PoC - Wazuh Indexer package with Opensearch

[okynos]

Hello team,

We are working on create a new package wazuh-indexer with Opensearch support. We will describe all work and requirements here to keep track on it. Tasks:

RPM

• [x] Generate script to build wazuh-indexer package.
• [x] Generate SPEC to build wazuh-indexer package.
• [x] Define and create dockerfile.
• [x] Create wazuh-indexer RPM package.
• [x] Test wazuh-indexer package migration from elasticsearch-oss 7.10.2
• [x] Test wazuh-indexer package migration from Elasticsearch-oss cluster.

Debian

• [x] Generate script to build wazuh-indexer package.
• [x] Generate SPEC to build wazuh-indexer package.
• [x] Define and create dockerfile.
• [x] Create wazuh-indexer Debian package.
• [x] Test wazuh-indexer package migration from elasticsearch-oss 7.10.2
• [x] Test wazuh-indexer package migration from Elasticsearch-oss cluster.

[okynos]

We are working on this branch poc-indexer We have added an RPM SPEC and builder scripts. We have added migration procedure. We have tested this migration on a single node with unattended installation All In One.

Resources used to achieve this matter:

• https://opensearch.org/docs/latest/opensearch/install/compatibility/
• https://kifarunix.com/backup-and-restore-elasticsearch-index-data/
• https://opensearch.org/docs/latest/opensearch/install/tar/
• https://opensearch.org/docs/latest/dashboards/install/tar/
• https://stackoverflow.com/questions/33303786/where-does-elasticsearch-store-its-data
• https://opensearch.org/docs/latest/upgrade-to/upgrade-to/
• https://opendistro.github.io/for-elasticsearch-docs/docs/security/configuration/tls/
• https://opendistro.github.io/for-elasticsearch-docs/docs/security/configuration/
• https://stackoverflow.com/questions/55142527/elasticsearch-exception-open-distro-alert
• https://opster.com/guides/opensearch/opensearch-basics/migrate-from-elasticsearch-to-opensearch/
• https://www.elastic.co/guide/en/elasticsearch/reference/master/trb-security-sslhandshake.html
• https://eliatra.com/blog/opensearch-security-part-2-basic-setup/
• https://opensearch.org/docs/latest/opensearch/configuration/
• https://github.com/elastic/elasticsearch/blob/v7.10.2/server/src/main/java/org/elasticsearch/common/settings/Setting.java
• https://github.com/elastic/elasticsearch/tree/v7.10.2/server/src/main/java/org/elasticsearch
• https://www.elastic.co/guide/en/elasticsearch/reference/7.10/important-settings.html
• https://opendistro.github.io/for-elasticsearch-docs/docs/elasticsearch/configuration/#configuration-file
• https://unix.stackexchange.com/questions/204800/when-to-use-arch-vs-noarch-when-building-rpms
• https://listman.redhat.com/archives/rpm-list/2001-December/msg00200.html
• https://github.com/rpm-software-management/rpm/issues/367
• https://docs.fedoraproject.org/en-US/Fedora_Draft_Documentation/0.1/html/RPM_Guide/ch08s02.html
• https://stackoverflow.com/questions/50753033/rpmbuild-spec-files-and-rpm-some-deep-confusion
• https://www.redhat.com/sysadmin/package-open-source-rpm
• https://tmurray3.blogspot.com/2010/11/building-rpm-packages-for-java-from-jar.html
• http://ftp.rpm.org/max-rpm/s1-rpm-inside-files-list-directives.html
• https://stackoverflow.com/questions/29224772/symlinks-are-not-included-in-buildroot-when-using-rpmbuild
• https://linux.redhat.rpm.narkive.com/qZ3CgkdR/how-to-disable-brp-java-repack-jars
• https://rpm-packaging-guide.github.io/
• https://linux.die.net/man/8/rpmbuild
• https://stackoverflow.com/questions/36940733/sbt-native-packager-rpm-brp-java-repack-jars-still-running-despite-setting-rpmbr/36966909#36966909
• https://github.com/sbt/sbt-native-packager/issues/789
• https://stackoverflow.com/questions/25113505/bypass-yes-no-in-shell-script

[okynos]

Hello team,

We have include tons of modifications of wazuh-indexer.spec file:

• Updated to OpenSearch 1.2.3
• Moved to clean installation package to allow working with OpenDistro or Elasticsearch environment.
• Added Certificate configuration with SSL and authentication.
• Added SecurityAdmin procedure on postinstall.
• Package tested on CentOS 7 with running Elasticsearch-oss installation
• Changed username from wazuh to wazuh-indexer
• Moved configuration from /usr/share/wazuh-indexer/config to /etc/wazuh-indexer
• Moved Logs from /usr/share/wazuh-indexer/logs to /var/logs/wazuh-indexer
• Removed Obsoletes tag
• Added demo generated certificates to base file.

Command to run wazuh-indexer after install:

sudo -u wazuh-indexer CLK_TK=`/usr/bin/getconf CLK_TCK` OPENSEARCH_PATH_CONF=/etc/wazuh-indexer /usr/share/wazuh-indexer/bin/opensearch

Commands to test that it works:

curl -k -u admin:admin https://localhost:9700
curl -k -u admin:admin https://localhost:9700/_cluster/health?pretty
curl -k -u admin:admin https://localhost:9700/_cat/indices?pretty

Link to the package: https://s3.amazonaws.com/warehouse.wazuh.com/indexer/wazuh-indexer-4.3.0-1.x86_64.rpm

Way to install: yum install -y https://s3.amazonaws.com/warehouse.wazuh.com/indexer/wazuh-indexer-4.3.0-1.x86_64.rpm

[rauldpm]

Testing - CentOS 8

---

yum install -y https://s3.amazonaws.com/warehouse.wazuh.com/indexer/wazuh-indexer-4.3.0-1.x86_64.rpm

• Install success

---

---

sudo -u wazuh-indexer CLK_TK=`/usr/bin/getconf CLK_TCK` OPENSEARCH_PATH_CONF=/etc/wazuh-indexer /usr/share/wazuh-indexer/bin/opensearch

