Create wazuh-dashboard packages

wazuh / wazuh-packages

Wazuh - Tools for packages creation

https://wazuh.com

GNU General Public License v2.0

105 stars 96 forks source link

Create wazuh-dashboard packages #1141

Closed c-bordon closed 2 years ago

c-bordon commented 2 years ago

Wazuh version	Install type	Action performed	Platform
4.3.0	dashboard	Install/Upgrade/Remove	RPM/DEB

Continue with the research and development that was carried out in the issue: https://github.com/wazuh/wazuh-packages/issues/685 We need to create the tools to generate packages for wazuh-dashboard. This task includes:

Research

[x] Research about OpenSearch-Dashboard tar.gz file: Files, permissions, links, etc

SPECs

[x] Migrate SPECS from wazuh-wui to wazuh-dashboard
- [x] Remove all unnecessary files
- [x] Review Wazuh License inside files
- [x] Remove execution permission on files and folder
- [x] Define wazuh-dashboard user and group for package use
- [x] Wazuh-dashboard package must come with demo certificates and preconfigured for them. *
- [x] Review changelog and installation steps *
- [x] Review package description and special modifications
[x] Adapt the specs to use OpenSearch instead of Elasticsearch
[ ] Adapt our current tools to generate wazuh-dashboard package

Tests

[x] Test Installation
[x] Test Removal
[x] Test Upgrade
[x] Test Service files and service work
[x] Test integration with Wazuh-indexer package
[x] Test integration with Wazuh-indexer package and Wazuh Manager 4.3.0*

Documentation

[ ] Package process
[ ] Package generation
[ ] Package Actions (Install/post/pre/preun/postun...)
[ ] Issue procedure

Additionals tasks

[x] Problem creating logs in deb package
[x] Update all images with the images of the new wazuh brand
[x] Change configuration file name to dashboard.yml
[x] Change plain text password to variables using Keystore *
[x] Rename all files and directories from wazuh-dashboard to wazuh-dashboards
[x] Check that after doing the upgrade the /etc/wazuh-dashboards files are replaced or not
[ ] Test wazuh-dashboards on Docker containers
[x] Skip if command ExecStartPost=/bin/sh -c umask 022; echo $MAINPID > $PID_DIR fails
[x] Add that in the uninstall the file is deleted /run/wazuh-dashboards/wazuh-dashboards.pid
[x] Verify the behavior of wazuh-dashboards.pid
[ ] Make a script to create the .tar from the opensearch-dashboards package

c-bordon commented 2 years ago

We managed to create the first wazuh-dashboard package, some errors were found in creating it, I had to add the following parameters to solve it:

% define _unpackaged_files_terminate_build 0 % global _missing_build_ids_terminate_build 0

warning: Installed (but unpackaged) file(s) found:
   /etc/wazuh-dashboard/wazuh_dashboard.yml

I continue investigating since there are problems with the service startup which causes the service not to start correctly

c-bordon commented 2 years ago

We have a first wazuh-dashboard package for rpm, it is published in s3: https://s3.amazonaws.com/warehouse.wazuh.com/dashboard/wazuh-dashboard-4.3.0-1.x86_64.rpm

At the moment I am doing connection tests with wazuh indexer to validate correct operation, for now without success.

Error in wazuh-indexer:

[2022-01-04T19:49:40,989][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, AUDIT] (index=.opendistro_security)
[2022-01-04T19:49:40,990][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, AUDIT] (index=.opendistro_security)
[2022-01-04T19:49:40,990][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, AUDIT] (index=.opendistro_security)
[2022-01-04T19:49:40,990][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, AUDIT] (index=.opendistro_security)
[2022-01-04T19:49:40,990][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, AUDIT] (index=.opendistro_security)
[2022-01-04T19:49:40,990][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, AUDIT] (index=.opendistro_security)
[2022-01-04T19:49:40,990][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, AUDIT] (index=.opendistro_security)
[2022-01-04T19:49:40,990][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, AUDIT] (index=.opendistro_security)
[2022-01-04T19:49:40,990][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, AUDIT] (index=.opendistro_security)
[2022-01-04T19:49:41,302][ERROR][o.o.s.a.BackendRegistry  ] [node-1] Not yet initialized (you may need to run securityadmin)
[2022-01-04T19:49:41,303][ERROR][o.o.s.a.BackendRegistry  ] [node-1] Not yet initialized (you may need to run securityadmin)
[2022-01-04T19:49:41,303][ERROR][o.o.s.a.BackendRegistry  ] [node-1] Not yet initialized (you may need to run securityadmin)
[2022-01-04T19:49:41,304][ERROR][o.o.s.a.BackendRegistry  ] [node-1] Not yet initialized (you may need to run securityadmin)

Error in wazuh-dashboard:

{"type":"log","@timestamp":"2022-01-04T19:51:27Z","tags":["warning","savedobjects-service"],"pid":3092,"message":"Unable to connect to OpenSearch. Error: Given the configuration, the ConnectionPool was not able to find a usable Connection for this request."}
{"type":"log","@timestamp":"2022-01-04T19:51:30Z","tags":["info","plugins-service"],"pid":3406,"message":"Plugin \"visTypeXy\" is disabled."}
{"type":"log","@timestamp":"2022-01-04T19:51:30Z","tags":["info","plugins-system"],"pid":3406,"message":"Setting up [44] plugins: [alertingDashboards,usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,opensearchUiShared,share,embeddable,legacyExport,expressions,data,home,console,apmOss,management,indexPatternManagement,advancedSettings,savedObjects,securityDashboards,reportsDashboards,indexManagementDashboards,anomalyDetectionDashboards,dashboard,visualizations,visTypeTimeline,timeline,visTypeVega,visTypeTable,visTypeMarkdown,tileMap,regionMap,inputControlVis,ganttChartDashboards,visualize,queryWorkbenchDashboards,bfetch,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,observabilityDashboards,discover,savedObjectsManagement]"}
{"type":"log","@timestamp":"2022-01-04T19:51:30Z","tags":["info","savedobjects-service"],"pid":3406,"message":"Waiting until all OpenSearch nodes are compatible with OpenSearch Dashboards before starting saved objects migrations..."}
{"type":"log","@timestamp":"2022-01-04T19:51:30Z","tags":["error","opensearch","data"],"pid":3406,"message":"[ResponseError]: Response Error"}
{"type":"log","@timestamp":"2022-01-04T19:51:30Z","tags":["error","savedobjects-service"],"pid":3406,"message":"Unable to retrieve version information from OpenSearch nodes."}
{"type":"log","@timestamp":"2022-01-04T19:51:33Z","tags":["error","opensearch","data"],"pid":3406,"message":"[ResponseError]: Response Error"}
{"type":"log","@timestamp":"2022-01-04T19:51:35Z","tags":["error","opensearch","data"],"pid":3406,"message":"[ResponseError]: Response Error"}

c-bordon commented 2 years ago

Perform a test package installation with wazuh-indexer. After the installation of wazuh-indexer I had to execute the following steps for it to start correctly:

[root@centos7 ~]#export JAVA_HOME=/usr/share/wazuh-indexer/jdk/bin

[root@centos7 ~]#/usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh -cd /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/ -icl -nhnv -cacert /etc/wazuh-indexer/certs/root-ca.pem -cert /etc/wazuh-indexer/certs/admin.pem -key /etc/wazuh-indexer/certs/admin-key.pem

[root@centos7 ~]#service wazuh-indexer start

I managed to fix some errors with the home screen and after this wazuh-dashboard worked correctly. This is the last package built that works: https://s3.amazonaws.com/warehouse.wazuh.com/dashboard/wazuh-dashboard-4.3.0-1.x86_64.rpm

Some screenshots: Screenshot_20220105_162746 Screenshot_20220105_162805

At the moment I had to remove the condition uiSettings.overrides.defaultRoute: /app/wazuh from wazuh-dashboard.yml since for now we do not have the wazuh plugin for opensearch-dashboard

c-bordon commented 2 years ago

I am doing the first tests to create the package for Debian, I am running into a problem with the rules file, apparently, it is not taking it into account, I continue investigating.

root@Debian-Bullseye:~# apt install -y /home/vagrant/wazuh-dashboard_4.3.0-test5_amd64.deb 
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Note, selecting 'wazuh-dashboard' instead of '/home/vagrant/wazuh-dashboard_4.3.0-test5_amd64.deb'
The following NEW packages will be installed:
  wazuh-dashboard
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 0 B/2886 B of archives.
After this operation, 38.9 kB of additional disk space will be used.
Get:1 /home/vagrant/wazuh-dashboard_4.3.0-test5_amd64.deb wazuh-dashboard amd64 4.3.0-test5 [2886 B]
Preconfiguring packages ...
Selecting previously unselected package wazuh-dashboard.
(Reading database ... 27046 files and directories currently installed.)
Preparing to unpack .../wazuh-dashboard_4.3.0-test5_amd64.deb ...
+ DIR=/
+ USR_DIR=/usr/share/wazuh-dashboard
+ ETC_DIR=/etc/wazuh-dashboard
+ [ ! -d /usr/share/wazuh-dashboard ]
+ mkdir -p /usr/share/wazuh-dashboard
+ mkdir -p /etc/wazuh-dashboard
+ command -v getent
+ getent group wazuh-dashboard
+ groupadd -r wazuh-dashboard
+ id -u wazuh-dashboard
+ useradd -g wazuh-dashboard -G wazuh-dashboard -d /usr/share/wazuh-dashboard/ -r -s /sbin/nologin wazuh-dashboard
+ [ install = 2 ]
+ exit 0
Unpacking wazuh-dashboard (4.3.0-test5) ...
Setting up wazuh-dashboard (4.3.0-test5) ...
+ DIR=/
+ USR_DIR=/usr/share/wazuh-dashboard
+ ETC_DIR=/usr/share/wazuh-dashboard
+ setcap cap_net_bind_service=+ep /usr/share/wazuh-dashboard/node/bin/node
Failed to set capabilities on file `/usr/share/wazuh-dashboard/node/bin/node' (No such file or directory)
The value of the capability argument is not permitted for a file. Or the file is not a regular (non-symlink) file
+ [ -f /usr/share/wazuh-dashboard/wazuh-dashboard.restart ]
+ exit 0

c-bordon commented 2 years ago

I continued investigating the error in the construction of the package, and thanks to the Help @DFolchA I was able to solve the problem

The paths of the rules were incorrect so when creating the package it was created without the correct references:

export TARGET_DIR=${CURDIR}/debian/wazuh-dashboard
export NAME=wazuh-dashboard
export CONFIG_DIR=/etc/${NAME}
export INSTALLATION_DIR=/usr/share/${NAME}
export LOG_DIR=/var/log/${NAME}
export INDEXER_FILE=wazuh-dashboard-base-linux-x64
export USER=${NAME}
export GROUP=${NAME}

cp ${TARGET_DIR}${INSTALLATION_DIR}/etc/custom_welcome/template.js.hbs ${TARGET_DIR}${INSTALLATION_DIR}/src/legacy/ui/ui_render/bootstrap/template.js.hbs
cp ${TARGET_DIR}${INSTALLATION_DIR}/etc/custom_welcome/light_theme.style.css ${TARGET_DIR}${INSTALLATION_DIR}/src/core/server/core_app/assets/legacy_light_theme.css
cp ${TARGET_DIR}${INSTALLATION_DIR}/etc/custom_welcome/*svg ${TARGET_DIR}${INSTALLATION_DIR}/src/core/server/core_app/assets/

After this, the package could be installed correctly. Screenshot_20220107_163651 Screenshot_20220107_163707

Take the opportunity to replicate the same strategy of variables used in the POC of the indexer to leave the files similarly

deb package: https://s3.amazonaws.com/warehouse.wazuh.com/dashboard/wazuh-dashboard_4.3.0-1_amd64.deb

c-bordon commented 2 years ago

The directory tree for Dashboard is changed, following the same strategy as the branch: https://github.com/wazuh/wazuh-packages/tree/poc-indexer

I found an error, which I still can't resolve, in the rpm builder.sh:

docker run -t --rm -v ~/Documents/wazuh/repositorios/wazuh-packages/dashboard/rpm/output/:/tmp:Z -v /home/cbordon/Documents/wazuh/repositorios/wazuh-packages/dashboard/rpm/wazuh-dashboard.spec:/root/wazuh-dashboard.spec rpm_dashboard_builder_x86 x86_64 1 /usr/share/wazuh-dashboard
standard_init_linux.go:228: exec user process caused: exec format error

Updated the RPM specs using variables to assign the different values

Keep working on reducing the number of file lines in the RPM specs.

updates: https://github.com/wazuh/wazuh-packages/commit/000d1ee9103ddf10e4fdce8415ab732663d7ed5e

c-bordon commented 2 years ago

After applying the package directory changes, some files with the pyc and pyo extensions began to be generated, before they were not seen, at the moment I was investigating and I could not find how to eliminate them safely.

https://www.linuxquestions.org/questions/linux-server-73/can-pyc-and-pyo-files-be-deleted-859753/ https://titanwolf.org/Network/Articles/Article?AID=e1b5faf8-9d92-4d80-8f7c-7a7949a5b621 https://stackify.dev/239942-may-i-omit-pyo-and-pyc-files-in-an-rpm https://listman.redhat.com/archives/rpm-list/2008-August/msg00007.html https://gitlab.freedesktop.org/gstreamer/cerbero/-/issues/292

I was trying with different versions but at the moment the only solution was to add these files in the% file, there was also a problem with the compilation in Centos 8.

