Open zamantech opened 2 years ago
Hi @zamantech.
I was able to deploy the environment using podman 3.4.2
and including the links
.
Would you let me know what steps did you follow and what podman
version are you using, please?
Also, can you share the permission error
you are getting?
Hi @zamantech. I was able to deploy the environment using
podman 3.4.2
and including thelinks
. Would you let me know what steps did you follow and whatpodman
version are you using, please? Also, can you share thepermission error
you are getting?without links
$ docker-compose version
docker-compose version 1.29.2, build 5becea4c docker-py version: 5.0.0 CPython version: 3.7.10 OpenSSL version: OpenSSL 1.1.0l 10 Sep 2019
$ podman version
Client: Podman Engine Version: 4.1.1 API Version: 4.1.1 Go Version: go1.17.7 Built: Mon Jul 11 17:56:53 2022 OS/Arch: linux/amd64
$ sudo docker-compose up
Creating network "single-node_default" with the default driver
Creating single-node_wazuh.manager_1 ... done
Creating single-node_wazuh.indexer_1 ... done
Creating single-node_wazuh.dashboard_1 ... done
Attaching to single-node_wazuh.manager_1, single-node_wazuh.indexer_1, single-node_wazuh.dashboard_1
wazuh.manager_1 | [s6-init] making user provided files available at /var/run/s6/etc...exited 0.
wazuh.manager_1 | [s6-init] ensuring user provided files have correct perms...exited 0.
wazuh.manager_1 | [fix-attrs.d] applying ownership & permissions fixes...
wazuh.manager_1 | [fix-attrs.d] done.
wazuh.manager_1 | [cont-init.d] executing container initialization scripts...
wazuh.manager_1 | [cont-init.d] 0-wazuh-init: executing...
wazuh.manager_1 | /var/ossec/data_tmp/permanent/var/ossec/api/configuration/
wazuh.manager_1 | find: '/var/ossec/api/configuration': Permission denied
wazuh.manager_1 | Installing /var/ossec/api/configuration
wazuh.manager_1 | Error executing command: 'cp -a /var/ossec/data_tmp/permanent/var/ossec/api/configuration/. /var/ossec/api/configuration'.
wazuh.manager_1 | Exiting.
wazuh.manager_1 | [cont-init.d] 0-wazuh-init: exited 1.
wazuh.manager_1 | [cont-init.d] 1-config-filebeat: executing...
wazuh.manager_1 | Customize Elasticsearch ouput IP
wazuh.manager_1 | sed: can't read /etc/filebeat/filebeat.yml: Permission denied
wazuh.manager_1 | [cont-init.d] 1-config-filebeat: exited 2.
wazuh.manager_1 | [cont-init.d] 2-manager: executing...
wazuh.manager_1 | /var/run/s6/etc/cont-init.d/2-manager: line 85: /var/ossec/api/configuration/admin.json: Permission denied
wazuh.dashboard_1 | Created OpenSearch Dashboards keystore in /usr/share/wazuh-dashboard/config/opensearch_dashboards.keystore
wazuh.dashboard_1 | Wazuh APP already configured
wazuh.indexer_1 | [2022-08-17T05:56:58,189][INFO ][o.o.n.Node ] [wazuh.indexer] version[1.2.4], pid[1], build[rpm/e505b10357c03ae8d26d675172402f2f2144ef0f/2022-01-14T03:38:06.881862Z], OS[Linux/4.18.0-372.19.1.el8_6.x86_64/amd64], JVM[AdoptOpenJDK/OpenJDK 64-Bit Server VM/15.0.1/15.0.1+9]
wazuh.indexer_1 | [2022-08-17T05:56:58,193][INFO ][o.o.n.Node ] [wazuh.indexer] JVM home [/usr/share/wazuh-indexer/jdk], using bundled JDK [true]
wazuh.indexer_1 | [2022-08-17T05:56:58,194][INFO ][o.o.n.Node ] [wazuh.indexer] JVM arguments [-Xshare:auto, -Dopensearch.networkaddress.cache.ttl=60, -Dopensearch.networkaddress.cache.negative.ttl=10, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -XX:+ShowCodeDetailsInExceptionMessages, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dio.netty.allocator.numDirectArenas=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.locale.providers=SPI,COMPAT, -Xms1g, -Xmx1g, -XX:+UseG1GC, -XX:G1ReservePercent=25, -XX:InitiatingHeapOccupancyPercent=30, -Djava.io.tmpdir=/tmp/opensearch-11314594443672652163, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=data, -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -Xms512m, -Xmx512m, -XX:MaxDirectMemorySize=268435456, -Dopensearch.path.home=/usr/share/wazuh-indexer, -Dopensearch.path.conf=/usr/share/wazuh-indexer/config, -Dopensearch.distribution.type=rpm, -Dopensearch.bundled_jdk=true]
wazuh.indexer_1 | [2022-08-17T05:57:00,445][INFO ][o.o.s.s.t.SSLConfig ] [wazuh.indexer] SSL dual mode is disabled
wazuh.indexer_1 | [2022-08-17T05:57:00,446][INFO ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] OpenSearch Config path is /usr/share/wazuh-indexer/config
wazuh.manager_1 | wazuh-apid: There is an error in the ossec.conf file: [Errno 13] Permission denied: '/var/ossec/etc/ossec.conf'
wazuh.manager_1 | rm: cannot remove '/var/ossec/api/configuration/admin.json': Permission denied
wazuh.indexer_1 | [2022-08-17T05:57:00,857][INFO ][o.o.s.s.DefaultSecurityKeyStore] [wazuh.indexer] JVM supports TLSv1.3
wazuh.indexer_1 | [2022-08-17T05:57:00,859][INFO ][o.o.s.s.DefaultSecurityKeyStore] [wazuh.indexer] Config directory is /usr/share/wazuh-indexer/config/, from there the key- and truststore files are resolved relatively
wazuh.manager_1 | 2022/08/17 05:57:01 wazuh-csyslogd: CRITICAL: (1226): Error reading XML file 'etc/ossec.conf': (line 0).
wazuh.manager_1 | wazuh-csyslogd: Configuration error. Exiting
wazuh.manager_1 | [cont-init.d] 2-manager: exited 1.
wazuh.manager_1 | [cont-init.d] done.
wazuh.manager_1 | [services.d] starting services
wazuh.manager_1 | starting Filebeat
wazuh.manager_1 | tail: cannot open '/var/ossec/logs/ossec.log' for reading: Permission denied
wazuh.manager_1 | [services.d] done.
wazuh.manager_1 | Exiting: error loading config file: stat /etc/filebeat/filebeat.yml: permission denied
wazuh.manager_1 | Filebeat exited. code=1
wazuh.manager_1 | [cont-finish.d] executing container finish scripts...
wazuh.manager_1 | [cont-finish.d] done.
wazuh.manager_1 | [s6-finish] waiting for services.
wazuh.indexer_1 | [2022-08-17T05:57:01,522][INFO ][o.o.s.s.DefaultSecurityKeyStore] [wazuh.indexer] TLS Transport Client Provider : JDK
wazuh.indexer_1 | [2022-08-17T05:57:01,523][INFO ][o.o.s.s.DefaultSecurityKeyStore] [wazuh.indexer] TLS Transport Server Provider : JDK
wazuh.indexer_1 | [2022-08-17T05:57:01,523][INFO ][o.o.s.s.DefaultSecurityKeyStore] [wazuh.indexer] TLS HTTP Provider : JDK
wazuh.indexer_1 | [2022-08-17T05:57:01,524][INFO ][o.o.s.s.DefaultSecurityKeyStore] [wazuh.indexer] Enabled TLS protocols for transport layer : [TLSv1.3, TLSv1.2, TLSv1.1]
wazuh.indexer_1 | [2022-08-17T05:57:01,524][INFO ][o.o.s.s.DefaultSecurityKeyStore] [wazuh.indexer] Enabled TLS protocols for HTTP layer : [TLSv1.3, TLSv1.2, TLSv1.1]
wazuh.manager_1 | [s6-finish] sending all processes the TERM signal.
wazuh.indexer_1 | [2022-08-17T05:57:01,881][INFO ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] Clustername: opensearch
wazuh.indexer_1 | [2022-08-17T05:57:01,895][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/config/certs/admin-key.pem has insecure file permissions (should be 0600)
wazuh.indexer_1 | [2022-08-17T05:57:01,896][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/config/certs/admin.pem has insecure file permissions (should be 0600)
wazuh.indexer_1 | [2022-08-17T05:57:01,897][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/config/certs/root-ca.pem has insecure file permissions (should be 0600)
wazuh.indexer_1 | [2022-08-17T05:57:01,897][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/config/certs/wazuh.indexer.pem has insecure file permissions (should be 0600)
wazuh.indexer_1 | [2022-08-17T05:57:01,898][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/config/certs/wazuh.indexer.key has insecure file permissions (should be 0600)
wazuh.indexer_1 | [2022-08-17T05:57:01,899][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/config/opensearch.yml has insecure file permissions (should be 0600)
wazuh.indexer_1 | [2022-08-17T05:57:02,272][INFO ][o.o.p.c.PluginSettings ] [wazuh.indexer] Trying to create directory /dev/shm/performanceanalyzer/.