Warnings and errors

``` [WARN ][o.o.s.OpenSearchSecurityPlugin] [node-1] Directory /etc/wazuh-indexer has insecure file permissions (should be 0700) [WARN ][o.o.s.OpenSearchSecurityPlugin] [node-1] File /etc/wazuh-indexer/jvm.options.d/performance-analyzer.options has insecure file permissions (should be 0600) ``` - This is later disabled: `PerformanceAnalyzer Enabled: false` - Needed to increase max_map_count. Failed ``` [2021-12-28T17:10:49,853][INFO ][o.o.b.BootstrapChecks ] [node-1] bound or publishing to a non-loopback address, enforcing bootstrap checks ERROR: [1] bootstrap checks failed [1]: max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144] ERROR: OpenSearch did not exit normally - check the logs at /var/log/wazuh-indexer/wazuh-cluster.log [2021-12-28T17:10:49,858][INFO ][o.o.s.a.r.AuditMessageRouter] [node-1] Closing AuditMessageRouter [2021-12-28T17:10:49,858][INFO ][o.o.s.a.s.SinkProvider ] [node-1] Closing InternalOpenSearchSink [2021-12-28T17:10:49,858][INFO ][o.o.s.a.s.SinkProvider ] [node-1] Closing DebugSink [2021-12-28T17:10:49,859][INFO ][o.o.n.Node ] [node-1] stopping ... [2021-12-28T17:10:49,867][INFO ][o.o.n.Node ] [node-1] stopped [2021-12-28T17:10:49,867][INFO ][o.o.n.Node ] [node-1] closing ... [2021-12-28T17:10:49,871][INFO ][o.o.s.a.i.AuditLogImpl ] [node-1] Closing AuditLogImpl [2021-12-28T17:10:49,873][INFO ][o.o.n.Node ] [node-1] closed [root@centos8 vagrant]# ``` - After increase max_map_count to 262144: ``` [2021-12-28T17:14:57,513][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Exception while retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, AUDIT] (index=.opendistro_security) org.opensearch.cluster.block.ClusterBlockException: blocked by: [SERVICE_UNAVAILABLE/1/state not recovered / initialized]; at org.opensearch.cluster.block.ClusterBlocks.globalBlockedException(ClusterBlocks.java:202) ~[opensearch-1.2.3.jar:1.2.3] at org.opensearch.cluster.block.ClusterBlocks.globalBlockedRaiseException(ClusterBlocks.java:188) ~[opensearch-1.2.3.jar:1.2.3] at org.opensearch.action.get.TransportMultiGetAction.doExecute(TransportMultiGetAction.java:76) ~[opensearch-1.2.3.jar:1.2.3] at org.opensearch.action.get.TransportMultiGetAction.doExecute(TransportMultiGetAction.java:53) ~[opensearch-1.2.3.jar:1.2.3] at org.opensearch.action.support.TransportAction$RequestFilterChain.proceed(TransportAction.java:194) [opensearch-1.2.3.jar:1.2.3] at org.opensearch.indexmanagement.rollup.actionfilter.FieldCapsFilter.apply(FieldCapsFilter.kt:141) [opensearch-index-management-1.2.3.0.jar:1.2.3.0] at org.opensearch.action.support.TransportAction$RequestFilterChain.proceed(TransportAction.java:192) [opensearch-1.2.3.jar:1.2.3] at org.opensearch.security.filter.SecurityFilter.apply0(SecurityFilter.java:234) [opensearch-security-1.2.3.0.jar:1.2.3.0] at org.opensearch.security.filter.SecurityFilter.apply(SecurityFilter.java:154) [opensearch-security-1.2.3.0.jar:1.2.3.0] at org.opensearch.action.support.TransportAction$RequestFilterChain.proceed(TransportAction.java:192) [opensearch-1.2.3.jar:1.2.3] at org.opensearch.performanceanalyzer.action.PerformanceAnalyzerActionFilter.apply(PerformanceAnalyzerActionFilter.java:99) [opensearch-performance-analyzer-1.2.3.0.jar:1.2.3.0] at org.opensearch.action.support.TransportAction$RequestFilterChain.proceed(TransportAction.java:192) [opensearch-1.2.3.jar:1.2.3] at org.opensearch.action.support.TransportAction.execute(TransportAction.java:169) [opensearch-1.2.3.jar:1.2.3] at org.opensearch.action.support.TransportAction.execute(TransportAction.java:97) [opensearch-1.2.3.jar:1.2.3] at org.opensearch.client.node.NodeClient.executeLocally(NodeClient.java:108) [opensearch-1.2.3.jar:1.2.3] at org.opensearch.client.node.NodeClient.doExecute(NodeClient.java:95) [opensearch-1.2.3.jar:1.2.3] at org.opensearch.client.support.AbstractClient.execute(AbstractClient.java:433) [opensearch-1.2.3.jar:1.2.3] at org.opensearch.client.support.AbstractClient.multiGet(AbstractClient.java:554) [opensearch-1.2.3.jar:1.2.3] at org.opensearch.security.configuration.ConfigurationLoaderSecurity7.loadAsync(ConfigurationLoaderSecurity7.java:211) [opensearch-security-1.2.3.0.jar:1.2.3.0] at org.opensearch.security.configuration.ConfigurationLoaderSecurity7.load(ConfigurationLoaderSecurity7.java:102) [opensearch-security-1.2.3.0.jar:1.2.3.0] at org.opensearch.security.configuration.ConfigurationRepository.getConfigurationsFromIndex(ConfigurationRepository.java:375) [opensearch-security-1.2.3.0.jar:1.2.3.0] at org.opensearch.security.configuration.ConfigurationRepository.reloadConfiguration0(ConfigurationRepository.java:321) [opensearch-security-1.2.3.0.jar:1.2.3.0] at org.opensearch.security.configuration.ConfigurationRepository.reloadConfiguration(ConfigurationRepository.java:306) [opensearch-security-1.2.3.0.jar:1.2.3.0] at org.opensearch.security.configuration.ConfigurationRepository$1.run(ConfigurationRepository.java:166) [opensearch-security-1.2.3.0.jar:1.2.3.0] at java.lang.Thread.run(Thread.java:832) [?:?] ``` - Stuck in loop: ``` [2021-12-28T17:16:41,633][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, AUDIT] (index=.opendistro_security) ```

---

---

curl -k -u admin:admin https://localhost:9700
curl -k -u admin:admin https://localhost:9700/_cluster/health?pretty
curl -k -u admin:admin https://localhost:9700/_cat/indices?pretty

• OpenSearch Security not initialized, due to previus errors

[root@centos8 vagrant]# curl -k -u admin:admin https://localhost:9700 OpenSearch Security not initialized. [root@centos8 vagrant]# curl -k -u admin:admin https://localhost:9700/_cluster/health?pretty OpenSearch Security not initialized. [root@centos8 vagrant]# curl -k -u admin:admin https://localhost:9700/_cat/indices?pretty OpenSearch Security not initialized. [root@centos8 vagrant]#

[okynos]

Hello team,

We have performed new iteration of wazuh-indexer package:

• Created SystemD required files.
• Coded service file
• Tested cluster deployment with certificate regeneration.
• Added User, groups and permissions fixes inside the SPEC