*** ERROR: ambiguous python shebang in /usr/share/wazuh-dashboard/node_modules/node-gyp/gyp/pylib/gyp/mac_tool.py: #!/usr/bin/env python. Change it to python3 (or python2) explicitly.
*** ERROR: ambiguous python shebang in /usr/share/wazuh-dashboard/node_modules/node-gyp/gyp/pylib/gyp/win_tool.py: #!/usr/bin/env python. Change it to python3 (or python2) explicitly.
*** ERROR: ambiguous python shebang in /usr/share/wazuh-dashboard/node_modules/node-gyp/gyp/pylib/gyp/flock_tool.py: #!/usr/bin/env python. Change it to python3 (or python2) explicitly.
*** ERROR: ambiguous python shebang in /usr/share/wazuh-dashboard/node_modules/node-gyp/gyp/pylib/gyp/MSVSSettings_test.py: #!/usr/bin/env python. Change it to python3 (or python2) explicitly.
*** ERROR: ambiguous python shebang in /usr/share/wazuh-dashboard/node_modules/node-gyp/gyp/pylib/gyp/common_test.py: #!/usr/bin/env python. Change it to python3 (or python2) explicitly.
*** ERROR: ambiguous python shebang in /usr/share/wazuh-dashboard/node_modules/node-gyp/gyp/pylib/gyp/__init__.py: #!/usr/bin/env python. Change it to python3 (or python2) explicitly.
*** ERROR: ambiguous python shebang in /usr/share/wazuh-dashboard/node_modules/node-gyp/gyp/pylib/gyp/input_test.py: #!/usr/bin/env python. Change it to python3 (or python2) explicitly.
*** ERROR: ambiguous python shebang in /usr/share/wazuh-dashboard/node_modules/node-gyp/gyp/pylib/gyp/generator/msvs_test.py: #!/usr/bin/env python. Change it to python3 (or python2) explicitly.
*** ERROR: ambiguous python shebang in /usr/share/wazuh-dashboard/node_modules/node-gyp/gyp/pylib/gyp/easy_xml_test.py: #!/usr/bin/env python. Change it to python3 (or python2) explicitly.
*** ERROR: ambiguous python shebang in /usr/share/wazuh-dashboard/node_modules/node-gyp/gyp/setup.py: #!/usr/bin/env python. Change it to python3 (or python2) explicitly.
*** ERROR: ambiguous python shebang in /usr/share/wazuh-dashboard/node_modules/node-gyp/gyp/gyp_main.py: #!/usr/bin/env python. Change it to python3 (or python2) explicitly.
*** ERROR: ambiguous python shebang in /usr/share/wazuh-dashboard/node_modules/node-gyp/gyp/test_gyp.py: #!/usr/bin/env python. Change it to python3 (or python2) explicitly.
*** ERROR: ambiguous python shebang in /usr/share/wazuh-dashboard/node_modules/node-gyp/gyp/tools/pretty_sln.py: #!/usr/bin/env python. Change it to python3 (or python2) explicitly.
*** ERROR: ambiguous python shebang in /usr/share/wazuh-dashboard/node_modules/node-gyp/gyp/tools/graphviz.py: #!/usr/bin/env python. Change it to python3 (or python2) explicitly.
*** ERROR: ambiguous python shebang in /usr/share/wazuh-dashboard/node_modules/node-gyp/gyp/tools/pretty_gyp.py: #!/usr/bin/env python. Change it to python3 (or python2) explicitly.
*** ERROR: ambiguous python shebang in /usr/share/wazuh-dashboard/node_modules/node-gyp/gyp/tools/pretty_vcproj.py: #!/usr/bin/env python. Change it to python3 (or python2) explicitly.

For now, we choose to compile in Centos 7 which does not have this drawback.

I have also been investigating what files must be modified to apply the new Wazuh brand in the Wazuh Dashboard

c-bordon commented 2 years ago

I was doing some tests on the customization of OpenSearch dashboard, at the moment I have uploaded the Wazuh logs to S3 and I am consuming them from there.

The opensearch configuration in the wazuh-dashboard.yml file was edited, leaving the following form

server.host: 0.0.0.0
server.port: 443
opensearch.hosts: https://localhost:9700
opensearch.ssl.verificationMode: certificate
opensearch.username: kibanaserver
opensearch.password: kibanaserver
opensearch.requestHeadersWhitelist: ["securitytenant","Authorization"]
opensearch_security.multitenancy.enabled: false
opensearch_security.readonly_mode.roles: ["kibana_read_only"]
server.ssl.enabled: true
server.ssl.key: "/etc/wazuh-dashboard/certs/wazuh-dashboard-key.pem"
server.ssl.certificate: "/etc/wazuh-dashboard/certs/wazuh-dashboard.pem"
opensearch.ssl.certificateAuthorities: ["/etc/wazuh-dashboard/certs/root-ca.pem"]

opensearchDashboards.branding:
  logo:
    defaultUrl: "https://s3.amazonaws.com/warehouse.wazuh.com/dashboard/Wazuh-Logo-3.png"
    darkModeUrl: "https://s3.amazonaws.com/warehouse.wazuh.com/dashboard/Wazuh-Logo.png"
  mark:
    defaultUrl: "https://s3.amazonaws.com/warehouse.wazuh.com/dashboard/Symbol.png"
    darkModeUrl: "https://s3.amazonaws.com/warehouse.wazuh.com/dashboard/Symbol-3.png"
  loadingLogo:
    defaultUrl: ""
    darkModeUrl: ""
  faviconUrl: "https://s3.amazonaws.com/warehouse.wazuh.com/dashboard/Symbol-3.png"
  applicationTitle: "Wazuh"

I followed this documentation to achieve it: https://opensearch.org/docs/latest/dashboards/branding/

I tried to do a local configuration, that is, upload the Wazuh images in the package and point them locally, but due to problems with the test certificate, this did not work.

Probably the best approach is to replace the default opensearch files with Wazuh files.

Result:

Screenshot_20220112_145630

c-bordon commented 2 years ago

Package installation process:

At the moment download the package from S3 1) deb:

curl -O https://s3.amazonaws.com/warehouse.wazuh.com/dashboard/stable/wazuh-dashboard_4.3.0-1_amd64.deb

apt install ~/wazuh-dashboard_4.3.0-1_amd64.deb

rpm:

curl -O https://s3.amazonaws.com/warehouse.wazuh.com/dashboard/stable/wazuh-dashboard-4.3.0-1.x86_64.rpm

yum localinstall ~/wazuh-dashboard-4.3.0-1.x86_64.rpm

2) Edit the /etc/wazuh-dashboard/wazuh-dashboard.yml file:

server.host: <wazuh-dashboard_ip>
elasticsearch.hosts: "https://<wazuh-indexer_ip>:9200"

Values to be replaced:

: by default, Wazuh Dashboard only listens on the loopback interface (localhost), which means that it can be only accessed from the same host. To access Wazuh Dashboard from the outside it may be configured to listen on its network IP address by replacing wazuh-dashboard_ip with Wazuh Dashboard’s host IP. The value 0.0.0.0 will accept all the available IPs of the host. : the host’s IP address. In case of having more than one Wazuh Indexer node, Wazuh Dashboard can be configured to connect to multiple Wazuh Indexer nodes in the same cluster. The IPs of the nodes can be separated with commas. Eg. ["https://10.0.0.2:9200", "https://10.0.0.3:9200","https://10.0.0.4:9200"] 3) Enable and start the Wazuh Dashboard service: ``` systemctl daemon-reload systemctl enable wazuh-dashboard systemctl start wazuh-dashboard ``` 4) Access the web interface: ``` URL: https:// user: admin password: admin ```

c-bordon commented 2 years ago

The certificates are updated and it is configured to download them from S3, the description of the packages are updated.

c-bordon commented 2 years ago

Fixed file permissions in both rpm and deb:

rpm:

[root@centos7 ~]# ls -la /usr/share/wazuh-dashboard/
total 1176
drwxr-xr-x.   8 root            root                182 Jan 14 17:54 .
drwxr-xr-x.  69 root            root               4096 Jan 14 17:54 ..
drwxr-x---.   2 wazuh-dashboard wazuh-dashboard     109 Jan 14 17:54 bin
drwxr-x---.   2 wazuh-dashboard wazuh-dashboard      18 Jan 14 17:55 data
-rw-r-----.   1 wazuh-dashboard wazuh-dashboard   11358 Dec 31 13:25 LICENSE.txt
-rw-r-----.   1 wazuh-dashboard wazuh-dashboard    3098 Dec 31 13:25 manifest.yml
drwxr-x---.   6 wazuh-dashboard wazuh-dashboard     108 Jan 14 17:54 node
drwxr-x---. 703 wazuh-dashboard wazuh-dashboard   20480 Jan 14 17:54 node_modules
-rw-r-----.   1 wazuh-dashboard wazuh-dashboard 1137439 Dec 31 13:25 NOTICE.txt
-rw-r-----.   1 wazuh-dashboard wazuh-dashboard     827 Dec 31 13:25 package.json
drwxr-x---.  10 wazuh-dashboard wazuh-dashboard     241 Jan 14 17:54 plugins
-rw-r-----.   1 wazuh-dashboard wazuh-dashboard    1925 Dec 31 13:25 README.txt
drwxr-x---.  11 wazuh-dashboard wazuh-dashboard     160 Jan 14 17:54 src

deb:

root@Debian-Buster:~# ls -la /usr/share/wazuh-dashboard/
total 6956
drwxr-xr-x   8 wazuh-dashboard wazuh-dashboard    4096 Jan 14 17:23 .
drwxr-xr-x  73 root            root               4096 Jan 14 17:22 ..
-rw-r-----   1 wazuh-dashboard wazuh-dashboard   11358 Nov 15 16:47 LICENSE.txt
-rw-r-----   1 wazuh-dashboard wazuh-dashboard 1137439 Nov 15 16:47 NOTICE.txt
-rw-r-----   1 wazuh-dashboard wazuh-dashboard    1925 Nov 15 16:47 README.txt
drwxr-x---   2 wazuh-dashboard wazuh-dashboard    4096 Jan 14 17:23 bin
drwxr-x---   2 wazuh-dashboard wazuh-dashboard    4096 Jan 14 17:23 data
-rw-r--r--   1 wazuh-dashboard wazuh-dashboard 5909383 Nov 15 16:47 file.txt
-rw-r-----   1 wazuh-dashboard wazuh-dashboard    3098 Nov 15 16:47 manifest.yml
drwxr-x---   6 wazuh-dashboard wazuh-dashboard    4096 Jan 14 17:23 node
drwxr-x--- 703 wazuh-dashboard wazuh-dashboard   20480 Jan 14 17:23 node_modules
-rw-r-----   1 wazuh-dashboard wazuh-dashboard     827 Nov 15 16:47 package.json
drwxr-x---  10 wazuh-dashboard wazuh-dashboard    4096 Jan 14 17:23 plugins
drwxr-x---  11 wazuh-dashboard wazuh-dashboard    4096 Jan 14 17:23 src

c-bordon commented 2 years ago

I found an error in the creation of the log files in the deb package, in rpm they are written correctly, I am investigating:

deb:

root@Debian-Buster:~# ls /var/log/wazuh-dashboard/
root@Debian-Buster:~# ls /usr/share/

rpm:

[root@centos7 ~]# ls /var/log/wazuh-dashboard/
wazuh-dashboard.stderr  wazuh-dashboard.stdout

c-bordon commented 2 years ago

The builders.sh for both versions are updated, based on the indexer poc, the S3 storage path of these packages is also modified, and new packages are created with the updated certificates.

c-bordon commented 2 years ago

I am looking into the solution of the problem in the deb package where the logs are not written to the files /var/log/wazuh-dashboard/wazuh-dashboard.stdout and /var/log/wazuh-dashboard/wazuh-dashboard.stderr

https://opensearch.org/docs/latest/opensearch/logs/ https://askubuntu.com/questions/934696/how-to-write-log-file-for-deb-package-installation

I was also updated with the new Wazuh brand, I continue to make changes on it

Screenshot_20220117_164905

Screenshot_20220117_164930

Screenshot_20220117_164947

c-bordon commented 2 years ago

We were able to solve the problem of generating logs in deb, it was solved in the last tar package: https://s3.amazonaws.com/warehouse.wazuh.com/stack/dashboard/wazuh-dashboard-base-linux-x64.tar.gz

I continue working on the adaptation of the new Wazuh brand, I have problems with the implementation of the manrope font, I have modified all the references to the previous font but it is still not updated, as well as some colors, I attach screenshots:

Screenshot_20220118_163333 Screenshot_20220118_163359

c-bordon commented 2 years ago

I can't find where the loading image is assigned, possibly we have to recompile the application, so for now our logo is set as default, this image is uploaded to S3:

Default: https://s3.amazonaws.com/warehouse.wazuh.com/stack/dashboard/Symbol.png Dark mode: https://s3.amazonaws.com/warehouse.wazuh.com/stack/dashboard/Symbol-3.png

These values and the title of the app are defined in this file: src/core/server/opensearch_dashboards_config.js This file is located in the tar

c-bordon commented 2 years ago

Installation Tests:

System	amd64
Amazon Linux 2	🟢
CentOS 7	🟢
CentOS 8	🟢
Debian 8	🔴
Debian 9	🟢
Debian 10	🟢
Debian 11	🟢
Redhat 7	🟢
Redhat 8	🟢
Ubuntu Focal	🟢
Ubuntu Bionic	🟢
Ubuntu Xenial	🔴

Legend: Test not launched: ⚫ Test failed: 🔴 Test success: 🟢 Need review: 🟡

c-bordon commented 2 years ago

Uninstall Tests:

System	amd64
Amazon Linux 2	🟢
CentOS 7	🟢
CentOS 8	🟢
Debian 8	⚫
Debian 9	🟢
Debian 10	🟢
Debian 11	🟢
Redhat 7	🟢
Redhat 8	🟢
Ubuntu Focal	🟢
Ubuntu Bionic	🟢
Ubuntu Xenial	⚫

Legend: Test not launched: ⚫ Test failed: 🔴 Test success: 🟢 Need review: 🟡

c-bordon commented 2 years ago

Installation errors:

Debian 9:

I found an error in the installation of wazuh dashboard in debian 9: /var/lib/dpkg/info/wazuh-dashboard.postinst: 38: /var/lib/dpkg/info/wazuh-dashboard.postinst: setcap: not found

I was able to solve it by installing the package: apt install -y libcap2-bin

Fixed in the last package: https://s3.amazonaws.com/warehouse.wazuh.com/stack/dashboard/stable/wazuh-dashboard_4.3.0-1_amd64.deb

Debian 8 and Ubuntu Xenial:

E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'python3-ldap3' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'python3-libcloud' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'python3-lmdb' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'python3-pkginfo' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'python3-pyclamd' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'python3-pyeclib' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'python3-releases' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'python3-spyderlib' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'python3-rope' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'spyder3' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'shellcheck' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'stress-ng' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'svtplay-dl' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'swig3.0' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'swig3.0-examples' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'swig3.0-doc' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'sysdig' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'sysdig-dkms' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'transdecoder' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'transdecoder-doc' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'twine' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'wesnoth-1.12' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'wesnoth-1.12-data' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'wesnoth-1.12-core' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'wesnoth-1.12-httt' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'wesnoth-1.12-tsg' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'wesnoth-1.12-trow' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'wesnoth-1.12-ttb' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'wesnoth-1.12-ei' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'wesnoth-1.12-utbs' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'wesnoth-1.12-did' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'wesnoth-1.12-nr' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'wesnoth-1.12-sof' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'wesnoth-1.12-sotbe' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'wesnoth-1.12-l' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'wesnoth-1.12-aoi' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'wesnoth-1.12-thot' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'wesnoth-1.12-low' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'wesnoth-1.12-dm' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'wesnoth-1.12-dw' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'wesnoth-1.12-music' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'wesnoth-1.12-dbg' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'wesnoth-1.12-server' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'wesnoth-1.12-tools' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'yaggo' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'nvidia-modprobe' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'libclamav9' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'libclamunrar9' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-aws-cloud-tools-4.4.0-1054' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-aws-cloud-tools-4.4.0-1055' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-aws-cloud-tools-4.4.0-1056' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-aws-headers-4.4.0-1054' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-aws-headers-4.4.0-1055' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-aws-headers-4.4.0-1056' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-aws-tools-4.4.0-1054' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-aws-tools-4.4.0-1055' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-aws-tools-4.4.0-1056' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-azure-cloud-tools-4.15.0-1059' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-azure-cloud-tools-4.15.0-1060' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-azure-cloud-tools-4.15.0-1061' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-azure-headers-4.15.0-1059' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-azure-headers-4.15.0-1060' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-azure-headers-4.15.0-1061' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-azure-tools-4.15.0-1059' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-azure-tools-4.15.0-1060' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-azure-tools-4.15.0-1061' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-buildinfo-3.13.0-173-generic' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-buildinfo-3.13.0-173-lowlatency' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-buildinfo-3.13.0-174-generic' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-buildinfo-3.13.0-174-lowlatency' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-buildinfo-4.15.0-1059-azure' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-buildinfo-4.15.0-1060-azure' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-buildinfo-4.15.0-1061-azure' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-buildinfo-4.4.0-1054-aws' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-buildinfo-4.4.0-1055-aws' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-buildinfo-4.4.0-1056-aws' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-buildinfo-4.4.0-164-generic' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-buildinfo-4.4.0-164-lowlatency' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-buildinfo-4.4.0-165-generic' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-buildinfo-4.4.0-165-lowlatency' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-buildinfo-4.4.0-166-generic' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-buildinfo-4.4.0-166-lowlatency' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-cloud-tools-3.13.0-173' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-cloud-tools-3.13.0-173-generic' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-cloud-tools-3.13.0-173-lowlatency' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-cloud-tools-3.13.0-174' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-cloud-tools-3.13.0-174-generic' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-cloud-tools-3.13.0-174-lowlatency' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-cloud-tools-4.15.0-1059-azure' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-cloud-tools-4.15.0-1060-azure' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-cloud-tools-4.15.0-1061-azure' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-cloud-tools-4.4.0-1054-aws' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-cloud-tools-4.4.0-1055-aws' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-cloud-tools-4.4.0-1056-aws' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-cloud-tools-4.4.0-164-generic' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-lts-xenial-cloud-tools-4.4.0-164' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-cloud-tools-4.4.0-164-lowlatency' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-cloud-tools-4.4.0-165-generic' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-lts-xenial-cloud-tools-4.4.0-165' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-cloud-tools-4.4.0-165-lowlatency' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-cloud-tools-4.4.0-166-generic' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-lts-xenial-cloud-tools-4.4.0-166' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-cloud-tools-4.4.0-166-lowlatency' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-headers-3.13.0-173' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-headers-3.13.0-173-generic' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-headers-3.13.0-173-lowlatency' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-headers-3.13.0-174' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-headers-3.13.0-174-generic' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-headers-3.13.0-174-lowlatency' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-headers-4.15.0-1059-azure' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-headers-4.15.0-1060-azure' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-headers-4.15.0-1061-azure' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-headers-4.4.0-1054-aws' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-headers-4.4.0-1055-aws' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-headers-4.4.0-1056-aws' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-headers-4.4.0-164' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-headers-4.4.0-164-generic' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-headers-4.4.0-164-lowlatency' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-headers-4.4.0-165' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-headers-4.4.0-165-generic' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-headers-4.4.0-165-lowlatency' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-headers-4.4.0-166' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-headers-4.4.0-166-generic' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-headers-4.4.0-166-lowlatency' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-image-3.13.0-173-generic' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-modules-3.13.0-173-generic' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-image-unsigned-3.13.0-173-generic' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-image-3.13.0-173-lowlatency' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-modules-3.13.0-173-lowlatency' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-image-unsigned-3.13.0-173-lowlatency' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-image-3.13.0-174-generic' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-modules-3.13.0-174-generic' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-image-unsigned-3.13.0-174-generic' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-image-3.13.0-174-lowlatency' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-modules-3.13.0-174-lowlatency' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-image-unsigned-3.13.0-174-lowlatency' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-image-4.15.0-1059-azure' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-modules-4.15.0-1059-azure' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-image-unsigned-4.15.0-1059-azure' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-image-4.15.0-1060-azure' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-modules-4.15.0-1060-azure' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-image-unsigned-4.15.0-1060-azure' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-image-4.15.0-1061-azure' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-modules-4.15.0-1061-azure' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-image-unsigned-4.15.0-1061-azure' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-image-4.4.0-1054-aws' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-modules-4.4.0-1054-aws' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-image-unsigned-4.4.0-1054-aws' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-image-4.4.0-1055-aws' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-modules-4.4.0-1055-aws' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-image-unsigned-4.4.0-1055-aws' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-image-4.4.0-1056-aws' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-modules-4.4.0-1056-aws' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-image-unsigned-4.4.0-1056-aws' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-image-4.4.0-164-generic' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-modules-4.4.0-164-generic' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-image-unsigned-4.4.0-164-generic' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-image-4.4.0-164-lowlatency' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-modules-4.4.0-164-lowlatency' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-image-unsigned-4.4.0-164-lowlatency' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-image-4.4.0-165-generic' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-modules-4.4.0-165-generic' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-image-unsigned-4.4.0-165-generic' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-image-4.4.0-165-lowlatency' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-modules-4.4.0-165-lowlatency' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-image-unsigned-4.4.0-165-lowlatency' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-image-4.4.0-166-generic' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-modules-4.4.0-166-generic' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-image-unsigned-4.4.0-166-generic' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-image-4.4.0-166-lowlatency' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-modules-4.4.0-166-lowlatency' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-image-unsigned-4.4.0-166-lowlatency' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-modules-extra-3.13.0-174-generic' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-unsigned-image-4.4.0-166-generic' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-modules-extra-4.4.0-166-generic' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-unsigned-image-4.4.0-166-lowlatency' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-lts-xenial-tools-4.4.0-164' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-lts-xenial-tools-4.4.0-165' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-lts-xenial-tools-4.4.0-166' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-modules-extra-3.13.0-173-generic' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-modules-extra-4.15.0-1059-azure' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-modules-extra-4.15.0-1060-azure' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-modules-extra-4.15.0-1061-azure' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-modules-extra-4.4.0-164-generic' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-modules-extra-4.4.0-165-generic' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-tools-3.13.0-173' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-tools-3.13.0-173-generic' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-tools-3.13.0-173-lowlatency' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-tools-3.13.0-174' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-tools-3.13.0-174-generic' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-tools-3.13.0-174-lowlatency' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-tools-4.15.0-1059-azure' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-tools-4.15.0-1060-azure' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-tools-4.15.0-1061-azure' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-tools-4.4.0-1054-aws' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-tools-4.4.0-1055-aws' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-tools-4.4.0-1056-aws' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-tools-4.4.0-164-generic' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-tools-4.4.0-164-lowlatency' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-tools-4.4.0-165-generic' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-tools-4.4.0-165-lowlatency' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-tools-4.4.0-166-generic' was not found
E: Release 'wazuh-dashboard_4.3.0-1_amd64.deb' for 'linux-tools-4.4.0-166-lowlatency' was not found

c-bordon commented 2 years ago

Uninstallation errors:

Debian 9:

The apt remove wazuh-dashboard command verifies that the following directories are not removed: /etc/wazuh-dashboard /etc/systemd/system/wazuh-dashboard.service /etc/init.d/wazuh-dashboard

c-bordon commented 2 years ago

The number of rpm spec lines is greatly reduced Commit: https://github.com/wazuh/wazuh-packages/commit/5c7b746e18b708d0d7dc08c6bb2f32d53de24211

c-bordon commented 2 years ago

Upgrade Tests:

System	amd64
Amazon Linux 2	🟢
CentOS 7	🟢
CentOS 8	🟢
Debian 8	🔴
Debian 9	🟢
Debian 10	🟢
Debian 11	🟢
Redhat 7	🟢
Redhat 8	🟢
Ubuntu Focal	🟢
Ubuntu Bionic	🟢
Ubuntu Xenial	🔴

Legend: Test not launched: ⚫ Test failed: 🔴 Test success: 🟢 Need review: 🟡

c-bordon commented 2 years ago

Upgrade tests are performed, several errors are detected in the deb specs, which are corrected, then a special package is created for upgrade tests based on opensearch dashboard 1.1.0, and with this, we can verify that the upgrade is done correctly:

These packages were created for the upgrade tests: deb: https://s3.amazonaws.com/warehouse.wazuh.com/dashboard/wazuh-dashboard_99.99.0-1_amd64.deb rpm: https://s3.amazonaws.com/warehouse.wazuh.com/dashboard/wazuh-dashboard-99.99.0-1.x86_64.rpm

Before upgrade:

root@Debian-Bullseye:~# /usr/share/wazuh-dashboard/bin/opensearch-dashboards -c /etc/wazuh-dashboard/wazuh-dashboard.yml --version --allow-root
1.2.0

Screenshot_20220120_153930

After upgrade:

root@Debian-Bullseye:~# /usr/share/wazuh-dashboard/bin/opensearch-dashboards -c /etc/wazuh-dashboard/wazuh-dashboard.yml --version --allow-root
1.1.0

Screenshot_20220120_154224

c-bordon commented 2 years ago

I found a problem in the upgrade tests of Centos 7, after the upgrade, the service commands do not work, I was debugging the problem and what I could see is that the future package restarts itself, and this generates that the PID of the process changes and it is not updated in the /run/wazuh-dashboard/wazuh-dashboard.pid file, causing the service wazuh-dashboard status, service wazuh-dashboard stop commands to not work.

If you eliminate the process with a kill -9, it restarts without registering the pid number in the file, after eliminating the parent process the service could no longer be started correctly.

Evidence:

[root@centos7 ~]# ps -fea | grep wazuh-dashboard               
wazuh-d+ 26106     1  1 18:19 ?        00:00:04 /usr/share/wazuh-dashboard/bin/../node/bin/node /usr/share/wazuh-dashboard/bin/../src/cli/dist -c /etc/wazuh-dashboard/wazuh-dashboard.yml
root     26206  3236  0 18:24 pts/0    00:00:00 grep --color=auto wazuh-dashboard
[root@centos7 ~]# kill -9 26106
[root@centos7 ~]# ps -fea | grep wazuh-dashboard
wazuh-d+ 26208     1 68 18:25 ?        00:00:01 /usr/share/wazuh-dashboard/bin/../node/bin/node /usr/share/wazuh-dashboard/bin/../src/cli/dist -c /etc/wazuh-dashboard/wazuh-dashboard.yml
root     26225  3236  0 18:25 pts/0    00:00:00 grep --color=auto wazuh-dashboard
[root@centos7 ~]# ps -fea | grep wazuh-dashboard
wazuh-d+ 26208     1  2 18:25 ?        00:00:04 /usr/share/wazuh-dashboard/bin/../node/bin/node /usr/share/wazuh-dashboard/bin/../src/cli/dist -c /etc/wazuh-dashboard/wazuh-dashboard.yml
root     26250  3236  0 18:28 pts/0    00:00:00 grep --color=auto wazuh-dashboard
[root@centos7 ~]# kill -9 26208
[root@centos7 ~]# ps -fea | grep wazuh-dashboard
wazuh-d+ 26252     1 99 18:28 ?        00:00:01 /usr/share/wazuh-dashboard/bin/../node/bin/node /usr/share/wazuh-dashboard/bin/../src/cli/dist -c /etc/wazuh-dashboard/wazuh-dashboard.yml
root     26269  3236  0 18:28 pts/0    00:00:00 grep --color=auto wazuh-dashboard
[root@centos7 ~]# cat /run/wazuh-dashboard.pid 
26016
[root@centos7 ~]# cat /run/wazuh-dashboard/wazuh-dashboard.pid 
25661
[root@centos7 ~]# ps -fea | grep wazuh-dashboard
wazuh-d+ 26252     1  4 18:28 ?        00:00:04 /usr/share/wazuh-dashboard/bin/../node/bin/node /usr/share/wazuh-dashboard/bin/../src/cli/dist -c /etc/wazuh-dashboard/wazuh-dashboard.yml
root     26283  3236  0 18:30 pts/0    00:00:00 grep --color=auto wazuh-dashboard
[root@centos7 ~]# ps -fea | grep wazuh-dashboard
wazuh-d+ 26252     1  1 18:28 ?        00:00:04 /usr/share/wazuh-dashboard/bin/../node/bin/node /usr/share/wazuh-dashboard/bin/../src/cli/dist -c /etc/wazuh-dashboard/wazuh-dashboard.yml
root     26308  3236  0 18:32 pts/0    00:00:00 grep --color=auto wazuh-dashboard
[root@centos7 ~]# ps -fea | grep wazuh-dashboard
wazuh-d+ 26252     1  0 18:28 ?        00:00:04 /usr/share/wazuh-dashboard/bin/../node/bin/node /usr/share/wazuh-dashboard/bin/../src/cli/dist -c /etc/wazuh-dashboard/wazuh-dashboard.yml
root     26310  3236  0 18:37 pts/0    00:00:00 grep --color=auto wazuh-dashboard
[root@centos7 ~]# kill -9 26252
[root@centos7 ~]# ps -fea | grep wazuh-dashboard
wazuh-d+ 26334     1 99 18:37 ?        00:00:02 /usr/share/wazuh-dashboard/bin/../node/bin/node /usr/share/wazuh-dashboard/bin/../src/cli/dist -c /etc/wazuh-dashboard/wazuh-dashboard.yml
root     26351  3236  0 18:37 pts/0    00:00:00 grep --color=auto wazuh-dashboard

-bash-4.2$ ps -o ppid= -p 26468
    1
[root@centos7 ~]# kill -15 1
[root@centos7 ~]# ps -fea | grep wazuh-dashbor
root     26525 26404  0 18:44 pts/0    00:00:00 grep --color=auto wazuh-dashbor
[root@centos7 ~]# ps -fea | grep wazuh-dashbord
root     26527 26404  0 18:44 pts/0    00:00:00 grep --color=auto wazuh-dashbord
[root@centos7 ~]# service wazuh-dashboard stop
[root@centos7 ~]# service wazuh-dashboard status
wazuh-dashboard is not running
[root@centos7 ~]# ps -fea | grep wazuh-dashbord 
root     26563 26404  0 18:44 pts/0    00:00:00 grep --color=auto wazuh-dashbord
[root@centos7 ~]# service wazuh-dashboard start
wazuh-dashboard started
[root@centos7 ~]# service wazuh-dashboard status
 FATAL  Error: Port 443 is already in use. Another instance of OpenSearch Dashboards may be running!

