MiguelazoDS commented 5 days ago

Description

As part of this implementation, https://github.com/wazuh/wazuh/issues/24111 @pereyra-m noticed that the fix won't work in a docker environment since it will not run the same script.

Dod

Since 4.8.1 the wazuh-keystore must read the certificates from /var/ossec/etc/{keystore.cert,keystore.key}
During an upgrade if new location keys do not exist copy /var/ossec/etc/{sslmanager.cert,sslmanager.key} to /var/ossec/etc/{keystore.cert,keystore.key}
If the copied keys are not valid, re-create them.

vcerenu commented 4 days ago

The enhancement/1414-add-new-keystore branch was created with the requested changes, it requires the Wazuh 4.8.1 packages to be able to test its operation, but with the 4.8.0 packages it starts correctly, creates the requested certificates and meets the condition to not need to recreate the keystore.

$ docker exec -it single-node_wazuh.manager_1 bash
bash-5.2# cd /var/ossec/etc/
bash-5.2# ls -ltr
total 72
-rw-r----- 1 root wazuh   320 Jun  6 08:32 local_internal_options.conf
-rw-r----- 1 root wazuh 14480 Jun  6 08:32 internal_options.conf
-rw-r----- 1 root wazuh     0 Jun  6 08:32 client.keys
-rw-r----- 1 root wazuh   114 Jun 20 23:07 localtime
drwxrwx--- 2 root wazuh  4096 Jul  3 13:26 rules
drwxrwx--- 2 root wazuh  4096 Jul  3 13:26 rootcheck
drwxrwx--- 2 root wazuh  4096 Jul  3 13:26 decoders
-rw-r----- 1 root root   1704 Jul  3 13:26 sslmanager.key
-rw-r----- 1 root root   1164 Jul  3 13:26 sslmanager.cert
-rw-r----- 1 root root   1704 Jul  3 13:26 keystore.key
-rw-r----- 1 root root   1164 Jul  3 13:26 keystore.cert
-rw-rw---- 1 root wazuh  8571 Jul  3 14:14 ossec.conf
drwxrwx--- 3 root wazuh  4096 Jul  3 14:14 shared
drwxrwx--- 3 root wazuh  4096 Jul  3 14:14 lists
bash-5.2#

vcerenu commented 3 days ago

Image build

$ build-docker-images/build-images.sh 
Building wazuh.manager
[+] Building 164.6s (23/23) FINISHED                                                                                                                                                                        
 => [internal] load build definition from Dockerfile                                                                                                                                                   0.0s
 => => transferring dockerfile: 2.35kB                                                                                                                                                                 0.0s
 => [internal] load metadata for docker.io/library/amazonlinux:2023                                                                                                                                    4.3s
 => [auth] library/amazonlinux:pull token for registry-1.docker.io                                                                                                                                     0.0s
 => [internal] load .dockerignore                                                                                                                                                                      0.0s
 => => transferring context: 2B                                                                                                                                                                        0.0s
 => [ 1/16] FROM docker.io/library/amazonlinux:2023@sha256:d96fde261b48b15e22c28c2eb54d087d39bcc19af7963d86539f18eea16b283c                                                                           29.8s
 => => resolve docker.io/library/amazonlinux:2023@sha256:d96fde261b48b15e22c28c2eb54d087d39bcc19af7963d86539f18eea16b283c                                                                              0.0s
 => => sha256:d96fde261b48b15e22c28c2eb54d087d39bcc19af7963d86539f18eea16b283c 547B / 547B                                                                                                             0.0s
 => => sha256:3980b5cf711b0fd6e4f4e1e056412a4e8557484b8f5419d4bc3999271b66738e 529B / 529B                                                                                                             0.0s
 => => sha256:77fc35bc2709e6d7eb97c08069c0da335574e6b59d8690c42d0d19684dbeb898 1.48kB / 1.48kB                                                                                                         0.0s
 => => sha256:860904071dc658e37de73aa1556e7badfb13bef4747965ea3bd1049e8ff87dcd 52.32MB / 52.32MB                                                                                                      18.5s
 => => extracting sha256:860904071dc658e37de73aa1556e7badfb13bef4747965ea3bd1049e8ff87dcd                                                                                                             11.1s
 => [internal] load build context                                                                                                                                                                      0.1s
 => => transferring context: 30.51kB                                                                                                                                                                   0.0s
 => CACHED [14/16] ADD https://raw.githubusercontent.com/wazuh/wazuh/4.8.1/extensions/elasticsearch/7.x/wazuh-template.json /etc/filebeat                                                              0.0s
 => [ 2/16] RUN rm /bin/sh && ln -s /bin/bash /bin/sh                                                                                                                                                  1.4s
 => [ 3/16] RUN yum install curl-minimal xz gnupg tar gzip openssl findutils procps -y &&    yum clean all                                                                                            14.8s
 => [ 4/16] COPY config/check_repository.sh /                                                                                                                                                          0.5s
 => [ 5/16] COPY config/filebeat_module.sh /                                                                                                                                                           0.4s 
 => [ 6/16] COPY config/permanent_data.env config/permanent_data.sh /                                                                                                                                  0.3s 
 => [ 7/16] RUN chmod 775 /check_repository.sh                                                                                                                                                         1.3s 
 => [ 8/16] RUN source /check_repository.sh                                                                                                                                                            3.3s 
 => [ 9/16] RUN yum install wazuh-manager-4.8.1-1 -y &&     yum clean all &&     chmod 775 /filebeat_module.sh &&     source /filebeat_module.sh &&     rm /filebeat_module.sh &&     curl --fail --  98.8s 
 => [10/16] COPY config/etc/ /etc/                                                                                                                                                                     0.2s 
 => [11/16] COPY --chown=root:wazuh config/create_user.py /var/ossec/framework/scripts/create_user.py                                                                                                  0.1s 
 => [12/16] COPY config/filebeat.yml /etc/filebeat/                                                                                                                                                    0.1s 
 => [13/16] RUN chmod go-w /etc/filebeat/filebeat.yml                                                                                                                                                  0.5s 
 => [14/16] ADD https://raw.githubusercontent.com/wazuh/wazuh/4.8.1/extensions/elasticsearch/7.x/wazuh-template.json /etc/filebeat                                                                     0.1s 
 => [15/16] RUN chmod go-w /etc/filebeat/wazuh-template.json                                                                                                                                           0.5s 
 => [16/16] RUN mkdir -p /var/ossec/var/multigroups &&     chown root:wazuh /var/ossec/var/multigroups &&     chmod 770 /var/ossec/var/multigroups &&     mkdir -p /var/ossec/agentless &&     chown   1.6s
 => exporting to image                                                                                                                                                                                 6.0s
 => => exporting layers                                                                                                                                                                                6.0s
 => => writing image sha256:d893348c8fa7438efc1554bebfaa1a7e2422894afbdc6a82f450bee999b67d52                                                                                                           0.0s
 => => naming to docker.io/wazuh/wazuh-manager:4.8.1                                                                                                                                                   0.0s
Building wazuh.indexer
[+] Building 133.9s (29/29) FINISHED                                                                                                                                                                        
 => [internal] load build definition from Dockerfile                                                                                                                                                   0.0s
 => => transferring dockerfile: 2.49kB                                                                                                                                                                 0.0s
 => [internal] load metadata for docker.io/library/amazonlinux:2023                                                                                                                                    1.2s
 => [internal] load .dockerignore                                                                                                                                                                      0.0s
 => => transferring context: 2B                                                                                                                                                                        0.0s
 => [internal] load build context                                                                                                                                                                      0.1s
 => => transferring context: 21.27kB                                                                                                                                                                   0.0s
 => CACHED [builder  1/10] FROM docker.io/library/amazonlinux:2023@sha256:d96fde261b48b15e22c28c2eb54d087d39bcc19af7963d86539f18eea16b283c                                                             0.0s
 => [stage-1  2/15] RUN yum install curl-minimal shadow-utils findutils hostname -y                                                                                                                   11.6s
 => [builder  2/10] RUN yum install curl-minimal openssl xz tar findutils shadow-utils -y                                                                                                             13.6s
 => [stage-1  3/15] RUN getent group wazuh-indexer || groupadd -r -g 1000 wazuh-indexer                                                                                                                0.8s
 => [stage-1  4/15] RUN useradd --system             --uid 1000             --no-create-home             --home-dir /usr/share/wazuh-indexer             --gid wazuh-indexer             --shell /sbi  0.8s
 => [stage-1  5/15] WORKDIR /usr/share/wazuh-indexer                                                                                                                                                   0.2s
 => [stage-1  6/15] COPY config/entrypoint.sh /                                                                                                                                                        0.2s
 => [stage-1  7/15] COPY config/securityadmin.sh /                                                                                                                                                     0.3s
