Migrate the Wazuh unattended scripts related files to `wazuh-installation-assistant`

[teddytpc1]

Objective
https://github.com/wazuh/wazuh-packages/issues/2904

Description

Because of the Wazuh packages redesign tier 2 objective we need to migrate the Wazuh installation assistant-related files from the wazuh-packages repository to this one.

Tasks

• [x] Migrate all the Wazuh installation assistant-related files from the wazuh-packages repository to this one (including the tests/unattended folder)
• [x] Modify the name of the directories from unattended_installer to installation_assistant if applies
• [x] Validate the Wazuh installation assistant, Wazuh password tool and Wazuh cert tool can be built locally after the migration
• [x] Validate the scripts work as expected
• [x] Migrate the existing Installation assistant actions
• [x] Remove Wazuh installation assistant files from wazuh-packages repository

Related

• https://github.com/wazuh/wazuh-installation-assistant/issues/21

[davidcr01]

Update Report

Progress

• [x] First copy of files: https://github.com/wazuh/wazuh-installation-assistant/pull/31
• [x] Copy the subfolders and files of the unattended_installer folder. https://github.com/wazuh/wazuh-installation-assistant/commit/bb25924ac727b2798e7a6e68c79af3ba4b3602ee
• [x] Replace all the unattended references to assistant. https://github.com/wazuh/wazuh-installation-assistant/commit/acf7affd6d49ae9314aea0332a28f5cb3b10d2ad
• [x] Create the VERSION file. https://github.com/wazuh/wazuh-installation-assistant/commit/f05966a0d538b90b1118ed7ae747b12c9c2f6e2b
• [x] Copy the SECURITY.md file. https://github.com/wazuh/wazuh-installation-assistant/commit/de19d53b00c5250ab3b5c0d7ad6f7a5c9e3337be
• [x] Validate builder.sh. https://github.com/wazuh/wazuh-installation-assistant/issues/19#issuecomment-2296523318
  • [x] Building the Assistant.
  • [x] Building the Password tool.
  • [x] Building the Cert tool.
• [x] Validate wazuh-install.sh. https://github.com/wazuh/wazuh-installation-assistant/issues/19#issuecomment-2298630853
• [x] Validate wazuh-passwords-tool.sh. https://github.com/wazuh/wazuh-installation-assistant/issues/19#issuecomment-2298630853
• [x] Validate wazuh-certs-tool.sh. https://github.com/wazuh/wazuh-installation-assistant/issues/19#issuecomment-2298630853
• [x] Copy pytests. https://github.com/wazuh/wazuh-installation-assistant/commit/d446b3cfc64586c106fc2086e59f745a5b3ec3db.
• [ ] Adapt pytests. Will be done in https://github.com/wazuh/wazuh-installation-assistant/issues/20
• [ ] Validate pytests. Will be done in https://github.com/wazuh/wazuh-installation-assistant/issues/20
• [ ] Adapt unit tests. Will be done in https://github.com/wazuh/wazuh-installation-assistant/issues/20
• [ ] Validate unit tests. Will be done in https://github.com/wazuh/wazuh-installation-assistant/issues/20
• [x] Update the README.md file. https://github.com/wazuh/wazuh-installation-assistant/commit/ce4b56d440a4c09f1bd51114d988f26e54194823 and https://github.com/wazuh/wazuh-installation-assistant/commit/8bbd2456087bb9bfe2d1451d28df4d9fca74ac6e
• [x] Create the CHANGELOG.md file https://github.com/wazuh/wazuh-installation-assistant/commit/08eab8d16c1fca9c6dac8919b15c6537f2e181b0 and update the CHANGELOG.md file .https://github.com/wazuh/wazuh-installation-assistant/commit/8121896cfa0c1303a599386dafc4cf6a96fc37fe.

[davidcr01]

Update Report

Validating script build

The scripts are built correctly after the migration:

➜  wazuh-installation-assistant git:(enhancement/19-installation-assistant-files-migration) bash builder.sh -i
➜  wazuh-installation-assistant git:(enhancement/19-installation-assistant-files-migration) ✗ ls | grep wazuh-install
wazuh-install.sh
➜  wazuh-installation-assistant git:(enhancement/19-installation-assistant-files-migration) ✗ bash builder.sh -c
➜  wazuh-installation-assistant git:(enhancement/19-installation-assistant-files-migration) ✗ ls | grep wazuh-certs
wazuh-certs-tool.sh
➜  wazuh-installation-assistant git:(enhancement/19-installation-assistant-files-migration) ✗ bash builder.sh -p
➜  wazuh-installation-assistant git:(enhancement/19-installation-assistant-files-migration) ✗ ls | grep wazuh-pass  
wazuh-passwords-tool.sh
➜  wazuh-installation-assistant git:(enhancement/19-installation-assistant-files-migration) ✗ 

A new issue has been created reported that, if the builder is not used without any parameter, it does not print the help: https://github.com/wazuh/wazuh-installation-assistant/issues/24

[davidcr01]

Update Report

Problem using the assistant

While validating the installation assistant, I encountered an issue when the assistant detects that there is an error connecting to the API:

0/08/2024 09:03:23 DEBUG: Configuring Wazuh manager.
20/08/2024 09:03:23 DEBUG: Setting provisional Wazuh indexer password.
20/08/2024 09:03:23 INFO: Wazuh manager vulnerability detection configuration finished.
20/08/2024 09:03:23 INFO: Starting service wazuh-manager.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-manager.service → /lib/systemd/system/wazuh-manager.service.
20/08/2024 09:03:38 INFO: wazuh-manager service started.
20/08/2024 09:03:38 INFO: Checking Wazuh API connection
20/08/2024 09:03:38 ERROR: Wazuh API connection Error. {
   "data": {
      "affected_items": [],
      "total_affected_items": 0,
      "total_failed_items": 0,
      "failed_items": []
   },
   "message": "No agent information was returned",
   "error": 0
}
wazuh-clusterd not running...
wazuh-modulesd is running...
wazuh-monitord is running...
wazuh-logcollector is running...
wazuh-remoted is running...
wazuh-syscheckd is running...
wazuh-analysisd is running...
wazuh-maild not running...
wazuh-execd is running...
wazuh-db is running...
wazuh-authd is running...
wazuh-agentlessd not running...
wazuh-integratord not running...
wazuh-dbd not running...
wazuh-csyslogd not running...
wazuh-apid is running...
20/08/2024 09:03:38 INFO: --- Removing existing Wazuh installation ---

If I debug the execution trace, I see that curl returns a valid JSON where there is no error, but the assistant handles it as if there is one:

+ wm_error='{
   "data": {
      "affected_items": [],
      "total_affected_items": 0,
      "total_failed_items": 0,
      "failed_items": []
   },
   "message": "No agent information was returned",
   "error": 0
}'
+ [[ {
   "data": {
      "affected_items": [],
      "total_affected_items": 0,
      "total_failed_items": 0,
      "failed_items": []
   },
   "message": "no agent information was returned",
   "error": 0
} = \"\e\r\r\o\r\"\:\ \0 ]]
+ common_logger -e 'Wazuh API connection Error. {

If I look at the code that was incorporated in https://github.com/wazuh/wazuh-packages/pull/3059, I see that the entire content of the vm_error variable is being passed to minuscules and compared with the string error: 0 (exact comparison, that is, the vm_error variable must only contain the string error: 0 for the condition to evaluate as true):

wm_error=$(curl -k -s -X GET "https://127.0.0.1:55000/agents/outdated?pretty=true" -H "Authorization: Bearer ${TOKEN}")

if [[ ${wm_error,,} = '"error": 0' ]]; then
   common_logger "Wazuh API connection successful"

[!CAUTION] So maybe this is a false negative that needs to be investigated, and if it is a bug, it is necessary to open an issue reporting this.

[davidcr01]