wazuh.indexer_1 | [2022-08-17T05:57:02,274][INFO ][o.o.p.c.PluginSettings ] [wazuh.indexer] Config: metricsLocation: /dev/shm/performanceanalyzer/, metricsDeletionInterval: 1, httpsEnabled: false, cleanup-metrics-db-files: true, batch-metrics-retention-period-minutes: 7, rpc-port: 9650, webservice-port 9600
wazuh.indexer_1 | [2022-08-17T05:57:03,279][INFO ][o.o.i.r.ReindexPlugin ] [wazuh.indexer] ReindexPlugin reloadSPI called
wazuh.indexer_1 | [2022-08-17T05:57:03,282][INFO ][o.o.i.r.ReindexPlugin ] [wazuh.indexer] Unable to find any implementation for RemoteReindexExtension
wazuh.indexer_1 | [2022-08-17T05:57:03,305][INFO ][o.o.j.JobSchedulerPlugin ] [wazuh.indexer] Loaded scheduler extension: opendistro-index-management, index: .opendistro-ism-config
wazuh.indexer_1 | [2022-08-17T05:57:03,313][INFO ][o.o.j.JobSchedulerPlugin ] [wazuh.indexer] Loaded scheduler extension: opendistro_anomaly_detector, index: .opendistro-anomaly-detector-jobs
wazuh.indexer_1 | [2022-08-17T05:57:03,368][INFO ][o.o.j.JobSchedulerPlugin ] [wazuh.indexer] Loaded scheduler extension: reports-scheduler, index: .opendistro-reports-definitions
wazuh.indexer_1 | [2022-08-17T05:57:03,370][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded module [aggs-matrix-stats]
wazuh.indexer_1 | [2022-08-17T05:57:03,371][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded module [analysis-common]
wazuh.indexer_1 | [2022-08-17T05:57:03,371][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded module [geo]
wazuh.indexer_1 | [2022-08-17T05:57:03,371][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded module [ingest-common]
wazuh.indexer_1 | [2022-08-17T05:57:03,372][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded module [ingest-geoip]
wazuh.indexer_1 | [2022-08-17T05:57:03,372][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded module [ingest-user-agent]
wazuh.indexer_1 | [2022-08-17T05:57:03,373][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded module [lang-expression]
wazuh.indexer_1 | [2022-08-17T05:57:03,373][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded module [lang-mustache]
wazuh.indexer_1 | [2022-08-17T05:57:03,373][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded module [lang-painless]
wazuh.indexer_1 | [2022-08-17T05:57:03,373][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded module [mapper-extras]
wazuh.indexer_1 | [2022-08-17T05:57:03,374][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded module [opensearch-dashboards]
wazuh.indexer_1 | [2022-08-17T05:57:03,374][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded module [parent-join]
wazuh.indexer_1 | [2022-08-17T05:57:03,374][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded module [percolator]
wazuh.indexer_1 | [2022-08-17T05:57:03,375][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded module [rank-eval]
wazuh.indexer_1 | [2022-08-17T05:57:03,375][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded module [reindex]
wazuh.indexer_1 | [2022-08-17T05:57:03,375][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded module [repository-url]
wazuh.indexer_1 | [2022-08-17T05:57:03,375][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded module [systemd]
wazuh.indexer_1 | [2022-08-17T05:57:03,376][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded module [transport-netty4]
wazuh.indexer_1 | [2022-08-17T05:57:03,376][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded plugin [opensearch-alerting]
wazuh.indexer_1 | [2022-08-17T05:57:03,377][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded plugin [opensearch-anomaly-detection]
wazuh.indexer_1 | [2022-08-17T05:57:03,377][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded plugin [opensearch-asynchronous-search]
wazuh.indexer_1 | [2022-08-17T05:57:03,377][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded plugin [opensearch-cross-cluster-replication]
wazuh.indexer_1 | [2022-08-17T05:57:03,378][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded plugin [opensearch-index-management]
wazuh.indexer_1 | [2022-08-17T05:57:03,378][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded plugin [opensearch-job-scheduler]
wazuh.indexer_1 | [2022-08-17T05:57:03,378][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded plugin [opensearch-knn]
wazuh.indexer_1 | [2022-08-17T05:57:03,378][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded plugin [opensearch-observability]
wazuh.indexer_1 | [2022-08-17T05:57:03,379][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded plugin [opensearch-performance-analyzer]
wazuh.indexer_1 | [2022-08-17T05:57:03,379][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded plugin [opensearch-reports-scheduler]
wazuh.indexer_1 | [2022-08-17T05:57:03,380][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded plugin [opensearch-security]
wazuh.indexer_1 | [2022-08-17T05:57:03,380][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded plugin [opensearch-sql]
wazuh.indexer_1 | [2022-08-17T05:57:03,405][INFO ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] Disabled https compression by default to mitigate BREACH attacks. You can enable it by setting 'http.compression: true' in opensearch.yml
wazuh.indexer_1 | [2022-08-17T05:57:03,421][INFO ][o.o.e.NodeEnvironment ] [wazuh.indexer] using [1] data paths, mounts [[/var/lib/wazuh-indexer (/dev/mapper/rhel-var)]], net usable_space [78.3gb], net total_space [120.7gb], types [xfs]
wazuh.indexer_1 | [2022-08-17T05:57:03,422][INFO ][o.o.e.NodeEnvironment ] [wazuh.indexer] heap size [512mb], compressed ordinary object pointers [true]
wazuh.indexer_1 | [2022-08-17T05:57:03,567][INFO ][o.o.n.Node ] [wazuh.indexer] node name [wazuh.indexer], node ID [JCe2PdPOTVuDl9_JClcDHQ], cluster name [opensearch], roles [master, remote_cluster_client, data, ingest]
wazuh.manager_1 | [s6-finish] sending all processes the KILL signal and exiting.
single-node_wazuh.manager_1 exited with code 0
wazuh.manager_1 | [s6-init] making user provided files available at /var/run/s6/etc...exited 0.
wazuh.manager_1 | [s6-init] ensuring user provided files have correct perms...exited 0.
wazuh.manager_1 | [fix-attrs.d] applying ownership & permissions fixes...
wazuh.manager_1 | [fix-attrs.d] done.
until cancelled by ctrl+c
any news?
Hi @zamantech. Please provide the steps you used to deploy the environment. Also:
docker-compose down
.Please provide the commands used to perform the previous steps if it fails.
after removing links is there is effect? 1 - done 2- done $ docker mount --all
Emulate Docker CLI using podman. Create /etc/containers/nodocker to quiet msg.
/home/llo/.local/share/containers/storage/overlay/7b1b4e95b6a2560f6e398c63c6806c9628d910389477c2528096c645fc00ed7d/merged
3- done 4- $ sudo docker-compose -f ./generate-indexer-certs.yml run --rm generator
Creating network "single-node_default" with the default driver
Creating single-node_generator_run ... done
Emulate Docker CLI using podman. Create /etc/containers/nodocker to quiet msg.
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 25130 100 25130 0 0 5500 0 0:00:04 0:00:04 --:--:-- 5501
Cert tool exists in Packages bucket
20/08/2022 17:05:35 INFO: Admin certificates created.
20/08/2022 17:05:35 INFO: Wazuh indexer certificates created.
20/08/2022 17:05:35 INFO: Wazuh server certificates created.
20/08/2022 17:05:35 INFO: Wazuh dashboard certificates created.
Moving created certificates to destination directory
changing certificate permissions
Setting UID indexer and dashboard
Setting UID for wazuh manager and worker
5- $ sudo docker-compose up
Creating network "single-node_default" with the default driver
Creating single-node_wazuh.indexer_1 ... done
Creating single-node_wazuh.manager_1 ... done
Creating single-node_wazuh.dashboard_1 ... done
Attaching to single-node_wazuh.manager_1, single-node_wazuh.indexer_1, single-node_wazuh.dashboard_1
wazuh.manager_1 | [s6-init] making user provided files available at /var/run/s6/etc...exited 0.
wazuh.manager_1 | [s6-init] ensuring user provided files have correct perms...exited 0.
wazuh.manager_1 | [fix-attrs.d] applying ownership & permissions fixes...
wazuh.manager_1 | [fix-attrs.d] done.
wazuh.manager_1 | [cont-init.d] executing container initialization scripts...
wazuh.manager_1 | [cont-init.d] 0-wazuh-init: executing...
wazuh.manager_1 | /var/ossec/data_tmp/permanent/var/ossec/api/configuration/
wazuh.manager_1 | find: '/var/ossec/api/configuration': Permission denied
wazuh.manager_1 | Installing /var/ossec/api/configuration
wazuh.manager_1 | Error executing command: 'cp -a /var/ossec/data_tmp/permanent/var/ossec/api/configuration/. /var/ossec/api/configuration'.
wazuh.manager_1 | Exiting.
