Closed teddytpc1 closed 6 months ago
Currently working on the images building. Some necessary changes must be done to complete this task.
I noticed many of the common and essential dependencies of Linux distributions are not installed in the Amazon Linux 2023 Docker image. Some extra dependencies installed to create the images are:
wazuh-indexer
image:
groupadd
)find
)wazuh-manager
image:
wazuh-dashboard
image:groupadd
)Maybe, the image does not present any vulnerabilities because of its simplicity.
:heavy_check_mark: The Wazuh Docker images were built successfully:
root@ip-172-31-41-4:/home/ubuntu/wazuh-docker# sudo docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
wazuh/wazuh-dashboard 4.8.0 3fd955dae2ad 7 minutes ago 1.15GB
wazuh/wazuh-indexer 4.8.0 c7b6bc5e1e76 10 minutes ago 2.32GB
wazuh/wazuh-manager 4.8.0 f97337140f22 11 minutes ago 5.95GB
root@ip-172-31-41-4:/home/ubuntu/wazuh-docker# build-docker-images/build-images.sh
[+] Building 420.2s (82/82) FINISHED
=> [wazuh/wazuh-dashboard:4.8.0 internal] load build definition from Dockerfile 0.0s
=> => transferring dockerfile: 3.65kB 0.0s
=> [wazuh/wazuh-indexer:4.8.0 internal] load metadata for docker.io/library/amazonlinux:2023.3.20240131.0 0.1s
=> [wazuh/wazuh-manager:4.8.0 internal] load build definition from Dockerfile 0.0s
=> => transferring dockerfile: 2.30kB 0.0s
=> [wazuh/wazuh-indexer:4.8.0 internal] load build definition from Dockerfile 0.0s
=> => transferring dockerfile: 2.56kB 0.0s
=> [wazuh/wazuh-manager:4.8.0 internal] load .dockerignore 0.0s
=> => transferring context: 2B 0.0s
=> [wazuh/wazuh-dashboard:4.8.0 internal] load .dockerignore 0.0s
=> => transferring context: 2B 0.0s
=> [wazuh/wazuh-indexer:4.8.0 internal] load .dockerignore 0.0s
=> => transferring context: 2B 0.0s
=> CACHED [wazuh/wazuh-indexer:4.8.0 1/16] FROM docker.io/library/amazonlinux:2023.3.20240131.0@sha256:d8323 0.0s
=> CACHED [wazuh/wazuh-manager:4.8.0] https://raw.githubusercontent.com/wazuh/wazuh/4.8.0/extensions/elastics 0.1s
=> [wazuh/wazuh-manager:4.8.0 internal] load build context 0.1s
=> => transferring context: 836B 0.0s
=> [wazuh/wazuh-dashboard:4.8.0 internal] load build context 0.1s
=> => transferring context: 358B 0.0s
=> [wazuh/wazuh-dashboard:4.8.0 stage-1 2/13] RUN yum install shadow-utils -y 32.3s
=> [wazuh/wazuh-dashboard:4.8.0 builder 2/17] RUN yum install curl-minimal libcap xz tar openssl -y 31.2s
=> [wazuh/wazuh-manager:4.8.0 2/16] RUN rm /bin/sh && ln -s /bin/bash /bin/sh 1.2s
=> [wazuh/wazuh-indexer:4.8.0 internal] load build context 0.1s
=> => transferring context: 432B 0.0s
=> [wazuh/wazuh-indexer:4.8.0 stage-1 2/16] RUN yum install curl-minimal shadow-utils -y 31.1s
=> [wazuh/wazuh-indexer:4.8.0 builder 2/10] RUN yum install curl-minimal openssl tar xz findutils shadow-ut 33.1s
=> [wazuh/wazuh-manager:4.8.0 3/16] RUN yum install curl-minimal xz gnupg tar gzip -y && yum clean all 31.9s
=> [wazuh/wazuh-indexer:4.8.0 stage-1 3/16] RUN getent group wazuh-indexer || groupadd -r -g 1000 wazuh-inde 1.4s
=> [wazuh/wazuh-dashboard:4.8.0 builder 3/17] RUN mkdir -p /usr/share/wazuh-dashboard 1.2s
=> [wazuh/wazuh-dashboard:4.8.0 stage-1 3/13] RUN getent group wazuh-dashboard || groupadd -r -g 1000 wazuh- 1.3s
=> [wazuh/wazuh-dashboard:4.8.0 builder 4/17] COPY config/dl_base.sh . 0.1s
=> [wazuh/wazuh-indexer:4.8.0 stage-1 4/16] RUN useradd --system --uid 1000 --no-cre 1.3s
=> [wazuh/wazuh-dashboard:4.8.0 builder 5/17] RUN bash dl_base.sh 59.2s
=> [wazuh/wazuh-manager:4.8.0 4/16] COPY config/check_repository.sh / 0.1s
=> [wazuh/wazuh-indexer:4.8.0 builder 3/10] COPY config/opensearch.yml / 0.1s
=> [wazuh/wazuh-manager:4.8.0 5/16] COPY config/filebeat_module.sh / 0.1s
=> [wazuh/wazuh-manager:4.8.0 6/16] COPY config/permanent_data.env config/permanent_data.sh / 0.1s
=> [wazuh/wazuh-indexer:4.8.0 builder 4/10] COPY config/config.sh . 0.1s
=> [wazuh/wazuh-manager:4.8.0 7/16] RUN chmod 775 /check_repository.sh 1.0s
=> [wazuh/wazuh-indexer:4.8.0 builder 5/10] COPY config/config.yml / 0.1s
=> [wazuh/wazuh-indexer:4.8.0 builder 6/10] COPY config/action_groups.yml / 0.1s
=> [wazuh/wazuh-indexer:4.8.0 builder 7/10] COPY config/internal_users.yml / 0.1s
=> [wazuh/wazuh-indexer:4.8.0 builder 8/10] COPY config/roles_mapping.yml / 0.1s
=> [wazuh/wazuh-dashboard:4.8.0 stage-1 4/13] RUN useradd --system --uid 1000 --no-c 1.1s
=> [wazuh/wazuh-indexer:4.8.0 builder 9/10] COPY config/roles.yml / 0.2s
=> [wazuh/wazuh-indexer:4.8.0 stage-1 5/16] WORKDIR /usr/share/wazuh-indexer 0.1s
=> [wazuh/wazuh-indexer:4.8.0 builder 10/10] RUN bash config.sh 159.4s
=> [wazuh/wazuh-indexer:4.8.0 stage-1 6/16] COPY config/entrypoint.sh / 0.2s
=> [wazuh/wazuh-indexer:4.8.0 stage-1 7/16] COPY config/securityadmin.sh / 0.1s
=> [wazuh/wazuh-manager:4.8.0 8/16] RUN source /check_repository.sh 2.6s
=> [wazuh/wazuh-indexer:4.8.0 stage-1 8/16] COPY config/ism-check.sh / 0.1s
=> [wazuh/wazuh-indexer:4.8.0 stage-1 9/16] RUN chmod 700 /entrypoint.sh && chmod 700 /securityadmin.sh && c 1.5s
=> [wazuh/wazuh-dashboard:4.8.0 stage-1 5/13] COPY config/entrypoint.sh / 0.2s
=> [wazuh/wazuh-dashboard:4.8.0 stage-1 6/13] COPY config/wazuh_app_config.sh / 0.3s
=> [wazuh/wazuh-dashboard:4.8.0 stage-1 7/13] RUN chmod 700 /entrypoint.sh 1.5s
=> [wazuh/wazuh-indexer:4.8.0 stage-1 10/16] RUN chown 1000:1000 /*.sh 1.5s
=> [wazuh/wazuh-manager:4.8.0 9/16] RUN yum install wazuh-manager-4.8.0-1 -y && yum clean all && c 198.6s
=> [wazuh/wazuh-dashboard:4.8.0 stage-1 8/13] RUN chmod 700 /wazuh_app_config.sh 1.6s
=> [wazuh/wazuh-dashboard:4.8.0 stage-1 9/13] RUN chown 1000:1000 /*.sh 1.4s
=> [wazuh/wazuh-dashboard:4.8.0 builder 6/17] COPY config/config.sh . 0.1s
=> [wazuh/wazuh-dashboard:4.8.0 builder 7/17] COPY config/config.yml / 0.0s
=> [wazuh/wazuh-dashboard:4.8.0 builder 8/17] RUN bash config.sh 5.5s
=> [wazuh/wazuh-dashboard:4.8.0 builder 9/17] COPY config/install_wazuh_app.sh / 0.1s
=> [wazuh/wazuh-dashboard:4.8.0 builder 10/17] RUN chmod 775 /install_wazuh_app.sh 0.6s
=> [wazuh/wazuh-dashboard:4.8.0 builder 11/17] RUN bash /install_wazuh_app.sh 36.7s
=> [wazuh/wazuh-dashboard:4.8.0 builder 12/17] COPY config/opensearch_dashboards.yml /usr/share/wazuh-dashboa 0.1s
=> [wazuh/wazuh-dashboard:4.8.0 builder 13/17] COPY config/wazuh.yml /usr/share/wazuh-dashboard/data/wazuh/co 0.0s
=> [wazuh/wazuh-dashboard:4.8.0 builder 14/17] RUN chown 101:101 /usr/share/wazuh-dashboard/config/opensearch 0.6s
=> [wazuh/wazuh-dashboard:4.8.0 builder 15/17] RUN mkdir -p /usr/share/wazuh-dashboard/data/wazuh && chown -R 0.7s
=> [wazuh/wazuh-dashboard:4.8.0 builder 16/17] RUN mkdir -p /usr/share/wazuh-dashboard/data/wazuh/config && c 0.6s
=> [wazuh/wazuh-dashboard:4.8.0 builder 17/17] RUN mkdir -p /usr/share/wazuh-dashboard/data/wazuh/logs && cho 0.8s
=> [wazuh/wazuh-indexer:4.8.0 stage-1 11/16] COPY --from=builder --chown=1000:1000 /debian/wazuh-indexer/usr 14.6s
=> [wazuh/wazuh-indexer:4.8.0 stage-1 12/16] COPY --from=builder --chown=0:0 /debian/wazuh-indexer/usr/lib/sy 0.1s
=> [wazuh/wazuh-indexer:4.8.0 stage-1 13/16] COPY --from=builder --chown=0:0 /debian/wazuh-indexer/usr/lib/sy 0.0s
=> [wazuh/wazuh-indexer:4.8.0 stage-1 14/16] COPY --from=builder --chown=0:0 /debian/wazuh-indexer/usr/lib/tm 0.1s
=> [wazuh/wazuh-indexer:4.8.0 stage-1 15/16] RUN chown -R 1000:1000 /usr/share/wazuh-indexer 17.0s
=> [wazuh/wazuh-manager:4.8.0 10/16] COPY config/etc/ /etc/ 0.1s
=> [wazuh/wazuh-manager:4.8.0 11/16] COPY --chown=root:wazuh config/create_user.py /var/ossec/framework/scrip 0.1s
=> [wazuh/wazuh-manager:4.8.0 12/16] COPY config/filebeat.yml /etc/filebeat/ 0.0s
=> [wazuh/wazuh-manager:4.8.0 13/16] RUN chmod go-w /etc/filebeat/filebeat.yml 0.6s
=> [wazuh/wazuh-manager:4.8.0 14/16] ADD https://raw.githubusercontent.com/wazuh/wazuh/4.8.0/extensions/elast 0.1s
=> [wazuh/wazuh-manager:4.8.0 15/16] RUN chmod go-w /etc/filebeat/wazuh-template.json 1.0s
=> [wazuh/wazuh-manager:4.8.0 16/16] RUN mkdir -p /var/ossec/var/multigroups && chown root:wazuh /var/oss 1.6s
=> [wazuh/wazuh-manager:4.8.0] exporting to image 85.5s
=> => exporting layers 85.4s
=> => writing image sha256:59934c9362f4f61639792c7545bf27b08c1046e5db74d196b801504e4a8281ed 0.0s
=> => naming to docker.io/wazuh/wazuh-manager:4.8.0 0.1s
=> [wazuh/wazuh-indexer:4.8.0 stage-1 16/16] RUN mkdir -p /var/lib/wazuh-indexer && chown 1000:1000 /var/lib/ 0.6s
=> [wazuh/wazuh-indexer:4.8.0] exporting to image 17.7s
=> => exporting layers 17.7s
=> => writing image sha256:3101a6930d1acd115bb0cabae2ecbd378436063511fb789a47a42899f973399e 0.0s
=> => naming to docker.io/wazuh/wazuh-indexer:4.8.0 0.0s
=> [wazuh/wazuh-dashboard:4.8.0 stage-1 10/13] COPY --from=builder --chown=1000:1000 /usr/share/wazuh-dashbo 95.2s
=> [wazuh/wazuh-dashboard:4.8.0 stage-1 11/13] RUN mkdir -p /usr/share/wazuh-dashboard/plugins/wazuh/public/a 1.0s
=> [wazuh/wazuh-dashboard:4.8.0 stage-1 12/13] RUN chown 1000:1000 /usr/share/wazuh-dashboard/plugins/wazuh/p 0.5s
=> [wazuh/wazuh-dashboard:4.8.0 stage-1 13/13] WORKDIR /usr/share/wazuh-dashboard 0.1s
=> [wazuh/wazuh-dashboard:4.8.0] exporting to image 44.3s
=> => exporting layers 44.3s
=> => writing image sha256:4a7271b36317379c42847176e87d1dab6c5ab0e0adaebaecc11b7d83484c5cdf 0.0s
=> => naming to docker.io/wazuh/wazuh-dashboard:4.8.0
wazuh-dashboard:
root@ip-172-31-41-4:/home/ubuntu/wazuh-docker# grype 3fd955dae2ad --scope all-layers
✔ Vulnerability DB [no update available]
✔ Loaded image 3fd955dae2ad
✔ Parsed image sha256:3fd955dae2ad120fa882b493722411485442ca12ec435f8e052080d2704d6fa5
✔ Cataloged contents d9910be92b172b4fcc335443ace77433fd6e6b3fe02f48893151992bac1d1aaa
├── ✔ Packages [1,963 packages]
├── ✔ File digests [5,403 files]
├── ✔ File metadata [5,403 locations]
└── ✔ Executables [298 executables]
✔ Scanned for vulnerabilities [28 vulnerability matches]
├── by severity: 5 critical, 11 high, 12 medium, 0 low, 0 negligible
└── by status: 8 fixed, 20 not-fixed, 0 ignored
[0146] WARN cataloger failed cataloger=javascript-package-cataloger error=failed to parse package.json file: unable
[0146] WARN cataloger failed cataloger=javascript-package-cataloger error=failed to parse package.json file: unable
[0147] WARN cataloger failed cataloger=javascript-package-cataloger error=failed to parse package.json file: unexpec
[0147] WARN cataloger failed cataloger=java-archive-cataloger error=unable to read files from java archive: unable t
NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY
@babel/traverse 7.17.3 7.23.2 npm GHSA-67hx-6x53-jw92 Critical
@babel/traverse 7.21.2 7.23.2 npm GHSA-67hx-6x53-jw92 Critical
angular 1.8.2 npm GHSA-4w4v-5hc9-xrr2 High
angular 1.8.2 npm GHSA-qwqh-hm9m-p5hr Medium
angular 1.8.2 npm GHSA-prc3-vjfx-vhm9 Medium
angular 1.8.2 npm GHSA-m2h2-264f-f486 Medium
angular 1.8.2 npm GHSA-2vrf-hf26-jrp5 Medium
angular 1.8.2 npm GHSA-2qqx-w9hr-q5gx Medium
axios 0.27.2 1.6.0 npm GHSA-wf5p-g6vw-rhxx Medium
debug 4.1.1 4.3.1 npm GHSA-gxpj-cx7g-858c Medium
expat 2.5.0-1.amzn2023.0.2 2.5.0-1.amzn2023.0.3 rpm ALAS-2024-524 Medium
follow-redirects 1.15.2 1.15.4 npm GHSA-jchw-25xp-jwwc Medium
hoek 4.2.1 npm GHSA-c429-5p7v-vgjp High
hoek 6.1.3 npm GHSA-c429-5p7v-vgjp High
monorepo-symlink-test 0.0.0 npm GHSA-2jcg-qqmg-46q6 Critical
node 18.16.0 binary CVE-2023-32002 Critical
node 18.16.0 binary CVE-2023-44487 High
node 18.16.0 binary CVE-2023-38552 High
node 18.16.0 binary CVE-2023-32559 High
node 18.16.0 binary CVE-2023-32006 High
node 18.16.0 binary CVE-2023-30590 High
node 18.16.0 binary CVE-2023-30589 High
node 18.16.0 binary CVE-2023-30585 High
node 18.16.0 binary CVE-2023-30581 High
node 18.16.0 binary CVE-2023-30588 Medium
openssl-libs 1:3.0.8-1.amzn2023.0.10 3.0.8-1.amzn2023.0.11 rpm ALAS-2024-520 Medium
wazuh-indexer:
root@ip-172-31-41-4:/home/ubuntu/wazuh-docker# grype c7b6bc5e1e76 --scope all-layers
✔ Vulnerability DB [no update available]
✔ Loaded image c7b6bc5e1e76
✔ Parsed image sha256:c7b6bc5e1e76e9263ad11810eef62d190c94d0a760172d30939ccfc7aebf0f16
✔ Cataloged contents 8389456362c07c41f23ae9690140dbfa97d8650f155583800f3689269e41b0ef
├── ✔ Packages [751 packages]
├── ✔ File digests [5,403 files]
├── ✔ File metadata [5,403 locations]
└── ✔ Executables [368 executables]
✔ Scanned for vulnerabilities [14 vulnerability matches]
├── by severity: 0 critical, 7 high, 7 medium, 0 low, 0 negligible
└── by status: 14 fixed, 0 not-fixed, 0 ignored
NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY
bc-fips 1.0.2.3 1.0.2.4 java-archive GHSA-68m8-v89j-7j2p Medium
commons-compress 1.22 1.24.0 java-archive GHSA-cgwf-w82q-5jrr Medium
commons-compress 1.23.0 1.24.0 java-archive GHSA-cgwf-w82q-5jrr Medium
expat 2.5.0-1.amzn2023.0.2 2.5.0-1.amzn2023.0.3 rpm ALAS-2024-524 Medium
json 20230227 20231013 java-archive GHSA-4jq9-2xhw-jpx7 High
netty-codec-http2 4.1.97.Final 4.1.100.Final java-archive GHSA-xpw8-rcwv-8f8p High
opensearch 2.10.0 2.11.1 java-archive GHSA-6g3j-p5g6-992f Medium
openssl-libs 1:3.0.8-1.amzn2023.0.10 3.0.8-1.amzn2023.0.11 rpm ALAS-2024-520 Medium
snappy-java 1.1.10.3 1.1.10.4 java-archive GHSA-55g7-9cwv-5qfv High
xmlsec 2.3.3 2.3.4 java-archive GHSA-xfrj-6vvc-3xm2 Medium
wazuh-manager:
root@ip-172-31-41-4:~/wazuh-docker# grype f97337140f22 --scope all-layers
✔ Vulnerability DB [no update available]
✔ Loaded image f97337140f22
✔ Parsed image sha256:f97337140f225a6b6167d8246d1b68034b9fb73e2a1c073593628bf46cdecf26
✔ Cataloged contents 7b84f282a92aa20a25695c4421403596d09763a7083995d943f258ffff61cb79
├── ✔ Packages [314 packages]
├── ✔ File digests [25,156 files]
├── ✔ File metadata [25,156 locations]
└── ✔ Executables [707 executables]
✔ Scanned for vulnerabilities [113 vulnerability matches]
├── by severity: 7 critical, 57 high, 44 medium, 5 low, 0 negligible
└── by status: 42 fixed, 71 not-fixed, 0 ignored
NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY
Werkzeug 2.2.3 2.3.8 python GHSA-hrfv-mqp8-q5rw Medium
aiohttp 3.9.1 3.9.2 python GHSA-8qpw-xqxj-h4r2 Medium
aiohttp 3.9.1 3.9.2 python GHSA-5h86-8mv2-jq9f Medium
cryptography 41.0.7 42.0.0 python GHSA-3ww4-gg4f-jr7f High
cryptography 41.0.7 42.0.2 python GHSA-9v9h-cgj8-h64p Medium
ecdsa 0.16.1 python GHSA-wj6h-64fc-37mp High
expat 2.5.0-1.amzn2023.0.2 2.5.0-1.amzn2023.0.3 rpm ALAS-2024-524 Medium
github.com/containerd/containerd v1.3.3 1.4.13 go-module GHSA-crp2-qrr5-8pq7 High
github.com/containerd/containerd v1.3.3 1.5.18 go-module GHSA-hmfx-3pcx-653p Medium
github.com/containerd/containerd v1.3.3 1.4.8 go-module GHSA-c72p-9xmj-rx3w Medium
github.com/containerd/containerd v1.3.3 1.4.11 go-module GHSA-c2h3-6mxw-7mvq Medium
github.com/containerd/containerd v1.3.3 1.6.26 go-module GHSA-7ww5-4wqc-m92c Medium
github.com/containerd/containerd v1.3.3 1.3.10 go-module GHSA-6g2q-w5j3-fwh4 Medium
github.com/containerd/containerd v1.3.3 1.5.13 go-module GHSA-5ffw-gxpp-mxpf Medium
github.com/containerd/containerd v1.3.3 1.3.9 go-module GHSA-36xw-fx78-c5r4 Medium
github.com/containerd/containerd v1.3.3 1.5.16 go-module GHSA-2qjp-425j-52j9 Medium
github.com/containerd/containerd v1.3.3 1.5.18 go-module GHSA-259w-8hf6-59c2 Medium
github.com/containerd/containerd v1.3.3 1.4.12 go-module GHSA-5j5w-g665-5m35 Low
github.com/docker/distribution v2.7.1+incompatible 2.8.2-beta.1 go-module GHSA-hqxw-f8mx-cpmw High
github.com/docker/distribution v2.7.1+incompatible 2.8.0 go-module GHSA-qq97-vm5h-rrhg Low
github.com/gogo/protobuf v1.3.1 1.3.2 go-module GHSA-c3h9-896r-86jm High
github.com/miekg/dns v1.1.15 1.1.25 go-module GHSA-44r7-7p62-q3fr Medium
github.com/opencontainers/image-spec v1.0.2-0.20190823105129-775207bd45b6 1.0.2 go-module GHSA-77vh-xpmg-72qh Low
go.elastic.co/apm v1.8.1-0.20200909061013-2aef45b9cf4b 1.11.0 go-module GHSA-qqc5-rgcc-cjqh Low
golang.org/x/crypto v0.0.0-20200510223506-06a226fb4e37 0.0.0-20211202192323-5770296d904e go-module GHSA-gwc9-m7rh-j2ww High
golang.org/x/crypto v0.0.0-20200510223506-06a226fb4e37 0.0.0-20220314234659-1baeb1ce4c0b go-module GHSA-8c26-wmh5-6g9v High
golang.org/x/crypto v0.0.0-20200510223506-06a226fb4e37 0.0.0-20201216223049-8b5274cf687f go-module GHSA-3vm4-22fp-5rfm High
golang.org/x/crypto v0.0.0-20200510223506-06a226fb4e37 0.17.0 go-module GHSA-45x7-px36-x8w8 Medium
golang.org/x/net v0.0.0-20200202094626-16171245cfb2 0.7.0 go-module GHSA-vvpx-j8f3-3w6h High
golang.org/x/net v0.0.0-20200202094626-16171245cfb2 0.0.0-20210520170846-37e1c6afe023 go-module GHSA-83g2-8m93-v3w7 High
golang.org/x/net v0.0.0-20200202094626-16171245cfb2 0.0.0-20220906165146-f3363e06e74c go-module GHSA-69cg-p879-7622 High
golang.org/x/net v0.0.0-20200202094626-16171245cfb2 0.17.0 go-module GHSA-4374-p667-p6c8 High
golang.org/x/net v0.0.0-20200202094626-16171245cfb2 0.17.0 go-module GHSA-qppj-fm5r-hxr3 Medium
golang.org/x/net v0.0.0-20200202094626-16171245cfb2 0.0.0-20210428140749-89ef3d95e781 go-module GHSA-h86h-8ppg-mxmh Medium
golang.org/x/net v0.0.0-20200202094626-16171245cfb2 0.13.0 go-module GHSA-2wrh-6pvc-2jm9 Medium
golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae 0.0.0-20220412211240-33da011f77ad go-module GHSA-p782-xgp4-8hr8 Medium
golang.org/x/text v0.3.2 0.3.7 go-module GHSA-ppp9-7jff-5vj2 High
golang.org/x/text v0.3.2 0.3.8 go-module GHSA-69ch-w2m2-3vjp High
golang.org/x/text v0.3.2 0.3.3 go-module GHSA-5rcv-m4m3-hfh7 Medium
google.golang.org/grpc v1.29.1 1.56.3 go-module GHSA-m425-mq94-257g High
google.golang.org/grpc v1.29.1 1.56.3 go-module GHSA-qppj-fm5r-hxr3 Medium
k8s.io/client-go v0.18.3 0.18.14 go-module GHSA-8cfg-vx93-jvxw Medium
openssl-libs 1:3.0.8-1.amzn2023.0.10 3.0.8-1.amzn2023.0.11 rpm ALAS-2024-520 Medium
stdlib go1.14.12 go-module CVE-2023-29405 Critical
stdlib go1.14.12 go-module CVE-2023-29404 Critical
stdlib go1.14.12 go-module CVE-2023-29402 Critical
stdlib go1.14.12 go-module CVE-2023-24540 Critical
stdlib go1.14.12 go-module CVE-2023-24538 Critical
stdlib go1.14.12 go-module CVE-2022-23806 Critical
stdlib go1.14.12 go-module CVE-2021-38297 Critical
stdlib go1.14.12 go-module CVE-2023-45287 High
stdlib go1.14.12 go-module CVE-2023-45285 High
stdlib go1.14.12 go-module CVE-2023-44487 High
stdlib go1.14.12 go-module CVE-2023-39323 High
stdlib go1.14.12 go-module CVE-2023-29403 High
stdlib go1.14.12 go-module CVE-2023-29400 High
stdlib go1.14.12 go-module CVE-2023-24539 High
stdlib go1.14.12 go-module CVE-2023-24537 High
stdlib go1.14.12 go-module CVE-2023-24536 High
stdlib go1.14.12 go-module CVE-2023-24534 High
stdlib go1.14.12 go-module CVE-2022-41725 High
stdlib go1.14.12 go-module CVE-2022-41724 High
stdlib go1.14.12 go-module CVE-2022-41723 High
stdlib go1.14.12 go-module CVE-2022-41722 High
stdlib go1.14.12 go-module CVE-2022-41715 High
stdlib go1.14.12 go-module CVE-2022-32189 High
stdlib go1.14.12 go-module CVE-2022-30635 High
stdlib go1.14.12 go-module CVE-2022-30633 High
stdlib go1.14.12 go-module CVE-2022-30632 High
stdlib go1.14.12 go-module CVE-2022-30631 High
stdlib go1.14.12 go-module CVE-2022-30630 High
stdlib go1.14.12 go-module CVE-2022-30580 High
stdlib go1.14.12 go-module CVE-2022-2880 High
stdlib go1.14.12 go-module CVE-2022-2879 High
stdlib go1.14.12 go-module CVE-2022-28327 High
stdlib go1.14.12 go-module CVE-2022-28131 High
stdlib go1.14.12 go-module CVE-2022-27664 High
stdlib go1.14.12 go-module CVE-2022-24921 High
stdlib go1.14.12 go-module CVE-2022-24675 High
stdlib go1.14.12 go-module CVE-2022-23773 High
stdlib go1.14.12 go-module CVE-2022-23772 High
stdlib go1.14.12 go-module CVE-2021-44716 High
stdlib go1.14.12 go-module CVE-2021-41772 High
stdlib go1.14.12 go-module CVE-2021-41771 High
stdlib go1.14.12 go-module CVE-2021-39293 High
stdlib go1.14.12 go-module CVE-2021-33198 High
stdlib go1.14.12 go-module CVE-2021-33196 High
stdlib go1.14.12 go-module CVE-2021-33195 High
stdlib go1.14.12 go-module CVE-2021-33194 High
stdlib go1.14.12 go-module CVE-2021-3115 High
stdlib go1.14.12 go-module CVE-2021-29923 High
stdlib go1.14.12 go-module CVE-2021-27918 High
stdlib go1.14.12 go-module CVE-2023-39326 Medium
stdlib go1.14.12 go-module CVE-2023-39319 Medium
stdlib go1.14.12 go-module CVE-2023-39318 Medium
stdlib go1.14.12 go-module CVE-2023-29409 Medium
stdlib go1.14.12 go-module CVE-2023-29406 Medium
stdlib go1.14.12 go-module CVE-2023-24532 Medium
stdlib go1.14.12 go-module CVE-2022-41717 Medium
stdlib go1.14.12 go-module CVE-2022-32148 Medium
stdlib go1.14.12 go-module CVE-2022-29526 Medium
stdlib go1.14.12 go-module CVE-2022-1962 Medium
stdlib go1.14.12 go-module CVE-2022-1705 Medium
stdlib go1.14.12 go-module CVE-2021-44717 Medium
stdlib go1.14.12 go-module CVE-2021-36221 Medium
stdlib go1.14.12 go-module CVE-2021-34558 Medium
stdlib go1.14.12 go-module CVE-2021-33197 Medium
stdlib go1.14.12 go-module CVE-2021-31525 Medium
stdlib go1.14.12 go-module CVE-2021-3114 Medium
stdlib go1.14.12 go-module CVE-2020-29511 Medium
stdlib go1.14.12 go-module CVE-2020-29510 Medium
stdlib go1.14.12 go-module CVE-2020-29509 Medium
stdlib go1.14.12 go-module CVE-2022-30629 Low
The images must be re-built again because the Wazuh manager container is not running. It seems the image needs some dependencies:
wazuh.manager-1 | /var/run/s6/etc/cont-init.d/0-wazuh-init: line 187: find: command not found
wazuh.manager-1 | /var/run/s6/etc/cont-init.d/0-wazuh-init: line 188: find: command not found
wazuh.manager-1 | Creating wazuh-authd key and cert
wazuh.manager-1 | Error executing command: 'openssl genrsa -out /var/ossec/etc/sslmanager.key 4096'.
