72nomada commented 2 years ago

Wazuh version	Install type	Action performed	Platform
4.4.x	Manager/Agent	Install offline	any

While following Installation alternatives - Offline installation may be helpful to provide a couple of scripts to do most of the tasks in an automated way.

The offline installing process can/should be improved by providing customers with a single offline installer script in both the download and offline systems.

Also, the process should improve the transfer of packages from the download system to the offline system by creating a single tar.gz file as output from the download process. As a result, it is easier to copy between offline systems.

The process should include two parts:

Download process: to download and create a tar.gz file containing all the packages needed for offline installation on offline systems. This process may need user input for all-in-one vs. distributed nodes' IPs.
Installation process: once packages are ready on the offline system, this process will proceed to installing and configuring the new environment.

related to - #wazuh/12889

davidcr01 commented 11 months ago

Update Report

Workaround

After considering adding support for a single-node installation (AIO) and distributed-node installation, I noticed that maybe, it is not necessary to add too much code to automatize the installation process of the offline installation.

With some investigation, I noticed that what we are trying to do is the same that the WIA can do currently (AIO and install the Wazuh central components separately) but instead of using the packages manager to install the packages from the repositories, it would use the packages managers to perform local installations, using the packages contained in the tar file resulting of the -dw option of the WIA. We do not only have to consider the packages, but also other resources, such as certificates, the Filebeat module, the Wazuh GPG key, the Wazuh Filebeat template, and the Filebeat package.

It is necessary to consider the structure of the resulting wazuh-offline directory of the wazuh-offline.tar.gz file:

root@ubuntu22:/home/vagrant# tree wazuh-offline
wazuh-offline
├── wazuh-files
│   ├── filebeat.yml
│   ├── GPG-KEY-WAZUH
│   ├── wazuh-filebeat-0.2.tar.gz
│   └── wazuh-template.json
└── wazuh-packages
    ├── filebeat-oss-7.10.2-amd64.deb
    ├── wazuh-dashboard_4.6.0-1_amd64.deb
    ├── wazuh-indexer_4.6.0-1_amd64.deb
    └── wazuh-manager_4.6.0-1_amd64.deb

2 directories, 8 files

Tasks

Considering the size of the issue, it is nearly compulsory to divide it into different tasks, following order to perform the correct development:

[x] Modify the WIA options. It would include another option (-of for example), and this option should work with options -a, -wi, -ws, -wd
[x] Develop a function to check the dependencies of the system. If a dependency is not installed, the installation can not be performed.
[x] Develop a function to check the files before doing the offline installation
[x] Develop a function to extract the files from the offline tar file.
[x] Change the function when the Wazuh GPG key is fetched
[x] Change the function when the Filebeat module is fetched
[x] Change the function when the Filebeat template is fetched
[x] Change the function when the Wazuh indexer is installed
[x] Change the function when the Wazuh manager is installed
[x] Change the function when Filebeat is installed
[x] Change the function when the Wazuh dashboard is installed
[x] ~~Change the function when the certificates are fetched.~~

Besides, it is necessary to:

[ ] Create an issue and PR in wazuh-documentation repository to update the related documentation.

After this, some validations must be done to ensure the correct behavior:

[x] AIO online installation
[x] AIO offline installation
[x] Distributed online installation
[x] Distributed offline installation

davidcr01 commented 11 months ago

Update Report

Validations

:green_circle: Validation of dependency not installed

```console root@ubuntu22:/home/vagrant# bash wazuh-install.sh -of -a 24/11/2023 17:46:42 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0 24/11/2023 17:46:42 INFO: Verbose logging redirected to /var/log/wazuh-install.log 24/11/2023 17:46:42 INFO: Checking installed dependencies for Offline installation. 24/11/2023 17:46:44 ERROR: openssl is necessary for the offline installation. ```

:green_circle: Validation of wrong parameters

```console root@ubuntu22:/home/vagrant# bash wazuh-install.sh -of -dw deb 24/11/2023 17:49:31 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0 24/11/2023 17:49:31 INFO: Verbose logging redirected to /var/log/wazuh-install.log 24/11/2023 17:49:31 INFO: Checking installed dependencies for Offline installation. 24/11/2023 17:49:34 ERROR: The -of|--offline-installation option must be used with -a, -ws, -wi, or -wd. ```