wazuh.manager_1 | [cont-init.d] 0-wazuh-init: exited 1.
wazuh.manager_1 | [cont-init.d] 1-config-filebeat: executing...
wazuh.manager_1 | Customize Elasticsearch ouput IP
wazuh.manager_1 | sed: can't read /etc/filebeat/filebeat.yml: Permission denied
wazuh.manager_1 | [cont-init.d] 1-config-filebeat: exited 2.
wazuh.manager_1 | [cont-init.d] 2-manager: executing...
wazuh.manager_1 | /var/run/s6/etc/cont-init.d/2-manager: line 85: /var/ossec/api/configuration/admin.json: Permission denied
wazuh.dashboard_1 | Created OpenSearch Dashboards keystore in /usr/share/wazuh-dashboard/config/opensearch_dashboards.keystore
wazuh.dashboard_1 | Wazuh APP already configured
wazuh.indexer_1 | [2022-08-20T17:09:35,971][INFO ][o.o.n.Node ] [wazuh.indexer] version[1.2.4], pid[1], build[rpm/e505b10357c03ae8d26d675172402f2f2144ef0f/2022-01-14T03:38:06.881862Z], OS[Linux/4.18.0-372.19.1.el8_6.x86_64/amd64], JVM[AdoptOpenJDK/OpenJDK 64-Bit Server VM/15.0.1/15.0.1+9]
wazuh.indexer_1 | [2022-08-20T17:09:35,978][INFO ][o.o.n.Node ] [wazuh.indexer] JVM home [/usr/share/wazuh-indexer/jdk], using bundled JDK [true]
wazuh.indexer_1 | [2022-08-20T17:09:35,979][INFO ][o.o.n.Node ] [wazuh.indexer] JVM arguments [-Xshare:auto, -Dopensearch.networkaddress.cache.ttl=60, -Dopensearch.networkaddress.cache.negative.ttl=10, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -XX:+ShowCodeDetailsInExceptionMessages, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dio.netty.allocator.numDirectArenas=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.locale.providers=SPI,COMPAT, -Xms1g, -Xmx1g, -XX:+UseG1GC, -XX:G1ReservePercent=25, -XX:InitiatingHeapOccupancyPercent=30, -Djava.io.tmpdir=/tmp/opensearch-5245442347013714932, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=data, -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -Xms512m, -Xmx512m, -XX:MaxDirectMemorySize=268435456, -Dopensearch.path.home=/usr/share/wazuh-indexer, -Dopensearch.path.conf=/usr/share/wazuh-indexer/config, -Dopensearch.distribution.type=rpm, -Dopensearch.bundled_jdk=true]
wazuh.manager_1 | wazuh-apid: There is an error in the ossec.conf file: [Errno 13] Permission denied: '/var/ossec/etc/ossec.conf'
wazuh.indexer_1 | [2022-08-20T17:09:37,897][INFO ][o.o.s.s.t.SSLConfig ] [wazuh.indexer] SSL dual mode is disabled
wazuh.indexer_1 | [2022-08-20T17:09:37,898][INFO ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] OpenSearch Config path is /usr/share/wazuh-indexer/config
wazuh.manager_1 | rm: cannot remove '/var/ossec/api/configuration/admin.json': Permission denied
wazuh.indexer_1 | [2022-08-20T17:09:38,343][INFO ][o.o.s.s.DefaultSecurityKeyStore] [wazuh.indexer] JVM supports TLSv1.3
wazuh.indexer_1 | [2022-08-20T17:09:38,347][INFO ][o.o.s.s.DefaultSecurityKeyStore] [wazuh.indexer] Config directory is /usr/share/wazuh-indexer/config/, from there the key- and truststore files are resolved relatively
wazuh.manager_1 | 2022/08/20 17:09:38 wazuh-csyslogd: CRITICAL: (1226): Error reading XML file 'etc/ossec.conf': (line 0).
wazuh.manager_1 | wazuh-csyslogd: Configuration error. Exiting
wazuh.manager_1 | [cont-init.d] 2-manager: exited 1.
wazuh.manager_1 | [cont-init.d] done.
wazuh.manager_1 | [services.d] starting services
wazuh.manager_1 | starting Filebeat
wazuh.manager_1 | tail: cannot open '/var/ossec/logs/ossec.log' for reading: Permission denied
wazuh.manager_1 | [services.d] done.
wazuh.manager_1 | Exiting: error loading config file: stat /etc/filebeat/filebeat.yml: permission denied
wazuh.manager_1 | Filebeat exited. code=1
wazuh.manager_1 | [cont-finish.d] executing container finish scripts...
wazuh.manager_1 | [cont-finish.d] done.
wazuh.manager_1 | [s6-finish] waiting for services.
wazuh.manager_1 | [s6-finish] sending all processes the TERM signal.
wazuh.indexer_1 | [2022-08-20T17:09:39,250][INFO ][o.o.s.s.DefaultSecurityKeyStore] [wazuh.indexer] TLS Transport Client Provider : JDK
wazuh.indexer_1 | [2022-08-20T17:09:39,251][INFO ][o.o.s.s.DefaultSecurityKeyStore] [wazuh.indexer] TLS Transport Server Provider : JDK
wazuh.indexer_1 | [2022-08-20T17:09:39,252][INFO ][o.o.s.s.DefaultSecurityKeyStore] [wazuh.indexer] TLS HTTP Provider : JDK
wazuh.indexer_1 | [2022-08-20T17:09:39,252][INFO ][o.o.s.s.DefaultSecurityKeyStore] [wazuh.indexer] Enabled TLS protocols for transport layer : [TLSv1.3, TLSv1.2, TLSv1.1]
wazuh.indexer_1 | [2022-08-20T17:09:39,253][INFO ][o.o.s.s.DefaultSecurityKeyStore] [wazuh.indexer] Enabled TLS protocols for HTTP layer : [TLSv1.3, TLSv1.2, TLSv1.1]
wazuh.indexer_1 | [2022-08-20T17:09:39,697][INFO ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] Clustername: opensearch
wazuh.indexer_1 | [2022-08-20T17:09:39,708][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/config/certs/admin-key.pem has insecure file permissions (should be 0600)
wazuh.indexer_1 | [2022-08-20T17:09:39,710][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/config/certs/admin.pem has insecure file permissions (should be 0600)
wazuh.indexer_1 | [2022-08-20T17:09:39,710][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/config/certs/root-ca.pem has insecure file permissions (should be 0600)
wazuh.indexer_1 | [2022-08-20T17:09:39,712][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/config/certs/wazuh.indexer.key has insecure file permissions (should be 0600)
wazuh.indexer_1 | [2022-08-20T17:09:39,713][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/config/certs/wazuh.indexer.pem has insecure file permissions (should be 0600)
wazuh.indexer_1 | [2022-08-20T17:09:39,714][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/config/opensearch.yml has insecure file permissions (should be 0600)
wazuh.indexer_1 | [2022-08-20T17:09:40,073][INFO ][o.o.p.c.PluginSettings ] [wazuh.indexer] Trying to create directory /dev/shm/performanceanalyzer/.