 => [builder  3/10] COPY config/opensearch.yml /                                                                                                                                                       0.2s 
 => [builder  4/10] COPY config/config.sh .                                                                                                                                                            0.3s 
 => [stage-1  8/15] RUN chmod 700 /entrypoint.sh && chmod 700 /securityadmin.sh                                                                                                                        0.8s 
 => [builder  5/10] COPY config/config.yml /                                                                                                                                                           0.2s 
 => [builder  6/10] COPY config/action_groups.yml /                                                                                                                                                    0.2s 
 => [builder  7/10] COPY config/internal_users.yml /                                                                                                                                                   0.2s 
 => [builder  8/10] COPY config/roles_mapping.yml /                                                                                                                                                    0.3s 
 => [stage-1  9/15] RUN chown 1000:1000 /*.sh                                                                                                                                                          0.8s
 => [builder  9/10] COPY config/roles.yml /                                                                                                                                                            0.2s
 => [builder 10/10] RUN bash config.sh                                                                                                                                                                94.1s
 => [stage-1 10/15] COPY --from=builder --chown=1000:1000 /debian/wazuh-indexer/usr/share/wazuh-indexer /usr/share/wazuh-indexer                                                                       4.9s 
 => [stage-1 11/15] COPY --from=builder --chown=0:0 /debian/wazuh-indexer/usr/lib/systemd /usr/lib/systemd                                                                                             0.1s 
 => [stage-1 12/15] COPY --from=builder --chown=0:0 /debian/wazuh-indexer/usr/lib/sysctl.d /usr/lib/sysctl.d                                                                                           0.1s 
 => [stage-1 13/15] COPY --from=builder --chown=0:0 /debian/wazuh-indexer/usr/lib/tmpfiles.d /usr/lib/tmpfiles.d                                                                                       0.1s 
 => [stage-1 14/15] RUN chown -R 1000:1000 /usr/share/wazuh-indexer                                                                                                                                    9.0s 
 => [stage-1 15/15] RUN mkdir -p /var/lib/wazuh-indexer && chown 1000:1000 /var/lib/wazuh-indexer &&     mkdir -p /usr/share/wazuh-indexer/logs && chown 1000:1000 /usr/share/wazuh-indexer/logs &&    0.7s 
 => exporting to image                                                                                                                                                                                 4.8s
 => => exporting layers                                                                                                                                                                                4.7s
 => => writing image sha256:df4fd3ccc17cd1908313ef256d7ec022aeebcda8e704b29f24ec9be0c379fa02                                                                                                           0.0s
 => => naming to docker.io/wazuh/wazuh-indexer:4.8.1                                                                                                                                                   0.0s
Building wazuh.dashboard
[+] Building 145.8s (35/35) FINISHED                                                                                                                                                                        
 => [internal] load build definition from Dockerfile                                                                                                                                                   0.0s
 => => transferring dockerfile: 3.42kB                                                                                                                                                                 0.0s
 => [internal] load metadata for docker.io/library/amazonlinux:2023                                                                                                                                    2.3s
 => [auth] library/amazonlinux:pull token for registry-1.docker.io                                                                                                                                     0.0s
 => [internal] load .dockerignore                                                                                                                                                                      0.0s
 => => transferring context: 2B                                                                                                                                                                        0.0s
 => [internal] load build context                                                                                                                                                                      0.1s
 => => transferring context: 14.72kB                                                                                                                                                                   0.1s
 => CACHED [builder  1/17] FROM docker.io/library/amazonlinux:2023@sha256:d96fde261b48b15e22c28c2eb54d087d39bcc19af7963d86539f18eea16b283c                                                             0.0s
 => [stage-1  2/13] RUN yum install shadow-utils -y                                                                                                                                                   12.0s
 => [builder  2/17] RUN yum install curl-minimal libcap xz tar openssl -y                                                                                                                             11.1s
 => [builder  3/17] RUN mkdir -p /usr/share/wazuh-dashboard                                                                                                                                            0.7s
 => [builder  4/17] COPY config/dl_base.sh .                                                                                                                                                           0.1s
 => [builder  5/17] RUN bash dl_base.sh                                                                                                                                                               32.1s
 => [stage-1  3/13] RUN getent group wazuh-dashboard || groupadd -r -g 1000 wazuh-dashboard                                                                                                            0.7s
 => [stage-1  4/13] RUN useradd --system             --uid 1000             --no-create-home             --home-dir /usr/share/wazuh-dashboard             --gid wazuh-dashboard             --shell   0.7s 
 => [stage-1  5/13] COPY config/entrypoint.sh /                                                                                                                                                        0.2s 
 => [stage-1  6/13] COPY config/wazuh_app_config.sh /                                                                                                                                                  0.2s 
 => [stage-1  7/13] RUN chmod 700 /entrypoint.sh                                                                                                                                                       0.5s 
 => [stage-1  8/13] RUN chmod 700 /wazuh_app_config.sh                                                                                                                                                 0.6s 
 => [stage-1  9/13] RUN chown 1000:1000 /*.sh                                                                                                                                                          0.6s 
 => [builder  6/17] COPY config/config.sh .                                                                                                                                                            0.1s 
 => [builder  7/17] COPY config/config.yml /                                                                                                                                                           0.1s 
 => [builder  8/17] RUN bash config.sh                                                                                                                                                                 3.5s 
 => [builder  9/17] COPY config/install_wazuh_app.sh /                                                                                                                                                 0.2s 
 => [builder 10/17] RUN chmod 775 /install_wazuh_app.sh                                                                                                                                                0.5s 
 => [builder 11/17] RUN bash /install_wazuh_app.sh                                                                                                                                                    46.1s 
 => [builder 12/17] COPY config/opensearch_dashboards.yml /usr/share/wazuh-dashboard/config/                                                                                                           0.1s 
 => [builder 13/17] COPY config/wazuh.yml /usr/share/wazuh-dashboard/data/wazuh/config/                                                                                                                0.1s 
 => [builder 14/17] RUN chmod 664 /usr/share/wazuh-dashboard/config/opensearch_dashboards.yml                                                                                                          0.5s 
 => [builder 15/17] RUN mkdir -p /usr/share/wazuh-dashboard/data/wazuh && chmod -R 775 /usr/share/wazuh-dashboard/data/wazuh                                                                           0.4s 
 => [builder 16/17] RUN mkdir -p /usr/share/wazuh-dashboard/data/wazuh/config && chmod -R 775 /usr/share/wazuh-dashboard/data/wazuh/config                                                             0.6s 
 => [builder 17/17] RUN mkdir -p /usr/share/wazuh-dashboard/data/wazuh/logs && chmod -R 775 /usr/share/wazuh-dashboard/data/wazuh/logs                                                                 0.5s 
 => [stage-1 10/13] COPY --from=builder --chown=1000:1000 /usr/share/wazuh-dashboard /usr/share/wazuh-dashboard                                                                                       26.8s
 => [stage-1 11/13] RUN mkdir -p /usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom                                                                                                         0.5s
 => [stage-1 12/13] RUN chown 1000:1000 /usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom                                                                                                  0.5s
 => [stage-1 13/13] WORKDIR /usr/share/wazuh-dashboard                                                                                                                                                 0.1s
 => exporting to image                                                                                                                                                                                 9.0s
 => => exporting layers                                                                                                                                                                                9.0s
 => => writing image sha256:648d06face32712845f8f8a010419012fe5d9b41787fc27a948ea4ad3eda1c34                                                                                                           0.0s
 => => naming to docker.io/wazuh/wazuh-dashboard:4.8.1

