuh.indexer] Registered ML native memory breaker.
[2024-02-22T16:36:39,210][INFO ][o.r.Reflections          ] [wazuh.indexer] Reflections took 217 ms to scan 1 urls, producing 17 keys and 43 values 
[2024-02-22T16:36:39,528][WARN ][o.o.s.p.SQLPlugin        ] [wazuh.indexer] Master key is a required config for using create and update datasource APIs. Please set plugins.query.datasources.encryption.masterkey config in opensearch.yml in all the cluster nodes. More details can be found here: https://github.com/opensearch-project/sql/blob/main/docs/user/ppl/admin/datasources.rst#master-key-config-for-encrypting-credential-information
[2024-02-22T16:36:42,602][INFO ][o.o.t.NettyAllocator     ] [wazuh.indexer] creating NettyAllocator with the following configs: [name=unpooled, suggested_max_allocation_size=256kb, factors={opensearch.unsafe.use_unpooled_allocator=null, g1gc_enabled=true, g1gc_region_size=1mb, heap_size=1gb}]
[2024-02-22T16:36:43,178][INFO ][o.o.d.DiscoveryModule    ] [wazuh.indexer] using discovery type [single-node] and seed hosts providers [settings]
[2024-02-22T16:36:45,739][WARN ][o.o.g.DanglingIndicesState] [wazuh.indexer] gateway.auto_import_dangling_indices is disabled, dangling indices will not be automatically detected or imported and must be managed manually
[2024-02-22T16:36:47,828][INFO ][o.o.p.h.c.PerformanceAnalyzerConfigAction] [wazuh.indexer] PerformanceAnalyzer Enabled: false
[2024-02-22T16:36:48,106][INFO ][o.o.n.Node               ] [wazuh.indexer] initialized
[2024-02-22T16:36:48,106][INFO ][o.o.n.Node               ] [wazuh.indexer] starting ...
[2024-02-22T16:36:48,277][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [windows_logtype.json] log type
[2024-02-22T16:36:48,279][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [vpcflow_logtype.json] log type
[2024-02-22T16:36:48,280][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [test_windows_logtype.json] log type
[2024-02-22T16:36:48,290][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [s3_logtype.json] log type
[2024-02-22T16:36:48,292][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [others_web_logtype.json] log type
[2024-02-22T16:36:48,293][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [others_proxy_logtype.json] log type
[2024-02-22T16:36:48,294][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [others_macos_logtype.json] log type
[2024-02-22T16:36:48,295][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [others_compliance_logtype.json] log type
[2024-02-22T16:36:48,297][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [others_cloud_logtype.json] log type
[2024-02-22T16:36:48,298][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [others_apt_logtype.json] log type
[2024-02-22T16:36:48,299][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [others_application_logtype.json] log type
[2024-02-22T16:36:48,312][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [okta_logtype.json] log type
[2024-02-22T16:36:48,329][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [network_logtype.json] log type
[2024-02-22T16:36:48,331][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [netflow_logtype.json] log type
[2024-02-22T16:36:48,332][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [m365_logtype.json] log type
[2024-02-22T16:36:48,333][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [linux_logtype.json] log type
[2024-02-22T16:36:48,334][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [gworkspace_logtype.json] log type
[2024-02-22T16:36:48,338][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [github_logtype.json] log type
[2024-02-22T16:36:48,343][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [dns_logtype.json] log type
[2024-02-22T16:36:48,344][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [cloudtrail_logtype.json] log type
[2024-02-22T16:36:48,351][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [azure_logtype.json] log type
[2024-02-22T16:36:48,352][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [apache_access_logtype.json] log type
[2024-02-22T16:36:48,355][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [ad_ldap_logtype.json] log type
[2024-02-22T16:36:49,198][INFO ][o.o.t.TransportService   ] [wazuh.indexer] publish_address {172.22.0.2:9300}, bound_addresses {0.0.0.0:9300}
[2024-02-22T16:36:49,211][INFO ][o.o.t.TransportService   ] [wazuh.indexer] Remote clusters initialized successfully.
[2024-02-22T16:36:51,228][INFO ][o.o.c.c.Coordinator      ] [wazuh.indexer] cluster UUID [mBrUe6ThQGyrCGeUut1DGg]
[2024-02-22T16:36:51,625][INFO ][o.o.c.s.MasterService    ] [wazuh.indexer] elected-as-cluster-manager ([1] nodes joined)[{wazuh.indexer}{vtyMB1BsQ2Sw-IrYWAn5Mg}{kKNIs7WnRY2fqY8vaj_jBg}{172.22.0.2}{172.22.0.2:9300}{dimr}{shard_indexing_pressure_enabled=true} elect leader, _BECOME_CLUSTER_MANAGER_TASK_, _FINISH_ELECTION_], term: 2, version: 35, delta: cluster-manager node changed {previous [], current [{wazuh.indexer}{vtyMB1BsQ2Sw-IrYWAn5Mg}{kKNIs7WnRY2fqY8vaj_jBg}{172.22.0.2}{172.22.0.2:9300}{dimr}{shard_indexing_pressure_enabled=true}]}
[2024-02-22T16:36:52,110][INFO ][o.o.c.s.ClusterApplierService] [wazuh.indexer] cluster-manager node changed {previous [], current [{wazuh.indexer}{vtyMB1BsQ2Sw-IrYWAn5Mg}{kKNIs7WnRY2fqY8vaj_jBg}{172.22.0.2}{172.22.0.2:9300}{dimr}{shard_indexing_pressure_enabled=true}]}, term: 2, version: 35, reason: Publication{term=2, version=35}
[2024-02-22T16:36:52,123][INFO ][o.o.a.c.ADClusterEventListener] [wazuh.indexer] Cluster is not recovered yet.
[2024-02-22T16:36:52,148][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-02-22T16:36:52,249][INFO ][o.o.i.i.ManagedIndexCoordinator] [wazuh.indexer] Cache cluster manager node onClusterManager time: 1708619812238
[2024-02-22T16:36:52,296][WARN ][o.o.p.c.s.h.ConfigOverridesClusterSettingHandler] [wazuh.indexer] Config override setting update called with empty string. Ignoring.
[2024-02-22T16:36:52,360][INFO ][o.o.d.PeerFinder         ] [wazuh.indexer] setting findPeersInterval to [1s] as node commission status = [true] for local node [{wazuh.indexer}{vtyMB1BsQ2Sw-IrYWAn5Mg}{kKNIs7WnRY2fqY8vaj_jBg}{172.22.0.2}{172.22.0.2:9300}{dimr}{shard_indexing_pressure_enabled=true}]
[2024-02-22T16:36:52,463][INFO ][o.o.h.AbstractHttpServerTransport] [wazuh.indexer] publish_address {172.22.0.2:9200}, bound_addresses {0.0.0.0:9200}
[2024-02-22T16:36:52,464][INFO ][o.o.n.Node               ] [wazuh.indexer] started
[2024-02-22T16:36:52,478][INFO ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] Node started
[2024-02-22T16:36:52,498][INFO ][o.o.s.c.ConfigurationRepository] [wazuh.indexer] Will attempt to create index .opendistro_security and default configs if they are absent
[2024-02-22T16:36:52,513][INFO ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] 0 OpenSearch Security modules loaded so far: []
[2024-02-22T16:36:52,529][INFO ][o.o.s.c.ConfigurationRepository] [wazuh.indexer] Background init thread started. Install default config?: true
[2024-02-22T16:36:52,530][INFO ][o.o.s.c.ConfigurationRepository] [wazuh.indexer] Wait for cluster to be available ...
[2024-02-22T16:36:52,632][INFO ][o.o.c.s.ClusterSettings  ] [wazuh.indexer] updating [plugins.index_state_management.template_migration.control] from [0] to [-1]
[2024-02-22T16:36:52,774][INFO ][o.o.a.c.HashRing         ] [wazuh.indexer] Node added: [vtyMB1BsQ2Sw-IrYWAn5Mg]
[2024-02-22T16:36:52,778][INFO ][o.o.a.c.HashRing         ] [wazuh.indexer] Add data node to AD version hash ring: vtyMB1BsQ2Sw-IrYWAn5Mg
[2024-02-22T16:36:52,783][INFO ][o.o.a.c.HashRing         ] [wazuh.indexer] All nodes with known AD version: {vtyMB1BsQ2Sw-IrYWAn5Mg=ADNodeInfo{version=2.10.0, isEligibleDataNode=true}}
[2024-02-22T16:36:52,784][INFO ][o.o.a.c.HashRing         ] [wazuh.indexer] Rebuild AD hash ring for realtime AD with cooldown, nodeChangeEvents size 0
[2024-02-22T16:36:52,790][INFO ][o.o.a.c.HashRing         ] [wazuh.indexer] Build AD version hash ring successfully
[2024-02-22T16:36:52,783][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-02-22T16:36:52,798][INFO ][o.o.a.c.ADDataMigrator   ] [wazuh.indexer] Start migrating AD data
[2024-02-22T16:36:52,798][INFO ][o.o.a.c.ADDataMigrator   ] [wazuh.indexer] AD job index doesn't exist, no need to migrate
[2024-02-22T16:36:52,799][INFO ][o.o.a.c.ADClusterEventListener] [wazuh.indexer] Init AD version hash ring successfully
[2024-02-22T16:36:52,875][INFO ][o.o.g.GatewayService     ] [wazuh.indexer] recovered [5] indices into cluster_state
[2024-02-22T16:36:52,954][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] PluginService:onIndexModule index:[.opensearch-sap-log-types-config/gWSyptPQTDuM1pTo0rzX7A]
[2024-02-22T16:36:53,337][INFO ][o.o.c.m.MetadataCreateIndexService] [wazuh.indexer] [.opensearch-sap-log-types-config] creating index, cause [auto(sap-logtype api)], templates [], shards [1]/[1]
[2024-02-22T16:36:53,366][INFO ][o.o.c.r.a.AllocationService] [wazuh.indexer] updating number_of_replicas to [0] for indices [.opensearch-sap-log-types-config]
[2024-02-22T16:36:53,666][ERROR][o.o.s.a.BackendRegistry  ] [wazuh.indexer] Not yet initialized (you may need to run securityadmin)
[2024-02-22T16:36:53,784][ERROR][o.o.s.a.BackendRegistry  ] [wazuh.indexer] Not yet initialized (you may need to run securityadmin)
[2024-02-22T16:36:53,802][ERROR][o.o.s.a.BackendRegistry  ] [wazuh.indexer] Not yet initialized (you may need to run securityadmin)
[2024-02-22T16:36:53,824][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] PluginService:onIndexModule index:[wazuh-monitoring-2024.8w/n1nbnI57Rdebdnoyp_KYLg]
[2024-02-22T16:36:53,835][ERROR][o.o.s.a.BackendRegistry  ] [wazuh.indexer] Not yet initialized (you may need to run securityadmin)
[2024-02-22T16:36:53,868][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] PluginService:onIndexModule index:[.opendistro_security/6a7hn_J3TgiA5T3AmJG6qA]
[2024-02-22T16:36:53,922][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] PluginService:onIndexModule index:[wazuh-alerts-4.x-2024.02.22/3zaqmIRWRIGpbny2vks7tQ]
[2024-02-22T16:36:54,231][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-02-22T16:36:54,251][WARN ][o.o.o.i.ObservabilityIndex] [wazuh.indexer] message: index [.opensearch-observability/f1PxsLZLQm-QP22X-X6Axg] already exists
[2024-02-22T16:36:54,253][INFO ][o.o.o.i.ObservabilityIntegrationsIndex] [wazuh.indexer] observability:createMappingTemplate ss4o_metrics_template API called
[2024-02-22T16:36:54,267][INFO ][o.o.s.l.LogTypeService   ] [wazuh.indexer] Loading builtin types!
[2024-02-22T16:36:54,279][INFO ][o.o.s.l.LogTypeService   ] [wazuh.indexer] Indexing [418] fieldMappingDocs from logTypes: 23
[2024-02-22T16:36:54,498][INFO ][o.o.s.l.LogTypeService   ] [wazuh.indexer] Loading builtin types!
[2024-02-22T16:36:54,502][INFO ][o.o.s.l.LogTypeService   ] [wazuh.indexer] Indexing [418] fieldMappingDocs from logTypes: 23
[2024-02-22T16:36:54,519][INFO ][o.o.s.c.ConfigurationRepository] [wazuh.indexer] Index .opendistro_security already exists
[2024-02-22T16:36:54,520][INFO ][o.o.s.c.ConfigurationRepository] [wazuh.indexer] Node started, try to initialize it. Wait for at least yellow cluster state....
[2024-02-22T16:36:54,638][ERROR][o.o.b.OpenSearchUncaughtExceptionHandler] [wazuh.indexer] uncaught exception in thread [main]
org.opensearch.bootstrap.StartupException: java.lang.IllegalArgumentException: index template [ss4o_metrics_template] has index patterns [ss4o_metrics-*-*] matching patterns from existing templates [ss4o_metric_template] with patterns (ss4o_metric_template => [ss4o_metrics-*-*]) that have the same priority [1], multiple index templates may not match during index creation, please use a different priority
        at org.opensearch.bootstrap.OpenSearch.init(OpenSearch.java:184) ~[opensearch-2.10.0.jar:2.10.0]
        at org.opensearch.bootstrap.OpenSearch.execute(OpenSearch.java:171) ~[opensearch-2.10.0.jar:2.10.0]
        at org.opensearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:104) ~[opensearch-2.10.0.jar:2.10.0]
        at org.opensearch.cli.Command.mainWithoutErrorHandling(Command.java:138) ~[opensearch-cli-2.10.0.jar:2.10.0]
        at org.opensearch.cli.Command.main(Command.java:101) ~[opensearch-cli-2.10.0.jar:2.10.0]
        at org.opensearch.bootstrap.OpenSearch.main(OpenSearch.java:137) ~[opensearch-2.10.0.jar:2.10.0]
        at org.opensearch.bootstrap.OpenSearch.main(OpenSearch.java:103) ~[opensearch-2.10.0.jar:2.10.0]
Caused by: java.lang.IllegalArgumentException: index template [ss4o_metrics_template] has index patterns [ss4o_metrics-*-*] matching patterns from existing templates [ss4o_metric_template] with patterns (ss4o_metric_template => [ss4o_metrics-*-*]) that have the same priority [1], multiple index templates may not match during index creation, please use a different priority
        at org.opensearch.cluster.metadata.MetadataIndexTemplateService.addIndexTemplateV2(MetadataIndexTemplateService.java:560) ~[opensearch-2.10.0.jar:2.10.0]
        at org.opensearch.cluster.metadata.MetadataIndexTemplateService$4.execute(MetadataIndexTemplateService.java:493) ~[opensearch-2.10.0.jar:2.10.0]
        at org.opensearch.cluster.ClusterStateUpdateTask.execute(ClusterStateUpdateTask.java:65) ~[opensearch-2.10.0.jar:2.10.0]
        at org.opensearch.cluster.service.MasterService.executeTasks(MasterService.java:874) ~[opensearch-2.10.0.jar:2.10.0]
        at org.opensearch.cluster.service.MasterService.calculateTaskOutputs(MasterService.java:424) ~[opensearch-2.10.0.jar:2.10.0]
        at org.opensearch.cluster.service.MasterService.runTasks(MasterService.java:295) ~[opensearch-2.10.0.jar:2.10.0]
        at org.opensearch.cluster.service.MasterService$Batcher.run(MasterService.java:206) ~[opensearch-2.10.0.jar:2.10.0]
        at org.opensearch.cluster.service.TaskBatcher.runIfNotProcessed(TaskBatcher.java:204) ~[opensearch-2.10.0.jar:2.10.0]
        at org.opensearch.cluster.service.TaskBatcher$BatchedTask.run(TaskBatcher.java:242) ~[opensearch-2.10.0.jar:2.10.0]
        at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:849) ~[opensearch-2.10.0.jar:2.10.0]
        at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedOpenSearchThreadPoolExecutor.java:282) ~[opensearch-2.10.0.jar:2.10.0]
        at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedOpenSearchThreadPoolExecutor.java:245) ~[opensearch-2.10.0.jar:2.10.0]
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) ~[?:?]
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) ~[?:?]
        at java.lang.Thread.run(Thread.java:833) [?:?]
uncaught exception in thread [main]
java.lang.IllegalArgumentException: index template [ss4o_metrics_template] has index patterns [ss4o_metrics-*-*] matching patterns from existing templates [ss4o_metric_template] with patterns (ss4o_metric_template => [ss4o_metrics-*-*]) that have the same priority [1], multiple index templates may not match during index creation, please use a different priority
        at org.opensearch.cluster.metadata.MetadataIndexTemplateService.addIndexTemplateV2(MetadataIndexTemplateService.java:560)
        at org.opensearch.cluster.metadata.MetadataIndexTemplateService$4.execute(MetadataIndexTemplateService.java:493)
        at org.opensearch.cluster.ClusterStateUpdateTask.execute(ClusterStateUpdateTask.java:65)
        at org.opensearch.cluster.service.MasterService.executeTasks(MasterService.java:874)
        at org.opensearch.cluster.service.MasterService.calculateTaskOutputs(MasterService.java:424)
        at org.opensearch.cluster.service.MasterService.runTasks(MasterService.java:295)
        at org.opensearch.cluster.service.MasterService$Batcher.run(MasterService.java:206)
        at org.opensearch.cluster.service.TaskBatcher.runIfNotProcessed(TaskBatcher.java:204)
        at org.opensearch.cluster.service.TaskBatcher$BatchedTask.run(TaskBatcher.java:242)
        at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:849)
        at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedOpenSearchThreadPoolExecutor.java:282)
        at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedOpenSearchThreadPoolExecutor.java:245)
        at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
        at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
        at java.base/java.lang.Thread.run(Thread.java:833)
For complete error details, refer to the log at /var/log/wazuh-indexer/opensearch.log
[2024-02-22T16:36:54,876][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-02-22T16:36:55,022][ERROR][o.o.s.a.BackendRegistry  ] [wazuh.indexer] Not yet initialized (you may need to run securityadmin)
[2024-02-22T16:36:55,040][ERROR][o.o.s.a.BackendRegistry  ] [wazuh.indexer] Not yet initialized (you may need to run securityadmin)
[2024-02-22T16:36:55,055][ERROR][o.o.s.a.BackendRegistry  ] [wazuh.indexer] Not yet initialized (you may need to run securityadmin)
[2024-02-22T16:36:55,058][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-02-22T16:36:55,091][ERROR][o.o.s.a.BackendRegistry  ] [wazuh.indexer] Not yet initialized (you may need to run securityadmin)