After many testing, it was found that some extra dependencies were necessary to make all the modules of Wazuh manager work. Also, a problem was found related to the owner and group of some Wazuh manager files. Some files were with user 101
instead of wazuh
, caused by the following lines:
They were changed to: https://github.com/wazuh/wazuh-docker/blob/63ddd688840001dd21ea4475497417484003e56f/build-docker-images/wazuh-manager/config/etc/cont-init.d/0-wazuh-init#L186-L188
These are the values of the UID and GID that take in the Docker installation in AL2023.
bash-5.2# cat /etc/passwd | grep wazuh
wazuh:x:999:999::/var/ossec:/sbin/nologin
bash-5.2#
Opened issue: https://github.com/wazuh/wazuh-docker/issues/1220
Note: the services may take some more time than before for unknown reasons. Maybe the OS is affecting this, but it is not related to this issue.
root@ip-172-31-41-4:/home/ubuntu/wazuh-docker# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ffab1126e649 wazuh/wazuh-dashboard:4.8.0 "/entrypoint.sh" 6 minutes ago Up 6 minutes 443/tcp, 0.0.0.0:443->5601/tcp, :::443->5601/tcp single-node-wazuh.dashboard-1
4434f0b15d8f wazuh/wazuh-manager:4.8.0 "/init" 6 minutes ago Up 6 minutes 0.0.0.0:1514-1515->1514-1515/tcp, :::1514-1515->1514-1515/tcp, 0.0.0.0:514->514/udp, :::514->514/udp, 0.0.0.0:55000->55000/tcp, :::55000->55000/tcp, 1516/tcp single-node-wazuh.manager-1
9f7a4bc53308 wazuh/wazuh-indexer:4.8.0 "/entrypoint.sh open…" 6 minutes ago Up 6 minutes 0.0.0.0:9200->9200/tcp, :::9200->9200/tcp single-node-wazuh.indexer-1
[2024-02-22T14:00:57,310][INFO ][o.o.p.PluginsService ] [wazuh.indexer] PluginService:onIndexModule index:[wazuh-monitoring-2024.8w/YdhpAPXFQde176CcB_LjUg]
[2024-02-22T14:00:57,346][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-02-22T14:00:57,459][INFO ][o.o.c.r.a.AllocationService] [wazuh.indexer] Cluster health status changed from [YELLOW] to [GREEN] (reason: [shards started [[wazuh-monitoring-2024.8w][0]]]).
[2024-02-22T14:00:57,511][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-02-22T14:00:57,539][INFO ][o.o.c.m.MetadataUpdateSettingsService] [wazuh.indexer] updating number_of_replicas to [0] for indices [wazuh-monitoring-2024.8w]
[2024-02-22T14:01:01,584][INFO ][o.o.p.PluginsService ] [wazuh.indexer] PluginService:onIndexModule index:[validate-template-eonxowxzrgqvkck693vuea/YFrniOtRSsm-shkR_5a0uA]
[2024-02-22T14:01:01,701][INFO ][o.o.c.m.MetadataIndexTemplateService] [wazuh.indexer] adding index template [wazuh-states-vulnerabilities_template] for index patterns [wazuh-states-vulnerabilities]
[2024-02-22T14:01:01,793][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-02-22T14:01:01,815][INFO ][o.o.p.PluginsService ] [wazuh.indexer] PluginService:onIndexModule index:[wazuh-states-vulnerabilities/blP1ItShSbqTZb2KtqHJ8Q]
[2024-02-22T14:01:01,858][INFO ][o.o.c.m.MetadataCreateIndexService] [wazuh.indexer] [wazuh-states-vulnerabilities] creating index, cause [api], templates [wazuh-states-vulnerabilities_template], shards [1]/[0]
[2024-02-22T14:01:01,970][INFO ][o.o.p.PluginsService ] [wazuh.indexer] PluginService:onIndexModule index:[wazuh-states-vulnerabilities/blP1ItShSbqTZb2KtqHJ8Q]
[2024-02-22T14:01:02,065][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-02-22T14:01:02,227][INFO ][o.o.c.r.a.AllocationService] [wazuh.indexer] Cluster health status changed from [YELLOW] to [GREEN] (reason: [shards started [[wazuh-states-vulnerabilities][0]]]).
[2024-02-22T14:01:02,309][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-02-22T14:01:06,556][INFO ][o.o.p.PluginsService ] [wazuh.indexer] PluginService:onIndexModule index:[wazuh-alerts-4.x-2024.02.22/qvCegos2SMKB-BI3i_xW4Q]
[2024-02-22T14:01:06,688][INFO ][o.o.c.m.MetadataMappingService] [wazuh.indexer] [wazuh-alerts-4.x-2024.02.22/qvCegos2SMKB-BI3i_xW4Q] update_mapping [_doc]
[2024-02-22T14:01:06,953][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-02-22T14:01:06,980][INFO ][o.o.p.PluginsService ] [wazuh.indexer] PluginService:onIndexModule index:[wazuh-alerts-4.x-2024.02.22/qvCegos2SMKB-BI3i_xW4Q]
[2024-02-22T14:01:07,119][INFO ][o.o.c.m.MetadataMappingService] [wazuh.indexer] [wazuh-alerts-4.x-2024.02.22/qvCegos2SMKB-BI3i_xW4Q] update_mapping [_doc]
[2024-02-22T14:01:07,411][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-02-22T14:01:07,417][INFO ][o.o.p.PluginsService ] [wazuh.indexer] PluginService:onIndexModule index:[wazuh-alerts-4.x-2024.02.22/qvCegos2SMKB-BI3i_xW4Q]
[2024-02-22T14:01:07,916][INFO ][o.o.p.PluginsService ] [wazuh.indexer] PluginService:onIndexModule index:[wazuh-alerts-4.x-2024.02.22/qvCegos2SMKB-BI3i_xW4Q]
[2024-02-22T14:01:08,064][INFO ][o.o.c.m.MetadataMappingService] [wazuh.indexer] [wazuh-alerts-4.x-2024.02.22/qvCegos2SMKB-BI3i_xW4Q] update_mapping [_doc]
[2024-02-22T14:01:08,194][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-02-22T14:01:08,202][INFO ][o.o.p.PluginsService ] [wazuh.indexer] PluginService:onIndexModule index:[wazuh-alerts-4.x-2024.02.22/qvCegos2SMKB-BI3i_xW4Q]
[2024-02-22T14:01:22,880][INFO ][o.o.p.PluginsService ] [wazuh.indexer] PluginService:onIndexModule index:[.kibana_1/owi9xZSESjKa5K_5ePZgHQ]
[2024-02-22T14:01:22,908][INFO ][o.o.c.m.MetadataMappingService] [wazuh.indexer] [.kibana_1/owi9xZSESjKa5K_5ePZgHQ] update_mapping [_doc]
[2024-02-22T14:01:23,026][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-02-22T14:01:38,142][INFO ][o.o.i.i.ManagedIndexCoordinator] [wazuh.indexer] Performing move cluster state metadata.
[2024-02-22T14:01:38,202][INFO ][o.o.i.i.MetadataService ] [wazuh.indexer] ISM config index not exist, so we cancel the metadata migration job.
[2024-02-22T14:01:38,205][INFO ][o.o.i.i.ManagedIndexCoordinator] [wazuh.indexer] Performing ISM template migration.
[2024-02-22T14:01:38,214][INFO ][o.o.i.i.m.ISMTemplateService] [wazuh.indexer] Doing ISM template migration 1 time.
[2024-02-22T14:01:38,215][INFO ][o.o.i.i.m.ISMTemplateService] [wazuh.indexer] Use 2024-02-22T13:00:38.136Z as migrating ISM template last_updated_time
[2024-02-22T14:01:38,234][INFO ][o.o.p.PluginsService ] [wazuh.indexer] PluginService:onIndexModule index:[simulate_template_index_rd22e6t6rdemtp6wiz__ka/AHKFdNldT7OzZxXx7e9dww]
[2024-02-22T14:01:38,245][INFO ][o.o.p.PluginsService ] [wazuh.indexer] PluginService:onIndexModule index:[simulate_template_index_rd22e6t6rdemtp6wiz__ka/AHKFdNldT7OzZxXx7e9dww]
[2024-02-22T14:01:38,283][INFO ][o.o.p.PluginsService ] [wazuh.indexer] PluginService:onIndexModule index:[simulate_template_index_i5gripyuqsev21r_51bofa/bckeWdgcS3m2swWFznq0wQ]
[2024-02-22T14:01:38,304][INFO ][o.o.p.PluginsService ] [wazuh.indexer] PluginService:onIndexModule index:[simulate_template_index_i5gripyuqsev21r_51bofa/bckeWdgcS3m2swWFznq0wQ]
[2024-02-22T14:01:38,327][INFO ][o.o.p.PluginsService ] [wazuh.indexer] PluginService:onIndexModule index:[simulate_template_index_pvdbdajeq5a5zzr40emema/2WjikauzS-OZmbHLFaKkRg]
[2024-02-22T14:01:38,339][INFO ][o.o.p.PluginsService ] [wazuh.indexer] PluginService:onIndexModule index:[simulate_template_index_pvdbdajeq5a5zzr40emema/2WjikauzS-OZmbHLFaKkRg]
[2024-02-22T14:01:38,351][INFO ][o.o.i.i.m.ISMTemplateService] [wazuh.indexer] ISM templates: {=[ISMTemplate(indexPatterns=[ss4o_metrics-*-*], priority=1, lastUpdatedTime=2024-02-22T13:00:38.136Z), ISMTemplate(indexPatterns=[ss4o_traces-*-*], priority=1, lastUpdatedTime=2024-02-22T13:00:38.136Z), ISMTemplate(indexPatterns=[wazuh-states-vulnerabilities], priority=1, lastUpdatedTime=2024-02-22T13:00:38.136Z)]}
[2024-02-22T14:01:38,353][INFO ][o.o.i.i.m.ISMTemplateService] [wazuh.indexer] Policies to update: []
[2024-02-22T14:01:38,375][INFO ][o.o.i.i.m.ISMTemplateService] [wazuh.indexer] Failure experienced when migrating ISM Template and update ISM policies: {}
[2024-02-22T14:01:38,746][INFO ][o.o.c.s.ClusterSettings ] [wazuh.indexer] updating [plugins.index_state_management.template_migration.control] from [0] to [-1]
[2024-02-22T14:01:38,751][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-02-22T14:01:38,757][INFO ][o.o.i.i.m.ISMTemplateService] [wazuh.indexer] Successfully update template migration setting
[2024-02-22T14:02:19,171][INFO ][o.o.p.PluginsService ] [wazuh.indexer] PluginService:onIndexModule index:[wazuh-alerts-4.x-2024.02.22/qvCegos2SMKB-BI3i_xW4Q]
[2024-02-22T14:02:19,207][INFO ][o.o.c.m.MetadataMappingService] [wazuh.indexer] [wazuh-alerts-4.x-2024.02.22/qvCegos2SMKB-BI3i_xW4Q] update_mapping [_doc]
[2024-02-22T14:02:19,309][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-02-22T14:02:38,142][INFO ][o.o.i.i.ManagedIndexCoordinator] [wazuh.indexer] Cancel background move metadata process.
[2024-02-22T14:02:38,144][INFO ][o.o.i.i.ManagedIndexCoordinator] [wazuh.indexer] Performing move cluster state metadata.
[2024-02-22T14:02:38,144][INFO ][o.o.i.i.MetadataService ] [wazuh.indexer] Move metadata has finished.
bash-5.2# cat /var/ossec/logs/ossec.log
2024/02/22 13:59:41 wazuh-modulesd:router: INFO: Loaded router module.
2024/02/22 13:59:41 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
2024/02/22 13:59:48 wazuh-csyslogd: INFO: Remote syslog server not configured. Clean exit.
2024/02/22 13:59:49 wazuh-dbd: INFO: Database not configured. Clean exit.
2024/02/22 13:59:49 wazuh-integratord: INFO: Remote integrations not configured. Clean exit.
2024/02/22 13:59:49 wazuh-agentlessd: INFO: Not configured. Exiting.
2024/02/22 13:59:49 wazuh-authd: INFO: Started (pid: 541).
2024/02/22 13:59:49 wazuh-authd: INFO: Accepting connections on port 1515. No password required.
2024/02/22 13:59:49 wazuh-authd: INFO: Setting network timeout to 1.000000 sec.
2024/02/22 13:59:50 wazuh-db: INFO: Started (pid: 558).
2024/02/22 13:59:50 wazuh-db: INFO: Created Global database backup "backup/db/global.db-backup-2024-02-22-13:59:50.gz"
2024/02/22 13:59:51 wazuh-execd: INFO: Started (pid: 583).
2024/02/22 13:59:53 wazuh-syscheckd: INFO: Started (pid: 612).
2024/02/22 13:59:53 wazuh-syscheckd: INFO: (6003): Monitoring path: '/bin', with options 'size | permissions | owner | group | mtime | inode | hash_md5 | hash_sha1 | hash_sha256 | scheduled'.
2024/02/22 13:59:53 wazuh-syscheckd: INFO: (6003): Monitoring path: '/boot', with options 'size | permissions | owner | group | mtime | inode | hash_md5 | hash_sha1 | hash_sha256 | scheduled'.
2024/02/22 13:59:53 wazuh-syscheckd: INFO: (6003): Monitoring path: '/etc', with options 'size | permissions | owner | group | mtime | inode | hash_md5 | hash_sha1 | hash_sha256 | scheduled'.
2024/02/22 13:59:53 wazuh-syscheckd: INFO: (6003): Monitoring path: '/sbin', with options 'size | permissions | owner | group | mtime | inode | hash_md5 | hash_sha1 | hash_sha256 | scheduled'.
2024/02/22 13:59:53 wazuh-syscheckd: INFO: (6003): Monitoring path: '/usr/bin', with options 'size | permissions | owner | group | mtime | inode | hash_md5 | hash_sha1 | hash_sha256 | scheduled'.
2024/02/22 13:59:53 wazuh-syscheckd: INFO: (6003): Monitoring path: '/usr/sbin', with options 'size | permissions | owner | group | mtime | inode | hash_md5 | hash_sha1 | hash_sha256 | scheduled'.
2024/02/22 13:59:53 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/mtab'
2024/02/22 13:59:53 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/hosts.deny'
2024/02/22 13:59:53 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/mail/statistics'
2024/02/22 13:59:53 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/random-seed'
2024/02/22 13:59:53 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/random.seed'
2024/02/22 13:59:53 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/adjtime'
2024/02/22 13:59:53 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/httpd/logs'
2024/02/22 13:59:53 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/utmpx'
2024/02/22 13:59:53 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/wtmpx'
2024/02/22 13:59:53 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/cups/certs'
2024/02/22 13:59:53 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/dumpdates'
2024/02/22 13:59:53 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/svc/volatile'
2024/02/22 13:59:53 wazuh-syscheckd: INFO: (6207): Ignore 'file' sregex '.log$|.swp$'
2024/02/22 13:59:53 wazuh-syscheckd: INFO: (6004): No diff for file: '/etc/ssl/private.key'
2024/02/22 13:59:53 wazuh-syscheckd: INFO: (6000): Starting daemon...
2024/02/22 13:59:53 wazuh-syscheckd: INFO: (6010): File integrity monitoring scan frequency: 43200 seconds
2024/02/22 13:59:53 wazuh-syscheckd: INFO: (6008): File integrity monitoring scan started.
2024/02/22 13:59:53 rootcheck: INFO: Starting rootcheck scan.
2024/02/22 13:59:54 wazuh-analysisd: INFO: Total rules enabled: '6786'
2024/02/22 13:59:54 wazuh-analysisd: INFO: Started (pid: 597).
2024/02/22 13:59:55 wazuh-remoted: INFO: Started (pid: 630). Listening on port 1514/TCP (secure).
2024/02/22 13:59:55 wazuh-remoted: INFO: (1410): Reading authentication keys file.
2024/02/22 13:59:55 wazuh-analysisd: INFO: EPS limit disabled
2024/02/22 13:59:55 wazuh-analysisd: INFO: (7200): Logtest started
2024/02/22 13:59:56 wazuh-logcollector: INFO: Monitoring output of command(360): df -P
2024/02/22 13:59:56 wazuh-logcollector: INFO: Monitoring full output of command(360): netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d
2024/02/22 13:59:56 wazuh-logcollector: INFO: Monitoring full output of command(360): last -n 20
2024/02/22 13:59:56 wazuh-logcollector: INFO: (1950): Analyzing file: '/var/ossec/logs/active-responses.log'.
2024/02/22 13:59:56 wazuh-logcollector: INFO: Started (pid: 695).
2024/02/22 13:59:57 wazuh-monitord: INFO: Started (pid: 716).
2024/02/22 13:59:57 wazuh-syscheckd: INFO: (6009): File integrity monitoring scan ended.
2024/02/22 13:59:57 wazuh-syscheckd: INFO: FIM sync module started.
2024/02/22 13:59:58 wazuh-modulesd:router: INFO: Loaded router module.
2024/02/22 13:59:58 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
2024/02/22 13:59:58 wazuh-modulesd: INFO: Started (pid: 739).
2024/02/22 13:59:58 sca: INFO: Module started.
2024/02/22 13:59:58 sca: INFO: Loaded policy '/var/ossec/ruleset/sca/cis_amazon_linux_2023.yml'
2024/02/22 13:59:58 sca: INFO: Starting Security Configuration Assessment scan.
2024/02/22 13:59:58 wazuh-modulesd:osquery: INFO: Module disabled. Exiting...
2024/02/22 13:59:58 wazuh-modulesd:router: INFO: Starting router module.
2024/02/22 13:59:58 wazuh-modulesd:content_manager: INFO: Starting content_manager module.
2024/02/22 13:59:58 wazuh-modulesd:agent-upgrade: INFO: (8153): Module Agent Upgrade started.
2024/02/22 13:59:58 wazuh-modulesd:database: INFO: Module started.
2024/02/22 13:59:58 wazuh-modulesd:vulnerability-scanner: INFO: Starting vulnerability_scanner module.
2024/02/22 13:59:58 wazuh-modulesd:ciscat: INFO: Module disabled. Exiting...
2024/02/22 13:59:58 wazuh-modulesd:download: INFO: Module started.
2024/02/22 13:59:58 wazuh-modulesd:control: INFO: Starting control thread.
2024/02/22 13:59:58 wazuh-modulesd:task-manager: INFO: (8200): Module Task Manager started.
2024/02/22 13:59:58 sca: INFO: Starting evaluation of policy: '/var/ossec/ruleset/sca/cis_amazon_linux_2023.yml'
2024/02/22 13:59:58 wazuh-modulesd:syscollector: INFO: Module started.
2024/02/22 13:59:58 wazuh-modulesd:syscollector: INFO: Starting evaluation.
2024/02/22 13:59:59 wazuh-modulesd:syscollector: INFO: Evaluation finished.
2024/02/22 13:59:59 indexer-connector: WARNING: Error initializing IndexerConnector: Couldn't connect to server, we will try again after 2 seconds.
2024/02/22 13:59:59 wazuh-modulesd:vulnerability-scanner: INFO: Starting database file decompression.
2024/02/22 14:00:01 indexer-connector: WARNING: Error initializing IndexerConnector: Couldn't connect to server, we will try again after 4 seconds.
2024/02/22 14:00:05 indexer-connector: WARNING: Error initializing IndexerConnector: Couldn't connect to server, we will try again after 8 seconds.
2024/02/22 14:00:13 indexer-connector: WARNING: Error initializing IndexerConnector: Couldn't connect to server, we will try again after 16 seconds.
2024/02/22 14:00:29 indexer-connector: WARNING: Error initializing IndexerConnector: Couldn't connect to server, we will try again after 32 seconds.
2024/02/22 14:00:53 rootcheck: INFO: Ending rootcheck scan.
2024/02/22 14:00:55 sca: INFO: Evaluation finished for policy '/var/ossec/ruleset/sca/cis_amazon_linux_2023.yml'
2024/02/22 14:00:55 sca: INFO: Security Configuration Assessment scan finished. Duration: 57 seconds.
2024/02/22 14:01:02 indexer-connector: INFO: IndexerConnector initialized.