wazuh.indexer_1 | [2022-08-20T17:09:40,074][INFO ][o.o.p.c.PluginSettings ] [wazuh.indexer] Config: metricsLocation: /dev/shm/performanceanalyzer/, metricsDeletionInterval: 1, httpsEnabled: false, cleanup-metrics-db-files: true, batch-metrics-retention-period-minutes: 7, rpc-port: 9650, webservice-port 9600
wazuh.indexer_1 | [2022-08-20T17:09:40,987][INFO ][o.o.i.r.ReindexPlugin ] [wazuh.indexer] ReindexPlugin reloadSPI called
wazuh.indexer_1 | [2022-08-20T17:09:40,990][INFO ][o.o.i.r.ReindexPlugin ] [wazuh.indexer] Unable to find any implementation for RemoteReindexExtension
wazuh.indexer_1 | [2022-08-20T17:09:41,019][INFO ][o.o.j.JobSchedulerPlugin ] [wazuh.indexer] Loaded scheduler extension: opendistro-index-management, index: .opendistro-ism-config
wazuh.indexer_1 | [2022-08-20T17:09:41,028][INFO ][o.o.j.JobSchedulerPlugin ] [wazuh.indexer] Loaded scheduler extension: opendistro_anomaly_detector, index: .opendistro-anomaly-detector-jobs
wazuh.indexer_1 | [2022-08-20T17:09:41,083][INFO ][o.o.j.JobSchedulerPlugin ] [wazuh.indexer] Loaded scheduler extension: reports-scheduler, index: .opendistro-reports-definitions
wazuh.indexer_1 | [2022-08-20T17:09:41,087][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded module [aggs-matrix-stats]
wazuh.indexer_1 | [2022-08-20T17:09:41,088][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded module [analysis-common]
wazuh.indexer_1 | [2022-08-20T17:09:41,088][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded module [geo]
wazuh.indexer_1 | [2022-08-20T17:09:41,089][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded module [ingest-common]
wazuh.indexer_1 | [2022-08-20T17:09:41,090][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded module [ingest-geoip]
wazuh.indexer_1 | [2022-08-20T17:09:41,090][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded module [ingest-user-agent]
wazuh.indexer_1 | [2022-08-20T17:09:41,091][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded module [lang-expression]
wazuh.indexer_1 | [2022-08-20T17:09:41,091][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded module [lang-mustache]
wazuh.indexer_1 | [2022-08-20T17:09:41,092][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded module [lang-painless]
wazuh.indexer_1 | [2022-08-20T17:09:41,092][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded module [mapper-extras]
wazuh.indexer_1 | [2022-08-20T17:09:41,092][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded module [opensearch-dashboards]
wazuh.indexer_1 | [2022-08-20T17:09:41,093][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded module [parent-join]
wazuh.indexer_1 | [2022-08-20T17:09:41,094][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded module [percolator]
wazuh.indexer_1 | [2022-08-20T17:09:41,094][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded module [rank-eval]
wazuh.indexer_1 | [2022-08-20T17:09:41,095][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded module [reindex]
wazuh.indexer_1 | [2022-08-20T17:09:41,095][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded module [repository-url]
wazuh.indexer_1 | [2022-08-20T17:09:41,096][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded module [systemd]
wazuh.indexer_1 | [2022-08-20T17:09:41,096][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded module [transport-netty4]
wazuh.indexer_1 | [2022-08-20T17:09:41,098][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded plugin [opensearch-alerting]
wazuh.indexer_1 | [2022-08-20T17:09:41,098][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded plugin [opensearch-anomaly-detection]
wazuh.indexer_1 | [2022-08-20T17:09:41,099][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded plugin [opensearch-asynchronous-search]
wazuh.indexer_1 | [2022-08-20T17:09:41,099][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded plugin [opensearch-cross-cluster-replication]
wazuh.indexer_1 | [2022-08-20T17:09:41,100][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded plugin [opensearch-index-management]
wazuh.indexer_1 | [2022-08-20T17:09:41,100][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded plugin [opensearch-job-scheduler]
wazuh.indexer_1 | [2022-08-20T17:09:41,101][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded plugin [opensearch-knn]
wazuh.indexer_1 | [2022-08-20T17:09:41,101][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded plugin [opensearch-observability]
wazuh.indexer_1 | [2022-08-20T17:09:41,102][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded plugin [opensearch-performance-analyzer]
wazuh.indexer_1 | [2022-08-20T17:09:41,102][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded plugin [opensearch-reports-scheduler]
wazuh.indexer_1 | [2022-08-20T17:09:41,103][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded plugin [opensearch-security]
wazuh.indexer_1 | [2022-08-20T17:09:41,103][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded plugin [opensearch-sql]
wazuh.indexer_1 | [2022-08-20T17:09:41,140][INFO ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] Disabled https compression by default to mitigate BREACH attacks. You can enable it by setting 'http.compression: true' in opensearch.yml
wazuh.indexer_1 | [2022-08-20T17:09:41,171][INFO ][o.o.e.NodeEnvironment ] [wazuh.indexer] using [1] data paths, mounts [[/var/lib/wazuh-indexer (/dev/mapper/rhel-var)]], net usable_space [78.5gb], net total_space [120.7gb], types [xfs]
wazuh.indexer_1 | [2022-08-20T17:09:41,173][INFO ][o.o.e.NodeEnvironment ] [wazuh.indexer] heap size [512mb], compressed ordinary object pointers [true]
wazuh.indexer_1 | [2022-08-20T17:09:41,447][INFO ][o.o.n.Node ] [wazuh.indexer] node name [wazuh.indexer], node ID [JCe2PdPOTVuDl9_JClcDHQ], cluster name [opensearch], roles [master, remote_cluster_client, data, ingest]
wazuh.manager_1 | [s6-finish] sending all processes the KILL signal and exiting.
single-node_wazuh.manager_1 exited with code 0
wazuh.manager_1 | [s6-init] making user provided files available at /var/run/s6/etc...exited 0.
wazuh.manager_1 | [s6-init] ensuring user provided files have correct perms...exited 0.
wazuh.manager_1 | [fix-attrs.d] applying ownership & permissions fixes...
wazuh.manager_1 | [fix-attrs.d] done.
wazuh.manager_1 | [cont-init.d] executing container initialization scripts...
wazuh.manager_1 | [cont-init.d] 0-wazuh-init: executing...
wazuh.manager_1 | /var/ossec/data_tmp/permanent/var/ossec/api/configuration/
wazuh.manager_1 | find: '/var/ossec/api/configuration': Permission denied
wazuh.manager_1 | Installing /var/ossec/api/configuration
wazuh.manager_1 | Error executing command: 'cp -a /var/ossec/data_tmp/permanent/var/ossec/api/configuration/. /var/ossec/api/configuration'.
wazuh.manager_1 | Exiting.
wazuh.manager_1 | [cont-init.d] 0-wazuh-init: exited 1.
wazuh.manager_1 | [cont-init.d] 1-config-filebeat: executing...
wazuh.manager_1 | Customize Elasticsearch ouput IP
wazuh.manager_1 | sed: can't read /etc/filebeat/filebeat.yml: Permission denied
wazuh.manager_1 | [cont-init.d] 1-config-filebeat: exited 2.
wazuh.manager_1 | [cont-init.d] 2-manager: executing...
wazuh.manager_1 | /var/run/s6/etc/cont-init.d/2-manager: line 85: /var/ossec/api/configuration/admin.json: Permission denied
wazuh.manager_1 | wazuh-apid: There is an error in the ossec.conf file: [Errno 13] Permission denied: '/var/ossec/etc/ossec.conf'
wazuh.manager_1 | rm: cannot remove '/var/ossec/api/configuration/admin.json': Permission denied
wazuh.manager_1 | 2022/08/20 17:09:38 wazuh-csyslogd: CRITICAL: (1226): Error reading XML file 'etc/ossec.conf': (line 0).
wazuh.manager_1 | wazuh-csyslogd: Configuration error. Exiting
wazuh.manager_1 | [cont-init.d] 2-manager: exited 1.
wazuh.manager_1 | [cont-init.d] done.
wazuh.manager_1 | [services.d] starting services
wazuh.manager_1 | starting Filebeat
wazuh.manager_1 | tail: cannot open '/var/ossec/logs/ossec.log' for reading: Permission denied
wazuh.manager_1 | [services.d] done.
wazuh.manager_1 | Exiting: error loading config file: stat /etc/filebeat/filebeat.yml: permission denied
wazuh.manager_1 | Filebeat exited. code=1
wazuh.manager_1 | [cont-finish.d] executing container finish scripts...
wazuh.manager_1 | [cont-finish.d] done.
wazuh.manager_1 | [s6-finish] waiting for services.
wazuh.manager_1 | [s6-finish] sending all processes the TERM signal.
wazuh.manager_1 | [s6-finish] sending all processes the KILL signal and exiting.
wazuh.manager_1 | [s6-init] making user provided files available at /var/run/s6/etc...exited 0.
wazuh.manager_1 | [s6-init] ensuring user provided files have correct perms...exited 0.
wazuh.manager_1 | [fix-attrs.d] applying ownership & permissions fixes...
wazuh.manager_1 | [fix-attrs.d] done.
wazuh.manager_1 | [cont-init.d] executing container initialization scripts...
wazuh.manager_1 | [cont-init.d] 0-wazuh-init: executing...
wazuh.manager_1 | /var/ossec/data_tmp/permanent/var/ossec/api/configuration/
wazuh.manager_1 | find: '/var/ossec/api/configuration': Permission denied
wazuh.manager_1 | Installing /var/ossec/api/configuration
wazuh.manager_1 | Error executing command: 'cp -a /var/ossec/data_tmp/permanent/var/ossec/api/configuration/. /var/ossec/api/configuration'.
wazuh.manager_1 | Exiting.
wazuh.manager_1 | [cont-init.d] 0-wazuh-init: exited 1.
wazuh.manager_1 | [cont-init.d] 1-config-filebeat: executing...
wazuh.manager_1 | Customize Elasticsearch ouput IP
wazuh.manager_1 | sed: can't read /etc/filebeat/filebeat.yml: Permission denied
wazuh.manager_1 | [cont-init.d] 1-config-filebeat: exited 2.
wazuh.manager_1 | [cont-init.d] 2-manager: executing...