Update Report

Validating installation assistant

:heavy_check_mark: AIO installation - using -a option

```console root@ip-172-31-85-12:/home/ubuntu# bash wazuh-install.sh -a -v 20/08/2024 10:10:39 DEBUG: Checking root permissions. 20/08/2024 10:10:39 DEBUG: Checking sudo package. 20/08/2024 10:10:39 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.1 20/08/2024 10:10:39 INFO: Verbose logging redirected to /var/log/wazuh-install.log 20/08/2024 10:10:39 DEBUG: APT package manager will be used. 20/08/2024 10:10:39 DEBUG: Checking system distribution. 20/08/2024 10:10:39 DEBUG: Detected distribution name: ubuntu 20/08/2024 10:10:39 DEBUG: Detected distribution version: 22 20/08/2024 10:10:39 DEBUG: Installing check dependencies. Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease Get:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease [128 kB] Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease Get:4 http://security.ubuntu.com/ubuntu jammy-security InRelease [129 kB] Fetched 257 kB in 0s (529 kB/s) Reading package lists... 20/08/2024 10:10:48 DEBUG: Checking Wazuh installation. 20/08/2024 10:10:49 DEBUG: Checking system architecture. 20/08/2024 10:10:49 INFO: Verifying that your system meets the recommended minimum hardware requirements. 20/08/2024 10:10:49 DEBUG: CPU cores detected: 4 20/08/2024 10:10:49 DEBUG: Free RAM memory detected: 7847 20/08/2024 10:10:49 DEBUG: Installing check dependencies. Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease Hit:4 http://security.ubuntu.com/ubuntu jammy-security InRelease Reading package lists... 20/08/2024 10:10:53 INFO: Wazuh web interface port will be 443. 20/08/2024 10:10:53 DEBUG: Checking ports availability. Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease Hit:4 http://security.ubuntu.com/ubuntu jammy-security InRelease Reading package lists... 20/08/2024 10:10:55 DEBUG: Installing prerequisites dependencies. 20/08/2024 10:10:58 DEBUG: Checking curl tool version. 20/08/2024 10:10:58 DEBUG: Adding the Wazuh repository. gpg: keyring '/usr/share/keyrings/wazuh.gpg' created gpg: key 96B3EE5F29111145: public key "Wazuh.com (Wazuh Signing Key) " imported gpg: Total number processed: 1 gpg: imported: 1 deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages.wazuh.com/4.x/apt/ stable main Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease Get:4 https://packages.wazuh.com/4.x/apt stable InRelease [17.3 kB] Hit:5 http://security.ubuntu.com/ubuntu jammy-security InRelease Get:6 https://packages.wazuh.com/4.x/apt stable/main amd64 Packages [42.1 kB] Fetched 59.4 kB in 0s (189 kB/s) Reading package lists... 20/08/2024 10:11:00 INFO: Wazuh repository added. 20/08/2024 10:11:00 INFO: --- Configuration files --- 20/08/2024 10:11:00 INFO: Generating configuration files. 20/08/2024 10:11:00 DEBUG: Creating Wazuh certificates. 20/08/2024 10:11:00 DEBUG: Reading configuration file. 20/08/2024 10:11:00 DEBUG: Checking if 127.0.0.1 is private. 20/08/2024 10:11:00 DEBUG: Checking if 127.0.0.1 is private. 20/08/2024 10:11:00 DEBUG: Checking if 127.0.0.1 is private. 20/08/2024 10:11:00 INFO: Generating the root certificate. 20/08/2024 10:11:00 INFO: Generating Admin certificates. 20/08/2024 10:11:00 DEBUG: Generating Admin private key. 20/08/2024 10:11:01 DEBUG: Converting Admin private key to PKCS8 format. 20/08/2024 10:11:01 DEBUG: Generating Admin CSR. 20/08/2024 10:11:01 DEBUG: Creating Admin certificate. 20/08/2024 10:11:01 INFO: Generating Wazuh indexer certificates. 20/08/2024 10:11:01 DEBUG: Creating the certificates for wazuh-indexer indexer node. 20/08/2024 10:11:01 DEBUG: Generating certificate configuration. 20/08/2024 10:11:01 DEBUG: Creating the Wazuh indexer tmp key pair. 20/08/2024 10:11:01 DEBUG: Creating the Wazuh indexer certificates. 20/08/2024 10:11:01 INFO: Generating Filebeat certificates. 20/08/2024 10:11:01 DEBUG: Generating the certificates for wazuh-server server node. 20/08/2024 10:11:01 DEBUG: Generating certificate configuration. 20/08/2024 10:11:01 DEBUG: Creating the Wazuh server tmp key pair. 20/08/2024 10:11:01 DEBUG: Creating the Wazuh server certificates. 20/08/2024 10:11:01 INFO: Generating Wazuh dashboard certificates. 20/08/2024 10:11:01 DEBUG: Generating certificate configuration. 20/08/2024 10:11:01 DEBUG: Creating the Wazuh dashboard tmp key pair. 20/08/2024 10:11:01 DEBUG: Creating the Wazuh dashboard certificates. 20/08/2024 10:11:01 DEBUG: Cleaning certificate files. 20/08/2024 10:11:01 DEBUG: Generating password file. 20/08/2024 10:11:01 DEBUG: Generating random passwords. 20/08/2024 10:11:01 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation. 20/08/2024 10:11:01 DEBUG: Extracting Wazuh configuration. 20/08/2024 10:11:01 DEBUG: Reading configuration file. 20/08/2024 10:11:01 DEBUG: Checking if 127.0.0.1 is private. 20/08/2024 10:11:01 DEBUG: Checking if 127.0.0.1 is private. 20/08/2024 10:11:01 DEBUG: Checking if 127.0.0.1 is private. 20/08/2024 10:11:01 INFO: --- Wazuh indexer --- 20/08/2024 10:11:01 INFO: Starting Wazuh indexer installation. Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: wazuh-indexer 0 upgraded, 1 newly installed, 0 to remove and 203 not upgraded. Need to get 0 B/756 MB of archives. After this operation, 1050 MB of additional disk space will be used. Selecting previously unselected package NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.19.0-1025-aws NEEDRESTART-KEXP: 5.19.0-1025-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: acpid.service NEEDRESTART-SVC: chrony.service NEEDRESTART-SVC: cron.service NEEDRESTART-SVC: dbus.service NEEDRESTART-SVC: getty@tty1.service NEEDRESTART-SVC: irqbalance.service NEEDRESTART-SVC: multipathd.service NEEDRESTART-SVC: networkd-dispatcher.service NEEDRESTART-SVC: packagekit.service NEEDRESTART-SVC: polkit.service NEEDRESTART-SVC: rsyslog.service NEEDRESTART-SVC: serial-getty@ttyS0.service NEEDRESTART-SVC: snapd.service NEEDRESTART-SVC: ssh.service NEEDRESTART-SVC: systemd-journald.service NEEDRESTART-SVC: systemd-logind.service NEEDRESTART-SVC: systemd-networkd.service NEEDRESTART-SVC: systemd-resolved.service NEEDRESTART-SVC: systemd-udevd.service NEEDRESTART-SVC: unattended-upgrades.service NEEDRESTART-SVC: user@1000.service 20/08/2024 10:11:52 DEBUG: Checking Wazuh installation. 20/08/2024 10:11:53 DEBUG: There are Wazuh indexer remaining files. 20/08/2024 10:11:53 INFO: Wazuh indexer installation finished. 20/08/2024 10:11:53 DEBUG: Configuring Wazuh indexer. 20/08/2024 10:11:53 DEBUG: Copying Wazuh indexer certificates. 20/08/2024 10:11:53 INFO: Wazuh indexer post-install configuration finished. 20/08/2024 10:11:53 INFO: Starting service wazuh-indexer. Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service → /lib/systemd/system/wazuh-indexer.service. 20/08/2024 10:12:04 INFO: wazuh-indexer service started. 20/08/2024 10:12:04 INFO: Initializing Wazuh indexer cluster security settings. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to 127.0.0.1:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.10.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: GREEN Number of nodes: 1 Number of data nodes: 1 .opendistro_security index does not exists, attempt to create it ... done (0-all replicas) Populate config from /etc/wazuh-indexer/opensearch-security/ Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml SUCC: Configuration for 'config' created or updated Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml SUCC: Configuration for 'roles' created or updated Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml SUCC: Configuration for 'rolesmapping' created or updated Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml SUCC: Configuration for 'internalusers' created or updated Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml SUCC: Configuration for 'actiongroups' created or updated Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml SUCC: Configuration for 'tenants' created or updated Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml SUCC: Configuration for 'nodesdn' created or updated Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml SUCC: Configuration for 'whitelist' created or updated Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml SUCC: Configuration for 'audit' created or updated Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml SUCC: Configuration for 'allowlist' created or updated SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null Done with success 20/08/2024 10:12:16 INFO: Wazuh indexer cluster security configuration initialized. 20/08/2024 10:12:16 INFO: Wazuh indexer cluster initialized. 20/08/2024 10:12:16 INFO: --- Wazuh server --- 20/08/2024 10:12:16 INFO: Starting the Wazuh manager installation. Reading package lists... Building dependency tree... Reading state information... Suggested packages: expect The following NEW packages will be installed: wazuh-manager 0 upgraded, 1 newly installed, 0 to remove and 203 not upgraded. Need to get 0 B/310 MB of archives. After this operation, 911 MB of additional disk space will be used. Selecting pre NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.19.0-1025-aws NEEDRESTART-KEXP: 5.19.0-1025-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: acpid.service NEEDRESTART-SVC: chrony.service NEEDRESTART-SVC: cron.service NEEDRESTART-SVC: dbus.service NEEDRESTART-SVC: getty@tty1.service NEEDRESTART-SVC: irqbalance.service NEEDRESTART-SVC: multipathd.service NEEDRESTART-SVC: networkd-dispatcher.service NEEDRESTART-SVC: packagekit.service NEEDRESTART-SVC: polkit.service NEEDRESTART-SVC: rsyslog.service NEEDRESTART-SVC: serial-getty@ttyS0.service NEEDRESTART-SVC: snapd.service NEEDRESTART-SVC: ssh.service NEEDRESTART-SVC: systemd-journald.service NEEDRESTART-SVC: systemd-logind.service NEEDRESTART-SVC: systemd-networkd.service NEEDRESTART-SVC: systemd-resolved.service NEEDRESTART-SVC: systemd-udevd.service NEEDRESTART-SVC: unattended-upgrades.service NEEDRESTART-SVC: user@1000.service 20/08/2024 10:12:58 DEBUG: Checking Wazuh installation. 