vcerenu commented 3 days ago

Wazuh v4.8.1 deployment

$ docker-compose -f generate-indexer-certs.yml run --rm generator
Creating network "single-node_default" with the default driver
Pulling generator (wazuh/wazuh-certs-generator:0.0.2)...
0.0.2: Pulling from wazuh/wazuh-certs-generator
17d0386c2fff: Pull complete
7ce91ec7d1d3: Pull complete
5249716d429c: Pull complete
d7003467fd14: Pull complete
Digest: sha256:88c4b30ad9b8320ba29f0a891761ad8000866c15c844d27b04974f5cb427c8f0
Status: Downloaded newer image for wazuh/wazuh-certs-generator:0.0.2
Creating single-node_generator_run ... done
The tool to create the certificates exists in the in Packages bucket
04/07/2024 13:13:09 INFO: Generating the root certificate.
04/07/2024 13:13:09 INFO: Generating Admin certificates.
04/07/2024 13:13:10 INFO: Admin certificates created.
04/07/2024 13:13:10 INFO: Generating Wazuh indexer certificates.
04/07/2024 13:13:10 INFO: Wazuh indexer certificates created.
04/07/2024 13:13:10 INFO: Generating Filebeat certificates.
04/07/2024 13:13:10 INFO: Wazuh Filebeat certificates created.
04/07/2024 13:13:10 INFO: Generating Wazuh dashboard certificates.
04/07/2024 13:13:10 INFO: Wazuh dashboard certificates created.
Moving created certificates to the destination directory
Changing certificate permissions
Setting UID indexer and dashboard
Setting UID for wazuh manager and worker
$ docker-compose up -d
Creating volume "single-node_wazuh_api_configuration" with default driver
Creating volume "single-node_wazuh_etc" with default driver
Creating volume "single-node_wazuh_logs" with default driver
Creating volume "single-node_wazuh_queue" with default driver
Creating volume "single-node_wazuh_var_multigroups" with default driver
Creating volume "single-node_wazuh_integrations" with default driver
Creating volume "single-node_wazuh_active_response" with default driver
Creating volume "single-node_wazuh_agentless" with default driver
Creating volume "single-node_wazuh_wodles" with default driver
Creating volume "single-node_filebeat_etc" with default driver
Creating volume "single-node_filebeat_var" with default driver
Creating volume "single-node_wazuh-indexer-data" with default driver
Creating volume "single-node_wazuh-dashboard-config" with default driver
Creating volume "single-node_wazuh-dashboard-custom" with default driver
Creating single-node_wazuh.manager_1 ... done
Creating single-node_wazuh.indexer_1 ... done
Creating single-node_wazuh.dashboard_1 ... done
$ docker logs single-node_wazuh.manager_1 -f
[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 0-wazuh-init: executing... 
/var/ossec/data_tmp/permanent/var/ossec/api/configuration/
Installing /var/ossec/api/configuration
/var/ossec/data_tmp/permanent/var/ossec/etc/
Installing /var/ossec/etc
/var/ossec/data_tmp/permanent/var/ossec/logs/
Installing /var/ossec/logs
/var/ossec/data_tmp/permanent/var/ossec/queue/
Installing /var/ossec/queue
/var/ossec/data_tmp/permanent/var/ossec/agentless/
The path /var/ossec/agentless is empty, skiped
/var/ossec/data_tmp/permanent/var/ossec/var/multigroups/
The path /var/ossec/var/multigroups is empty, skiped
/var/ossec/data_tmp/permanent/var/ossec/integrations/
The path /var/ossec/integrations is empty, skiped
/var/ossec/data_tmp/permanent/var/ossec/active-response/bin/
The path /var/ossec/active-response/bin is empty, skiped
/var/ossec/data_tmp/permanent/var/ossec/wodles/
Installing /var/ossec/wodles
/var/ossec/data_tmp/permanent/etc/filebeat/
Installing /etc/filebeat
Updating /var/ossec/etc/internal_options.conf
Updating /var/ossec/integrations/slack
Updating /var/ossec/integrations/slack.py
Updating /var/ossec/integrations/virustotal
Updating /var/ossec/integrations/virustotal.py
Updating /var/ossec/integrations/shuffle
Updating /var/ossec/integrations/shuffle.py
Updating /var/ossec/integrations/pagerduty
Updating /var/ossec/integrations/pagerduty.py
Updating /var/ossec/integrations/maltiverse
Updating /var/ossec/integrations/maltiverse.py
Updating /var/ossec/active-response/bin/default-firewall-drop
Updating /var/ossec/active-response/bin/disable-account
Updating /var/ossec/active-response/bin/firewalld-drop
Updating /var/ossec/active-response/bin/firewall-drop
Updating /var/ossec/active-response/bin/host-deny
Updating /var/ossec/active-response/bin/ip-customblock
Updating /var/ossec/active-response/bin/ipfw
Updating /var/ossec/active-response/bin/kaspersky.py
Updating /var/ossec/active-response/bin/kaspersky
Updating /var/ossec/active-response/bin/npf
Updating /var/ossec/active-response/bin/wazuh-slack
Updating /var/ossec/active-response/bin/pf
Updating /var/ossec/active-response/bin/restart-wazuh
Updating /var/ossec/active-response/bin/restart.sh
Updating /var/ossec/active-response/bin/route-null
Updating /var/ossec/agentless/sshlogin.exp
Updating /var/ossec/agentless/ssh_pixconfig_diff
Updating /var/ossec/agentless/ssh_asa-fwsmconfig_diff
Updating /var/ossec/agentless/ssh_integrity_check_bsd
Updating /var/ossec/agentless/main.exp
Updating /var/ossec/agentless/su.exp
Updating /var/ossec/agentless/ssh_integrity_check_linux
Updating /var/ossec/agentless/register_host.sh
Updating /var/ossec/agentless/ssh_generic_diff
Updating /var/ossec/agentless/ssh_foundry_diff
Updating /var/ossec/agentless/ssh_nopass.exp
Updating /var/ossec/agentless/ssh.exp
Updating /var/ossec/wodles/utils.py
Updating /var/ossec/wodles/aws/aws-s3
Updating /var/ossec/wodles/aws/aws-s3.py
Updating /var/ossec/wodles/aws/__init__.py
Updating /var/ossec/wodles/aws/aws_tools.py
Updating /var/ossec/wodles/aws/wazuh_integration.py
Updating /var/ossec/wodles/aws/buckets_s3/__init__.py
Updating /var/ossec/wodles/aws/buckets_s3/aws_bucket.py
Updating /var/ossec/wodles/aws/buckets_s3/cloudtrail.py
Updating /var/ossec/wodles/aws/buckets_s3/config.py
Updating /var/ossec/wodles/aws/buckets_s3/guardduty.py
Updating /var/ossec/wodles/aws/buckets_s3/load_balancers.py
Updating /var/ossec/wodles/aws/buckets_s3/server_access.py
Updating /var/ossec/wodles/aws/buckets_s3/umbrella.py
Updating /var/ossec/wodles/aws/buckets_s3/vpcflow.py
Updating /var/ossec/wodles/aws/buckets_s3/waf.py
Updating /var/ossec/wodles/aws/services/__init__.py
Updating /var/ossec/wodles/aws/services/aws_service.py
Updating /var/ossec/wodles/aws/services/cloudwatchlogs.py
Updating /var/ossec/wodles/aws/services/inspector.py
Updating /var/ossec/wodles/aws/subscribers/__init__.py
Updating /var/ossec/wodles/aws/subscribers/s3_log_handler.py
Updating /var/ossec/wodles/aws/subscribers/sqs_message_processor.py
Updating /var/ossec/wodles/aws/subscribers/sqs_queue.py
Updating /var/ossec/wodles/azure/azure-logs
Updating /var/ossec/wodles/azure/azure-logs.py
Updating /var/ossec/wodles/azure/orm.py
Updating /var/ossec/wodles/docker/DockerListener
Updating /var/ossec/wodles/docker/DockerListener.py
Updating /var/ossec/wodles/gcloud/gcloud
Updating /var/ossec/wodles/gcloud/gcloud.py
Updating /var/ossec/wodles/gcloud/integratuion.py
Updating /var/ossec/wodles/gcloud/tools.py
Updating /var/ossec/wodles/gcloud/exceptions.py
find: '/proc/392/task/392/fd/5': No such file or directory
find: '/proc/392/task/392/fdinfo/5': No such file or directory
find: '/proc/392/fd/6': No such file or directory
find: '/proc/392/fdinfo/6': No such file or directory
find: '/proc/393/task/393/fd/5': No such file or directory
find: '/proc/393/task/393/fdinfo/5': No such file or directory
find: '/proc/393/fd/6': No such file or directory
find: '/proc/393/fdinfo/6': No such file or directory
find: '/proc/394/task/394/fd/5': No such file or directory
find: '/proc/394/task/394/fdinfo/5': No such file or directory
find: '/proc/394/fd/6': No such file or directory
find: '/proc/394/fdinfo/6': No such file or directory
Identified Wazuh configuration files to mount...
'/wazuh-config-mount/etc/ossec.conf' -> '/var/ossec/etc/ossec.conf'
[cont-init.d] 0-wazuh-init: exited 0.
[cont-init.d] 1-config-filebeat: executing... 
Customize Elasticsearch ouput IP
Configuring username.
Configuring password.
Configuring SSL verification mode.
Configuring Certificate Authorities.
Configuring SSL Certificate.
Configuring SSL Key.
[cont-init.d] 1-config-filebeat: exited 0.
[cont-init.d] 2-manager: executing... 
Configuring password.