[2024-02-22T16:36:55,350][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-02-22T16:36:55,397][INFO ][o.o.s.s.ConfigHelper     ] [wazuh.indexer] Will update 'config' with /usr/share/wazuh-indexer/opensearch-security/config.yml and populate it with empty doc if file missing and populateEmptyIfFileMissing=false
[2024-02-22T16:36:55,508][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-02-22T16:36:55,630][INFO ][o.o.s.s.ConfigHelper     ] [wazuh.indexer] Index .opendistro_security already contains doc with id config, skipping update.
[2024-02-22T16:36:55,635][INFO ][o.o.s.s.ConfigHelper     ] [wazuh.indexer] Will update 'roles' with /usr/share/wazuh-indexer/opensearch-security/roles.yml and populate it with empty doc if file missing and populateEmptyIfFileMissing=false
[2024-02-22T16:36:55,640][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] PluginService:onIndexModule index:[.opensearch-sap-log-types-config/gWSyptPQTDuM1pTo0rzX7A]
[2024-02-22T16:36:55,666][INFO ][o.o.s.s.ConfigHelper     ] [wazuh.indexer] Index .opendistro_security already contains doc with id roles, skipping update.
[2024-02-22T16:36:55,669][INFO ][o.o.s.s.ConfigHelper     ] [wazuh.indexer] Will update 'rolesmapping' with /usr/share/wazuh-indexer/opensearch-security/roles_mapping.yml and populate it with empty doc if file missing and populateEmptyIfFileMissing=false
[2024-02-22T16:36:55,691][INFO ][o.o.s.s.ConfigHelper     ] [wazuh.indexer] Index .opendistro_security already contains doc with id rolesmapping, skipping update.
[2024-02-22T16:36:55,693][INFO ][o.o.s.s.ConfigHelper     ] [wazuh.indexer] Will update 'internalusers' with /usr/share/wazuh-indexer/opensearch-security/internal_users.yml and populate it with empty doc if file missing and populateEmptyIfFileMissing=false
[2024-02-22T16:36:55,699][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] PluginService:onIndexModule index:[.kibana_1/pSfUHkNFQgCssrb11hzJMQ]
[2024-02-22T16:36:55,739][INFO ][o.o.s.s.ConfigHelper     ] [wazuh.indexer] Index .opendistro_security already contains doc with id internalusers, skipping update.
[2024-02-22T16:36:55,740][INFO ][o.o.s.s.ConfigHelper     ] [wazuh.indexer] Will update 'actiongroups' with /usr/share/wazuh-indexer/opensearch-security/action_groups.yml and populate it with empty doc if file missing and populateEmptyIfFileMissing=false
[2024-02-22T16:36:55,750][INFO ][o.o.s.s.ConfigHelper     ] [wazuh.indexer] Index .opendistro_security already contains doc with id actiongroups, skipping update.
[2024-02-22T16:36:55,756][INFO ][o.o.s.s.ConfigHelper     ] [wazuh.indexer] Will update 'tenants' with /usr/share/wazuh-indexer/opensearch-security/tenants.yml and populate it with empty doc if file missing and populateEmptyIfFileMissing=false
[2024-02-22T16:36:55,764][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] PluginService:onIndexModule index:[.opensearch-observability/f1PxsLZLQm-QP22X-X6Axg]
[2024-02-22T16:36:55,770][INFO ][o.o.s.s.ConfigHelper     ] [wazuh.indexer] Index .opendistro_security already contains doc with id tenants, skipping update.
[2024-02-22T16:36:55,782][INFO ][o.o.s.s.ConfigHelper     ] [wazuh.indexer] Will update 'nodesdn' with /usr/share/wazuh-indexer/opensearch-security/nodes_dn.yml and populate it with empty doc if file missing and populateEmptyIfFileMissing=true
[2024-02-22T16:36:55,786][INFO ][o.o.s.s.ConfigHelper     ] [wazuh.indexer] Index .opendistro_security already contains doc with id nodesdn, skipping update.
[2024-02-22T16:36:55,793][INFO ][o.o.s.s.ConfigHelper     ] [wazuh.indexer] Will update 'whitelist' with /usr/share/wazuh-indexer/opensearch-security/whitelist.yml and populate it with empty doc if file missing and populateEmptyIfFileMissing=true
[2024-02-22T16:36:55,803][INFO ][o.o.s.s.ConfigHelper     ] [wazuh.indexer] Index .opendistro_security already contains doc with id whitelist, skipping update.
[2024-02-22T16:36:55,830][INFO ][o.o.s.s.ConfigHelper     ] [wazuh.indexer] Will update 'allowlist' with /usr/share/wazuh-indexer/opensearch-security/allowlist.yml and populate it with empty doc if file missing and populateEmptyIfFileMissing=true
[2024-02-22T16:36:55,845][INFO ][o.o.s.s.ConfigHelper     ] [wazuh.indexer] Index .opendistro_security already contains doc with id allowlist, skipping update.
[2024-02-22T16:36:55,850][INFO ][o.o.s.s.ConfigHelper     ] [wazuh.indexer] Will update 'audit' with /usr/share/wazuh-indexer/opensearch-security/audit.yml and populate it with empty doc if file missing and populateEmptyIfFileMissing=false
[2024-02-22T16:36:55,859][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-02-22T16:36:55,974][INFO ][o.o.s.s.ConfigHelper     ] [wazuh.indexer] Index .opendistro_security already contains doc with id audit, skipping update.
[2024-02-22T16:36:55,991][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-02-22T16:36:56,144][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-02-22T16:36:56,149][INFO ][o.o.s.l.LogTypeService   ] [wazuh.indexer] Loading builtin types!
[2024-02-22T16:36:56,151][INFO ][o.o.s.l.LogTypeService   ] [wazuh.indexer] Indexing [418] fieldMappingDocs from logTypes: 23
[2024-02-22T16:36:56,482][INFO ][o.o.s.l.LogTypeService   ] [wazuh.indexer] Indexing [418] fieldMappingDocs
[2024-02-22T16:36:56,634][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] PluginService:onIndexModule index:[.opensearch-sap-log-types-config/gWSyptPQTDuM1pTo0rzX7A]
[2024-02-22T16:36:56,661][INFO ][o.o.c.m.MetadataMappingService] [wazuh.indexer] [.opensearch-sap-log-types-config/gWSyptPQTDuM1pTo0rzX7A] update_mapping [_doc]
[2024-02-22T16:36:56,817][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-02-22T16:36:56,938][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] PluginService:onIndexModule index:[.opensearch-sap-log-types-config/gWSyptPQTDuM1pTo0rzX7A]
[2024-02-22T16:36:56,975][INFO ][o.o.c.m.MetadataMappingService] [wazuh.indexer] [.opensearch-sap-log-types-config/gWSyptPQTDuM1pTo0rzX7A] update_mapping [_doc]
[2024-02-22T16:36:57,015][ERROR][o.o.s.a.BackendRegistry  ] [wazuh.indexer] Not yet initialized (you may need to run securityadmin)
[2024-02-22T16:36:57,035][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-02-22T16:36:57,050][INFO ][o.o.c.r.a.AllocationService] [wazuh.indexer] Cluster health status changed from [RED] to [GREEN] (reason: [shards started [[.kibana_1][0]]]).
[2024-02-22T16:36:57,079][INFO ][stdout                   ] [wazuh.indexer] [FINE] No subscribers registered for event class org.opensearch.security.securityconf.DynamicConfigFactory$NodesDnModelImpl
[2024-02-22T16:36:57,081][INFO ][stdout                   ] [wazuh.indexer] [FINE] No subscribers registered for event class org.greenrobot.eventbus.NoSubscriberEvent
[2024-02-22T16:36:57,081][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] Auditing on REST API is enabled.
[2024-02-22T16:36:57,086][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] [AUTHENTICATED, GRANTED_PRIVILEGES] are excluded from REST API auditing.
[2024-02-22T16:36:57,088][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] Auditing on Transport API is enabled.
[2024-02-22T16:36:57,090][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] [AUTHENTICATED, GRANTED_PRIVILEGES] are excluded from Transport API auditing.
[2024-02-22T16:36:57,093][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] Auditing of request body is enabled.
[2024-02-22T16:36:57,094][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] Bulk requests resolution is disabled during request auditing.
[2024-02-22T16:36:57,095][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] Index resolution is enabled during request auditing.
[2024-02-22T16:36:57,096][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] Sensitive headers auditing is enabled.
[2024-02-22T16:36:57,097][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] Auditing requests from kibanaserver users is disabled.
[2024-02-22T16:36:57,099][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] Auditing of external configuration is disabled.
[2024-02-22T16:36:57,101][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] Auditing of internal configuration is enabled.
[2024-02-22T16:36:57,102][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] Auditing only metadata information for read request is enabled.
[2024-02-22T16:36:57,104][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] Auditing will watch {} for read requests.
[2024-02-22T16:36:57,107][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] Auditing read operation requests from kibanaserver users is disabled.
[2024-02-22T16:36:57,107][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] Auditing only metadata information for write request is enabled.
[2024-02-22T16:36:57,109][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] Auditing diffs for write requests is disabled.
[2024-02-22T16:36:57,110][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] Auditing write operation requests from kibanaserver users is disabled.
[2024-02-22T16:36:57,110][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] Auditing will watch <NONE> for write requests.
[2024-02-22T16:36:57,111][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] .opendistro_security is used as internal security index.
[2024-02-22T16:36:57,111][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] Internal index used for posting audit logs is null
[2024-02-22T16:36:57,112][INFO ][o.o.s.c.ConfigurationRepository] [wazuh.indexer] Hot-reloading of audit configuration is enabled
[2024-02-22T16:36:57,115][INFO ][o.o.s.c.ConfigurationRepository] [wazuh.indexer] Node 'wazuh.indexer' initialized
[2024-02-22T16:36:57,393][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-02-22T16:36:57,977][INFO ][o.o.s.l.LogTypeService   ] [wazuh.indexer] Loaded [418] field mapping docs successfully!
[2024-02-22T16:36:58,084][INFO ][o.o.s.l.LogTypeService   ] [wazuh.indexer] Indexing [22] customLogTypes
[2024-02-22T16:36:58,232][INFO ][o.o.s.l.LogTypeService   ] [wazuh.indexer] Loaded [22] customLogType docs successfully!
[2024-02-22T16:36:58,241][INFO ][o.o.s.SecurityAnalyticsPlugin] [wazuh.indexer] LogType config index successfully created and builtin log types loaded
[2024-02-22T16:36:59,358][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] PluginService:onIndexModule index:[.kibana_2/xa6VNEUuTIqweky_0mz2zw]
[2024-02-22T16:36:59,396][INFO ][o.o.c.m.MetadataCreateIndexService] [wazuh.indexer] [.kibana_2] creating index, cause [api], templates [], shards [1]/[1]
[2024-02-22T16:36:59,399][INFO ][o.o.c.r.a.AllocationService] [wazuh.indexer] updating number_of_replicas to [0] for indices [.kibana_2]
[2024-02-22T16:36:59,463][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] PluginService:onIndexModule index:[.kibana_2/xa6VNEUuTIqweky_0mz2zw]
[2024-02-22T16:36:59,535][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-02-22T16:36:59,599][INFO ][o.o.c.r.a.AllocationService] [wazuh.indexer] Cluster health status changed from [YELLOW] to [GREEN] (reason: [shards started [[.kibana_2][0]]]).
[2024-02-22T16:36:59,647][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-02-22T16:36:59,908][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] PluginService:onIndexModule index:[.kibana_2/xa6VNEUuTIqweky_0mz2zw]
[2024-02-22T16:36:59,976][INFO ][o.o.c.m.MetadataMappingService] [wazuh.indexer] [.kibana_2/xa6VNEUuTIqweky_0mz2zw] update_mapping [_doc]
[2024-02-22T16:37:00,120][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-02-22T16:37:00,151][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] PluginService:onIndexModule index:[.kibana_2/xa6VNEUuTIqweky_0mz2zw]
[2024-02-22T16:37:00,194][INFO ][o.o.c.m.MetadataMappingService] [wazuh.indexer] [.kibana_2/xa6VNEUuTIqweky_0mz2zw] update_mapping [_doc]
[2024-02-22T16:37:00,327][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-02-22T16:37:00,854][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-02-22T16:37:01,381][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] PluginService:onIndexModule index:[KmmLamoBTTG-jvhZz6Ll5g/Wjc4t1BkSv6PHkZOTUeWsQ]
[2024-02-22T16:37:02,230][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] PluginService:onIndexModule index:[OT9FQUeTSmuvMC5JxsFUUg/Uq4xOQf5QB-mLR8sYiIG7A]
[2024-02-22T16:37:02,316][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] PluginService:onIndexModule index:[.plugins-ml-config/2SqxPoxbSfK0k3XQqNeeeA]
[2024-02-22T16:37:02,338][INFO ][o.o.c.m.MetadataCreateIndexService] [wazuh.indexer] [.plugins-ml-config] creating index, cause [api], templates [], shards [1]/[1]
[2024-02-22T16:37:02,344][INFO ][o.o.c.r.a.AllocationService] [wazuh.indexer] updating number_of_replicas to [0] for indices [.plugins-ml-config]
[2024-02-22T16:37:02,675][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] PluginService:onIndexModule index:[.plugins-ml-config/2SqxPoxbSfK0k3XQqNeeeA]
[2024-02-22T16:37:02,987][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-02-22T16:37:03,592][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] PluginService:onIndexModule index:[validate-template-eenk3krzswcawxo-ptjtzq/NPEqMPLFTcW9OA3nvlk41w]
[2024-02-22T16:37:03,666][INFO ][o.o.c.m.MetadataIndexTemplateService] [wazuh.indexer] adding index template [wazuh-states-vulnerabilities_template] for index patterns [wazuh-states-vulnerabilities]
[2024-02-22T16:37:04,227][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-02-22T16:37:04,232][INFO ][o.o.c.r.a.AllocationService] [wazuh.indexer] Cluster health status changed from [YELLOW] to [GREEN] (reason: [shards started [[.plugins-ml-config][0]]]).
[2024-02-22T16:37:04,432][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-02-22T16:37:04,434][INFO ][o.o.m.i.MLIndicesHandler ] [wazuh.indexer] create index:.plugins-ml-config
[2024-02-22T16:37:04,451][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] PluginService:onIndexModule index:[wazuh-states-vulnerabilities/lrRiGgWXSaCoJ3aUXa5T7w]
[2024-02-22T16:37:04,481][INFO ][o.o.c.m.MetadataCreateIndexService] [wazuh.indexer] [wazuh-states-vulnerabilities] creating index, cause [api], templates [wazuh-states-vulnerabilities_template], shards [1]/[0]
[2024-02-22T16:37:04,796][INFO ][o.o.m.c.MLSyncUpCron     ] [wazuh.indexer] ML configuration initialized successfully
[2024-02-22T16:37:04,839][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] PluginService:onIndexModule index:[wazuh-states-vulnerabilities/lrRiGgWXSaCoJ3aUXa5T7w]
[2024-02-22T16:37:04,904][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-02-22T16:37:04,909][INFO ][o.o.c.m.MetadataUpdateSettingsService] [wazuh.indexer] updating number_of_replicas to [0] for indices [wazuh-monitoring-2024.8w]
[2024-02-22T16:37:05,614][INFO ][o.o.c.r.a.AllocationService] [wazuh.indexer] Cluster health status changed from [YELLOW] to [GREEN] (reason: [shards started [[wazuh-states-vulnerabilities][0]]]).
[2024-02-22T16:37:05,674][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-02-22T16:37:32,564][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] PluginService:onIndexModule index:[WsbNss-USeS2OVBU4M4v9Q/7FMlxYkJReymxm7oejMHAQ]
[2024-02-22T16:37:32,666][INFO ][o.o.c.m.MetadataIndexTemplateService] [wazuh.indexer] adding template [wazuh] for index patterns [wazuh-alerts-4.x-*, wazuh-archives-4.x-*]
[2024-02-22T16:37:32,827][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-02-22T16:37:33,461][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] PluginService:onIndexModule index:[wazuh-alerts-4.x-2024.02.22/3zaqmIRWRIGpbny2vks7tQ]
[2024-02-22T16:37:33,545][INFO ][o.o.c.m.MetadataMappingService] [wazuh.indexer] [wazuh-alerts-4.x-2024.02.22/3zaqmIRWRIGpbny2vks7tQ] update_mapping [_doc]
[2024-02-22T16:37:33,934][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-02-22T16:37:33,976][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] PluginService:onIndexModule index:[wazuh-alerts-4.x-2024.02.22/3zaqmIRWRIGpbny2vks7tQ]
[2024-02-22T16:37:34,867][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] PluginService:onIndexModule index:[wazuh-alerts-4.x-2024.02.22/3zaqmIRWRIGpbny2vks7tQ]
[2024-02-22T16:37:34,958][INFO ][o.o.c.m.MetadataMappingService] [wazuh.indexer] [wazuh-alerts-4.x-2024.02.22/3zaqmIRWRIGpbny2vks7tQ] update_mapping [_doc]
[2024-02-22T16:37:35,091][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-02-22T16:37:52,254][INFO ][o.o.i.i.ManagedIndexCoordinator] [wazuh.indexer] Performing move cluster state metadata.
[2024-02-22T16:37:52,266][INFO ][o.o.i.i.MetadataService  ] [wazuh.indexer] ISM config index not exist, so we cancel the metadata migration job.
[2024-02-22T16:38:24,019][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] PluginService:onIndexModule index:[wazuh-alerts-4.x-2024.02.22/3zaqmIRWRIGpbny2vks7tQ]
[2024-02-22T16:38:24,079][INFO ][o.o.c.m.MetadataMappingService] [wazuh.indexer] [wazuh-alerts-4.x-2024.02.22/3zaqmIRWRIGpbny2vks7tQ] update_mapping [_doc]
[2024-02-22T16:38:24,165][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-02-22T16:38:52,255][INFO ][o.o.i.i.ManagedIndexCoordinator] [wazuh.indexer] Cancel background move metadata process.
[2024-02-22T16:38:52,256][INFO ][o.o.i.i.ManagedIndexCoordinator] [wazuh.indexer] Performing move cluster state metadata.
[2024-02-22T16:38:52,256][INFO ][o.o.i.i.MetadataService  ] [wazuh.indexer] Move metadata has finished.