wazuh.manager_1 | /var/run/s6/etc/cont-init.d/2-manager: line 85: /var/ossec/api/configuration/admin.json: Permission denied
wazuh.dashboard_1 | {"type":"log","@timestamp":"2022-08-20T17:09:43Z","tags":["info","plugins-service"],"pid":39,"message":"Plugin \"visTypeXy\" is disabled."}
wazuh.dashboard_1 | {"type":"log","@timestamp":"2022-08-20T17:09:43Z","tags":["info","plugins-system"],"pid":39,"message":"Setting up [42] plugins: [alertingDashboards,usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,share,opensearchUiShared,legacyExport,embeddable,expressions,data,home,console,apmOss,management,indexPatternManagement,advancedSettings,savedObjects,securityDashboards,reportsDashboards,indexManagementDashboards,dashboard,visualizations,visTypeVega,visTypeTimeline,timeline,visTypeTable,visTypeMarkdown,tileMap,regionMap,inputControlVis,ganttChartDashboards,visualize,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,discover,wazuh,savedObjectsManagement,bfetch]"}
wazuh.dashboard_1 | {"type":"log","@timestamp":"2022-08-20T17:09:44Z","tags":["info","savedobjects-service"],"pid":39,"message":"Waiting until all OpenSearch nodes are compatible with OpenSearch Dashboards before starting saved objects migrations..."}
wazuh.manager_1 | wazuh-apid: There is an error in the ossec.conf file: [Errno 13] Permission denied: '/var/ossec/etc/ossec.conf'
wazuh.manager_1 | rm: cannot remove '/var/ossec/api/configuration/admin.json': Permission denied
wazuh.manager_1 | 2022/08/20 17:09:45 wazuh-csyslogd: CRITICAL: (1226): Error reading XML file 'etc/ossec.conf': (line 0).
wazuh.manager_1 | wazuh-csyslogd: Configuration error. Exiting
wazuh.manager_1 | [cont-init.d] 2-manager: exited 1.
wazuh.manager_1 | [cont-init.d] done.
wazuh.manager_1 | [services.d] starting services
wazuh.manager_1 | starting Filebeat
wazuh.manager_1 | [services.d] done.
wazuh.manager_1 | tail: cannot open '/var/ossec/logs/ossec.log' for reading: Permission denied
wazuh.manager_1 | Exiting: error loading config file: stat /etc/filebeat/filebeat.yml: permission denied
wazuh.manager_1 | Filebeat exited. code=1
wazuh.manager_1 | [cont-finish.d] executing container finish scripts...
wazuh.manager_1 | [cont-finish.d] done.
wazuh.manager_1 | [s6-finish] waiting for services.
wazuh.manager_1 | [s6-finish] sending all processes the TERM signal.
wazuh.indexer_1 | [2022-08-20T17:09:46,894][WARN ][o.o.s.c.Salt ] [wazuh.indexer] If you plan to use field masking pls configure compliance salt e1ukloTsQlOgPquJ to be a random string of 16 chars length identical on all nodes
wazuh.indexer_1 | [2022-08-20T17:09:46,913][ERROR][o.o.s.a.s.SinkProvider ] [wazuh.indexer] Default endpoint could not be created, auditlog will not work properly.
wazuh.indexer_1 | [2022-08-20T17:09:46,916][WARN ][o.o.s.a.r.AuditMessageRouter] [wazuh.indexer] No default storage available, audit log may not work properly. Please check configuration.
wazuh.indexer_1 | [2022-08-20T17:09:46,916][INFO ][o.o.s.a.i.AuditLogImpl ] [wazuh.indexer] Message routing enabled: false
wazuh.indexer_1 | [2022-08-20T17:09:46,993][INFO ][o.o.s.f.SecurityFilter ] [wazuh.indexer] <NONE> indices are made immutable.
wazuh.indexer_1 | [2022-08-20T17:09:47,468][INFO ][o.o.a.b.ADCircuitBreakerService] [wazuh.indexer] Registered memory breaker.
wazuh.indexer_1 | WARNING: An illegal reflective access operation has occurred
wazuh.indexer_1 | WARNING: Illegal reflective access by io.protostuff.runtime.PolymorphicThrowableSchema (file:/usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/protostuff-runtime-1.7.4.jar) to field java.lang.Throwable.cause
wazuh.indexer_1 | WARNING: Please consider reporting this to the maintainers of io.protostuff.runtime.PolymorphicThrowableSchema
wazuh.indexer_1 | WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
wazuh.indexer_1 | WARNING: All illegal access operations will be denied in a future release
wazuh.indexer_1 | [2022-08-20T17:09:48,185][INFO ][o.o.t.NettyAllocator ] [wazuh.indexer] creating NettyAllocator with the following configs: [name=unpooled, suggested_max_allocation_size=256kb, factors={opensearch.unsafe.use_unpooled_allocator=null, g1gc_enabled=true, g1gc_region_size=1mb, heap_size=512mb}]
wazuh.indexer_1 | [2022-08-20T17:09:48,306][INFO ][o.o.d.DiscoveryModule ] [wazuh.indexer] using discovery type [single-node] and seed hosts providers [settings]
wazuh.indexer_1 | [2022-08-20T17:09:48,800][WARN ][o.o.g.DanglingIndicesState] [wazuh.indexer] gateway.auto_import_dangling_indices is disabled, dangling indices will not be automatically detected or imported and must be managed manually
wazuh.manager_1 | [s6-finish] sending all processes the KILL signal and exiting.
wazuh.indexer_1 | [2022-08-20T17:09:49,316][INFO ][o.o.p.h.c.PerformanceAnalyzerConfigAction] [wazuh.indexer] PerformanceAnalyzer Enabled: false
wazuh.indexer_1 | [2022-08-20T17:09:49,383][INFO ][o.o.n.Node ] [wazuh.indexer] initialized
wazuh.indexer_1 | [2022-08-20T17:09:49,383][INFO ][o.o.n.Node ] [wazuh.indexer] starting ...
wazuh.indexer_1 | [2022-08-20T17:09:49,506][INFO ][o.o.t.TransportService ] [wazuh.indexer] publish_address {10.89.0.6:9300}, bound_addresses {[::]:9300}
wazuh.indexer_1 | [2022-08-20T17:09:49,725][WARN ][o.o.b.BootstrapChecks ] [wazuh.indexer] max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]
wazuh.indexer_1 | [2022-08-20T17:09:49,727][INFO ][o.o.c.c.Coordinator ] [wazuh.indexer] cluster UUID [tUGlMOLXQxi80sjRUMGhSw]
wazuh.manager_1 | [s6-init] making user provided files available at /var/run/s6/etc...exited 0.
wazuh.indexer_1 | [2022-08-20T17:09:49,827][INFO ][o.o.c.s.MasterService ] [wazuh.indexer] elected-as-master ([1] nodes joined)[{wazuh.indexer}{JCe2PdPOTVuDl9_JClcDHQ}{x3YQUTMoQ7G2_qncz-StkQ}{10.89.0.6}{10.89.0.6:9300}{dimr}{shard_indexing_pressure_enabled=true} elect leader, _BECOME_MASTER_TASK_, _FINISH_ELECTION_], term: 9, version: 42, delta: master node changed {previous [], current [{wazuh.indexer}{JCe2PdPOTVuDl9_JClcDHQ}{x3YQUTMoQ7G2_qncz-StkQ}{10.89.0.6}{10.89.0.6:9300}{dimr}{shard_indexing_pressure_enabled=true}]}
wazuh.manager_1 | [s6-init] ensuring user provided files have correct perms...wazuh.indexer_1 | [2022-08-20T17:09:49,889][INFO ][o.o.c.s.ClusterApplierService] [wazuh.indexer] master node changed {previous [], current [{wazuh.indexer}{JCe2PdPOTVuDl9_JClcDHQ}{x3YQUTMoQ7G2_qncz-StkQ}{10.89.0.6}{10.89.0.6:9300}{dimr}{shard_indexing_pressure_enabled=true}]}, term: 9, version: 42, reason: Publication{term=9, version=42}
wazuh.indexer_1 | [2022-08-20T17:09:49,913][WARN ][o.o.p.c.s.h.ConfigOverridesClusterSettingHandler] [wazuh.indexer] Config override setting update called with empty string. Ignoring.
wazuh.indexer_1 | [2022-08-20T17:09:49,914][INFO ][o.o.a.c.ADClusterEventListener] [wazuh.indexer] Cluster is not recovered yet.