• Compiled SystemD OpenSearch Java class to manage SystemD notify.
• Tested Service work on deployment.

Way to install:

yum install -y https://s3.amazonaws.com/warehouse.wazuh.com/indexer/wazuh-indexer-4.3.0-1.x86_64.rpm

Command to run wazuh-indexer after install:

sudo systemctl enable wazuh-indexer
sudo systemctl start wazuh-indexer

Commands to test that it works:

curl -k -u admin:admin https://localhost:9700
curl -k -u admin:admin https://localhost:9700/_cluster/health?pretty
curl -k -u admin:admin https://localhost:9700/_cat/indices?pretty

Link to the package: https://s3.amazonaws.com/warehouse.wazuh.com/indexer/wazuh-indexer-4.3.0-1.x86_64.rpm

References

• https://blog.hqcodeshop.fi/archives/93-Handling-varrun-with-systemd.html
• https://bugs.openjdk.java.net/browse/JDK-8209058
• https://github.com/elastic/elasticsearch/blob/v7.10.2/modules/systemd/src/main/java/org/elasticsearch/systemd/SystemdPlugin.java#L20-L40
• https://github.com/opensearch-project/OpenSearch/blob/main/DEVELOPER_GUIDE.md
• https://www.shellhacks.com/systemd-service-file-example/
• https://www.computernetworkingnotes.com/linux-tutorials/systemd-unit-configuration-files-explained.html
• https://discuss.elastic.co/t/handshake-failed-unexpected-remote-node/117082
• https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-discovery.html
• https://www.elastic.co/guide/en/elasticsearch/reference/current/add-elasticsearch-nodes.html
• https://www.elastic.co/guide/en/elasticsearch/reference/master/modules-discovery-bootstrap-cluster.html
• https://www.elastic.co/guide/en/elasticsearch/reference/current/settings.html
• https://github.com/elastic/elasticsearch/blob/v7.10.2/distribution/packages/src/common/systemd/elasticsearch.service
• https://opensearch.org/docs/latest/opensearch/logs/
• https://github.com/elastic/elasticsearch/issues/69464

[dariommr]

Hello Team, I was testing this in a CentOS 6, since some people is running this OS yet, and found some issues that I was able to solve and get it running:

CentOS 6: Issues found

1. Errors when installing, solved changing the repos. It seems the official repos for CentOS 6 changed Solution:

   echo "https://vault.centos.org/6.10/" >> /var/cache/yum/x86_64/6/base/mirrorlist.txt

Edit the file /etc/yum.repos.d/Centos-Base.repo changing the [base] block for this:

[base]
name=CentOS-$releasever - Base
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os&infra=$infra
baseurl=http://vault.centos.org/6.10/centosplus/$basearch/
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
gpgcheck=1

---

2. Errors starting the indexer service:

   [root@wzh-indxr ~]# cat /var/log/wazuh-indexer/wazuh-cluster.log | grep "bootstrap checks failed" -A2 -B1
   [2021-12-31T09:49:08,150][ERROR][o.o.b.Bootstrap          ] [node-1] node validation exception
   [2] bootstrap checks failed
   [1]: max number of threads [1024] for user [wazuh-indexer] is too low, increase to at least [4096]
   [2]: system call filters failed to install; check the logs and fix your configuration or disable system call filters at your own risk

Solution: Edit the file /etc/security/limits.d/90-nproc.conf and changed the value for all users to 4096:

*          soft    nproc     4096

And edited the configuration file /etc/wazuh-indexer/opensearch.yml to solve the issues about system call filters:

bootstrap.system_call_filter: false

---

3. Errors in API calls:

   # curl -k -u admin:admin https://localhost:9700
   OpenSearch Security not initialized.

Solution: Execute the securityadmin.sh script to re-create the .opendistro index:

export JAVA_HOME=/usr/share/wazuh-indexer/jdk/ &&  bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh -cd /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/ -nhnv -cacert /etc/wazuh-indexer/certs/root-ca.pem -cert /etc/wazuh-indexer/certs/admin.pem -key /etc/wazuh-indexer/certs/admin-key.pem -p 9800 -icl

With that, I was able to run the curl command correctly:

# curl -k -u admin:admin https://localhost:9700
{
  "name" : "node-1",
  "cluster_name" : "wazuh-cluster",
  "cluster_uuid" : "DrfeTYEDSgKaB62PRDUL8A",
  "version" : {
    "distribution" : "opensearch",
    "number" : "1.2.3",
    "build_type" : "rpm",
    "build_hash" : "8a529d77c7432bc45b005ac1c4ba3b2741b57d4a",
    "build_date" : "2021-12-21T01:36:21.407473Z",
    "build_snapshot" : false,
    "lucene_version" : "8.10.1",
    "minimum_wire_compatibility_version" : "6.8.0",
    "minimum_index_compatibility_version" : "6.0.0-beta1"
  },
  "tagline" : "The OpenSearch Project: https://opensearch.org/"
}

---

I hope this could be helpful.

[okynos]

We have included the following changes:

• 2020665f, We have added improvements on building scripts, removed unused variables and included checksum generation
• 1f1bb5cb, We have added tons of files and modifications:
  • We have added SPECs files
  • Added docker files for amd64 generation
  • Rework over build_package.sh script
  • Rework over rules, postinst, prerm, postrm and preinst install scripts
  • Rework of builder.sh script
  • First tests of the generation environment

[okynos]

Hello team,

We have added some improvements into the Debian package 86931db8:

• Fixed package generation
• Moved indexer run part to post-install
• Applied fixes over rules spec file
• Removed dependencies on control file
• Test package generation and research over TARGET_DIR folder variable
• Test package installation and purge into container, need to improve

First package URL: https://s3.amazonaws.com/warehouse.wazuh.com/indexer/wazuh-indexer_4.3.0-1_amd64.deb

[okynos]

Hello team,

We have added the following changes d8b8f3e7:

• Changed Changelog date
• Removed conffiles from SPECs, Debuild creates it with all files inside /etc
• Added logs removal on postinstall (Remove securityadmin trace)
• Moved performance analyzer tunning to base tar.gz, removed from rules file
• Improved permission and owner set on Debian files
• Removed unused vars.
• Fixed permissions on postinstal file