20/08/2024 10:12:58 DEBUG: There are Wazuh remaining files. 20/08/2024 10:12:58 DEBUG: There are Wazuh indexer remaining files. 20/08/2024 10:12:59 INFO: Wazuh manager installation finished. 20/08/2024 10:12:59 DEBUG: Configuring Wazuh manager. 20/08/2024 10:12:59 DEBUG: Setting provisional Wazuh indexer password. 20/08/2024 10:12:59 INFO: Wazuh manager vulnerability detection configuration finished. 20/08/2024 10:12:59 INFO: Starting service wazuh-manager. Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-manager.service → /lib/systemd/system/wazuh-manager.service. 20/08/2024 10:13:13 INFO: wazuh-manager service started. 20/08/2024 10:13:13 INFO: Checking Wazuh API connection 20/08/2024 10:13:13 INFO: Wazuh API connection successful 20/08/2024 10:13:13 INFO: Starting Filebeat installation. Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: filebeat 0 upgraded, 1 newly installed, 0 to remove and 203 not upgraded. Need to get 22.1 MB of archives. After this operation, 73.6 MB of additional disk space will be used. Get:1 https://packages.wazuh.com/4.x/apt stable/main amd64 filebeat amd64 7.10.2 [22.1 MB] Fetched 22.1 MB in 0s (63.5 MB/s) Selecting previously unselected package NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.19.0-1025-aws NEEDRESTART-KEXP: 5.19.0-1025-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: acpid.service NEEDRESTART-SVC: chrony.service NEEDRESTART-SVC: cron.service NEEDRESTART-SVC: dbus.service NEEDRESTART-SVC: getty@tty1.service NEEDRESTART-SVC: irqbalance.service NEEDRESTART-SVC: multipathd.service NEEDRESTART-SVC: networkd-dispatcher.service NEEDRESTART-SVC: packagekit.service NEEDRESTART-SVC: polkit.service NEEDRESTART-SVC: rsyslog.service NEEDRESTART-SVC: serial-getty@ttyS0.service NEEDRESTART-SVC: snapd.service NEEDRESTART-SVC: ssh.service NEEDRESTART-SVC: systemd-journald.service NEEDRESTART-SVC: systemd-logind.service NEEDRESTART-SVC: systemd-networkd.service NEEDRESTART-SVC: systemd-resolved.service NEEDRESTART-SVC: systemd-udevd.service NEEDRESTART-SVC: unattended-upgrades.service NEEDRESTART-SVC: user@1000.service 20/08/2024 10:13:24 DEBUG: Checking Wazuh installation. 20/08/2024 10:13:25 DEBUG: There are Wazuh remaining files. 20/08/2024 10:13:25 DEBUG: There are Wazuh indexer remaining files. 20/08/2024 10:13:26 DEBUG: There are Filebeat remaining files. 20/08/2024 10:13:26 INFO: Filebeat installation finished. 20/08/2024 10:13:26 DEBUG: Configuring Filebeat. 20/08/2024 10:13:26 DEBUG: Filebeat template was download successfully. wazuh/ wazuh/_meta/ wazuh/_meta/docs.asciidoc wazuh/_meta/fields.yml wazuh/_meta/config.yml wazuh/alerts/ wazuh/alerts/config/ wazuh/alerts/config/alerts.yml wazuh/alerts/manifest.yml wazuh/alerts/ingest/ wazuh/alerts/ingest/pipeline.json wazuh/module.yml wazuh/archives/ wazuh/archives/config/ wazuh/archives/config/archives.yml wazuh/archives/manifest.yml wazuh/archives/ingest/ wazuh/archives/ingest/pipeline.json 20/08/2024 10:13:26 DEBUG: Filebeat module was downloaded successfully. 20/08/2024 10:13:26 DEBUG: Copying Filebeat certificates. Created filebeat keystore Successfully updated the keystore Successfully updated the keystore 20/08/2024 10:13:27 INFO: Filebeat post-install configuration finished. 20/08/2024 10:13:27 INFO: Starting service filebeat. Synchronizing state of filebeat.service with SysV service script with /lib/systemd/systemd-sysv-install. Executing: /lib/systemd/systemd-sysv-install enable filebeat Created symlink /etc/systemd/system/multi-user.target.wants/filebeat.service → /lib/systemd/system/filebeat.service. 20/08/2024 10:13:28 INFO: filebeat service started. 20/08/2024 10:13:28 INFO: Checking Filebeat connection 20/08/2024 10:13:28 INFO: Filebeat connection successful 20/08/2024 10:13:28 INFO: --- Wazuh dashboard --- 20/08/2024 10:13:28 INFO: Starting Wazuh dashboard installation. Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: wazuh-dashboard 0 upgraded, 1 newly installed, 0 to remove and 203 not upgraded. Need to get 186 MB of archives. After this operation, 998 MB of additional disk space will be used. Get:1 https://packages.wazuh.com/4.x/apt stable/main amd64 wazuh-dashboard amd64 4.8.1-1 [186 MB] Fetched 186 MB in 4s (52.7 MB/s) Selecting previously unselec NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.19.0-1025-aws NEEDRESTART-KEXP: 5.19.0-1025-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: acpid.service NEEDRESTART-SVC: chrony.service NEEDRESTART-SVC: cron.service NEEDRESTART-SVC: dbus.service NEEDRESTART-SVC: getty@tty1.service NEEDRESTART-SVC: irqbalance.service NEEDRESTART-SVC: multipathd.service NEEDRESTART-SVC: networkd-dispatcher.service NEEDRESTART-SVC: packagekit.service NEEDRESTART-SVC: polkit.service NEEDRESTART-SVC: rsyslog.service NEEDRESTART-SVC: serial-getty@ttyS0.service NEEDRESTART-SVC: snapd.service NEEDRESTART-SVC: ssh.service NEEDRESTART-SVC: systemd-journald.service NEEDRESTART-SVC: systemd-logind.service NEEDRESTART-SVC: systemd-networkd.service NEEDRESTART-SVC: systemd-resolved.service NEEDRESTART-SVC: systemd-udevd.service NEEDRESTART-SVC: unattended-upgrades.service NEEDRESTART-SVC: user@1000.service 20/08/2024 10:16:04 DEBUG: Checking Wazuh installation. 20/08/2024 10:16:04 DEBUG: There are Wazuh remaining files. 20/08/2024 10:16:04 DEBUG: There are Wazuh indexer remaining files. 20/08/2024 10:16:05 DEBUG: There are Filebeat remaining files. 20/08/2024 10:16:05 DEBUG: There are Wazuh dashboard remaining files. 20/08/2024 10:16:05 INFO: Wazuh dashboard installation finished. 20/08/2024 10:16:05 DEBUG: Configuring Wazuh dashboard. 20/08/2024 10:16:05 DEBUG: Copying Wazuh dashboard certificates. 20/08/2024 10:16:05 DEBUG: Wazuh dashboard certificate setup finished. 20/08/2024 10:16:05 INFO: Wazuh dashboard post-install configuration finished. 20/08/2024 10:16:05 INFO: Starting service wazuh-dashboard. Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service → /etc/systemd/system/wazuh-dashboard.service. 20/08/2024 10:16:05 INFO: wazuh-dashboard service started. 20/08/2024 10:16:05 DEBUG: Setting Wazuh indexer cluster passwords. 20/08/2024 10:16:05 DEBUG: Checking Wazuh installation. 20/08/2024 10:16:06 DEBUG: There are Wazuh remaining files. 20/08/2024 10:16:06 DEBUG: There are Wazuh indexer remaining files. 20/08/2024 10:16:07 DEBUG: There are Filebeat remaining files. 20/08/2024 10:16:07 DEBUG: There are Wazuh dashboard remaining files. 20/08/2024 10:16:07 INFO: Updating the internal users. 20/08/2024 10:16:07 DEBUG: Creating password backup. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to 127.0.0.1:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.10.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: GREEN Number of nodes: 1 Number of data nodes: 1 .opendistro_security index already exists, so we do not need to create one. Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml 20/08/2024 10:16:10 DEBUG: Password backup created in /etc/wazuh-indexer/backup. 20/08/2024 10:16:10 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder. 20/08/2024 10:16:10 DEBUG: The internal users have been updated before changing the passwords. 20/08/2024 10:16:10 DEBUG: Generating password hashes. 20/08/2024 10:16:14 DEBUG: Password hashes generated. 20/08/2024 10:16:14 DEBUG: Creating password backup. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to 127.0.0.1:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.10.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: GREEN Number of nodes: 1 Number of data nodes: 1 .opendistro_security index already exists, so we do not need to create one. Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml 20/08/2024 10:16:17 DEBUG: Password backup created in /etc/wazuh-indexer/backup. Successfully updated the keystore Successfully updated the keystore 20/08/2024 10:16:17 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password. 20/08/2024 10:16:17 DEBUG: Restarting filebeat service... 20/08/2024 10:16:17 DEBUG: filebeat started. 20/08/2024 10:16:17 DEBUG: Restarting wazuh-manager service... 20/08/2024 10:16:33 DEBUG: wazuh-manager started. 20/08/2024 10:16:34 DEBUG: Restarting wazuh-dashboard service... 20/08/2024 10:16:34 DEBUG: wazuh-dashboard started. 20/08/2024 10:16:34 DEBUG: Running security admin tool. 20/08/2024 10:16:34 DEBUG: Loading new passwords changes. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to 127.0.0.1:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.10.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: GREEN Number of nodes: 1 Number of data nodes: 1 .opendistro_security index already exists, so we do not need to create one. Populate config from /home/ubuntu Force type: internalusers Will update '/internalusers' with /etc/wazuh-indexer/backup/internal_users.yml SUCC: Configuration for 'internalusers' created or updated SUCC: Expected 1 config types for node {"updated_config_types":["internalusers"],"updated_config_size":1,"message":null} is 1 (["internalusers"]) due to: null Done with success 20/08/2024 10:16:36 DEBUG: Passwords changed. 20/08/2024 10:16:36 DEBUG: Changing API passwords. 20/08/2024 10:16:44 INFO: Initializing Wazuh dashboard web application. 20/08/2024 10:16:44 INFO: Wazuh dashboard web application not yet initialized. Waiting... 20/08/2024 10:17:00 INFO: Wazuh dashboard web application not yet initialized. Waiting... 20/08/2024 10:17:15 INFO: Wazuh dashboard web application initialized. 20/08/2024 10:17:15 INFO: --- Summary --- 20/08/2024 10:17:15 INFO: You can access the web interface https://:443 User: admin Password: Z*6rCVMO5QBu3bN1tptTI7JOMxaQzV95 20/08/2024 10:17:15 DEBUG: Restoring Wazuh repository. 20/08/2024 10:17:15 INFO: Installation finished. ```

:heavy_check_mark: Distributed installation - using -g, -wi, -ws, -ws, -s options