Wazuh manager logs

bash-5.2# cat /var/ossec/logs/ossec.log | grep -i -E "error|warn"
2024/02/22 16:36:01 indexer-connector: WARNING: Error initializing IndexerConnector: Couldn't connect to server, we will try again after 2 seconds.
2024/02/22 16:36:03 indexer-connector: WARNING: Error initializing IndexerConnector: Couldn't connect to server, we will try again after 4 seconds.
2024/02/22 16:36:07 indexer-connector: WARNING: Error initializing IndexerConnector: Couldn't connect to server, we will try again after 8 seconds.
2024/02/22 16:36:15 indexer-connector: WARNING: Error initializing IndexerConnector: Couldn't connect to server, we will try again after 16 seconds.
2024/02/22 16:36:31 indexer-connector: WARNING: Error initializing IndexerConnector: Couldn't connect to server, we will try again after 32 seconds.
bash-5.2#

Wazuh dashboard logs

bash-5.2$ cat /usr/share/wazuh-dashboard/data/wazuh/logs/wazuhapp.log | grep -i -E "error|warn"
bash-5.2$

Accessing interface

Screenshot from 2024-02-22 17-38-28

Update Report

Final scan

Before

Scan of the 4.8.0 images (before the OS change)

root@ubuntu22:/home/vagrant/wazuh-docker# docker images
REPOSITORY              TAG       IMAGE ID       CREATED              SIZE
wazuh/wazuh-indexer     4.8.0     7b0aea036aa6   37 seconds ago       2.19GB
wazuh/wazuh-manager     4.8.0     feabb3c1b118   About a minute ago   5.81GB
wazuh/wazuh-dashboard   4.8.0     688bc8f1a320   3 minutes ago        1.03GB

Wazuh indexer

root@ubuntu22:/home/vagrant/wazuh-docker# grype 7b0aea036aa6 --scope all-layers
 ✔ Vulnerability DB                [updated]  
 ✔ Loaded image                                                                                        7b0aea036aa6
 ✔ Parsed image                             sha256:7b0aea036aa63669c1104ca682804aa10551b6c3ec049a4114429f0421d4038b
 ✔ Cataloged contents                              791c5bba51b329687c48ba3754477bb87689f0f083afb5fc0deeb67798987ef9
   ├── ✔ Packages                        [745 packages]  
   ├── ✔ File digests                    [2,048 files]  
   ├── ✔ File metadata                   [2,048 locations]  
   └── ✔ Executables                     [805 executables]  
 ✔ Scanned for vulnerabilities     [41 vulnerability matches]  
   ├── by severity: 0 critical, 9 high, 6 medium, 23 low, 3 negligible
   └── by status:   16 fixed, 25 not-fixed, 0 ignored 
NAME               INSTALLED                 FIXED-IN            TYPE          VULNERABILITY        SEVERITY   
bash               5.1-6ubuntu1                                  deb           CVE-2022-3715        Low         
bc-fips            1.0.2.3                   1.0.2.4             java-archive  GHSA-68m8-v89j-7j2p  Medium      
commons-compress   1.22                      1.26.0              java-archive  GHSA-4265-ccf5-phj5  High        
commons-compress   1.22                      1.24.0              java-archive  GHSA-cgwf-w82q-5jrr  Medium      
commons-compress   1.23.0                    1.26.0              java-archive  GHSA-4265-ccf5-phj5  High        
commons-compress   1.23.0                    1.24.0              java-archive  GHSA-cgwf-w82q-5jrr  Medium      
coreutils          8.32-4.1ubuntu1.1                             deb           CVE-2016-2781        Low         
gcc-12-base        12.3.0-1ubuntu1~22.04                         deb           CVE-2022-27943       Low         
gpgv               2.2.27-3ubuntu2.1                             deb           CVE-2022-3219        Low         
json               20230227                  20231013            java-archive  GHSA-4jq9-2xhw-jpx7  High        
libc-bin           2.35-0ubuntu3.6                               deb           CVE-2016-20013       Negligible  
libc6              2.35-0ubuntu3.6                               deb           CVE-2016-20013       Negligible  
libgcc-s1          12.3.0-1ubuntu1~22.04                         deb           CVE-2022-27943       Low         
liblzma5           5.2.5-2ubuntu1                                deb           CVE-2020-22916       Medium      
libncurses6        6.3-2ubuntu0.1                                deb           CVE-2023-50495       Low         
libncurses6        6.3-2ubuntu0.1                                deb           CVE-2023-45918       Low         
libncursesw6       6.3-2ubuntu0.1                                deb           CVE-2023-50495       Low         
libncursesw6       6.3-2ubuntu0.1                                deb           CVE-2023-45918       Low         
libpcre3           2:8.39-13ubuntu0.22.04.1                      deb           CVE-2017-11164       Negligible  
libstdc++6         12.3.0-1ubuntu1~22.04                         deb           CVE-2022-27943       Low         
libsystemd0        249.11-0ubuntu3.12                            deb           CVE-2023-7008        Low         
libtinfo6          6.3-2ubuntu0.1                                deb           CVE-2023-50495       Low         
libtinfo6          6.3-2ubuntu0.1                                deb           CVE-2023-45918       Low         
libudev1           249.11-0ubuntu3.12                            deb           CVE-2023-7008        Low         
libzstd1           1.4.8+dfsg-3build1                            deb           CVE-2022-4899        Low         
login              1:4.8.1-2ubuntu2.1        1:4.8.1-2ubuntu2.2  deb           CVE-2023-4641        Low         
login              1:4.8.1-2ubuntu2.1                            deb           CVE-2023-29383       Low         
ncurses-base       6.3-2ubuntu0.1                                deb           CVE-2023-50495       Low         
ncurses-base       6.3-2ubuntu0.1                                deb           CVE-2023-45918       Low         
ncurses-bin        6.3-2ubuntu0.1                                deb           CVE-2023-50495       Low         
ncurses-bin        6.3-2ubuntu0.1                                deb           CVE-2023-45918       Low         
netty-codec-http2  4.1.97.Final              4.1.100.Final       java-archive  GHSA-xpw8-rcwv-8f8p  High        
opensearch         2.10.0                    2.11.1              java-archive  GHSA-6g3j-p5g6-992f  Medium      
passwd             1:4.8.1-2ubuntu2.1        1:4.8.1-2ubuntu2.2  deb           CVE-2023-4641        Low         
passwd             1:4.8.1-2ubuntu2.1                            deb           CVE-2023-29383       Low         
snappy-java        1.1.10.3                  1.1.10.4            java-archive  GHSA-55g7-9cwv-5qfv  High        
xmlsec             2.3.3                     2.3.4               java-archive  GHSA-xfrj-6vvc-3xm2  Medium