2024/07/04 13:14:12 wazuh-modulesd:router: INFO: Loaded router module.
2024/07/04 13:14:12 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
Starting Wazuh v4.8.1...
Started wazuh-apid...
Started wazuh-csyslogd...
Started wazuh-dbd...
2024/07/04 13:14:14 wazuh-integratord: INFO: Remote integrations not configured. Clean exit.
Started wazuh-integratord...
Started wazuh-agentlessd...
Started wazuh-authd...
Started wazuh-db...
Started wazuh-execd...
Started wazuh-analysisd...
Started wazuh-syscheckd...
Started wazuh-remoted...
Started wazuh-logcollector...
Started wazuh-monitord...
2024/07/04 13:14:21 wazuh-modulesd:router: INFO: Loaded router module.
2024/07/04 13:14:21 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
Started wazuh-modulesd...
Completed.
[cont-init.d] 2-manager: exited 0.
[cont-init.d] done.
[services.d] starting services
starting Filebeat
[services.d] done.
2024/07/04 13:14:21 wazuh-modulesd:download: INFO: Module started.
2024/07/04 13:14:21 wazuh-modulesd:control: INFO: Starting control thread.
2024/07/04 13:14:21 sca: INFO: Starting Security Configuration Assessment scan.
2024/07/04 13:14:21 sca: INFO: Skipping policy '/var/ossec/ruleset/sca/cis_amazon_linux_1.yml': 'Check Amazon Linux version.'
2024/07/04 13:14:21 sca: INFO: Security Configuration Assessment scan finished. Duration: 0 seconds.
2024/07/04 13:14:21 wazuh-modulesd:syscollector: INFO: Module started.
2024/07/04 13:14:21 wazuh-modulesd:syscollector: INFO: Starting evaluation.
2024/07/04 13:14:21 wazuh-modulesd:syscollector: INFO: Evaluation finished.
2024/07/04 13:14:21 indexer-connector: WARNING: IndexerConnector initialization failed for index 'wazuh-states-vulnerabilities-wazuh.manager', retrying until the connection is successful.
2024/07/04 13:14:22 wazuh-modulesd:vulnerability-scanner: INFO: Starting database file decompression.
2024-07-04T13:14:25.521Z    INFO    instance/beat.go:645    Home path: [/usr/share/filebeat] Config path: [/etc/filebeat] Data path: [/var/lib/filebeat] Logs path: [/var/log/filebeat]
2024-07-04T13:14:25.572Z    INFO    instance/beat.go:653    Beat ID: 79d9a0d6-a7d3-4d9e-b582-b1c1e5cd5897
2024-07-04T13:14:25.572Z    INFO    [seccomp]   seccomp/seccomp.go:124  Syscall filter successfully installed
2024-07-04T13:14:25.574Z    INFO    [beat]  instance/beat.go:981    Beat info   {"system_info": {"beat": {"path": {"config": "/etc/filebeat", "data": "/var/lib/filebeat", "home": "/usr/share/filebeat", "logs": "/var/log/filebeat"}, "type": "filebeat", "uuid": "79d9a0d6-a7d3-4d9e-b582-b1c1e5cd5897"}}}
2024-07-04T13:14:25.574Z    INFO    [beat]  instance/beat.go:990    Build info  {"system_info": {"build": {"commit": "aacf9ecd9c494aa0908f61fbca82c906b16562a8", "libbeat": "7.10.2", "time": "2021-01-12T22:10:33.000Z", "version": "7.10.2"}}}
2024-07-04T13:14:25.574Z    INFO    [beat]  instance/beat.go:993    Go runtime info {"system_info": {"go": {"os":"linux","arch":"amd64","max_procs":4,"version":"go1.14.12"}}}
2024-07-04T13:14:25.575Z    INFO    [beat]  instance/beat.go:997    Host info   {"system_info": {"host": {"architecture":"x86_64","boot_time":"2024-07-03T19:25:43Z","containerized":false,"name":"wazuh.manager","ip":["127.0.0.1/8","::1/128","172.18.0.3/16"],"kernel_version":"6.5.0-41-generic","mac":["02:42:ac:12:00:03"],"os":{"family":"redhat","platform":"amzn","name":"Amazon Linux","version":"2023","major":2023,"minor":5,"patch":20240701},"timezone":"UTC","timezone_offset_sec":0}}}
2024-07-04T13:14:25.575Z    INFO    [beat]  instance/beat.go:1026   Process info    {"system_info": {"process": {"capabilities": {"inheritable":null,"permitted":["chown","dac_override","fowner","fsetid","kill","setgid","setuid","setpcap","net_bind_service","net_raw","sys_chroot","mknod","audit_write","setfcap"],"effective":["chown","dac_override","fowner","fsetid","kill","setgid","setuid","setpcap","net_bind_service","net_raw","sys_chroot","mknod","audit_write","setfcap"],"bounding":["chown","dac_override","fowner","fsetid","kill","setgid","setuid","setpcap","net_bind_service","net_raw","sys_chroot","mknod","audit_write","setfcap"],"ambient":null}, "cwd": "/run/s6/services/filebeat", "exe": "/usr/share/filebeat/bin/filebeat", "name": "filebeat", "pid": 1179, "ppid": 1173, "seccomp": {"mode":"filter","no_new_privs":true}, "start_time": "2024-07-04T13:14:24.380Z"}}}
2024-07-04T13:14:25.575Z    INFO    instance/beat.go:299    Setup Beat: filebeat; Version: 7.10.2
2024-07-04T13:14:25.582Z    INFO    eslegclient/connection.go:99    elasticsearch url: https://wazuh.indexer:9200
2024-07-04T13:14:25.585Z    INFO    [publisher] pipeline/module.go:113  Beat name: wazuh.manager
2024-07-04T13:14:25.613Z    INFO    beater/filebeat.go:117  Enabled modules/filesets: wazuh (alerts),  ()
2024-07-04T13:14:25.616Z    INFO    instance/beat.go:455    filebeat start running.
2024-07-04T13:14:25.623Z    INFO    memlog/store.go:119 Loading data file of '/var/lib/filebeat/registry/filebeat' succeeded. Active transaction id=0
2024-07-04T13:14:25.624Z    INFO    memlog/store.go:124 Finished loading transaction log file for '/var/lib/filebeat/registry/filebeat'. Active transaction id=0
2024-07-04T13:14:25.624Z    INFO    [registrar] registrar/registrar.go:109  States Loaded from registrar: 0
2024-07-04T13:14:25.624Z    INFO    [crawler]   beater/crawler.go:71    Loading Inputs: 1
2024-07-04T13:14:25.626Z    INFO    log/input.go:157    Configured paths: [/var/ossec/logs/alerts/alerts.json]
2024-07-04T13:14:25.670Z    INFO    [crawler]   beater/crawler.go:141   Starting input (ID: 9132358592892857476)
2024-07-04T13:14:25.673Z    INFO    [crawler]   beater/crawler.go:108   Loading and starting Inputs completed. Enabled inputs: 1
2024-07-04T13:14:25.684Z    INFO    log/harvester.go:302    Harvester started for file: /var/ossec/logs/alerts/alerts.json
2024-07-04T13:14:33.704Z    INFO    [publisher_pipeline_output] pipeline/output.go:143  Connecting to backoff(elasticsearch(https://wazuh.indexer:9200))
2024-07-04T13:14:33.706Z    INFO    [publisher] pipeline/retry.go:219   retryer: send unwait signal to consumer
2024-07-04T13:14:33.706Z    INFO    [publisher] pipeline/retry.go:223     done
2024-07-04T13:14:35.127Z    ERROR   [publisher_pipeline_output] pipeline/output.go:154  Failed to connect to backoff(elasticsearch(https://wazuh.indexer:9200)): 503 Service Unavailable: OpenSearch Security not initialized.
2024-07-04T13:14:35.127Z    INFO    [publisher_pipeline_output] pipeline/output.go:145  Attempting to reconnect to backoff(elasticsearch(https://wazuh.indexer:9200)) with 1 reconnect attempt(s)
2024-07-04T13:14:35.127Z    INFO    [publisher] pipeline/retry.go:219   retryer: send unwait signal to consumer
2024-07-04T13:14:35.127Z    INFO    [publisher] pipeline/retry.go:223     done
2024-07-04T13:14:35.428Z    INFO    [esclientleg]   eslegclient/connection.go:314   Attempting to connect to Elasticsearch version 7.10.2
2024-07-04T13:14:35.462Z    INFO    [esclientleg]   eslegclient/connection.go:314   Attempting to connect to Elasticsearch version 7.10.2
2024-07-04T13:14:35.501Z    INFO    template/load.go:183    Existing template will be overwritten, as overwrite is enabled.
2024-07-04T13:14:35.502Z    INFO    template/load.go:117    Try loading template wazuh to Elasticsearch
2024-07-04T13:14:35.877Z    INFO    template/load.go:109    template with name 'wazuh' loaded.
2024-07-04T13:14:35.878Z    INFO    [index-management]  idxmgmt/std.go:298  Loaded index template.
2024/07/04 13:14:37 indexer-connector: INFO: IndexerConnector initialized successfully for index: wazuh-states-vulnerabilities-wazuh.manager.
2024-07-04T13:14:37.431Z    INFO    fileset/pipelines.go:143    Elasticsearch pipeline with ID 'filebeat-7.10.2-wazuh-alerts-pipeline' loaded
2024-07-04T13:14:37.433Z    INFO    [publisher_pipeline_output] pipeline/output.go:151  Connection to backoff(elasticsearch(https://wazuh.indexer:9200)) established
2024/07/04 13:14:45 rootcheck: INFO: Ending rootcheck scan.
2024/07/04 13:15:19 wazuh-modulesd:vulnerability-scanner: INFO: Database decompression finished.
2024/07/04 13:15:20 wazuh-modulesd:vulnerability-scanner: INFO: Vulnerability scanner module started
2024/07/04 13:17:49 wazuh-modulesd:vulnerability-scanner: INFO: Initiating update feed process