^C
[root@centos7 ~]# ^C
[root@centos7 ~]# ps -fea | grep wazuh-dashbord
root     26599 26404  0 18:44 pts/0    00:00:00 grep --color=auto wazuh-dashbord
[root@centos7 ~]# service wazuh-dashboard status
wazuh-dashboard is not running

dariommr commented 2 years ago

Hi guys, playing around with this, I found these errors on the wazuh-indexer installation in debian:

System:

root@wzh-index-01:~# cat /etc/*release*
PRETTY_NAME="Debian GNU/Linux 10 (buster)"
NAME="Debian GNU/Linux"
VERSION_ID="10"
VERSION="10 (buster)"
VERSION_CODENAME=buster
ID=debian
HOME_URL="https://www.debian.org/"
SUPPORT_URL="https://www.debian.org/support"
BUG_REPORT_URL="https://bugs.debian.org/"

Errors found:

entrypoint file has not execution permissions

root@wzh-index-01:~# wget https://s3.amazonaws.com/warehouse.wazuh.com/indexer/stable/wazuh-indexer_4.3.0-1_amd64.deb
root@wzh-index-01:~# dpkg -i wazuh-indexer_4.3.0-1_amd64.deb 
Selecting previously unselected package wazuh-indexer.
(Reading database ... 49133 files and directories currently installed.)
Preparing to unpack wazuh-indexer_4.3.0-1_amd64.deb ...
Creating wazuh-indexer group... OK
Creating wazuh-indexer user... OK
Unpacking wazuh-indexer (4.3.0-1) ...
Setting up wazuh-indexer (4.3.0-1) ...
dpkg: error processing package wazuh-indexer (--install):
installed wazuh-indexer package post-installation script subprocess returned error exit status 255
Processing triggers for libc-bin (2.28-10) ...
Processing triggers for systemd (241-7~deb10u7) ...
Errors were encountered while processing:
wazuh-indexer
root@wzh-index-01:~# systemctl start wazuh-indexer
Job for wazuh-indexer.service failed because the control process exited with error code.
See "systemctl status wazuh-indexer.service" and "journalctl -xe" for details.
root@wzh-index-01:~# journalctl -u wazuh-indexer --no-pager
-- Logs begin at Mon 2022-01-24 10:10:50 -03, end at Mon 2022-01-24 11:20:27 -03. --
Jan 24 11:20:27 wzh-index-01 systemd[1]: Starting Wazuh-indexer...
Jan 24 11:20:27 wzh-index-01 systemd[832]: wazuh-indexer.service: Failed to execute command: Permission denied
Jan 24 11:20:27 wzh-index-01 systemd[832]: wazuh-indexer.service: Failed at step EXEC spawning /usr/share/wazuh-indexer/bin/systemd-entrypoint: Permission denied
Jan 24 11:20:27 wzh-index-01 systemd[1]: wazuh-indexer.service: Main process exited, code=exited, status=203/EXEC
Jan 24 11:20:27 wzh-index-01 systemd[1]: wazuh-indexer.service: Failed with result 'exit-code'.
Jan 24 11:20:27 wzh-index-01 systemd[1]: Failed to start Wazuh-indexer.
root@wzh-index-01:~# ls -l /usr/share/wazuh-indexer/bin/systemd-entrypoint
-rw-r--r-- 1 wazuh-indexer wazuh-indexer 325 Dec 30 06:04 /usr/share/wazuh-indexer/bin/systemd-entrypoint

Solution: give execution permissions:

chmod ug+x /usr/share/wazuh-indexer/bin/systemd-entrypoint

File opensearch.keystore incorrect ownership


root@wzh-index-01:~# journalctl -u wazuh-indexer --no-pager
Jan 24 11:22:06 wzh-index-01 systemd-entrypoint[848]: Exception in thread "main" org.opensearch.bootstrap.BootstrapException: java.nio.file.AccessDeniedException: /etc/wazuh-indexer/opensearch.keystore
Jan 24 11:22:06 wzh-index-01 systemd-entrypoint[848]: Likely root cause: java.nio.file.AccessDeniedException: /etc/wazuh-indexer/opensearch.keystore

root@wzh-index-01:~# ls -l /etc/wazuh-indexer/opensearch.keystore -rw-rw---- 1 root root 196 Jan 24 11:20 /etc/wazuh-indexer/opensearch.keystore

Solution: change ownership to user and group `wazuh-indexer`

root@wzh-index-01:~# chown wazuh-indexer:wazuh-indexer /etc/wazuh-indexer/opensearch.keystore


3. Log files folder has incorrect ownership

root@wzh-index-01:~# ls -l /var/log/wazuh-indexer total 100 -rw-r--r-- 1 wazuh-indexer wazuh-indexer 63694 Jan 24 11:35 gc.log -rw-r--r-- 1 root root 1992 Jan 24 11:20 gc.log.00 -rw-r--r-- 1 root root 3275 Jan 24 11:20 gc.log.01 -rw-r--r-- 1 wazuh-indexer wazuh-indexer 1992 Jan 24 11:22 gc.log.02 -rw-r--r-- 1 wazuh-indexer wazuh-indexer 2568 Jan 24 11:22 gc.log.03 -rw-r--r-- 1 wazuh-indexer wazuh-indexer 2016 Jan 24 11:31 gc.log.04 -rw-r--r-- 1 root root 121 Jan 24 11:20 securityadmin.log -rw-r--r-- 1 root root 0 Jan 24 11:20 wazuh-cluster_deprecation.json -rw-r--r-- 1 root root 0 Jan 24 11:20 wazuh-cluster_deprecation.log -rw-r--r-- 1 root root 0 Jan 24 11:20 wazuh-cluster_index_indexing_slowlog.json -rw-r--r-- 1 root root 0 Jan 24 11:20 wazuh-cluster_index_indexing_slowlog.log -rw-r--r-- 1 root root 0 Jan 24 11:20 wazuh-cluster_index_search_slowlog.json -rw-r--r-- 1 root root 0 Jan 24 11:20 wazuh-cluster_index_search_slowlog.log -rw-r--r-- 1 root root 2526 Jan 24 11:20 wazuh-cluster.log -rw-r--r-- 1 root root 2857 Jan 24 11:20 wazuh-cluster_server.json

Solution: Change ownership

root@wzh-index-01:~# chown wazuh-indexer:wazuh-indexer -R /var/log/wazuh-indexer


4. OpenSearch Security not initialized

root@wzh-index-01:~# curl -k -u admin:admin -XGET https://localhost:9700 OpenSearch Security not initialized.

root@wzh-index-01:~# cat /var/log/wazuh-indexer/wazuh-cluster.log | grep ERROR | head -n 3 [2022-01-24T11:20:30,536][ERROR][o.o.b.Bootstrap ] [node-1] Exception [2022-01-24T11:20:30,540][ERROR][o.o.b.OpenSearchUncaughtExceptionHandler] [node-1] uncaught exception in thread [main] [2022-01-24T11:38:52,404][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, AUDIT] (index=.opendistro_security)

Solution: Run the securityadmin script

export JAVA_HOME=/usr/share/wazuh-indexer/jdk/ && /usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh -cd /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/ -icl -nhnv -cacert /etc/wazuh-indexer/certs/root-ca.pem -cert /etc/wazuh-indexer/certs/admin.pem -key /etc/wazuh-indexer/certs/admin-key.pem -p 9800

---
After solving this, all is working as expected:

root@wzh-index-01:~# curl -k -u admin:admin -XGET https://localhost:9700 { "name" : "node-1", "cluster_name" : "wazuh-cluster", "cluster_uuid" : "V2Y9HORiTxWpgdmqzcd2Xw", "version" : { "distribution" : "opensearch", "number" : "1.2.3", "build_type" : "rpm", "build_hash" : "8a529d77c7432bc45b005ac1c4ba3b2741b57d4a", "build_date" : "2021-12-21T01:36:21.407473Z", "build_snapshot" : false, "lucene_version" : "8.10.1", "minimum_wire_compatibility_version" : "6.8.0", "minimum_index_compatibility_version" : "6.0.0-beta1" }, "tagline" : "The OpenSearch Project: https://opensearch.org/" } root@wzh-index-01:~# curl -k -u admin:admin -XGET https://localhost:9700/_cluster/health?pretty { "cluster_name" : "wazuh-cluster", "status" : "green", "timed_out" : false, "number_of_nodes" : 1, "number_of_data_nodes" : 1, "discovered_master" : true, "active_primary_shards" : 1, "active_shards" : 1, "relocating_shards" : 0, "initializing_shards" : 0, "unassigned_shards" : 0, "delayed_unassigned_shards" : 0, "number_of_pending_tasks" : 0, "number_of_in_flight_fetch" : 0, "task_max_waiting_in_queue_millis" : 0, "active_shards_percent_as_number" : 100.0 }



**In conclusion**: at some point, the installation script fails and stop. and these configurations are  not applied.

c-bordon commented 2 years ago

I was working on solving the problem in the rpm upgrade, we were able to detect that the problem is that systemctl and service are working independently, this can cause parallel processes to be generated, causing problems.

I am working on linking the systemctl definition to the init.d script so far with no success:

[Unit]
Description=wazuh-dashboard
SourcePath=/etc/init.d/wazuh-dashboard

[Service]
Type=simple
User=wazuh-dashboard
Group=wazuh-dashboard
EnvironmentFile=-/etc/default/wazuh-dashboard
EnvironmentFile=-/etc/sysconfig/wazuh-dashboard
ExecStart=/etc/init.d/wazuh-dashboard start
ExecStop=/etc/init.d/wazuh-dashboard stop
ExecReload=/etc/init.d/wazuh-dashboard restart
WorkingDirectory=/usr/share/wazuh-dashboard

[Install]
WantedBy=multi-user.target

[root@centos8 ~]# systemctl status wazuh-dashboard
● wazuh-dashboard.service - wazuh-dashboard
   Loaded: loaded (/etc/init.d/wazuh-dashboard; disabled; vendor preset: disabled)
   Active: inactive (dead)

Jan 24 18:54:15 centos8 systemd[1]: Started wazuh-dashboard.
Jan 24 18:54:15 centos8 wazuh-dashboard[6312]: chroot: cannot change root directory to '/': Operation not permitted
Jan 24 18:54:15 centos8 wazuh-dashboard[6312]: wazuh-dashboard started
Jan 24 18:54:15 centos8 systemd[1]: wazuh-dashboard.service: Succeeded.
Jan 24 18:58:01 centos8 systemd[1]: Started wazuh-dashboard.
Jan 24 18:58:01 centos8 wazuh-dashboard[6340]: chroot: cannot change root directory to '/': Operation not permitted
Jan 24 18:58:01 centos8 wazuh-dashboard[6340]: wazuh-dashboard started
Jan 24 18:58:01 centos8 systemd[1]: wazuh-dashboard.service: Succeeded.
Jan 24 19:01:58 centos8 systemd[1]: Started wazuh-dashboard.
Jan 24 19:01:59 centos8 systemd[1]: wazuh-dashboard.service: Succeeded.
[root@centos8 ~]# /etc/init.d/wazuh-dashboard start
wazuh-dashboard started
[root@centos8 ~]# /etc/init.d/wazuh-dashboard status
wazuh-dashboard is running
[root@centos8 ~]# systemctl stop wazuh-dashboard
[root@centos8 ~]# systemctl status wazuh-dashboard
● wazuh-dashboard.service - wazuh-dashboard
   Loaded: loaded (/etc/init.d/wazuh-dashboard; disabled; vendor preset: disabled)
   Active: inactive (dead)

Jan 24 18:54:15 centos8 systemd[1]: Started wazuh-dashboard.
Jan 24 18:54:15 centos8 wazuh-dashboard[6312]: chroot: cannot change root directory to '/': Operation not permitted
Jan 24 18:54:15 centos8 wazuh-dashboard[6312]: wazuh-dashboard started
Jan 24 18:54:15 centos8 systemd[1]: wazuh-dashboard.service: Succeeded.
Jan 24 18:58:01 centos8 systemd[1]: Started wazuh-dashboard.
Jan 24 18:58:01 centos8 wazuh-dashboard[6340]: chroot: cannot change root directory to '/': Operation not permitted
Jan 24 18:58:01 centos8 wazuh-dashboard[6340]: wazuh-dashboard started

Also, update the deb package since we have a first version of the wazuh plugin for opensearch, a pre-release package is generated with this change:

Updated the package to have to edit the host IP parameters of wazuh dashboard and opensearch hosts:

server.host: <wazuh-dashboard-ip>
server.port: 443
opensearch.hosts: https://<wazuh-indexer-ip>:9700

c-bordon commented 2 years ago

Issue with Systemd and init.d:

The error is reported and detailed in the following issue: https://github.com/wazuh/wazuh-packages/issues/1206

c-bordon commented 2 years ago

After different tests, an update is made in the packages and the upgrade is successfully tested again in Centos 8:

Running transaction
  Preparing        :                                                                                                                                                                                                                     1/1 
  Running scriptlet: wazuh-dashboard-99.99.0-1.x86_64                                                                                                                                                                                    1/1 
  Running scriptlet: wazuh-dashboard-99.99.0-1.x86_64                                                                                                                                                                                    1/2 
  Upgrading        : wazuh-dashboard-99.99.0-1.x86_64                                                                                                                                                                                    1/2 
warning: /etc/wazuh-dashboard/wazuh-dashboard.yml created as /etc/wazuh-dashboard/wazuh-dashboard.yml.rpmnew

  Running scriptlet: wazuh-dashboard-99.99.0-1.x86_64                                                                                                                                                                                    1/2 
  Running scriptlet: wazuh-dashboard-4.3.0-1.x86_64                                                                                                                                                                                      2/2 
  Cleanup          : wazuh-dashboard-4.3.0-1.x86_64                                                                                                                                                                                      2/2 
  Running scriptlet: wazuh-dashboard-4.3.0-1.x86_64                                                                                                                                                                                      2/2 
  Running scriptlet: wazuh-dashboard-99.99.0-1.x86_64                                                                                                                                                                                    2/2 
  Running scriptlet: wazuh-dashboard-4.3.0-1.x86_64                                                                                                                                                                                      2/2 
  Verifying        : wazuh-dashboard-99.99.0-1.x86_64                                                                                                                                                                                    1/2 
  Verifying        : wazuh-dashboard-4.3.0-1.x86_64                                                                                                                                                                                      2/2 

Upgraded:
  wazuh-dashboard-99.99.0-1.x86_64                                                                                                                                                                                                           

Complete!
wazuh-dashboard is running
[root@centos8 ~]# service wazuh-dashboard status
wazuh-dashboard is running
[root@centos8 ~]# ps -fea | grep wazuh-dashboard
wazuh-d+    4804       1 21 20:36 ?        00:00:03 /usr/share/wazuh-dashboard/bin/../node/bin/node /usr/share/wazuh-dashboard/bin/../src/cli/dist -c /etc/wazuh-dashboard/wazuh-dashboard.yml
root        4884    3895  0 20:37 pts/0    00:00:00 grep --color=auto wazuh-dashboard
[root@centos8 ~]# systemctl status wazuh-dashboard.service 
● wazuh-dashboard.service - wazuh-dashboard
   Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; disabled; vendor preset: disabled)
   Active: active (running) since Tue 2022-01-25 20:36:55 UTC; 23s ago
 Main PID: 4804 (node)
    Tasks: 11 (limit: 12114)
   Memory: 201.3M
   CGroup: /system.slice/wazuh-dashboard.service
           └─4804 /usr/share/wazuh-dashboard/bin/../node/bin/node /usr/share/wazuh-dashboard/bin/../src/cli/dist -c /etc/wazuh-dashboard/wazuh-dashboard.yml

Jan 25 20:36:55 centos8 systemd[1]: Starting wazuh-dashboard...
Jan 25 20:36:55 centos8 systemd[1]: Started wazuh-dashboard.