Wazuh manager

root@ubuntu22:/home/vagrant/wazuh-docker# grype feabb3c1b118 --scope all-layers
 ✔ Vulnerability DB                [no update available]  
 ✔ Loaded image                                                                                        feabb3c1b118
 ✔ Parsed image                             sha256:feabb3c1b1184b59b6b0b2a0fff3085bff3d45709e0b93aa3888bf20cb35166f
 ✔ Cataloged contents                              012b97aa0f4628b2700bbff0656b8495a777438c1f108009952a10569db2f7a0
   ├── ✔ Packages                        [350 packages]  
   ├── ✔ File digests                    [22,680 files]  
   ├── ✔ File metadata                   [22,680 locations]  
   └── ✔ Executables                     [1,240 executables]  
 ✔ Scanned for vulnerabilities     [155 vulnerability matches]  
   ├── by severity: 7 critical, 58 high, 49 medium, 38 low, 3 negligible
   └── by status:   43 fixed, 112 not-fixed, 0 ignored 
NAME                                  INSTALLED                             FIXED-IN                           TYPE       VULNERABILITY        SEVERITY   
Werkzeug                              2.2.3                                 2.3.8                              python     GHSA-hrfv-mqp8-q5rw  Medium      
aiohttp                               3.9.1                                 3.9.2                              python     GHSA-8qpw-xqxj-h4r2  Medium      
aiohttp                               3.9.1                                 3.9.2                              python     GHSA-5h86-8mv2-jq9f  Medium      
bash                                  5.1-6ubuntu1                                                             deb        CVE-2022-3715        Low         
coreutils                             8.32-4.1ubuntu1.1                                                        deb        CVE-2016-2781        Low         
cryptography                          41.0.7                                42.0.4                             python     GHSA-6vqw-3v5j-54x4  High        
cryptography                          41.0.7                                42.0.0                             python     GHSA-3ww4-gg4f-jr7f  High        
cryptography                          41.0.7                                42.0.2                             python     GHSA-9v9h-cgj8-h64p  Medium      
dirmngr                               2.2.27-3ubuntu2.1                                                        deb        CVE-2022-3219        Low         
ecdsa                                 0.16.1                                                                   python     GHSA-wj6h-64fc-37mp  High        
gcc-12-base                           12.3.0-1ubuntu1~22.04                                                    deb        CVE-2022-27943       Low         
github.com/containerd/containerd      v1.3.3                                1.4.13                             go-module  GHSA-crp2-qrr5-8pq7  High        
github.com/containerd/containerd      v1.3.3                                1.5.18                             go-module  GHSA-hmfx-3pcx-653p  Medium      
github.com/containerd/containerd      v1.3.3                                1.4.8                              go-module  GHSA-c72p-9xmj-rx3w  Medium      
github.com/containerd/containerd      v1.3.3                                1.4.11                             go-module  GHSA-c2h3-6mxw-7mvq  Medium      
github.com/containerd/containerd      v1.3.3                                1.6.26                             go-module  GHSA-7ww5-4wqc-m92c  Medium      
github.com/containerd/containerd      v1.3.3                                1.3.10                             go-module  GHSA-6g2q-w5j3-fwh4  Medium      
github.com/containerd/containerd      v1.3.3                                1.5.13                             go-module  GHSA-5ffw-gxpp-mxpf  Medium      
github.com/containerd/containerd      v1.3.3                                1.3.9                              go-module  GHSA-36xw-fx78-c5r4  Medium      
github.com/containerd/containerd      v1.3.3                                1.5.16                             go-module  GHSA-2qjp-425j-52j9  Medium      
github.com/containerd/containerd      v1.3.3                                1.5.18                             go-module  GHSA-259w-8hf6-59c2  Medium      
github.com/containerd/containerd      v1.3.3                                1.4.12                             go-module  GHSA-5j5w-g665-5m35  Low         
github.com/docker/distribution        v2.7.1+incompatible                   2.8.2-beta.1                       go-module  GHSA-hqxw-f8mx-cpmw  High        
github.com/docker/distribution        v2.7.1+incompatible                   2.8.0                              go-module  GHSA-qq97-vm5h-rrhg  Low         
github.com/gogo/protobuf              v1.3.1                                1.3.2                              go-module  GHSA-c3h9-896r-86jm  High        
github.com/miekg/dns                  v1.1.15                               1.1.25                             go-module  GHSA-44r7-7p62-q3fr  Medium      
github.com/opencontainers/image-spec  v1.0.2-0.20190823105129-775207bd45b6  1.0.2                              go-module  GHSA-77vh-xpmg-72qh  Low         
gnupg                                 2.2.27-3ubuntu2.1                                                        deb        CVE-2022-3219        Low         
gnupg-l10n                            2.2.27-3ubuntu2.1                                                        deb        CVE-2022-3219        Low         
gnupg-utils                           2.2.27-3ubuntu2.1                                                        deb        CVE-2022-3219        Low         
go.elastic.co/apm                     v1.8.1-0.20200909061013-2aef45b9cf4b  1.11.0                             go-module  GHSA-qqc5-rgcc-cjqh  Low         
golang.org/x/crypto                   v0.0.0-20200510223506-06a226fb4e37    0.0.0-20211202192323-5770296d904e  go-module  GHSA-gwc9-m7rh-j2ww  High        
golang.org/x/crypto                   v0.0.0-20200510223506-06a226fb4e37    0.0.0-20220314234659-1baeb1ce4c0b  go-module  GHSA-8c26-wmh5-6g9v  High        
golang.org/x/crypto                   v0.0.0-20200510223506-06a226fb4e37    0.0.0-20201216223049-8b5274cf687f  go-module  GHSA-3vm4-22fp-5rfm  High        
golang.org/x/crypto                   v0.0.0-20200510223506-06a226fb4e37    0.17.0                             go-module  GHSA-45x7-px36-x8w8  Medium      
golang.org/x/net                      v0.0.0-20200202094626-16171245cfb2    0.7.0                              go-module  GHSA-vvpx-j8f3-3w6h  High        
golang.org/x/net                      v0.0.0-20200202094626-16171245cfb2    0.0.0-20210520170846-37e1c6afe023  go-module  GHSA-83g2-8m93-v3w7  High        
golang.org/x/net                      v0.0.0-20200202094626-16171245cfb2    0.0.0-20220906165146-f3363e06e74c  go-module  GHSA-69cg-p879-7622  High        
golang.org/x/net                      v0.0.0-20200202094626-16171245cfb2    0.17.0                             go-module  GHSA-4374-p667-p6c8  High        
golang.org/x/net                      v0.0.0-20200202094626-16171245cfb2    0.17.0                             go-module  GHSA-qppj-fm5r-hxr3  Medium      
golang.org/x/net                      v0.0.0-20200202094626-16171245cfb2    0.0.0-20210428140749-89ef3d95e781  go-module  GHSA-h86h-8ppg-mxmh  Medium      
golang.org/x/net                      v0.0.0-20200202094626-16171245cfb2    0.13.0                             go-module  GHSA-2wrh-6pvc-2jm9  Medium      
golang.org/x/sys                      v0.0.0-20200625212154-ddb9806d33ae    0.0.0-20220412211240-33da011f77ad  go-module  GHSA-p782-xgp4-8hr8  Medium      
golang.org/x/text                     v0.3.2                                0.3.7                              go-module  GHSA-ppp9-7jff-5vj2  High        
golang.org/x/text                     v0.3.2                                0.3.8                              go-module  GHSA-69ch-w2m2-3vjp  High        
golang.org/x/text                     v0.3.2                                0.3.3                              go-module  GHSA-5rcv-m4m3-hfh7  Medium      
google.golang.org/grpc                v1.29.1                               1.56.3                             go-module  GHSA-m425-mq94-257g  High        
google.golang.org/grpc                v1.29.1                               1.56.3                             go-module  GHSA-qppj-fm5r-hxr3  Medium      
gpg                                   2.2.27-3ubuntu2.1                                                        deb        CVE-2022-3219        Low         
gpg-agent                             2.2.27-3ubuntu2.1                                                        deb        CVE-2022-3219        Low         
gpg-wks-client                        2.2.27-3ubuntu2.1                                                        deb        CVE-2022-3219        Low         
gpg-wks-server                        2.2.27-3ubuntu2.1                                                        deb        CVE-2022-3219        Low         
gpgconf                               2.2.27-3ubuntu2.1                                                        deb        CVE-2022-3219        Low         
gpgsm                                 2.2.27-3ubuntu2.1                                                        deb        CVE-2022-3219        Low         
gpgv                                  2.2.27-3ubuntu2.1                                                        deb        CVE-2022-3219        Low         
k8s.io/client-go                      v0.18.3                               0.18.14                            go-module  GHSA-8cfg-vx93-jvxw  Medium      
libc-bin                              2.35-0ubuntu3.6                                                          deb        CVE-2016-20013       Negligible  
libc6                                 2.35-0ubuntu3.6                                                          deb        CVE-2016-20013       Negligible  
libexpat1                             2.4.7-1ubuntu0.2                                                         deb        CVE-2023-52426       Medium      
libgcc-s1                             12.3.0-1ubuntu1~22.04                                                    deb        CVE-2022-27943       Low         
liblzma5                              5.2.5-2ubuntu1                                                           deb        CVE-2020-22916       Medium      
libncurses6                           6.3-2ubuntu0.1                                                           deb        CVE-2023-50495       Low         
libncurses6                           6.3-2ubuntu0.1                                                           deb        CVE-2023-45918       Low         
libncursesw6                          6.3-2ubuntu0.1                                                           deb        CVE-2023-50495       Low         
libncursesw6                          6.3-2ubuntu0.1                                                           deb        CVE-2023-45918       Low         
libpcre3                              2:8.39-13ubuntu0.22.04.1                                                 deb        CVE-2017-11164       Negligible  
libpython3.10-minimal                 3.10.12-1~22.04.3                                                        deb        CVE-2023-27043       Medium      
libpython3.10-stdlib                  3.10.12-1~22.04.3                                                        deb        CVE-2023-27043       Medium      
libstdc++6                            12.3.0-1ubuntu1~22.04                                                    deb        CVE-2022-27943       Low         
libsystemd0                           249.11-0ubuntu3.12                                                       deb        CVE-2023-7008        Low         
libtinfo6                             6.3-2ubuntu0.1                                                           deb        CVE-2023-50495       Low         
libtinfo6                             6.3-2ubuntu0.1                                                           deb        CVE-2023-45918       Low         
libudev1                              249.11-0ubuntu3.12                                                       deb        CVE-2023-7008        Low         
libzstd1                              1.4.8+dfsg-3build1                                                       deb        CVE-2022-4899        Low         
login                                 1:4.8.1-2ubuntu2.1                    1:4.8.1-2ubuntu2.2                 deb        CVE-2023-4641        Low         
login                                 1:4.8.1-2ubuntu2.1                                                       deb        CVE-2023-29383       Low         
ncurses-base                          6.3-2ubuntu0.1                                                           deb        CVE-2023-50495       Low         
ncurses-base                          6.3-2ubuntu0.1                                                           deb        CVE-2023-45918       Low         
ncurses-bin                           6.3-2ubuntu0.1                                                           deb        CVE-2023-50495       Low         
ncurses-bin                           6.3-2ubuntu0.1                                                           deb        CVE-2023-45918       Low         
passwd                                1:4.8.1-2ubuntu2.1                    1:4.8.1-2ubuntu2.2                 deb        CVE-2023-4641        Low         
passwd                                1:4.8.1-2ubuntu2.1                                                       deb        CVE-2023-29383       Low         
python3.10                            3.10.12-1~22.04.3                                                        deb        CVE-2023-27043       Medium      
python3.10-minimal                    3.10.12-1~22.04.3                                                        deb        CVE-2023-27043       Medium      
stdlib                                go1.14.12                                                                go-module  CVE-2023-29405       Critical    
stdlib                                go1.14.12                                                                go-module  CVE-2023-29404       Critical    
stdlib                                go1.14.12                                                                go-module  CVE-2023-29402       Critical    
stdlib                                go1.14.12                                                                go-module  CVE-2023-24540       Critical    
stdlib                                go1.14.12                                                                go-module  CVE-2023-24538       Critical    
stdlib                                go1.14.12                                                                go-module  CVE-2022-23806       Critical    
stdlib                                go1.14.12                                                                go-module  CVE-2021-38297       Critical    
stdlib                                go1.14.12                                                                go-module  CVE-2023-45287       High        
stdlib                                go1.14.12                                                                go-module  CVE-2023-45285       High        
stdlib                                go1.14.12                                                                go-module  CVE-2023-44487       High        
stdlib                                go1.14.12                                                                go-module  CVE-2023-39323       High        
stdlib                                go1.14.12                                                                go-module  CVE-2023-29403       High        
stdlib                                go1.14.12                                                                go-module  CVE-2023-29400       High        
stdlib                                go1.14.12                                                                go-module  CVE-2023-24539       High        
stdlib                                go1.14.12                                                                go-module  CVE-2023-24537       High        
stdlib                                go1.14.12                                                                go-module  CVE-2023-24536       High        
stdlib                                go1.14.12                                                                go-module  CVE-2023-24534       High        
stdlib                                go1.14.12                                                                go-module  CVE-2022-41725       High        
stdlib                                go1.14.12                                                                go-module  CVE-2022-41724       High        
stdlib                                go1.14.12                                                                go-module  CVE-2022-41723       High        
stdlib                                go1.14.12                                                                go-module  CVE-2022-41722       High        
stdlib                                go1.14.12                                                                go-module  CVE-2022-41715       High        
stdlib                                go1.14.12                                                                go-module  CVE-2022-32189       High        
stdlib                                go1.14.12                                                                go-module  CVE-2022-30635       High        
stdlib                                go1.14.12                                                                go-module  CVE-2022-30633       High        
stdlib                                go1.14.12                                                                go-module  CVE-2022-30632       High        
stdlib                                go1.14.12                                                                go-module  CVE-2022-30631       High        
stdlib                                go1.14.12                                                                go-module  CVE-2022-30630       High        
stdlib                                go1.14.12                                                                go-module  CVE-2022-30580       High        
stdlib                                go1.14.12                                                                go-module  CVE-2022-2880        High        
stdlib                                go1.14.12                                                                go-module  CVE-2022-2879        High        
stdlib                                go1.14.12                                                                go-module  CVE-2022-28327       High        
stdlib                                go1.14.12                                                                go-module  CVE-2022-28131       High        
stdlib                                go1.14.12                                                                go-module  CVE-2022-27664       High        
stdlib                                go1.14.12                                                                go-module  CVE-2022-24921       High        
stdlib                                go1.14.12                                                                go-module  CVE-2022-24675       High        
stdlib                                go1.14.12                                                                go-module  CVE-2022-23773       High        
stdlib                                go1.14.12                                                                go-module  CVE-2022-23772       High        
stdlib                                go1.14.12                                                                go-module  CVE-2021-44716       High        
stdlib                                go1.14.12                                                                go-module  CVE-2021-41772       High        
stdlib                                go1.14.12                                                                go-module  CVE-2021-41771       High        
stdlib                                go1.14.12                                                                go-module  CVE-2021-39293       High        
stdlib                                go1.14.12                                                                go-module  CVE-2021-33198       High        
stdlib                                go1.14.12                                                                go-module  CVE-2021-33196       High        
stdlib                                go1.14.12                                                                go-module  CVE-2021-33195       High        
stdlib                                go1.14.12                                                                go-module  CVE-2021-33194       High        
stdlib                                go1.14.12                                                                go-module  CVE-2021-3115        High        
stdlib                                go1.14.12                                                                go-module  CVE-2021-29923       High        
stdlib                                go1.14.12                                                                go-module  CVE-2021-27918       High        
stdlib                                go1.14.12                                                                go-module  CVE-2023-39326       Medium      
stdlib                                go1.14.12                                                                go-module  CVE-2023-39319       Medium      
stdlib                                go1.14.12                                                                go-module  CVE-2023-39318       Medium      
stdlib                                go1.14.12                                                                go-module  CVE-2023-29409       Medium      
stdlib                                go1.14.12                                                                go-module  CVE-2023-29406       Medium      
stdlib                                go1.14.12                                                                go-module  CVE-2023-24532       Medium      
stdlib                                go1.14.12                                                                go-module  CVE-2022-41717       Medium      
stdlib                                go1.14.12                                                                go-module  CVE-2022-32148       Medium      
stdlib                                go1.14.12                                                                go-module  CVE-2022-29526       Medium      
stdlib                                go1.14.12                                                                go-module  CVE-2022-1962        Medium      
stdlib                                go1.14.12                                                                go-module  CVE-2022-1705        Medium      
stdlib                                go1.14.12                                                                go-module  CVE-2021-44717       Medium      
stdlib                                go1.14.12                                                                go-module  CVE-2021-36221       Medium      
stdlib                                go1.14.12                                                                go-module  CVE-2021-34558       Medium      
stdlib                                go1.14.12                                                                go-module  CVE-2021-33197       Medium      
stdlib                                go1.14.12                                                                go-module  CVE-2021-31525       Medium      
stdlib                                go1.14.12                                                                go-module  CVE-2021-3114        Medium      
stdlib                                go1.14.12                                                                go-module  CVE-2020-29511       Medium      
stdlib                                go1.14.12                                                                go-module  CVE-2020-29510       Medium      
stdlib                                go1.14.12                                                                go-module  CVE-2020-29509       Medium      
stdlib                                go1.14.12                                                                go-module  CVE-2022-30629       Low         
xz-utils                              5.2.5-2ubuntu1                                                           deb        CVE-2020-22916       Medium