• Removed performance analyzer part.
• Fixed Opensearch and securityadmin execution on Debian postinstall
• Removed upgrade unused code
• Improved service file to work in RPM and DEB.

Package URL today: https://s3.amazonaws.com/warehouse.wazuh.com/indexer/wazuh-indexer_4.3.0-1_amd64.deb

[okynos]

Hello team,

Today we have done tons of improvements with commits: f9aac8ed7a63c8b449df8961926987211d4d82a0 a343063d3475b7c3fbc82db86df8ec769be25ad1 054a1427d5d480ffd68da79e994aec47a64eaf7f bc5e50ecaa44e1c7521fd187b4ca08f5267cc7c2 af189e1ef80fff42aa3b88015faa189d6c57078f 5f1fbab64ee417482deca6090380f91364518b41

• We have been working on postinstall script of Debian packages to let the service up and running, we have also removed unused code.
• Removed unused code from prerm, preinst and postrm scripts.
• Created service file for centos and debian with different paths.
• Created and tested package generation and installation/purge on debian.
• Cleaned code and fix permissions of files.
• Minor fixes on RPM package
• Created merge branch https://github.com/wazuh/wazuh-packages/tree/big-product

Little research links:

• https://bugzilla.redhat.com/show_bug.cgi?id=1774354
• https://www.freedesktop.org/software/systemd/man/systemd.service.html
• https://www.shellhacks.com/systemd-service-file-example/
• https://lintian.debian.org/tags/possible-bashism-in-maintainer-script
• https://s905060.gitbooks.io/site-reliability-engineer-handbook/content/how_to_create_a_debian_package.html

Package URL today: https://s3.amazonaws.com/warehouse.wazuh.com/indexer/wazuh-indexer_4.3.0-1_amd64.deb

[okynos]

Hello team,

Today we have made great improvements!

• 5424b5ad868e390abe4aa5afe4cb5ec67da37fbd
• 3b023f4f500c26b8cdde025054d8ab025793fb30
• 83dc3511a498430c4e18832973d2ccd6f6581bb7
• 78b06324bd97cdcb2f90fb05c0378d16a82e9daa

---

• Added Future packages generation
• Changed way to detect package version with changelog in Debian
• Added way to download SPECs from github in special cases that SPEC is in another branch.
• Added options to build_package.sh script
• Improved Copyright inside SPECs files.
• Build 99.99.09 packages
• Build current version packages

[okynos]

Hello team,

We have finishing the last details over packages and we will detail here all matters

Debian Lintian:

E: wazuh-indexer changes: bad-distribution-in-changes-file stable
E: wazuh-indexer: arch-dependent-file-in-usr-share usr/share/wazuh-indexer/jdk/bin/jaotc
E: wazuh-indexer: arch-dependent-file-in-usr-share usr/share/wazuh-indexer/jdk/bin/jar
E: wazuh-indexer: arch-dependent-file-in-usr-share usr/share/wazuh-indexer/jdk/bin/jarsigner
E: wazuh-indexer: arch-dependent-file-in-usr-share usr/share/wazuh-indexer/jdk/bin/java
E: wazuh-indexer: arch-dependent-file-in-usr-share usr/share/wazuh-indexer/jdk/bin/javac
E: wazuh-indexer: arch-dependent-file-in-usr-share usr/share/wazuh-indexer/jdk/bin/javadoc
E: wazuh-indexer: arch-dependent-file-in-usr-share usr/share/wazuh-indexer/jdk/bin/javap
E: wazuh-indexer: arch-dependent-file-in-usr-share usr/share/wazuh-indexer/jdk/bin/jcmd
E: wazuh-indexer: arch-dependent-file-in-usr-share usr/share/wazuh-indexer/jdk/bin/jconsole
E: wazuh-indexer: arch-dependent-file-in-usr-share usr/share/wazuh-indexer/jdk/bin/jdb
E: wazuh-indexer: arch-dependent-file-in-usr-share usr/share/wazuh-indexer/jdk/bin/jdeprscan
E: wazuh-indexer: arch-dependent-file-in-usr-share usr/share/wazuh-indexer/jdk/bin/jdeps
E: wazuh-indexer: arch-dependent-file-in-usr-share usr/share/wazuh-indexer/jdk/bin/jfr
E: wazuh-indexer: arch-dependent-file-in-usr-share usr/share/wazuh-indexer/jdk/bin/jhsdb
E: wazuh-indexer: arch-dependent-file-in-usr-share usr/share/wazuh-indexer/jdk/bin/jimage
E: wazuh-indexer: arch-dependent-file-in-usr-share usr/share/wazuh-indexer/jdk/bin/jinfo
E: wazuh-indexer: arch-dependent-file-in-usr-share usr/share/wazuh-indexer/jdk/bin/jlink
E: wazuh-indexer: arch-dependent-file-in-usr-share usr/share/wazuh-indexer/jdk/bin/jmap
E: wazuh-indexer: arch-dependent-file-in-usr-share usr/share/wazuh-indexer/jdk/bin/jmod
E: wazuh-indexer: arch-dependent-file-in-usr-share usr/share/wazuh-indexer/jdk/bin/jpackage
E: wazuh-indexer: arch-dependent-file-in-usr-share usr/share/wazuh-indexer/jdk/bin/jps
E: wazuh-indexer: arch-dependent-file-in-usr-share usr/share/wazuh-indexer/jdk/bin/jrunscript
E: wazuh-indexer: arch-dependent-file-in-usr-share usr/share/wazuh-indexer/jdk/bin/jshell
E: wazuh-indexer: arch-dependent-file-in-usr-share usr/share/wazuh-indexer/jdk/bin/jstack
E: wazuh-indexer: arch-dependent-file-in-usr-share usr/share/wazuh-indexer/jdk/bin/jstat
E: wazuh-indexer: arch-dependent-file-in-usr-share usr/share/wazuh-indexer/jdk/bin/jstatd
E: wazuh-indexer: arch-dependent-file-in-usr-share usr/share/wazuh-indexer/jdk/bin/keytool
E: wazuh-indexer: arch-dependent-file-in-usr-share usr/share/wazuh-indexer/jdk/bin/rmid
E: wazuh-indexer: arch-dependent-file-in-usr-share usr/share/wazuh-indexer/jdk/bin/rmiregistry
E: wazuh-indexer: arch-dependent-file-in-usr-share usr/share/wazuh-indexer/jdk/bin/serialver
E: wazuh-indexer: arch-dependent-file-in-usr-share usr/share/wazuh-indexer/jdk/lib/jexec
E: wazuh-indexer: unstripped-binary-or-object usr/share/wazuh-indexer/jdk/lib/jexec
E: wazuh-indexer: arch-dependent-file-in-usr-share usr/share/wazuh-indexer/jdk/lib/jspawnhelper
E: wazuh-indexer: arch-dependent-file-in-usr-share usr/share/wazuh-indexer/jdk/lib/libattach.so
E: wazuh-indexer: arch-dependent-file-in-usr-share usr/share/wazuh-indexer/jdk/lib/libawt.so
E: wazuh-indexer: arch-dependent-file-in-usr-share usr/share/wazuh-indexer/jdk/lib/libawt_headless.so
E: wazuh-indexer: arch-dependent-file-in-usr-share usr/share/wazuh-indexer/jdk/lib/libawt_xawt.so
E: wazuh-indexer: arch-dependent-file-in-usr-share usr/share/wazuh-indexer/jdk/lib/libdt_socket.so
E: wazuh-indexer: arch-dependent-file-in-usr-share usr/share/wazuh-indexer/jdk/lib/libextnet.so
E: wazuh-indexer: arch-dependent-file-in-usr-share usr/share/wazuh-indexer/jdk/lib/libfontmanager.so