```console root@ip-172-31-85-12:/home/ubuntu# bash wazuh-install.sh -g -v 20/08/2024 10:18:38 DEBUG: Checking root permissions. 20/08/2024 10:18:38 DEBUG: Checking sudo package. 20/08/2024 10:18:38 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.1 20/08/2024 10:18:38 INFO: Verbose logging redirected to /var/log/wazuh-install.log 20/08/2024 10:18:38 DEBUG: APT package manager will be used. 20/08/2024 10:18:38 DEBUG: Checking system distribution. 20/08/2024 10:18:38 DEBUG: Detected distribution name: ubuntu 20/08/2024 10:18:38 DEBUG: Detected distribution version: 22 20/08/2024 10:18:38 DEBUG: Installing check dependencies. Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease Hit:4 http://security.ubuntu.com/ubuntu jammy-security InRelease Reading package lists... 20/08/2024 10:18:42 DEBUG: Checking Wazuh installation. 20/08/2024 10:18:43 DEBUG: Checking system architecture. 20/08/2024 10:18:43 INFO: Verifying that your system meets the recommended minimum hardware requirements. 20/08/2024 10:18:43 DEBUG: CPU cores detected: 4 20/08/2024 10:18:43 DEBUG: Free RAM memory detected: 7847 20/08/2024 10:18:43 DEBUG: Installing check dependencies. Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease Hit:4 http://security.ubuntu.com/ubuntu jammy-security InRelease Reading package lists... 20/08/2024 10:18:47 INFO: --- Configuration files --- 20/08/2024 10:18:47 INFO: Generating configuration files. 20/08/2024 10:18:47 DEBUG: Checking if OpenSSL is installed. 20/08/2024 10:18:47 DEBUG: Creating Wazuh certificates. 20/08/2024 10:18:47 DEBUG: Reading configuration file. 20/08/2024 10:18:47 DEBUG: Checking if 127.0.0.1 is private. 20/08/2024 10:18:47 DEBUG: Checking if 127.0.0.1 is private. 20/08/2024 10:18:47 DEBUG: Checking if 127.0.0.1 is private. 20/08/2024 10:18:47 INFO: Generating the root certificate. 20/08/2024 10:18:47 INFO: Generating Admin certificates. 20/08/2024 10:18:47 DEBUG: Generating Admin private key. 20/08/2024 10:18:47 DEBUG: Converting Admin private key to PKCS8 format. 20/08/2024 10:18:47 DEBUG: Generating Admin CSR. 20/08/2024 10:18:47 DEBUG: Creating Admin certificate. 20/08/2024 10:18:47 INFO: Generating Wazuh indexer certificates. 20/08/2024 10:18:47 DEBUG: Creating the certificates for wazuh-indexer indexer node. 20/08/2024 10:18:47 DEBUG: Generating certificate configuration. 20/08/2024 10:18:47 DEBUG: Creating the Wazuh indexer tmp key pair. 20/08/2024 10:18:48 DEBUG: Creating the Wazuh indexer certificates. 20/08/2024 10:18:48 INFO: Generating Filebeat certificates. 20/08/2024 10:18:48 DEBUG: Generating the certificates for wazuh-server server node. 20/08/2024 10:18:48 DEBUG: Generating certificate configuration. 20/08/2024 10:18:48 DEBUG: Creating the Wazuh server tmp key pair. 20/08/2024 10:18:48 DEBUG: Creating the Wazuh server certificates. 20/08/2024 10:18:48 INFO: Generating Wazuh dashboard certificates. 20/08/2024 10:18:48 DEBUG: Generating certificate configuration. 20/08/2024 10:18:48 DEBUG: Creating the Wazuh dashboard tmp key pair. 20/08/2024 10:18:48 DEBUG: Creating the Wazuh dashboard certificates. 20/08/2024 10:18:48 DEBUG: Cleaning certificate files. 20/08/2024 10:18:48 DEBUG: Generating password file. 20/08/2024 10:18:48 DEBUG: Generating random passwords. 20/08/2024 10:18:48 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation. root@ip-172-31-85-12:/home/ubuntu# root@ip-172-31-85-12:/home/ubuntu# bash wazuh-install.sh -wi wazuh-indexer -v 20/08/2024 10:19:04 DEBUG: Checking root permissions. 20/08/2024 10:19:04 DEBUG: Checking sudo package. 20/08/2024 10:19:04 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.1 20/08/2024 10:19:04 INFO: Verbose logging redirected to /var/log/wazuh-install.log 20/08/2024 10:19:04 DEBUG: APT package manager will be used. 20/08/2024 10:19:04 DEBUG: Checking system distribution. 20/08/2024 10:19:04 DEBUG: Detected distribution name: ubuntu 20/08/2024 10:19:04 DEBUG: Detected distribution version: 22 20/08/2024 10:19:04 DEBUG: Installing check dependencies. Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease Hit:4 http://security.ubuntu.com/ubuntu jammy-security InRelease Reading package lists... 20/08/2024 10:19:08 DEBUG: Checking Wazuh installation. 20/08/2024 10:19:09 DEBUG: Checking system architecture. 20/08/2024 10:19:09 INFO: Verifying that your system meets the recommended minimum hardware requirements. 20/08/2024 10:19:09 DEBUG: CPU cores detected: 4 20/08/2024 10:19:09 DEBUG: Free RAM memory detected: 7847 20/08/2024 10:19:09 DEBUG: Installing check dependencies. Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease Hit:4 http://security.ubuntu.com/ubuntu jammy-security InRelease Reading package lists... 20/08/2024 10:19:13 DEBUG: Checking previous certificate existence. 20/08/2024 10:19:13 DEBUG: Checking ports availability. Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease Hit:4 http://security.ubuntu.com/ubuntu jammy-security InRelease Reading package lists... 20/08/2024 10:19:15 DEBUG: Installing prerequisites dependencies. 20/08/2024 10:19:17 DEBUG: Checking curl tool version. 20/08/2024 10:19:17 DEBUG: Adding the Wazuh repository. gpg: keyring '/usr/share/keyrings/wazuh.gpg' created gpg: key 96B3EE5F29111145: public key "Wazuh.com (Wazuh Signing Key) " imported gpg: Total number processed: 1 gpg: imported: 1 deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages.wazuh.com/4.x/apt/ stable main Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease Get:4 https://packages.wazuh.com/4.x/apt stable InRelease [17.3 kB] Hit:5 http://security.ubuntu.com/ubuntu jammy-security InRelease Get:6 https://packages.wazuh.com/4.x/apt stable/main amd64 Packages [42.1 kB] Fetched 59.4 kB in 0s (188 kB/s) Reading package lists... 20/08/2024 10:19:18 INFO: Wazuh repository added. 20/08/2024 10:19:18 DEBUG: Extracting Wazuh configuration. 20/08/2024 10:19:18 DEBUG: Reading configuration file. 20/08/2024 10:19:18 DEBUG: Checking if 127.0.0.1 is private. 20/08/2024 10:19:18 DEBUG: Checking if 127.0.0.1 is private. 20/08/2024 10:19:18 DEBUG: Checking if 127.0.0.1 is private. 20/08/2024 10:19:18 DEBUG: Checking node names in the configuration file. 20/08/2024 10:19:18 INFO: --- Wazuh indexer --- 20/08/2024 10:19:18 INFO: Starting Wazuh indexer installation. Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: wazuh-indexer 0 upgraded, 1 newly installed, 0 to remove and 203 not upgraded. Need to get 0 B/756 MB of archives. After this operation, 1050 MB of additional disk space will be used. Selecting previously unselected package NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.19.0-1025-aws NEEDRESTART-KEXP: 5.19.0-1025-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: acpid.service NEEDRESTART-SVC: chrony.service NEEDRESTART-SVC: cron.service NEEDRESTART-SVC: dbus.service NEEDRESTART-SVC: filebeat.service NEEDRESTART-SVC: getty@tty1.service NEEDRESTART-SVC: irqbalance.service NEEDRESTART-SVC: multipathd.service NEEDRESTART-SVC: networkd-dispatcher.service NEEDRESTART-SVC: packagekit.service NEEDRESTART-SVC: polkit.service NEEDRESTART-SVC: rsyslog.service NEEDRESTART-SVC: serial-getty@ttyS0.service NEEDRESTART-SVC: snapd.service NEEDRESTART-SVC: ssh.service NEEDRESTART-SVC: systemd-journald.service NEEDRESTART-SVC: systemd-logind.service NEEDRESTART-SVC: systemd-networkd.service NEEDRESTART-SVC: systemd-resolved.service NEEDRESTART-SVC: systemd-udevd.service NEEDRESTART-SVC: unattended-upgrades.service NEEDRESTART-SVC: user@1000.service 20/08/2024 10:20:09 DEBUG: Checking Wazuh installation. 20/08/2024 10:20:10 DEBUG: There are Wazuh indexer remaining files. 20/08/2024 10:20:10 INFO: Wazuh indexer installation finished. 20/08/2024 10:20:10 DEBUG: Configuring Wazuh indexer. 20/08/2024 10:20:10 DEBUG: Copying Wazuh indexer certificates. 20/08/2024 10:20:10 INFO: Wazuh indexer post-install configuration finished. 20/08/2024 10:20:10 INFO: Starting service wazuh-indexer. Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service → /lib/systemd/system/wazuh-indexer.service. 20/08/2024 10:20:21 INFO: wazuh-indexer service started. 20/08/2024 10:20:21 INFO: Initializing Wazuh indexer cluster security settings. 20/08/2024 10:20:22 DEBUG: Setting Wazuh indexer cluster passwords. 20/08/2024 10:20:22 DEBUG: Checking Wazuh installation. 20/08/2024 10:20:23 DEBUG: There are Wazuh indexer remaining files. 20/08/2024 10:20:23 INFO: Wazuh indexer cluster initialized. 20/08/2024 10:20:23 DEBUG: Restoring Wazuh repository. 20/08/2024 10:20:23 INFO: Installation finished. root@ip-172-31-85-12:/home/ubuntu# bash wazuh-install.sh -s -v 20/08/2024 10:21:20 DEBUG: Checking root permissions. 20/08/2024 10:21:20 DEBUG: Checking sudo package. 20/08/2024 10:21:20 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.1 20/08/2024 10:21:20 INFO: Verbose logging redirected to /var/log/wazuh-install.log 20/08/2024 10:21:20 DEBUG: APT package manager will be used. 20/08/2024 10:21:20 DEBUG: Checking system distribution. 20/08/2024 10:21:20 DEBUG: Detected distribution name: ubuntu 20/08/2024 10:21:20 DEBUG: Detected distribution version: 22 20/08/2024 10:21:20 DEBUG: Installing check dependencies. Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease Hit:4 https://packages.wazuh.com/4.x/apt stable InRelease Hit:5 http://security.ubuntu.com/ubuntu jammy-security InRelease Reading package lists... 20/08/2024 10:21:24 DEBUG: Checking Wazuh installation. 20/08/2024 10:21:24 DEBUG: There are Wazuh indexer remaining files. 20/08/2024 10:21:25 DEBUG: Checking system architecture. 20/08/2024 10:21:25 INFO: Verifying that your system meets the recommended minimum hardware requirements. 20/08/2024 10:21:25 DEBUG: CPU cores detected: 4 20/08/2024 10:21:25 DEBUG: Free RAM memory detected: 7847 20/08/2024 10:21:25 DEBUG: Installing check dependencies. Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease Hit:4 https://packages.wazuh.com/4.x/apt stable InRelease Hit:5 http://security.ubuntu.com/ubuntu jammy-security InRelease Reading package lists... 20/08/2024 10:21:29 DEBUG: Checking previous certificate existence. 20/08/2024 10:21:29 DEBUG: Extracting Wazuh configuration. 20/08/2024 10:21:29 DEBUG: Reading configuration file. 20/08/2024 10:21:29 DEBUG: Checking if 127.0.0.1 is private. 20/08/2024 10:21:29 DEBUG: Checking if 127.0.0.1 is private. 20/08/2024 10:21:29 DEBUG: Checking if 127.0.0.1 is private. 20/08/2024 10:21:29 DEBUG: Starting Wazuh indexer cluster. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to 127.0.0.1:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.10.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-indexer-cluster Clusterstate: GREEN Number of nodes: 1 Number of data nodes: 1 .opendistro_security index does not exists, attempt to create it ... done (0-all replicas) Populate config from /etc/wazuh-indexer/opensearch-security/ Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml SUCC: Configuration for 'config' created or updated Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml SUCC: Configuration for 'roles' created or updated Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml SUCC: Configuration for 'rolesmapping' created or updated Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml SUCC: Configuration for 'internalusers' created or updated Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml SUCC: Configuration for 'actiongroups' created or updated Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml SUCC: Configuration for 'tenants' created or updated Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml SUCC: Configuration for 'nodesdn' created or updated Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml SUCC: Configuration for 'whitelist' created or updated Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml SUCC: Configuration for 'audit' created or updated Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml SUCC: Configuration for 'allowlist' created or updated SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null Done with success 20/08/2024 10:21:38 INFO: Wazuh indexer cluster security configuration initialized. {"error":"Content-Type header [] is not supported","status":406}20/08/2024 10:22:03 DEBUG: Inserted wazuh-alerts template into the Wazuh indexer cluster. 20/08/2024 10:22:03 DEBUG: Setting Wazuh indexer cluster passwords. 20/08/2024 10:22:03 DEBUG: Checking Wazuh installation. 20/08/2024 10:22:03 DEBUG: There are Wazuh indexer remaining files. 20/08/2024 10:22:04 INFO: Updating the internal users. 20/08/2024 10:22:04 DEBUG: Creating password backup. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to 127.0.0.1:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.10.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-indexer-cluster Clusterstate: GREEN Number of nodes: 1 Number of data nodes: 1 .opendistro_security index already exists, so we do not need to create one. Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml 20/08/2024 10:22:06 DEBUG: Password backup created in /etc/wazuh-indexer/backup. 20/08/2024 10:22:06 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder. 20/08/2024 10:22:06 DEBUG: The internal users have been updated before changing the passwords. 20/08/2024 10:22:06 DEBUG: Generating password hashes. 20/08/2024 10:22:10 DEBUG: Password hashes generated. 20/08/2024 10:22:10 DEBUG: Creating password backup. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to 127.0.0.1:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.10.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-indexer-cluster Clusterstate: GREEN Number of nodes: 1 Number of data nodes: 1 .opendistro_security index already exists, so we do not need to create one. Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml 20/08/2024 10:22:12 DEBUG: Password backup created in /etc/wazuh-indexer/backup. 20/08/2024 10:22:12 DEBUG: Running security admin tool. 20/08/2024 10:22:12 DEBUG: Loading new passwords changes. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to 127.0.0.1:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.10.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-indexer-cluster Clusterstate: GREEN Number of nodes: 1 Number of data nodes: 1 .opendistro_security index already exists, so we do not need to create one. Populate config from /home/ubuntu Force type: internalusers Will update '/internalusers' with /etc/wazuh-indexer/backup/internal_users.yml SUCC: Configuration for 'internalusers' created or updated SUCC: Expected 1 config types for node {"updated_config_types":["internalusers"],"updated_config_size":1,"message":null} is 1 (["internalusers"]) due to: null Done with success 20/08/2024 10:22:14 DEBUG: Passwords changed. 20/08/2024 10:22:14 DEBUG: Restoring Wazuh repository. 