Wazuh dashboard

root@ubuntu22:/home/vagrant/wazuh-docker# grype 688bc8f1a320 --scope all-layers
 ✔ Vulnerability DB                [no update available]  
 ✔ Loaded image                                                                                        688bc8f1a320
 ✔ Parsed image                             sha256:688bc8f1a32085b2daf2b68a06aaf7e634bbf0801137fa69c2ac8d5b4e323db5
 ✔ Cataloged contents                              6c91c173fd27a33633b11c66c06486f667f297c0e79fcbf2ffa4403739a1afbb
   ├── ✔ Packages                        [1,957 packages]  
   ├── ✔ File digests                    [2,048 files]  
   ├── ✔ File metadata                   [2,048 locations]  
   └── ✔ Executables                     [735 executables]  
 ✔ Scanned for vulnerabilities     [53 vulnerability matches]  
   ├── by severity: 5 critical, 11 high, 11 medium, 23 low, 3 negligible
   └── by status:   8 fixed, 45 not-fixed, 0 ignored 
[0038]  WARN cataloger failed cataloger=javascript-package-cataloger error=failed to parse package.json file: unable 
[0038]  WARN cataloger failed cataloger=javascript-package-cataloger error=failed to parse package.json file: unable 
[0038]  WARN cataloger failed cataloger=javascript-package-cataloger error=failed to parse package.json file: unexpec
[0038]  WARN cataloger failed cataloger=java-archive-cataloger error=unable to read files from java archive: unable t
NAME                   INSTALLED                 FIXED-IN            TYPE    VULNERABILITY        SEVERITY   
@babel/traverse        7.17.3                    7.23.2              npm     GHSA-67hx-6x53-jw92  Critical    
@babel/traverse        7.21.2                    7.23.2              npm     GHSA-67hx-6x53-jw92  Critical    
angular                1.8.2                                         npm     GHSA-4w4v-5hc9-xrr2  High        
angular                1.8.2                                         npm     GHSA-qwqh-hm9m-p5hr  Medium      
angular                1.8.2                                         npm     GHSA-prc3-vjfx-vhm9  Medium      
angular                1.8.2                                         npm     GHSA-m2h2-264f-f486  Medium      
angular                1.8.2                                         npm     GHSA-2vrf-hf26-jrp5  Medium      
angular                1.8.2                                         npm     GHSA-2qqx-w9hr-q5gx  Medium      
axios                  0.27.2                    0.28.0              npm     GHSA-wf5p-g6vw-rhxx  Medium      
bash                   5.1-6ubuntu1                                  deb     CVE-2022-3715        Low         
coreutils              8.32-4.1ubuntu1.1                             deb     CVE-2016-2781        Low         
debug                  4.1.1                     4.3.1               npm     GHSA-gxpj-cx7g-858c  Medium      
follow-redirects       1.15.2                    1.15.4              npm     GHSA-jchw-25xp-jwwc  Medium      
gcc-12-base            12.3.0-1ubuntu1~22.04                         deb     CVE-2022-27943       Low         
gpgv                   2.2.27-3ubuntu2.1                             deb     CVE-2022-3219        Low         
hoek                   4.2.1                                         npm     GHSA-c429-5p7v-vgjp  High        
hoek                   6.1.3                                         npm     GHSA-c429-5p7v-vgjp  High        
libc-bin               2.35-0ubuntu3.6                               deb     CVE-2016-20013       Negligible  
libc6                  2.35-0ubuntu3.6                               deb     CVE-2016-20013       Negligible  
libgcc-s1              12.3.0-1ubuntu1~22.04                         deb     CVE-2022-27943       Low         
liblzma5               5.2.5-2ubuntu1                                deb     CVE-2020-22916       Medium      
libncurses6            6.3-2ubuntu0.1                                deb     CVE-2023-50495       Low         
libncurses6            6.3-2ubuntu0.1                                deb     CVE-2023-45918       Low         
libncursesw6           6.3-2ubuntu0.1                                deb     CVE-2023-50495       Low         
libncursesw6           6.3-2ubuntu0.1                                deb     CVE-2023-45918       Low         
libpcre3               2:8.39-13ubuntu0.22.04.1                      deb     CVE-2017-11164       Negligible  
libstdc++6             12.3.0-1ubuntu1~22.04                         deb     CVE-2022-27943       Low         
libsystemd0            249.11-0ubuntu3.12                            deb     CVE-2023-7008        Low         
libtinfo6              6.3-2ubuntu0.1                                deb     CVE-2023-50495       Low         
libtinfo6              6.3-2ubuntu0.1                                deb     CVE-2023-45918       Low         
libudev1               249.11-0ubuntu3.12                            deb     CVE-2023-7008        Low         
libzstd1               1.4.8+dfsg-3build1                            deb     CVE-2022-4899        Low         
login                  1:4.8.1-2ubuntu2.1        1:4.8.1-2ubuntu2.2  deb     CVE-2023-4641        Low         
login                  1:4.8.1-2ubuntu2.1                            deb     CVE-2023-29383       Low         
monorepo-symlink-test  0.0.0                                         npm     GHSA-2jcg-qqmg-46q6  Critical    
ncurses-base           6.3-2ubuntu0.1                                deb     CVE-2023-50495       Low         
ncurses-base           6.3-2ubuntu0.1                                deb     CVE-2023-45918       Low         
ncurses-bin            6.3-2ubuntu0.1                                deb     CVE-2023-50495       Low         
ncurses-bin            6.3-2ubuntu0.1                                deb     CVE-2023-45918       Low         
node                   18.16.0                                       binary  CVE-2023-32002       Critical    
node                   18.16.0                                       binary  CVE-2023-44487       High        
node                   18.16.0                                       binary  CVE-2023-38552       High        
node                   18.16.0                                       binary  CVE-2023-32559       High        
node                   18.16.0                                       binary  CVE-2023-32006       High        
node                   18.16.0                                       binary  CVE-2023-30590       High        
node                   18.16.0                                       binary  CVE-2023-30589       High        
node                   18.16.0                                       binary  CVE-2023-30585       High        
node                   18.16.0                                       binary  CVE-2023-30581       High        
node                   18.16.0                                       binary  CVE-2023-30588       Medium      
passwd                 1:4.8.1-2ubuntu2.1        1:4.8.1-2ubuntu2.2  deb     CVE-2023-4641        Low         
passwd                 1:4.8.1-2ubuntu2.1                            deb     CVE-2023-29383       Low
root@ubuntu22:/home/vagrant/wazuh-docker#

After

After the development, the scan is the following:

root@ip-172-31-41-4:/home/ubuntu/wazuh-docker/single-node# docker images
REPOSITORY                    TAG       IMAGE ID       CREATED          SIZE
wazuh/wazuh-dashboard         4.8.0     357ec8a9f033   57 minutes ago   1.15GB
wazuh/wazuh-indexer           4.8.0     d7949d499dcf   58 minutes ago   2.32GB
wazuh/wazuh-manager           4.8.0     98d1c9d13a8b   59 minutes ago   1.22GB

root@ip-172-31-41-4:/home/ubuntu/wazuh-docker/single-node# grype d7949d499dcf  --scope all-layers
 ✔ Vulnerability DB                [updated]  
 ✔ Loaded image                                                                                        d7949d499dcf
 ⠹ Parsing image                   ━━━━━━━━━━━━━━━━━━━━  sha256:d7949d499dcf42f7390b82362e71d2ec845e351776ab176c04a

Wazuh indexer

root@ip-172-31-41-4:/home/ubuntu/wazuh-docker/single-node# grype d7949d499dcf  --scope all-layers
 ✔ Vulnerability DB                [no update available]  
 ✔ Loaded image                                                                                        d7949d499dcf
 ✔ Parsed image                             sha256:d7949d499dcf42f7390b82362e71d2ec845e351776ab176c04ae3f01ce25a0f3
 ✔ Cataloged contents                              2e9752af8078f8d540f8ecc751e23a2a4e905ca44b3e9ff64113b3646b57067c
   ├── ✔ Packages                        [753 packages]  
   ├── ✔ File digests                    [5,462 files]  
   ├── ✔ File metadata                   [5,462 locations]  
   └── ✔ Executables                     [371 executables]  
 ✔ Scanned for vulnerabilities     [16 vulnerability matches]  
   ├── by severity: 0 critical, 9 high, 7 medium, 0 low, 0 negligible
   └── by status:   16 fixed, 0 not-fixed, 0 ignored 
NAME               INSTALLED                FIXED-IN               TYPE          VULNERABILITY        SEVERITY 
bc-fips            1.0.2.3                  1.0.2.4                java-archive  GHSA-68m8-v89j-7j2p  Medium    
commons-compress   1.22                     1.26.0                 java-archive  GHSA-4265-ccf5-phj5  High      
commons-compress   1.22                     1.24.0                 java-archive  GHSA-cgwf-w82q-5jrr  Medium    
commons-compress   1.23.0                   1.26.0                 java-archive  GHSA-4265-ccf5-phj5  High      
commons-compress   1.23.0                   1.24.0                 java-archive  GHSA-cgwf-w82q-5jrr  Medium    
expat              2.5.0-1.amzn2023.0.2     2.5.0-1.amzn2023.0.3   rpm           ALAS-2024-524        Medium    
json               20230227                 20231013               java-archive  GHSA-4jq9-2xhw-jpx7  High      
netty-codec-http2  4.1.97.Final             4.1.100.Final          java-archive  GHSA-xpw8-rcwv-8f8p  High      
opensearch         2.10.0                   2.11.1                 java-archive  GHSA-6g3j-p5g6-992f  Medium    
openssl-libs       1:3.0.8-1.amzn2023.0.10  3.0.8-1.amzn2023.0.11  rpm           ALAS-2024-520        Medium    
snappy-java        1.1.10.3                 1.1.10.4               java-archive  GHSA-55g7-9cwv-5qfv  High      
xmlsec             2.3.3                    2.3.4                  java-archive  GHSA-xfrj-6vvc-3xm2  Medium