vcerenu commented 3 days ago

Upgrade from Wazuh v4.7.5 to v4.8.1

$ docker-compose up -d
Creating network "single-node_default" with the default driver
Creating volume "single-node_wazuh_api_configuration" with default driver
Creating volume "single-node_wazuh_etc" with default driver
Creating volume "single-node_wazuh_logs" with default driver
Creating volume "single-node_wazuh_queue" with default driver
Creating volume "single-node_wazuh_var_multigroups" with default driver
Creating volume "single-node_wazuh_integrations" with default driver
Creating volume "single-node_wazuh_active_response" with default driver
Creating volume "single-node_wazuh_agentless" with default driver
Creating volume "single-node_wazuh_wodles" with default driver
Creating volume "single-node_filebeat_etc" with default driver
Creating volume "single-node_filebeat_var" with default driver
Creating volume "single-node_wazuh-indexer-data" with default driver
Creating volume "single-node_wazuh-dashboard-config" with default driver
Creating volume "single-node_wazuh-dashboard-custom" with default driver
Pulling wazuh.manager (wazuh/wazuh-manager:4.7.5)...
4.7.5: Pulling from wazuh/wazuh-manager
d4c3c94e5e10: Pull complete
07a4be1b2929: Pull complete
0e36c91e306c: Pull complete
8ec1305209f9: Pull complete
eb815531b4e8: Pull complete
b02618b2c67d: Pull complete
38f84ea32403: Pull complete
2201d1d18e2c: Pull complete
c78ede8aed79: Pull complete
296fdd4c0c28: Pull complete
f6893835602c: Pull complete
87d4facf9818: Pull complete
03b3e754b0bd: Pull complete
51c303aaec03: Pull complete
ec85b0421587: Pull complete
d5493c4bb489: Pull complete
c8820ce27266: Pull complete
9ba662af5090: Pull complete
7eade93346e2: Pull complete
Digest: sha256:63e755cc5af5434af52dbc2c037be04cb9d3f0c5dc448fc9bef9f27486eef3ab
Status: Downloaded newer image for wazuh/wazuh-manager:4.7.5
Pulling wazuh.indexer (wazuh/wazuh-indexer:4.7.5)...
4.7.5: Pulling from wazuh/wazuh-indexer
d4c3c94e5e10: Already exists
c3f933517985: Pull complete
d1d562c49659: Pull complete
63a1614db8e7: Pull complete
98243c7f9bfd: Pull complete
f27e691e6145: Pull complete
b9599a87e562: Pull complete
a9a0f905a798: Pull complete
e0cb804bd877: Pull complete
340009edd041: Pull complete
ca04432f6c89: Pull complete
355f14118e3f: Pull complete
542c6d74e55a: Pull complete
d4a4b8629191: Pull complete
Digest: sha256:2a4e3366b149905182bcd14d3c4a1cf8dfdfd67d28ab557bbfba102b7e7e7966
Status: Downloaded newer image for wazuh/wazuh-indexer:4.7.5
Pulling wazuh.dashboard (wazuh/wazuh-dashboard:4.7.5)...
4.7.5: Pulling from wazuh/wazuh-dashboard
d4c3c94e5e10: Already exists
12d74a3de5b7: Pull complete
f44a575b1821: Pull complete
0e057b9b51c8: Pull complete
f194301c2281: Pull complete
c8509b33bf8a: Pull complete
6b8f2ab322f8: Pull complete
0cc1a4ee56e1: Pull complete
9d02d0dee60c: Pull complete
d2d28245567a: Pull complete
80c879e13784: Pull complete
4f4fb700ef54: Pull complete
Digest: sha256:3b1ca4695532aa315fda4d55ba1f429427cc2b50e8036ab388cc5f2ee4b97f46
Status: Downloaded newer image for wazuh/wazuh-dashboard:4.7.5
Creating single-node_wazuh.indexer_1 ... done
Creating single-node_wazuh.manager_1 ... done
Creating single-node_wazuh.dashboard_1 ... done
$ docker ps
CONTAINER ID   IMAGE                         COMMAND                  CREATED         STATUS         PORTS                                                                                                                                                           NAMES
5ce27f86df32   wazuh/wazuh-dashboard:4.7.5   "/entrypoint.sh"         2 minutes ago   Up 2 minutes   443/tcp, 0.0.0.0:443->5601/tcp, :::443->5601/tcp                                                                                                                single-node_wazuh.dashboard_1
807a1ec22f83   wazuh/wazuh-indexer:4.7.5     "/entrypoint.sh open…"   2 minutes ago   Up 2 minutes   0.0.0.0:9200->9200/tcp, :::9200->9200/tcp                                                                                                                       single-node_wazuh.indexer_1
70e38f37cb9f   wazuh/wazuh-manager:4.7.5     "/init"                  2 minutes ago   Up 2 minutes   0.0.0.0:1514-1515->1514-1515/tcp, :::1514-1515->1514-1515/tcp, 0.0.0.0:514->514/udp, :::514->514/udp, 0.0.0.0:55000->55000/tcp, :::55000->55000/tcp, 1516/tcp   single-node_wazuh.manager_1
$ docker-compose down
Stopping single-node_wazuh.dashboard_1 ... done
Stopping single-node_wazuh.indexer_1   ... done
Stopping single-node_wazuh.manager_1   ... done
Removing single-node_wazuh.dashboard_1 ... done
Removing single-node_wazuh.indexer_1   ... done
Removing single-node_wazuh.manager_1   ... done
Removing network single-node_default
$ cd ..
$ git checkout enhancement/1414-add-new-keystore
Previous HEAD position was e601878 Merge pull request #1366 from wazuh/1363-rollback-image-version
Switched to branch 'enhancement/1414-add-new-keystore'
$ cd single-node/
$ docker-compose up -d
Creating network "single-node_default" with the default driver
Creating single-node_wazuh.indexer_1 ... done
Creating single-node_wazuh.manager_1 ... done
Creating single-node_wazuh.dashboard_1 ... done
$ docker logs single-node_wazuh.manager_1 -f
[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 0-wazuh-init: executing... 
/var/ossec/data_tmp/permanent/var/ossec/api/configuration/
The path /var/ossec/api/configuration is already mounted
/var/ossec/data_tmp/permanent/var/ossec/etc/
The path /var/ossec/etc is already mounted
/var/ossec/data_tmp/permanent/var/ossec/logs/
The path /var/ossec/logs is already mounted
/var/ossec/data_tmp/permanent/var/ossec/queue/
The path /var/ossec/queue is already mounted
/var/ossec/data_tmp/permanent/var/ossec/agentless/
The path /var/ossec/agentless is already mounted
/var/ossec/data_tmp/permanent/var/ossec/var/multigroups/
The path /var/ossec/var/multigroups is empty, skiped
/var/ossec/data_tmp/permanent/var/ossec/integrations/
The path /var/ossec/integrations is already mounted
/var/ossec/data_tmp/permanent/var/ossec/active-response/bin/
The path /var/ossec/active-response/bin is already mounted
/var/ossec/data_tmp/permanent/var/ossec/wodles/
The path /var/ossec/wodles is already mounted
/var/ossec/data_tmp/permanent/etc/filebeat/
The path /etc/filebeat is already mounted
Updating /var/ossec/etc/internal_options.conf
Updating /var/ossec/integrations/slack
Updating /var/ossec/integrations/slack.py
Updating /var/ossec/integrations/virustotal
Updating /var/ossec/integrations/virustotal.py
Updating /var/ossec/integrations/shuffle
Updating /var/ossec/integrations/shuffle.py
Updating /var/ossec/integrations/pagerduty
Updating /var/ossec/integrations/pagerduty.py
Updating /var/ossec/integrations/maltiverse
Updating /var/ossec/integrations/maltiverse.py
Updating /var/ossec/active-response/bin/default-firewall-drop
Updating /var/ossec/active-response/bin/disable-account
Updating /var/ossec/active-response/bin/firewalld-drop
Updating /var/ossec/active-response/bin/firewall-drop
Updating /var/ossec/active-response/bin/host-deny
Updating /var/ossec/active-response/bin/ip-customblock
Updating /var/ossec/active-response/bin/ipfw
Updating /var/ossec/active-response/bin/kaspersky.py
Updating /var/ossec/active-response/bin/kaspersky
Updating /var/ossec/active-response/bin/npf
Updating /var/ossec/active-response/bin/wazuh-slack
Updating /var/ossec/active-response/bin/pf
Updating /var/ossec/active-response/bin/restart-wazuh
Updating /var/ossec/active-response/bin/restart.sh
Updating /var/ossec/active-response/bin/route-null
Updating /var/ossec/agentless/sshlogin.exp
Updating /var/ossec/agentless/ssh_pixconfig_diff
Updating /var/ossec/agentless/ssh_asa-fwsmconfig_diff
Updating /var/ossec/agentless/ssh_integrity_check_bsd
Updating /var/ossec/agentless/main.exp
Updating /var/ossec/agentless/su.exp
Updating /var/ossec/agentless/ssh_integrity_check_linux
Updating /var/ossec/agentless/register_host.sh
Updating /var/ossec/agentless/ssh_generic_diff
Updating /var/ossec/agentless/ssh_foundry_diff
Updating /var/ossec/agentless/ssh_nopass.exp
Updating /var/ossec/agentless/ssh.exp
Updating /var/ossec/wodles/utils.py
Updating /var/ossec/wodles/aws/aws-s3
Updating /var/ossec/wodles/aws/aws-s3.py
Updating /var/ossec/wodles/aws/__init__.py
Updating /var/ossec/wodles/aws/aws_tools.py
Updating /var/ossec/wodles/aws/wazuh_integration.py
Updating /var/ossec/wodles/aws/buckets_s3/__init__.py
Updating /var/ossec/wodles/aws/buckets_s3/aws_bucket.py
Updating /var/ossec/wodles/aws/buckets_s3/cloudtrail.py
Updating /var/ossec/wodles/aws/buckets_s3/config.py
Updating /var/ossec/wodles/aws/buckets_s3/guardduty.py
Updating /var/ossec/wodles/aws/buckets_s3/load_balancers.py
Updating /var/ossec/wodles/aws/buckets_s3/server_access.py
Updating /var/ossec/wodles/aws/buckets_s3/umbrella.py
Updating /var/ossec/wodles/aws/buckets_s3/vpcflow.py
Updating /var/ossec/wodles/aws/buckets_s3/waf.py
Updating /var/ossec/wodles/aws/services/__init__.py
Updating /var/ossec/wodles/aws/services/aws_service.py
Updating /var/ossec/wodles/aws/services/cloudwatchlogs.py
Updating /var/ossec/wodles/aws/services/inspector.py
Updating /var/ossec/wodles/aws/subscribers/__init__.py
Updating /var/ossec/wodles/aws/subscribers/s3_log_handler.py
Updating /var/ossec/wodles/aws/subscribers/sqs_message_processor.py
Updating /var/ossec/wodles/aws/subscribers/sqs_queue.py
Updating /var/ossec/wodles/azure/azure-logs
Updating /var/ossec/wodles/azure/azure-logs.py
Updating /var/ossec/wodles/azure/orm.py
Updating /var/ossec/wodles/docker/DockerListener
Updating /var/ossec/wodles/docker/DockerListener.py
Updating /var/ossec/wodles/gcloud/gcloud
Updating /var/ossec/wodles/gcloud/gcloud.py
Updating /var/ossec/wodles/gcloud/integration.py
Updating /var/ossec/wodles/gcloud/tools.py
Updating /var/ossec/wodles/gcloud/exceptions.py