wazuh.indexer_1 | [2022-08-20T17:09:49,940][INFO ][o.o.h.AbstractHttpServerTransport] [wazuh.indexer] publish_address {10.89.0.6:9200}, bound_addresses {[::]:9200}
wazuh.indexer_1 | [2022-08-20T17:09:49,941][INFO ][o.o.n.Node ] [wazuh.indexer] started
wazuh.indexer_1 | [2022-08-20T17:09:49,942][INFO ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] Node started
wazuh.indexer_1 | [2022-08-20T17:09:49,943][INFO ][o.o.s.c.ConfigurationRepository] [wazuh.indexer] Will attempt to create index .opendistro_security and default configs if they are absent
wazuh.indexer_1 | [2022-08-20T17:09:49,943][INFO ][o.o.s.c.ConfigurationRepository] [wazuh.indexer] Background init thread started. Install default config?: true
wazuh.indexer_1 | [2022-08-20T17:09:49,944][INFO ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] 0 OpenSearch Security modules loaded so far: []
wazuh.dashboard_1 | {"type":"log","@timestamp":"2022-08-20T17:09:49Z","tags":["error","opensearch","data"],"pid":39,"message":"[ConnectionError]: getaddrinfo ENOTFOUND wazuh.indexer wazuh.indexer:9200"}
wazuh.dashboard_1 | {"type":"log","@timestamp":"2022-08-20T17:09:49Z","tags":["error","savedobjects-service"],"pid":39,"message":"Unable to retrieve version information from OpenSearch nodes."}
wazuh.indexer_1 | [2022-08-20T17:09:50,029][INFO ][o.o.a.c.HashRing ] [wazuh.indexer] Node added: [JCe2PdPOTVuDl9_JClcDHQ]
wazuh.indexer_1 | [2022-08-20T17:09:50,037][INFO ][o.o.a.c.HashRing ] [wazuh.indexer] Add data node to AD version hash ring: JCe2PdPOTVuDl9_JClcDHQ
wazuh.indexer_1 | [2022-08-20T17:09:50,039][INFO ][o.o.g.GatewayService ] [wazuh.indexer] recovered [1] indices into cluster_state
wazuh.indexer_1 | [2022-08-20T17:09:50,041][INFO ][o.o.a.c.HashRing ] [wazuh.indexer] All nodes with known AD version: {JCe2PdPOTVuDl9_JClcDHQ=ADNodeInfo{version=1.2.4, isEligibleDataNode=true}}
wazuh.indexer_1 | [2022-08-20T17:09:50,042][INFO ][o.o.a.c.HashRing ] [wazuh.indexer] Rebuild AD hash ring for realtime AD with cooldown, nodeChangeEvents size 0
wazuh.indexer_1 | [2022-08-20T17:09:50,042][INFO ][o.o.a.c.HashRing ] [wazuh.indexer] Build AD version hash ring successfully
wazuh.indexer_1 | [2022-08-20T17:09:50,044][INFO ][o.o.a.c.ADDataMigrator ] [wazuh.indexer] Start migrating AD data
wazuh.indexer_1 | [2022-08-20T17:09:50,044][INFO ][o.o.a.c.ADDataMigrator ] [wazuh.indexer] AD job index doesn't exist, no need to migrate
wazuh.indexer_1 | [2022-08-20T17:09:50,045][INFO ][o.o.a.c.ADClusterEventListener] [wazuh.indexer] Init AD version hash ring successfully
wazuh.indexer_1 | [2022-08-20T17:09:50,047][INFO ][o.o.s.c.ConfigurationRepository] [wazuh.indexer] Index .opendistro_security already exists
wazuh.indexer_1 | [2022-08-20T17:09:50,049][INFO ][o.o.s.c.ConfigurationRepository] [wazuh.indexer] Node started, try to initialize it. Wait for at least yellow cluster state....
wazuh.indexer_1 | [2022-08-20T17:09:50,701][INFO ][o.o.c.r.a.AllocationService] [wazuh.indexer] Cluster health status changed from [RED] to [GREEN] (reason: [shards started [[.opendistro_security][0]]]).
wazuh.indexer_1 | [2022-08-20T17:09:50,787][INFO ][o.o.s.s.ConfigHelper ] [wazuh.indexer] Will update 'config' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/config.yml and populate it with empty doc if file missing and populateEmptyIfFileMissing=false
wazuh.indexer_1 | [2022-08-20T17:09:50,979][INFO ][o.o.s.s.ConfigHelper ] [wazuh.indexer] Index .opendistro_security already contains doc with id config, skipping update.
wazuh.indexer_1 | [2022-08-20T17:09:50,980][INFO ][o.o.s.s.ConfigHelper ] [wazuh.indexer] Will update 'roles' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/roles.yml and populate it with empty doc if file missing and populateEmptyIfFileMissing=false
wazuh.indexer_1 | [2022-08-20T17:09:51,000][INFO ][o.o.s.s.ConfigHelper ] [wazuh.indexer] Index .opendistro_security already contains doc with id roles, skipping update.
wazuh.indexer_1 | [2022-08-20T17:09:51,001][INFO ][o.o.s.s.ConfigHelper ] [wazuh.indexer] Will update 'rolesmapping' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/roles_mapping.yml and populate it with empty doc if file missing and populateEmptyIfFileMissing=false
wazuh.indexer_1 | [2022-08-20T17:09:51,029][INFO ][o.o.s.s.ConfigHelper ] [wazuh.indexer] Index .opendistro_security already contains doc with id rolesmapping, skipping update.
wazuh.indexer_1 | [2022-08-20T17:09:51,029][INFO ][o.o.s.s.ConfigHelper ] [wazuh.indexer] Will update 'internalusers' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/internal_users.yml and populate it with empty doc if file missing and populateEmptyIfFileMissing=false
wazuh.indexer_1 | [2022-08-20T17:09:51,060][INFO ][o.o.s.s.ConfigHelper ] [wazuh.indexer] Index .opendistro_security already contains doc with id internalusers, skipping update.
wazuh.indexer_1 | [2022-08-20T17:09:51,060][INFO ][o.o.s.s.ConfigHelper ] [wazuh.indexer] Will update 'actiongroups' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/action_groups.yml and populate it with empty doc if file missing and populateEmptyIfFileMissing=false
wazuh.indexer_1 | [2022-08-20T17:09:51,080][INFO ][o.o.s.s.ConfigHelper ] [wazuh.indexer] Index .opendistro_security already contains doc with id actiongroups, skipping update.
wazuh.indexer_1 | [2022-08-20T17:09:51,081][INFO ][o.o.s.s.ConfigHelper ] [wazuh.indexer] Will update 'tenants' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/tenants.yml and populate it with empty doc if file missing and populateEmptyIfFileMissing=false
wazuh.indexer_1 | [2022-08-20T17:09:51,087][INFO ][o.o.s.s.ConfigHelper ] [wazuh.indexer] Index .opendistro_security already contains doc with id tenants, skipping update.
wazuh.indexer_1 | [2022-08-20T17:09:51,087][INFO ][o.o.s.s.ConfigHelper ] [wazuh.indexer] Will update 'nodesdn' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/nodes_dn.yml and populate it with empty doc if file missing and populateEmptyIfFileMissing=true
wazuh.indexer_1 | [2022-08-20T17:09:51,092][INFO ][o.o.s.s.ConfigHelper ] [wazuh.indexer] Index .opendistro_security already contains doc with id nodesdn, skipping update.
wazuh.indexer_1 | [2022-08-20T17:09:51,092][INFO ][o.o.s.s.ConfigHelper ] [wazuh.indexer] Will update 'whitelist' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/whitelist.yml and populate it with empty doc if file missing and populateEmptyIfFileMissing=true
wazuh.indexer_1 | [2022-08-20T17:09:51,097][INFO ][o.o.s.s.ConfigHelper ] [wazuh.indexer] Index .opendistro_security already contains doc with id whitelist, skipping update.
wazuh.indexer_1 | [2022-08-20T17:09:51,098][INFO ][o.o.s.s.ConfigHelper ] [wazuh.indexer] Will update 'audit' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/audit.yml and populate it with empty doc if file missing and populateEmptyIfFileMissing=false
wazuh.indexer_1 | [2022-08-20T17:09:51,130][INFO ][o.o.s.s.ConfigHelper ] [wazuh.indexer] Index .opendistro_security already contains doc with id audit, skipping update.
wazuh.indexer_1 | [2022-08-20T17:09:51,383][INFO ][stdout ] [wazuh.indexer] [FINE] No subscribers registered for event class org.opensearch.security.securityconf.DynamicConfigFactory$NodesDnModelImpl
wazuh.indexer_1 | [2022-08-20T17:09:51,385][INFO ][stdout ] [wazuh.indexer] [FINE] No subscribers registered for event class org.greenrobot.eventbus.NoSubscriberEvent
wazuh.indexer_1 | [2022-08-20T17:09:51,386][INFO ][o.o.s.a.i.AuditLogImpl ] [wazuh.indexer] Auditing on REST API is enabled.
wazuh.indexer_1 | [2022-08-20T17:09:51,386][INFO ][o.o.s.a.i.AuditLogImpl ] [wazuh.indexer] [AUTHENTICATED, GRANTED_PRIVILEGES] are excluded from REST API auditing.
wazuh.indexer_1 | [2022-08-20T17:09:51,386][INFO ][o.o.s.a.i.AuditLogImpl ] [wazuh.indexer] Auditing on Transport API is enabled.
wazuh.indexer_1 | [2022-08-20T17:09:51,387][INFO ][o.o.s.a.i.AuditLogImpl ] [wazuh.indexer] [AUTHENTICATED, GRANTED_PRIVILEGES] are excluded from Transport API auditing.
wazuh.indexer_1 | [2022-08-20T17:09:51,387][INFO ][o.o.s.a.i.AuditLogImpl ] [wazuh.indexer] Auditing of request body is enabled.
wazuh.indexer_1 | [2022-08-20T17:09:51,388][INFO ][o.o.s.a.i.AuditLogImpl ] [wazuh.indexer] Bulk requests resolution is disabled during request auditing.
wazuh.indexer_1 | [2022-08-20T17:09:51,388][INFO ][o.o.s.a.i.AuditLogImpl ] [wazuh.indexer] Index resolution is enabled during request auditing.