2024/02/22 14:02:10 wazuh-modulesd:vulnerability-scanner: INFO: Database decompression finished.
2024/02/22 14:02:11 wazuh-modulesd:content-updater: INFO: Starting scheduled action for 'vulnerability_feed_manager'
2024/02/22 14:02:11 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' started
2024/02/22 14:02:11 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' finished
2024/02/22 14:02:11 wazuh-modulesd:vulnerability-scanner: INFO: Vulnerability scanner module started
bash-5.2#
bash-5.2$ cat /usr/share/wazuh-dashboard/data/wazuh/logs/wazuhapp.log | grep -i -E "error|warn"
bash-5.2$
root@ip-172-31-41-4:/home/ubuntu# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
66793c3a3920 nginx:stable "/docker-entrypoint.…" 10 minutes ago Up 3 minutes 80/tcp, 0.0.0.0:1514->1514/tcp, :::1514->1514/tcp multi-node-nginx-1
d695f1126d9e wazuh/wazuh-dashboard:4.8.0 "/entrypoint.sh" 10 minutes ago Up 3 minutes 443/tcp, 0.0.0.0:443->5601/tcp, :::443->5601/tcp multi-node-wazuh.dashboard-1
84e71783735c wazuh/wazuh-indexer:4.8.0 "/entrypoint.sh open…" 10 minutes ago Up 3 minutes 0.0.0.0:9200->9200/tcp, :::9200->9200/tcp multi-node-wazuh1.indexer-1
cb810dfa6859 wazuh/wazuh-indexer:4.8.0 "/entrypoint.sh open…" 10 minutes ago Up 3 minutes 9200/tcp multi-node-wazuh2.indexer-1
0379f08949b8 wazuh/wazuh-manager:4.8.0 "/init" 10 minutes ago Up 3 minutes 1514/tcp, 0.0.0.0:1515->1515/tcp, :::1515->1515/tcp, 0.0.0.0:514->514/udp, :::514->514/udp, 1516/tcp, 0.0.0.0:55000->55000/tcp, :::55000->55000/tcp multi-node-wazuh.master-1
7f85ae4712a3 wazuh/wazuh-manager:4.8.0 "/init" 10 minutes ago Up 3 minutes 1514-1516/tcp, 514/udp, 55000/tcp multi-node-wazuh.worker-1
b3a41b1f4e20 wazuh/wazuh-indexer:4.8.0 "/entrypoint.sh open…" 10 minutes ago Up 3 minutes 9200/tcp multi-node-wazuh3.indexer-1
root@ip-172-31-41-4:/home/ubuntu#
bash-5.2$ cat /var/log/wazuh-indexer/wazuh-cluster.log | grep -i -E "error|warn"
[2024-02-22T14:28:27,986][INFO ][o.o.n.Node ] [wazuh1.indexer] JVM arguments [-Xshare:auto, -Dopensearch.networkaddress.cache.ttl=60, -Dopensearch.networkaddress.cache.negative.ttl=10, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -XX:+ShowCodeDetailsInExceptionMessages, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dio.netty.allocator.numDirectArenas=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.locale.providers=SPI,COMPAT, -XX:+UseG1GC, -XX:G1ReservePercent=25, -XX:InitiatingHeapOccupancyPercent=30, -Djava.io.tmpdir=/tmp/opensearch-7786276805363767305, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=/var/lib/wazuh-indexer, -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -Dclk.tck=100, -Djdk.attach.allowAttachSelf=true, -Djava.security.policy=file:///usr/share/wazuh-indexer/opensearch-performance-analyzer/opensearch_security.policy, --add-opens=jdk.attach/sun.tools.attach=ALL-UNNAMED, -Xms1g, -Xmx1g, -XX:MaxDirectMemorySize=536870912, -Dopensearch.path.home=/usr/share/wazuh-indexer, -Dopensearch.path.conf=/usr/share/wazuh-indexer, -Dopensearch.distribution.type=rpm, -Dopensearch.bundled_jdk=true]
[2024-02-22T14:28:54,343][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] Directory /usr/share/wazuh-indexer/.cache has insecure file permissions (should be 0700)
[2024-02-22T14:28:54,344][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] Directory /usr/share/wazuh-indexer/.cache/JNA has insecure file permissions (should be 0700)
[2024-02-22T14:28:54,368][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] Directory /usr/share/wazuh-indexer/.cache/JNA/temp has insecure file permissions (should be 0700)
[2024-02-22T14:28:54,370][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] Directory /usr/share/wazuh-indexer/logs has insecure file permissions (should be 0700)
[2024-02-22T14:28:54,371][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/opensearch.yml has insecure file permissions (should be 0600)
[2024-02-22T14:28:54,379][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/jdk/lib/jspawnhelper has insecure file permissions (should be 0600)
[2024-02-22T14:28:54,515][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/jdk/bin/jdeprscan has insecure file permissions (should be 0600)
[2024-02-22T14:28:54,534][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/jdk/bin/jps has insecure file permissions (should be 0600)
[2024-02-22T14:28:54,535][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/jdk/bin/jstack has insecure file permissions (should be 0600)
[2024-02-22T14:28:54,536][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/plugins/opensearch-security/tools/wazuh-certs-tool.sh has insecure file permissions (should be 0600)
[2024-02-22T14:28:54,538][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/opensearch-security/internal_users.yml has insecure file permissions (should be 0600)
[2024-02-22T14:28:54,539][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/performance-analyzer-rca/bin/performance-analyzer-agent has insecure file permissions (should be 0600)
[2024-02-22T14:28:54,542][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/performance-analyzer-rca/bin/performance-analyzer-rca has insecure file permissions (should be 0600)
[2024-02-22T14:28:54,546][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/bin/opensearch-env-from-file has insecure file permissions (should be 0600)
[2024-02-22T14:28:54,562][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/bin/opensearch-upgrade has insecure file permissions (should be 0600)
[2024-02-22T14:28:54,563][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/bin/opensearch-cli has insecure file permissions (should be 0600)
[2024-02-22T14:28:54,568][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/bin/opensearch-keystore has insecure file permissions (should be 0600)
[2024-02-22T14:28:54,569][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/bin/opensearch-performance-analyzer/performance-analyzer-agent has insecure file permissions (should be 0600)
[2024-02-22T14:28:54,574][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/bin/opensearch-performance-analyzer/performance-analyzer-agent-cli has insecure file permissions (should be 0600)
[2024-02-22T14:28:54,582][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/bin/opensearch-plugin has insecure file permissions (should be 0600)
[2024-02-22T14:28:54,586][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/bin/opensearch-node has insecure file permissions (should be 0600)
[2024-02-22T14:28:54,598][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/bin/opensearch-shard has insecure file permissions (should be 0600)
[2024-02-22T14:28:54,602][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/bin/opensearch has insecure file permissions (should be 0600)
[2024-02-22T14:28:54,606][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/bin/opensearch-env has insecure file permissions (should be 0600)
[2024-02-22T14:29:58,735][WARN ][o.o.s.c.Salt ] [wazuh1.indexer] If you plan to use field masking pls configure compliance salt e1ukloTsQlOgPquJ to be a random string of 16 chars length identical on all nodes
[2024-02-22T14:29:59,177][ERROR][o.o.s.a.s.SinkProvider ] [wazuh1.indexer] Default endpoint could not be created, auditlog will not work properly.
[2024-02-22T14:29:59,196][WARN ][o.o.s.a.r.AuditMessageRouter] [wazuh1.indexer] No default storage available, audit log may not work properly. Please check configuration.
[2024-02-22T14:30:09,433][WARN ][o.o.s.p.SQLPlugin ] [wazuh1.indexer] Master key is a required config for using create and update datasource APIs. Please set plugins.query.datasources.encryption.masterkey config in opensearch.yml in all the cluster nodes. More details can be found here: https://github.com/opensearch-project/sql/blob/main/docs/user/ppl/admin/datasources.rst#master-key-config-for-encrypting-credential-information
[2024-02-22T14:30:24,960][WARN ][o.o.g.DanglingIndicesState] [wazuh1.indexer] gateway.auto_import_dangling_indices is disabled, dangling indices will not be automatically detected or imported and must be managed manually
[2024-02-22T14:30:34,538][ERROR][o.o.b.Bootstrap ] [wazuh1.indexer] node validation exception
[2024-02-22T14:31:12,970][INFO ][o.o.n.Node ] [wazuh1.indexer] JVM arguments [-Xshare:auto, -Dopensearch.networkaddress.cache.ttl=60, -Dopensearch.networkaddress.cache.negative.ttl=10, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -XX:+ShowCodeDetailsInExceptionMessages, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dio.netty.allocator.numDirectArenas=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.locale.providers=SPI,COMPAT, -XX:+UseG1GC, -XX:G1ReservePercent=25, -XX:InitiatingHeapOccupancyPercent=30, -Djava.io.tmpdir=/tmp/opensearch-7344517411175463262, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=/var/lib/wazuh-indexer, -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -Dclk.tck=100, -Djdk.attach.allowAttachSelf=true, -Djava.security.policy=file:///usr/share/wazuh-indexer/opensearch-performance-analyzer/opensearch_security.policy, --add-opens=jdk.attach/sun.tools.attach=ALL-UNNAMED, -Xms1g, -Xmx1g, -XX:MaxDirectMemorySize=536870912, -Dopensearch.path.home=/usr/share/wazuh-indexer, -Dopensearch.path.conf=/usr/share/wazuh-indexer, -Dopensearch.distribution.type=rpm, -Dopensearch.bundled_jdk=true]
[2024-02-22T14:31:34,284][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] Directory /usr/share/wazuh-indexer/.cache has insecure file permissions (should be 0700)
[2024-02-22T14:31:34,292][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] Directory /usr/share/wazuh-indexer/.cache/JNA has insecure file permissions (should be 0700)
[2024-02-22T14:31:34,293][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] Directory /usr/share/wazuh-indexer/.cache/JNA/temp has insecure file permissions (should be 0700)
[2024-02-22T14:31:34,305][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] Directory /usr/share/wazuh-indexer/logs has insecure file permissions (should be 0700)
[2024-02-22T14:31:34,310][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/opensearch.yml has insecure file permissions (should be 0600)
[2024-02-22T14:31:34,323][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/jdk/lib/jspawnhelper has insecure file permissions (should be 0600)
[2024-02-22T14:31:34,327][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/jdk/bin/jconsole has insecure file permissions (should be 0600)
[2024-02-22T14:31:34,329][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/jdk/bin/jlink has insecure file permissions (should be 0600)
[2024-02-22T14:31:34,336][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/jdk/bin/java has insecure file permissions (should be 0600)
[2024-02-22T14:31:34,343][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/jdk/bin/jdeps has insecure file permissions (should be 0600)
[2024-02-22T14:31:34,348][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/jdk/bin/javadoc has insecure file permissions (should be 0600)
[2024-02-22T14:31:34,363][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/jdk/bin/jar has insecure file permissions (should be 0600)
[2024-02-22T14:31:34,546][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/jdk/bin/jps has insecure file permissions (should be 0600)
[2024-02-22T14:31:34,558][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/jdk/bin/jstack has insecure file permissions (should be 0600)
[2024-02-22T14:31:34,563][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/plugins/opensearch-security/tools/wazuh-certs-tool.sh has insecure file permissions (should be 0600)
[2024-02-22T14:31:34,565][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/opensearch-security/internal_users.yml has insecure file permissions (should be 0600)
[2024-02-22T14:31:34,571][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/performance-analyzer-rca/bin/performance-analyzer-agent has insecure file permissions (should be 0600)
[2024-02-22T14:31:34,576][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/performance-analyzer-rca/bin/performance-analyzer-rca has insecure file permissions (should be 0600)
[2024-02-22T14:31:34,581][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/bin/opensearch-env-from-file has insecure file permissions (should be 0600)
[2024-02-22T14:31:34,585][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/bin/opensearch-upgrade has insecure file permissions (should be 0600)
[2024-02-22T14:31:34,589][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/bin/opensearch-cli has insecure file permissions (should be 0600)
[2024-02-22T14:31:34,601][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/bin/opensearch-keystore has insecure file permissions (should be 0600)
[2024-02-22T14:31:34,602][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/bin/opensearch-performance-analyzer/performance-analyzer-agent has insecure file permissions (should be 0600)
[2024-02-22T14:31:34,607][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/bin/opensearch-performance-analyzer/performance-analyzer-agent-cli has insecure file permissions (should be 0600)
[2024-02-22T14:31:34,611][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/bin/opensearch-plugin has insecure file permissions (should be 0600)
[2024-02-22T14:31:34,612][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/bin/opensearch-node has insecure file permissions (should be 0600)
[2024-02-22T14:31:34,625][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/bin/opensearch-shard has insecure file permissions (should be 0600)
[2024-02-22T14:31:34,629][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/bin/opensearch has insecure file permissions (should be 0600)
[2024-02-22T14:31:34,635][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/bin/opensearch-env has insecure file permissions (should be 0600)
[2024-02-22T14:32:53,899][WARN ][o.o.s.c.Salt ] [wazuh1.indexer] If you plan to use field masking pls configure compliance salt e1ukloTsQlOgPquJ to be a random string of 16 chars length identical on all nodes
[2024-02-22T14:32:54,279][ERROR][o.o.s.a.s.SinkProvider ] [wazuh1.indexer] Default endpoint could not be created, auditlog will not work properly.
[2024-02-22T14:32:54,294][WARN ][o.o.s.a.r.AuditMessageRouter] [wazuh1.indexer] No default storage available, audit log may not work properly. Please check configuration.
[2024-02-22T14:33:03,893][WARN ][o.o.s.p.SQLPlugin ] [wazuh1.indexer] Master key is a required config for using create and update datasource APIs. Please set plugins.query.datasources.encryption.masterkey config in opensearch.yml in all the cluster nodes. More details can be found here: https://github.com/opensearch-project/sql/blob/main/docs/user/ppl/admin/datasources.rst#master-key-config-for-encrypting-credential-information
[2024-02-22T14:33:17,266][WARN ][o.o.g.DanglingIndicesState] [wazuh1.indexer] gateway.auto_import_dangling_indices is disabled, dangling indices will not be automatically detected or imported and must be managed manually
[2024-02-22T14:33:26,247][ERROR][o.o.b.Bootstrap ] [wazuh1.indexer] node validation exception
[2024-02-22T14:34:43,015][INFO ][o.o.n.Node ] [wazuh1.indexer] JVM arguments [-Xshare:auto, -Dopensearch.networkaddress.cache.ttl=60, -Dopensearch.networkaddress.cache.negative.ttl=10, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -XX:+ShowCodeDetailsInExceptionMessages, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dio.netty.allocator.numDirectArenas=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.locale.providers=SPI,COMPAT, -XX:+UseG1GC, -XX:G1ReservePercent=25, -XX:InitiatingHeapOccupancyPercent=30, -Djava.io.tmpdir=/tmp/opensearch-15025988817348444977, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=/var/lib/wazuh-indexer, -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -Dclk.tck=100, -Djdk.attach.allowAttachSelf=true, -Djava.security.policy=file:///usr/share/wazuh-indexer/opensearch-performance-analyzer/opensearch_security.policy, --add-opens=jdk.attach/sun.tools.attach=ALL-UNNAMED, -Xms1g, -Xmx1g, -XX:MaxDirectMemorySize=536870912, -Dopensearch.path.home=/usr/share/wazuh-indexer, -Dopensearch.path.conf=/usr/share/wazuh-indexer, -Dopensearch.distribution.type=rpm, -Dopensearch.bundled_jdk=true]
[2024-02-22T14:35:10,297][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] Directory /usr/share/wazuh-indexer/.cache has insecure file permissions (should be 0700)
[2024-02-22T14:35:10,303][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] Directory /usr/share/wazuh-indexer/.cache/JNA has insecure file permissions (should be 0700)
[2024-02-22T14:35:10,304][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] Directory /usr/share/wazuh-indexer/.cache/JNA/temp has insecure file permissions (should be 0700)
[2024-02-22T14:35:10,306][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] Directory /usr/share/wazuh-indexer/logs has insecure file permissions (should be 0700)
[2024-02-22T14:35:10,347][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/opensearch.yml has insecure file permissions (should be 0600)
[2024-02-22T14:35:10,349][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/jdk/lib/jspawnhelper has insecure file permissions (should be 0600)
[2024-02-22T14:35:10,493][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/jdk/bin/jcmd has insecure file permissions (should be 0600)
[2024-02-22T14:35:10,494][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/jdk/bin/jpackage has insecure file permissions (should be 0600)
[2024-02-22T14:35:10,495][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/jdk/bin/jdeprscan has insecure file permissions (should be 0600)
[2024-02-22T14:35:10,496][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/jdk/bin/jps has insecure file permissions (should be 0600)
[2024-02-22T14:35:10,497][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/jdk/bin/jstack has insecure file permissions (should be 0600)
[2024-02-22T14:35:10,507][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/plugins/opensearch-security/tools/wazuh-certs-tool.sh has insecure file permissions (should be 0600)
[2024-02-22T14:35:10,527][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/opensearch-security/internal_users.yml has insecure file permissions (should be 0600)
[2024-02-22T14:35:10,529][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/performance-analyzer-rca/bin/performance-analyzer-agent has insecure file permissions (should be 0600)
[2024-02-22T14:35:10,530][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/performance-analyzer-rca/bin/performance-analyzer-rca has insecure file permissions (should be 0600)
[2024-02-22T14:35:10,531][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/bin/opensearch-env-from-file has insecure file permissions (should be 0600)
[2024-02-22T14:35:10,542][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/bin/opensearch-upgrade has insecure file permissions (should be 0600)
[2024-02-22T14:35:10,543][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/bin/opensearch-cli has insecure file permissions (should be 0600)
[2024-02-22T14:35:10,544][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/bin/opensearch-keystore has insecure file permissions (should be 0600)
[2024-02-22T14:35:10,562][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/bin/opensearch-performance-analyzer/performance-analyzer-agent has insecure file permissions (should be 0600)
[2024-02-22T14:35:10,578][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/bin/opensearch-performance-analyzer/performance-analyzer-agent-cli has insecure file permissions (should be 0600)
[2024-02-22T14:35:10,579][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/bin/opensearch-plugin has insecure file permissions (should be 0600)
[2024-02-22T14:35:10,581][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/bin/opensearch-node has insecure file permissions (should be 0600)
[2024-02-22T14:35:10,585][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/bin/opensearch-shard has insecure file permissions (should be 0600)
[2024-02-22T14:35:10,594][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/bin/opensearch has insecure file permissions (should be 0600)
[2024-02-22T14:35:10,597][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/bin/opensearch-env has insecure file permissions (should be 0600)
[2024-02-22T14:36:12,739][WARN ][o.o.s.c.Salt ] [wazuh1.indexer] If you plan to use field masking pls configure compliance salt e1ukloTsQlOgPquJ to be a random string of 16 chars length identical on all nodes
[2024-02-22T14:36:13,108][ERROR][o.o.s.a.s.SinkProvider ] [wazuh1.indexer] Default endpoint could not be created, auditlog will not work properly.
[2024-02-22T14:36:13,123][WARN ][o.o.s.a.r.AuditMessageRouter] [wazuh1.indexer] No default storage available, audit log may not work properly. Please check configuration.
[2024-02-22T14:36:19,703][WARN ][o.o.s.p.SQLPlugin ] [wazuh1.indexer] Master key is a required config for using create and update datasource APIs. Please set plugins.query.datasources.encryption.masterkey config in opensearch.yml in all the cluster nodes. More details can be found here: https://github.com/opensearch-project/sql/blob/main/docs/user/ppl/admin/datasources.rst#master-key-config-for-encrypting-credential-information
[2024-02-22T14:36:28,552][WARN ][o.o.g.DanglingIndicesState] [wazuh1.indexer] gateway.auto_import_dangling_indices is disabled, dangling indices will not be automatically detected or imported and must be managed manually
[2024-02-22T14:36:41,600][WARN ][o.o.p.c.s.h.ConfigOverridesClusterSettingHandler] [wazuh1.indexer] Config override setting update called with empty string. Ignoring.
[2024-02-22T14:36:43,372][ERROR][o.o.s.a.BackendRegistry ] [wazuh1.indexer] Not yet initialized (you may need to run securityadmin)
[2024-02-22T14:36:43,478][ERROR][o.o.s.a.BackendRegistry ] [wazuh1.indexer] Not yet initialized (you may need to run securityadmin)
[2024-02-22T14:36:43,490][ERROR][o.o.s.a.BackendRegistry ] [wazuh1.indexer] Not yet initialized (you may need to run securityadmin)
[2024-02-22T14:36:43,507][ERROR][o.o.s.a.BackendRegistry ] [wazuh1.indexer] Not yet initialized (you may need to run securityadmin)
[2024-02-22T14:36:44,617][WARN ][o.o.o.i.ObservabilityIndex] [wazuh1.indexer] message: index [.opensearch-observability/e-CyVJPCTwuVVnG7okfKzA] already exists
[2024-02-22T14:36:44,830][ERROR][o.o.s.a.BackendRegistry ] [wazuh1.indexer] Not yet initialized (you may need to run securityadmin)
[2024-02-22T14:36:45,560][ERROR][o.o.s.a.BackendRegistry ] [wazuh1.indexer] Not yet initialized (you may need to run securityadmin)
[2024-02-22T14:36:45,566][ERROR][o.o.s.a.BackendRegistry ] [wazuh1.indexer] Not yet initialized (you may need to run securityadmin)
[2024-02-22T14:36:45,574][ERROR][o.o.s.a.BackendRegistry ] [wazuh1.indexer] Not yet initialized (you may need to run securityadmin)
[2024-02-22T14:36:58,082][ERROR][o.o.s.a.BackendRegistry ] [wazuh1.indexer] Not yet initialized (you may need to run securityadmin)
[2024-02-22T14:36:58,095][ERROR][o.o.s.a.BackendRegistry ] [wazuh1.indexer] Not yet initialized (you may need to run securityadmin)
[2024-02-22T14:36:58,110][ERROR][o.o.s.a.BackendRegistry ] [wazuh1.indexer] Not yet initialized (you may need to run securityadmin)
[2024-02-22T14:37:00,574][ERROR][o.o.s.a.BackendRegistry ] [wazuh1.indexer] Not yet initialized (you may need to run securityadmin)
[2024-02-22T14:37:00,881][ERROR][o.o.s.a.BackendRegistry ] [wazuh1.indexer] Not yet initialized (you may need to run securityadmin)
[2024-02-22T14:37:00,892][ERROR][o.o.s.a.BackendRegistry ] [wazuh1.indexer] Not yet initialized (you may need to run securityadmin)
[2024-02-22T14:37:01,031][ERROR][o.o.s.a.BackendRegistry ] [wazuh1.indexer] Not yet initialized (you may need to run securityadmin)
[2024-02-22T14:37:01,109][ERROR][o.o.s.a.BackendRegistry ] [wazuh1.indexer] Not yet initialized (you may need to run securityadmin)
Normal errors of indexer connection:
bash-5.2# cat /var/ossec/logs/ossec.log | grep -i -E "error|warn"
2024/02/22 14:13:55 wazuh-logcollector: ERROR: (1103): Could not open file '/var/log/dpkg.log' due to [(2)-(No such file or directory)].
2024/02/22 14:14:02 indexer-connector: WARNING: Error initializing IndexerConnector: Couldn't connect to server, we will try again after 2 seconds.
2024/02/22 14:14:04 indexer-connector: WARNING: Error initializing IndexerConnector: Couldn't connect to server, we will try again after 4 seconds.
2024/02/22 14:14:08 indexer-connector: WARNING: Error initializing IndexerConnector: Couldn't connect to server, we will try again after 8 seconds.
2024/02/22 14:14:16 indexer-connector: WARNING: Error initializing IndexerConnector: Couldn't connect to server, we will try again after 16 seconds.
2024/02/22 14:14:28 wazuh-modulesd: WARNING: Cluster error detected
2024/02/22 14:14:29 wazuh-modulesd: WARNING: Cluster error detected
2024/02/22 14:14:30 wazuh-modulesd: WARNING: Cluster error detected
2024/02/22 14:14:32 wazuh-modulesd: WARNING: Cluster error detected
2024/02/22 14:14:33 wazuh-modulesd: WARNING: Cluster error detected
2024/02/22 14:14:33 indexer-connector: WARNING: Error initializing IndexerConnector: Couldn't connect to server, we will try again after 32 seconds.
2024/02/22 14:14:34 wazuh-modulesd: WARNING: Cluster error detected
2024/02/22 14:14:35 wazuh-modulesd: WARNING: Cluster error detected
2024/02/22 14:14:36 wazuh-modulesd: WARNING: Cluster error detected
2024/02/22 14:14:37 wazuh-modulesd: WARNING: Cluster error detected
2024/02/22 14:14:38 wazuh-modulesd: WARNING: Cluster error detected
2024/02/22 14:14:38 wazuh-modulesd: ERROR: Could not send message through the cluster after '10' attempts.
2024/02/22 14:14:38 wazuh-modulesd:agent-upgrade: ERROR: (8123): There has been an error executing the request in the tasks manager.
2024/02/22 14:24:58 wazuh-logcollector: ERROR: (1103): Could not open file '/var/log/dpkg.log' due to [(2)-(No such file or directory)].