Screenshot_20220125_173946 Screenshot_20220125_174005

c-bordon commented 2 years ago

New packages are created with the fixes for init.d, this issue mainly impacts rpm, although deb packages are created with this fix as well:

deb: https://s3.amazonaws.com/warehouse.wazuh.com/stack/dashboard/stable/wazuh-dashboard_4.3.0-1_amd64.deb rpm: https://s3.amazonaws.com/warehouse.wazuh.com/stack/dashboard/stable/wazuh-dashboard-4.3.0-1.x86_64.rpm

In a new upgrade test in Ubuntu 20.04 this message is verified:

Installing new version of config file /etc/default/wazuh-dashboard ...

Configuration file '/etc/wazuh-dashboard/wazuh-dashboard.yml'
 ==> Modified (by you or by a script) since installation.
 ==> Package distributor has shipped an updated version.
   What would you like to do about it ?  Your options are:
    Y or I  : install the package maintainer's version
    N or O  : keep your currently-installed version
      D     : show the differences between the versions
      Z     : start a shell to examine the situation
 The default action is to keep your current version.
*** wazuh-dashboard.yml (Y/I/N/O/D/Z) [default=N] ? Y
Installing new version of config file /etc/wazuh-dashboard/wazuh-dashboard.yml ...

It will be validated if it is correct or if something needs to be modified:

New Test:

The following packages will be upgraded:
  wazuh-dashboard
1 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 0 B/138 MB of archives.
After this operation, 145 MB disk space will be freed.
Get:1 /root/wazuh-dashboard_99.99.0-1_amd64.deb wazuh-dashboard amd64 99.99.0-1 [138 MB]
(Reading database ... 141251 files and directories currently installed.)
Preparing to unpack .../wazuh-dashboard_99.99.0-1_amd64.deb ...
Unpacking wazuh-dashboard (99.99.0-1) over (4.3.0-1) ...
Setting up wazuh-dashboard (99.99.0-1) ...
Installing new version of config file /etc/default/wazuh-dashboard ...

Configuration file '/etc/wazuh-dashboard/wazuh-dashboard.yml'
 ==> Modified (by you or by a script) since installation.
 ==> Package distributor has shipped an updated version.
   What would you like to do about it ?  Your options are:
    Y or I  : install the package maintainer's version
    N or O  : keep your currently-installed version
      D     : show the differences between the versions
      Z     : start a shell to examine the situation
 The default action is to keep your current version.
*** wazuh-dashboard.yml (Y/I/N/O/D/Z) [default=N] ? Y
Installing new version of config file /etc/wazuh-dashboard/wazuh-dashboard.yml ...
Processing triggers for systemd (245.4-4ubuntu3.7) ...
N: Download is performed unsandboxed as root as file '/root/wazuh-dashboard_99.99.0-1_amd64.deb' couldn't be accessed by user '_apt'. - pkgAcquire::Run (13: Permission denied)
● wazuh-dashboard.service - wazuh-dashboard
     Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; disabled; vendor preset: enabled)
     Active: active (running) since Tue 2022-01-25 21:14:41 UTC; 657ms ago
   Main PID: 154388 (node)
      Tasks: 7 (limit: 3540)
     Memory: 60.0M
     CGroup: /system.slice/wazuh-dashboard.service
             └─154388 /usr/share/wazuh-dashboard/bin/../node/bin/node /usr/share/wazuh-dashboard/bin/../src/cli/dist -c /etc/wazuh-dashboard/wazuh-dashboard.yml

dariommr commented 2 years ago

Hello Team! I would like to recommend the use of keystores to avoid using passwords in plain text in the wazuh-dashboard.yml file. For instance:

opensearch.username: kibanaserver
opensearch.password: kibanaserver

This documentation can help you: https://www.elastic.co/guide/en/kibana/7.10/secure-settings.html Setting a keystore in this way:

sudo -u wazuh-dashboard /usr/share/wazuh-dashboard/bin/opensearch-dashboards-keystore create
sudo -u wazuh-dashboard /usr/share/wazuh-dashboard/bin/opensearch-dashboards-keystore add <variable>

ie: _sudo -u wazuh-dashboard /usr/share/wazuh-dashboard/bin/opensearch-dashboards-keystore add DASHPASS The secret variables set in the keystore can be used in this way in the configuration file:

opensearch.username: {DASH_USER}
opensearch.password: {DASH_PASS}

This command is interactive, you should find the way of automating it or creating previously the keystore files and including them into the Wazuh Dashboard package.

Just an Idea to make more secure the platform.

c-bordon commented 2 years ago

Systemctl tests:

Centos 7:

[root@centos7 ~]# systemctl daemon-reload
[root@centos7 ~]# systemctl enable wazuh-dashboard.service 
Created symlink from /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service to /etc/systemd/system/wazuh-dashboard.service.
[root@centos7 ~]# systemctl start wazuh-dashboard.service 
[root@centos7 ~]# systemctl status wazuh-dashboard.service 
● wazuh-dashboard.service - wazuh-dashboard
   Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; enabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Wed 2022-01-26 13:46:14 UTC; 6s ago
  Process: 4006 ExecStartPost=/bin/sh -c umask 022; echo $MAINPID > $PID_DIR (code=exited, status=0/SUCCESS)
  Process: 4005 ExecStart=/usr/share/wazuh-dashboard/bin/opensearch-dashboards -c /etc/wazuh-dashboard/wazuh-dashboard.yml (code=exited, status=1/FAILURE)
 Main PID: 4005 (code=exited, status=1/FAILURE)

Jan 26 13:46:13 centos7 systemd[1]: Starting wazuh-dashboard...
Jan 26 13:46:13 centos7 systemd[1]: Started wazuh-dashboard.
Jan 26 13:46:14 centos7 systemd[1]: wazuh-dashboard.service: main process exited, code=exited, status=1/FAILURE
Jan 26 13:46:14 centos7 systemd[1]: Unit wazuh-dashboard.service entered failed state.
Jan 26 13:46:14 centos7 systemd[1]: wazuh-dashboard.service failed.
[root@centos7 ~]# vi /etc/wazuh-dashboard/wazuh-dashboard.yml 
[root@centos7 ~]# systemctl start wazuh-dashboard.service 
[root@centos7 ~]# systemctl status wazuh-dashboard.service 
● wazuh-dashboard.service - wazuh-dashboard
   Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; enabled; vendor preset: disabled)
   Active: active (running) since Wed 2022-01-26 13:46:47 UTC; 1s ago
  Process: 4110 ExecStartPost=/bin/sh -c umask 022; echo $MAINPID > $PID_DIR (code=exited, status=0/SUCCESS)
 Main PID: 4109 (node)
   CGroup: /system.slice/wazuh-dashboard.service
           └─4109 /usr/share/wazuh-dashboard/bin/../node/bin/node /usr/share/wazuh-dashboard/bin/../src/cli/dist -c /etc/wazuh-dashboard/wazuh-dashboard.yml

Jan 26 13:46:47 centos7 systemd[1]: Starting wazuh-dashboard...
Jan 26 13:46:47 centos7 systemd[1]: Started wazuh-dashboard.
[root@centos7 ~]# systemctl stop wazuh-dashboard.service 
[root@centos7 ~]# systemctl status wazuh-dashboard.service 
● wazuh-dashboard.service - wazuh-dashboard
   Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; enabled; vendor preset: disabled)
   Active: inactive (dead) since Wed 2022-01-26 13:47:01 UTC; 2s ago
  Process: 4110 ExecStartPost=/bin/sh -c umask 022; echo $MAINPID > $PID_DIR (code=exited, status=0/SUCCESS)
  Process: 4109 ExecStart=/usr/share/wazuh-dashboard/bin/opensearch-dashboards -c /etc/wazuh-dashboard/wazuh-dashboard.yml (code=exited, status=0/SUCCESS)
 Main PID: 4109 (code=exited, status=0/SUCCESS)

Jan 26 13:46:47 centos7 systemd[1]: Starting wazuh-dashboard...
Jan 26 13:46:47 centos7 systemd[1]: Started wazuh-dashboard.
Jan 26 13:47:01 centos7 systemd[1]: Stopping wazuh-dashboard...
Jan 26 13:47:01 centos7 systemd[1]: Stopped wazuh-dashboard.
[root@centos7 ~]# systemctl restart wazuh-dashboard.service 
[root@centos7 ~]# systemctl status wazuh-dashboard.service 
● wazuh-dashboard.service - wazuh-dashboard
   Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; enabled; vendor preset: disabled)
   Active: active (running) since Wed 2022-01-26 13:47:11 UTC; 2s ago
  Process: 4144 ExecStartPost=/bin/sh -c umask 022; echo $MAINPID > $PID_DIR (code=exited, status=0/SUCCESS)
 Main PID: 4143 (node)
   CGroup: /system.slice/wazuh-dashboard.service
           └─4143 /usr/share/wazuh-dashboard/bin/../node/bin/node /usr/share/wazuh-dashboard/bin/../src/cli/dist -c /etc/wazuh-dashboard/wazuh-dashboard.yml

Jan 26 13:47:11 centos7 systemd[1]: Starting wazuh-dashboard...
Jan 26 13:47:11 centos7 systemd[1]: Started wazuh-dashboard.

Service tests:

Centos 7:

[root@centos7 ~]# service wazuh-dashboard status
wazuh-dashboard is running
[root@centos7 ~]# service wazuh-dashboard stop
wazuh-dashboard stopped.
[root@centos7 ~]# service wazuh-dashboard status
wazuh-dashboard is not running
[root@centos7 ~]# service wazuh-dashboard restart
wazuh-dashboard started
[root@centos7 ~]# service wazuh-dashboard status
wazuh-dashboard is running
[root@centos7 ~]# service wazuh-dashboard stop
wazuh-dashboard stopped.
[root@centos7 ~]# service wazuh-dashboard start
wazuh-dashboard started
[root@centos7 ~]# ps aux | grep wazuh-dashboard
wazuh-d+  4327 37.4  2.9 1007548 183972 pts/0  Sl   13:49   0:04 /usr/share/wazuh-dashboard/bin/../node/bin/node /usr/share/wazuh-dashboard/bin/../src/cli/dist -c /etc/wazuh-dashboard/wazuh-dashboard.yml
root      4342  0.0  0.0  12528   976 pts/0    R+   13:49   0:00 grep --color=auto wazuh-dashboard

c-bordon commented 2 years ago

Systemctl tests:

Debian 9:

error found:

root@Debian-Stretch:~# systemctl enable wazuh-dashboard.service 
Synchronizing state of wazuh-dashboard.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable wazuh-dashboard
update-rc.d: error: wazuh-dashboard Default-Start contains no runlevels, aborting.

I found the solution in this post: https://serverfault.com/questions/849507/systemctl-doesnt-recognize-my-service-default-start-contains-no-runlevels-abo

solved in the new package:

root@Debian-Stretch:~# systemctl enable wazuh-dashboard.service 
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service → /etc/systemd/system/wazuh-dashboard.service.
root@Debian-Stretch:~# systemctl start wazuh-dashboard.service 
root@Debian-Stretch:~# systemctl status wazuh-dashboard.service 
● wazuh-dashboard.service - wazuh-dashboard
   Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; enabled; vendor preset: enabled)
   Active: failed (Result: exit-code) since Wed 2022-01-26 14:19:58 GMT; 3s ago
  Process: 16001 ExecStartPost=/bin/sh -c umask 022; echo $MAINPID > $PID_DIR (code=exited, status=0/SUCCESS)
  Process: 16000 ExecStart=/usr/share/wazuh-dashboard/bin/opensearch-dashboards -c /etc/wazuh-dashboard/wazuh-dashboard.yml (code=exited, status=1/FAILURE)
 Main PID: 16000 (code=exited, status=1/FAILURE)

Jan 26 14:19:56 Debian-Stretch systemd[1]: Starting wazuh-dashboard...
Jan 26 14:19:56 Debian-Stretch systemd[1]: Started wazuh-dashboard.
Jan 26 14:19:58 Debian-Stretch opensearch-dashboards[16000]:  FATAL  Error: [config validation of [server].host]: value must be a valid hostname (see RFC 1123).
Jan 26 14:19:58 Debian-Stretch systemd[1]: wazuh-dashboard.service: Main process exited, code=exited, status=1/FAILURE
Jan 26 14:19:58 Debian-Stretch systemd[1]: wazuh-dashboard.service: Unit entered failed state.
Jan 26 14:19:58 Debian-Stretch systemd[1]: wazuh-dashboard.service: Failed with result 'exit-code'.
root@Debian-Stretch:~# nano /etc/wazuh-dashboard/wazuh-dashboard.yml 
root@Debian-Stretch:~# systemctl start wazuh-dashboard.service 
root@Debian-Stretch:~# systemctl status wazuh-dashboard.service 
● wazuh-dashboard.service - wazuh-dashboard
   Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; enabled; vendor preset: enabled)
   Active: active (running) since Wed 2022-01-26 14:21:13 GMT; 1s ago
  Process: 16033 ExecStartPost=/bin/sh -c umask 022; echo $MAINPID > $PID_DIR (code=exited, status=0/SUCCESS)
 Main PID: 16032 (node)
    Tasks: 11 (limit: 4915)
   CGroup: /system.slice/wazuh-dashboard.service
           └─16032 /usr/share/wazuh-dashboard/bin/../node/bin/node /usr/share/wazuh-dashboard/bin/../src/cli/dist -c /etc/wazuh-dashboard/wazuh-dashboard.yml