Wazuh manager

root@ip-172-31-41-4:/home/ubuntu/wazuh-docker/single-node# grype 98d1c9d13a8b  --scope all-layers
 ✔ Vulnerability DB                [no update available]  
 ✔ Loaded image                                                                                        98d1c9d13a8b
 ✔ Parsed image                             sha256:98d1c9d13a8bec1c2a43fd5b297b2e0e1ace637dd9e2bd551953586007b059c1
 ✔ Cataloged contents                              62b621863bffa8fe3eedff986c86821ca430c334f7eefc860b4615ac5729bc6b
   ├── ✔ Packages                        [318 packages]  
   ├── ✔ File digests                    [25,448 files]  
   ├── ✔ File metadata                   [25,448 locations]  
   └── ✔ Executables                     [734 executables]  
 ✔ Scanned for vulnerabilities     [111 vulnerability matches]  
   ├── by severity: 7 critical, 56 high, 43 medium, 5 low, 0 negligible
   └── by status:   41 fixed, 70 not-fixed, 0 ignored 
NAME                                  INSTALLED                             FIXED-IN                           TYPE       VULNERABILITY        SEVERITY 
Werkzeug                              2.2.3                                 2.3.8                              python     GHSA-hrfv-mqp8-q5rw  Medium    
cryptography                          42.0.2                                42.0.4                             python     GHSA-6vqw-3v5j-54x4  High      
expat                                 2.5.0-1.amzn2023.0.2                  2.5.0-1.amzn2023.0.3               rpm        ALAS-2024-524        Medium    
github.com/containerd/containerd      v1.3.3                                1.4.13                             go-module  GHSA-crp2-qrr5-8pq7  High      
github.com/containerd/containerd      v1.3.3                                1.5.18                             go-module  GHSA-hmfx-3pcx-653p  Medium    
github.com/containerd/containerd      v1.3.3                                1.4.8                              go-module  GHSA-c72p-9xmj-rx3w  Medium    
github.com/containerd/containerd      v1.3.3                                1.4.11                             go-module  GHSA-c2h3-6mxw-7mvq  Medium    
github.com/containerd/containerd      v1.3.3                                1.6.26                             go-module  GHSA-7ww5-4wqc-m92c  Medium    
github.com/containerd/containerd      v1.3.3                                1.3.10                             go-module  GHSA-6g2q-w5j3-fwh4  Medium    
github.com/containerd/containerd      v1.3.3                                1.5.13                             go-module  GHSA-5ffw-gxpp-mxpf  Medium    
github.com/containerd/containerd      v1.3.3                                1.3.9                              go-module  GHSA-36xw-fx78-c5r4  Medium    
github.com/containerd/containerd      v1.3.3                                1.5.16                             go-module  GHSA-2qjp-425j-52j9  Medium    
github.com/containerd/containerd      v1.3.3                                1.5.18                             go-module  GHSA-259w-8hf6-59c2  Medium    
github.com/containerd/containerd      v1.3.3                                1.4.12                             go-module  GHSA-5j5w-g665-5m35  Low       
github.com/docker/distribution        v2.7.1+incompatible                   2.8.2-beta.1                       go-module  GHSA-hqxw-f8mx-cpmw  High      
github.com/docker/distribution        v2.7.1+incompatible                   2.8.0                              go-module  GHSA-qq97-vm5h-rrhg  Low       
github.com/gogo/protobuf              v1.3.1                                1.3.2                              go-module  GHSA-c3h9-896r-86jm  High      
github.com/miekg/dns                  v1.1.15                               1.1.25                             go-module  GHSA-44r7-7p62-q3fr  Medium    
github.com/opencontainers/image-spec  v1.0.2-0.20190823105129-775207bd45b6  1.0.2                              go-module  GHSA-77vh-xpmg-72qh  Low       
go.elastic.co/apm                     v1.8.1-0.20200909061013-2aef45b9cf4b  1.11.0                             go-module  GHSA-qqc5-rgcc-cjqh  Low       
golang.org/x/crypto                   v0.0.0-20200510223506-06a226fb4e37    0.0.0-20211202192323-5770296d904e  go-module  GHSA-gwc9-m7rh-j2ww  High      
golang.org/x/crypto                   v0.0.0-20200510223506-06a226fb4e37    0.0.0-20220314234659-1baeb1ce4c0b  go-module  GHSA-8c26-wmh5-6g9v  High      
golang.org/x/crypto                   v0.0.0-20200510223506-06a226fb4e37    0.0.0-20201216223049-8b5274cf687f  go-module  GHSA-3vm4-22fp-5rfm  High      
golang.org/x/crypto                   v0.0.0-20200510223506-06a226fb4e37    0.17.0                             go-module  GHSA-45x7-px36-x8w8  Medium    
golang.org/x/net                      v0.0.0-20200202094626-16171245cfb2    0.7.0                              go-module  GHSA-vvpx-j8f3-3w6h  High      
golang.org/x/net                      v0.0.0-20200202094626-16171245cfb2    0.0.0-20210520170846-37e1c6afe023  go-module  GHSA-83g2-8m93-v3w7  High      
golang.org/x/net                      v0.0.0-20200202094626-16171245cfb2    0.0.0-20220906165146-f3363e06e74c  go-module  GHSA-69cg-p879-7622  High      
golang.org/x/net                      v0.0.0-20200202094626-16171245cfb2    0.17.0                             go-module  GHSA-4374-p667-p6c8  High      
golang.org/x/net                      v0.0.0-20200202094626-16171245cfb2    0.17.0                             go-module  GHSA-qppj-fm5r-hxr3  Medium    
golang.org/x/net                      v0.0.0-20200202094626-16171245cfb2    0.0.0-20210428140749-89ef3d95e781  go-module  GHSA-h86h-8ppg-mxmh  Medium    
golang.org/x/net                      v0.0.0-20200202094626-16171245cfb2    0.13.0                             go-module  GHSA-2wrh-6pvc-2jm9  Medium    
golang.org/x/sys                      v0.0.0-20200625212154-ddb9806d33ae    0.0.0-20220412211240-33da011f77ad  go-module  GHSA-p782-xgp4-8hr8  Medium    
golang.org/x/text                     v0.3.2                                0.3.7                              go-module  GHSA-ppp9-7jff-5vj2  High      
golang.org/x/text                     v0.3.2                                0.3.8                              go-module  GHSA-69ch-w2m2-3vjp  High      
golang.org/x/text                     v0.3.2                                0.3.3                              go-module  GHSA-5rcv-m4m3-hfh7  Medium    
google.golang.org/grpc                v1.29.1                               1.56.3                             go-module  GHSA-m425-mq94-257g  High      
google.golang.org/grpc                v1.29.1                               1.56.3                             go-module  GHSA-qppj-fm5r-hxr3  Medium    
k8s.io/client-go                      v0.18.3                               0.18.14                            go-module  GHSA-8cfg-vx93-jvxw  Medium    
openssl                               1:3.0.8-1.amzn2023.0.10               3.0.8-1.amzn2023.0.11              rpm        ALAS-2024-520        Medium    
openssl-libs                          1:3.0.8-1.amzn2023.0.10               3.0.8-1.amzn2023.0.11              rpm        ALAS-2024-520        Medium    
stdlib                                go1.14.12                                                                go-module  CVE-2023-29405       Critical  
stdlib                                go1.14.12                                                                go-module  CVE-2023-29404       Critical  
stdlib                                go1.14.12                                                                go-module  CVE-2023-29402       Critical  
stdlib                                go1.14.12                                                                go-module  CVE-2023-24540       Critical  
stdlib                                go1.14.12                                                                go-module  CVE-2023-24538       Critical  
stdlib                                go1.14.12                                                                go-module  CVE-2022-23806       Critical  
stdlib                                go1.14.12                                                                go-module  CVE-2021-38297       Critical  
stdlib                                go1.14.12                                                                go-module  CVE-2023-45287       High      
stdlib                                go1.14.12                                                                go-module  CVE-2023-45285       High      
stdlib                                go1.14.12                                                                go-module  CVE-2023-44487       High      
stdlib                                go1.14.12                                                                go-module  CVE-2023-39323       High      
stdlib                                go1.14.12                                                                go-module  CVE-2023-29403       High      
stdlib                                go1.14.12                                                                go-module  CVE-2023-29400       High      
stdlib                                go1.14.12                                                                go-module  CVE-2023-24539       High      
stdlib                                go1.14.12                                                                go-module  CVE-2023-24537       High      
stdlib                                go1.14.12                                                                go-module  CVE-2023-24536       High      
stdlib                                go1.14.12                                                                go-module  CVE-2023-24534       High      
stdlib                                go1.14.12                                                                go-module  CVE-2022-41725       High      
stdlib                                go1.14.12                                                                go-module  CVE-2022-41724       High      
stdlib                                go1.14.12                                                                go-module  CVE-2022-41723       High      
stdlib                                go1.14.12                                                                go-module  CVE-2022-41722       High      
stdlib                                go1.14.12                                                                go-module  CVE-2022-41715       High      
stdlib                                go1.14.12                                                                go-module  CVE-2022-32189       High      
stdlib                                go1.14.12                                                                go-module  CVE-2022-30635       High      
stdlib                                go1.14.12                                                                go-module  CVE-2022-30633       High      
stdlib                                go1.14.12                                                                go-module  CVE-2022-30632       High      
stdlib                                go1.14.12                                                                go-module  CVE-2022-30631       High      
stdlib                                go1.14.12                                                                go-module  CVE-2022-30630       High      
stdlib                                go1.14.12                                                                go-module  CVE-2022-30580       High      
stdlib                                go1.14.12                                                                go-module  CVE-2022-2880        High      
stdlib                                go1.14.12                                                                go-module  CVE-2022-2879        High      
stdlib                                go1.14.12                                                                go-module  CVE-2022-28327       High      
stdlib                                go1.14.12                                                                go-module  CVE-2022-28131       High      
stdlib                                go1.14.12                                                                go-module  CVE-2022-27664       High      
stdlib                                go1.14.12                                                                go-module  CVE-2022-24921       High      
stdlib                                go1.14.12                                                                go-module  CVE-2022-24675       High      
stdlib                                go1.14.12                                                                go-module  CVE-2022-23773       High      
stdlib                                go1.14.12                                                                go-module  CVE-2022-23772       High      
stdlib                                go1.14.12                                                                go-module  CVE-2021-44716       High      
stdlib                                go1.14.12                                                                go-module  CVE-2021-41772       High      
stdlib                                go1.14.12                                                                go-module  CVE-2021-41771       High      
stdlib                                go1.14.12                                                                go-module  CVE-2021-39293       High      
stdlib                                go1.14.12                                                                go-module  CVE-2021-33198       High      
stdlib                                go1.14.12                                                                go-module  CVE-2021-33196       High      
stdlib                                go1.14.12                                                                go-module  CVE-2021-33195       High      
stdlib                                go1.14.12                                                                go-module  CVE-2021-33194       High      
stdlib                                go1.14.12                                                                go-module  CVE-2021-3115        High      
stdlib                                go1.14.12                                                                go-module  CVE-2021-29923       High      
stdlib                                go1.14.12                                                                go-module  CVE-2021-27918       High      
stdlib                                go1.14.12                                                                go-module  CVE-2023-39326       Medium    
stdlib                                go1.14.12                                                                go-module  CVE-2023-39319       Medium    
stdlib                                go1.14.12                                                                go-module  CVE-2023-39318       Medium    
stdlib                                go1.14.12                                                                go-module  CVE-2023-29409       Medium    
stdlib                                go1.14.12                                                                go-module  CVE-2023-29406       Medium    
stdlib                                go1.14.12                                                                go-module  CVE-2023-24532       Medium    
stdlib                                go1.14.12                                                                go-module  CVE-2022-41717       Medium    
stdlib                                go1.14.12                                                                go-module  CVE-2022-32148       Medium    
stdlib                                go1.14.12                                                                go-module  CVE-2022-29526       Medium    
stdlib                                go1.14.12                                                                go-module  CVE-2022-1962        Medium    
stdlib                                go1.14.12                                                                go-module  CVE-2022-1705        Medium    
stdlib                                go1.14.12                                                                go-module  CVE-2021-44717       Medium    
stdlib                                go1.14.12                                                                go-module  CVE-2021-36221       Medium    
stdlib                                go1.14.12                                                                go-module  CVE-2021-34558       Medium    
stdlib                                go1.14.12                                                                go-module  CVE-2021-33197       Medium    
stdlib                                go1.14.12                                                                go-module  CVE-2021-31525       Medium    
stdlib                                go1.14.12                                                                go-module  CVE-2021-3114        Medium    
stdlib                                go1.14.12                                                                go-module  CVE-2020-29511       Medium    
stdlib                                go1.14.12                                                                go-module  CVE-2020-29510       Medium    
stdlib                                go1.14.12                                                                go-module  CVE-2020-29509       Medium    
stdlib                                go1.14.12                                                                go-module  CVE-2022-30629       Low       
systemd-libs                          252.16-1.amzn2023.0.1                 252.16-1.amzn2023.0.2              rpm        ALAS-2024-509        Medium