wazuh.indexer_1 | [2022-08-20T17:09:51,388][INFO ][o.o.s.a.i.AuditLogImpl ] [wazuh.indexer] Sensitive headers auditing is enabled.
wazuh.indexer_1 | [2022-08-20T17:09:51,389][INFO ][o.o.s.a.i.AuditLogImpl ] [wazuh.indexer] Auditing requests from kibanaserver users is disabled.
wazuh.indexer_1 | [2022-08-20T17:09:51,389][INFO ][o.o.s.a.i.AuditLogImpl ] [wazuh.indexer] Auditing of external configuration is disabled.
wazuh.indexer_1 | [2022-08-20T17:09:51,389][INFO ][o.o.s.a.i.AuditLogImpl ] [wazuh.indexer] Auditing of internal configuration is enabled.
wazuh.indexer_1 | [2022-08-20T17:09:51,389][INFO ][o.o.s.a.i.AuditLogImpl ] [wazuh.indexer] Auditing only metadata information for read request is enabled.
wazuh.indexer_1 | [2022-08-20T17:09:51,390][INFO ][o.o.s.a.i.AuditLogImpl ] [wazuh.indexer] Auditing will watch {} for read requests.
wazuh.indexer_1 | [2022-08-20T17:09:51,390][INFO ][o.o.s.a.i.AuditLogImpl ] [wazuh.indexer] Auditing read operation requests from kibanaserver users is disabled.
wazuh.indexer_1 | [2022-08-20T17:09:51,390][INFO ][o.o.s.a.i.AuditLogImpl ] [wazuh.indexer] Auditing only metadata information for write request is enabled.
wazuh.indexer_1 | [2022-08-20T17:09:51,390][INFO ][o.o.s.a.i.AuditLogImpl ] [wazuh.indexer] Auditing diffs for write requests is disabled.
wazuh.indexer_1 | [2022-08-20T17:09:51,391][INFO ][o.o.s.a.i.AuditLogImpl ] [wazuh.indexer] Auditing write operation requests from kibanaserver users is disabled.
wazuh.indexer_1 | [2022-08-20T17:09:51,391][INFO ][o.o.s.a.i.AuditLogImpl ] [wazuh.indexer] Auditing will watch <NONE> for write requests.
wazuh.indexer_1 | [2022-08-20T17:09:51,391][INFO ][o.o.s.a.i.AuditLogImpl ] [wazuh.indexer] .opendistro_security is used as internal security index.
wazuh.indexer_1 | [2022-08-20T17:09:51,392][INFO ][o.o.s.a.i.AuditLogImpl ] [wazuh.indexer] Internal index used for posting audit logs is null
wazuh.indexer_1 | [2022-08-20T17:09:51,393][INFO ][o.o.s.c.ConfigurationRepository] [wazuh.indexer] Hot-reloading of audit configuration is enabled
wazuh.indexer_1 | [2022-08-20T17:09:51,393][INFO ][o.o.s.c.ConfigurationRepository] [wazuh.indexer] Node 'wazuh.indexer' initialized
single-node_wazuh.manager_1 exited with code 0
wazuh.manager_1 | [s6-init] making user provided files available at /var/run/s6/etc...exited 0.
wazuh.manager_1 | [s6-init] ensuring user provided files have correct perms...exited 0.
wazuh.manager_1 | [fix-attrs.d] applying ownership & permissions fixes...
wazuh.manager_1 | [fix-attrs.d] done.
wazuh.manager_1 | [cont-init.d] executing container initialization scripts...
wazuh.manager_1 | [cont-init.d] 0-wazuh-init: executing...
wazuh.manager_1 | /var/ossec/data_tmp/permanent/var/ossec/api/configuration/
wazuh.manager_1 | find: '/var/ossec/api/configuration': Permission denied
wazuh.manager_1 | Installing /var/ossec/api/configuration
wazuh.manager_1 | Error executing command: 'cp -a /var/ossec/data_tmp/permanent/var/ossec/api/configuration/. /var/ossec/api/configuration'.
wazuh.manager_1 | Exiting.
wazuh.manager_1 | [cont-init.d] 0-wazuh-init: exited 1.
wazuh.manager_1 | [cont-init.d] 1-config-filebeat: executing...
wazuh.manager_1 | Customize Elasticsearch ouput IP
wazuh.manager_1 | sed: can't read /etc/filebeat/filebeat.yml: Permission denied
wazuh.manager_1 | [cont-init.d] 1-config-filebeat: exited 2.
wazuh.manager_1 | [cont-init.d] 2-manager: executing...
wazuh.manager_1 | /var/run/s6/etc/cont-init.d/2-manager: line 85: /var/ossec/api/configuration/admin.json: Permission denied
wazuh.manager_1 | wazuh-apid: There is an error in the ossec.conf file: [Errno 13] Permission denied: '/var/ossec/etc/ossec.conf'
wazuh.manager_1 | rm: cannot remove '/var/ossec/api/configuration/admin.json': Permission denied
wazuh.manager_1 | 2022/08/20 17:09:38 wazuh-csyslogd: CRITICAL: (1226): Error reading XML file 'etc/ossec.conf': (line 0).
wazuh.manager_1 | wazuh-csyslogd: Configuration error. Exiting
wazuh.manager_1 | [cont-init.d] 2-manager: exited 1.
wazuh.manager_1 | [cont-init.d] done.
wazuh.manager_1 | [services.d] starting services
wazuh.manager_1 | starting Filebeat
wazuh.manager_1 | tail: cannot open '/var/ossec/logs/ossec.log' for reading: Permission denied
wazuh.manager_1 | [services.d] done.
wazuh.manager_1 | Exiting: error loading config file: stat /etc/filebeat/filebeat.yml: permission denied
wazuh.manager_1 | Filebeat exited. code=1
wazuh.manager_1 | [cont-finish.d] executing container finish scripts...
wazuh.manager_1 | [cont-finish.d] done.
wazuh.manager_1 | [s6-finish] waiting for services.
wazuh.manager_1 | [s6-finish] sending all processes the TERM signal.
wazuh.manager_1 | [s6-finish] sending all processes the KILL signal and exiting.
wazuh.manager_1 | [s6-init] making user provided files available at /var/run/s6/etc...exited 0.
wazuh.manager_1 | [s6-init] ensuring user provided files have correct perms...exited 0.
wazuh.manager_1 | [fix-attrs.d] applying ownership & permissions fixes...
wazuh.manager_1 | [fix-attrs.d] done.
wazuh.manager_1 | [cont-init.d] executing container initialization scripts...
wazuh.manager_1 | [cont-init.d] 0-wazuh-init: executing...
wazuh.manager_1 | /var/ossec/data_tmp/permanent/var/ossec/api/configuration/
wazuh.manager_1 | find: '/var/ossec/api/configuration': Permission denied
wazuh.manager_1 | Installing /var/ossec/api/configuration
wazuh.manager_1 | Error executing command: 'cp -a /var/ossec/data_tmp/permanent/var/ossec/api/configuration/. /var/ossec/api/configuration'.
wazuh.manager_1 | Exiting.
wazuh.manager_1 | [cont-init.d] 0-wazuh-init: exited 1.
wazuh.manager_1 | [cont-init.d] 1-config-filebeat: executing...
wazuh.manager_1 | Customize Elasticsearch ouput IP
wazuh.manager_1 | sed: can't read /etc/filebeat/filebeat.yml: Permission denied
wazuh.manager_1 | [cont-init.d] 1-config-filebeat: exited 2.
wazuh.manager_1 | [cont-init.d] 2-manager: executing...
wazuh.manager_1 | /var/run/s6/etc/cont-init.d/2-manager: line 85: /var/ossec/api/configuration/admin.json: Permission denied
wazuh.manager_1 | wazuh-apid: There is an error in the ossec.conf file: [Errno 13] Permission denied: '/var/ossec/etc/ossec.conf'
wazuh.manager_1 | rm: cannot remove '/var/ossec/api/configuration/admin.json': Permission denied
wazuh.manager_1 | 2022/08/20 17:09:45 wazuh-csyslogd: CRITICAL: (1226): Error reading XML file 'etc/ossec.conf': (line 0).
wazuh.manager_1 | wazuh-csyslogd: Configuration error. Exiting
wazuh.manager_1 | [cont-init.d] 2-manager: exited 1.
wazuh.manager_1 | [cont-init.d] done.
wazuh.manager_1 | [services.d] starting services
wazuh.manager_1 | starting Filebeat
wazuh.manager_1 | [services.d] done.
wazuh.manager_1 | tail: cannot open '/var/ossec/logs/ossec.log' for reading: Permission denied
wazuh.manager_1 | Exiting: error loading config file: stat /etc/filebeat/filebeat.yml: permission denied
wazuh.manager_1 | Filebeat exited. code=1
wazuh.manager_1 | [cont-finish.d] executing container finish scripts...
wazuh.manager_1 | [cont-finish.d] done.
wazuh.manager_1 | [s6-finish] waiting for services.
wazuh.manager_1 | [s6-finish] sending all processes the TERM signal.
wazuh.manager_1 | [s6-finish] sending all processes the KILL signal and exiting.