2024/02/22 14:25:05 indexer-connector: WARNING: Error initializing IndexerConnector: Couldn't connect to server, we will try again after 2 seconds.
2024/02/22 14:25:07 indexer-connector: WARNING: Error initializing IndexerConnector: Couldn't connect to server, we will try again after 4 seconds.
2024/02/22 14:25:11 indexer-connector: WARNING: Error initializing IndexerConnector: Couldn't connect to server, we will try again after 8 seconds.
2024/02/22 14:25:19 indexer-connector: WARNING: Error initializing IndexerConnector: Couldn't connect to server, we will try again after 16 seconds.
2024/02/22 14:25:35 indexer-connector: WARNING: Error initializing IndexerConnector: Couldn't connect to server, we will try again after 32 seconds.
2024/02/22 14:26:07 indexer-connector: WARNING: Error initializing IndexerConnector: No available server, we will try again after 60 seconds.
2024/02/22 14:28:32 wazuh-logcollector: ERROR: (1103): Could not open file '/var/log/dpkg.log' due to [(2)-(No such file or directory)].
2024/02/22 14:28:39 indexer-connector: WARNING: Error initializing IndexerConnector: Couldn't connect to server, we will try again after 2 seconds.
2024/02/22 14:28:41 indexer-connector: WARNING: Error initializing IndexerConnector: Couldn't connect to server, we will try again after 4 seconds.
2024/02/22 14:28:45 indexer-connector: WARNING: Error initializing IndexerConnector: Couldn't connect to server, we will try again after 8 seconds.
2024/02/22 14:28:53 indexer-connector: WARNING: Error initializing IndexerConnector: Couldn't connect to server, we will try again after 16 seconds.
2024/02/22 14:29:05 wazuh-modulesd: WARNING: Cluster error detected
2024/02/22 14:29:06 wazuh-modulesd: WARNING: Cluster error detected
2024/02/22 14:29:09 indexer-connector: WARNING: Error initializing IndexerConnector: Couldn't connect to server, we will try again after 32 seconds.
2024/02/22 14:29:41 indexer-connector: WARNING: Error initializing IndexerConnector: No available server, we will try again after 60 seconds.
2024/02/22 14:30:41 indexer-connector: WARNING: Error initializing IndexerConnector: No available server, we will try again after 60 seconds.
2024/02/22 14:31:41 indexer-connector: WARNING: Error initializing IndexerConnector: No available server, we will try again after 60 seconds.
2024/02/22 14:32:41 indexer-connector: WARNING: Error initializing IndexerConnector: No available server, we will try again after 60 seconds.
2024/02/22 14:34:53 wazuh-logcollector: ERROR: (1103): Could not open file '/var/log/dpkg.log' due to [(2)-(No such file or directory)].
2024/02/22 14:35:00 indexer-connector: WARNING: Error initializing IndexerConnector: Couldn't connect to server, we will try again after 2 seconds.
2024/02/22 14:35:02 indexer-connector: WARNING: Error initializing IndexerConnector: Couldn't connect to server, we will try again after 4 seconds.
2024/02/22 14:35:06 indexer-connector: WARNING: Error initializing IndexerConnector: Couldn't connect to server, we will try again after 8 seconds.
2024/02/22 14:35:14 indexer-connector: WARNING: Error initializing IndexerConnector: Couldn't connect to server, we will try again after 16 seconds.
2024/02/22 14:35:27 wazuh-modulesd: WARNING: Cluster error detected
2024/02/22 14:35:28 wazuh-modulesd: WARNING: Cluster error detected
2024/02/22 14:35:29 wazuh-modulesd: WARNING: Cluster error detected
2024/02/22 14:35:30 indexer-connector: WARNING: Error initializing IndexerConnector: Couldn't connect to server, we will try again after 32 seconds.
2024/02/22 14:36:02 indexer-connector: WARNING: Error initializing IndexerConnector: No available server, we will try again after 60 seconds.
bash-5.2#
{"date":"2024-02-22T15:01:40.376Z","level":"error","location":"wazuh-check-updates:setSavedObject","message":"mapping set to strict, dynamic introduction of [uuid] within [wazuh-check-updates-available-updates.apis_available_updates] is not allowed: strict_dynamic_mapping_exception: [strict_dynamic_mapping_exception] Reason: mapping set to strict, dynamic introduction of [uuid] within [wazuh-check-updates-available-updates.apis_available_updates] is not allowed"}
{"date":"2024-02-22T15:01:40.388Z","level":"error","location":"wazuh-check-updates:getUpdates","message":"mapping set to strict, dynamic introduction of [uuid] within [wazuh-check-updates-available-updates.apis_available_updates] is not allowed: strict_dynamic_mapping_exception: [strict_dynamic_mapping_exception] Reason: mapping set to strict, dynamic introduction of [uuid] within [wazuh-check-updates-available-updates.apis_available_updates] is not allowed"}
{"date":"2024-02-22T15:02:18.796Z","level":"error","location":"wazuh-check-updates:setSavedObject","message":"mapping set to strict, dynamic introduction of [uuid] within [wazuh-check-updates-available-updates.apis_available_updates] is not allowed: strict_dynamic_mapping_exception: [strict_dynamic_mapping_exception] Reason: mapping set to strict, dynamic introduction of [uuid] within [wazuh-check-updates-available-updates.apis_available_updates] is not allowed"}
{"date":"2024-02-22T15:02:18.797Z","level":"error","location":"wazuh-check-updates:getUpdates","message":"mapping set to strict, dynamic introduction of [uuid] within [wazuh-check-updates-available-updates.apis_available_updates] is not allowed: strict_dynamic_mapping_exception: [strict_dynamic_mapping_exception] Reason: mapping set to strict, dynamic introduction of [uuid] within [wazuh-check-updates-available-updates.apis_available_updates] is not allowed"}
bash-5.2$
root@ip-172-31-41-4:/home/ubuntu/wazuh-docker/single-node# docker logs 35fc4df5ff95
WARNING: A terminally deprecated method in java.lang.System has been called
WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch
WARNING: System::setSecurityManager will be removed in a future release
WARNING: A terminally deprecated method in java.lang.System has been called
WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
WARNING: System::setSecurityManager will be removed in a future release
[2024-02-22T16:35:44,131][INFO ][o.o.n.Node ] [wazuh.indexer] version[2.10.0], pid[1], build[rpm/eee49cb340edc6c4d489bcd9324dda571fc8dc03/2023-09-20T23:54:29.889267151Z], OS[Linux/6.2.0-1018-aws/amd64], JVM[Eclipse Adoptium/OpenJDK 64-Bit Server VM/17.0.8/17.0.8+7]
[2024-02-22T16:35:44,147][INFO ][o.o.n.Node ] [wazuh.indexer] JVM home [/usr/share/wazuh-indexer/jdk], using bundled JDK/JRE [true]
[2024-02-22T16:35:44,148][INFO ][o.o.n.Node ] [wazuh.indexer] JVM arguments [-Xshare:auto, -Dopensearch.networkaddress.cache.ttl=60, -Dopensearch.networkaddress.cache.negative.ttl=10, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -XX:+ShowCodeDetailsInExceptionMessages, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dio.netty.allocator.numDirectArenas=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.locale.providers=SPI,COMPAT, -XX:+UseG1GC, -XX:G1ReservePercent=25, -XX:InitiatingHeapOccupancyPercent=30, -Djava.io.tmpdir=/tmp/opensearch-4224180751668326418, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=/var/lib/wazuh-indexer, -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -Dclk.tck=100, -Djdk.attach.allowAttachSelf=true, -Djava.security.policy=file:///usr/share/wazuh-indexer/opensearch-performance-analyzer/opensearch_security.policy, --add-opens=jdk.attach/sun.tools.attach=ALL-UNNAMED, -Xms1g, -Xmx1g, -XX:MaxDirectMemorySize=536870912, -Dopensearch.path.home=/usr/share/wazuh-indexer, -Dopensearch.path.conf=/usr/share/wazuh-indexer, -Dopensearch.distribution.type=rpm, -Dopensearch.bundled_jdk=true]
[2024-02-22T16:35:51,402][INFO ][o.o.s.s.t.SSLConfig ] [wazuh.indexer] SSL dual mode is disabled
[2024-02-22T16:35:51,403][INFO ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] OpenSearch Config path is /usr/share/wazuh-indexer
[2024-02-22T16:35:53,210][INFO ][o.o.s.s.DefaultSecurityKeyStore] [wazuh.indexer] JVM supports TLSv1.3
[2024-02-22T16:35:53,219][INFO ][o.o.s.s.DefaultSecurityKeyStore] [wazuh.indexer] Config directory is /usr/share/wazuh-indexer/, from there the key- and truststore files are resolved relatively
[2024-02-22T16:35:56,594][INFO ][o.o.s.s.DefaultSecurityKeyStore] [wazuh.indexer] TLS Transport Client Provider : JDK
[2024-02-22T16:35:56,595][INFO ][o.o.s.s.DefaultSecurityKeyStore] [wazuh.indexer] TLS Transport Server Provider : JDK
[2024-02-22T16:35:56,595][INFO ][o.o.s.s.DefaultSecurityKeyStore] [wazuh.indexer] TLS HTTP Provider : JDK
[2024-02-22T16:35:56,602][INFO ][o.o.s.s.DefaultSecurityKeyStore] [wazuh.indexer] Enabled TLS protocols for transport layer : [TLSv1.3, TLSv1.2]
[2024-02-22T16:35:56,603][INFO ][o.o.s.s.DefaultSecurityKeyStore] [wazuh.indexer] Enabled TLS protocols for HTTP layer : [TLSv1.3, TLSv1.2]
[2024-02-22T16:35:56,710][INFO ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] Clustername: opensearch
[2024-02-22T16:35:57,318][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] Directory /usr/share/wazuh-indexer/.cache has insecure file permissions (should be 0700)
[2024-02-22T16:35:57,326][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] Directory /usr/share/wazuh-indexer/.cache/JNA has insecure file permissions (should be 0700)
[2024-02-22T16:35:57,328][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] Directory /usr/share/wazuh-indexer/.cache/JNA/temp has insecure file permissions (should be 0700)
[2024-02-22T16:35:57,330][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] Directory /usr/share/wazuh-indexer/logs has insecure file permissions (should be 0700)
[2024-02-22T16:35:57,331][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/opensearch.yml has insecure file permissions (should be 0600)
[2024-02-22T16:35:57,333][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/lib/jspawnhelper has insecure file permissions (should be 0600)
[2024-02-22T16:35:57,342][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/jconsole has insecure file permissions (should be 0600)
[2024-02-22T16:35:57,343][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/jlink has insecure file permissions (should be 0600)
[2024-02-22T16:35:57,345][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/java has insecure file permissions (should be 0600)
[2024-02-22T16:35:57,346][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/jdeps has insecure file permissions (should be 0600)
[2024-02-22T16:35:57,347][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/javadoc has insecure file permissions (should be 0600)
[2024-02-22T16:35:57,348][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/jar has insecure file permissions (should be 0600)
[2024-02-22T16:35:57,349][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/jimage has insecure file permissions (should be 0600)
[2024-02-22T16:35:57,351][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/jstatd has insecure file permissions (should be 0600)
[2024-02-22T16:35:57,358][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/rmiregistry has insecure file permissions (should be 0600)
[2024-02-22T16:35:57,360][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/jdb has insecure file permissions (should be 0600)
[2024-02-22T16:35:57,362][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/jinfo has insecure file permissions (should be 0600)
[2024-02-22T16:35:57,363][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/jshell has insecure file permissions (should be 0600)
[2024-02-22T16:35:57,364][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/jstat has insecure file permissions (should be 0600)
[2024-02-22T16:35:57,367][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/jfr has insecure file permissions (should be 0600)
[2024-02-22T16:35:57,370][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/jrunscript has insecure file permissions (should be 0600)
[2024-02-22T16:35:57,371][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/keytool has insecure file permissions (should be 0600)
[2024-02-22T16:35:57,372][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/serialver has insecure file permissions (should be 0600)
[2024-02-22T16:35:57,374][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/javac has insecure file permissions (should be 0600)
[2024-02-22T16:35:57,382][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/javap has insecure file permissions (should be 0600)
[2024-02-22T16:35:57,384][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/jhsdb has insecure file permissions (should be 0600)
[2024-02-22T16:35:57,386][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/jmap has insecure file permissions (should be 0600)
[2024-02-22T16:35:57,387][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/jmod has insecure file permissions (should be 0600)
[2024-02-22T16:35:57,388][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/jarsigner has insecure file permissions (should be 0600)
[2024-02-22T16:35:57,391][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/jcmd has insecure file permissions (should be 0600)
[2024-02-22T16:35:57,399][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/jpackage has insecure file permissions (should be 0600)
[2024-02-22T16:35:57,401][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/jdeprscan has insecure file permissions (should be 0600)
[2024-02-22T16:35:57,402][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/jps has insecure file permissions (should be 0600)
[2024-02-22T16:35:57,405][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/jstack has insecure file permissions (should be 0600)
[2024-02-22T16:35:57,412][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/plugins/opensearch-security/tools/wazuh-certs-tool.sh has insecure file permissions (should be 0600)
[2024-02-22T16:35:57,413][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/opensearch-security/internal_users.yml has insecure file permissions (should be 0600)
[2024-02-22T16:35:57,418][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/performance-analyzer-rca/bin/performance-analyzer-agent has insecure file permissions (should be 0600)
[2024-02-22T16:35:57,420][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/performance-analyzer-rca/bin/performance-analyzer-rca has insecure file permissions (should be 0600)
[2024-02-22T16:35:57,420][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/bin/opensearch-env-from-file has insecure file permissions (should be 0600)
[2024-02-22T16:35:57,421][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/bin/opensearch-upgrade has insecure file permissions (should be 0600)
[2024-02-22T16:35:57,422][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/bin/opensearch-cli has insecure file permissions (should be 0600)
[2024-02-22T16:35:57,426][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/bin/opensearch-keystore has insecure file permissions (should be 0600)
[2024-02-22T16:35:57,428][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/bin/opensearch-performance-analyzer/performance-analyzer-agent has insecure file permissions (should be 0600)
[2024-02-22T16:35:57,435][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/bin/opensearch-performance-analyzer/performance-analyzer-agent-cli has insecure file permissions (should be 0600)
[2024-02-22T16:35:57,435][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/bin/opensearch-plugin has insecure file permissions (should be 0600)
[2024-02-22T16:35:57,439][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/bin/opensearch-node has insecure file permissions (should be 0600)
[2024-02-22T16:35:57,446][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/bin/opensearch-shard has insecure file permissions (should be 0600)
[2024-02-22T16:35:57,447][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/bin/opensearch has insecure file permissions (should be 0600)
[2024-02-22T16:35:57,448][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/bin/opensearch-env has insecure file permissions (should be 0600)
[2024-02-22T16:36:15,650][INFO ][o.o.p.c.c.PluginSettings ] [wazuh.indexer] Trying to create directory /dev/shm/performanceanalyzer/.
[2024-02-22T16:36:15,658][INFO ][o.o.p.c.c.PluginSettings ] [wazuh.indexer] Config: metricsLocation: /dev/shm/performanceanalyzer/, metricsDeletionInterval: 1, httpsEnabled: false, cleanup-metrics-db-files: true, batch-metrics-retention-period-minutes: 7, rpc-port: 9650, webservice-port 9600
[2024-02-22T16:36:18,146][INFO ][o.o.i.r.ReindexPlugin ] [wazuh.indexer] ReindexPlugin reloadSPI called
[2024-02-22T16:36:18,153][INFO ][o.o.i.r.ReindexPlugin ] [wazuh.indexer] Unable to find any implementation for RemoteReindexExtension
[2024-02-22T16:36:18,433][INFO ][o.o.j.JobSchedulerPlugin ] [wazuh.indexer] Loaded scheduler extension: reports-scheduler, index: .opendistro-reports-definitions
[2024-02-22T16:36:18,448][INFO ][o.o.j.JobSchedulerPlugin ] [wazuh.indexer] Loaded scheduler extension: opendistro_anomaly_detector, index: .opendistro-anomaly-detector-jobs
[2024-02-22T16:36:18,450][INFO ][o.o.j.JobSchedulerPlugin ] [wazuh.indexer] Loaded scheduler extension: opendistro-index-management, index: .opendistro-ism-config
[2024-02-22T16:36:18,453][INFO ][o.o.j.JobSchedulerPlugin ] [wazuh.indexer] Loaded scheduler extension: scheduler_geospatial_ip2geo_datasource, index: .scheduler-geospatial-ip2geo-datasource
[2024-02-22T16:36:18,476][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded module [aggs-matrix-stats]
[2024-02-22T16:36:18,486][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded module [analysis-common]
[2024-02-22T16:36:18,486][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded module [geo]
[2024-02-22T16:36:18,487][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded module [ingest-common]
[2024-02-22T16:36:18,487][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded module [ingest-geoip]
[2024-02-22T16:36:18,487][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded module [ingest-user-agent]
[2024-02-22T16:36:18,487][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded module [lang-expression]
[2024-02-22T16:36:18,488][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded module [lang-mustache]
[2024-02-22T16:36:18,488][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded module [lang-painless]
[2024-02-22T16:36:18,489][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded module [mapper-extras]
[2024-02-22T16:36:18,498][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded module [opensearch-dashboards]
[2024-02-22T16:36:18,498][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded module [parent-join]
[2024-02-22T16:36:18,499][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded module [percolator]
[2024-02-22T16:36:18,499][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded module [rank-eval]
[2024-02-22T16:36:18,499][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded module [reindex]
[2024-02-22T16:36:18,500][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded module [repository-url]
[2024-02-22T16:36:18,500][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded module [search-pipeline-common]
[2024-02-22T16:36:18,501][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded module [systemd]
[2024-02-22T16:36:18,501][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded module [transport-netty4]
[2024-02-22T16:36:18,502][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded plugin [opensearch-alerting]
[2024-02-22T16:36:18,510][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded plugin [opensearch-anomaly-detection]
[2024-02-22T16:36:18,510][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded plugin [opensearch-asynchronous-search]
[2024-02-22T16:36:18,511][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded plugin [opensearch-cross-cluster-replication]
[2024-02-22T16:36:18,511][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded plugin [opensearch-custom-codecs]
[2024-02-22T16:36:18,511][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded plugin [opensearch-geospatial]
[2024-02-22T16:36:18,512][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded plugin [opensearch-index-management]
[2024-02-22T16:36:18,512][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded plugin [opensearch-job-scheduler]
[2024-02-22T16:36:18,513][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded plugin [opensearch-knn]
[2024-02-22T16:36:18,513][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded plugin [opensearch-ml]
[2024-02-22T16:36:18,515][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded plugin [opensearch-neural-search]
[2024-02-22T16:36:18,516][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded plugin [opensearch-notifications]
[2024-02-22T16:36:18,516][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded plugin [opensearch-notifications-core]
[2024-02-22T16:36:18,517][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded plugin [opensearch-observability]
[2024-02-22T16:36:18,517][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded plugin [opensearch-performance-analyzer]
[2024-02-22T16:36:18,518][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded plugin [opensearch-reports-scheduler]
[2024-02-22T16:36:18,518][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded plugin [opensearch-security]
[2024-02-22T16:36:18,519][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded plugin [opensearch-security-analytics]
[2024-02-22T16:36:18,530][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded plugin [opensearch-sql]
[2024-02-22T16:36:18,776][INFO ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] Disabled https compression by default to mitigate BREACH attacks. You can enable it by setting 'http.compression: true' in opensearch.yml
[2024-02-22T16:36:18,803][INFO ][o.o.e.ExtensionsManager ] [wazuh.indexer] ExtensionsManager initialized
[2024-02-22T16:36:18,911][INFO ][o.o.e.NodeEnvironment ] [wazuh.indexer] using [1] data paths, mounts [[/var/lib/wazuh-indexer (/dev/root)]], net usable_space [30.8gb], net total_space [57.9gb], types [ext4]
[2024-02-22T16:36:18,914][INFO ][o.o.e.NodeEnvironment ] [wazuh.indexer] heap size [1gb], compressed ordinary object pointers [true]
[2024-02-22T16:36:19,469][INFO ][o.o.n.Node ] [wazuh.indexer] node name [wazuh.indexer], node ID [vtyMB1BsQ2Sw-IrYWAn5Mg], cluster name [opensearch], roles [ingest, remote_cluster_client, data, cluster_manager]
[2024-02-22T16:36:34,427][INFO ][o.o.n.p.NeuralSearch ] [wazuh.indexer] Registering hybrid query phase searcher with feature flag [plugins.neural_search.hybrid_search_disabled]
[2024-02-22T16:36:35,498][WARN ][o.o.s.c.Salt ] [wazuh.indexer] If you plan to use field masking pls configure compliance salt e1ukloTsQlOgPquJ to be a random string of 16 chars length identical on all nodes
[2024-02-22T16:36:35,632][ERROR][o.o.s.a.s.SinkProvider ] [wazuh.indexer] Default endpoint could not be created, auditlog will not work properly.
[2024-02-22T16:36:35,636][WARN ][o.o.s.a.r.AuditMessageRouter] [wazuh.indexer] No default storage available, audit log may not work properly. Please check configuration.
[2024-02-22T16:36:35,646][INFO ][o.o.s.a.i.AuditLogImpl ] [wazuh.indexer] Message routing enabled: false
[2024-02-22T16:36:35,810][INFO ][o.o.s.f.SecurityFilter ] [wazuh.indexer] <NONE> indices are made immutable.
[2024-02-22T16:36:36,984][INFO ][o.o.a.b.ADCircuitBreakerService] [wazuh.indexer] Registered memory breaker.
[2024-02-22T16:36:38,605][INFO ][o.o.m.b.MLCircuitBreakerService] [wazuh.indexer] Registered ML memory breaker.
[2024-02-22T16:36:38,610][INFO ][o.o.m.b.MLCircuitBreakerService] [wazuh.indexer] Registered ML disk breaker.
[2024-02-22T16:36:38,611][INFO ][o.o.m.b.MLCircuitBreakerService] [wazuh.indexer] Registered ML native memory breaker.
[2024-02-22T16:36:39,210][INFO ][o.r.Reflections ] [wazuh.indexer] Reflections took 217 ms to scan 1 urls, producing 17 keys and 43 values
[2024-02-22T16:36:39,528][WARN ][o.o.s.p.SQLPlugin ] [wazuh.indexer] Master key is a required config for using create and update datasource APIs. Please set plugins.query.datasources.encryption.masterkey config in opensearch.yml in all the cluster nodes. More details can be found here: https://github.com/opensearch-project/sql/blob/main/docs/user/ppl/admin/datasources.rst#master-key-config-for-encrypting-credential-information
[2024-02-22T16:36:42,602][INFO ][o.o.t.NettyAllocator ] [wazuh.indexer] creating NettyAllocator with the following configs: [name=unpooled, suggested_max_allocation_size=256kb, factors={opensearch.unsafe.use_unpooled_allocator=null, g1gc_enabled=true, g1gc_region_size=1mb, heap_size=1gb}]
[2024-02-22T16:36:43,178][INFO ][o.o.d.DiscoveryModule ] [wazuh.indexer] using discovery type [single-node] and seed hosts providers [settings]
[2024-02-22T16:36:45,739][WARN ][o.o.g.DanglingIndicesState] [wazuh.indexer] gateway.auto_import_dangling_indices is disabled, dangling indices will not be automatically detected or imported and must be managed manually
[2024-02-22T16:36:47,828][INFO ][o.o.p.h.c.PerformanceAnalyzerConfigAction] [wazuh.indexer] PerformanceAnalyzer Enabled: false
[2024-02-22T16:36:48,106][INFO ][o.o.n.Node ] [wazuh.indexer] initialized
[2024-02-22T16:36:48,106][INFO ][o.o.n.Node ] [wazuh.indexer] starting ...
[2024-02-22T16:36:48,277][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [windows_logtype.json] log type
[2024-02-22T16:36:48,279][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [vpcflow_logtype.json] log type
[2024-02-22T16:36:48,280][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [test_windows_logtype.json] log type
[2024-02-22T16:36:48,290][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [s3_logtype.json] log type
[2024-02-22T16:36:48,292][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [others_web_logtype.json] log type
[2024-02-22T16:36:48,293][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [others_proxy_logtype.json] log type
[2024-02-22T16:36:48,294][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [others_macos_logtype.json] log type
[2024-02-22T16:36:48,295][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [others_compliance_logtype.json] log type
[2024-02-22T16:36:48,297][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [others_cloud_logtype.json] log type
[2024-02-22T16:36:48,298][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [others_apt_logtype.json] log type
[2024-02-22T16:36:48,299][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [others_application_logtype.json] log type
[2024-02-22T16:36:48,312][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [okta_logtype.json] log type
[2024-02-22T16:36:48,329][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [network_logtype.json] log type
[2024-02-22T16:36:48,331][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [netflow_logtype.json] log type
[2024-02-22T16:36:48,332][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [m365_logtype.json] log type
[2024-02-22T16:36:48,333][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [linux_logtype.json] log type
[2024-02-22T16:36:48,334][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [gworkspace_logtype.json] log type
[2024-02-22T16:36:48,338][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [github_logtype.json] log type
[2024-02-22T16:36:48,343][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [dns_logtype.json] log type
[2024-02-22T16:36:48,344][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [cloudtrail_logtype.json] log type
[2024-02-22T16:36:48,351][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [azure_logtype.json] log type
[2024-02-22T16:36:48,352][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [apache_access_logtype.json] log type
[2024-02-22T16:36:48,355][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [ad_ldap_logtype.json] log type
[2024-02-22T16:36:49,198][INFO ][o.o.t.TransportService ] [wazuh.indexer] publish_address {172.22.0.2:9300}, bound_addresses {0.0.0.0:9300}
[2024-02-22T16:36:49,211][INFO ][o.o.t.TransportService ] [wazuh.indexer] Remote clusters initialized successfully.