find: '/proc/371/task/371/fd/5': No such file or directory
find: '/proc/371/task/371/fdinfo/5': No such file or directory
find: '/proc/371/fd/6': No such file or directory
find: '/proc/371/fdinfo/6': No such file or directory
find: '/proc/372/task/372/fd/5': No such file or directory
find: '/proc/372/task/372/fdinfo/5': No such file or directory
find: '/proc/372/fd/6': No such file or directory
find: '/proc/372/fdinfo/6': No such file or directory
find: '/proc/374/task/374/fd/5': No such file or directory
find: '/proc/374/task/374/fdinfo/5': No such file or directory
find: '/proc/374/fd/6': No such file or directory
find: '/proc/374/fdinfo/6': No such file or directory
Identified Wazuh configuration files to mount...
'/wazuh-config-mount/etc/ossec.conf' -> '/var/ossec/etc/ossec.conf'
[cont-init.d] 0-wazuh-init: exited 0.
[cont-init.d] 1-config-filebeat: executing... 
Customize Elasticsearch ouput IP
Configuring username.
Configuring password.
Configuring SSL verification mode.
Configuring Certificate Authorities.
Configuring SSL Certificate.
Configuring SSL Key.
[cont-init.d] 1-config-filebeat: exited 0.
[cont-init.d] 2-manager: executing... 
Configuring password.
2024/07/04 14:40:17 wazuh-modulesd:router: INFO: Loaded router module.
2024/07/04 14:40:17 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
Starting Wazuh v4.8.1...
Started wazuh-apid...
Started wazuh-csyslogd...
Started wazuh-dbd...
2024/07/04 14:40:20 wazuh-integratord: INFO: Remote integrations not configured. Clean exit.
Started wazuh-integratord...
Started wazuh-agentlessd...
Started wazuh-authd...
Started wazuh-db...
Started wazuh-execd...
Started wazuh-analysisd...
Started wazuh-syscheckd...
Started wazuh-remoted...
Started wazuh-logcollector...
Started wazuh-monitord...
2024/07/04 14:40:29 wazuh-modulesd:router: INFO: Loaded router module.
2024/07/04 14:40:29 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
Started wazuh-modulesd...
Completed.
[cont-init.d] 2-manager: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.
2024/07/04 14:40:29 wazuh-modulesd:content_manager: INFO: Starting content_manager module.
2024/07/04 14:40:29 wazuh-modulesd:task-manager: INFO: (8200): Module Task Manager started.
2024/07/04 14:40:29 wazuh-modulesd:router: INFO: Starting router module.
2024/07/04 14:40:29 sca: INFO: Skipping policy '/var/ossec/ruleset/sca/cis_amazon_linux_1.yml': 'Check Amazon Linux version.'
2024/07/04 14:40:29 sca: INFO: Security Configuration Assessment scan finished. Duration: 0 seconds.
2024/07/04 14:40:29 wazuh-modulesd:syscollector: INFO: Module started.
2024/07/04 14:40:29 wazuh-modulesd:syscollector: INFO: Starting evaluation.
2024/07/04 14:40:29 indexer-connector: WARNING: IndexerConnector initialization failed for index 'wazuh-states-vulnerabilities-wazuh.manager', retrying until the connection is successful.
2024/07/04 14:40:29 wazuh-modulesd:syscollector: INFO: Evaluation finished.
2024/07/04 14:40:30 wazuh-modulesd:vulnerability-scanner: INFO: Starting database file decompression.
starting Filebeat
2024-07-04T14:40:33.547Z    INFO    instance/beat.go:645    Home path: [/usr/share/filebeat] Config path: [/etc/filebeat] Data path: [/var/lib/filebeat] Logs path: [/var/log/filebeat]
2024-07-04T14:40:33.548Z    INFO    instance/beat.go:653    Beat ID: 4ad8bd07-be3e-4584-bbb2-25408c217a9e
2024-07-04T14:40:33.551Z    INFO    [seccomp]   seccomp/seccomp.go:124  Syscall filter successfully installed
2024-07-04T14:40:33.554Z    INFO    [beat]  instance/beat.go:981    Beat info   {"system_info": {"beat": {"path": {"config": "/etc/filebeat", "data": "/var/lib/filebeat", "home": "/usr/share/filebeat", "logs": "/var/log/filebeat"}, "type": "filebeat", "uuid": "4ad8bd07-be3e-4584-bbb2-25408c217a9e"}}}
2024-07-04T14:40:33.555Z    INFO    [beat]  instance/beat.go:990    Build info  {"system_info": {"build": {"commit": "aacf9ecd9c494aa0908f61fbca82c906b16562a8", "libbeat": "7.10.2", "time": "2021-01-12T22:10:33.000Z", "version": "7.10.2"}}}
2024-07-04T14:40:33.555Z    INFO    [beat]  instance/beat.go:993    Go runtime info {"system_info": {"go": {"os":"linux","arch":"amd64","max_procs":4,"version":"go1.14.12"}}}
2024-07-04T14:40:33.556Z    INFO    [beat]  instance/beat.go:997    Host info   {"system_info": {"host": {"architecture":"x86_64","boot_time":"2024-07-03T19:25:43Z","containerized":false,"name":"wazuh.manager","ip":["127.0.0.1/8","::1/128","172.18.0.2/16"],"kernel_version":"6.5.0-41-generic","mac":["02:42:ac:12:00:02"],"os":{"family":"redhat","platform":"amzn","name":"Amazon Linux","version":"2023","major":2023,"minor":5,"patch":20240701},"timezone":"UTC","timezone_offset_sec":0}}}
2024-07-04T14:40:33.557Z    INFO    [beat]  instance/beat.go:1026   Process info    {"system_info": {"process": {"capabilities": {"inheritable":null,"permitted":["chown","dac_override","fowner","fsetid","kill","setgid","setuid","setpcap","net_bind_service","net_raw","sys_chroot","mknod","audit_write","setfcap"],"effective":["chown","dac_override","fowner","fsetid","kill","setgid","setuid","setpcap","net_bind_service","net_raw","sys_chroot","mknod","audit_write","setfcap"],"bounding":["chown","dac_override","fowner","fsetid","kill","setgid","setuid","setpcap","net_bind_service","net_raw","sys_chroot","mknod","audit_write","setfcap"],"ambient":null}, "cwd": "/run/s6/services/filebeat", "exe": "/usr/share/filebeat/bin/filebeat", "name": "filebeat", "pid": 1149, "ppid": 1136, "seccomp": {"mode":"filter","no_new_privs":true}, "start_time": "2024-07-04T14:40:32.039Z"}}}
2024-07-04T14:40:33.558Z    INFO    instance/beat.go:299    Setup Beat: filebeat; Version: 7.10.2
2024-07-04T14:40:33.561Z    INFO    eslegclient/connection.go:99    elasticsearch url: https://wazuh.indexer:9200
2024-07-04T14:40:33.563Z    INFO    [publisher] pipeline/module.go:113  Beat name: wazuh.manager
2024-07-04T14:40:33.571Z    INFO    beater/filebeat.go:117  Enabled modules/filesets: wazuh (alerts),  ()
2024-07-04T14:40:33.573Z    INFO    instance/beat.go:455    filebeat start running.
2024-07-04T14:40:33.583Z    INFO    memlog/store.go:119 Loading data file of '/var/lib/filebeat/registry/filebeat' succeeded. Active transaction id=0
2024-07-04T14:40:33.594Z    INFO    memlog/store.go:124 Finished loading transaction log file for '/var/lib/filebeat/registry/filebeat'. Active transaction id=9
2024-07-04T14:40:33.595Z    INFO    [registrar] registrar/registrar.go:109  States Loaded from registrar: 1
2024-07-04T14:40:33.595Z    INFO    [crawler]   beater/crawler.go:71    Loading Inputs: 1
2024-07-04T14:40:33.596Z    INFO    log/input.go:157    Configured paths: [/var/ossec/logs/alerts/alerts.json]
2024-07-04T14:40:33.598Z    INFO    [crawler]   beater/crawler.go:141   Starting input (ID: 9132358592892857476)
2024-07-04T14:40:33.598Z    INFO    [crawler]   beater/crawler.go:108   Loading and starting Inputs completed. Enabled inputs: 1
2024-07-04T14:40:43.600Z    INFO    log/harvester.go:302    Harvester started for file: /var/ossec/logs/alerts/alerts.json
2024-07-04T14:40:44.609Z    INFO    [publisher] pipeline/retry.go:219   retryer: send unwait signal to consumer
2024-07-04T14:40:44.613Z    INFO    [publisher] pipeline/retry.go:223     done
2024-07-04T14:40:44.613Z    INFO    [publisher_pipeline_output] pipeline/output.go:143  Connecting to backoff(elasticsearch(https://wazuh.indexer:9200))
2024-07-04T14:40:44.785Z    INFO    [esclientleg]   eslegclient/connection.go:314   Attempting to connect to Elasticsearch version 7.10.2
2024-07-04T14:40:44.790Z    INFO    [esclientleg]   eslegclient/connection.go:314   Attempting to connect to Elasticsearch version 7.10.2
2024-07-04T14:40:44.793Z    INFO    template/load.go:183    Existing template will be overwritten, as overwrite is enabled.
2024-07-04T14:40:44.795Z    INFO    template/load.go:117    Try loading template wazuh to Elasticsearch
2024-07-04T14:40:45.356Z    INFO    template/load.go:109    template with name 'wazuh' loaded.
2024-07-04T14:40:45.356Z    INFO    [index-management]  idxmgmt/std.go:298  Loaded index template.
2024-07-04T14:40:45.418Z    INFO    [publisher_pipeline_output] pipeline/output.go:151  Connection to backoff(elasticsearch(https://wazuh.indexer:9200)) established
2024/07/04 14:40:45 indexer-connector: INFO: IndexerConnector initialized successfully for index: wazuh-states-vulnerabilities-wazuh.manager.
2024/07/04 14:40:54 rootcheck: INFO: Ending rootcheck scan.
2024/07/04 14:41:34 wazuh-modulesd:vulnerability-scanner: INFO: Database decompression finished.
2024/07/04 14:41:35 wazuh-modulesd:vulnerability-scanner: INFO: Vulnerability scanner module started
$ docker ps
CONTAINER ID   IMAGE                         COMMAND                  CREATED         STATUS         PORTS                                                                                                                                                           NAMES
937fa60ca75f   wazuh/wazuh-dashboard:4.8.1   "/entrypoint.sh"         2 minutes ago   Up 2 minutes   443/tcp, 0.0.0.0:443->5601/tcp, :::443->5601/tcp                                                                                                                single-node_wazuh.dashboard_1
c8ccfacf23e3   wazuh/wazuh-indexer:4.8.1     "/entrypoint.sh open…"   2 minutes ago   Up 2 minutes   0.0.0.0:9200->9200/tcp, :::9200->9200/tcp                                                                                                                       single-node_wazuh.indexer_1
687e5778829e   wazuh/wazuh-manager:4.8.1     "/init"                  2 minutes ago   Up 2 minutes   0.0.0.0:1514-1515->1514-1515/tcp, :::1514-1515->1514-1515/tcp, 0.0.0.0:514->514/udp, :::514->514/udp, 0.0.0.0:55000->55000/tcp, :::55000->55000/tcp, 1516/tcp   single-node_wazuh.manager_1