20/08/2024 10:22:14 INFO: Wazuh indexer cluster started. root@ip-172-31-85-12:/home/ubuntu# bash wazuh-install.sh -ws wazuh-server -v 20/08/2024 10:24:41 DEBUG: Checking root permissions. 20/08/2024 10:24:41 DEBUG: Checking sudo package. 20/08/2024 10:24:41 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.1 20/08/2024 10:24:41 INFO: Verbose logging redirected to /var/log/wazuh-install.log 20/08/2024 10:24:41 DEBUG: APT package manager will be used. 20/08/2024 10:24:41 DEBUG: Checking system distribution. 20/08/2024 10:24:41 DEBUG: Detected distribution name: ubuntu 20/08/2024 10:24:41 DEBUG: Detected distribution version: 22 20/08/2024 10:24:41 DEBUG: Installing check dependencies. Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease Hit:4 http://security.ubuntu.com/ubuntu jammy-security InRelease Hit:5 https://packages.wazuh.com/4.x/apt stable InRelease Reading package lists... 20/08/2024 10:24:45 DEBUG: Checking Wazuh installation. 20/08/2024 10:24:46 DEBUG: There are Wazuh indexer remaining files. 20/08/2024 10:24:46 DEBUG: Checking system architecture. 20/08/2024 10:24:46 INFO: Verifying that your system meets the recommended minimum hardware requirements. 20/08/2024 10:24:46 DEBUG: CPU cores detected: 4 20/08/2024 10:24:46 DEBUG: Free RAM memory detected: 7847 20/08/2024 10:24:46 DEBUG: Installing check dependencies. Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease Hit:4 https://packages.wazuh.com/4.x/apt stable InRelease Hit:5 http://security.ubuntu.com/ubuntu jammy-security InRelease Reading package lists... 20/08/2024 10:24:50 DEBUG: Checking previous certificate existence. 20/08/2024 10:24:50 DEBUG: Checking ports availability. Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease Hit:4 https://packages.wazuh.com/4.x/apt stable InRelease Hit:5 http://security.ubuntu.com/ubuntu jammy-security InRelease Reading package lists... 20/08/2024 10:24:52 DEBUG: Installing prerequisites dependencies. 20/08/2024 10:24:54 DEBUG: Checking curl tool version. 20/08/2024 10:24:54 DEBUG: Adding the Wazuh repository. 20/08/2024 10:24:54 DEBUG: Wazuh repository already exists. Skipping addition. 20/08/2024 10:24:54 INFO: Wazuh repository added. 20/08/2024 10:24:54 DEBUG: Extracting Wazuh configuration. 20/08/2024 10:24:54 DEBUG: Reading configuration file. 20/08/2024 10:24:54 DEBUG: Checking if 127.0.0.1 is private. 20/08/2024 10:24:54 DEBUG: Checking if 127.0.0.1 is private. 20/08/2024 10:24:54 DEBUG: Checking if 127.0.0.1 is private. 20/08/2024 10:24:54 DEBUG: Checking node names in the configuration file. 20/08/2024 10:24:54 INFO: --- Wazuh server --- 20/08/2024 10:24:54 INFO: Starting the Wazuh manager installation. Reading package lists... Building dependency tree... Reading state information... Suggested packages: expect The following NEW packages will be installed: wazuh-manager 0 upgraded, 1 newly installed, 0 to remove and 203 not upgraded. Need to get 0 B/310 MB of archives. After this operation, 911 MB of additional disk space will be used. Selecting pre NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.19.0-1025-aws NEEDRESTART-KEXP: 5.19.0-1025-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: acpid.service NEEDRESTART-SVC: chrony.service NEEDRESTART-SVC: cron.service NEEDRESTART-SVC: dbus.service NEEDRESTART-SVC: filebeat.service NEEDRESTART-SVC: getty@tty1.service NEEDRESTART-SVC: irqbalance.service NEEDRESTART-SVC: multipathd.service NEEDRESTART-SVC: networkd-dispatcher.service NEEDRESTART-SVC: packagekit.service NEEDRESTART-SVC: polkit.service NEEDRESTART-SVC: rsyslog.service NEEDRESTART-SVC: serial-getty@ttyS0.service NEEDRESTART-SVC: snapd.service NEEDRESTART-SVC: ssh.service NEEDRESTART-SVC: systemd-journald.service NEEDRESTART-SVC: systemd-logind.service NEEDRESTART-SVC: systemd-networkd.service NEEDRESTART-SVC: systemd-resolved.service NEEDRESTART-SVC: systemd-udevd.service NEEDRESTART-SVC: unattended-upgrades.service NEEDRESTART-SVC: user@1000.service 20/08/2024 10:25:36 DEBUG: Checking Wazuh installation. 20/08/2024 10:25:36 DEBUG: There are Wazuh remaining files. 20/08/2024 10:25:37 DEBUG: There are Wazuh indexer remaining files. 20/08/2024 10:25:37 INFO: Wazuh manager installation finished. 20/08/2024 10:25:37 DEBUG: Configuring Wazuh manager. 20/08/2024 10:25:37 DEBUG: Setting provisional Wazuh indexer password. 20/08/2024 10:25:37 INFO: Wazuh manager vulnerability detection configuration finished. 20/08/2024 10:25:37 INFO: Starting service wazuh-manager. Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-manager.service → /lib/systemd/system/wazuh-manager.service. 20/08/2024 10:25:52 INFO: wazuh-manager service started. 20/08/2024 10:25:52 INFO: Checking Wazuh API connection 20/08/2024 10:25:53 INFO: Wazuh API connection successful 20/08/2024 10:25:53 INFO: Starting Filebeat installation. Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: filebeat 0 upgraded, 1 newly installed, 0 to remove and 203 not upgraded. Need to get 0 B/22.1 MB of archives. After this operation, 73.6 MB of additional disk space will be used. Selecting previously unselected package fil NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.19.0-1025-aws NEEDRESTART-KEXP: 5.19.0-1025-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: acpid.service NEEDRESTART-SVC: chrony.service NEEDRESTART-SVC: cron.service NEEDRESTART-SVC: dbus.service NEEDRESTART-SVC: filebeat.service NEEDRESTART-SVC: getty@tty1.service NEEDRESTART-SVC: irqbalance.service NEEDRESTART-SVC: multipathd.service NEEDRESTART-SVC: networkd-dispatcher.service NEEDRESTART-SVC: packagekit.service NEEDRESTART-SVC: polkit.service NEEDRESTART-SVC: rsyslog.service NEEDRESTART-SVC: serial-getty@ttyS0.service NEEDRESTART-SVC: snapd.service NEEDRESTART-SVC: ssh.service NEEDRESTART-SVC: systemd-journald.service NEEDRESTART-SVC: systemd-logind.service NEEDRESTART-SVC: systemd-networkd.service NEEDRESTART-SVC: systemd-resolved.service NEEDRESTART-SVC: systemd-udevd.service NEEDRESTART-SVC: unattended-upgrades.service NEEDRESTART-SVC: user@1000.service 20/08/2024 10:26:03 DEBUG: Checking Wazuh installation. 20/08/2024 10:26:03 DEBUG: There are Wazuh remaining files. 20/08/2024 10:26:04 DEBUG: There are Wazuh indexer remaining files. 20/08/2024 10:26:04 DEBUG: There are Filebeat remaining files. 20/08/2024 10:26:04 INFO: Filebeat installation finished. 20/08/2024 10:26:04 DEBUG: Configuring Filebeat. 20/08/2024 10:26:04 DEBUG: Filebeat template was download successfully. wazuh/ wazuh/_meta/ wazuh/_meta/docs.asciidoc wazuh/_meta/fields.yml wazuh/_meta/config.yml wazuh/alerts/ wazuh/alerts/config/ wazuh/alerts/config/alerts.yml wazuh/alerts/manifest.yml wazuh/alerts/ingest/ wazuh/alerts/ingest/pipeline.json wazuh/module.yml wazuh/archives/ wazuh/archives/config/ wazuh/archives/config/archives.yml wazuh/archives/manifest.yml wazuh/archives/ingest/ wazuh/archives/ingest/pipeline.json 20/08/2024 10:26:04 DEBUG: Filebeat module was downloaded successfully. 20/08/2024 10:26:04 DEBUG: Copying Filebeat certificates. Created filebeat keystore Successfully updated the keystore Successfully updated the keystore 20/08/2024 10:26:06 INFO: Filebeat post-install configuration finished. 20/08/2024 10:26:06 DEBUG: Setting Wazuh indexer cluster passwords. 20/08/2024 10:26:06 DEBUG: Checking Wazuh installation. 20/08/2024 10:26:07 DEBUG: There are Wazuh remaining files. 20/08/2024 10:26:07 DEBUG: There are Wazuh indexer remaining files. 20/08/2024 10:26:08 DEBUG: There are Filebeat remaining files. Successfully updated the keystore Successfully updated the keystore 20/08/2024 10:26:09 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password. 20/08/2024 10:26:09 DEBUG: Restarting filebeat service... 20/08/2024 10:26:09 DEBUG: filebeat started. 20/08/2024 10:26:09 DEBUG: Restarting wazuh-manager service... 20/08/2024 10:26:25 DEBUG: wazuh-manager started. 20/08/2024 10:26:25 DEBUG: Changing API passwords. 20/08/2024 10:26:28 INFO: Starting service filebeat. Synchronizing state of filebeat.service with SysV service script with /lib/systemd/systemd-sysv-install. Executing: /lib/systemd/systemd-sysv-install enable filebeat Created symlink /etc/systemd/system/multi-user.target.wants/filebeat.service → /lib/systemd/system/filebeat.service. 20/08/2024 10:26:29 INFO: filebeat service started. 20/08/2024 10:26:29 INFO: Checking Filebeat connection 20/08/2024 10:26:29 INFO: Filebeat connection successful 20/08/2024 10:26:29 DEBUG: Restoring Wazuh repository. 20/08/2024 10:26:29 INFO: Installation finished. root@ip-172-31-85-12:/home/ubuntu# bash wazuh-install.sh -wd wazuh-dashboard -v 20/08/2024 10:34:28 DEBUG: Checking root permissions. 20/08/2024 10:34:28 DEBUG: Checking sudo package. 20/08/2024 10:34:28 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.1 20/08/2024 10:34:28 INFO: Verbose logging redirected to /var/log/wazuh-install.log 20/08/2024 10:34:28 DEBUG: APT package manager will be used. 20/08/2024 10:34:28 DEBUG: Checking system distribution. 20/08/2024 10:34:28 DEBUG: Detected distribution name: ubuntu 20/08/2024 10:34:28 DEBUG: Detected distribution version: 22 20/08/2024 10:34:28 DEBUG: Installing check dependencies. Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease Hit:4 https://packages.wazuh.com/4.x/apt stable InRelease Hit:5 http://security.ubuntu.com/ubuntu jammy-security InRelease Reading package lists... 20/08/2024 10:34:32 DEBUG: Checking Wazuh installation. 20/08/2024 10:34:33 DEBUG: There are Wazuh remaining files. 20/08/2024 10:34:33 DEBUG: There are Wazuh indexer remaining files. 20/08/2024 10:34:33 DEBUG: There are Filebeat remaining files. 20/08/2024 10:34:34 DEBUG: Checking system architecture. 20/08/2024 10:34:34 INFO: Verifying that your system meets the recommended minimum hardware requirements. 20/08/2024 10:34:34 DEBUG: CPU cores detected: 4 20/08/2024 10:34:34 DEBUG: Free RAM memory detected: 7847 20/08/2024 10:34:34 DEBUG: Installing check dependencies. Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease Hit:4 https://packages.wazuh.com/4.x/apt stable InRelease Hit:5 http://security.ubuntu.com/ubuntu jammy-security InRelease Reading package lists... 20/08/2024 10:34:38 DEBUG: Checking previous certificate existence. 20/08/2024 10:34:38 INFO: Wazuh web interface port will be 443. 20/08/2024 10:34:38 DEBUG: Checking ports availability. Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease Hit:4 https://packages.wazuh.com/4.x/apt stable InRelease Hit:5 http://security.ubuntu.com/ubuntu jammy-security InRelease Reading package lists... 20/08/2024 10:34:41 DEBUG: Installing prerequisites dependencies. 20/08/2024 10:34:42 DEBUG: Checking curl tool version. 20/08/2024 10:34:42 DEBUG: Adding the Wazuh repository. 20/08/2024 10:34:42 DEBUG: Wazuh repository already exists. Skipping addition. 20/08/2024 10:34:42 INFO: Wazuh repository added. 20/08/2024 10:34:42 DEBUG: Extracting Wazuh configuration. 20/08/2024 10:34:42 DEBUG: Reading configuration file. 20/08/2024 10:34:43 DEBUG: Checking if 127.0.0.1 is private. 20/08/2024 10:34:43 DEBUG: Checking if 127.0.0.1 is private. 20/08/2024 10:34:43 DEBUG: Checking if 127.0.0.1 is private. 20/08/2024 10:34:43 DEBUG: Checking node names in the configuration file. 20/08/2024 10:34:43 INFO: --- Wazuh dashboard ---- 20/08/2024 10:34:43 INFO: Starting Wazuh dashboard installation. Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: wazuh-dashboard 0 upgraded, 1 newly installed, 0 to remove and 203 not upgraded. Need to get 0 B/186 MB of archives. After this operation, 998 MB of additional disk space will be used. Selecting previously unselected packag NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.19.0-1025-aws NEEDRESTART-KEXP: 5.19.0-1025-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: acpid.service NEEDRESTART-SVC: chrony.service NEEDRESTART-SVC: cron.service NEEDRESTART-SVC: dbus.service NEEDRESTART-SVC: getty@tty1.service NEEDRESTART-SVC: irqbalance.service NEEDRESTART-SVC: multipathd.service NEEDRESTART-SVC: networkd-dispatcher.service NEEDRESTART-SVC: packagekit.service NEEDRESTART-SVC: polkit.service NEEDRESTART-SVC: rsyslog.service NEEDRESTART-SVC: serial-getty@ttyS0.service NEEDRESTART-SVC: snapd.service NEEDRESTART-SVC: ssh.service NEEDRESTART-SVC: systemd-journald.service NEEDRESTART-SVC: systemd-logind.service NEEDRESTART-SVC: systemd-networkd.service NEEDRESTART-SVC: systemd-resolved.service NEEDRESTART-SVC: systemd-udevd.service NEEDRESTART-SVC: unattended-upgrades.service NEEDRESTART-SVC: user@1000.service 20/08/2024 10:35:24 DEBUG: Checking Wazuh installation. 20/08/2024 10:35:24 DEBUG: There are Wazuh remaining files. 20/08/2024 10:35:25 DEBUG: There are Wazuh indexer remaining files. 20/08/2024 10:35:25 DEBUG: There are Filebeat remaining files. 20/08/2024 10:35:25 DEBUG: There are Wazuh dashboard remaining files. 20/08/2024 10:35:25 INFO: Wazuh dashboard installation finished. 20/08/2024 10:35:25 DEBUG: Configuring Wazuh dashboard. 20/08/2024 10:35:25 DEBUG: Copying Wazuh dashboard certificates. 20/08/2024 10:35:25 DEBUG: Wazuh dashboard certificate setup finished. 20/08/2024 10:35:25 INFO: Wazuh dashboard post-install configuration finished. 20/08/2024 10:35:26 INFO: Starting service wazuh-dashboard. Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service → /etc/systemd/system/wazuh-dashboard.service. 20/08/2024 10:35:26 INFO: wazuh-dashboard service started. 20/08/2024 10:35:26 DEBUG: Setting Wazuh indexer cluster passwords. 20/08/2024 10:35:26 DEBUG: Checking Wazuh installation. 20/08/2024 10:35:26 DEBUG: There are Wazuh remaining files. 20/08/2024 10:35:27 DEBUG: There are Wazuh indexer remaining files. 20/08/2024 10:35:27 DEBUG: There are Filebeat remaining files. 20/08/2024 10:35:28 DEBUG: There are Wazuh dashboard remaining files. Successfully updated the keystore Successfully updated the keystore 20/08/2024 10:35:28 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password. 20/08/2024 10:35:28 DEBUG: Restarting filebeat service... 20/08/2024 10:35:28 DEBUG: filebeat started. 20/08/2024 10:35:28 DEBUG: Restarting wazuh-manager service... 20/08/2024 10:35:43 DEBUG: wazuh-manager started. 20/08/2024 10:35:43 DEBUG: Restarting wazuh-dashboard service... 20/08/2024 10:35:44 DEBUG: wazuh-dashboard started. 20/08/2024 10:35:44 DEBUG: Changing API passwords. 20/08/2024 10:35:59 INFO: Initializing Wazuh dashboard web application. 20/08/2024 10:36:00 DEBUG: Wazuh dashboard connection was successful. 20/08/2024 10:36:00 INFO: Wazuh dashboard web application initialized. 20/08/2024 10:36:00 INFO: --- Summary --- 20/08/2024 10:36:00 INFO: You can access the web interface https://:443 User: admin Password: ihsKVcXjs*R5xCMLFcP.5kt0nLi*EKNe 20/08/2024 10:36:00 DEBUG: Restoring Wazuh repository. 20/08/2024 10:36:00 INFO: Installation finished. root@ip-172-31-85-12:/home/ubuntu# ```