Jan 26 14:21:13 Debian-Stretch systemd[1]: Starting wazuh-dashboard...
Jan 26 14:21:13 Debian-Stretch systemd[1]: Started wazuh-dashboard.
root@Debian-Stretch:~# systemctl restart wazuh-dashboard.service 
root@Debian-Stretch:~# systemctl status wazuh-dashboard.service 
● wazuh-dashboard.service - wazuh-dashboard
   Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; enabled; vendor preset: enabled)
   Active: active (running) since Wed 2022-01-26 14:21:21 GMT; 1s ago
  Process: 16056 ExecStartPost=/bin/sh -c umask 022; echo $MAINPID > $PID_DIR (code=exited, status=0/SUCCESS)
 Main PID: 16055 (node)
    Tasks: 11 (limit: 4915)
   CGroup: /system.slice/wazuh-dashboard.service
           └─16055 /usr/share/wazuh-dashboard/bin/../node/bin/node /usr/share/wazuh-dashboard/bin/../src/cli/dist -c /etc/wazuh-dashboard/wazuh-dashboard.yml

Jan 26 14:21:21 Debian-Stretch systemd[1]: Stopped wazuh-dashboard.
Jan 26 14:21:21 Debian-Stretch systemd[1]: Starting wazuh-dashboard...
Jan 26 14:21:21 Debian-Stretch systemd[1]: Started wazuh-dashboard.
root@Debian-Stretch:~# systemctl stop wazuh-dashboard.service 
root@Debian-Stretch:~# systemctl status wazuh-dashboard.service 
● wazuh-dashboard.service - wazuh-dashboard
   Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; enabled; vendor preset: enabled)
   Active: inactive (dead) since Wed 2022-01-26 14:21:28 GMT; 1s ago
  Process: 16056 ExecStartPost=/bin/sh -c umask 022; echo $MAINPID > $PID_DIR (code=exited, status=0/SUCCESS)
  Process: 16055 ExecStart=/usr/share/wazuh-dashboard/bin/opensearch-dashboards -c /etc/wazuh-dashboard/wazuh-dashboard.yml (code=exited, status=0/SUCCESS)
 Main PID: 16055 (code=exited, status=0/SUCCESS)

Jan 26 14:21:21 Debian-Stretch systemd[1]: Stopped wazuh-dashboard.
Jan 26 14:21:21 Debian-Stretch systemd[1]: Starting wazuh-dashboard...
Jan 26 14:21:21 Debian-Stretch systemd[1]: Started wazuh-dashboard.
Jan 26 14:21:28 Debian-Stretch systemd[1]: Stopping wazuh-dashboard...
Jan 26 14:21:28 Debian-Stretch systemd[1]: Stopped wazuh-dashboard.

Service tests:

Debian 9:

root@Debian-Stretch:~# service wazuh-dashboard start
root@Debian-Stretch:~# service wazuh-dashboard status
● wazuh-dashboard.service - wazuh-dashboard
   Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; enabled; vendor preset: enabled)
   Active: active (running) since Wed 2022-01-26 14:23:00 GMT; 1s ago
  Process: 16127 ExecStartPost=/bin/sh -c umask 022; echo $MAINPID > $PID_DIR (code=exited, status=0/SUCCESS)
 Main PID: 16126 (node)
    Tasks: 11 (limit: 4915)
   CGroup: /system.slice/wazuh-dashboard.service
           └─16126 /usr/share/wazuh-dashboard/bin/../node/bin/node /usr/share/wazuh-dashboard/bin/../src/cli/dist -c /etc/wazuh-dashboard/wazuh-dashboard.yml

Jan 26 14:23:00 Debian-Stretch systemd[1]: Starting wazuh-dashboard...
Jan 26 14:23:00 Debian-Stretch systemd[1]: Started wazuh-dashboard.
root@Debian-Stretch:~# service wazuh-dashboard stop
root@Debian-Stretch:~# service wazuh-dashboard status
● wazuh-dashboard.service - wazuh-dashboard
   Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; enabled; vendor preset: enabled)
   Active: inactive (dead) since Wed 2022-01-26 14:23:07 GMT; 1s ago
  Process: 16127 ExecStartPost=/bin/sh -c umask 022; echo $MAINPID > $PID_DIR (code=exited, status=0/SUCCESS)
  Process: 16126 ExecStart=/usr/share/wazuh-dashboard/bin/opensearch-dashboards -c /etc/wazuh-dashboard/wazuh-dashboard.yml (code=exited, status=0/SUCCESS)
 Main PID: 16126 (code=exited, status=0/SUCCESS)

Jan 26 14:23:00 Debian-Stretch systemd[1]: Starting wazuh-dashboard...
Jan 26 14:23:00 Debian-Stretch systemd[1]: Started wazuh-dashboard.
Jan 26 14:23:07 Debian-Stretch systemd[1]: Stopping wazuh-dashboard...
Jan 26 14:23:07 Debian-Stretch systemd[1]: Stopped wazuh-dashboard.
root@Debian-Stretch:~# service wazuh-dashboard restart
root@Debian-Stretch:~# service wazuh-dashboard status
● wazuh-dashboard.service - wazuh-dashboard
   Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; enabled; vendor preset: enabled)
   Active: active (running) since Wed 2022-01-26 14:23:12 GMT; 1s ago
  Process: 16180 ExecStartPost=/bin/sh -c umask 022; echo $MAINPID > $PID_DIR (code=exited, status=0/SUCCESS)
 Main PID: 16179 (node)
    Tasks: 11 (limit: 4915)
   CGroup: /system.slice/wazuh-dashboard.service
           └─16179 /usr/share/wazuh-dashboard/bin/../node/bin/node /usr/share/wazuh-dashboard/bin/../src/cli/dist -c /etc/wazuh-dashboard/wazuh-dashboard.yml

Jan 26 14:23:12 Debian-Stretch systemd[1]: Starting wazuh-dashboard...
Jan 26 14:23:12 Debian-Stretch systemd[1]: Started wazuh-dashboard.

c-bordon commented 2 years ago

The configuration file is renamed from wazuh-dashboard.yml to dashboard.yml:

Several tests are carried out on what @dariommr commented and in a first approach we can add in the postinst that a file containing the keys in plain text is read, the keys are created in the Keystore and then this file is deleted:


root@ubuntu20:~# cat userpass | sudo -u wazuh-dashboard /usr/share/wazuh-dashboard/bin/opensearch-dashboards-keystore add DASH_USER --stdin
root@ubuntu20:~# cat userpass | sudo -u wazuh-dashboard /usr/share/wazuh-dashboard/bin/opensearch-dashboards-keystore add DASH_PASS --stdin
root@ubuntu20:~# sudo -u wazuh-dashboard /usr/share/wazuh-dashboard/bin/opensearch-dashboards-keystore list
DASH_USER
DASH_PASS

At the moment I need to add the config directory inside /usr/share/wazuh-dashboard because if it is not there, the command gives an error:

[root@centos7 config]# sudo -u wazuh-dashboard /usr/share/wazuh-dashboard/bin/opensearch-dashboards-keystore create
FATAL CLI ERROR Error: EACCES: permission denied, open '/usr/share/wazuh-dashboard/config/opensearch_dashboards.keystore'
    at Object.openSync (fs.js:443:3)
    at writeFileSync (fs.js:1194:35)
    at Keystore.save (/usr/share/wazuh-dashboard/src/legacy/server/keystore/keystore.js:65:27)
    at create (/usr/share/wazuh-dashboard/src/cli_keystore/create.js:56:12)
    at Command.<anonymous> (/usr/share/wazuh-dashboard/src/cli/command.js:126:20)
    at Command.listener (/usr/share/wazuh-dashboard/node_modules/commander/index.js:291:8)
    at Command.emit (events.js:198:13)
    at Command.parseArgs (/usr/share/wazuh-dashboard/node_modules/commander/index.js:672:12)
    at Command.parse (/usr/share/wazuh-dashboard/node_modules/commander/index.js:459:21)
    at Object.<anonymous> (/usr/share/wazuh-dashboard/src/cli_keystore/cli_keystore.js:82:9)

I was also able to validate that there is a waiting time between when the keys are created and when they can be used, I am evaluating this to add some sleep if necessary:

root@ubuntu20:~# systemctl restart wazuh-dashboard.service 
root@ubuntu20:~# systemctl status wazuh-dashboard.service 
● wazuh-dashboard.service - wazuh-dashboard
     Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; disabled; vendor preset: enabled)
     Active: failed (Result: exit-code) since Wed 2022-01-26 20:43:01 UTC; 1s ago
    Process: 154146 ExecStart=/usr/share/wazuh-dashboard/bin/opensearch-dashboards -c /etc/wazuh-dashboard/wazuh-dashboard.yml (code=exited, status=1/FAILURE)
    Process: 154147 ExecStartPost=/bin/sh -c umask 022; echo $MAINPID > $PID_DIR (code=exited, status=0/SUCCESS)
   Main PID: 154146 (code=exited, status=1/FAILURE)

Jan 26 20:42:58 ubuntu20 systemd[1]: Starting wazuh-dashboard...
Jan 26 20:42:58 ubuntu20 systemd[1]: Started wazuh-dashboard.
Jan 26 20:43:01 ubuntu20 opensearch-dashboards[154146]:  FATAL  Error: [config validation of [opensearch].username]: expected value of type [string] but got [Object]
Jan 26 20:43:01 ubuntu20 systemd[1]: wazuh-dashboard.service: Main process exited, code=exited, status=1/FAILURE
Jan 26 20:43:01 ubuntu20 systemd[1]: wazuh-dashboard.service: Failed with result 'exit-code'.
root@ubuntu20:~# systemctl status wazuh-dashboard.service 
● wazuh-dashboard.service - wazuh-dashboard
     Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; disabled; vendor preset: enabled)
     Active: failed (Result: exit-code) since Wed 2022-01-26 20:43:01 UTC; 12s ago
    Process: 154146 ExecStart=/usr/share/wazuh-dashboard/bin/opensearch-dashboards -c /etc/wazuh-dashboard/wazuh-dashboard.yml (code=exited, status=1/FAILURE)
    Process: 154147 ExecStartPost=/bin/sh -c umask 022; echo $MAINPID > $PID_DIR (code=exited, status=0/SUCCESS)
   Main PID: 154146 (code=exited, status=1/FAILURE)

Jan 26 20:42:58 ubuntu20 systemd[1]: Starting wazuh-dashboard...
Jan 26 20:42:58 ubuntu20 systemd[1]: Started wazuh-dashboard.
Jan 26 20:43:01 ubuntu20 opensearch-dashboards[154146]:  FATAL  Error: [config validation of [opensearch].username]: expected value of type [string] but got [Object]
Jan 26 20:43:01 ubuntu20 systemd[1]: wazuh-dashboard.service: Main process exited, code=exited, status=1/FAILURE
Jan 26 20:43:01 ubuntu20 systemd[1]: wazuh-dashboard.service: Failed with result 'exit-code'.
root@ubuntu20:~# sudo -u wazuh-dashboard /usr/share/wazuh-dashboard/bin/opensearch-dashboards-keystore list
DASH_USER
DASH_PASS
root@ubuntu20:~# systemctl restart wazuh-dashboard.service 
root@ubuntu20:~# systemctl status wazuh-dashboard.service 
● wazuh-dashboard.service - wazuh-dashboard
     Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; disabled; vendor preset: enabled)
     Active: active (running) since Wed 2022-01-26 20:43:26 UTC; 1s ago
    Process: 154229 ExecStartPost=/bin/sh -c umask 022; echo $MAINPID > $PID_DIR (code=exited, status=0/SUCCESS)
   Main PID: 154228 (node)
      Tasks: 11 (limit: 3535)
     Memory: 90.6M
     CGroup: /system.slice/wazuh-dashboard.service
             └─154228 /usr/share/wazuh-dashboard/bin/../node/bin/node /usr/share/wazuh-dashboard/bin/../src/cli/dist -c /etc/wazuh-dashboard/wazuh-dashboard.yml

Jan 26 20:43:26 ubuntu20 systemd[1]: Starting wazuh-dashboard...
Jan 26 20:43:26 ubuntu20 systemd[1]: Started wazuh-dashboard.

c-bordon commented 2 years ago

Based on what @dariommr commented, I was carrying out specific tests and I found various problems.

1) the bin/opensearch-dashboards-keystore create command needs the config/ directory to exist in order to create the Keystore, at the moment it is not possible to change the path where it has to be created, and this generates a problem that will be detailed later:

[root@centos7 wazuh-dashboard]# bin/opensearch-dashboards-keystore create --allow-root
FATAL CLI ERROR Error: ENOENT: no such file or directory, open '/usr/share/wazuh-dashboard/config/opensearch_dashboards.keystore'
    at Object.openSync (fs.js:443:3)
    at writeFileSync (fs.js:1194:35)
    at Keystore.save (/usr/share/wazuh-dashboard/src/legacy/server/keystore/keystore.js:65:27)
    at create (/usr/share/wazuh-dashboard/src/cli_keystore/create.js:56:12)
    at Command.<anonymous> (/usr/share/wazuh-dashboard/src/cli/command.js:126:20)
    at Command.listener (/usr/share/wazuh-dashboard/node_modules/commander/index.js:291:8)
    at Command.emit (events.js:198:13)
    at Command.parseArgs (/usr/share/wazuh-dashboard/node_modules/commander/index.js:672:12)
    at Command.parse (/usr/share/wazuh-dashboard/node_modules/commander/index.js:459:21)
    at Object.<anonymous> (/usr/share/wazuh-dashboard/src/cli_keystore/cli_keystore.js:82:9)

2) The setting of the variables has to be done in this way since if other names are put, the replacement of the variable is not carried out:

opensearch.username: ${opensearch.username}
opensearch.password: ${opensearch.password}

https://discuss.elastic.co/t/kibana-keystore/132721/4

3) The Keystore is created in the directory /usr/share/wazuh-dashboard/config/opensearch_dashboards.keystore and being in another place to the configuration file, this does not work, we managed to make it work by moving the Keystore to /etc/wazuh- dashboard/, this was tried in a package but with no success

4) Here I detail the main problem of this topic, by default the keystores are created in the path /usr/share/wazuh-dashboard/config and we do not have the possibility to change this directory, for the Keystore to work correctly it is necessary that it be found in the same path as the configuration file, in our case /etc/wazuh-dashboard

This creates a problem because if any user wants to use this feature, they have to create the Keystore in /usr/share/wazuh-dashboard/config and then move it to /etc/wazuh-dashboard (this can be cumbersome and may not work ), so, for now, I consider that if we have the configuration file in the path /etc/wazuh-dashboard we are breaking the Keystore feature since it is not easy to use. We could solve this by modifying the application code and changing the default configuration path, but until this is done, the feature will not work correctly.