E: wazuh-indexer: arch-dependent-file-in-usr-share usr/share/wazuh-indexer/jdk/lib/libfreetype.so
E: wazuh-indexer: embedded-library usr/share/wazuh-indexer/jdk/lib/libfreetype.so: freetype
E: wazuh-indexer: arch-dependent-file-in-usr-share usr/share/wazuh-indexer/jdk/lib/libinstrument.so
E: wazuh-indexer: arch-dependent-file-in-usr-share usr/share/wazuh-indexer/jdk/lib/libj2gss.so
E: wazuh-indexer: arch-dependent-file-in-usr-share usr/share/wazuh-indexer/jdk/lib/libj2pcsc.so
E: wazuh-indexer: arch-dependent-file-in-usr-share usr/share/wazuh-indexer/jdk/lib/libj2pkcs11.so
E: wazuh-indexer: arch-dependent-file-in-usr-share usr/share/wazuh-indexer/jdk/lib/libjaas.so
E: wazuh-indexer: arch-dependent-file-in-usr-share usr/share/wazuh-indexer/jdk/lib/libjava.so
E: wazuh-indexer: arch-dependent-file-in-usr-share usr/share/wazuh-indexer/jdk/lib/libjavajpeg.so
E: wazuh-indexer: embedded-library usr/share/wazuh-indexer/jdk/lib/libjavajpeg.so: libjpeg
E: wazuh-indexer: arch-dependent-file-in-usr-share usr/share/wazuh-indexer/jdk/lib/libjawt.so
E: wazuh-indexer: arch-dependent-file-in-usr-share usr/share/wazuh-indexer/jdk/lib/libjdwp.so
E: wazuh-indexer: arch-dependent-file-in-usr-share usr/share/wazuh-indexer/jdk/lib/libjimage.so
E: wazuh-indexer: arch-dependent-file-in-usr-share usr/share/wazuh-indexer/jdk/lib/libjli.so
E: wazuh-indexer: arch-dependent-file-in-usr-share usr/share/wazuh-indexer/jdk/lib/libjsig.so
E: wazuh-indexer: arch-dependent-file-in-usr-share usr/share/wazuh-indexer/jdk/lib/libjsound.so
E: wazuh-indexer: arch-dependent-file-in-usr-share usr/share/wazuh-indexer/jdk/lib/liblcms.so
E: wazuh-indexer: embedded-library usr/share/wazuh-indexer/jdk/lib/liblcms.so: lcms2
E: wazuh-indexer: arch-dependent-file-in-usr-share usr/share/wazuh-indexer/jdk/lib/libmanagement.so
E: wazuh-indexer: arch-dependent-file-in-usr-share usr/share/wazuh-indexer/jdk/lib/libmanagement_agent.so
E: wazuh-indexer: arch-dependent-file-in-usr-share usr/share/wazuh-indexer/jdk/lib/libmanagement_ext.so
E: wazuh-indexer: arch-dependent-file-in-usr-share usr/share/wazuh-indexer/jdk/lib/libmlib_image.so
E: wazuh-indexer: arch-dependent-file-in-usr-share usr/share/wazuh-indexer/jdk/lib/libnet.so
E: wazuh-indexer: arch-dependent-file-in-usr-share usr/share/wazuh-indexer/jdk/lib/libnio.so
E: wazuh-indexer: arch-dependent-file-in-usr-share usr/share/wazuh-indexer/jdk/lib/libprefs.so
E: wazuh-indexer: arch-dependent-file-in-usr-share usr/share/wazuh-indexer/jdk/lib/librmi.so
E: wazuh-indexer: arch-dependent-file-in-usr-share usr/share/wazuh-indexer/jdk/lib/libsaproc.so
E: wazuh-indexer: arch-dependent-file-in-usr-share usr/share/wazuh-indexer/jdk/lib/libsctp.so
E: wazuh-indexer: arch-dependent-file-in-usr-share usr/share/wazuh-indexer/jdk/lib/libsplashscreen.so
E: wazuh-indexer: embedded-library usr/share/wazuh-indexer/jdk/lib/libsplashscreen.so: libjpeg
E: wazuh-indexer: embedded-library usr/share/wazuh-indexer/jdk/lib/libsplashscreen.so: libpng
E: wazuh-indexer: arch-dependent-file-in-usr-share usr/share/wazuh-indexer/jdk/lib/libsunec.so
E: wazuh-indexer: arch-dependent-file-in-usr-share usr/share/wazuh-indexer/jdk/lib/libverify.so
E: wazuh-indexer: arch-dependent-file-in-usr-share usr/share/wazuh-indexer/jdk/lib/libzip.so
E: wazuh-indexer: arch-dependent-file-in-usr-share usr/share/wazuh-indexer/jdk/lib/server/libjsig.so
E: wazuh-indexer: arch-dependent-file-in-usr-share usr/share/wazuh-indexer/jdk/lib/server/libjvm.so
E: wazuh-indexer: arch-dependent-file-in-usr-share usr/share/wazuh-indexer/plugins/opensearch-knn/knnlib/libgomp.so.1
E: wazuh-indexer: arch-dependent-file-in-usr-share usr/share/wazuh-indexer/plugins/opensearch-knn/knnlib/libopensearchknn_common.so
E: wazuh-indexer: arch-dependent-file-in-usr-share usr/share/wazuh-indexer/plugins/opensearch-knn/knnlib/libopensearchknn_faiss.so
E: wazuh-indexer: binary-or-shlib-defines-rpath usr/share/wazuh-indexer/plugins/opensearch-knn/knnlib/libopensearchknn_faiss.so /tmp/tmppye_j7uv/k-NN/jni/release
E: wazuh-indexer: arch-dependent-file-in-usr-share usr/share/wazuh-indexer/plugins/opensearch-knn/knnlib/libopensearchknn_nmslib.so
E: wazuh-indexer: binary-or-shlib-defines-rpath usr/share/wazuh-indexer/plugins/opensearch-knn/knnlib/libopensearchknn_nmslib.so /tmp/tmppye_j7uv/k-NN/jni/release
E: wazuh-indexer: missing-dependency-on-libc needed by usr/share/wazuh-indexer/jdk/bin/jaotc and 73 others
W: wazuh-indexer: new-package-should-close-itp-bug
E: wazuh-indexer: no-copyright-file
W: wazuh-indexer: description-too-long
E: wazuh-indexer: extended-description-is-empty
W: wazuh-indexer: extra-license-file usr/share/wazuh-indexer/jdk/legal/java.base/LICENSE
W: wazuh-indexer: extra-license-file usr/share/wazuh-indexer/plugins/opensearch-sql/LICENSE.txt
E: wazuh-indexer: prerm-calls-updaterc.d wazuh-indexer
W: wazuh-indexer: script-in-etc-init.d-not-registered-via-update-rc.d etc/init.d/wazuh-indexer
E: wazuh-indexer: init.d-script-missing-dependency-on-remote_fs etc/init.d/wazuh-indexer: required-start
E: wazuh-indexer: init.d-script-missing-dependency-on-remote_fs etc/init.d/wazuh-indexer: required-stop
W: wazuh-indexer: unknown-java-class-version usr/share/wazuh-indexer/lib/jackson-core-2.12.5.jar (module-info.class -> 53)
W: wazuh-indexer: unknown-java-class-version usr/share/wazuh-indexer/lib/jackson-dataformat-cbor-2.12.5.jar (module-info.class -> 53)
W: wazuh-indexer: unknown-java-class-version usr/share/wazuh-indexer/lib/jackson-dataformat-smile-2.12.5.jar (module-info.class -> 53)
W: wazuh-indexer: unknown-java-class-version usr/share/wazuh-indexer/lib/jackson-dataformat-yaml-2.12.5.jar (module-info.class -> 53)
W: wazuh-indexer: unknown-java-class-version usr/share/wazuh-indexer/lib/log4j-api-2.17.0.jar (META-INF/versions/9/module-info.class -> 53)
W: wazuh-indexer: unknown-java-class-version usr/share/wazuh-indexer/lib/opensearch-1.2.3.jar (META-INF/versions/11/org/opensearch/monitor/jvm/JvmPid.class -> 55)
W: wazuh-indexer: unknown-java-class-version usr/share/wazuh-indexer/lib/opensearch-core-1.2.3.jar (META-INF/versions/11/org/opensearch/common/collect/List.class -> 55)