[2024-02-22T16:36:51,228][INFO ][o.o.c.c.Coordinator ] [wazuh.indexer] cluster UUID [mBrUe6ThQGyrCGeUut1DGg]
[2024-02-22T16:36:51,625][INFO ][o.o.c.s.MasterService ] [wazuh.indexer] elected-as-cluster-manager ([1] nodes joined)[{wazuh.indexer}{vtyMB1BsQ2Sw-IrYWAn5Mg}{kKNIs7WnRY2fqY8vaj_jBg}{172.22.0.2}{172.22.0.2:9300}{dimr}{shard_indexing_pressure_enabled=true} elect leader, _BECOME_CLUSTER_MANAGER_TASK_, _FINISH_ELECTION_], term: 2, version: 35, delta: cluster-manager node changed {previous [], current [{wazuh.indexer}{vtyMB1BsQ2Sw-IrYWAn5Mg}{kKNIs7WnRY2fqY8vaj_jBg}{172.22.0.2}{172.22.0.2:9300}{dimr}{shard_indexing_pressure_enabled=true}]}
[2024-02-22T16:36:52,110][INFO ][o.o.c.s.ClusterApplierService] [wazuh.indexer] cluster-manager node changed {previous [], current [{wazuh.indexer}{vtyMB1BsQ2Sw-IrYWAn5Mg}{kKNIs7WnRY2fqY8vaj_jBg}{172.22.0.2}{172.22.0.2:9300}{dimr}{shard_indexing_pressure_enabled=true}]}, term: 2, version: 35, reason: Publication{term=2, version=35}
[2024-02-22T16:36:52,123][INFO ][o.o.a.c.ADClusterEventListener] [wazuh.indexer] Cluster is not recovered yet.
[2024-02-22T16:36:52,148][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-02-22T16:36:52,249][INFO ][o.o.i.i.ManagedIndexCoordinator] [wazuh.indexer] Cache cluster manager node onClusterManager time: 1708619812238
[2024-02-22T16:36:52,296][WARN ][o.o.p.c.s.h.ConfigOverridesClusterSettingHandler] [wazuh.indexer] Config override setting update called with empty string. Ignoring.
[2024-02-22T16:36:52,360][INFO ][o.o.d.PeerFinder ] [wazuh.indexer] setting findPeersInterval to [1s] as node commission status = [true] for local node [{wazuh.indexer}{vtyMB1BsQ2Sw-IrYWAn5Mg}{kKNIs7WnRY2fqY8vaj_jBg}{172.22.0.2}{172.22.0.2:9300}{dimr}{shard_indexing_pressure_enabled=true}]
[2024-02-22T16:36:52,463][INFO ][o.o.h.AbstractHttpServerTransport] [wazuh.indexer] publish_address {172.22.0.2:9200}, bound_addresses {0.0.0.0:9200}
[2024-02-22T16:36:52,464][INFO ][o.o.n.Node ] [wazuh.indexer] started
[2024-02-22T16:36:52,478][INFO ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] Node started
[2024-02-22T16:36:52,498][INFO ][o.o.s.c.ConfigurationRepository] [wazuh.indexer] Will attempt to create index .opendistro_security and default configs if they are absent
[2024-02-22T16:36:52,513][INFO ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] 0 OpenSearch Security modules loaded so far: []
[2024-02-22T16:36:52,529][INFO ][o.o.s.c.ConfigurationRepository] [wazuh.indexer] Background init thread started. Install default config?: true
[2024-02-22T16:36:52,530][INFO ][o.o.s.c.ConfigurationRepository] [wazuh.indexer] Wait for cluster to be available ...
[2024-02-22T16:36:52,632][INFO ][o.o.c.s.ClusterSettings ] [wazuh.indexer] updating [plugins.index_state_management.template_migration.control] from [0] to [-1]
[2024-02-22T16:36:52,774][INFO ][o.o.a.c.HashRing ] [wazuh.indexer] Node added: [vtyMB1BsQ2Sw-IrYWAn5Mg]
[2024-02-22T16:36:52,778][INFO ][o.o.a.c.HashRing ] [wazuh.indexer] Add data node to AD version hash ring: vtyMB1BsQ2Sw-IrYWAn5Mg
[2024-02-22T16:36:52,783][INFO ][o.o.a.c.HashRing ] [wazuh.indexer] All nodes with known AD version: {vtyMB1BsQ2Sw-IrYWAn5Mg=ADNodeInfo{version=2.10.0, isEligibleDataNode=true}}
[2024-02-22T16:36:52,784][INFO ][o.o.a.c.HashRing ] [wazuh.indexer] Rebuild AD hash ring for realtime AD with cooldown, nodeChangeEvents size 0
[2024-02-22T16:36:52,790][INFO ][o.o.a.c.HashRing ] [wazuh.indexer] Build AD version hash ring successfully
[2024-02-22T16:36:52,783][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-02-22T16:36:52,798][INFO ][o.o.a.c.ADDataMigrator ] [wazuh.indexer] Start migrating AD data
[2024-02-22T16:36:52,798][INFO ][o.o.a.c.ADDataMigrator ] [wazuh.indexer] AD job index doesn't exist, no need to migrate
[2024-02-22T16:36:52,799][INFO ][o.o.a.c.ADClusterEventListener] [wazuh.indexer] Init AD version hash ring successfully
[2024-02-22T16:36:52,875][INFO ][o.o.g.GatewayService ] [wazuh.indexer] recovered [5] indices into cluster_state
[2024-02-22T16:36:52,954][INFO ][o.o.p.PluginsService ] [wazuh.indexer] PluginService:onIndexModule index:[.opensearch-sap-log-types-config/gWSyptPQTDuM1pTo0rzX7A]
[2024-02-22T16:36:53,337][INFO ][o.o.c.m.MetadataCreateIndexService] [wazuh.indexer] [.opensearch-sap-log-types-config] creating index, cause [auto(sap-logtype api)], templates [], shards [1]/[1]
[2024-02-22T16:36:53,366][INFO ][o.o.c.r.a.AllocationService] [wazuh.indexer] updating number_of_replicas to [0] for indices [.opensearch-sap-log-types-config]
[2024-02-22T16:36:53,666][ERROR][o.o.s.a.BackendRegistry ] [wazuh.indexer] Not yet initialized (you may need to run securityadmin)
[2024-02-22T16:36:53,784][ERROR][o.o.s.a.BackendRegistry ] [wazuh.indexer] Not yet initialized (you may need to run securityadmin)
[2024-02-22T16:36:53,802][ERROR][o.o.s.a.BackendRegistry ] [wazuh.indexer] Not yet initialized (you may need to run securityadmin)
[2024-02-22T16:36:53,824][INFO ][o.o.p.PluginsService ] [wazuh.indexer] PluginService:onIndexModule index:[wazuh-monitoring-2024.8w/n1nbnI57Rdebdnoyp_KYLg]
[2024-02-22T16:36:53,835][ERROR][o.o.s.a.BackendRegistry ] [wazuh.indexer] Not yet initialized (you may need to run securityadmin)
[2024-02-22T16:36:53,868][INFO ][o.o.p.PluginsService ] [wazuh.indexer] PluginService:onIndexModule index:[.opendistro_security/6a7hn_J3TgiA5T3AmJG6qA]
[2024-02-22T16:36:53,922][INFO ][o.o.p.PluginsService ] [wazuh.indexer] PluginService:onIndexModule index:[wazuh-alerts-4.x-2024.02.22/3zaqmIRWRIGpbny2vks7tQ]
[2024-02-22T16:36:54,231][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-02-22T16:36:54,251][WARN ][o.o.o.i.ObservabilityIndex] [wazuh.indexer] message: index [.opensearch-observability/f1PxsLZLQm-QP22X-X6Axg] already exists
[2024-02-22T16:36:54,253][INFO ][o.o.o.i.ObservabilityIntegrationsIndex] [wazuh.indexer] observability:createMappingTemplate ss4o_metrics_template API called
[2024-02-22T16:36:54,267][INFO ][o.o.s.l.LogTypeService ] [wazuh.indexer] Loading builtin types!
[2024-02-22T16:36:54,279][INFO ][o.o.s.l.LogTypeService ] [wazuh.indexer] Indexing [418] fieldMappingDocs from logTypes: 23
[2024-02-22T16:36:54,498][INFO ][o.o.s.l.LogTypeService ] [wazuh.indexer] Loading builtin types!
[2024-02-22T16:36:54,502][INFO ][o.o.s.l.LogTypeService ] [wazuh.indexer] Indexing [418] fieldMappingDocs from logTypes: 23
[2024-02-22T16:36:54,519][INFO ][o.o.s.c.ConfigurationRepository] [wazuh.indexer] Index .opendistro_security already exists
[2024-02-22T16:36:54,520][INFO ][o.o.s.c.ConfigurationRepository] [wazuh.indexer] Node started, try to initialize it. Wait for at least yellow cluster state....
[2024-02-22T16:36:54,638][ERROR][o.o.b.OpenSearchUncaughtExceptionHandler] [wazuh.indexer] uncaught exception in thread [main]
org.opensearch.bootstrap.StartupException: java.lang.IllegalArgumentException: index template [ss4o_metrics_template] has index patterns [ss4o_metrics-*-*] matching patterns from existing templates [ss4o_metric_template] with patterns (ss4o_metric_template => [ss4o_metrics-*-*]) that have the same priority [1], multiple index templates may not match during index creation, please use a different priority
at org.opensearch.bootstrap.OpenSearch.init(OpenSearch.java:184) ~[opensearch-2.10.0.jar:2.10.0]
at org.opensearch.bootstrap.OpenSearch.execute(OpenSearch.java:171) ~[opensearch-2.10.0.jar:2.10.0]
at org.opensearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:104) ~[opensearch-2.10.0.jar:2.10.0]
at org.opensearch.cli.Command.mainWithoutErrorHandling(Command.java:138) ~[opensearch-cli-2.10.0.jar:2.10.0]
at org.opensearch.cli.Command.main(Command.java:101) ~[opensearch-cli-2.10.0.jar:2.10.0]
at org.opensearch.bootstrap.OpenSearch.main(OpenSearch.java:137) ~[opensearch-2.10.0.jar:2.10.0]
at org.opensearch.bootstrap.OpenSearch.main(OpenSearch.java:103) ~[opensearch-2.10.0.jar:2.10.0]
Caused by: java.lang.IllegalArgumentException: index template [ss4o_metrics_template] has index patterns [ss4o_metrics-*-*] matching patterns from existing templates [ss4o_metric_template] with patterns (ss4o_metric_template => [ss4o_metrics-*-*]) that have the same priority [1], multiple index templates may not match during index creation, please use a different priority
at org.opensearch.cluster.metadata.MetadataIndexTemplateService.addIndexTemplateV2(MetadataIndexTemplateService.java:560) ~[opensearch-2.10.0.jar:2.10.0]
at org.opensearch.cluster.metadata.MetadataIndexTemplateService$4.execute(MetadataIndexTemplateService.java:493) ~[opensearch-2.10.0.jar:2.10.0]
at org.opensearch.cluster.ClusterStateUpdateTask.execute(ClusterStateUpdateTask.java:65) ~[opensearch-2.10.0.jar:2.10.0]
at org.opensearch.cluster.service.MasterService.executeTasks(MasterService.java:874) ~[opensearch-2.10.0.jar:2.10.0]
at org.opensearch.cluster.service.MasterService.calculateTaskOutputs(MasterService.java:424) ~[opensearch-2.10.0.jar:2.10.0]
at org.opensearch.cluster.service.MasterService.runTasks(MasterService.java:295) ~[opensearch-2.10.0.jar:2.10.0]
at org.opensearch.cluster.service.MasterService$Batcher.run(MasterService.java:206) ~[opensearch-2.10.0.jar:2.10.0]
at org.opensearch.cluster.service.TaskBatcher.runIfNotProcessed(TaskBatcher.java:204) ~[opensearch-2.10.0.jar:2.10.0]
at org.opensearch.cluster.service.TaskBatcher$BatchedTask.run(TaskBatcher.java:242) ~[opensearch-2.10.0.jar:2.10.0]
at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:849) ~[opensearch-2.10.0.jar:2.10.0]
at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedOpenSearchThreadPoolExecutor.java:282) ~[opensearch-2.10.0.jar:2.10.0]
at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedOpenSearchThreadPoolExecutor.java:245) ~[opensearch-2.10.0.jar:2.10.0]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) ~[?:?]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) ~[?:?]
at java.lang.Thread.run(Thread.java:833) [?:?]
uncaught exception in thread [main]
java.lang.IllegalArgumentException: index template [ss4o_metrics_template] has index patterns [ss4o_metrics-*-*] matching patterns from existing templates [ss4o_metric_template] with patterns (ss4o_metric_template => [ss4o_metrics-*-*]) that have the same priority [1], multiple index templates may not match during index creation, please use a different priority
at org.opensearch.cluster.metadata.MetadataIndexTemplateService.addIndexTemplateV2(MetadataIndexTemplateService.java:560)
at org.opensearch.cluster.metadata.MetadataIndexTemplateService$4.execute(MetadataIndexTemplateService.java:493)
at org.opensearch.cluster.ClusterStateUpdateTask.execute(ClusterStateUpdateTask.java:65)
at org.opensearch.cluster.service.MasterService.executeTasks(MasterService.java:874)
at org.opensearch.cluster.service.MasterService.calculateTaskOutputs(MasterService.java:424)
at org.opensearch.cluster.service.MasterService.runTasks(MasterService.java:295)
at org.opensearch.cluster.service.MasterService$Batcher.run(MasterService.java:206)
at org.opensearch.cluster.service.TaskBatcher.runIfNotProcessed(TaskBatcher.java:204)
at org.opensearch.cluster.service.TaskBatcher$BatchedTask.run(TaskBatcher.java:242)
at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:849)
at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedOpenSearchThreadPoolExecutor.java:282)
at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedOpenSearchThreadPoolExecutor.java:245)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
at java.base/java.lang.Thread.run(Thread.java:833)
For complete error details, refer to the log at /var/log/wazuh-indexer/opensearch.log
[2024-02-22T16:36:54,876][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-02-22T16:36:55,022][ERROR][o.o.s.a.BackendRegistry ] [wazuh.indexer] Not yet initialized (you may need to run securityadmin)
[2024-02-22T16:36:55,040][ERROR][o.o.s.a.BackendRegistry ] [wazuh.indexer] Not yet initialized (you may need to run securityadmin)
[2024-02-22T16:36:55,055][ERROR][o.o.s.a.BackendRegistry ] [wazuh.indexer] Not yet initialized (you may need to run securityadmin)
[2024-02-22T16:36:55,058][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-02-22T16:36:55,091][ERROR][o.o.s.a.BackendRegistry ] [wazuh.indexer] Not yet initialized (you may need to run securityadmin)
[2024-02-22T16:36:55,350][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-02-22T16:36:55,397][INFO ][o.o.s.s.ConfigHelper ] [wazuh.indexer] Will update 'config' with /usr/share/wazuh-indexer/opensearch-security/config.yml and populate it with empty doc if file missing and populateEmptyIfFileMissing=false
[2024-02-22T16:36:55,508][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-02-22T16:36:55,630][INFO ][o.o.s.s.ConfigHelper ] [wazuh.indexer] Index .opendistro_security already contains doc with id config, skipping update.
[2024-02-22T16:36:55,635][INFO ][o.o.s.s.ConfigHelper ] [wazuh.indexer] Will update 'roles' with /usr/share/wazuh-indexer/opensearch-security/roles.yml and populate it with empty doc if file missing and populateEmptyIfFileMissing=false
[2024-02-22T16:36:55,640][INFO ][o.o.p.PluginsService ] [wazuh.indexer] PluginService:onIndexModule index:[.opensearch-sap-log-types-config/gWSyptPQTDuM1pTo0rzX7A]
[2024-02-22T16:36:55,666][INFO ][o.o.s.s.ConfigHelper ] [wazuh.indexer] Index .opendistro_security already contains doc with id roles, skipping update.
[2024-02-22T16:36:55,669][INFO ][o.o.s.s.ConfigHelper ] [wazuh.indexer] Will update 'rolesmapping' with /usr/share/wazuh-indexer/opensearch-security/roles_mapping.yml and populate it with empty doc if file missing and populateEmptyIfFileMissing=false
[2024-02-22T16:36:55,691][INFO ][o.o.s.s.ConfigHelper ] [wazuh.indexer] Index .opendistro_security already contains doc with id rolesmapping, skipping update.
[2024-02-22T16:36:55,693][INFO ][o.o.s.s.ConfigHelper ] [wazuh.indexer] Will update 'internalusers' with /usr/share/wazuh-indexer/opensearch-security/internal_users.yml and populate it with empty doc if file missing and populateEmptyIfFileMissing=false
[2024-02-22T16:36:55,699][INFO ][o.o.p.PluginsService ] [wazuh.indexer] PluginService:onIndexModule index:[.kibana_1/pSfUHkNFQgCssrb11hzJMQ]
[2024-02-22T16:36:55,739][INFO ][o.o.s.s.ConfigHelper ] [wazuh.indexer] Index .opendistro_security already contains doc with id internalusers, skipping update.
[2024-02-22T16:36:55,740][INFO ][o.o.s.s.ConfigHelper ] [wazuh.indexer] Will update 'actiongroups' with /usr/share/wazuh-indexer/opensearch-security/action_groups.yml and populate it with empty doc if file missing and populateEmptyIfFileMissing=false
[2024-02-22T16:36:55,750][INFO ][o.o.s.s.ConfigHelper ] [wazuh.indexer] Index .opendistro_security already contains doc with id actiongroups, skipping update.
[2024-02-22T16:36:55,756][INFO ][o.o.s.s.ConfigHelper ] [wazuh.indexer] Will update 'tenants' with /usr/share/wazuh-indexer/opensearch-security/tenants.yml and populate it with empty doc if file missing and populateEmptyIfFileMissing=false
[2024-02-22T16:36:55,764][INFO ][o.o.p.PluginsService ] [wazuh.indexer] PluginService:onIndexModule index:[.opensearch-observability/f1PxsLZLQm-QP22X-X6Axg]
[2024-02-22T16:36:55,770][INFO ][o.o.s.s.ConfigHelper ] [wazuh.indexer] Index .opendistro_security already contains doc with id tenants, skipping update.
[2024-02-22T16:36:55,782][INFO ][o.o.s.s.ConfigHelper ] [wazuh.indexer] Will update 'nodesdn' with /usr/share/wazuh-indexer/opensearch-security/nodes_dn.yml and populate it with empty doc if file missing and populateEmptyIfFileMissing=true
[2024-02-22T16:36:55,786][INFO ][o.o.s.s.ConfigHelper ] [wazuh.indexer] Index .opendistro_security already contains doc with id nodesdn, skipping update.
[2024-02-22T16:36:55,793][INFO ][o.o.s.s.ConfigHelper ] [wazuh.indexer] Will update 'whitelist' with /usr/share/wazuh-indexer/opensearch-security/whitelist.yml and populate it with empty doc if file missing and populateEmptyIfFileMissing=true
[2024-02-22T16:36:55,803][INFO ][o.o.s.s.ConfigHelper ] [wazuh.indexer] Index .opendistro_security already contains doc with id whitelist, skipping update.
[2024-02-22T16:36:55,830][INFO ][o.o.s.s.ConfigHelper ] [wazuh.indexer] Will update 'allowlist' with /usr/share/wazuh-indexer/opensearch-security/allowlist.yml and populate it with empty doc if file missing and populateEmptyIfFileMissing=true
[2024-02-22T16:36:55,845][INFO ][o.o.s.s.ConfigHelper ] [wazuh.indexer] Index .opendistro_security already contains doc with id allowlist, skipping update.
[2024-02-22T16:36:55,850][INFO ][o.o.s.s.ConfigHelper ] [wazuh.indexer] Will update 'audit' with /usr/share/wazuh-indexer/opensearch-security/audit.yml and populate it with empty doc if file missing and populateEmptyIfFileMissing=false
[2024-02-22T16:36:55,859][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-02-22T16:36:55,974][INFO ][o.o.s.s.ConfigHelper ] [wazuh.indexer] Index .opendistro_security already contains doc with id audit, skipping update.
[2024-02-22T16:36:55,991][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-02-22T16:36:56,144][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-02-22T16:36:56,149][INFO ][o.o.s.l.LogTypeService ] [wazuh.indexer] Loading builtin types!
[2024-02-22T16:36:56,151][INFO ][o.o.s.l.LogTypeService ] [wazuh.indexer] Indexing [418] fieldMappingDocs from logTypes: 23
[2024-02-22T16:36:56,482][INFO ][o.o.s.l.LogTypeService ] [wazuh.indexer] Indexing [418] fieldMappingDocs
[2024-02-22T16:36:56,634][INFO ][o.o.p.PluginsService ] [wazuh.indexer] PluginService:onIndexModule index:[.opensearch-sap-log-types-config/gWSyptPQTDuM1pTo0rzX7A]
[2024-02-22T16:36:56,661][INFO ][o.o.c.m.MetadataMappingService] [wazuh.indexer] [.opensearch-sap-log-types-config/gWSyptPQTDuM1pTo0rzX7A] update_mapping [_doc]
[2024-02-22T16:36:56,817][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-02-22T16:36:56,938][INFO ][o.o.p.PluginsService ] [wazuh.indexer] PluginService:onIndexModule index:[.opensearch-sap-log-types-config/gWSyptPQTDuM1pTo0rzX7A]
[2024-02-22T16:36:56,975][INFO ][o.o.c.m.MetadataMappingService] [wazuh.indexer] [.opensearch-sap-log-types-config/gWSyptPQTDuM1pTo0rzX7A] update_mapping [_doc]
[2024-02-22T16:36:57,015][ERROR][o.o.s.a.BackendRegistry ] [wazuh.indexer] Not yet initialized (you may need to run securityadmin)
[2024-02-22T16:36:57,035][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-02-22T16:36:57,050][INFO ][o.o.c.r.a.AllocationService] [wazuh.indexer] Cluster health status changed from [RED] to [GREEN] (reason: [shards started [[.kibana_1][0]]]).
[2024-02-22T16:36:57,079][INFO ][stdout ] [wazuh.indexer] [FINE] No subscribers registered for event class org.opensearch.security.securityconf.DynamicConfigFactory$NodesDnModelImpl
[2024-02-22T16:36:57,081][INFO ][stdout ] [wazuh.indexer] [FINE] No subscribers registered for event class org.greenrobot.eventbus.NoSubscriberEvent
[2024-02-22T16:36:57,081][INFO ][o.o.s.a.i.AuditLogImpl ] [wazuh.indexer] Auditing on REST API is enabled.
[2024-02-22T16:36:57,086][INFO ][o.o.s.a.i.AuditLogImpl ] [wazuh.indexer] [AUTHENTICATED, GRANTED_PRIVILEGES] are excluded from REST API auditing.
[2024-02-22T16:36:57,088][INFO ][o.o.s.a.i.AuditLogImpl ] [wazuh.indexer] Auditing on Transport API is enabled.
[2024-02-22T16:36:57,090][INFO ][o.o.s.a.i.AuditLogImpl ] [wazuh.indexer] [AUTHENTICATED, GRANTED_PRIVILEGES] are excluded from Transport API auditing.
[2024-02-22T16:36:57,093][INFO ][o.o.s.a.i.AuditLogImpl ] [wazuh.indexer] Auditing of request body is enabled.
[2024-02-22T16:36:57,094][INFO ][o.o.s.a.i.AuditLogImpl ] [wazuh.indexer] Bulk requests resolution is disabled during request auditing.
[2024-02-22T16:36:57,095][INFO ][o.o.s.a.i.AuditLogImpl ] [wazuh.indexer] Index resolution is enabled during request auditing.
[2024-02-22T16:36:57,096][INFO ][o.o.s.a.i.AuditLogImpl ] [wazuh.indexer] Sensitive headers auditing is enabled.
[2024-02-22T16:36:57,097][INFO ][o.o.s.a.i.AuditLogImpl ] [wazuh.indexer] Auditing requests from kibanaserver users is disabled.
[2024-02-22T16:36:57,099][INFO ][o.o.s.a.i.AuditLogImpl ] [wazuh.indexer] Auditing of external configuration is disabled.
[2024-02-22T16:36:57,101][INFO ][o.o.s.a.i.AuditLogImpl ] [wazuh.indexer] Auditing of internal configuration is enabled.
[2024-02-22T16:36:57,102][INFO ][o.o.s.a.i.AuditLogImpl ] [wazuh.indexer] Auditing only metadata information for read request is enabled.