:heavy_check_mark: Uninstalling - using -u option

```console root@ip-172-31-85-12:/home/ubuntu# bash wazuh-install.sh -u 20/08/2024 10:17:41 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.1 20/08/2024 10:17:41 INFO: Verbose logging redirected to /var/log/wazuh-install.log 20/08/2024 10:17:43 INFO: Removing Wazuh manager. 20/08/2024 10:17:54 INFO: Wazuh manager removed. 20/08/2024 10:17:54 INFO: Removing Wazuh indexer. 20/08/2024 10:18:00 INFO: Wazuh indexer removed. 20/08/2024 10:18:00 INFO: Removing Filebeat. 20/08/2024 10:18:04 INFO: Filebeat removed. 20/08/2024 10:18:04 INFO: Removing Wazuh dashboard. 20/08/2024 10:18:12 INFO: Wazuh dashboard removed. root@ip-172-31-85-12:/home/ubuntu# ```

:heavy_check_mark: Offline installation - using -dw and -of options

```console root@ip-172-31-94-60:/home/ubuntu# bash wazuh-install.sh -g 21/08/2024 07:57:17 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.1 21/08/2024 07:57:17 INFO: Verbose logging redirected to /var/log/wazuh-install.log 21/08/2024 07:57:21 INFO: Verifying that your system meets the recommended minimum hardware requirements. 21/08/2024 07:57:21 INFO: --- Configuration files --- 21/08/2024 07:57:21 INFO: Generating configuration files. 21/08/2024 07:57:22 INFO: Generating the root certificate. 21/08/2024 07:57:22 INFO: Generating Admin certificates. 21/08/2024 07:57:22 INFO: Generating Wazuh indexer certificates. 21/08/2024 07:57:22 INFO: Generating Filebeat certificates. 21/08/2024 07:57:23 INFO: Generating Wazuh dashboard certificates. 21/08/2024 07:57:23 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation. root@ip-172-31-94-60:/home/ubuntu# bash wazuh-install.sh -dw deb 21/08/2024 07:57:28 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.1 21/08/2024 07:57:28 INFO: Verbose logging redirected to /var/log/wazuh-install.log 21/08/2024 07:57:32 INFO: Verifying that your system meets the recommended minimum hardware requirements. 21/08/2024 07:57:32 INFO: --- Download Packages --- 21/08/2024 07:57:32 INFO: Starting Wazuh packages download. 21/08/2024 07:57:32 INFO: Downloading Wazuh deb packages for x86_64. 21/08/2024 07:57:42 INFO: The manager package was downloaded. 21/08/2024 07:57:42 INFO: The filebeat package was downloaded. 21/08/2024 07:57:44 INFO: The indexer package was downloaded. 21/08/2024 07:57:45 INFO: The dashboard package was downloaded. 21/08/2024 07:57:45 INFO: The packages are in wazuh-offline/wazuh-packages 21/08/2024 07:57:45 INFO: Downloading configuration files and assets. 21/08/2024 07:57:45 INFO: The resource https://packages.wazuh.com/key/GPG-KEY-WAZUH was downloaded. 21/08/2024 07:57:45 INFO: The resource https://packages.wazuh.com/4.8/tpl/wazuh/filebeat/filebeat.yml was downloaded. 21/08/2024 07:57:45 INFO: The resource https://raw.githubusercontent.com/wazuh/wazuh/v4.8.1/extensions/elasticsearch/7.x/wazuh-template.json was downloaded. 21/08/2024 07:57:45 INFO: The resource https://packages.wazuh.com/4.x/filebeat/wazuh-filebeat-0.4.tar.gz was downloaded. 21/08/2024 07:57:45 INFO: The configuration files and assets are in wazuh-offline.tar.gz 21/08/2024 07:58:26 INFO: You can follow the installation guide here https://documentation.wazuh.com/current/deployment-options/offline-installation.html root@ip-172-31-94-60:/home/ubuntu# ping google.es PING google.es (142.251.111.94) 56(84) bytes of data. ^C --- google.es ping statistics --- 3 packets transmitted, 0 received, 100% packet loss, time 2025ms root@ip-172-31-94-60:/home/ubuntu# bash wazuh-install.sh -of -wi wazuh-indexer -v 21/08/2024 08:11:22 DEBUG: Checking root permissions. 21/08/2024 08:11:22 DEBUG: Checking sudo package. 21/08/2024 08:11:22 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.1 21/08/2024 08:11:22 INFO: Verbose logging redirected to /var/log/wazuh-install.log 21/08/2024 08:11:22 DEBUG: APT package manager will be used. 21/08/2024 08:11:22 DEBUG: Checking system distribution. 21/08/2024 08:11:22 DEBUG: Detected distribution name: ubuntu 21/08/2024 08:11:22 DEBUG: Detected distribution version: 22 21/08/2024 08:11:22 INFO: Checking installed dependencies for Offline installation. 21/08/2024 08:11:24 DEBUG: Offline dependencies are installed. 21/08/2024 08:11:24 DEBUG: Checking Wazuh installation. 21/08/2024 08:11:25 DEBUG: Checking system architecture. 21/08/2024 08:11:25 INFO: Verifying that your system meets the recommended minimum hardware requirements. 21/08/2024 08:11:25 DEBUG: CPU cores detected: 4 21/08/2024 08:11:25 DEBUG: Free RAM memory detected: 7847 21/08/2024 08:11:25 DEBUG: Checking previous certificate existence. 21/08/2024 08:11:25 DEBUG: Checking ports availability. 21/08/2024 08:11:25 INFO: Checking prerequisites for Offline installation. 21/08/2024 08:11:27 DEBUG: Offline prerequisites are installed. 21/08/2024 08:11:27 INFO: Checking wazuh-offline.tar.gz file. 21/08/2024 08:11:27 DEBUG: wazuh-offline.tar.gz was found correctly. 21/08/2024 08:11:27 DEBUG: Extracting files from wazuh-offline.tar.gz 21/08/2024 08:11:27 DEBUG: Offline files extracted successfully. 21/08/2024 08:11:27 DEBUG: Checking curl tool version. 21/08/2024 08:11:27 DEBUG: Extracting Wazuh configuration. 21/08/2024 08:11:27 DEBUG: Reading configuration file. 21/08/2024 08:11:27 DEBUG: Checking if 127.0.0.1 is private. 21/08/2024 08:11:27 DEBUG: Checking if 127.0.0.1 is private. 21/08/2024 08:11:27 DEBUG: Checking if 127.0.0.1 is private. 21/08/2024 08:11:27 DEBUG: Checking node names in the configuration file. 21/08/2024 08:11:27 INFO: --- Wazuh indexer --- 21/08/2024 08:11:27 INFO: Starting Wazuh indexer installation. Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: wazuh-indexer 0 upgraded, 1 newly installed, 0 to remove and 203 not upgraded. Need to get 0 B/756 MB of archives. After this operation, 1050 MB of additional disk space will be used. Get:1 /home/ubuntu/wazuh-offline/wazuh-packages/wazuh-indexer_4.8.1-1_amd64.deb wazuh-indexer amd64 4.8.1-1 [756 MB] Selecting previously unselected package NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.19.0-1025-aws NEEDRESTART-KEXP: 5.19.0-1025-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: dbus.service NEEDRESTART-SVC: getty@tty1.service NEEDRESTART-SVC: networkd-dispatcher.service NEEDRESTART-SVC: systemd-logind.service NEEDRESTART-SVC: unattended-upgrades.service NEEDRESTART-SVC: user@1000.service 21/08/2024 08:12:21 DEBUG: Checking Wazuh installation. 21/08/2024 08:12:21 DEBUG: There are Wazuh indexer remaining files. 21/08/2024 08:12:22 INFO: Wazuh indexer installation finished. 21/08/2024 08:12:22 DEBUG: Configuring Wazuh indexer. 21/08/2024 08:12:22 DEBUG: Copying Wazuh indexer certificates. 21/08/2024 08:12:22 INFO: Wazuh indexer post-install configuration finished. 21/08/2024 08:12:22 INFO: Starting service wazuh-indexer. Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service → /lib/systemd/system/wazuh-indexer.service. 21/08/2024 08:12:33 INFO: wazuh-indexer service started. 21/08/2024 08:12:33 INFO: Initializing Wazuh indexer cluster security settings. 21/08/2024 08:12:33 DEBUG: Setting Wazuh indexer cluster passwords. 21/08/2024 08:12:33 DEBUG: Checking Wazuh installation. 21/08/2024 08:12:34 DEBUG: There are Wazuh indexer remaining files. 21/08/2024 08:12:35 INFO: Wazuh indexer cluster initialized. 21/08/2024 08:12:35 INFO: Installation finished. root@ip-172-31-94-60:/home/ubuntu# bash wazuh-install.sh -of -s -v 21/08/2024 08:12:46 DEBUG: Checking root permissions. 21/08/2024 08:12:46 DEBUG: Checking sudo package. 21/08/2024 08:12:46 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.1 21/08/2024 08:12:46 INFO: Verbose logging redirected to /var/log/wazuh-install.log 21/08/2024 08:12:46 DEBUG: APT package manager will be used. 21/08/2024 08:12:46 DEBUG: Checking system distribution. 21/08/2024 08:12:46 DEBUG: Detected distribution name: ubuntu 21/08/2024 08:12:46 DEBUG: Detected distribution version: 22 21/08/2024 08:12:46 INFO: Checking installed dependencies for Offline installation. 21/08/2024 08:12:48 DEBUG: Offline dependencies are installed. 21/08/2024 08:12:48 DEBUG: Checking Wazuh installation. 21/08/2024 08:12:48 DEBUG: There are Wazuh indexer remaining files. 21/08/2024 08:12:49 DEBUG: Checking system architecture. 21/08/2024 08:12:49 INFO: Verifying that your system meets the recommended minimum hardware requirements. 21/08/2024 08:12:49 DEBUG: CPU cores detected: 4 21/08/2024 08:12:49 DEBUG: Free RAM memory detected: 7847 21/08/2024 08:12:49 DEBUG: Checking previous certificate existence. 21/08/2024 08:12:49 INFO: Checking wazuh-offline.tar.gz file. 21/08/2024 08:12:49 DEBUG: wazuh-offline.tar.gz was found correctly. 21/08/2024 08:12:49 DEBUG: Extracting files from wazuh-offline.tar.gz 21/08/2024 08:12:49 DEBUG: Offline files extracted successfully. 21/08/2024 08:12:49 DEBUG: Extracting Wazuh configuration. 21/08/2024 08:12:49 DEBUG: Reading configuration file. 21/08/2024 08:12:49 DEBUG: Checking if 127.0.0.1 is private. 21/08/2024 08:12:49 DEBUG: Checking if 127.0.0.1 is private. 21/08/2024 08:12:49 DEBUG: Checking if 127.0.0.1 is private. 21/08/2024 08:12:49 DEBUG: Starting Wazuh indexer cluster. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to 127.0.0.1:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.10.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-indexer-cluster Clusterstate: GREEN Number of nodes: 1 Number of data nodes: 1 .opendistro_security index does not exists, attempt to create it ... done (0-all replicas) Populate config from /etc/wazuh-indexer/opensearch-security/ Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml SUCC: Configuration for 'config' created or updated Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml SUCC: Configuration for 'roles' created or updated Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml SUCC: Configuration for 'rolesmapping' created or updated Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml SUCC: Configuration for 'internalusers' created or updated Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml SUCC: Configuration for 'actiongroups' created or updated Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml SUCC: Configuration for 'tenants' created or updated Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml SUCC: Configuration for 'nodesdn' created or updated Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml SUCC: Configuration for 'whitelist' created or updated Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml SUCC: Configuration for 'audit' created or updated Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml SUCC: Configuration for 'allowlist' created or updated SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null Done with success 21/08/2024 08:12:57 INFO: Wazuh indexer cluster security configuration initialized. 21/08/2024 08:12:57 DEBUG: Inserted wazuh-alerts template into the Wazuh indexer cluster. 21/08/2024 08:12:57 DEBUG: Setting Wazuh indexer cluster passwords. 21/08/2024 08:12:57 DEBUG: Checking Wazuh installation. 21/08/2024 08:12:58 DEBUG: There are Wazuh indexer remaining files. 21/08/2024 08:12:59 INFO: Updating the internal users. 21/08/2024 08:12:59 DEBUG: Creating password backup. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to 127.0.0.1:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.10.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-indexer-cluster Clusterstate: GREEN Number of nodes: 1 Number of data nodes: 1 .opendistro_security index already exists, so we do not need to create one. Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml 21/08/2024 08:13:00 DEBUG: Password backup created in /etc/wazuh-indexer/backup. 21/08/2024 08:13:00 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder. 21/08/2024 08:13:00 DEBUG: The internal users have been updated before changing the passwords. 21/08/2024 08:13:01 DEBUG: Generating password hashes. 21/08/2024 08:13:04 DEBUG: Password hashes generated. 21/08/2024 08:13:04 DEBUG: Creating password backup. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to 127.0.0.1:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.10.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-indexer-cluster Clusterstate: GREEN Number of nodes: 1 Number of data nodes: 1 .opendistro_security index already exists, so we do not need to create one. Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml 21/08/2024 08:13:06 DEBUG: Password backup created in /etc/wazuh-indexer/backup. 21/08/2024 08:13:06 DEBUG: Running security admin tool. 21/08/2024 08:13:06 DEBUG: Loading new passwords changes. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to 127.0.0.1:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.10.