For now, we have decided to leave the username and password in plain text in the /etc/wazuh-dashboard directory until we define what to do with the Keystore theme

@alberpilot @okynos

c-bordon commented 2 years ago

Tests are carried out after moving the change of permissions from the postinst to the rules and errors are detected after the install, surely there are some permissions that should not be moved:

{"type":"log","@timestamp":"2022-01-27T18:06:40Z","tags":["fatal","root"],"pid":3691,"message":"Error: Unable to write OpenSearch Dashboards UUID file, please check the uuid.server configuration value in opensearch_dashboards.yml and ensure OpenSearch Dashboards has sufficient permissions to read / write to this file. Error was: EACCES\n    at writeUuidToFile (/usr/share/wazuh-dashboard/src/core/server/environment/resolve_uuid.js:125:11)"}

-----

root@Debian-Buster:~# ls -la /usr/share/wazuh-dashboard/
total 1184
drwxr-xr-x   8 root root    4096 Jan 27 18:05 .
drwxr-xr-x  74 root root    4096 Jan 27 18:05 ..
-rw-r--r--   1 root root   11358 Nov 15 16:47 LICENSE.txt
-rw-r--r--   1 root root 1137439 Nov 15 16:47 NOTICE.txt
-rw-r--r--   1 root root    1925 Nov 15 16:47 README.txt
drwxr-xr-x   2 root root    4096 Jan 27 18:05 bin
drwxr-xr-x   3 root root    4096 Jan 27 18:11 data
-rw-r--r--   1 root root    3098 Nov 15 16:47 manifest.yml
drwxr-xr-x   6 root root    4096 Jan 27 18:05 node
drwxr-xr-x 703 root root   20480 Jan 27 18:05 node_modules
-rw-r--r--   1 root root     827 Nov 15 16:47 package.json
drwxr-xr-x  11 root root    4096 Jan 27 18:05 plugins
drwxr-xr-x  11 root root    4096 Jan 27 18:05 src
root@Debian-Buster:~# ls -la /etc/wazuh-dashboard/
total 20
drwxr-xr-x  3 root root 4096 Jan 27 18:08 .
drwxr-xr-x 71 root root 4096 Jan 27 18:05 ..
drwxr-xr-x  2 root root 4096 Jan 27 18:05 certs
-rw-r--r--  1 root root  753 Nov 15 16:47 dashboard.yml
-rw-r--r--  1 root root  216 Nov 15 16:47 node.options

This was resolved by moving the permission change into override_dh_fixperms:

override_dh_fixperms:

    chown -R "${NAME}":"${NAME}" "${TARGET_DIR}${CONFIG_DIR}"
    chown -R "${NAME}":"${NAME}" "${TARGET_DIR}${INSTALLATION_DIR}"
    chown -R "${NAME}":"${NAME}" ${TARGET_DIR}/etc/default/"${NAME}"
    chown -R "${NAME}":"${NAME}" ${TARGET_DIR}/etc/systemd/system/"${NAME}"
    chmod 750 ${TARGET_DIR}/etc/systemd/system/wazuh-dashboards
    chmod 750 ${TARGET_DIR}/etc/default/wazuh-dashboards
    chmod 640 "${TARGET_DIR}${CONFIG_DIR}"/dashboards.yml
    chmod 750 "${TARGET_DIR}${CONFIG_DIR}"/certs
    chmod 400 "${TARGET_DIR}${CONFIG_DIR}"/certs/*
    chmod 640 "${TARGET_DIR}${CONFIG_DIR}"/node.options
    chmod 640 ${TARGET_DIR}/etc/systemd/system/wazuh-dashboards.service
    find "${TARGET_DIR}${INSTALLATION_DIR}" -type d -exec chmod 750 {} \;
    find "${TARGET_DIR}${INSTALLATION_DIR}" -type f -perm 644 -exec chmod 640 {} \;
    find "${TARGET_DIR}${INSTALLATION_DIR}" -type f -perm 755 -exec chmod 750 {} \;

c-bordon commented 2 years ago

Integration tests were carried out with the rest of the components, of the all-in-one type:

Wazuh-indexer, wazuh-dashboard, Wazuh manager and filebeat were installed:

Screenshot_20220128_104431 Screenshot_20220128_104442

This alert is because Filebeat was not installed: Screenshot_20220128_092701

An issue was found in deb package with the installation of the manager when it is done after the installation of wazuh-dashboard or wazuh-indexer:

https://github.com/wazuh/wazuh-packages/issues/1216

c-bordon commented 2 years ago

It is possible that the Wazuh plugin will have to be updated, to achieve this there are several ways, I will detail where it can be modified to achieve this:

1) The zip is located on S3: https://s3.amazonaws.com/warehouse.wazuh.com/stack/dashboard/wazuh-1.2.0.zip

If we replace this file with the same name we simply have to relaunch the build of the packages, these pipelines can be used.

Deb: https://devel.ci.wazuh.info/job/Package_builder_fcaffieri/122/ RPM: https://devel.ci.wazuh.info/job/Package_builder_fcaffieri/123/

2) In case it is necessary to change where the plugin file is saved, we must modify the specs, this is in the following lines:

Deb: https://github.com/wazuh/wazuh-packages/blob/5d99ac03eb0053dd4515033e9f2e45f354691de0/dashboard/deb/debian/rules#L101

RPM: https://github.com/wazuh/wazuh-packages/blob/5d99ac03eb0053dd4515033e9f2e45f354691de0/dashboard/rpm/wazuh-dashboard.spec#L117

c-bordon commented 2 years ago

Rename wazuh-dashboard to wazuh-dashboards on all files and directories of deb and rpm packages:

root@Debian-Buster:~# systemctl status wazuh-dashboards.service 
● wazuh-dashboards.service - wazuh-dashboards
   Loaded: loaded (/etc/systemd/system/wazuh-dashboards.service; disabled; vendor preset: enabled)
   Active: active (running) since Fri 2022-01-28 19:12:29 UTC; 32s ago
  Process: 3755 ExecStartPost=/bin/sh -c umask 022; echo $MAINPID > $PID_DIR (code=exited, status=0/SUCCESS)
 Main PID: 3754 (node)
    Tasks: 11 (limit: 3558)
   Memory: 175.6M
   CGroup: /system.slice/wazuh-dashboards.service
           └─3754 /usr/share/wazuh-dashboards/bin/../node/bin/node /usr/share/wazuh-dashboards/bin/../src/cli/dist -c /etc/wazuh-dashboards/dashboards.yml

Jan 28 19:12:29 Debian-Buster systemd[1]: Starting wazuh-dashboards...
Jan 28 19:12:29 Debian-Buster systemd[1]: Started wazuh-dashboards.
root@Debian-Buster:~# ls -la /usr/share/wazuh-dashboards/
total 1184
drwxr-xr-x   8 root             root                4096 Jan 28 19:12 .
drwxr-xr-x  74 root             root                4096 Jan 28 19:11 ..
-rw-r-----   1 wazuh-dashboards wazuh-dashboards   11358 Nov 15 16:47 LICENSE.txt
-rw-r-----   1 wazuh-dashboards wazuh-dashboards 1137439 Nov 15 16:47 NOTICE.txt
-rw-r-----   1 wazuh-dashboards wazuh-dashboards    1925 Nov 15 16:47 README.txt
drwxr-x---   2 wazuh-dashboards wazuh-dashboards    4096 Jan 28 19:12 bin
drwxr-x---   3 wazuh-dashboards wazuh-dashboards    4096 Jan 28 19:12 data
-rw-r-----   1 wazuh-dashboards wazuh-dashboards    3098 Nov 15 16:47 manifest.yml
drwxr-x---   6 wazuh-dashboards wazuh-dashboards    4096 Jan 28 19:12 node
drwxr-x--- 703 wazuh-dashboards wazuh-dashboards   20480 Jan 28 19:12 node_modules
-rw-r-----   1 wazuh-dashboards wazuh-dashboards     827 Nov 15 16:47 package.json
drwxr-x---  11 wazuh-dashboards wazuh-dashboards    4096 Jan 28 19:12 plugins
drwxr-x---  11 wazuh-dashboards wazuh-dashboards    4096 Jan 28 19:12 src
root@Debian-Buster:~# ls -la /etc/wazuh-dashboards/
total 20
drwxr-xr-x  3 root             root             4096 Jan 28 19:12 .
drwxr-xr-x 71 root             root             4096 Jan 28 19:11 ..
drwxr-x---  2 wazuh-dashboards wazuh-dashboards 4096 Jan 28 19:12 certs
-rw-r-----  1 wazuh-dashboards wazuh-dashboards  760 Nov 15 16:47 dashboards.yml
-rw-r-----  1 wazuh-dashboards wazuh-dashboards  216 Nov 15 16:47 node.options

[root@centos7 ~]# ls -la /usr/share/wazuh-dashboards/
total 1176
drwxr-xr-x.   8 root             root                 182 Jan 28 18:56 .
drwxr-xr-x.  69 root             root                4096 Jan 28 18:55 ..
drwxr-x---.   2 wazuh-dashboards wazuh-dashboards     109 Jan 28 18:55 bin
drwxr-x---.   3 wazuh-dashboards wazuh-dashboards      31 Jan 28 18:56 data
-rw-r-----.   1 wazuh-dashboards wazuh-dashboards   11358 Dec 31 13:25 LICENSE.txt
-rw-r-----.   1 wazuh-dashboards wazuh-dashboards    3098 Dec 31 13:25 manifest.yml
drwxr-x---.   6 wazuh-dashboards wazuh-dashboards     108 Jan 28 18:55 node
drwxr-x---. 703 wazuh-dashboards wazuh-dashboards   20480 Jan 28 18:55 node_modules
-rw-r-----.   1 wazuh-dashboards wazuh-dashboards 1137439 Dec 31 13:25 NOTICE.txt
-rw-r-----.   1 wazuh-dashboards wazuh-dashboards     827 Dec 31 13:25 package.json
drwxr-x---.  11 wazuh-dashboards wazuh-dashboards     254 Jan 28 18:56 plugins
-rw-r-----.   1 wazuh-dashboards wazuh-dashboards    1925 Dec 31 13:25 README.txt
drwxr-x---.  11 wazuh-dashboards wazuh-dashboards     160 Jan 28 18:56 src
[root@centos7 ~]# ls -la /etc/wazuh-dashboards/
certs/          dashboards.yml  node.options    
[root@centos7 ~]# ls -la /etc/wazuh-dashboards/dashboards.yml 
-rw-r-----. 1 wazuh-dashboards wazuh-dashboards 760 Jan 28 18:51 /etc/wazuh-dashboards/dashboards.yml
[root@centos7 ~]# ls -la /etc/wazuh-dashboards/certs/
total 12
drwxr-x---. 2 wazuh-dashboards wazuh-dashboards   85 Jan 28 18:55 .
drwxr-xr-x. 3 root             root               61 Jan 28 18:55 ..
-rw-r-----. 1 wazuh-dashboards wazuh-dashboards 1200 Jan 28 18:51 root-ca.pem
-rw-r-----. 1 wazuh-dashboards wazuh-dashboards 1708 Jan 28 18:51 wazuh-dashboards-key.pem
-rw-r-----. 1 wazuh-dashboards wazuh-dashboards 1241 Jan 28 18:51 wazuh-dashboards.pem
[root@centos7 ~]# systemctl status wazuh-dashboards.service 
● wazuh-dashboards.service - wazuh-dashboards
   Loaded: loaded (/etc/systemd/system/wazuh-dashboards.service; disabled; vendor preset: disabled)
   Active: active (running) since Fri 2022-01-28 18:56:53 UTC; 26min ago
  Process: 4357 ExecStartPost=/bin/sh -c umask 022; echo $MAINPID > $PID_DIR (code=exited, status=0/SUCCESS)
 Main PID: 4356 (node)
   CGroup: /system.slice/wazuh-dashboards.service
           └─4356 /usr/share/wazuh-dashboards/bin/../node/bin/node /usr/share/wazuh-dashboards/bin/../src/cli/dist -c /etc/wazuh-dashboards/dashboards.yml

Jan 28 18:56:53 centos7 systemd[1]: Starting wazuh-dashboards...
Jan 28 18:56:53 centos7 systemd[1]: Started wazuh-dashboards.