vcerenu commented 3 days ago

Upgrade from Wazuh v4.8.0 to v4.8.1

$ docker-compose up -d
Creating network "single-node_default" with the default driver
Creating volume "single-node_wazuh_api_configuration" with default driver
Creating volume "single-node_wazuh_etc" with default driver
Creating volume "single-node_wazuh_logs" with default driver
Creating volume "single-node_wazuh_queue" with default driver
Creating volume "single-node_wazuh_var_multigroups" with default driver
Creating volume "single-node_wazuh_integrations" with default driver
Creating volume "single-node_wazuh_active_response" with default driver
Creating volume "single-node_wazuh_agentless" with default driver
Creating volume "single-node_wazuh_wodles" with default driver
Creating volume "single-node_filebeat_etc" with default driver
Creating volume "single-node_filebeat_var" with default driver
Creating volume "single-node_wazuh-indexer-data" with default driver
Creating volume "single-node_wazuh-dashboard-config" with default driver
Creating volume "single-node_wazuh-dashboard-custom" with default driver
Creating single-node_wazuh.indexer_1 ... done
Creating single-node_wazuh.manager_1 ... done
Creating single-node_wazuh.dashboard_1 ... done
$ docker ps
CONTAINER ID   IMAGE                         COMMAND                  CREATED         STATUS         PORTS                                                                                                                                                           NAMES
e4919c583abf   wazuh/wazuh-dashboard:4.8.0   "/entrypoint.sh"         2 minutes ago   Up 2 minutes   443/tcp, 0.0.0.0:443->5601/tcp, :::443->5601/tcp                                                                                                                single-node_wazuh.dashboard_1
b24542e96527   wazuh/wazuh-manager:4.8.0     "/init"                  2 minutes ago   Up 2 minutes   0.0.0.0:1514-1515->1514-1515/tcp, :::1514-1515->1514-1515/tcp, 0.0.0.0:514->514/udp, :::514->514/udp, 0.0.0.0:55000->55000/tcp, :::55000->55000/tcp, 1516/tcp   single-node_wazuh.manager_1
0f171d30b048   wazuh/wazuh-indexer:4.8.0     "/entrypoint.sh open…"   2 minutes ago   Up 2 minutes   0.0.0.0:9200->9200/tcp, :::9200->9200/tcp                                                                                                                       single-node_wazuh.indexer_1
$ docker-compose down
Stopping single-node_wazuh.dashboard_1 ... done
Stopping single-node_wazuh.manager_1   ... done
Stopping single-node_wazuh.indexer_1   ... done
Removing single-node_wazuh.dashboard_1 ... done
Removing single-node_wazuh.manager_1   ... done
Removing single-node_wazuh.indexer_1   ... done
Removing network single-node_default
$ cd ..
$ git checkout enhancement/1414-add-new-keystore
Previous HEAD position was 829e435 Merge pull request #1384 from wazuh/enhancement/revert-image-tag
Switched to branch 'enhancement/1414-add-new-keystore'
$ cd single-node/
$ docker-compose up -d
Creating network "single-node_default" with the default driver
Creating single-node_wazuh.indexer_1 ... done
Creating single-node_wazuh.manager_1 ... done
Creating single-node_wazuh.dashboard_1 ... done
$ docker ps
CONTAINER ID   IMAGE                         COMMAND                  CREATED         STATUS         PORTS                                                                                                                                                           NAMES
e6bd94851803   wazuh/wazuh-dashboard:4.8.1   "/entrypoint.sh"         8 minutes ago   Up 8 minutes   443/tcp, 0.0.0.0:443->5601/tcp, :::443->5601/tcp                                                                                                                single-node_wazuh.dashboard_1
8bfd6ee531e0   wazuh/wazuh-indexer:4.8.1     "/entrypoint.sh open…"   8 minutes ago   Up 8 minutes   0.0.0.0:9200->9200/tcp, :::9200->9200/tcp                                                                                                                       single-node_wazuh.indexer_1
deac7efb15b4   wazuh/wazuh-manager:4.8.1     "/init"                  8 minutes ago   Up 8 minutes   0.0.0.0:1514-1515->1514-1515/tcp, :::1514-1515->1514-1515/tcp, 0.0.0.0:514->514/udp, :::514->514/udp, 0.0.0.0:55000->55000/tcp, :::55000->55000/tcp, 1516/tcp   single-node_wazuh.manager_1
$ docker logs single-node_wazuh.manager_1
[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 0-wazuh-init: executing... 
/var/ossec/data_tmp/permanent/var/ossec/api/configuration/
The path /var/ossec/api/configuration is already mounted
/var/ossec/data_tmp/permanent/var/ossec/etc/
The path /var/ossec/etc is already mounted
/var/ossec/data_tmp/permanent/var/ossec/logs/
The path /var/ossec/logs is already mounted
/var/ossec/data_tmp/permanent/var/ossec/queue/
The path /var/ossec/queue is already mounted
/var/ossec/data_tmp/permanent/var/ossec/agentless/
The path /var/ossec/agentless is already mounted
/var/ossec/data_tmp/permanent/var/ossec/var/multigroups/
The path /var/ossec/var/multigroups is empty, skiped
/var/ossec/data_tmp/permanent/var/ossec/integrations/
The path /var/ossec/integrations is already mounted
/var/ossec/data_tmp/permanent/var/ossec/active-response/bin/
The path /var/ossec/active-response/bin is already mounted
/var/ossec/data_tmp/permanent/var/ossec/wodles/
The path /var/ossec/wodles is already mounted
/var/ossec/data_tmp/permanent/etc/filebeat/
The path /etc/filebeat is already mounted
Updating /var/ossec/etc/internal_options.conf
Updating /var/ossec/integrations/slack
Updating /var/ossec/integrations/slack.py
Updating /var/ossec/integrations/virustotal
Updating /var/ossec/integrations/virustotal.py
Updating /var/ossec/integrations/shuffle
Updating /var/ossec/integrations/shuffle.py
Updating /var/ossec/integrations/pagerduty
Updating /var/ossec/integrations/pagerduty.py
Updating /var/ossec/integrations/maltiverse
Updating /var/ossec/integrations/maltiverse.py
Updating /var/ossec/active-response/bin/default-firewall-drop
Updating /var/ossec/active-response/bin/disable-account
Updating /var/ossec/active-response/bin/firewalld-drop
Updating /var/ossec/active-response/bin/firewall-drop
Updating /var/ossec/active-response/bin/host-deny
Updating /var/ossec/active-response/bin/ip-customblock
Updating /var/ossec/active-response/bin/ipfw
Updating /var/ossec/active-response/bin/kaspersky.py
Updating /var/ossec/active-response/bin/kaspersky
Updating /var/ossec/active-response/bin/npf
Updating /var/ossec/active-response/bin/wazuh-slack
Updating /var/ossec/active-response/bin/pf
Updating /var/ossec/active-response/bin/restart-wazuh
Updating /var/ossec/active-response/bin/restart.sh
Updating /var/ossec/active-response/bin/route-null
Updating /var/ossec/agentless/sshlogin.exp
Updating /var/ossec/agentless/ssh_pixconfig_diff
Updating /var/ossec/agentless/ssh_asa-fwsmconfig_diff
Updating /var/ossec/agentless/ssh_integrity_check_bsd
Updating /var/ossec/agentless/main.exp
Updating /var/ossec/agentless/su.exp
Updating /var/ossec/agentless/ssh_integrity_check_linux
Updating /var/ossec/agentless/register_host.sh
Updating /var/ossec/agentless/ssh_generic_diff
Updating /var/ossec/agentless/ssh_foundry_diff
Updating /var/ossec/agentless/ssh_nopass.exp
Updating /var/ossec/agentless/ssh.exp
Updating /var/ossec/wodles/utils.py
Updating /var/ossec/wodles/aws/aws-s3
Updating /var/ossec/wodles/aws/aws-s3.py
Updating /var/ossec/wodles/aws/__init__.py
Updating /var/ossec/wodles/aws/aws_tools.py
Updating /var/ossec/wodles/aws/wazuh_integration.py
Updating /var/ossec/wodles/aws/buckets_s3/__init__.py
Updating /var/ossec/wodles/aws/buckets_s3/aws_bucket.py
Updating /var/ossec/wodles/aws/buckets_s3/cloudtrail.py
Updating /var/ossec/wodles/aws/buckets_s3/config.py
Updating /var/ossec/wodles/aws/buckets_s3/guardduty.py
Updating /var/ossec/wodles/aws/buckets_s3/load_balancers.py
Updating /var/ossec/wodles/aws/buckets_s3/server_access.py
Updating /var/ossec/wodles/aws/buckets_s3/umbrella.py
Updating /var/ossec/wodles/aws/buckets_s3/vpcflow.py
Updating /var/ossec/wodles/aws/buckets_s3/waf.py
Updating /var/ossec/wodles/aws/services/__init__.py
Updating /var/ossec/wodles/aws/services/aws_service.py
Updating /var/ossec/wodles/aws/services/cloudwatchlogs.py
Updating /var/ossec/wodles/aws/services/inspector.py
Updating /var/ossec/wodles/aws/subscribers/__init__.py
Updating /var/ossec/wodles/aws/subscribers/s3_log_handler.py
Updating /var/ossec/wodles/aws/subscribers/sqs_message_processor.py
Updating /var/ossec/wodles/aws/subscribers/sqs_queue.py
Updating /var/ossec/wodles/azure/azure-logs
Updating /var/ossec/wodles/azure/azure-logs.py
Updating /var/ossec/wodles/azure/orm.py
Updating /var/ossec/wodles/docker/DockerListener
Updating /var/ossec/wodles/docker/DockerListener.py
Updating /var/ossec/wodles/gcloud/gcloud
Updating /var/ossec/wodles/gcloud/gcloud.py
Updating /var/ossec/wodles/gcloud/integration.py
Updating /var/ossec/wodles/gcloud/tools.py
Updating /var/ossec/wodles/gcloud/exceptions.py
find: '/proc/368/task/368/fd/5': No such file or directory