[2024-02-22T16:36:57,104][INFO ][o.o.s.a.i.AuditLogImpl ] [wazuh.indexer] Auditing will watch {} for read requests.
[2024-02-22T16:36:57,107][INFO ][o.o.s.a.i.AuditLogImpl ] [wazuh.indexer] Auditing read operation requests from kibanaserver users is disabled.
[2024-02-22T16:36:57,107][INFO ][o.o.s.a.i.AuditLogImpl ] [wazuh.indexer] Auditing only metadata information for write request is enabled.
[2024-02-22T16:36:57,109][INFO ][o.o.s.a.i.AuditLogImpl ] [wazuh.indexer] Auditing diffs for write requests is disabled.
[2024-02-22T16:36:57,110][INFO ][o.o.s.a.i.AuditLogImpl ] [wazuh.indexer] Auditing write operation requests from kibanaserver users is disabled.
[2024-02-22T16:36:57,110][INFO ][o.o.s.a.i.AuditLogImpl ] [wazuh.indexer] Auditing will watch <NONE> for write requests.
[2024-02-22T16:36:57,111][INFO ][o.o.s.a.i.AuditLogImpl ] [wazuh.indexer] .opendistro_security is used as internal security index.
[2024-02-22T16:36:57,111][INFO ][o.o.s.a.i.AuditLogImpl ] [wazuh.indexer] Internal index used for posting audit logs is null
[2024-02-22T16:36:57,112][INFO ][o.o.s.c.ConfigurationRepository] [wazuh.indexer] Hot-reloading of audit configuration is enabled
[2024-02-22T16:36:57,115][INFO ][o.o.s.c.ConfigurationRepository] [wazuh.indexer] Node 'wazuh.indexer' initialized
[2024-02-22T16:36:57,393][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-02-22T16:36:57,977][INFO ][o.o.s.l.LogTypeService ] [wazuh.indexer] Loaded [418] field mapping docs successfully!
[2024-02-22T16:36:58,084][INFO ][o.o.s.l.LogTypeService ] [wazuh.indexer] Indexing [22] customLogTypes
[2024-02-22T16:36:58,232][INFO ][o.o.s.l.LogTypeService ] [wazuh.indexer] Loaded [22] customLogType docs successfully!
[2024-02-22T16:36:58,241][INFO ][o.o.s.SecurityAnalyticsPlugin] [wazuh.indexer] LogType config index successfully created and builtin log types loaded
[2024-02-22T16:36:59,358][INFO ][o.o.p.PluginsService ] [wazuh.indexer] PluginService:onIndexModule index:[.kibana_2/xa6VNEUuTIqweky_0mz2zw]
[2024-02-22T16:36:59,396][INFO ][o.o.c.m.MetadataCreateIndexService] [wazuh.indexer] [.kibana_2] creating index, cause [api], templates [], shards [1]/[1]
[2024-02-22T16:36:59,399][INFO ][o.o.c.r.a.AllocationService] [wazuh.indexer] updating number_of_replicas to [0] for indices [.kibana_2]
[2024-02-22T16:36:59,463][INFO ][o.o.p.PluginsService ] [wazuh.indexer] PluginService:onIndexModule index:[.kibana_2/xa6VNEUuTIqweky_0mz2zw]
[2024-02-22T16:36:59,535][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-02-22T16:36:59,599][INFO ][o.o.c.r.a.AllocationService] [wazuh.indexer] Cluster health status changed from [YELLOW] to [GREEN] (reason: [shards started [[.kibana_2][0]]]).
[2024-02-22T16:36:59,647][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-02-22T16:36:59,908][INFO ][o.o.p.PluginsService ] [wazuh.indexer] PluginService:onIndexModule index:[.kibana_2/xa6VNEUuTIqweky_0mz2zw]
[2024-02-22T16:36:59,976][INFO ][o.o.c.m.MetadataMappingService] [wazuh.indexer] [.kibana_2/xa6VNEUuTIqweky_0mz2zw] update_mapping [_doc]
[2024-02-22T16:37:00,120][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-02-22T16:37:00,151][INFO ][o.o.p.PluginsService ] [wazuh.indexer] PluginService:onIndexModule index:[.kibana_2/xa6VNEUuTIqweky_0mz2zw]
[2024-02-22T16:37:00,194][INFO ][o.o.c.m.MetadataMappingService] [wazuh.indexer] [.kibana_2/xa6VNEUuTIqweky_0mz2zw] update_mapping [_doc]
[2024-02-22T16:37:00,327][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-02-22T16:37:00,854][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-02-22T16:37:01,381][INFO ][o.o.p.PluginsService ] [wazuh.indexer] PluginService:onIndexModule index:[KmmLamoBTTG-jvhZz6Ll5g/Wjc4t1BkSv6PHkZOTUeWsQ]
[2024-02-22T16:37:02,230][INFO ][o.o.p.PluginsService ] [wazuh.indexer] PluginService:onIndexModule index:[OT9FQUeTSmuvMC5JxsFUUg/Uq4xOQf5QB-mLR8sYiIG7A]
[2024-02-22T16:37:02,316][INFO ][o.o.p.PluginsService ] [wazuh.indexer] PluginService:onIndexModule index:[.plugins-ml-config/2SqxPoxbSfK0k3XQqNeeeA]
[2024-02-22T16:37:02,338][INFO ][o.o.c.m.MetadataCreateIndexService] [wazuh.indexer] [.plugins-ml-config] creating index, cause [api], templates [], shards [1]/[1]
[2024-02-22T16:37:02,344][INFO ][o.o.c.r.a.AllocationService] [wazuh.indexer] updating number_of_replicas to [0] for indices [.plugins-ml-config]
[2024-02-22T16:37:02,675][INFO ][o.o.p.PluginsService ] [wazuh.indexer] PluginService:onIndexModule index:[.plugins-ml-config/2SqxPoxbSfK0k3XQqNeeeA]
[2024-02-22T16:37:02,987][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-02-22T16:37:03,592][INFO ][o.o.p.PluginsService ] [wazuh.indexer] PluginService:onIndexModule index:[validate-template-eenk3krzswcawxo-ptjtzq/NPEqMPLFTcW9OA3nvlk41w]
[2024-02-22T16:37:03,666][INFO ][o.o.c.m.MetadataIndexTemplateService] [wazuh.indexer] adding index template [wazuh-states-vulnerabilities_template] for index patterns [wazuh-states-vulnerabilities]
[2024-02-22T16:37:04,227][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-02-22T16:37:04,232][INFO ][o.o.c.r.a.AllocationService] [wazuh.indexer] Cluster health status changed from [YELLOW] to [GREEN] (reason: [shards started [[.plugins-ml-config][0]]]).
[2024-02-22T16:37:04,432][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-02-22T16:37:04,434][INFO ][o.o.m.i.MLIndicesHandler ] [wazuh.indexer] create index:.plugins-ml-config
[2024-02-22T16:37:04,451][INFO ][o.o.p.PluginsService ] [wazuh.indexer] PluginService:onIndexModule index:[wazuh-states-vulnerabilities/lrRiGgWXSaCoJ3aUXa5T7w]
[2024-02-22T16:37:04,481][INFO ][o.o.c.m.MetadataCreateIndexService] [wazuh.indexer] [wazuh-states-vulnerabilities] creating index, cause [api], templates [wazuh-states-vulnerabilities_template], shards [1]/[0]
[2024-02-22T16:37:04,796][INFO ][o.o.m.c.MLSyncUpCron ] [wazuh.indexer] ML configuration initialized successfully
[2024-02-22T16:37:04,839][INFO ][o.o.p.PluginsService ] [wazuh.indexer] PluginService:onIndexModule index:[wazuh-states-vulnerabilities/lrRiGgWXSaCoJ3aUXa5T7w]
[2024-02-22T16:37:04,904][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-02-22T16:37:04,909][INFO ][o.o.c.m.MetadataUpdateSettingsService] [wazuh.indexer] updating number_of_replicas to [0] for indices [wazuh-monitoring-2024.8w]
[2024-02-22T16:37:05,614][INFO ][o.o.c.r.a.AllocationService] [wazuh.indexer] Cluster health status changed from [YELLOW] to [GREEN] (reason: [shards started [[wazuh-states-vulnerabilities][0]]]).
[2024-02-22T16:37:05,674][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-02-22T16:37:32,564][INFO ][o.o.p.PluginsService ] [wazuh.indexer] PluginService:onIndexModule index:[WsbNss-USeS2OVBU4M4v9Q/7FMlxYkJReymxm7oejMHAQ]
[2024-02-22T16:37:32,666][INFO ][o.o.c.m.MetadataIndexTemplateService] [wazuh.indexer] adding template [wazuh] for index patterns [wazuh-alerts-4.x-*, wazuh-archives-4.x-*]
[2024-02-22T16:37:32,827][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-02-22T16:37:33,461][INFO ][o.o.p.PluginsService ] [wazuh.indexer] PluginService:onIndexModule index:[wazuh-alerts-4.x-2024.02.22/3zaqmIRWRIGpbny2vks7tQ]
[2024-02-22T16:37:33,545][INFO ][o.o.c.m.MetadataMappingService] [wazuh.indexer] [wazuh-alerts-4.x-2024.02.22/3zaqmIRWRIGpbny2vks7tQ] update_mapping [_doc]
[2024-02-22T16:37:33,934][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-02-22T16:37:33,976][INFO ][o.o.p.PluginsService ] [wazuh.indexer] PluginService:onIndexModule index:[wazuh-alerts-4.x-2024.02.22/3zaqmIRWRIGpbny2vks7tQ]
[2024-02-22T16:37:34,867][INFO ][o.o.p.PluginsService ] [wazuh.indexer] PluginService:onIndexModule index:[wazuh-alerts-4.x-2024.02.22/3zaqmIRWRIGpbny2vks7tQ]
[2024-02-22T16:37:34,958][INFO ][o.o.c.m.MetadataMappingService] [wazuh.indexer] [wazuh-alerts-4.x-2024.02.22/3zaqmIRWRIGpbny2vks7tQ] update_mapping [_doc]
[2024-02-22T16:37:35,091][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-02-22T16:37:52,254][INFO ][o.o.i.i.ManagedIndexCoordinator] [wazuh.indexer] Performing move cluster state metadata.
[2024-02-22T16:37:52,266][INFO ][o.o.i.i.MetadataService ] [wazuh.indexer] ISM config index not exist, so we cancel the metadata migration job.
[2024-02-22T16:38:24,019][INFO ][o.o.p.PluginsService ] [wazuh.indexer] PluginService:onIndexModule index:[wazuh-alerts-4.x-2024.02.22/3zaqmIRWRIGpbny2vks7tQ]
[2024-02-22T16:38:24,079][INFO ][o.o.c.m.MetadataMappingService] [wazuh.indexer] [wazuh-alerts-4.x-2024.02.22/3zaqmIRWRIGpbny2vks7tQ] update_mapping [_doc]
[2024-02-22T16:38:24,165][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-02-22T16:38:52,255][INFO ][o.o.i.i.ManagedIndexCoordinator] [wazuh.indexer] Cancel background move metadata process.
[2024-02-22T16:38:52,256][INFO ][o.o.i.i.ManagedIndexCoordinator] [wazuh.indexer] Performing move cluster state metadata.
[2024-02-22T16:38:52,256][INFO ][o.o.i.i.MetadataService ] [wazuh.indexer] Move metadata has finished.
bash-5.2# cat /var/ossec/logs/ossec.log | grep -i -E "error|warn"
2024/02/22 16:36:01 indexer-connector: WARNING: Error initializing IndexerConnector: Couldn't connect to server, we will try again after 2 seconds.
2024/02/22 16:36:03 indexer-connector: WARNING: Error initializing IndexerConnector: Couldn't connect to server, we will try again after 4 seconds.
2024/02/22 16:36:07 indexer-connector: WARNING: Error initializing IndexerConnector: Couldn't connect to server, we will try again after 8 seconds.
2024/02/22 16:36:15 indexer-connector: WARNING: Error initializing IndexerConnector: Couldn't connect to server, we will try again after 16 seconds.
2024/02/22 16:36:31 indexer-connector: WARNING: Error initializing IndexerConnector: Couldn't connect to server, we will try again after 32 seconds.
bash-5.2#
bash-5.2$ cat /usr/share/wazuh-dashboard/data/wazuh/logs/wazuhapp.log | grep -i -E "error|warn"
bash-5.2$
Scan of the 4.8.0 images (before the OS change)
root@ubuntu22:/home/vagrant/wazuh-docker# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
wazuh/wazuh-indexer 4.8.0 7b0aea036aa6 37 seconds ago 2.19GB
wazuh/wazuh-manager 4.8.0 feabb3c1b118 About a minute ago 5.81GB
wazuh/wazuh-dashboard 4.8.0 688bc8f1a320 3 minutes ago 1.03GB
Wazuh indexer
root@ubuntu22:/home/vagrant/wazuh-docker# grype 7b0aea036aa6 --scope all-layers
✔ Vulnerability DB [updated]
✔ Loaded image 7b0aea036aa6
✔ Parsed image sha256:7b0aea036aa63669c1104ca682804aa10551b6c3ec049a4114429f0421d4038b
✔ Cataloged contents 791c5bba51b329687c48ba3754477bb87689f0f083afb5fc0deeb67798987ef9
├── ✔ Packages [745 packages]
├── ✔ File digests [2,048 files]
├── ✔ File metadata [2,048 locations]
└── ✔ Executables [805 executables]
✔ Scanned for vulnerabilities [41 vulnerability matches]
├── by severity: 0 critical, 9 high, 6 medium, 23 low, 3 negligible
└── by status: 16 fixed, 25 not-fixed, 0 ignored
NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY
bash 5.1-6ubuntu1 deb CVE-2022-3715 Low
bc-fips 1.0.2.3 1.0.2.4 java-archive GHSA-68m8-v89j-7j2p Medium
commons-compress 1.22 1.26.0 java-archive GHSA-4265-ccf5-phj5 High
commons-compress 1.22 1.24.0 java-archive GHSA-cgwf-w82q-5jrr Medium
commons-compress 1.23.0 1.26.0 java-archive GHSA-4265-ccf5-phj5 High
commons-compress 1.23.0 1.24.0 java-archive GHSA-cgwf-w82q-5jrr Medium
coreutils 8.32-4.1ubuntu1.1 deb CVE-2016-2781 Low
gcc-12-base 12.3.0-1ubuntu1~22.04 deb CVE-2022-27943 Low
gpgv 2.2.27-3ubuntu2.1 deb CVE-2022-3219 Low
json 20230227 20231013 java-archive GHSA-4jq9-2xhw-jpx7 High
libc-bin 2.35-0ubuntu3.6 deb CVE-2016-20013 Negligible
libc6 2.35-0ubuntu3.6 deb CVE-2016-20013 Negligible
libgcc-s1 12.3.0-1ubuntu1~22.04 deb CVE-2022-27943 Low
liblzma5 5.2.5-2ubuntu1 deb CVE-2020-22916 Medium
libncurses6 6.3-2ubuntu0.1 deb CVE-2023-50495 Low
libncurses6 6.3-2ubuntu0.1 deb CVE-2023-45918 Low
libncursesw6 6.3-2ubuntu0.1 deb CVE-2023-50495 Low
libncursesw6 6.3-2ubuntu0.1 deb CVE-2023-45918 Low
libpcre3 2:8.39-13ubuntu0.22.04.1 deb CVE-2017-11164 Negligible
libstdc++6 12.3.0-1ubuntu1~22.04 deb CVE-2022-27943 Low
libsystemd0 249.11-0ubuntu3.12 deb CVE-2023-7008 Low
libtinfo6 6.3-2ubuntu0.1 deb CVE-2023-50495 Low
libtinfo6 6.3-2ubuntu0.1 deb CVE-2023-45918 Low
libudev1 249.11-0ubuntu3.12 deb CVE-2023-7008 Low
libzstd1 1.4.8+dfsg-3build1 deb CVE-2022-4899 Low
login 1:4.8.1-2ubuntu2.1 1:4.8.1-2ubuntu2.2 deb CVE-2023-4641 Low
login 1:4.8.1-2ubuntu2.1 deb CVE-2023-29383 Low
ncurses-base 6.3-2ubuntu0.1 deb CVE-2023-50495 Low
ncurses-base 6.3-2ubuntu0.1 deb CVE-2023-45918 Low
ncurses-bin 6.3-2ubuntu0.1 deb CVE-2023-50495 Low
ncurses-bin 6.3-2ubuntu0.1 deb CVE-2023-45918 Low
netty-codec-http2 4.1.97.Final 4.1.100.Final java-archive GHSA-xpw8-rcwv-8f8p High
opensearch 2.10.0 2.11.1 java-archive GHSA-6g3j-p5g6-992f Medium
passwd 1:4.8.1-2ubuntu2.1 1:4.8.1-2ubuntu2.2 deb CVE-2023-4641 Low
passwd 1:4.8.1-2ubuntu2.1 deb CVE-2023-29383 Low
snappy-java 1.1.10.3 1.1.10.4 java-archive GHSA-55g7-9cwv-5qfv High
xmlsec 2.3.3 2.3.4 java-archive GHSA-xfrj-6vvc-3xm2 Medium
Wazuh manager
root@ubuntu22:/home/vagrant/wazuh-docker# grype feabb3c1b118 --scope all-layers
✔ Vulnerability DB [no update available]
✔ Loaded image feabb3c1b118
✔ Parsed image sha256:feabb3c1b1184b59b6b0b2a0fff3085bff3d45709e0b93aa3888bf20cb35166f
✔ Cataloged contents 012b97aa0f4628b2700bbff0656b8495a777438c1f108009952a10569db2f7a0
├── ✔ Packages [350 packages]
├── ✔ File digests [22,680 files]
├── ✔ File metadata [22,680 locations]
└── ✔ Executables [1,240 executables]
✔ Scanned for vulnerabilities [155 vulnerability matches]
├── by severity: 7 critical, 58 high, 49 medium, 38 low, 3 negligible
└── by status: 43 fixed, 112 not-fixed, 0 ignored
NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY
Werkzeug 2.2.3 2.3.8 python GHSA-hrfv-mqp8-q5rw Medium
aiohttp 3.9.1 3.9.2 python GHSA-8qpw-xqxj-h4r2 Medium
aiohttp 3.9.1 3.9.2 python GHSA-5h86-8mv2-jq9f Medium
bash 5.1-6ubuntu1 deb CVE-2022-3715 Low
coreutils 8.32-4.1ubuntu1.1 deb CVE-2016-2781 Low
cryptography 41.0.7 42.0.4 python GHSA-6vqw-3v5j-54x4 High
cryptography 41.0.7 42.0.0 python GHSA-3ww4-gg4f-jr7f High
cryptography 41.0.7 42.0.2 python GHSA-9v9h-cgj8-h64p Medium
dirmngr 2.2.27-3ubuntu2.1 deb CVE-2022-3219 Low
ecdsa 0.16.1 python GHSA-wj6h-64fc-37mp High
gcc-12-base 12.3.0-1ubuntu1~22.04 deb CVE-2022-27943 Low
github.com/containerd/containerd v1.3.3 1.4.13 go-module GHSA-crp2-qrr5-8pq7 High
github.com/containerd/containerd v1.3.3 1.5.18 go-module GHSA-hmfx-3pcx-653p Medium
github.com/containerd/containerd v1.3.3 1.4.8 go-module GHSA-c72p-9xmj-rx3w Medium
github.com/containerd/containerd v1.3.3 1.4.11 go-module GHSA-c2h3-6mxw-7mvq Medium
github.com/containerd/containerd v1.3.3 1.6.26 go-module GHSA-7ww5-4wqc-m92c Medium
github.com/containerd/containerd v1.3.3 1.3.10 go-module GHSA-6g2q-w5j3-fwh4 Medium
github.com/containerd/containerd v1.3.3 1.5.13 go-module GHSA-5ffw-gxpp-mxpf Medium
github.com/containerd/containerd v1.3.3 1.3.9 go-module GHSA-36xw-fx78-c5r4 Medium
github.com/containerd/containerd v1.3.3 1.5.16 go-module GHSA-2qjp-425j-52j9 Medium
github.com/containerd/containerd v1.3.3 1.5.18 go-module GHSA-259w-8hf6-59c2 Medium
github.com/containerd/containerd v1.3.3 1.4.12 go-module GHSA-5j5w-g665-5m35 Low
github.com/docker/distribution v2.7.1+incompatible 2.8.2-beta.1 go-module GHSA-hqxw-f8mx-cpmw High
github.com/docker/distribution v2.7.1+incompatible 2.8.0 go-module GHSA-qq97-vm5h-rrhg Low
github.com/gogo/protobuf v1.3.1 1.3.2 go-module GHSA-c3h9-896r-86jm High
github.com/miekg/dns v1.1.15 1.1.25 go-module GHSA-44r7-7p62-q3fr Medium
github.com/opencontainers/image-spec v1.0.2-0.20190823105129-775207bd45b6 1.0.2 go-module GHSA-77vh-xpmg-72qh Low
gnupg 2.2.27-3ubuntu2.1 deb CVE-2022-3219 Low
gnupg-l10n 2.2.27-3ubuntu2.1 deb CVE-2022-3219 Low
gnupg-utils 2.2.27-3ubuntu2.1 deb CVE-2022-3219 Low
go.elastic.co/apm v1.8.1-0.20200909061013-2aef45b9cf4b 1.11.0 go-module GHSA-qqc5-rgcc-cjqh Low
golang.org/x/crypto v0.0.0-20200510223506-06a226fb4e37 0.0.0-20211202192323-5770296d904e go-module GHSA-gwc9-m7rh-j2ww High
golang.org/x/crypto v0.0.0-20200510223506-06a226fb4e37 0.0.0-20220314234659-1baeb1ce4c0b go-module GHSA-8c26-wmh5-6g9v High
golang.org/x/crypto v0.0.0-20200510223506-06a226fb4e37 0.0.0-20201216223049-8b5274cf687f go-module GHSA-3vm4-22fp-5rfm High
golang.org/x/crypto v0.0.0-20200510223506-06a226fb4e37 0.17.0 go-module GHSA-45x7-px36-x8w8 Medium
golang.org/x/net v0.0.0-20200202094626-16171245cfb2 0.7.0 go-module GHSA-vvpx-j8f3-3w6h High
golang.org/x/net v0.0.0-20200202094626-16171245cfb2 0.0.0-20210520170846-37e1c6afe023 go-module GHSA-83g2-8m93-v3w7 High
golang.org/x/net v0.0.0-20200202094626-16171245cfb2 0.0.0-20220906165146-f3363e06e74c go-module GHSA-69cg-p879-7622 High
golang.org/x/net v0.0.0-20200202094626-16171245cfb2 0.17.0 go-module GHSA-4374-p667-p6c8 High
golang.org/x/net v0.0.0-20200202094626-16171245cfb2 0.17.0 go-module GHSA-qppj-fm5r-hxr3 Medium
golang.org/x/net v0.0.0-20200202094626-16171245cfb2 0.0.0-20210428140749-89ef3d95e781 go-module GHSA-h86h-8ppg-mxmh Medium
golang.org/x/net v0.0.0-20200202094626-16171245cfb2 0.13.0 go-module GHSA-2wrh-6pvc-2jm9 Medium
golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae 0.0.0-20220412211240-33da011f77ad go-module GHSA-p782-xgp4-8hr8 Medium
golang.org/x/text v0.3.2 0.3.7 go-module GHSA-ppp9-7jff-5vj2 High
golang.org/x/text v0.3.2 0.3.8 go-module GHSA-69ch-w2m2-3vjp High
golang.org/x/text v0.3.2 0.3.3 go-module GHSA-5rcv-m4m3-hfh7 Medium
google.golang.org/grpc v1.29.1 1.56.3 go-module GHSA-m425-mq94-257g High
google.golang.org/grpc v1.29.1 1.56.3 go-module GHSA-qppj-fm5r-hxr3 Medium
gpg 2.2.27-3ubuntu2.1 deb CVE-2022-3219 Low
gpg-agent 2.2.27-3ubuntu2.1 deb CVE-2022-3219 Low
gpg-wks-client 2.2.27-3ubuntu2.1 deb CVE-2022-3219 Low
gpg-wks-server 2.2.27-3ubuntu2.1 deb CVE-2022-3219 Low
gpgconf 2.2.27-3ubuntu2.1 deb CVE-2022-3219 Low
gpgsm 2.2.27-3ubuntu2.1 deb CVE-2022-3219 Low
gpgv 2.2.27-3ubuntu2.1 deb CVE-2022-3219 Low
k8s.io/client-go v0.18.3 0.18.14 go-module GHSA-8cfg-vx93-jvxw Medium
libc-bin 2.35-0ubuntu3.6 deb CVE-2016-20013 Negligible
libc6 2.35-0ubuntu3.6 deb CVE-2016-20013 Negligible
libexpat1 2.4.7-1ubuntu0.2 deb CVE-2023-52426 Medium
libgcc-s1 12.3.0-1ubuntu1~22.04 deb CVE-2022-27943 Low
liblzma5 5.2.5-2ubuntu1 deb CVE-2020-22916 Medium
libncurses6 6.3-2ubuntu0.1 deb CVE-2023-50495 Low
libncurses6 6.3-2ubuntu0.1 deb CVE-2023-45918 Low
libncursesw6 6.3-2ubuntu0.1 deb CVE-2023-50495 Low
libncursesw6 6.3-2ubuntu0.1 deb CVE-2023-45918 Low
libpcre3 2:8.39-13ubuntu0.22.04.1 deb CVE-2017-11164 Negligible
libpython3.10-minimal 3.10.12-1~22.04.3 deb CVE-2023-27043 Medium