It is necessary to update the package creation pipelines with the name changes: @fcaffieri @okynos

Packages: https://s3.amazonaws.com/warehouse.wazuh.com/stack/dashboard/stable/wazuh-dashboards_4.3.0-1_amd64.deb https://s3.amazonaws.com/warehouse.wazuh.com/stack/dashboard/stable/wazuh-dashboards-4.3.0-1.x86_64.rpm

fcaffieri commented 2 years ago

Changes made to pipelines. TEST's: RPM: https://devel.ci.wazuh.info/job/Package_builder_fcaffieri/131/console DEB: https://devel.ci.wazuh.info/job/Package_builder_fcaffieri/133/console

c-bordon commented 2 years ago

After carrying out new upgrade tests verifying the change of the files, we were able to verify that the upgrade is done correctly and the /etc/wazuh-dashboards/ files that were modified by the user are maintained:

Centos 7:

After installation: [root@centos7 ~]# sha256sum /etc/wazuh-dashboards/dashboards.yml 3780cb725f7e566661e183ced23288fa977cacffba814e01cb60b15880cc1bda /etc/wazuh-dashboards/dashboards.yml

After modifying the user: [root@centos7 ~]# sha256sum /etc/wazuh-dashboards/dashboards.yml 19dc8e42cb24e6403ed5a92eb71689bbd36c70e431c2a6b3c8b0b0a3979f70af /etc/wazuh-dashboards/dashboards.yml

After upgrade: [root@centos7 ~]# sha256sum /etc/wazuh-dashboards/dashboards.yml 19dc8e42cb24e6403ed5a92eb71689bbd36c70e431c2a6b3c8b0b0a3979f70af /etc/wazuh-dashboards/dashboards.yml

Debian Buster:

After installation: root@Debian-Buster:~# sha256sum /etc/wazuh-dashboards/dashboards.yml 3780cb725f7e566661e183ced23288fa977cacffba814e01cb60b15880cc1bda /etc/wazuh-dashboards/dashboards.yml

After modifying the user: root@Debian-Buster:~# sha256sum /etc/wazuh-dashboards/dashboards.yml 19dc8e42cb24e6403ed5a92eb71689bbd36c70e431c2a6b3c8b0b0a3979f70af /etc/wazuh-dashboards/dashboards.yml

After upgrade: root@Debian-Buster:~# sha256sum /etc/wazuh-dashboards/dashboards.yml 19dc8e42cb24e6403ed5a92eb71689bbd36c70e431c2a6b3c8b0b0a3979f70af /etc/wazuh-dashboards/dashboards.yml

In deb package we have the following options:

   What would you like to do about it ?  Your options are:
    Y or I  : install the package maintainer's version
    N or O  : keep your currently-installed version
      D     : show the differences between the versions
      Z     : start a shell to examine the situation
 The default action is to keep your current version.
*** dashboards.yml (Y/I/N/O/D/Z) [default=N] ? N

c-bordon commented 2 years ago

A pdf export test is performed: Screenshot_20220203_151653 wazuh-agent-001-configuration-1643912199.pdf

c-bordon commented 2 years ago

The structure is updated to stack/dashboard: https://github.com/wazuh/wazuh-packages/commit/9df13ec8c00a603267748c151601d8091bd341e8

c-bordon commented 2 years ago

The behavior of the /run/wazuh-dashboards/wazuh-dashboards.pid file after uninstallation is corrected, this file is deleted when the product is uninstalled since if it persists it causes problems with new installs since it remains with the permissions of the previous user

c-bordon commented 2 years ago

Verify the behavior of wazuh-dashboards.pid after a reboot of the host since this file is deleted and generates an error when trying to start the service:

[root@centos8 ~]# reboot
Connection to 127.0.0.1 closed by remote host.
Connection to 127.0.0.1 closed.
cbordon@cbordon-MS-7C88:~/Documents/wazuh/local-test/vagrant-tests/centos/8$ vagrant ssh                                    
Last login: Fri Feb  4 16:29:38 2022 from 10.0.2.2
[vagrant@centos8 ~]$ sudo su -
Last login: Fri Feb  4 16:30:02 UTC 2022 on pts/0
[root@centos8 ~]# systemctl status wazuh-dashboards.service 
● wazuh-dashboards.service - wazuh-dashboards
   Loaded: loaded (/etc/systemd/system/wazuh-dashboards.service; enabled; vendor preset: disabled)
   Active: active (running) since Fri 2022-02-04 18:23:13 UTC; 31s ago
  Process: 660 ExecStartPost=/bin/sh -c umask 022; echo $MAINPID > $PID_DIR (code=exited, status=1/FAILURE)
 Main PID: 659 (node)
    Tasks: 11 (limit: 12122)
   Memory: 175.1M
   CGroup: /system.slice/wazuh-dashboards.service
           └─659 /usr/share/wazuh-dashboards/bin/../node/bin/node /usr/share/wazuh-dashboards/bin/../src/cli/dist -c /etc/wazuh-dashboards/dashboards.yml

Feb 04 18:23:13 centos8 systemd[1]: Starting wazuh-dashboards...
Feb 04 18:23:13 centos8 sh[660]: /bin/sh: /run/wazuh-dashboards/wazuh-dashboards.pid: No such file or directory
Feb 04 18:23:13 centos8 systemd[1]: Started wazuh-dashboards.
[root@centos8 ~]# ls -la /run
total 28
drwxr-xr-x. 25 root          root           760 Feb  4 18:23 .
dr-xr-xr-x. 18 root          root           255 Feb  4 16:40 ..
-rw-------.  1 root          root             0 Feb  4 18:23 agetty.reload
-rw-r--r--.  1 root          root             4 Feb  4 18:23 auditd.pid
drwxr-x---.  2 chrony        chrony          80 Feb  4 18:23 chrony
drwxr-xr-x.  2 root          root            60 Feb  4 18:23 chrony-helper
drwxr-xr-x.  2 root          root            40 Feb  4 18:23 console
----------.  1 root          root             0 Feb  4 18:23 cron.reboot
drwx------.  2 root          root            40 Feb  4 18:23 cryptsetup
drwxr-xr-x.  2 root          root            60 Feb  4 18:23 dbus
drwxr-xr-x.  2 root          root            40 Feb  4 18:23 faillock
drwxr-xr-x.  2 root          root            60 Feb  4 18:23 fsck
-rw-------.  1 root          root             4 Feb  4 18:23 gssproxy.pid
srw-rw-rw-.  1 root          root             0 Feb  4 18:23 gssproxy.sock
srw-rw-rw-.  1 root          root             0 Feb  4 18:23 .heim_org.h5l.kcm-socket
prw-------.  1 root          root             0 Feb  4 18:23 initctl
drwxr-xr-x.  4 root          root           100 Feb  4 18:23 initramfs
drwxr-xr-x.  3 root          root            60 Feb  4 18:23 lock
drwxr-xr-x.  3 root          root            60 Feb  4 18:23 log
drwxr-xr-x.  2 root          root            40 Feb  4 18:23 mount
drwxr-xr-x.  6 root          root           160 Feb  4 18:23 NetworkManager
drwx------.  2 rpc           rpc             60 Feb  4 18:23 rpcbind
srw-rw-rw-.  1 root          root             0 Feb  4 18:23 rpcbind.sock
-rw-------.  1 root          root             3 Feb  4 18:23 rsyslogd.pid
drwxr-xr-x.  2 root          root            40 Feb  4 18:23 samba
drwxr-xr-x.  2 root          root            40 Feb  4 18:23 sepermit
drwxr-xr-x.  2 root          root            40 Feb  4 18:23 setrans
-rw-------.  1 root          root             4 Feb  4 18:23 sm-notify.pid
-rw-r--r--.  1 root          root             4 Feb  4 18:23 sshd.pid
-rw-------.  1 root          root             4 Feb  4 18:23 sssd.pid
drwx--x--x.  3 root          root            60 Feb  4 18:23 sudo
drwxr-xr-x. 16 root          root           420 Feb  4 18:23 systemd
drwxr-xr-x.  2 root          root            60 Feb  4 18:23 tmpfiles.d
drwxr-xr-x.  2 root          root            60 Feb  4 18:23 tuned
drwxr-xr-x.  7 root          root           160 Feb  4 18:23 udev
drwxr-xr-x.  3 root          root            60 Feb  4 18:23 user
-rw-rw-r--.  1 root          utmp          1536 Feb  4 18:23 utmp
drwxr-xr-x.  2 wazuh-indexer wazuh-indexer   60 Feb  4 18:23 wazuh-indexer
[root@centos8 ~]# ps aux | grep dashboard
wazuh-d+     659  2.8  7.2 1002808 142832 ?      Ssl  18:23   0:05 /usr/share/wazuh-dashboards/bin/../node/bin/node /usr/share/wazuh-dashboards/bin/../src/cli/dist -c /etc/wazuh-dashboards/dashboards.yml
root        2728  0.0  0.0  12136  1044 pts/0    S+   18:26   0:00 grep --color=auto dashboard

dariommr commented 2 years ago

Hello Team, I suggested including Keystores and obfuscate passwords for Filebeat and Wazuh Dashboards in the installation, as a way of securing the installation (in this comment https://github.com/wazuh/wazuh-packages/issues/1141#issuecomment-1022127196). But we ran into issues to achieve this. I was able to resolve the issue regarding the Wazuh Dashboards Keystore, the main issue is that it does not work in the same way as Filebeat.

In Wazuh Dashboards, you need to define a configuration rather than a variable (in Filebeat you define variables), so if you have to set up a configuration in wazuh-dashboard.yml like opensearch.username, you have to define the same in the keystone and then there is no need to specify it in the configuration file (wazuh-dashboard.yml).

For instance, to set up username and password:

Create the Keystore

root@wzh-index-01:~# sudo -u wazuh-dashboard /usr/share/wazuh-dashboard/bin/opensearch-dashboards-keystore create
An OpenSearch Dashboards keystore already exists. Overwrite? [y/N] y
Created OpenSearch Dashboards keystore in /usr/share/wazuh-dashboard/config/opensearch_dashboards.keystore

Note: it was created in the /usr/share/wazuh-dashboard/config/ and independent of where the wazuh-dashboard.yml is located, and therefore that directory MUST exist (by default it is not created by the installation).

Specify the configurations

root@wzh-index-01:~# sudo -u wazuh-dashboard /usr/share/wazuh-dashboard/bin/opensearch-dashboards-keystore add opensearch.username
Enter value for opensearch.username: ************
root@wzh-index-01:~# sudo -u wazuh-dashboard /usr/share/wazuh-dashboard/bin/opensearch-dashboards-keystore add opensearch.password
Enter value for opensearch.password: ************

Remove the configurations from the yaml file

root@wzh-index-01:~# nano /etc/wazuh-dashboard/wazuh-dashboard.yml
root@wzh-index-01:~# cat /etc/wazuh-dashboard/wazuh-dashboard.yml | grep -E "password|username"
#opensearch.username: kibanaserver
#opensearch.password: kibanaserver

Note: for practical purposes, I just commented on them, but they have to be removed

Restarting the service

root@wzh-index-01:~# systemctl restart wazuh-dashboard.service 
root@wzh-index-01:~# cat /var/log/wazuh-dashboard/wazuh-dashboard.log | grep "running at"
{"type":"log","@timestamp":"2022-02-07T19:26:40Z","tags":["listening","info"],"pid":2836,"message":"Server running at https://0.0.0.0:443"}
{"type":"log","@timestamp":"2022-02-07T19:26:40Z","tags":["info","http","server","OpenSearchDashboards"],"pid":2836,"message":"http server running at https://0.0.0.0:443"}

Non-interactive creation of the Keystore

cat /file/containing/setting/value | bin/wazuh-dashboard-keystore add opendistro.username --stdin

Source: https://www.elastic.co/guide/en/kibana/7.10/secure-settings.html

I hope this information could be helpful.

c-bordon commented 2 years ago

I was working on the corrections indicated in the revision of the PR

I also continue working on the script for the assembly of the tar package, at the moment I do not have it versioned in any branch, since I am waiting for an issue for v2.

I am currently working on uploading the tar to S3 with parameters:

#!/bin/bash

# Wazuh package generator
# Copyright (C) 2022, Wazuh Inc.
#
# This program is a free software; you can redistribute it
# and/or modify it under the terms of the GNU General Public
# License (version 2) as published by the FSF - Free Software
# Foundation.

set -x

CURRENT_PATH="$( cd $(dirname $0) ; pwd -P )"
ARCHITECTURE="amd64"
OPENSEARCH_VERSION="1.2.0"
S3="warehouse.wazuh.com/stack/dashboard"
UPLOAD=false
OUTDIR="${CURRENT_PATH}/output"

trap ctrl_c INT

clean() {
    exit_code=$1

    # Clean the files
    rm -rf ${CURRENT_PATH}/{*.tar.gz,*-dashboards-*}

    exit ${exit_code}
}

ctrl_c() {
    clean 1
}

build() {
    curl -O https://artifacts.opensearch.org/releases/bundle/opensearch-dashboards/${OPENSEARCH_VERSION}/opensearch-dashboards-${OPENSEARCH_VERSION}-linux-x64.tar.gz
    tar -xf opensearch-dashboards-${OPENSEARCH_VERSION}-linux-x64.tar.gz && rm -f opensearch-dashboards-${OPENSEARCH_VERSION}-linux-x64.tar.gz
    find ./opensearch-dashboards-${OPENSEARCH_VERSION}-linux-x64/ -type l -exec rm -rf {} \;
    rm -rf opensearch-dashboards-${OPENSEARCH_VERSION}-linux-x64/config/
    cp -r etc/ opensearch-dashboards-${OPENSEARCH_VERSION}-linux-x64/
    cp opensearch-dashboards-${OPENSEARCH_VERSION}-linux-x64/etc/opensearch_dashboards_config.js  opensearch-dashboards-${OPENSEARCH_VERSION}-linux-x64/src/core/server/opensearch_dashboards_config.js
    mv opensearch-dashboards-${OPENSEARCH_VERSION}-linux-x64/ wazuh-dashboards-base-linux-x64/
    tar cf wazuh-dashboards-base-linux-x64.tar.gz wazuh-dashboards-base-linux-x64/

    if [ "${UPLOAD}" = true ];then 
        BUCKET=$(echo "${S3}" | cut -d'/' -f 1)
        PACKAGE_PATH=$(echo "${S3}" | cut -d'/' -f 1 --complement)
        aws s3api put-object --bucket ${BUCKET} --key ${PACKAGE_PATH}/wazuh-dashboards-base-linux-x64.tar.gz --body wazuh-dashboards-base-linux-x64.tar.gz --acl public-read
        return 1
    else
        if [ ! -d "${OUTDIR}" ];then 
            mkdir -p ${OUTDIR}
        fi
        cp wazuh-dashboards-base-linux-x64.tar.gz ${OUTDIR}/wazuh-dashboards-base-linux-x64.tar.gz
        return 1
    fi

    return 0
}

help() {
    echo
    echo "Usage: $0 [OPTIONS]"
    echo
    echo "    -a, --architecture <arch>  [Optional] Target architecture of the package [amd64]."
    echo "    -u, --upload <path>         [Optional] Set the destination path of package. By default, an output folder will be created."
    echo "    -s, --store <path>         [Optional] Set the destination path of package. By default, an output folder will be created."
    echo "    -v, --version <path>         [Optional] The OpenSearch-dashboards Version. By default, 1.2.0"
    echo "    -h, --help                 Show this help."
    echo
    exit $1
}

main() {
    while [ -n "$1" ]
    do
        case "$1" in
        "-h"|"--help")
            help 0
            ;;
        "-a"|"--architecture")
            if [ -n "$2" ]; then
                ARCHITECTURE="$2"
                shift 2
            else
                help 1
            fi
            ;;
        "-u"|"--upload")
                UPLOAD=true
            if [ -n "$2" ]; then
                S3="$2"
                shift 2
            else
                shift 1
            fi
            ;;
        "-s"|"--store")
            if [ -n "$2" ]; then
                OUTDIR="$2"
                shift 2
            else
                help 1
            fi
            ;;
        "-v"|"--version")
            if [ -n "$2" ]; then
                OPENSEARCH_VERSION="$2"
                shift 2
            else
                help 1
            fi
            ;;
        *)
            help 1
        esac
    done

    build || clean 1

    clean 0
}

main "$@"