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-indexer-cluster Clusterstate: GREEN Number of nodes: 1 Number of data nodes: 1 .opendistro_security index already exists, so we do not need to create one. Populate config from /home/ubuntu Force type: internalusers Will update '/internalusers' with /etc/wazuh-indexer/backup/internal_users.yml SUCC: Configuration for 'internalusers' created or updated SUCC: Expected 1 config types for node {"updated_config_types":["internalusers"],"updated_config_size":1,"message":null} is 1 (["internalusers"]) due to: null Done with success 21/08/2024 08:13:08 DEBUG: Passwords changed. 21/08/2024 08:13:08 INFO: Wazuh indexer cluster started. root@ip-172-31-94-60:/home/ubuntu# bash wazuh-install.sh -of -ws wazuh-server -v 21/08/2024 08:13:20 DEBUG: Checking root permissions. 21/08/2024 08:13:20 DEBUG: Checking sudo package. 21/08/2024 08:13:20 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.1 21/08/2024 08:13:20 INFO: Verbose logging redirected to /var/log/wazuh-install.log 21/08/2024 08:13:20 DEBUG: APT package manager will be used. 21/08/2024 08:13:20 DEBUG: Checking system distribution. 21/08/2024 08:13:20 DEBUG: Detected distribution name: ubuntu 21/08/2024 08:13:20 DEBUG: Detected distribution version: 22 21/08/2024 08:13:20 INFO: Checking installed dependencies for Offline installation. 21/08/2024 08:13:21 DEBUG: Offline dependencies are installed. 21/08/2024 08:13:21 DEBUG: Checking Wazuh installation. 21/08/2024 08:13:22 DEBUG: There are Wazuh indexer remaining files. 21/08/2024 08:13:22 DEBUG: Checking system architecture. 21/08/2024 08:13:22 INFO: Verifying that your system meets the recommended minimum hardware requirements. 21/08/2024 08:13:22 DEBUG: CPU cores detected: 4 21/08/2024 08:13:22 DEBUG: Free RAM memory detected: 7847 21/08/2024 08:13:22 DEBUG: Checking previous certificate existence. 21/08/2024 08:13:22 DEBUG: Checking ports availability. 21/08/2024 08:13:23 INFO: Checking prerequisites for Offline installation. 21/08/2024 08:13:24 DEBUG: Offline prerequisites are installed. 21/08/2024 08:13:24 INFO: Checking wazuh-offline.tar.gz file. 21/08/2024 08:13:24 DEBUG: wazuh-offline.tar.gz was found correctly. 21/08/2024 08:13:24 DEBUG: Extracting files from wazuh-offline.tar.gz 21/08/2024 08:13:24 DEBUG: Offline files extracted successfully. 21/08/2024 08:13:24 DEBUG: Checking curl tool version. 21/08/2024 08:13:24 DEBUG: Extracting Wazuh configuration. 21/08/2024 08:13:24 DEBUG: Reading configuration file. 21/08/2024 08:13:24 DEBUG: Checking if 127.0.0.1 is private. 21/08/2024 08:13:24 DEBUG: Checking if 127.0.0.1 is private. 21/08/2024 08:13:24 DEBUG: Checking if 127.0.0.1 is private. 21/08/2024 08:13:24 DEBUG: Checking node names in the configuration file. 21/08/2024 08:13:24 INFO: --- Wazuh server --- 21/08/2024 08:13:24 INFO: Starting the Wazuh manager installation. Reading package lists... Building dependency tree... Reading state information... Suggested packages: expect The following NEW packages will be installed: wazuh-manager 0 upgraded, 1 newly installed, 0 to remove and 203 not upgraded. Need to get 0 B/310 MB of archives. After this operation, 911 MB of additional disk space will be used. Get:1 /home/ubuntu/wazuh-offline/wazuh-packages/wazuh-manager_4.8.1-1_amd64.deb wazuh-manager amd64 4.8.1-1 [310 MB] Selecting pre NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.19.0-1025-aws NEEDRESTART-KEXP: 5.19.0-1025-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: dbus.service NEEDRESTART-SVC: getty@tty1.service NEEDRESTART-SVC: networkd-dispatcher.service NEEDRESTART-SVC: systemd-logind.service NEEDRESTART-SVC: unattended-upgrades.service NEEDRESTART-SVC: user@1000.service 21/08/2024 08:14:08 DEBUG: Checking Wazuh installation. 21/08/2024 08:14:08 DEBUG: There are Wazuh remaining files. 21/08/2024 08:14:08 DEBUG: There are Wazuh indexer remaining files. 21/08/2024 08:14:09 INFO: Wazuh manager installation finished. 21/08/2024 08:14:09 DEBUG: Configuring Wazuh manager. 21/08/2024 08:14:09 DEBUG: Setting provisional Wazuh indexer password. 21/08/2024 08:14:09 INFO: Wazuh manager vulnerability detection configuration finished. 21/08/2024 08:14:09 INFO: Starting service wazuh-manager. Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-manager.service → /lib/systemd/system/wazuh-manager.service. 21/08/2024 08:14:22 INFO: wazuh-manager service started. 21/08/2024 08:14:22 INFO: Starting Filebeat installation. Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: filebeat 0 upgraded, 1 newly installed, 0 to remove and 203 not upgraded. Need to get 0 B/22.1 MB of archives. After this operation, 73.6 MB of additional disk space will be used. Get:1 /home/ubuntu/wazuh-offline/wazuh-pack NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.19.0-1025-aws NEEDRESTART-KEXP: 5.19.0-1025-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: dbus.service NEEDRESTART-SVC: getty@tty1.service NEEDRESTART-SVC: motd-news.service NEEDRESTART-SVC: networkd-dispatcher.service NEEDRESTART-SVC: systemd-logind.service NEEDRESTART-SVC: unattended-upgrades.service NEEDRESTART-SVC: user@1000.service 21/08/2024 08:14:33 DEBUG: Checking Wazuh installation. 21/08/2024 08:14:33 DEBUG: There are Wazuh remaining files. 21/08/2024 08:14:33 DEBUG: There are Wazuh indexer remaining files. 21/08/2024 08:14:34 DEBUG: There are Filebeat remaining files. 21/08/2024 08:14:34 INFO: Filebeat installation finished. 21/08/2024 08:14:34 DEBUG: Configuring Filebeat. wazuh/ wazuh/_meta/ wazuh/_meta/docs.asciidoc wazuh/_meta/fields.yml wazuh/_meta/config.yml wazuh/alerts/ wazuh/alerts/config/ wazuh/alerts/config/alerts.yml wazuh/alerts/manifest.yml wazuh/alerts/ingest/ wazuh/alerts/ingest/pipeline.json wazuh/module.yml wazuh/archives/ wazuh/archives/config/ wazuh/archives/config/archives.yml wazuh/archives/manifest.yml wazuh/archives/ingest/ wazuh/archives/ingest/pipeline.json 21/08/2024 08:14:34 DEBUG: Copying Filebeat certificates. Created filebeat keystore Successfully updated the keystore Successfully updated the keystore 21/08/2024 08:14:35 INFO: Filebeat post-install configuration finished. 21/08/2024 08:14:35 DEBUG: Setting Wazuh indexer cluster passwords. 21/08/2024 08:14:35 DEBUG: Checking Wazuh installation. 21/08/2024 08:14:35 DEBUG: There are Wazuh remaining files. 21/08/2024 08:14:35 DEBUG: There are Wazuh indexer remaining files. 21/08/2024 08:14:36 DEBUG: There are Filebeat remaining files. Successfully updated the keystore Successfully updated the keystore 21/08/2024 08:14:37 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password. 21/08/2024 08:14:37 DEBUG: Restarting filebeat service... 21/08/2024 08:14:38 DEBUG: filebeat started. 21/08/2024 08:14:38 DEBUG: Restarting wazuh-manager service... 21/08/2024 08:14:56 DEBUG: wazuh-manager started. 21/08/2024 08:14:56 DEBUG: Changing API passwords. 21/08/2024 08:14:59 INFO: Starting service filebeat. Synchronizing state of filebeat.service with SysV service script with /lib/systemd/systemd-sysv-install. Executing: /lib/systemd/systemd-sysv-install enable filebeat Created symlink /etc/systemd/system/multi-user.target.wants/filebeat.service → /lib/systemd/system/filebeat.service. 21/08/2024 08:15:00 INFO: filebeat service started. 21/08/2024 08:15:00 INFO: Installation finished. root@ip-172-31-94-60:/home/ubuntu# bash wazuh-install.sh -of -wd wazuh-dashboard -v 21/08/2024 08:15:39 DEBUG: Checking root permissions. 21/08/2024 08:15:39 DEBUG: Checking sudo package. 21/08/2024 08:15:39 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.1 21/08/2024 08:15:39 INFO: Verbose logging redirected to /var/log/wazuh-install.log 21/08/2024 08:15:39 DEBUG: APT package manager will be used. 21/08/2024 08:15:39 DEBUG: Checking system distribution. 21/08/2024 08:15:39 DEBUG: Detected distribution name: ubuntu 21/08/2024 08:15:39 DEBUG: Detected distribution version: 22 21/08/2024 08:15:39 INFO: Checking installed dependencies for Offline installation. 21/08/2024 08:15:40 DEBUG: Offline dependencies are installed. 21/08/2024 08:15:40 DEBUG: Checking Wazuh installation. 21/08/2024 08:15:40 DEBUG: There are Wazuh remaining files. 21/08/2024 08:15:41 DEBUG: There are Wazuh indexer remaining files. 21/08/2024 08:15:41 DEBUG: There are Filebeat remaining files. 21/08/2024 08:15:41 DEBUG: Checking system architecture. 21/08/2024 08:15:41 INFO: Verifying that your system meets the recommended minimum hardware requirements. 21/08/2024 08:15:41 DEBUG: CPU cores detected: 4 21/08/2024 08:15:41 DEBUG: Free RAM memory detected: 7847 21/08/2024 08:15:41 DEBUG: Checking previous certificate existence. 21/08/2024 08:15:41 INFO: Wazuh web interface port will be 443. 21/08/2024 08:15:41 DEBUG: Checking ports availability. 21/08/2024 08:15:42 INFO: Checking prerequisites for Offline installation. 21/08/2024 08:15:44 DEBUG: Offline prerequisites are installed. 21/08/2024 08:15:44 INFO: Checking wazuh-offline.tar.gz file. 21/08/2024 08:15:44 DEBUG: wazuh-offline.tar.gz was found correctly. 21/08/2024 08:15:44 DEBUG: Extracting files from wazuh-offline.tar.gz 21/08/2024 08:15:44 DEBUG: Offline files extracted successfully. 21/08/2024 08:15:44 DEBUG: Checking curl tool version. 21/08/2024 08:15:44 DEBUG: Extracting Wazuh configuration. 21/08/2024 08:15:44 DEBUG: Reading configuration file. 21/08/2024 08:15:44 DEBUG: Checking if 127.0.0.1 is private. 21/08/2024 08:15:44 DEBUG: Checking if 127.0.0.1 is private. 21/08/2024 08:15:44 DEBUG: Checking if 127.0.0.1 is private. 21/08/2024 08:15:44 DEBUG: Checking node names in the configuration file. 21/08/2024 08:15:44 INFO: --- Wazuh dashboard ---- 21/08/2024 08:15:44 INFO: Starting Wazuh dashboard installation. Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: wazuh-dashboard 0 upgraded, 1 newly installed, 0 to remove and 203 not upgraded. Need to get 0 B/186 MB of archives. After this operation, 998 MB of additional disk space will be used. Get:1 /home/ubuntu/wazuh-offline/wazuh-packages/wazuh-dashboard_4.8.1-1_amd64.deb wazuh-dashboard amd64 4.8.1-1 [186 MB] Selecting previously unselected pa NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.19.0-1025-aws NEEDRESTART-KEXP: 5.19.0-1025-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: dbus.service NEEDRESTART-SVC: getty@tty1.service NEEDRESTART-SVC: networkd-dispatcher.service NEEDRESTART-SVC: systemd-logind.service NEEDRESTART-SVC: unattended-upgrades.service NEEDRESTART-SVC: user@1000.service 21/08/2024 08:17:41 DEBUG: Checking Wazuh installation. 21/08/2024 08:17:42 DEBUG: There are Wazuh remaining files. 21/08/2024 08:17:42 DEBUG: There are Wazuh indexer remaining files. 21/08/2024 08:17:42 DEBUG: There are Filebeat remaining files. 21/08/2024 08:17:43 DEBUG: There are Wazuh dashboard remaining files. 21/08/2024 08:17:43 INFO: Wazuh dashboard installation finished. 21/08/2024 08:17:43 DEBUG: Configuring Wazuh dashboard. 21/08/2024 08:17:43 DEBUG: Copying Wazuh dashboard certificates. 21/08/2024 08:17:43 DEBUG: Wazuh dashboard certificate setup finished. 21/08/2024 08:17:43 INFO: Wazuh dashboard post-install configuration finished. 21/08/2024 08:17:43 INFO: Starting service wazuh-dashboard. Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service → /etc/systemd/system/wazuh-dashboard.service. 21/08/2024 08:17:43 INFO: wazuh-dashboard service started. 21/08/2024 08:17:43 DEBUG: Setting Wazuh indexer cluster passwords. 21/08/2024 08:17:43 DEBUG: Checking Wazuh installation. 21/08/2024 08:17:43 DEBUG: There are Wazuh remaining files. 21/08/2024 08:17:44 DEBUG: There are Wazuh indexer remaining files. 21/08/2024 08:17:44 DEBUG: There are Filebeat remaining files. 21/08/2024 08:17:44 DEBUG: There are Wazuh dashboard remaining files. Successfully updated the keystore Successfully updated the keystore 21/08/2024 08:17:45 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password. 21/08/2024 08:17:45 DEBUG: Restarting filebeat service... 21/08/2024 08:17:45 DEBUG: filebeat started. 21/08/2024 08:17:45 DEBUG: Restarting wazuh-manager service... 21/08/2024 08:19:03 DEBUG: wazuh-manager started. 21/08/2024 08:19:04 DEBUG: Restarting wazuh-dashboard service... 21/08/2024 08:19:04 DEBUG: wazuh-dashboard started. 21/08/2024 08:19:04 DEBUG: Changing API passwords. 21/08/2024 08:19:19 INFO: Initializing Wazuh dashboard web application. 21/08/2024 08:19:20 DEBUG: Wazuh dashboard connection was successful. 21/08/2024 08:19:20 INFO: Wazuh dashboard web application initialized. 21/08/2024 08:19:20 INFO: --- Summary --- 21/08/2024 08:19:20 INFO: You can access the web interface https://:443 User: admin Password: UF9Lj46KjLN*4UA3?rcR+rZNBC6zaQA7 21/08/2024 08:19:20 INFO: Installation finished. ```