W: wazuh-indexer: unknown-java-class-version usr/share/wazuh-indexer/lib/tools/plugin-cli/bc-fips-1.0.2.jar (META-INF/versions/9/module-info.class -> 53)
W: wazuh-indexer: unknown-java-class-version usr/share/wazuh-indexer/lib/tools/plugin-cli/bcpg-fips-1.0.4.jar (module-info.class -> 53)
W: wazuh-indexer: unknown-java-class-version usr/share/wazuh-indexer/lib/tools/upgrade-cli/jackson-annotations-2.12.5.jar (module-info.class -> 53)
W: wazuh-indexer: unknown-java-class-version usr/share/wazuh-indexer/lib/tools/upgrade-cli/jackson-core-2.12.5.jar (module-info.class -> 53)
W: wazuh-indexer: unknown-java-class-version usr/share/wazuh-indexer/lib/tools/upgrade-cli/jackson-databind-2.12.5.jar (module-info.class -> 53)
W: wazuh-indexer: unknown-java-class-version usr/share/wazuh-indexer/modules/ingest-common/jcodings-1.0.44.jar (module-info.class -> 53)
W: wazuh-indexer: unknown-java-class-version usr/share/wazuh-indexer/modules/ingest-common/joni-2.1.29.jar (module-info.class -> 53)
W: wazuh-indexer: unknown-java-class-version usr/share/wazuh-indexer/modules/ingest-geoip/jackson-annotations-2.12.5.jar (module-info.class -> 53)
W: wazuh-indexer: unknown-java-class-version usr/share/wazuh-indexer/modules/ingest-geoip/jackson-databind-2.12.5.jar (module-info.class -> 53)
W: wazuh-indexer: unknown-java-class-version usr/share/wazuh-indexer/modules/lang-painless/asm-7.2.jar (module-info.class -> 53)
W: wazuh-indexer: unknown-java-class-version usr/share/wazuh-indexer/modules/lang-painless/asm-analysis-7.2.jar (module-info.class -> 53)
W: wazuh-indexer: unknown-java-class-version usr/share/wazuh-indexer/modules/lang-painless/asm-commons-7.2.jar (module-info.class -> 53)
W: wazuh-indexer: unknown-java-class-version usr/share/wazuh-indexer/modules/lang-painless/asm-tree-7.2.jar (module-info.class -> 53)
W: wazuh-indexer: unknown-java-class-version usr/share/wazuh-indexer/modules/lang-painless/asm-util-7.2.jar (module-info.class -> 53)
W: wazuh-indexer: unknown-java-class-version usr/share/wazuh-indexer/performance-analyzer-rca/lib/bcpkix-jdk15on-1.68.jar (META-INF/versions/9/module-info.class -> 53)
W: wazuh-indexer: unknown-java-class-version usr/share/wazuh-indexer/performance-analyzer-rca/lib/bcprov-jdk15on-1.68.jar (META-INF/versions/11/org/bouncycastle/jcajce/provider/asymmetric/edec/BC11XDHPrivateKey.class -> 55)
W: wazuh-indexer: unknown-java-class-version usr/share/wazuh-indexer/performance-analyzer-rca/lib/gson-2.8.6.jar (module-info.class -> 53)
W: wazuh-indexer: unknown-java-class-version usr/share/wazuh-indexer/performance-analyzer-rca/lib/jackson-annotations-2.11.4.jar (module-info.class -> 53)
W: wazuh-indexer: unknown-java-class-version usr/share/wazuh-indexer/performance-analyzer-rca/lib/jackson-core-2.11.4.jar (module-info.class -> 53)
W: wazuh-indexer: unknown-java-class-version usr/share/wazuh-indexer/performance-analyzer-rca/lib/jackson-databind-2.11.4.jar (module-info.class -> 53)
W: wazuh-indexer: codeless-jar usr/share/wazuh-indexer/performance-analyzer-rca/lib/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar
W: wazuh-indexer: unknown-java-class-version usr/share/wazuh-indexer/performance-analyzer-rca/lib/log4j-api-2.17.0.jar (META-INF/versions/9/module-info.class -> 53)
W: wazuh-indexer: unknown-java-class-version usr/share/wazuh-indexer/plugins/opensearch-alerting/google-java-format-1.10.0.jar (com/google/googlejavaformat/CloseOp.class -> 55)
W: wazuh-indexer: unknown-java-class-version usr/share/wazuh-indexer/plugins/opensearch-alerting/ipaddress-5.3.3.jar (module-info.class -> 53)
W: wazuh-indexer: codeless-jar usr/share/wazuh-indexer/plugins/opensearch-alerting/kotlin-stdlib-common-1.3.72.jar
W: wazuh-indexer: codeless-jar usr/share/wazuh-indexer/plugins/opensearch-alerting/kotlinx-coroutines-core-common-1.1.1.jar
W: wazuh-indexer: codeless-jar usr/share/wazuh-indexer/plugins/opensearch-alerting/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar
W: wazuh-indexer: unknown-java-class-version usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/gson-2.8.6.jar (module-info.class -> 53)
W: wazuh-indexer: unknown-java-class-version usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/jackson-annotations-2.11.4.jar (module-info.class -> 53)
W: wazuh-indexer: unknown-java-class-version usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/jackson-databind-2.11.4.jar (module-info.class -> 53)
W: wazuh-indexer: codeless-jar usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar
W: wazuh-indexer: unknown-java-class-version usr/share/wazuh-indexer/plugins/opensearch-cross-cluster-replication/ipaddress-5.3.3.jar (module-info.class -> 53)
W: wazuh-indexer: codeless-jar usr/share/wazuh-indexer/plugins/opensearch-cross-cluster-replication/kotlin-stdlib-common-1.3.72.jar
W: wazuh-indexer: unknown-java-class-version usr/share/wazuh-indexer/plugins/opensearch-index-management/ipaddress-5.3.3.jar (module-info.class -> 53)
W: wazuh-indexer: unknown-java-class-version usr/share/wazuh-indexer/plugins/opensearch-index-management/kotlin-stdlib-1.4.0.jar (META-INF/versions/9/module-info.class -> 53)
W: wazuh-indexer: codeless-jar usr/share/wazuh-indexer/plugins/opensearch-index-management/kotlin-stdlib-common-1.4.0.jar
W: wazuh-indexer: unknown-java-class-version usr/share/wazuh-indexer/plugins/opensearch-index-management/kotlin-stdlib-jdk7-1.4.0.jar (META-INF/versions/9/module-info.class -> 53)
W: wazuh-indexer: unknown-java-class-version usr/share/wazuh-indexer/plugins/opensearch-index-management/kotlin-stdlib-jdk8-1.4.0.jar (META-INF/versions/9/module-info.class -> 53)
W: wazuh-indexer: codeless-jar usr/share/wazuh-indexer/plugins/opensearch-knn/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar
W: wazuh-indexer: unknown-java-class-version usr/share/wazuh-indexer/plugins/opensearch-observability/kotlin-stdlib-1.4.0.jar (META-INF/versions/9/module-info.class -> 53)
W: wazuh-indexer: codeless-jar usr/share/wazuh-indexer/plugins/opensearch-observability/kotlin-stdlib-common-1.4.0.jar