wazuh.manager_1 | [s6-init] making user provided files available at /var/run/s6/etc...exited 0.
wazuh.manager_1 | [s6-init] ensuring user provided files have correct perms...exited 0.
wazuh.manager_1 | [fix-attrs.d] applying ownership & permissions fixes...
wazuh.manager_1 | [fix-attrs.d] done.
wazuh.manager_1 | [cont-init.d] executing container initialization scripts...
wazuh.manager_1 | [cont-init.d] 0-wazuh-init: executing...
wazuh.manager_1 | /var/ossec/data_tmp/permanent/var/ossec/api/configuration/
wazuh.manager_1 | find: '/var/ossec/api/configuration': Permission denied
wazuh.manager_1 | Installing /var/ossec/api/configuration
wazuh.manager_1 | Error executing command: 'cp -a /var/ossec/data_tmp/permanent/var/ossec/api/configuration/. /var/ossec/api/configuration'.
wazuh.manager_1 | Exiting.
wazuh.manager_1 | [cont-init.d] 0-wazuh-init: exited 1.
wazuh.manager_1 | [cont-init.d] 1-config-filebeat: executing...
wazuh.manager_1 | Customize Elasticsearch ouput IP
wazuh.manager_1 | sed: can't read /etc/filebeat/filebeat.yml: Permission denied
wazuh.manager_1 | [cont-init.d] 1-config-filebeat: exited 2.
wazuh.manager_1 | [cont-init.d] 2-manager: executing...
wazuh.manager_1 | /var/run/s6/etc/cont-init.d/2-manager: line 85: /var/ossec/api/configuration/admin.json: Permission denied
wazuh.manager_1 | wazuh-apid: There is an error in the ossec.conf file: [Errno 13] Permission denied: '/var/ossec/etc/ossec.conf'
wazuh.manager_1 | rm: cannot remove '/var/ossec/api/configuration/admin.json': Permission denied
wazuh.manager_1 | 2022/08/20 17:09:52 wazuh-csyslogd: CRITICAL: (1226): Error reading XML file 'etc/ossec.conf': (line 0).
wazuh.manager_1 | wazuh-csyslogd: Configuration error. Exiting
wazuh.manager_1 | [cont-init.d] 2-manager: exited 1.
wazuh.manager_1 | [cont-init.d] done.
wazuh.manager_1 | [services.d] starting services
wazuh.manager_1 | starting Filebeat
wazuh.manager_1 | tail: cannot open '/var/ossec/logs/ossec.log' for reading: Permission denied
wazuh.manager_1 | [services.d] done.
wazuh.manager_1 | Exiting: error loading config file: stat /etc/filebeat/filebeat.yml: permission denied
wazuh.manager_1 | Filebeat exited. code=1
wazuh.manager_1 | [cont-finish.d] executing container finish scripts...
wazuh.manager_1 | [cont-finish.d] done.
wazuh.manager_1 | [s6-finish] waiting for services.
wazuh.manager_1 | [s6-finish] sending all processes the TERM signal.
wazuh.manager_1 | [s6-finish] sending all processes the KILL signal and exiting.
wazuh.manager_1 | [s6-init] making user provided files available at /var/run/s6/etc...exited 0.
wazuh.manager_1 | [s6-init] ensuring user provided files have correct perms...exited 0.
wazuh.manager_1 | [fix-attrs.d] applying ownership & permissions fixes...
wazuh.manager_1 | [fix-attrs.d] done.
wazuh.manager_1 | [cont-init.d] executing container initialization scripts...
wazuh.manager_1 | [cont-init.d] 0-wazuh-init: executing...
wazuh.manager_1 | /var/ossec/data_tmp/permanent/var/ossec/api/configuration/
wazuh.manager_1 | find: '/var/ossec/api/configuration': Permission denied
wazuh.manager_1 | Installing /var/ossec/api/configuration
wazuh.manager_1 | Error executing command: 'cp -a /var/ossec/data_tmp/permanent/var/ossec/api/configuration/. /var/ossec/api/configuration'.
wazuh.manager_1 | Exiting.
wazuh.manager_1 | [cont-init.d] 0-wazuh-init: exited 1.
wazuh.manager_1 | [cont-init.d] 1-config-filebeat: executing...
wazuh.manager_1 | Customize Elasticsearch ouput IP
wazuh.manager_1 | sed: can't read /etc/filebeat/filebeat.yml: Permission denied
wazuh.manager_1 | [cont-init.d] 1-config-filebeat: exited 2.
wazuh.manager_1 | [cont-init.d] 2-manager: executing...
wazuh.manager_1 | /var/run/s6/etc/cont-init.d/2-manager: line 85: /var/ossec/api/configuration/admin.json: Permission denied
wazuh.dashboard_1 | {"type":"log","@timestamp":"2022-08-20T17:09:57Z","tags":["error","opensearch","data"],"pid":39,"message":"[ConnectionError]: getaddrinfo ENOTFOUND wazuh.indexer wazuh.indexer:9200"}
wazuh.manager_1 | wazuh-apid: There is an error in the ossec.conf file: [Errno 13] Permission denied: '/var/ossec/etc/ossec.conf'
wazuh.manager_1 | rm: cannot remove '/var/ossec/api/configuration/admin.json': Permission denied
wazuh.manager_1 | 2022/08/20 17:09:58 wazuh-csyslogd: CRITICAL: (1226): Error reading XML file 'etc/ossec.conf': (line 0).
wazuh.manager_1 | wazuh-csyslogd: Configuration error. Exiting
wazuh.manager_1 | [cont-init.d] 2-manager: exited 1.
wazuh.manager_1 | [cont-init.d] done.
wazuh.manager_1 | [services.d] starting services
wazuh.manager_1 | starting Filebeat
wazuh.manager_1 | tail: cannot open '/var/ossec/logs/ossec.log' for reading: Permission denied
wazuh.manager_1 | [services.d] done.
wazuh.manager_1 | Exiting: error loading config file: stat /etc/filebeat/filebeat.yml: permission denied
wazuh.manager_1 | Filebeat exited. code=1
wazuh.manager_1 | [cont-finish.d] executing container finish scripts...
wazuh.manager_1 | [cont-finish.d] done.
wazuh.manager_1 | [s6-finish] waiting for services.
wazuh.manager_1 | [s6-finish] sending all processes the TERM signal.
wazuh.dashboard_1 | {"type":"log","@timestamp":"2022-08-20T17:10:00Z","tags":["error","opensearch","data"],"pid":39,"message":"[ConnectionError]: getaddrinfo ENOTFOUND wazuh.indexer wazuh.indexer:9200"}
wazuh.manager_1 | [s6-finish] sending all processes the KILL signal and exiting.
^CGracefully stopping... (press Ctrl+C again to force)
Stopping single-node_wazuh.dashboard_1 ... done
Stopping single-node_wazuh.manager_1 ... done
Stopping single-node_wazuh.indexer_1 ... done
6- when access web Wazuh dashboard server is not ready yet
7- when running compose up $ sudo docker ps
Emulate Docker CLI using podman. Create /etc/containers/nodocker to quiet msg.
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
cb2a7bf9211b docker.io/wazuh/wazuh-indexer:4.3.6 opensearchwrapper 5 minutes ago Up 33 seconds ago 0.0.0.0:9200->9200/tcp single-node_wazuh.indexer_1
35252f53bb06 docker.io/wazuh/wazuh-manager:4.3.6 5 minutes ago Up Less than a second ago 0.0.0.0:1514-1515->1514-1515/tcp, 0.0.0.0:55000->55000/tcp, 0.0.0.0:514->514/udp single-node_wazuh.manager_1
24090bcabe96 docker.io/wazuh/wazuh-dashboard:4.3.6 5 minutes ago Up 33 seconds ago 0.0.0.0:443->5601/tcp single-node_wazuh.dashboard_1
Hi @zamantech.
For step 2
the command should be something like this:
docker volume rm $(docker volume ls -f name=single-node_ -q)
Make sure all the deployment volumes are removed using:
docker volume ls
Please repeat the procedure using these commands for step 2
.
I was seeing similar errors in my environment. The issue was SELinux. Temporarily disabling SELinux allowed the service to start with no errors. Of course, disabling SELinux is not the recommended solution but you could try it to see the errors go away. If so, you know what the issue is and now you just need to create some exceptions.
In my opinion disabling SELinux is part of a trouble shouting method ;) set it to permissive so it will log the problems, and you can then do something about it autdit2allow being the worst because it will set a generic permission instead of setting the right context. if you disable SELinux yes you will see that it is the culprit but you will not have logs to do anything about it ! usualy when a start a service I always set SELinux to permissive at least for 1 week during test and exploring as many fonctionnalities as possible then I check the audit logs of the week for any denied and I fix the context for the app ;)
when try to run
docker-compose up
using podman i get this error outputThe compose File
for more check https://github.com/wazuh/wazuh-docker
so how to avoid (use alternative/solution) "links" since it's not supported by podman/docker (maybe in the futuer)? I try what suggest at stackverflow but get permision error
Best Regards