Validating cert tool

:heavy_check_mark: Generating root CA certificate - using -ca option

```console root@ip-172-31-94-60:/home/ubuntu# bash wazuh-certs-tool.sh -ca 21/08/2024 08:30:07 INFO: Verbose logging redirected to /home/ubuntu/wazuh-certificates-tool.log 21/08/2024 08:30:07 INFO: Generating the root certificate. 21/08/2024 08:30:07 INFO: Authority certificates created. ```

:heavy_check_mark: Generating admin certificate - using -a option

```console root@ip-172-31-94-60:/home/ubuntu# bash wazuh-certs-tool.sh -a /home/ubuntu/certificates/root-ca.pem /home/ubuntu/certificates/root-ca.key 21/08/2024 08:31:45 INFO: Verbose logging redirected to /home/ubuntu/wazuh-certificates-tool.log 21/08/2024 08:31:45 INFO: Generating Admin certificates. 21/08/2024 08:31:45 INFO: Admin certificates created. root@ip-172-31-94-60:/home/ubuntu# ls wazuh-certificates admin-key.pem admin.pem root-ca.key root-ca.pem ```

:heavy_check_mark: Generating all the certificates - using -A option

```console root@ip-172-31-94-60:/home/ubuntu# bash wazuh-certs-tool.sh -A 21/08/2024 08:32:40 INFO: Verbose logging redirected to /home/ubuntu/wazuh-certificates-tool.log 21/08/2024 08:32:40 INFO: Generating the root certificate. 21/08/2024 08:32:40 INFO: Generating Admin certificates. 21/08/2024 08:32:41 INFO: Admin certificates created. 21/08/2024 08:32:41 INFO: Generating Wazuh indexer certificates. 21/08/2024 08:32:41 INFO: Wazuh indexer certificates created. 21/08/2024 08:32:41 INFO: Generating Filebeat certificates. 21/08/2024 08:32:41 INFO: Wazuh Filebeat certificates created. 21/08/2024 08:32:41 INFO: Generating Wazuh dashboard certificates. 21/08/2024 08:32:42 INFO: Wazuh dashboard certificates created. root@ip-172-31-94-60:/home/ubuntu# ls wazuh-certificates admin-key.pem root-ca.key wazuh-dashboard-key.pem wazuh-indexer-key.pem wazuh-server-key.pem admin.pem root-ca.pem wazuh-dashboard.pem wazuh-indexer.pem wazuh-server.pem root@ip-172-31-94-60:/home/ubuntu# ```

Validating password tool

:heavy_check_mark: Changing all passwords - using -a, --api, -au, -ap options

```console root@ip-172-31-94-60:/home/ubuntu# bash wazuh-passwords-tool.sh -a --api -au wazuh -ap .vSatL6Pcl7x2ZLiM1Ud1aCF+wJeRuM. 21/08/2024 08:22:31 INFO: Updating the internal users. 21/08/2024 08:22:33 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder. 21/08/2024 08:22:39 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password. 21/08/2024 08:23:40 INFO: The password for user admin is F.r3dqlR1S57vpOp4M0r44akGq.rUM2U 21/08/2024 08:23:40 INFO: The password for user kibanaserver is *Ei85bi*uaHdIVAk8T1..q?g6oUqf3n* 21/08/2024 08:23:40 INFO: The password for user kibanaro is oBxZ?eQ7a?jKS1q5ytyVuVX2?QnnD?a3 21/08/2024 08:23:40 INFO: The password for user logstash is h8G03jylLN9xcO3Mpn7F.?DiAWacv6SQ 21/08/2024 08:23:40 INFO: The password for user readall is j5EMpSzA53vJs.*Zl3CMntGG23WJLZrb 21/08/2024 08:23:40 INFO: The password for user snapshotrestore is hN+U5prON+.TDFDbw808MB76a+RqZ68Y 21/08/2024 08:23:40 WARNING: Wazuh indexer passwords changed. Remember to update the password in the Wazuh dashboard, Wazuh server, and Filebeat nodes if necessary, and restart the services. 21/08/2024 08:23:42 INFO: The password for Wazuh API user wazuh is WTr17?y7?TdAxhECMXT3m6YQ5W41Vm1h 21/08/2024 08:23:42 INFO: The password for Wazuh API user wazuh-wui is +nmN3NZ+PIE9*Asfki2p8m6hf04S1Q00 21/08/2024 08:23:42 INFO: Updated wazuh-wui user password in wazuh dashboard. Remember to restart the service. root@ip-172-31-94-60:/home/ubuntu# ```

:heavy_check_mark: Changing user password - using -u, p options

```console root@ip-172-31-94-60:/home/ubuntu# bash wazuh-passwords-tool.sh -u admin -p Changingpasswordtest123+ 21/08/2024 08:25:35 INFO: Updating the internal users. 21/08/2024 08:25:37 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder. 21/08/2024 08:25:37 INFO: Generating password hash 21/08/2024 08:25:39 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password. 21/08/2024 08:26:57 WARNING: Password changed. Remember to update the password in the Wazuh dashboard, Wazuh server, and Filebeat nodes if necessary, and restart the services. ```

:heavy_check_mark: Generating password file - using -gf option

```console root@ip-172-31-94-60:/home/ubuntu# bash wazuh-passwords-tool.sh -gf /home/ubuntu/passwords.txt root@ip-172-31-94-60:/home/ubuntu# cat passwords.txt # Admin user for the web user interface and Wazuh indexer. Use this user to log in to Wazuh dashboard indexer_username: 'admin' indexer_password: 'S+058hkTKpCBN+FmZ1M4q.NdYLtKWrVG' # Wazuh dashboard user for establishing the connection with Wazuh indexer indexer_username: 'kibanaserver' indexer_password: 'KMRa2**KI06uq7R+q.BtAnMjc2lTv?7x' # Regular Dashboard user, only has read permissions to all indices and all permissions on the .kibana index indexer_username: 'kibanaro' indexer_password: 'aRy6fFlK0uK7dosiWhF?Rdy5cAHF+0U1' # Filebeat user for CRUD operations on Wazuh indices indexer_username: 'logstash' indexer_password: 'y2Nbzr1DqaV?wfTk8+B.HPg?a.ui4C5g' # User with READ access to all indices indexer_username: 'readall' indexer_password: '9PV7NBjE+hWq6kHjceqNWIwlz40iA8kG' # User with permissions to perform snapshot and restore operations indexer_username: 'snapshotrestore' indexer_password: 'UpV43+LENxYcCNrWOcuMNWN8.hI.cmZv' # Password for wazuh API user api_username: 'wazuh' api_password: '+CYesXzUiF9LNytf3PgPlNmr53xagKUp' # Password for wazuh-wui API user api_username: 'wazuh-wui' api_password: 'ALPgapEJQfI3d1?8ewMYAIEO57lZqJlT' root@ip-172-31-94-60:/home/ubuntu# ```