libpython3.10-stdlib 3.10.12-1~22.04.3 deb CVE-2023-27043 Medium
libstdc++6 12.3.0-1ubuntu1~22.04 deb CVE-2022-27943 Low
libsystemd0 249.11-0ubuntu3.12 deb CVE-2023-7008 Low
libtinfo6 6.3-2ubuntu0.1 deb CVE-2023-50495 Low
libtinfo6 6.3-2ubuntu0.1 deb CVE-2023-45918 Low
libudev1 249.11-0ubuntu3.12 deb CVE-2023-7008 Low
libzstd1 1.4.8+dfsg-3build1 deb CVE-2022-4899 Low
login 1:4.8.1-2ubuntu2.1 1:4.8.1-2ubuntu2.2 deb CVE-2023-4641 Low
login 1:4.8.1-2ubuntu2.1 deb CVE-2023-29383 Low
ncurses-base 6.3-2ubuntu0.1 deb CVE-2023-50495 Low
ncurses-base 6.3-2ubuntu0.1 deb CVE-2023-45918 Low
ncurses-bin 6.3-2ubuntu0.1 deb CVE-2023-50495 Low
ncurses-bin 6.3-2ubuntu0.1 deb CVE-2023-45918 Low
passwd 1:4.8.1-2ubuntu2.1 1:4.8.1-2ubuntu2.2 deb CVE-2023-4641 Low
passwd 1:4.8.1-2ubuntu2.1 deb CVE-2023-29383 Low
python3.10 3.10.12-1~22.04.3 deb CVE-2023-27043 Medium
python3.10-minimal 3.10.12-1~22.04.3 deb CVE-2023-27043 Medium
stdlib go1.14.12 go-module CVE-2023-29405 Critical
stdlib go1.14.12 go-module CVE-2023-29404 Critical
stdlib go1.14.12 go-module CVE-2023-29402 Critical
stdlib go1.14.12 go-module CVE-2023-24540 Critical
stdlib go1.14.12 go-module CVE-2023-24538 Critical
stdlib go1.14.12 go-module CVE-2022-23806 Critical
stdlib go1.14.12 go-module CVE-2021-38297 Critical
stdlib go1.14.12 go-module CVE-2023-45287 High
stdlib go1.14.12 go-module CVE-2023-45285 High
stdlib go1.14.12 go-module CVE-2023-44487 High
stdlib go1.14.12 go-module CVE-2023-39323 High
stdlib go1.14.12 go-module CVE-2023-29403 High
stdlib go1.14.12 go-module CVE-2023-29400 High
stdlib go1.14.12 go-module CVE-2023-24539 High
stdlib go1.14.12 go-module CVE-2023-24537 High
stdlib go1.14.12 go-module CVE-2023-24536 High
stdlib go1.14.12 go-module CVE-2023-24534 High
stdlib go1.14.12 go-module CVE-2022-41725 High
stdlib go1.14.12 go-module CVE-2022-41724 High
stdlib go1.14.12 go-module CVE-2022-41723 High
stdlib go1.14.12 go-module CVE-2022-41722 High
stdlib go1.14.12 go-module CVE-2022-41715 High
stdlib go1.14.12 go-module CVE-2022-32189 High
stdlib go1.14.12 go-module CVE-2022-30635 High
stdlib go1.14.12 go-module CVE-2022-30633 High
stdlib go1.14.12 go-module CVE-2022-30632 High
stdlib go1.14.12 go-module CVE-2022-30631 High
stdlib go1.14.12 go-module CVE-2022-30630 High
stdlib go1.14.12 go-module CVE-2022-30580 High
stdlib go1.14.12 go-module CVE-2022-2880 High
stdlib go1.14.12 go-module CVE-2022-2879 High
stdlib go1.14.12 go-module CVE-2022-28327 High
stdlib go1.14.12 go-module CVE-2022-28131 High
stdlib go1.14.12 go-module CVE-2022-27664 High
stdlib go1.14.12 go-module CVE-2022-24921 High
stdlib go1.14.12 go-module CVE-2022-24675 High
stdlib go1.14.12 go-module CVE-2022-23773 High
stdlib go1.14.12 go-module CVE-2022-23772 High
stdlib go1.14.12 go-module CVE-2021-44716 High
stdlib go1.14.12 go-module CVE-2021-41772 High
stdlib go1.14.12 go-module CVE-2021-41771 High
stdlib go1.14.12 go-module CVE-2021-39293 High
stdlib go1.14.12 go-module CVE-2021-33198 High
stdlib go1.14.12 go-module CVE-2021-33196 High
stdlib go1.14.12 go-module CVE-2021-33195 High
stdlib go1.14.12 go-module CVE-2021-33194 High
stdlib go1.14.12 go-module CVE-2021-3115 High
stdlib go1.14.12 go-module CVE-2021-29923 High
stdlib go1.14.12 go-module CVE-2021-27918 High
stdlib go1.14.12 go-module CVE-2023-39326 Medium
stdlib go1.14.12 go-module CVE-2023-39319 Medium
stdlib go1.14.12 go-module CVE-2023-39318 Medium
stdlib go1.14.12 go-module CVE-2023-29409 Medium
stdlib go1.14.12 go-module CVE-2023-29406 Medium
stdlib go1.14.12 go-module CVE-2023-24532 Medium
stdlib go1.14.12 go-module CVE-2022-41717 Medium
stdlib go1.14.12 go-module CVE-2022-32148 Medium
stdlib go1.14.12 go-module CVE-2022-29526 Medium
stdlib go1.14.12 go-module CVE-2022-1962 Medium
stdlib go1.14.12 go-module CVE-2022-1705 Medium
stdlib go1.14.12 go-module CVE-2021-44717 Medium
stdlib go1.14.12 go-module CVE-2021-36221 Medium
stdlib go1.14.12 go-module CVE-2021-34558 Medium
stdlib go1.14.12 go-module CVE-2021-33197 Medium
stdlib go1.14.12 go-module CVE-2021-31525 Medium
stdlib go1.14.12 go-module CVE-2021-3114 Medium
stdlib go1.14.12 go-module CVE-2020-29511 Medium
stdlib go1.14.12 go-module CVE-2020-29510 Medium
stdlib go1.14.12 go-module CVE-2020-29509 Medium
stdlib go1.14.12 go-module CVE-2022-30629 Low
xz-utils 5.2.5-2ubuntu1 deb CVE-2020-22916 Medium
Wazuh dashboard
root@ubuntu22:/home/vagrant/wazuh-docker# grype 688bc8f1a320 --scope all-layers
✔ Vulnerability DB [no update available]
✔ Loaded image 688bc8f1a320
✔ Parsed image sha256:688bc8f1a32085b2daf2b68a06aaf7e634bbf0801137fa69c2ac8d5b4e323db5
✔ Cataloged contents 6c91c173fd27a33633b11c66c06486f667f297c0e79fcbf2ffa4403739a1afbb
├── ✔ Packages [1,957 packages]
├── ✔ File digests [2,048 files]
├── ✔ File metadata [2,048 locations]
└── ✔ Executables [735 executables]
✔ Scanned for vulnerabilities [53 vulnerability matches]
├── by severity: 5 critical, 11 high, 11 medium, 23 low, 3 negligible
└── by status: 8 fixed, 45 not-fixed, 0 ignored
[0038] WARN cataloger failed cataloger=javascript-package-cataloger error=failed to parse package.json file: unable
[0038] WARN cataloger failed cataloger=javascript-package-cataloger error=failed to parse package.json file: unable
[0038] WARN cataloger failed cataloger=javascript-package-cataloger error=failed to parse package.json file: unexpec
[0038] WARN cataloger failed cataloger=java-archive-cataloger error=unable to read files from java archive: unable t
NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY
@babel/traverse 7.17.3 7.23.2 npm GHSA-67hx-6x53-jw92 Critical
@babel/traverse 7.21.2 7.23.2 npm GHSA-67hx-6x53-jw92 Critical
angular 1.8.2 npm GHSA-4w4v-5hc9-xrr2 High
angular 1.8.2 npm GHSA-qwqh-hm9m-p5hr Medium
angular 1.8.2 npm GHSA-prc3-vjfx-vhm9 Medium
angular 1.8.2 npm GHSA-m2h2-264f-f486 Medium
angular 1.8.2 npm GHSA-2vrf-hf26-jrp5 Medium
angular 1.8.2 npm GHSA-2qqx-w9hr-q5gx Medium
axios 0.27.2 0.28.0 npm GHSA-wf5p-g6vw-rhxx Medium
bash 5.1-6ubuntu1 deb CVE-2022-3715 Low
coreutils 8.32-4.1ubuntu1.1 deb CVE-2016-2781 Low
debug 4.1.1 4.3.1 npm GHSA-gxpj-cx7g-858c Medium
follow-redirects 1.15.2 1.15.4 npm GHSA-jchw-25xp-jwwc Medium
gcc-12-base 12.3.0-1ubuntu1~22.04 deb CVE-2022-27943 Low
gpgv 2.2.27-3ubuntu2.1 deb CVE-2022-3219 Low
hoek 4.2.1 npm GHSA-c429-5p7v-vgjp High
hoek 6.1.3 npm GHSA-c429-5p7v-vgjp High
libc-bin 2.35-0ubuntu3.6 deb CVE-2016-20013 Negligible
libc6 2.35-0ubuntu3.6 deb CVE-2016-20013 Negligible
libgcc-s1 12.3.0-1ubuntu1~22.04 deb CVE-2022-27943 Low
liblzma5 5.2.5-2ubuntu1 deb CVE-2020-22916 Medium
libncurses6 6.3-2ubuntu0.1 deb CVE-2023-50495 Low
libncurses6 6.3-2ubuntu0.1 deb CVE-2023-45918 Low
libncursesw6 6.3-2ubuntu0.1 deb CVE-2023-50495 Low
libncursesw6 6.3-2ubuntu0.1 deb CVE-2023-45918 Low
libpcre3 2:8.39-13ubuntu0.22.04.1 deb CVE-2017-11164 Negligible
libstdc++6 12.3.0-1ubuntu1~22.04 deb CVE-2022-27943 Low
libsystemd0 249.11-0ubuntu3.12 deb CVE-2023-7008 Low
libtinfo6 6.3-2ubuntu0.1 deb CVE-2023-50495 Low
libtinfo6 6.3-2ubuntu0.1 deb CVE-2023-45918 Low
libudev1 249.11-0ubuntu3.12 deb CVE-2023-7008 Low
libzstd1 1.4.8+dfsg-3build1 deb CVE-2022-4899 Low
login 1:4.8.1-2ubuntu2.1 1:4.8.1-2ubuntu2.2 deb CVE-2023-4641 Low
login 1:4.8.1-2ubuntu2.1 deb CVE-2023-29383 Low
monorepo-symlink-test 0.0.0 npm GHSA-2jcg-qqmg-46q6 Critical
ncurses-base 6.3-2ubuntu0.1 deb CVE-2023-50495 Low
ncurses-base 6.3-2ubuntu0.1 deb CVE-2023-45918 Low
ncurses-bin 6.3-2ubuntu0.1 deb CVE-2023-50495 Low
ncurses-bin 6.3-2ubuntu0.1 deb CVE-2023-45918 Low
node 18.16.0 binary CVE-2023-32002 Critical
node 18.16.0 binary CVE-2023-44487 High
node 18.16.0 binary CVE-2023-38552 High
node 18.16.0 binary CVE-2023-32559 High
node 18.16.0 binary CVE-2023-32006 High
node 18.16.0 binary CVE-2023-30590 High
node 18.16.0 binary CVE-2023-30589 High
node 18.16.0 binary CVE-2023-30585 High
node 18.16.0 binary CVE-2023-30581 High
node 18.16.0 binary CVE-2023-30588 Medium
passwd 1:4.8.1-2ubuntu2.1 1:4.8.1-2ubuntu2.2 deb CVE-2023-4641 Low
passwd 1:4.8.1-2ubuntu2.1 deb CVE-2023-29383 Low
root@ubuntu22:/home/vagrant/wazuh-docker#
After the development, the scan is the following:
root@ip-172-31-41-4:/home/ubuntu/wazuh-docker/single-node# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
wazuh/wazuh-dashboard 4.8.0 357ec8a9f033 57 minutes ago 1.15GB
wazuh/wazuh-indexer 4.8.0 d7949d499dcf 58 minutes ago 2.32GB
wazuh/wazuh-manager 4.8.0 98d1c9d13a8b 59 minutes ago 1.22GB
root@ip-172-31-41-4:/home/ubuntu/wazuh-docker/single-node# grype d7949d499dcf --scope all-layers
✔ Vulnerability DB [updated]
✔ Loaded image d7949d499dcf
⠹ Parsing image ━━━━━━━━━━━━━━━━━━━━ sha256:d7949d499dcf42f7390b82362e71d2ec845e351776ab176c04a
Wazuh indexer
root@ip-172-31-41-4:/home/ubuntu/wazuh-docker/single-node# grype d7949d499dcf --scope all-layers
✔ Vulnerability DB [no update available]
✔ Loaded image d7949d499dcf
✔ Parsed image sha256:d7949d499dcf42f7390b82362e71d2ec845e351776ab176c04ae3f01ce25a0f3
✔ Cataloged contents 2e9752af8078f8d540f8ecc751e23a2a4e905ca44b3e9ff64113b3646b57067c
├── ✔ Packages [753 packages]
├── ✔ File digests [5,462 files]
├── ✔ File metadata [5,462 locations]
└── ✔ Executables [371 executables]
✔ Scanned for vulnerabilities [16 vulnerability matches]
├── by severity: 0 critical, 9 high, 7 medium, 0 low, 0 negligible
└── by status: 16 fixed, 0 not-fixed, 0 ignored
NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY
bc-fips 1.0.2.3 1.0.2.4 java-archive GHSA-68m8-v89j-7j2p Medium
commons-compress 1.22 1.26.0 java-archive GHSA-4265-ccf5-phj5 High
commons-compress 1.22 1.24.0 java-archive GHSA-cgwf-w82q-5jrr Medium
commons-compress 1.23.0 1.26.0 java-archive GHSA-4265-ccf5-phj5 High
commons-compress 1.23.0 1.24.0 java-archive GHSA-cgwf-w82q-5jrr Medium
expat 2.5.0-1.amzn2023.0.2 2.5.0-1.amzn2023.0.3 rpm ALAS-2024-524 Medium
json 20230227 20231013 java-archive GHSA-4jq9-2xhw-jpx7 High
netty-codec-http2 4.1.97.Final 4.1.100.Final java-archive GHSA-xpw8-rcwv-8f8p High
opensearch 2.10.0 2.11.1 java-archive GHSA-6g3j-p5g6-992f Medium
openssl-libs 1:3.0.8-1.amzn2023.0.10 3.0.8-1.amzn2023.0.11 rpm ALAS-2024-520 Medium
snappy-java 1.1.10.3 1.1.10.4 java-archive GHSA-55g7-9cwv-5qfv High
xmlsec 2.3.3 2.3.4 java-archive GHSA-xfrj-6vvc-3xm2 Medium
Wazuh manager
root@ip-172-31-41-4:/home/ubuntu/wazuh-docker/single-node# grype 98d1c9d13a8b --scope all-layers
✔ Vulnerability DB [no update available]
✔ Loaded image 98d1c9d13a8b
✔ Parsed image sha256:98d1c9d13a8bec1c2a43fd5b297b2e0e1ace637dd9e2bd551953586007b059c1
✔ Cataloged contents 62b621863bffa8fe3eedff986c86821ca430c334f7eefc860b4615ac5729bc6b
├── ✔ Packages [318 packages]
├── ✔ File digests [25,448 files]
├── ✔ File metadata [25,448 locations]
└── ✔ Executables [734 executables]
✔ Scanned for vulnerabilities [111 vulnerability matches]
├── by severity: 7 critical, 56 high, 43 medium, 5 low, 0 negligible
└── by status: 41 fixed, 70 not-fixed, 0 ignored
NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY
Werkzeug 2.2.3 2.3.8 python GHSA-hrfv-mqp8-q5rw Medium
cryptography 42.0.2 42.0.4 python GHSA-6vqw-3v5j-54x4 High
expat 2.5.0-1.amzn2023.0.2 2.5.0-1.amzn2023.0.3 rpm ALAS-2024-524 Medium
github.com/containerd/containerd v1.3.3 1.4.13 go-module GHSA-crp2-qrr5-8pq7 High
github.com/containerd/containerd v1.3.3 1.5.18 go-module GHSA-hmfx-3pcx-653p Medium
github.com/containerd/containerd v1.3.3 1.4.8 go-module GHSA-c72p-9xmj-rx3w Medium
github.com/containerd/containerd v1.3.3 1.4.11 go-module GHSA-c2h3-6mxw-7mvq Medium
github.com/containerd/containerd v1.3.3 1.6.26 go-module GHSA-7ww5-4wqc-m92c Medium
github.com/containerd/containerd v1.3.3 1.3.10 go-module GHSA-6g2q-w5j3-fwh4 Medium
github.com/containerd/containerd v1.3.3 1.5.13 go-module GHSA-5ffw-gxpp-mxpf Medium
github.com/containerd/containerd v1.3.3 1.3.9 go-module GHSA-36xw-fx78-c5r4 Medium
github.com/containerd/containerd v1.3.3 1.5.16 go-module GHSA-2qjp-425j-52j9 Medium
github.com/containerd/containerd v1.3.3 1.5.18 go-module GHSA-259w-8hf6-59c2 Medium
github.com/containerd/containerd v1.3.3 1.4.12 go-module GHSA-5j5w-g665-5m35 Low
github.com/docker/distribution v2.7.1+incompatible 2.8.2-beta.1 go-module GHSA-hqxw-f8mx-cpmw High
github.com/docker/distribution v2.7.1+incompatible 2.8.0 go-module GHSA-qq97-vm5h-rrhg Low
github.com/gogo/protobuf v1.3.1 1.3.2 go-module GHSA-c3h9-896r-86jm High
github.com/miekg/dns v1.1.15 1.1.25 go-module GHSA-44r7-7p62-q3fr Medium
github.com/opencontainers/image-spec v1.0.2-0.20190823105129-775207bd45b6 1.0.2 go-module GHSA-77vh-xpmg-72qh Low
go.elastic.co/apm v1.8.1-0.20200909061013-2aef45b9cf4b 1.11.0 go-module GHSA-qqc5-rgcc-cjqh Low
golang.org/x/crypto v0.0.0-20200510223506-06a226fb4e37 0.0.0-20211202192323-5770296d904e go-module GHSA-gwc9-m7rh-j2ww High
golang.org/x/crypto v0.0.0-20200510223506-06a226fb4e37 0.0.0-20220314234659-1baeb1ce4c0b go-module GHSA-8c26-wmh5-6g9v High
golang.org/x/crypto v0.0.0-20200510223506-06a226fb4e37 0.0.0-20201216223049-8b5274cf687f go-module GHSA-3vm4-22fp-5rfm High
golang.org/x/crypto v0.0.0-20200510223506-06a226fb4e37 0.17.0 go-module GHSA-45x7-px36-x8w8 Medium
golang.org/x/net v0.0.0-20200202094626-16171245cfb2 0.7.0 go-module GHSA-vvpx-j8f3-3w6h High
golang.org/x/net v0.0.0-20200202094626-16171245cfb2 0.0.0-20210520170846-37e1c6afe023 go-module GHSA-83g2-8m93-v3w7 High
golang.org/x/net v0.0.0-20200202094626-16171245cfb2 0.0.0-20220906165146-f3363e06e74c go-module GHSA-69cg-p879-7622 High
golang.org/x/net v0.0.0-20200202094626-16171245cfb2 0.17.0 go-module GHSA-4374-p667-p6c8 High
golang.org/x/net v0.0.0-20200202094626-16171245cfb2 0.17.0 go-module GHSA-qppj-fm5r-hxr3 Medium
golang.org/x/net v0.0.0-20200202094626-16171245cfb2 0.0.0-20210428140749-89ef3d95e781 go-module GHSA-h86h-8ppg-mxmh Medium
golang.org/x/net v0.0.0-20200202094626-16171245cfb2 0.13.0 go-module GHSA-2wrh-6pvc-2jm9 Medium
golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae 0.0.0-20220412211240-33da011f77ad go-module GHSA-p782-xgp4-8hr8 Medium
golang.org/x/text v0.3.2 0.3.7 go-module GHSA-ppp9-7jff-5vj2 High
golang.org/x/text v0.3.2 0.3.8 go-module GHSA-69ch-w2m2-3vjp High
golang.org/x/text v0.3.2 0.3.3 go-module GHSA-5rcv-m4m3-hfh7 Medium
google.golang.org/grpc v1.29.1 1.56.3 go-module GHSA-m425-mq94-257g High
google.golang.org/grpc v1.29.1 1.56.3 go-module GHSA-qppj-fm5r-hxr3 Medium
k8s.io/client-go v0.18.3 0.18.14 go-module GHSA-8cfg-vx93-jvxw Medium
openssl 1:3.0.8-1.amzn2023.0.10 3.0.8-1.amzn2023.0.11 rpm ALAS-2024-520 Medium
openssl-libs 1:3.0.8-1.amzn2023.0.10 3.0.8-1.amzn2023.0.11 rpm ALAS-2024-520 Medium
stdlib go1.14.12 go-module CVE-2023-29405 Critical
stdlib go1.14.12 go-module CVE-2023-29404 Critical
stdlib go1.14.12 go-module CVE-2023-29402 Critical
stdlib go1.14.12 go-module CVE-2023-24540 Critical
stdlib go1.14.12 go-module CVE-2023-24538 Critical
stdlib go1.14.12 go-module CVE-2022-23806 Critical
stdlib go1.14.12 go-module CVE-2021-38297 Critical
stdlib go1.14.12 go-module CVE-2023-45287 High
stdlib go1.14.12 go-module CVE-2023-45285 High
stdlib go1.14.12 go-module CVE-2023-44487 High
stdlib go1.14.12 go-module CVE-2023-39323 High
stdlib go1.14.12 go-module CVE-2023-29403 High
stdlib go1.14.12 go-module CVE-2023-29400 High
stdlib go1.14.12 go-module CVE-2023-24539 High
stdlib go1.14.12 go-module CVE-2023-24537 High
stdlib go1.14.12 go-module CVE-2023-24536 High
stdlib go1.14.12 go-module CVE-2023-24534 High
stdlib go1.14.12 go-module CVE-2022-41725 High
stdlib go1.14.12 go-module CVE-2022-41724 High
stdlib go1.14.12 go-module CVE-2022-41723 High
stdlib go1.14.12 go-module CVE-2022-41722 High
stdlib go1.14.12 go-module CVE-2022-41715 High
stdlib go1.14.12 go-module CVE-2022-32189 High
stdlib go1.14.12 go-module CVE-2022-30635 High
stdlib go1.14.12 go-module CVE-2022-30633 High
stdlib go1.14.12 go-module CVE-2022-30632 High
stdlib go1.14.12 go-module CVE-2022-30631 High
stdlib go1.14.12 go-module CVE-2022-30630 High
stdlib go1.14.12 go-module CVE-2022-30580 High
stdlib go1.14.12 go-module CVE-2022-2880 High
stdlib go1.14.12 go-module CVE-2022-2879 High
stdlib go1.14.12 go-module CVE-2022-28327 High
stdlib go1.14.12 go-module CVE-2022-28131 High
stdlib go1.14.12 go-module CVE-2022-27664 High
stdlib go1.14.12 go-module CVE-2022-24921 High
stdlib go1.14.12 go-module CVE-2022-24675 High
stdlib go1.14.12 go-module CVE-2022-23773 High
stdlib go1.14.12 go-module CVE-2022-23772 High
stdlib go1.14.12 go-module CVE-2021-44716 High
stdlib go1.14.12 go-module CVE-2021-41772 High
stdlib go1.14.12 go-module CVE-2021-41771 High
stdlib go1.14.12 go-module CVE-2021-39293 High
stdlib go1.14.12 go-module CVE-2021-33198 High
stdlib go1.14.12 go-module CVE-2021-33196 High
stdlib go1.14.12 go-module CVE-2021-33195 High
stdlib go1.14.12 go-module CVE-2021-33194 High
stdlib go1.14.12 go-module CVE-2021-3115 High
stdlib go1.14.12 go-module CVE-2021-29923 High
stdlib go1.14.12 go-module CVE-2021-27918 High
stdlib go1.14.12 go-module CVE-2023-39326 Medium
stdlib go1.14.12 go-module CVE-2023-39319 Medium
stdlib go1.14.12 go-module CVE-2023-39318 Medium
stdlib go1.14.12 go-module CVE-2023-29409 Medium
stdlib go1.14.12 go-module CVE-2023-29406 Medium
stdlib go1.14.12 go-module CVE-2023-24532 Medium
stdlib go1.14.12 go-module CVE-2022-41717 Medium
stdlib go1.14.12 go-module CVE-2022-32148 Medium
stdlib go1.14.12 go-module CVE-2022-29526 Medium
stdlib go1.14.12 go-module CVE-2022-1962 Medium
stdlib go1.14.12 go-module CVE-2022-1705 Medium
stdlib go1.14.12 go-module CVE-2021-44717 Medium
stdlib go1.14.12 go-module CVE-2021-36221 Medium
stdlib go1.14.12 go-module CVE-2021-34558 Medium
stdlib go1.14.12 go-module CVE-2021-33197 Medium
stdlib go1.14.12 go-module CVE-2021-31525 Medium
stdlib go1.14.12 go-module CVE-2021-3114 Medium
stdlib go1.14.12 go-module CVE-2020-29511 Medium
stdlib go1.14.12 go-module CVE-2020-29510 Medium
stdlib go1.14.12 go-module CVE-2020-29509 Medium
stdlib go1.14.12 go-module CVE-2022-30629 Low
systemd-libs 252.16-1.amzn2023.0.1 252.16-1.amzn2023.0.2 rpm ALAS-2024-509 Medium
Wazuh dashboard
root@ip-172-31-41-4:/home/ubuntu/wazuh-docker/single-node# grype 357ec8a9f033 --scope all-layers
✔ Vulnerability DB [no update available]
✔ Loaded image 357ec8a9f033
✔ Parsed image sha256:357ec8a9f033de9e763b0f36d66558898c38634b5ea9ee97d113f0c3d7ba3dab
✔ Cataloged contents 0124bab0342119df23f86c1e47bee42f978db2e56e85b1ae4c0eb2dc11370d82
├── ✔ Packages [1,963 packages]
├── ✔ File digests [5,403 files]
├── ✔ File metadata [5,403 locations]
└── ✔ Executables [298 executables]