Wazuh dashboard

root@ip-172-31-41-4:/home/ubuntu/wazuh-docker/single-node# grype 357ec8a9f033  --scope all-layers
 ✔ Vulnerability DB                [no update available]  
 ✔ Loaded image                                                                                        357ec8a9f033
 ✔ Parsed image                             sha256:357ec8a9f033de9e763b0f36d66558898c38634b5ea9ee97d113f0c3d7ba3dab
 ✔ Cataloged contents                              0124bab0342119df23f86c1e47bee42f978db2e56e85b1ae4c0eb2dc11370d82
   ├── ✔ Packages                        [1,963 packages]  
   ├── ✔ File digests                    [5,403 files]  
   ├── ✔ File metadata                   [5,403 locations]  
   └── ✔ Executables                     [298 executables]  
 ✔ Scanned for vulnerabilities     [30 vulnerability matches]  
   ├── by severity: 5 critical, 11 high, 14 medium, 0 low, 0 negligible
   └── by status:   10 fixed, 20 not-fixed, 0 ignored 
[0164]  WARN cataloger failed cataloger=javascript-package-cataloger error=failed to parse package.json file: unable 
[0164]  WARN cataloger failed cataloger=javascript-package-cataloger error=failed to parse package.json file: unable 
[0164]  WARN cataloger failed cataloger=javascript-package-cataloger error=failed to parse package.json file: unexpec
[0166]  WARN cataloger failed cataloger=java-archive-cataloger error=unable to read files from java archive: unable t
NAME                   INSTALLED                FIXED-IN               TYPE    VULNERABILITY        SEVERITY 
@babel/traverse        7.17.3                   7.23.2                 npm     GHSA-67hx-6x53-jw92  Critical  
@babel/traverse        7.21.2                   7.23.2                 npm     GHSA-67hx-6x53-jw92  Critical  
angular                1.8.2                                           npm     GHSA-4w4v-5hc9-xrr2  High      
angular                1.8.2                                           npm     GHSA-qwqh-hm9m-p5hr  Medium    
angular                1.8.2                                           npm     GHSA-prc3-vjfx-vhm9  Medium    
angular                1.8.2                                           npm     GHSA-m2h2-264f-f486  Medium    
angular                1.8.2                                           npm     GHSA-2vrf-hf26-jrp5  Medium    
angular                1.8.2                                           npm     GHSA-2qqx-w9hr-q5gx  Medium    
axios                  0.27.2                   0.28.0                 npm     GHSA-wf5p-g6vw-rhxx  Medium    
debug                  4.1.1                    4.3.1                  npm     GHSA-gxpj-cx7g-858c  Medium    
expat                  2.5.0-1.amzn2023.0.2     2.5.0-1.amzn2023.0.3   rpm     ALAS-2024-524        Medium    
follow-redirects       1.15.2                   1.15.4                 npm     GHSA-jchw-25xp-jwwc  Medium    
follow-redirects       1.15.3                   1.15.4                 npm     GHSA-jchw-25xp-jwwc  Medium    
hoek                   4.2.1                                           npm     GHSA-c429-5p7v-vgjp  High      
hoek                   6.1.3                                           npm     GHSA-c429-5p7v-vgjp  High      
monorepo-symlink-test  0.0.0                                           npm     GHSA-2jcg-qqmg-46q6  Critical  
node                   18.16.0                                         binary  CVE-2023-32002       Critical  
node                   18.16.0                                         binary  CVE-2023-44487       High      
node                   18.16.0                                         binary  CVE-2023-38552       High      
node                   18.16.0                                         binary  CVE-2023-32559       High      
node                   18.16.0                                         binary  CVE-2023-32006       High      
node                   18.16.0                                         binary  CVE-2023-30590       High      
node                   18.16.0                                         binary  CVE-2023-30589       High      
node                   18.16.0                                         binary  CVE-2023-30585       High      
node                   18.16.0                                         binary  CVE-2023-30581       High      
node                   18.16.0                                         binary  CVE-2023-30588       Medium    
openssl-libs           1:3.0.8-1.amzn2023.0.10  3.0.8-1.amzn2023.0.11  rpm     ALAS-2024-520        Medium

Conclusions:

In Wazuh indexer

The following vulerabilities have been removed:

bash
coreutils
gcc-12-base
gpgv
libc-bin
libc6
libgcc-s1
liblzma5
libncurses6
libncursesw6
libpcre3
libstdc++6
libsystemd0
libtinfo6
libudev1
libzstd1
login
ncurses-base
ncurses-bin
passwd

The following vulnerabilities have been added:

expat 
openssl-libs

In Wazuh manager

The following vulnerabilities have been removed:

ibjpeg-turbo
libwayland-client
curl
binutils
libX11
libxml2
OpenSSL
krb5
libcap
libuuid
glibc
gcc
libXrender
jasper
openjpeg2
mariadb
iproute
pam

The following vulnerabilities have been added:

Werkzeug 
cryptography
containerd
docker/distribution
gogo/protobuf
miekg/dns
opencontainers/image-spec
go.elastic.co/apm
golang.org/x/crypto
golang.org/x/net
golang.org/x/sys
golang.org/x/text
google.golang.org/grpc
k8s.io/client-go
systemd-libs

In Wazuh dashboard

The following vulnerabilities have been removed:

bash
coreutils
follow-redirects
follow-redirects
hoek
hoek
libncurses6
libncurses6
libncursesw6
libncursesw6
monorepo-symlink-test
ncurses-base
ncurses-base
ncurses-bin
ncurses-bin
passwd
passwd

The following vulnerabilities have been added:

expat 
follow-redirects
follow-redirects
openssl-libs

Update Report

Using the amazonlinux:latest image, the vulnerabilities scans report the following:

Wazuh indexer

 ✘  ~  sudo grype 271d13bb1024 --scope all-layers
 ✔ Vulnerability DB                [updated]  
 ✔ Loaded image                                                                                        271d13bb1024
 ✔ Parsed image                             sha256:271d13bb102424f8dc37d51e6dd9d5832b2972b0fc3e1d384198d6984021f7ac
 ✔ Cataloged contents                              2c669e4e3f1f543c3ba88b04311aace4a99c8419815661a34f403212111ced00
   ├── ✔ Packages                        [753 packages]  
   ├── ✔ File digests                    [5,461 files]  
   ├── ✔ File metadata                   [5,461 locations]  
   └── ✔ Executables                     [371 executables]  
 ✔ Scanned for vulnerabilities     [14 vulnerability matches]  
   ├── by severity: 0 critical, 9 high, 5 medium, 0 low, 0 negligible
   └── by status:   14 fixed, 0 not-fixed, 0 ignored 
NAME               INSTALLED     FIXED-IN       TYPE          VULNERABILITY        SEVERITY 
bc-fips            1.0.2.3       1.0.2.4        java-archive  GHSA-68m8-v89j-7j2p  Medium    
commons-compress   1.22          1.26.0         java-archive  GHSA-4265-ccf5-phj5  High      
commons-compress   1.22          1.24.0         java-archive  GHSA-cgwf-w82q-5jrr  Medium    
commons-compress   1.23.0        1.26.0         java-archive  GHSA-4265-ccf5-phj5  High      
commons-compress   1.23.0        1.24.0         java-archive  GHSA-cgwf-w82q-5jrr  Medium    
json               20230227      20231013       java-archive  GHSA-4jq9-2xhw-jpx7  High      
netty-codec-http2  4.1.97.Final  4.1.100.Final  java-archive  GHSA-xpw8-rcwv-8f8p  High      
opensearch         2.10.0        2.11.1         java-archive  GHSA-6g3j-p5g6-992f  Medium    
snappy-java        1.1.10.3      1.1.10.4       java-archive  GHSA-55g7-9cwv-5qfv  High      
xmlsec             2.3.3         2.3.4          java-archive  GHSA-xfrj-6vvc-3xm2  Medium