W: wazuh-indexer: unknown-java-class-version usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/bcpkix-jdk15on-1.68.jar (META-INF/versions/9/module-info.class -> 53)
W: wazuh-indexer: unknown-java-class-version usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/bcprov-jdk15on-1.68.jar (META-INF/versions/11/org/bouncycastle/jcajce/provider/asymmetric/edec/BC11XDHPrivateKey.class -> 55)
W: wazuh-indexer: unknown-java-class-version usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/gson-2.8.6.jar (module-info.class -> 53)
W: wazuh-indexer: unknown-java-class-version usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/jackson-annotations-2.11.4.jar (module-info.class -> 53)
W: wazuh-indexer: unknown-java-class-version usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/jackson-databind-2.11.4.jar (module-info.class -> 53)
W: wazuh-indexer: unknown-java-class-version usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/jackson-module-paranamer-2.11.4.jar (module-info.class -> 53)
W: wazuh-indexer: codeless-jar usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar
W: wazuh-indexer: unknown-java-class-version usr/share/wazuh-indexer/plugins/opensearch-reports-scheduler/kotlin-stdlib-1.4.0.jar (META-INF/versions/9/module-info.class -> 53)
W: wazuh-indexer: codeless-jar usr/share/wazuh-indexer/plugins/opensearch-reports-scheduler/kotlin-stdlib-common-1.4.0.jar
W: wazuh-indexer: unknown-java-class-version usr/share/wazuh-indexer/plugins/opensearch-security/asm-9.1.jar (module-info.class -> 53)
W: wazuh-indexer: unknown-java-class-version usr/share/wazuh-indexer/plugins/opensearch-security/bcprov-jdk15on-1.67.jar (META-INF/versions/11/org/bouncycastle/jcajce/provider/asymmetric/edec/BC11XDHPrivateKey.class -> 55)
W: wazuh-indexer: unknown-java-class-version usr/share/wazuh-indexer/plugins/opensearch-security/istack-commons-runtime-3.0.12.jar (META-INF/versions/9/com/sun/istack/logging/StackHelper.class -> 53)
W: wazuh-indexer: unknown-java-class-version usr/share/wazuh-indexer/plugins/opensearch-security/jackson-annotations-2.11.2.jar (module-info.class -> 53)
W: wazuh-indexer: unknown-java-class-version usr/share/wazuh-indexer/plugins/opensearch-security/jackson-databind-2.11.2.jar (module-info.class -> 53)
W: wazuh-indexer: unknown-java-class-version usr/share/wazuh-indexer/plugins/opensearch-security/jakarta.activation-1.2.2.jar (module-info.class -> 53)
W: wazuh-indexer: unknown-java-class-version usr/share/wazuh-indexer/plugins/opensearch-security/jakarta.jws-api-2.1.0.jar (module-info.class -> 53)
W: wazuh-indexer: unknown-java-class-version usr/share/wazuh-indexer/plugins/opensearch-security/jakarta.xml.bind-api-2.3.3.jar (META-INF/versions/9/javax/xml/bind/ModuleUtil.class -> 53)
W: wazuh-indexer: unknown-java-class-version usr/share/wazuh-indexer/plugins/opensearch-security/jakarta.xml.soap-api-1.4.2.jar (module-info.class -> 53)
W: wazuh-indexer: unknown-java-class-version usr/share/wazuh-indexer/plugins/opensearch-security/jakarta.xml.ws-api-2.3.3.jar (module-info.class -> 53)
W: wazuh-indexer: unknown-java-class-version usr/share/wazuh-indexer/plugins/opensearch-security/jaxb-runtime-2.3.4.jar (META-INF/versions/9/com/sun/xml/bind/StackHelper.class -> 53)
W: wazuh-indexer: unknown-java-class-version usr/share/wazuh-indexer/plugins/opensearch-security/saaj-impl-1.5.3.jar (module-info.class -> 53)
W: wazuh-indexer: unknown-java-class-version usr/share/wazuh-indexer/plugins/opensearch-security/stax-ex-1.8.3.jar (module-info.class -> 53)
W: wazuh-indexer: unknown-java-class-version usr/share/wazuh-indexer/plugins/opensearch-security/stax2-api-4.2.1.jar (module-info.class -> 53)
W: wazuh-indexer: unknown-java-class-version usr/share/wazuh-indexer/plugins/opensearch-security/txw2-2.3.4.jar (module-info.class -> 53)
W: wazuh-indexer: unknown-java-class-version usr/share/wazuh-indexer/plugins/opensearch-security/woodstox-core-6.2.6.jar (module-info.class -> 53)
W: wazuh-indexer: unknown-java-class-version usr/share/wazuh-indexer/plugins/opensearch-sql/gson-2.8.6.jar (module-info.class -> 53)
W: wazuh-indexer: unknown-java-class-version usr/share/wazuh-indexer/plugins/opensearch-sql/jackson-annotations-2.11.4.jar (module-info.class -> 53)
W: wazuh-indexer: unknown-java-class-version usr/share/wazuh-indexer/plugins/opensearch-sql/jackson-databind-2.11.4.jar (module-info.class -> 53)
W: wazuh-indexer: codeless-jar usr/share/wazuh-indexer/plugins/opensearch-sql/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar
W: wazuh-indexer: script-not-executable usr/share/wazuh-indexer/bin/systemd-entrypoint
W: wazuh-indexer: script-not-executable usr/share/wazuh-indexer/performance-analyzer-rca/pa_bin/performance-analyzer-agent
W: wazuh-indexer: script-not-executable usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/extensions/performance-analyzer-agent
W: wazuh-indexer: script-not-executable usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/pa_bin/performance-analyzer-agent
W: wazuh-indexer: script-not-executable usr/share/wazuh-indexer/plugins/opensearch-security/tools/audit_config_migrater.sh
W: wazuh-indexer: script-not-executable usr/share/wazuh-indexer/plugins/opensearch-security/tools/hash.sh
W: wazuh-indexer: script-not-executable usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh
W: wazuh-indexer: script-not-executable usr/share/wazuh-indexer/plugins/opensearch-security/tools/wazuh-cert-tool.sh
W: wazuh-indexer: script-not-executable usr/share/wazuh-indexer/plugins/opensearch-security/tools/wazuh-passwords-tool.sh
W: wazuh-indexer: executable-not-elf-or-script usr/share/wazuh-indexer/NOTICE.txt
W: wazuh-indexer: executable-not-elf-or-script usr/share/wazuh-indexer/LICENSE.txt
W: wazuh-indexer: command-with-path-in-maintainer-script postinst:68 /usr/bin/getconf
W: wazuh-indexer: possible-bashism-in-maintainer-script postinst:77 '?ulimit '
W: wazuh-indexer: maintainer-script-ignores-errors postinst
W: wazuh-indexer: maintainer-script-ignores-errors postrm
W: wazuh-indexer: maintainer-script-ignores-errors preinst