✔ Scanned for vulnerabilities [30 vulnerability matches]
├── by severity: 5 critical, 11 high, 14 medium, 0 low, 0 negligible
└── by status: 10 fixed, 20 not-fixed, 0 ignored
[0164] WARN cataloger failed cataloger=javascript-package-cataloger error=failed to parse package.json file: unable
[0164] WARN cataloger failed cataloger=javascript-package-cataloger error=failed to parse package.json file: unable
[0164] WARN cataloger failed cataloger=javascript-package-cataloger error=failed to parse package.json file: unexpec
[0166] WARN cataloger failed cataloger=java-archive-cataloger error=unable to read files from java archive: unable t
NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY
@babel/traverse 7.17.3 7.23.2 npm GHSA-67hx-6x53-jw92 Critical
@babel/traverse 7.21.2 7.23.2 npm GHSA-67hx-6x53-jw92 Critical
angular 1.8.2 npm GHSA-4w4v-5hc9-xrr2 High
angular 1.8.2 npm GHSA-qwqh-hm9m-p5hr Medium
angular 1.8.2 npm GHSA-prc3-vjfx-vhm9 Medium
angular 1.8.2 npm GHSA-m2h2-264f-f486 Medium
angular 1.8.2 npm GHSA-2vrf-hf26-jrp5 Medium
angular 1.8.2 npm GHSA-2qqx-w9hr-q5gx Medium
axios 0.27.2 0.28.0 npm GHSA-wf5p-g6vw-rhxx Medium
debug 4.1.1 4.3.1 npm GHSA-gxpj-cx7g-858c Medium
expat 2.5.0-1.amzn2023.0.2 2.5.0-1.amzn2023.0.3 rpm ALAS-2024-524 Medium
follow-redirects 1.15.2 1.15.4 npm GHSA-jchw-25xp-jwwc Medium
follow-redirects 1.15.3 1.15.4 npm GHSA-jchw-25xp-jwwc Medium
hoek 4.2.1 npm GHSA-c429-5p7v-vgjp High
hoek 6.1.3 npm GHSA-c429-5p7v-vgjp High
monorepo-symlink-test 0.0.0 npm GHSA-2jcg-qqmg-46q6 Critical
node 18.16.0 binary CVE-2023-32002 Critical
node 18.16.0 binary CVE-2023-44487 High
node 18.16.0 binary CVE-2023-38552 High
node 18.16.0 binary CVE-2023-32559 High
node 18.16.0 binary CVE-2023-32006 High
node 18.16.0 binary CVE-2023-30590 High
node 18.16.0 binary CVE-2023-30589 High
node 18.16.0 binary CVE-2023-30585 High
node 18.16.0 binary CVE-2023-30581 High
node 18.16.0 binary CVE-2023-30588 Medium
openssl-libs 1:3.0.8-1.amzn2023.0.10 3.0.8-1.amzn2023.0.11 rpm ALAS-2024-520 Medium
In Wazuh indexer
The following vulerabilities have been removed:
bash
coreutils
gcc-12-base
gpgv
libc-bin
libc6
libgcc-s1
liblzma5
libncurses6
libncursesw6
libpcre3
libstdc++6
libsystemd0
libtinfo6
libudev1
libzstd1
login
ncurses-base
ncurses-bin
passwd
The following vulnerabilities have been added:
expat
openssl-libs
In Wazuh manager
The following vulnerabilities have been removed:
ibjpeg-turbo
libwayland-client
curl
binutils
libX11
libxml2
OpenSSL
krb5
libcap
libuuid
glibc
gcc
libXrender
jasper
openjpeg2
mariadb
iproute
pam
The following vulnerabilities have been added:
Werkzeug
cryptography
containerd
docker/distribution
gogo/protobuf
miekg/dns
opencontainers/image-spec
go.elastic.co/apm
golang.org/x/crypto
golang.org/x/net
golang.org/x/sys
golang.org/x/text
google.golang.org/grpc
k8s.io/client-go
systemd-libs
In Wazuh dashboard
The following vulnerabilities have been removed:
bash
coreutils
follow-redirects
follow-redirects
hoek
hoek
libncurses6
libncurses6
libncursesw6
libncursesw6
monorepo-symlink-test
ncurses-base
ncurses-base
ncurses-bin
ncurses-bin
passwd
passwd
The following vulnerabilities have been added:
expat
follow-redirects
follow-redirects
openssl-libs
Using the amazonlinux:latest
image, the vulnerabilities scans report the following:
Wazuh indexer
✘ ~ sudo grype 271d13bb1024 --scope all-layers
✔ Vulnerability DB [updated]
✔ Loaded image 271d13bb1024
✔ Parsed image sha256:271d13bb102424f8dc37d51e6dd9d5832b2972b0fc3e1d384198d6984021f7ac
✔ Cataloged contents 2c669e4e3f1f543c3ba88b04311aace4a99c8419815661a34f403212111ced00
├── ✔ Packages [753 packages]
├── ✔ File digests [5,461 files]
├── ✔ File metadata [5,461 locations]
└── ✔ Executables [371 executables]
✔ Scanned for vulnerabilities [14 vulnerability matches]
├── by severity: 0 critical, 9 high, 5 medium, 0 low, 0 negligible
└── by status: 14 fixed, 0 not-fixed, 0 ignored
NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY
bc-fips 1.0.2.3 1.0.2.4 java-archive GHSA-68m8-v89j-7j2p Medium
commons-compress 1.22 1.26.0 java-archive GHSA-4265-ccf5-phj5 High
commons-compress 1.22 1.24.0 java-archive GHSA-cgwf-w82q-5jrr Medium
commons-compress 1.23.0 1.26.0 java-archive GHSA-4265-ccf5-phj5 High
commons-compress 1.23.0 1.24.0 java-archive GHSA-cgwf-w82q-5jrr Medium
json 20230227 20231013 java-archive GHSA-4jq9-2xhw-jpx7 High
netty-codec-http2 4.1.97.Final 4.1.100.Final java-archive GHSA-xpw8-rcwv-8f8p High
opensearch 2.10.0 2.11.1 java-archive GHSA-6g3j-p5g6-992f Medium
snappy-java 1.1.10.3 1.1.10.4 java-archive GHSA-55g7-9cwv-5qfv High
xmlsec 2.3.3 2.3.4 java-archive GHSA-xfrj-6vvc-3xm2 Medium
Wazuh manager
~ sudo grype 2bd841ba96f5 --scope all-layers
✔ Vulnerability DB [no update available]
✔ Loaded image 2bd841ba96f5
✔ Parsed image sha256:2bd841ba96f5d9e1fdc5ca42cce357ae0e1471c47eb3bd7e6752fc4172ac415a
✔ Cataloged contents c452f750dd124efb2c9b1851973a6e9e511e785a7fce9f28d88df26c626c50a7
├── ✔ Packages [318 packages]
├── ✔ File digests [25,447 files]
├── ✔ File metadata [25,447 locations]
└── ✔ Executables [720 executables]
✔ Scanned for vulnerabilities [107 vulnerability matches]
├── by severity: 7 critical, 56 high, 39 medium, 5 low, 0 negligible
└── by status: 37 fixed, 70 not-fixed, 0 ignored
[0043] WARN unable to read dynamic symbols from elf file error=no symbol section
[0043] WARN unable to read dynamic symbols from elf file error=no symbol section
[0043] WARN unable to read dynamic symbols from elf file error=no symbol section
[0043] WARN unable to read dynamic symbols from elf file error=no symbol section
[0043] WARN unable to read dynamic symbols from elf file error=no symbol section
[0043] WARN unable to read dynamic symbols from elf file error=no symbol section
[0043] WARN unable to read dynamic symbols from elf file error=no symbol section
[0043] WARN unable to read dynamic symbols from elf file error=no symbol section
[0043] WARN unable to read dynamic symbols from elf file error=no symbol section
[0043] WARN unable to read dynamic symbols from elf file error=no symbol section
[0043] WARN unable to read dynamic symbols from elf file error=no symbol section
[0043] WARN unable to read dynamic symbols from elf file error=no symbol section
[0043] WARN unable to read dynamic symbols from elf file error=no symbol section
[0043] WARN unable to read dynamic symbols from elf file error=no symbol section
[0043] WARN unable to read dynamic symbols from elf file error=no symbol section
[0043] WARN unable to read dynamic symbols from elf file error=no symbol section
[0043] WARN unable to read dynamic symbols from elf file error=no symbol section
[0043] WARN unable to read dynamic symbols from elf file error=no symbol section
[0043] WARN unable to read dynamic symbols from elf file error=no symbol section
[0043] WARN unable to read dynamic symbols from elf file error=no symbol section
[0043] WARN unable to read dynamic symbols from elf file error=no symbol section
[0043] WARN unable to read dynamic symbols from elf file error=no symbol section
[0043] WARN unable to read dynamic symbols from elf file error=no symbol section
[0043] WARN unable to read dynamic symbols from elf file error=no symbol section
[0044] WARN unable to determine security features for "/var/ossec/framework/python/lib/python3.10/site-packages/pip/
[0044] WARN unable to determine security features for "/var/ossec/framework/python/lib/python3.10/site-packages/pip/
[0044] WARN unable to determine security features for "/var/ossec/framework/python/lib/python3.10/site-packages/pip/
[0044] WARN unable to determine security features for "/var/ossec/framework/python/lib/python3.10/site-packages/pip/
[0044] WARN unable to determine security features for "/var/ossec/framework/python/lib/python3.10/site-packages/pip/
[0044] WARN unable to determine security features for "/var/ossec/framework/python/lib/python3.10/site-packages/pip/
[0044] WARN unable to determine security features for "/var/ossec/framework/python/lib/python3.10/site-packages/setu
[0044] WARN unable to determine security features for "/var/ossec/framework/python/lib/python3.10/site-packages/setu
[0044] WARN unable to determine security features for "/var/ossec/framework/python/lib/python3.10/site-packages/setu
[0044] WARN unable to determine security features for "/var/ossec/framework/python/lib/python3.10/site-packages/setu
[0044] WARN unable to determine security features for "/var/ossec/framework/python/lib/python3.10/site-packages/setu
[0044] WARN unable to determine security features for "/var/ossec/framework/python/lib/python3.10/site-packages/setu
[0044] WARN unable to determine security features for "/var/ossec/framework/python/lib/python3.10/site-packages/setu
[0044] WARN unable to determine security features for "/var/ossec/framework/python/lib/python3.10/site-packages/setu
[0045] WARN some package(s) are missing CPEs. This may result in missing vulnerabilities. You may autogenerate these
NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY
Werkzeug 2.2.3 2.3.8 python GHSA-hrfv-mqp8-q5rw Medium
cryptography 42.0.2 42.0.4 python GHSA-6vqw-3v5j-54x4 High
github.com/containerd/containerd v1.3.3 1.4.13 go-module GHSA-crp2-qrr5-8pq7 High
github.com/containerd/containerd v1.3.3 1.5.18 go-module GHSA-hmfx-3pcx-653p Medium
github.com/containerd/containerd v1.3.3 1.4.8 go-module GHSA-c72p-9xmj-rx3w Medium
github.com/containerd/containerd v1.3.3 1.4.11 go-module GHSA-c2h3-6mxw-7mvq Medium
github.com/containerd/containerd v1.3.3 1.6.26 go-module GHSA-7ww5-4wqc-m92c Medium
github.com/containerd/containerd v1.3.3 1.3.10 go-module GHSA-6g2q-w5j3-fwh4 Medium
github.com/containerd/containerd v1.3.3 1.5.13 go-module GHSA-5ffw-gxpp-mxpf Medium
github.com/containerd/containerd v1.3.3 1.3.9 go-module GHSA-36xw-fx78-c5r4 Medium
github.com/containerd/containerd v1.3.3 1.5.16 go-module GHSA-2qjp-425j-52j9 Medium
github.com/containerd/containerd v1.3.3 1.5.18 go-module GHSA-259w-8hf6-59c2 Medium
github.com/containerd/containerd v1.3.3 1.4.12 go-module GHSA-5j5w-g665-5m35 Low
github.com/docker/distribution v2.7.1+incompatible 2.8.2-beta.1 go-module GHSA-hqxw-f8mx-cpmw High
github.com/docker/distribution v2.7.1+incompatible 2.8.0 go-module GHSA-qq97-vm5h-rrhg Low
github.com/gogo/protobuf v1.3.1 1.3.2 go-module GHSA-c3h9-896r-86jm High
github.com/miekg/dns v1.1.15 1.1.25 go-module GHSA-44r7-7p62-q3fr Medium
github.com/opencontainers/image-spec v1.0.2-0.20190823105129-775207bd45b6 1.0.2 go-module GHSA-77vh-xpmg-72qh Low
go.elastic.co/apm v1.8.1-0.20200909061013-2aef45b9cf4b 1.11.0 go-module GHSA-qqc5-rgcc-cjqh Low
golang.org/x/crypto v0.0.0-20200510223506-06a226fb4e37 0.0.0-20211202192323-5770296d904e go-module GHSA-gwc9-m7rh-j2ww High
golang.org/x/crypto v0.0.0-20200510223506-06a226fb4e37 0.0.0-20220314234659-1baeb1ce4c0b go-module GHSA-8c26-wmh5-6g9v High
golang.org/x/crypto v0.0.0-20200510223506-06a226fb4e37 0.0.0-20201216223049-8b5274cf687f go-module GHSA-3vm4-22fp-5rfm High
golang.org/x/crypto v0.0.0-20200510223506-06a226fb4e37 0.17.0 go-module GHSA-45x7-px36-x8w8 Medium
golang.org/x/net v0.0.0-20200202094626-16171245cfb2 0.7.0 go-module GHSA-vvpx-j8f3-3w6h High
golang.org/x/net v0.0.0-20200202094626-16171245cfb2 0.0.0-20210520170846-37e1c6afe023 go-module GHSA-83g2-8m93-v3w7 High
golang.org/x/net v0.0.0-20200202094626-16171245cfb2 0.0.0-20220906165146-f3363e06e74c go-module GHSA-69cg-p879-7622 High
golang.org/x/net v0.0.0-20200202094626-16171245cfb2 0.17.0 go-module GHSA-4374-p667-p6c8 High
golang.org/x/net v0.0.0-20200202094626-16171245cfb2 0.17.0 go-module GHSA-qppj-fm5r-hxr3 Medium
golang.org/x/net v0.0.0-20200202094626-16171245cfb2 0.0.0-20210428140749-89ef3d95e781 go-module GHSA-h86h-8ppg-mxmh Medium
golang.org/x/net v0.0.0-20200202094626-16171245cfb2 0.13.0 go-module GHSA-2wrh-6pvc-2jm9 Medium
golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae 0.0.0-20220412211240-33da011f77ad go-module GHSA-p782-xgp4-8hr8 Medium
golang.org/x/text v0.3.2 0.3.7 go-module GHSA-ppp9-7jff-5vj2 High
golang.org/x/text v0.3.2 0.3.8 go-module GHSA-69ch-w2m2-3vjp High
golang.org/x/text v0.3.2 0.3.3 go-module GHSA-5rcv-m4m3-hfh7 Medium
google.golang.org/grpc v1.29.1 1.56.3 go-module GHSA-m425-mq94-257g High
google.golang.org/grpc v1.29.1 1.56.3 go-module GHSA-qppj-fm5r-hxr3 Medium
k8s.io/client-go v0.18.3 0.18.14 go-module GHSA-8cfg-vx93-jvxw Medium
stdlib go1.14.12 go-module CVE-2023-29405 Critical
stdlib go1.14.12 go-module CVE-2023-29404 Critical
stdlib go1.14.12 go-module CVE-2023-29402 Critical
stdlib go1.14.12 go-module CVE-2023-24540 Critical
stdlib go1.14.12 go-module CVE-2023-24538 Critical
stdlib go1.14.12 go-module CVE-2022-23806 Critical
stdlib go1.14.12 go-module CVE-2021-38297 Critical
stdlib go1.14.12 go-module CVE-2023-45287 High
stdlib go1.14.12 go-module CVE-2023-45285 High
stdlib go1.14.12 go-module CVE-2023-44487 High
stdlib go1.14.12 go-module CVE-2023-39323 High
stdlib go1.14.12 go-module CVE-2023-29403 High
stdlib go1.14.12 go-module CVE-2023-29400 High
stdlib go1.14.12 go-module CVE-2023-24539 High
stdlib go1.14.12 go-module CVE-2023-24537 High
stdlib go1.14.12 go-module CVE-2023-24536 High
stdlib go1.14.12 go-module CVE-2023-24534 High
stdlib go1.14.12 go-module CVE-2022-41725 High
stdlib go1.14.12 go-module CVE-2022-41724 High
stdlib go1.14.12 go-module CVE-2022-41723 High
stdlib go1.14.12 go-module CVE-2022-41722 High
stdlib go1.14.12 go-module CVE-2022-41715 High
stdlib go1.14.12 go-module CVE-2022-32189 High
stdlib go1.14.12 go-module CVE-2022-30635 High
stdlib go1.14.12 go-module CVE-2022-30633 High
stdlib go1.14.12 go-module CVE-2022-30632 High
stdlib go1.14.12 go-module CVE-2022-30631 High
stdlib go1.14.12 go-module CVE-2022-30630 High
stdlib go1.14.12 go-module CVE-2022-30580 High
stdlib go1.14.12 go-module CVE-2022-2880 High
stdlib go1.14.12 go-module CVE-2022-2879 High
stdlib go1.14.12 go-module CVE-2022-28327 High
stdlib go1.14.12 go-module CVE-2022-28131 High
stdlib go1.14.12 go-module CVE-2022-27664 High
stdlib go1.14.12 go-module CVE-2022-24921 High
stdlib go1.14.12 go-module CVE-2022-24675 High
stdlib go1.14.12 go-module CVE-2022-23773 High
stdlib go1.14.12 go-module CVE-2022-23772 High
stdlib go1.14.12 go-module CVE-2021-44716 High
stdlib go1.14.12 go-module CVE-2021-41772 High
stdlib go1.14.12 go-module CVE-2021-41771 High
stdlib go1.14.12 go-module CVE-2021-39293 High
stdlib go1.14.12 go-module CVE-2021-33198 High
stdlib go1.14.12 go-module CVE-2021-33196 High
stdlib go1.14.12 go-module CVE-2021-33195 High
stdlib go1.14.12 go-module CVE-2021-33194 High
stdlib go1.14.12 go-module CVE-2021-3115 High
stdlib go1.14.12 go-module CVE-2021-29923 High
stdlib go1.14.12 go-module CVE-2021-27918 High
stdlib go1.14.12 go-module CVE-2023-39326 Medium
stdlib go1.14.12 go-module CVE-2023-39319 Medium
stdlib go1.14.12 go-module CVE-2023-39318 Medium
stdlib go1.14.12 go-module CVE-2023-29409 Medium
stdlib go1.14.12 go-module CVE-2023-29406 Medium
stdlib go1.14.12 go-module CVE-2023-24532 Medium
stdlib go1.14.12 go-module CVE-2022-41717 Medium
stdlib go1.14.12 go-module CVE-2022-32148 Medium
stdlib go1.14.12 go-module CVE-2022-29526 Medium
stdlib go1.14.12 go-module CVE-2022-1962 Medium
stdlib go1.14.12 go-module CVE-2022-1705 Medium
stdlib go1.14.12 go-module CVE-2021-44717 Medium
stdlib go1.14.12 go-module CVE-2021-36221 Medium
stdlib go1.14.12 go-module CVE-2021-34558 Medium
stdlib go1.14.12 go-module CVE-2021-33197 Medium
stdlib go1.14.12 go-module CVE-2021-31525 Medium
stdlib go1.14.12 go-module CVE-2021-3114 Medium
stdlib go1.14.12 go-module CVE-2020-29511 Medium
stdlib go1.14.12 go-module CVE-2020-29510 Medium
stdlib go1.14.12 go-module CVE-2020-29509 Medium
stdlib go1.14.12 go-module CVE-2022-30629 Low
Wazuh dashboard
~ sudo grype 93485857c37d --scope all-layers
✔ Vulnerability DB [no update available]
✔ Loaded image 93485857c37d
✔ Parsed image sha256:93485857c37de74fd387c33162e0042206af3b7c32362745a5a534b15f9a9def
✔ Cataloged contents 50b66acf5a627cb290660c70f6b83681de80a16aa6241062411104785b63bbc7
├── ✔ Packages [1,963 packages]
├── ✔ File digests [5,402 files]
├── ✔ File metadata [5,402 locations]
└── ✔ Executables [298 executables]
✔ Scanned for vulnerabilities [27 vulnerability matches]
├── by severity: 5 critical, 11 high, 10 medium, 1 low, 0 negligible
└── by status: 7 fixed, 20 not-fixed, 0 ignored
[0055] WARN cataloger failed cataloger=javascript-package-cataloger error=failed to parse package.json file: unable
[0055] WARN cataloger failed cataloger=javascript-package-cataloger error=failed to parse package.json file: unable
[0055] WARN cataloger failed cataloger=javascript-package-cataloger error=failed to parse package.json file: unexpec
[0055] WARN cataloger failed cataloger=java-archive-cataloger error=unable to read files from java archive: unable t
NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY
@babel/traverse 7.17.3 7.23.2 npm GHSA-67hx-6x53-jw92 Critical
@babel/traverse 7.21.2 7.23.2 npm GHSA-67hx-6x53-jw92 Critical
angular 1.8.2 npm GHSA-4w4v-5hc9-xrr2 High
angular 1.8.2 npm GHSA-qwqh-hm9m-p5hr Medium
angular 1.8.2 npm GHSA-prc3-vjfx-vhm9 Medium
angular 1.8.2 npm GHSA-m2h2-264f-f486 Medium
angular 1.8.2 npm GHSA-2vrf-hf26-jrp5 Medium
angular 1.8.2 npm GHSA-2qqx-w9hr-q5gx Medium
axios 0.27.2 0.28.0 npm GHSA-wf5p-g6vw-rhxx Medium
debug 4.1.1 4.3.1 npm GHSA-gxpj-cx7g-858c Medium
es5-ext 0.10.62 0.10.63 npm GHSA-4gmj-3p3h-gm8h Low
follow-redirects 1.15.2 1.15.4 npm GHSA-jchw-25xp-jwwc Medium
hoek 4.2.1 npm GHSA-c429-5p7v-vgjp High
hoek 6.1.3 npm GHSA-c429-5p7v-vgjp High
monorepo-symlink-test 0.0.0 npm GHSA-2jcg-qqmg-46q6 Critical
node 18.16.0 binary CVE-2023-32002 Critical
node 18.16.0 binary CVE-2023-44487 High
node 18.16.0 binary CVE-2023-38552 High
node 18.16.0 binary CVE-2023-32559 High
node 18.16.0 binary CVE-2023-32006 High
node 18.16.0 binary CVE-2023-30590 High
node 18.16.0 binary CVE-2023-30589 High
node 18.16.0 binary CVE-2023-30585 High
node 18.16.0 binary CVE-2023-30581 High
node 18.16.0 binary CVE-2023-30588 Medium
wazuh-indexer
image, the openssl-libs
and expat
vulnerabilities have been removed.wazuh-manager
image, the expat
, systemd-libs
, openssl
, openssl-libs
have been removedwazuh-dashboard
image, the expat
, openssl-libs
and follow-redirects
(x2) have been removed.
Description
Due to the vulnerabilities found in the Ubuntu Jammy Docker image, we need to change the base image to
amazonlinux:2023
.The AL2023 image does not have vulnerabilities, according to the scan:
Tasks
amazonlinux:2023
.DRI