find: '/proc/368/task/368/fdinfo/5': No such file or directory
find: '/proc/368/fd/6': No such file or directory
find: '/proc/368/fdinfo/6': No such file or directory
find: '/proc/369/task/369/fd/5': No such file or directory
find: '/proc/369/task/369/fdinfo/5': No such file or directory
find: '/proc/369/fd/6': No such file or directory
find: '/proc/369/fdinfo/6': No such file or directory
find: '/proc/370/task/370/fd/5': No such file or directory
find: '/proc/370/task/370/fdinfo/5': No such file or directory
find: '/proc/370/fd/6': No such file or directory
find: '/proc/370/fdinfo/6': No such file or directory
Identified Wazuh configuration files to mount...
'/wazuh-config-mount/etc/ossec.conf' -> '/var/ossec/etc/ossec.conf'
[cont-init.d] 0-wazuh-init: exited 0.
[cont-init.d] 1-config-filebeat: executing... 
Customize Elasticsearch ouput IP
Configuring username.
Configuring password.
Configuring SSL verification mode.
Configuring Certificate Authorities.
Configuring SSL Certificate.
Configuring SSL Key.
[cont-init.d] 1-config-filebeat: exited 0.
[cont-init.d] 2-manager: executing... 
Configuring password.
2024/07/04 14:54:56 wazuh-modulesd:router: INFO: Loaded router module.
2024/07/04 14:54:56 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
Starting Wazuh v4.8.1...
Started wazuh-apid...
Started wazuh-csyslogd...
Started wazuh-dbd...
2024/07/04 14:54:58 wazuh-integratord: INFO: Remote integrations not configured. Clean exit.
Started wazuh-integratord...
Started wazuh-agentlessd...
Started wazuh-authd...
Started wazuh-db...
Started wazuh-execd...
Started wazuh-analysisd...
Started wazuh-syscheckd...
Started wazuh-remoted...
Started wazuh-logcollector...
Started wazuh-monitord...
2024/07/04 14:55:06 wazuh-modulesd:router: INFO: Loaded router module.
2024/07/04 14:55:06 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
Started wazuh-modulesd...
Completed.
[cont-init.d] 2-manager: exited 0.
[cont-init.d] done.
[services.d] starting services
2024/07/04 14:55:06 wazuh-modulesd:content_manager: INFO: Starting content_manager module.
2024/07/04 14:55:06 wazuh-modulesd:task-manager: INFO: (8200): Module Task Manager started.
2024/07/04 14:55:06 sca: INFO: Starting Security Configuration Assessment scan.
2024/07/04 14:55:06 wazuh-modulesd:syscollector: INFO: Module started.
2024/07/04 14:55:06 wazuh-modulesd:syscollector: INFO: Starting evaluation.
2024/07/04 14:55:06 sca: INFO: Skipping policy '/var/ossec/ruleset/sca/cis_amazon_linux_1.yml': 'Check Amazon Linux version.'
2024/07/04 14:55:06 sca: INFO: Security Configuration Assessment scan finished. Duration: 0 seconds.
2024/07/04 14:55:06 indexer-connector: WARNING: IndexerConnector initialization failed for index 'wazuh-states-vulnerabilities-wazuh.manager', retrying until the connection is successful.
2024/07/04 14:55:06 wazuh-modulesd:syscollector: INFO: Evaluation finished.
2024/07/04 14:55:06 wazuh-modulesd:vulnerability-scanner: INFO: Starting database file decompression.
starting Filebeat
[services.d] done.
2024-07-04T14:55:09.843Z    INFO    instance/beat.go:645    Home path: [/usr/share/filebeat] Config path: [/etc/filebeat] Data path: [/var/lib/filebeat] Logs path: [/var/log/filebeat]
2024-07-04T14:55:09.844Z    INFO    instance/beat.go:653    Beat ID: b52e8c49-3728-4f83-ac57-1181beebbfa6
2024-07-04T14:55:09.844Z    INFO    [seccomp]   seccomp/seccomp.go:124  Syscall filter successfully installed
2024-07-04T14:55:09.844Z    INFO    [beat]  instance/beat.go:981    Beat info   {"system_info": {"beat": {"path": {"config": "/etc/filebeat", "data": "/var/lib/filebeat", "home": "/usr/share/filebeat", "logs": "/var/log/filebeat"}, "type": "filebeat", "uuid": "b52e8c49-3728-4f83-ac57-1181beebbfa6"}}}
2024-07-04T14:55:09.844Z    INFO    [beat]  instance/beat.go:990    Build info  {"system_info": {"build": {"commit": "aacf9ecd9c494aa0908f61fbca82c906b16562a8", "libbeat": "7.10.2", "time": "2021-01-12T22:10:33.000Z", "version": "7.10.2"}}}
2024-07-04T14:55:09.844Z    INFO    [beat]  instance/beat.go:993    Go runtime info {"system_info": {"go": {"os":"linux","arch":"amd64","max_procs":4,"version":"go1.14.12"}}}
2024-07-04T14:55:09.845Z    INFO    [beat]  instance/beat.go:997    Host info   {"system_info": {"host": {"architecture":"x86_64","boot_time":"2024-07-03T19:25:43Z","containerized":false,"name":"wazuh.manager","ip":["127.0.0.1/8","::1/128","172.18.0.3/16"],"kernel_version":"6.5.0-41-generic","mac":["02:42:ac:12:00:03"],"os":{"family":"redhat","platform":"amzn","name":"Amazon Linux","version":"2023","major":2023,"minor":5,"patch":20240701},"timezone":"UTC","timezone_offset_sec":0}}}
2024-07-04T14:55:09.845Z    INFO    [beat]  instance/beat.go:1026   Process info    {"system_info": {"process": {"capabilities": {"inheritable":null,"permitted":["chown","dac_override","fowner","fsetid","kill","setgid","setuid","setpcap","net_bind_service","net_raw","sys_chroot","mknod","audit_write","setfcap"],"effective":["chown","dac_override","fowner","fsetid","kill","setgid","setuid","setpcap","net_bind_service","net_raw","sys_chroot","mknod","audit_write","setfcap"],"bounding":["chown","dac_override","fowner","fsetid","kill","setgid","setuid","setpcap","net_bind_service","net_raw","sys_chroot","mknod","audit_write","setfcap"],"ambient":null}, "cwd": "/run/s6/services/filebeat", "exe": "/usr/share/filebeat/bin/filebeat", "name": "filebeat", "pid": 1220, "ppid": 1211, "seccomp": {"mode":"filter","no_new_privs":true}, "start_time": "2024-07-04T14:55:09.259Z"}}}
2024-07-04T14:55:09.845Z    INFO    instance/beat.go:299    Setup Beat: filebeat; Version: 7.10.2
2024-07-04T14:55:09.846Z    INFO    eslegclient/connection.go:99    elasticsearch url: https://wazuh.indexer:9200
2024-07-04T14:55:09.846Z    INFO    [publisher] pipeline/module.go:113  Beat name: wazuh.manager
2024-07-04T14:55:09.850Z    INFO    beater/filebeat.go:117  Enabled modules/filesets: wazuh (alerts),  ()
2024-07-04T14:55:09.851Z    INFO    instance/beat.go:455    filebeat start running.
2024-07-04T14:55:09.852Z    INFO    memlog/store.go:119 Loading data file of '/var/lib/filebeat/registry/filebeat' succeeded. Active transaction id=0
2024-07-04T14:55:09.853Z    INFO    memlog/store.go:124 Finished loading transaction log file for '/var/lib/filebeat/registry/filebeat'. Active transaction id=3
2024-07-04T14:55:09.853Z    INFO    [registrar] registrar/registrar.go:109  States Loaded from registrar: 1
2024-07-04T14:55:09.853Z    INFO    [crawler]   beater/crawler.go:71    Loading Inputs: 1
2024-07-04T14:55:09.854Z    INFO    log/input.go:157    Configured paths: [/var/ossec/logs/alerts/alerts.json]
2024-07-04T14:55:09.854Z    INFO    [crawler]   beater/crawler.go:141   Starting input (ID: 9132358592892857476)
2024-07-04T14:55:09.854Z    INFO    [crawler]   beater/crawler.go:108   Loading and starting Inputs completed. Enabled inputs: 1
2024-07-04T14:55:19.855Z    INFO    log/harvester.go:302    Harvester started for file: /var/ossec/logs/alerts/alerts.json
2024-07-04T14:55:20.857Z    INFO    [publisher_pipeline_output] pipeline/output.go:143  Connecting to backoff(elasticsearch(https://wazuh.indexer:9200))
2024-07-04T14:55:20.857Z    INFO    [publisher] pipeline/retry.go:219   retryer: send unwait signal to consumer
2024-07-04T14:55:20.857Z    INFO    [publisher] pipeline/retry.go:223     done
2024-07-04T14:55:21.063Z    INFO    [esclientleg]   eslegclient/connection.go:314   Attempting to connect to Elasticsearch version 7.10.2
2024-07-04T14:55:21.070Z    INFO    [esclientleg]   eslegclient/connection.go:314   Attempting to connect to Elasticsearch version 7.10.2
2024-07-04T14:55:21.074Z    INFO    template/load.go:183    Existing template will be overwritten, as overwrite is enabled.
2024-07-04T14:55:21.076Z    INFO    template/load.go:117    Try loading template wazuh to Elasticsearch
2024-07-04T14:55:21.243Z    INFO    template/load.go:109    template with name 'wazuh' loaded.
2024-07-04T14:55:21.244Z    INFO    [index-management]  idxmgmt/std.go:298  Loaded index template.
2024/07/04 14:55:21 indexer-connector: INFO: IndexerConnector initialized successfully for index: wazuh-states-vulnerabilities-wazuh.manager.
2024-07-04T14:55:21.270Z    INFO    [publisher_pipeline_output] pipeline/output.go:151  Connection to backoff(elasticsearch(https://wazuh.indexer:9200)) established
2024/07/04 14:55:26 rootcheck: INFO: Ending rootcheck scan.
2024/07/04 14:55:59 wazuh-modulesd:vulnerability-scanner: INFO: Database decompression finished.
2024/07/04 14:56:00 wazuh-modulesd:vulnerability-scanner: INFO: Vulnerability scanner module started
2024/07/04 15:00:00 wazuh-modulesd:vulnerability-scanner: INFO: Initiating update feed process
2024-07-04T15:00:24.894Z    INFO    log/harvester.go:333    File is inactive: /var/ossec/logs/alerts/alerts.json. Closing because close_inactive of 5m0s reached.

wazuh / wazuh-docker

Wazuh Keystore - RSA keys changed its location. #1414

Description

Dod

Image build

Wazuh v4.8.1 deployment

Upgrade from Wazuh v4.7.5 to v4.8.1

Upgrade from Wazuh v4.8.0 to v4.8.1