W: wazuh-indexer: maintainer-script-ignores-errors prerm
W: wazuh-indexer: postinst-has-useless-call-to-ldconfig
E: wazuh-indexer: systemd-service-file-outside-lib usr/lib/systemd/system/wazuh-indexer-performance-analyzer.service
E: wazuh-indexer: systemd-service-file-outside-lib usr/lib/systemd/system/wazuh-indexer.service
W: wazuh-indexer: init.d-script-does-not-source-init-functions etc/init.d/wazuh-indexer
W: wazuh-indexer: maintainer-script-calls-systemctl postinst:44
W: wazuh-indexer: maintainer-script-calls-systemctl prerm:48
W: wazuh-indexer: maintainer-script-calls-systemctl prerm:75

We have to solve as many as possible Lintian problems.

Main problems:

• https://lintian.debian.org/tags/arch-dependent-file-in-usr-share
• https://lintian.debian.org/tags/custom-library-search-path

Problems solved:

• 301c73dd6e0a8f61a5dc462251afed7a47efb3e6 Removed CentOs and Debian service, join them.
• f8e9a5a7b91a1d365d2f7f38453abf16a8e38721 Added new cert tool and configuration files.
• 4a510a7f6a581f34314dcd40f44a6bd91a394f95 Migrate Debian changes to RPM builder, included added tools to SPECs
• 716096196dcb52bede505f5348d8377472e3a1aa Fix RPM volume mount to docker
• aa097ff2f91cff3d2cacafa94b4bd4f394abd8d8 Downgraded build docker from debian 9 to ubuntu 16
• 50c400484a5593ef77eef0f541c56f2c54778bae Added the copy of the entire packages repository to use files. Changed Postinstall section to only perform on clean install. Cleaned SPECs
• 99bb33929a900034cc512ab6dcc1a1518419f463 Improved Debian SPEC files, control, copyright and maintainer scripts.

Generated stable packages: DEB: https://s3.amazonaws.com/warehouse.wazuh.com/indexer/stable/wazuh-indexer_4.3.0-1_amd64.deb RPM: https://s3.amazonaws.com/warehouse.wazuh.com/indexer/stable/wazuh-indexer-4.3.0-1.x86_64.rpm

[okynos]

13/01/2022

Hello team,

Today we have included:

• Changed certs to new ones
• Uploaded new certs to S3 https://s3.amazonaws.com/warehouse.wazuh.com/stack/demo-certs.tar.gz
• Changed folder structure now it is stack/indexer
• Rebuild packkages with new certs download.
• Removed old certs from base tar.gz
• Minor fixes and improvements

14/01/2022

We have included:

• Added new description and summary to packages DEB and RPM
• Added Certs download to generate DEB package
• Full stack deployed and tested, installed:
  • wazuh-indexer 4.3.0
  • wazuh-dashboard 4.3.0
  • filebeat 7.10.2 + wazuh module and templates
  • wazuh-manager 4.3.0-rc2
• We have added postun y preun into RPM SPECs to manage service stop and files cleaning.

Changes:

• 94d95e8a6b338b9220aad3c730dd556de4f02b58
• 03431846353f7002dc8d0d84a8d1f6d4b7d9b47f
• f5561445e18e63844b4884374a673b4592fdbed9
• 2308dc7d84010bdddb1a3849b98e8a69ac351291
• 064725a280f3df80f2713469be0cdc1822d822f4
• 5ab72b805e824994915de278f419b2207ce5fe79
• c55bced4e958d126eb5da863963993be0765fe75

References of research

• Hardcoded config YML file https://github.com/opensearch-project/OpenSearch/blob/1.2.3/server/src/main/java/org/opensearch/node/InternalSettingsPreparer.java#L96

[okynos]

Hello team,

Today we have added some modifications plus tests:

• 96480b34d4c5e12cc7e71c644b74298016545c0a
• 36024422f06c0ba813b402be509f5ed5ad254a7b
• 5e591718b23e447a837d310a7603b87ca3ecf9af

We have made changes on preun and postun on RPM SPECs Also we have moved such changes to Debian packages to keep both equally. We have removed names from copyright files.

Test: We have tested the full removal on RPM We want to test the upgrade part of SPECs so we are generating an OpenSearch 1.2.2 base to build 4.3.0 packages then, upgrade to 9.99 packages.

Regards.

[okynos]

Hello team,

Today we have done UX tests with @alberpilot. We have produced some preliminary questions about UX that probably we have to discuss or improve.

Commits:

• 68abb6f03e2e8d44b75a92ecdf31f02097048ecf
• d3f286d3c329b881301fe065cb5b0bb85ffad01b

Fixed problem into ulimit configuration when start the indexer. Added restart of the service on upgrade package part/SPECs Reviewed wazuh-dashboard package SPECs suggest some improvements.

[okynos]

Hello team,

We have added the following change:

• 415203ec

We have changed the order to set files permissions. We have added improvements to the installation time (postinstall) to decrease the installation time by 15 seconds on both systems, Debian and RPM. Finally we have changed securityadmin.sh command launch to use runuser instead of sudo, this fix several problems in docker environment.

[okynos]

Hello team,

We are working on docker installation, we want to ensure that the package works in the worst conditions, to achieve that we have added some fixes:

• af04e4f344fd86c4393367a7bac721ac0e232e48
• 759aff2495893f387f0795f812162fc991153867

We have moved permissions from postinstall to rules section on dh_fixperms Added -h option to the security admin launch. Fixed sysctl command call into debian dockers. Added purge to prerm maintainer script. Fixed service file inside base package to support docker installation and service use. Research about new changes made on 1.2.4 Prepared new base for 1.2.4, need work. We want to keep this package ready for prod!!

[okynos]

Hello team,

We have made changes to indexer SPECs:

31/01/2022

• 1260d77a3e21f14084af79975a323f13ecc16697, Added special case to manage lib installation present.
• 0be33c99d0c0de99ce7a4f7a34b4a56e0163aa1f, Added special message if we cannot configure securityadmin
• e01205ca972f5aa89c021b6d8cf4c821ed9ead7e, Fixed case when sysctl is present but cannot run.

01/02/2022

• 32bffb2a419962c2eaf3da8f633fe79cceae8cb9, removed securityadmin call into postinstall. So security is unconfigured by default.

We could announce now the V1 release of indexer package, we close this issue now in favour of https://github.com/wazuh/wazuh-packages/issues/1225

v1 indexer packages: DEB: https://s3.amazonaws.com/warehouse.wazuh.com/stack/indexer/stable/v1/wazuh-indexer_4.3.0-1_amd64.deb RPM: https://s3.amazonaws.com/warehouse.wazuh.com/stack/indexer/stable/v1/wazuh-indexer-4.3.0-1.x86_64.rpm