Wazuh manager

 ~  sudo grype 2bd841ba96f5 --scope all-layers
 ✔ Vulnerability DB                [no update available]  
 ✔ Loaded image                                                                                        2bd841ba96f5
 ✔ Parsed image                             sha256:2bd841ba96f5d9e1fdc5ca42cce357ae0e1471c47eb3bd7e6752fc4172ac415a
 ✔ Cataloged contents                              c452f750dd124efb2c9b1851973a6e9e511e785a7fce9f28d88df26c626c50a7
   ├── ✔ Packages                        [318 packages]  
   ├── ✔ File digests                    [25,447 files]  
   ├── ✔ File metadata                   [25,447 locations]  
   └── ✔ Executables                     [720 executables]  
 ✔ Scanned for vulnerabilities     [107 vulnerability matches]  
   ├── by severity: 7 critical, 56 high, 39 medium, 5 low, 0 negligible
   └── by status:   37 fixed, 70 not-fixed, 0 ignored 
[0043]  WARN unable to read dynamic symbols from elf file error=no symbol section
[0043]  WARN unable to read dynamic symbols from elf file error=no symbol section
[0043]  WARN unable to read dynamic symbols from elf file error=no symbol section
[0043]  WARN unable to read dynamic symbols from elf file error=no symbol section
[0043]  WARN unable to read dynamic symbols from elf file error=no symbol section
[0043]  WARN unable to read dynamic symbols from elf file error=no symbol section
[0043]  WARN unable to read dynamic symbols from elf file error=no symbol section
[0043]  WARN unable to read dynamic symbols from elf file error=no symbol section
[0043]  WARN unable to read dynamic symbols from elf file error=no symbol section
[0043]  WARN unable to read dynamic symbols from elf file error=no symbol section
[0043]  WARN unable to read dynamic symbols from elf file error=no symbol section
[0043]  WARN unable to read dynamic symbols from elf file error=no symbol section
[0043]  WARN unable to read dynamic symbols from elf file error=no symbol section
[0043]  WARN unable to read dynamic symbols from elf file error=no symbol section
[0043]  WARN unable to read dynamic symbols from elf file error=no symbol section
[0043]  WARN unable to read dynamic symbols from elf file error=no symbol section
[0043]  WARN unable to read dynamic symbols from elf file error=no symbol section
[0043]  WARN unable to read dynamic symbols from elf file error=no symbol section
[0043]  WARN unable to read dynamic symbols from elf file error=no symbol section
[0043]  WARN unable to read dynamic symbols from elf file error=no symbol section
[0043]  WARN unable to read dynamic symbols from elf file error=no symbol section
[0043]  WARN unable to read dynamic symbols from elf file error=no symbol section
[0043]  WARN unable to read dynamic symbols from elf file error=no symbol section
[0043]  WARN unable to read dynamic symbols from elf file error=no symbol section
[0044]  WARN unable to determine security features for "/var/ossec/framework/python/lib/python3.10/site-packages/pip/
[0044]  WARN unable to determine security features for "/var/ossec/framework/python/lib/python3.10/site-packages/pip/
[0044]  WARN unable to determine security features for "/var/ossec/framework/python/lib/python3.10/site-packages/pip/
[0044]  WARN unable to determine security features for "/var/ossec/framework/python/lib/python3.10/site-packages/pip/
[0044]  WARN unable to determine security features for "/var/ossec/framework/python/lib/python3.10/site-packages/pip/
[0044]  WARN unable to determine security features for "/var/ossec/framework/python/lib/python3.10/site-packages/pip/
[0044]  WARN unable to determine security features for "/var/ossec/framework/python/lib/python3.10/site-packages/setu
[0044]  WARN unable to determine security features for "/var/ossec/framework/python/lib/python3.10/site-packages/setu
[0044]  WARN unable to determine security features for "/var/ossec/framework/python/lib/python3.10/site-packages/setu
[0044]  WARN unable to determine security features for "/var/ossec/framework/python/lib/python3.10/site-packages/setu
[0044]  WARN unable to determine security features for "/var/ossec/framework/python/lib/python3.10/site-packages/setu
[0044]  WARN unable to determine security features for "/var/ossec/framework/python/lib/python3.10/site-packages/setu
[0044]  WARN unable to determine security features for "/var/ossec/framework/python/lib/python3.10/site-packages/setu
[0044]  WARN unable to determine security features for "/var/ossec/framework/python/lib/python3.10/site-packages/setu
[0045]  WARN some package(s) are missing CPEs. This may result in missing vulnerabilities. You may autogenerate these
NAME                                  INSTALLED                             FIXED-IN                           TYPE       VULNERABILITY        SEVERITY 
Werkzeug                              2.2.3                                 2.3.8                              python     GHSA-hrfv-mqp8-q5rw  Medium    
cryptography                          42.0.2                                42.0.4                             python     GHSA-6vqw-3v5j-54x4  High      
github.com/containerd/containerd      v1.3.3                                1.4.13                             go-module  GHSA-crp2-qrr5-8pq7  High      
github.com/containerd/containerd      v1.3.3                                1.5.18                             go-module  GHSA-hmfx-3pcx-653p  Medium    
github.com/containerd/containerd      v1.3.3                                1.4.8                              go-module  GHSA-c72p-9xmj-rx3w  Medium    
github.com/containerd/containerd      v1.3.3                                1.4.11                             go-module  GHSA-c2h3-6mxw-7mvq  Medium    
github.com/containerd/containerd      v1.3.3                                1.6.26                             go-module  GHSA-7ww5-4wqc-m92c  Medium    
github.com/containerd/containerd      v1.3.3                                1.3.10                             go-module  GHSA-6g2q-w5j3-fwh4  Medium    
github.com/containerd/containerd      v1.3.3                                1.5.13                             go-module  GHSA-5ffw-gxpp-mxpf  Medium    
github.com/containerd/containerd      v1.3.3                                1.3.9                              go-module  GHSA-36xw-fx78-c5r4  Medium    
github.com/containerd/containerd      v1.3.3                                1.5.16                             go-module  GHSA-2qjp-425j-52j9  Medium    
github.com/containerd/containerd      v1.3.3                                1.5.18                             go-module  GHSA-259w-8hf6-59c2  Medium    
github.com/containerd/containerd      v1.3.3                                1.4.12                             go-module  GHSA-5j5w-g665-5m35  Low       
github.com/docker/distribution        v2.7.1+incompatible                   2.8.2-beta.1                       go-module  GHSA-hqxw-f8mx-cpmw  High      
github.com/docker/distribution        v2.7.1+incompatible                   2.8.0                              go-module  GHSA-qq97-vm5h-rrhg  Low       
github.com/gogo/protobuf              v1.3.1                                1.3.2                              go-module  GHSA-c3h9-896r-86jm  High      
github.com/miekg/dns                  v1.1.15                               1.1.25                             go-module  GHSA-44r7-7p62-q3fr  Medium    
github.com/opencontainers/image-spec  v1.0.2-0.20190823105129-775207bd45b6  1.0.2                              go-module  GHSA-77vh-xpmg-72qh  Low       
go.elastic.co/apm                     v1.8.1-0.20200909061013-2aef45b9cf4b  1.11.0                             go-module  GHSA-qqc5-rgcc-cjqh  Low       
golang.org/x/crypto                   v0.0.0-20200510223506-06a226fb4e37    0.0.0-20211202192323-5770296d904e  go-module  GHSA-gwc9-m7rh-j2ww  High      
golang.org/x/crypto                   v0.0.0-20200510223506-06a226fb4e37    0.0.0-20220314234659-1baeb1ce4c0b  go-module  GHSA-8c26-wmh5-6g9v  High      
golang.org/x/crypto                   v0.0.0-20200510223506-06a226fb4e37    0.0.0-20201216223049-8b5274cf687f  go-module  GHSA-3vm4-22fp-5rfm  High      
golang.org/x/crypto                   v0.0.0-20200510223506-06a226fb4e37    0.17.0                             go-module  GHSA-45x7-px36-x8w8  Medium    
golang.org/x/net                      v0.0.0-20200202094626-16171245cfb2    0.7.0                              go-module  GHSA-vvpx-j8f3-3w6h  High      
golang.org/x/net                      v0.0.0-20200202094626-16171245cfb2    0.0.0-20210520170846-37e1c6afe023  go-module  GHSA-83g2-8m93-v3w7  High      
golang.org/x/net                      v0.0.0-20200202094626-16171245cfb2    0.0.0-20220906165146-f3363e06e74c  go-module  GHSA-69cg-p879-7622  High      
golang.org/x/net                      v0.0.0-20200202094626-16171245cfb2    0.17.0                             go-module  GHSA-4374-p667-p6c8  High      
golang.org/x/net                      v0.0.0-20200202094626-16171245cfb2    0.17.0                             go-module  GHSA-qppj-fm5r-hxr3  Medium    
golang.org/x/net                      v0.0.0-20200202094626-16171245cfb2    0.0.0-20210428140749-89ef3d95e781  go-module  GHSA-h86h-8ppg-mxmh  Medium    
golang.org/x/net                      v0.0.0-20200202094626-16171245cfb2    0.13.0                             go-module  GHSA-2wrh-6pvc-2jm9  Medium    
golang.org/x/sys                      v0.0.0-20200625212154-ddb9806d33ae    0.0.0-20220412211240-33da011f77ad  go-module  GHSA-p782-xgp4-8hr8  Medium    
golang.org/x/text                     v0.3.2                                0.3.7                              go-module  GHSA-ppp9-7jff-5vj2  High      
golang.org/x/text                     v0.3.2                                0.3.8                              go-module  GHSA-69ch-w2m2-3vjp  High      
golang.org/x/text                     v0.3.2                                0.3.3                              go-module  GHSA-5rcv-m4m3-hfh7  Medium    
google.golang.org/grpc                v1.29.1                               1.56.3                             go-module  GHSA-m425-mq94-257g  High      
google.golang.org/grpc                v1.29.1                               1.56.3                             go-module  GHSA-qppj-fm5r-hxr3  Medium    
k8s.io/client-go                      v0.18.3                               0.18.14                            go-module  GHSA-8cfg-vx93-jvxw  Medium    
stdlib                                go1.14.12                                                                go-module  CVE-2023-29405       Critical  
stdlib                                go1.14.12                                                                go-module  CVE-2023-29404       Critical  
stdlib                                go1.14.12                                                                go-module  CVE-2023-29402       Critical  
stdlib                                go1.14.12                                                                go-module  CVE-2023-24540       Critical  
stdlib                                go1.14.12                                                                go-module  CVE-2023-24538       Critical  
stdlib                                go1.14.12                                                                go-module  CVE-2022-23806       Critical  
stdlib                                go1.14.12                                                                go-module  CVE-2021-38297       Critical  
stdlib                                go1.14.12                                                                go-module  CVE-2023-45287       High      
stdlib                                go1.14.12                                                                go-module  CVE-2023-45285       High      
stdlib                                go1.14.12                                                                go-module  CVE-2023-44487       High      
stdlib                                go1.14.12                                                                go-module  CVE-2023-39323       High      
stdlib                                go1.14.12                                                                go-module  CVE-2023-29403       High      
stdlib                                go1.14.12                                                                go-module  CVE-2023-29400       High      
stdlib                                go1.14.12                                                                go-module  CVE-2023-24539       High      
stdlib                                go1.14.12                                                                go-module  CVE-2023-24537       High      
stdlib                                go1.14.12                                                                go-module  CVE-2023-24536       High      
stdlib                                go1.14.12                                                                go-module  CVE-2023-24534       High      
stdlib                                go1.14.12                                                                go-module  CVE-2022-41725       High      
stdlib                                go1.14.12                                                                go-module  CVE-2022-41724       High      
stdlib                                go1.14.12                                                                go-module  CVE-2022-41723       High      
stdlib                                go1.14.12                                                                go-module  CVE-2022-41722       High      
stdlib                                go1.14.12                                                                go-module  CVE-2022-41715       High      
stdlib                                go1.14.12                                                                go-module  CVE-2022-32189       High      
stdlib                                go1.14.12                                                                go-module  CVE-2022-30635       High      
stdlib                                go1.14.12                                                                go-module  CVE-2022-30633       High      
stdlib                                go1.14.12                                                                go-module  CVE-2022-30632       High      
stdlib                                go1.14.12                                                                go-module  CVE-2022-30631       High      
stdlib                                go1.14.12                                                                go-module  CVE-2022-30630       High      
stdlib                                go1.14.12                                                                go-module  CVE-2022-30580       High      
stdlib                                go1.14.12                                                                go-module  CVE-2022-2880        High      
stdlib                                go1.14.12                                                                go-module  CVE-2022-2879        High      
stdlib                                go1.14.12                                                                go-module  CVE-2022-28327       High      
stdlib                                go1.14.12                                                                go-module  CVE-2022-28131       High      
stdlib                                go1.14.12                                                                go-module  CVE-2022-27664       High      
stdlib                                go1.14.12                                                                go-module  CVE-2022-24921       High      
stdlib                                go1.14.12                                                                go-module  CVE-2022-24675       High      
stdlib                                go1.14.12                                                                go-module  CVE-2022-23773       High      
stdlib                                go1.14.12                                                                go-module  CVE-2022-23772       High      
stdlib                                go1.14.12                                                                go-module  CVE-2021-44716       High      
stdlib                                go1.14.12                                                                go-module  CVE-2021-41772       High      
stdlib                                go1.14.12                                                                go-module  CVE-2021-41771       High      
stdlib                                go1.14.12                                                                go-module  CVE-2021-39293       High      
stdlib                                go1.14.12                                                                go-module  CVE-2021-33198       High      
stdlib                                go1.14.12                                                                go-module  CVE-2021-33196       High      
stdlib                                go1.14.12                                                                go-module  CVE-2021-33195       High      
stdlib                                go1.14.12                                                                go-module  CVE-2021-33194       High      
stdlib                                go1.14.12                                                                go-module  CVE-2021-3115        High      
stdlib                                go1.14.12                                                                go-module  CVE-2021-29923       High      
stdlib                                go1.14.12                                                                go-module  CVE-2021-27918       High      
stdlib                                go1.14.12                                                                go-module  CVE-2023-39326       Medium    
stdlib                                go1.14.12                                                                go-module  CVE-2023-39319       Medium    
stdlib                                go1.14.12                                                                go-module  CVE-2023-39318       Medium    
stdlib                                go1.14.12                                                                go-module  CVE-2023-29409       Medium    
stdlib                                go1.14.12                                                                go-module  CVE-2023-29406       Medium    
stdlib                                go1.14.12                                                                go-module  CVE-2023-24532       Medium    
stdlib                                go1.14.12                                                                go-module  CVE-2022-41717       Medium    
stdlib                                go1.14.12                                                                go-module  CVE-2022-32148       Medium    
stdlib                                go1.14.12                                                                go-module  CVE-2022-29526       Medium    
stdlib                                go1.14.12                                                                go-module  CVE-2022-1962        Medium    
stdlib                                go1.14.12                                                                go-module  CVE-2022-1705        Medium    
stdlib                                go1.14.12                                                                go-module  CVE-2021-44717       Medium    
stdlib                                go1.14.12                                                                go-module  CVE-2021-36221       Medium    
stdlib                                go1.14.12                                                                go-module  CVE-2021-34558       Medium    
stdlib                                go1.14.12                                                                go-module  CVE-2021-33197       Medium    
stdlib                                go1.14.12                                                                go-module  CVE-2021-31525       Medium    
stdlib                                go1.14.12                                                                go-module  CVE-2021-3114        Medium    
stdlib                                go1.14.12                                                                go-module  CVE-2020-29511       Medium    
stdlib                                go1.14.12                                                                go-module  CVE-2020-29510       Medium    
stdlib                                go1.14.12                                                                go-module  CVE-2020-29509       Medium    
stdlib                                go1.14.12                                                                go-module  CVE-2022-30629       Low

Wazuh dashboard

 ~  sudo grype 93485857c37d --scope all-layers
 ✔ Vulnerability DB                [no update available]  
 ✔ Loaded image                                                                                        93485857c37d
 ✔ Parsed image                             sha256:93485857c37de74fd387c33162e0042206af3b7c32362745a5a534b15f9a9def
 ✔ Cataloged contents                              50b66acf5a627cb290660c70f6b83681de80a16aa6241062411104785b63bbc7
   ├── ✔ Packages                        [1,963 packages]  
   ├── ✔ File digests                    [5,402 files]  
   ├── ✔ File metadata                   [5,402 locations]  
   └── ✔ Executables                     [298 executables]  
 ✔ Scanned for vulnerabilities     [27 vulnerability matches]  
   ├── by severity: 5 critical, 11 high, 10 medium, 1 low, 0 negligible
   └── by status:   7 fixed, 20 not-fixed, 0 ignored 
[0055]  WARN cataloger failed cataloger=javascript-package-cataloger error=failed to parse package.json file: unable 
[0055]  WARN cataloger failed cataloger=javascript-package-cataloger error=failed to parse package.json file: unable 
[0055]  WARN cataloger failed cataloger=javascript-package-cataloger error=failed to parse package.json file: unexpec
[0055]  WARN cataloger failed cataloger=java-archive-cataloger error=unable to read files from java archive: unable t
NAME                   INSTALLED  FIXED-IN  TYPE    VULNERABILITY        SEVERITY 
@babel/traverse        7.17.3     7.23.2    npm     GHSA-67hx-6x53-jw92  Critical  
@babel/traverse        7.21.2     7.23.2    npm     GHSA-67hx-6x53-jw92  Critical  
angular                1.8.2                npm     GHSA-4w4v-5hc9-xrr2  High      
angular                1.8.2                npm     GHSA-qwqh-hm9m-p5hr  Medium    
angular                1.8.2                npm     GHSA-prc3-vjfx-vhm9  Medium    
angular                1.8.2                npm     GHSA-m2h2-264f-f486  Medium    
angular                1.8.2                npm     GHSA-2vrf-hf26-jrp5  Medium    
angular                1.8.2                npm     GHSA-2qqx-w9hr-q5gx  Medium    
axios                  0.27.2     0.28.0    npm     GHSA-wf5p-g6vw-rhxx  Medium    
debug                  4.1.1      4.3.1     npm     GHSA-gxpj-cx7g-858c  Medium    
es5-ext                0.10.62    0.10.63   npm     GHSA-4gmj-3p3h-gm8h  Low       
follow-redirects       1.15.2     1.15.4    npm     GHSA-jchw-25xp-jwwc  Medium    
hoek                   4.2.1                npm     GHSA-c429-5p7v-vgjp  High      
hoek                   6.1.3                npm     GHSA-c429-5p7v-vgjp  High      
monorepo-symlink-test  0.0.0                npm     GHSA-2jcg-qqmg-46q6  Critical  
node                   18.16.0              binary  CVE-2023-32002       Critical  
node                   18.16.0              binary  CVE-2023-44487       High      
node                   18.16.0              binary  CVE-2023-38552       High      
node                   18.16.0              binary  CVE-2023-32559       High      
node                   18.16.0              binary  CVE-2023-32006       High      
node                   18.16.0              binary  CVE-2023-30590       High      
node                   18.16.0              binary  CVE-2023-30589       High      
node                   18.16.0              binary  CVE-2023-30585       High      
node                   18.16.0              binary  CVE-2023-30581       High      
node                   18.16.0              binary  CVE-2023-30588       Medium

Conclusions

In the wazuh-indexer image, the openssl-libs and expat vulnerabilities have been removed.
In the wazuh-manager image, the expat, systemd-libs, openssl, openssl-libs have been removed
In the wazuh-dashboard image, the expat, openssl-libs and follow-redirects (x2) have been removed.

wazuh / wazuh-docker

Change the base image to Amazon Linux 2023 #1210

Description

Tasks

DRI

Update Report

Development

Vulnerability analysis

Update Report

Testing

Update Report

Testing single node deployment

Wazuh indexer logs

Wazuh manager logs

Wazuh dashboard logs

Accessing interface

Testing multi node deployment

Wazuh indexer logs

Wazuh manager logs

Wazuh dashboard logs

Accessing interface

Testing upgrade

Wazuh indexer logs

Wazuh manager logs

Wazuh dashboard logs

Accessing interface

Update Report

Final scan

Before

After

Conclusions:

Update Report

Conclusions