:green_circle: Validation of wazuh-offline tar.gz file

Success case ```console root@ubuntu22:/home/vagrant# bash wazuh-install.sh -of -a -v 29/11/2023 11:08:43 DEBUG: Checking root permissions. 29/11/2023 11:08:43 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0 29/11/2023 11:08:43 INFO: Verbose logging redirected to /var/log/wazuh-install.log 29/11/2023 11:08:43 DEBUG: APT package manager will be used. 29/11/2023 11:08:43 INFO: Checking installed dependencies for Offline installation. 29/11/2023 11:08:45 INFO: Checking wazuh-offline.tar.gz file and wazuh-certificates folder. 29/11/2023 11:08:45 DEBUG: wazuh-offline.tar.gz was found correctly. ``` Case of missing tar file ```console root@ubuntu22:/home/vagrant# ls | grep wazuh-offline.tar.gz root@ubuntu22:/home/vagrant# bash wazuh-install.sh -of -a -v 29/11/2023 11:09:25 DEBUG: Checking root permissions. 29/11/2023 11:09:25 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0 29/11/2023 11:09:25 INFO: Verbose logging redirected to /var/log/wazuh-install.log 29/11/2023 11:09:25 DEBUG: APT package manager will be used. 29/11/2023 11:09:25 INFO: Checking installed dependencies for Offline installation. 29/11/2023 11:09:27 INFO: Checking wazuh-offline.tar.gz file and wazuh-certificates folder. 29/11/2023 11:09:27 ERROR: The wazuh-offline.tar.gz file was not found in /home/vagrant. ```

:green_circle: Validation of files extraction and check

Case of missing file: ```console root@ubuntu22:/home/vagrant# bash wazuh-install.sh -a -of -v 01/12/2023 11:02:59 DEBUG: Checking root permissions. 01/12/2023 11:02:59 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0 01/12/2023 11:02:59 INFO: Verbose logging redirected to /var/log/wazuh-install.log 01/12/2023 11:02:59 DEBUG: APT package manager will be used. 01/12/2023 11:02:59 INFO: Checking installed dependencies for Offline installation. 01/12/2023 11:03:01 DEBUG: Offline dependencies are installed. 01/12/2023 11:03:01 DEBUG: Checking system distribution. 01/12/2023 11:03:01 DEBUG: Detected distribution name: ubuntu 01/12/2023 11:03:01 DEBUG: Detected distribution version: 22 01/12/2023 11:03:01 DEBUG: Checking Wazuh installation. 01/12/2023 11:03:02 DEBUG: Checking system architecture. 01/12/2023 11:03:02 INFO: Verifying that your system meets the recommended minimum hardware requirements. 01/12/2023 11:03:02 DEBUG: CPU cores detected: 2 01/12/2023 11:03:02 DEBUG: Free RAM memory detected: 3924 01/12/2023 11:03:02 INFO: Wazuh web interface port will be 443. 01/12/2023 11:03:02 DEBUG: Checking ports availability. 01/12/2023 11:03:03 INFO: Checking wazuh-offline.tar.gz file and wazuh-certificates folder. 01/12/2023 11:03:03 DEBUG: wazuh-offline.tar.gz was found correctly. 01/12/2023 11:03:03 DEBUG: Extracting files from wazuh-offline.tar.gz 01/12/2023 11:03:09 ERROR: Missing offline file: /home/vagrant/wazuh-offline/wazuh-packages/filebeeat-oss-*.deb ``` Success case: ```console root@ubuntu22:/home/vagrant# bash wazuh-install.sh -a -of -v 01/12/2023 11:03:30 DEBUG: Checking root permissions. 01/12/2023 11:03:30 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0 01/12/2023 11:03:30 INFO: Verbose logging redirected to /var/log/wazuh-install.log 01/12/2023 11:03:30 DEBUG: APT package manager will be used. 01/12/2023 11:03:30 INFO: Checking installed dependencies for Offline installation. 01/12/2023 11:03:31 DEBUG: Offline dependencies are installed. 01/12/2023 11:03:31 DEBUG: Checking system distribution. 01/12/2023 11:03:31 DEBUG: Detected distribution name: ubuntu 01/12/2023 11:03:31 DEBUG: Detected distribution version: 22 01/12/2023 11:03:31 DEBUG: Checking Wazuh installation. 01/12/2023 11:03:32 DEBUG: Checking system architecture. 01/12/2023 11:03:32 INFO: Verifying that your system meets the recommended minimum hardware requirements. 01/12/2023 11:03:32 DEBUG: CPU cores detected: 2 01/12/2023 11:03:32 DEBUG: Free RAM memory detected: 3924 01/12/2023 11:03:32 INFO: Wazuh web interface port will be 443. 01/12/2023 11:03:32 DEBUG: Checking ports availability. 01/12/2023 11:03:33 INFO: Checking wazuh-offline.tar.gz file and wazuh-certificates folder. 01/12/2023 11:03:33 DEBUG: wazuh-offline.tar.gz was found correctly. 01/12/2023 11:03:33 DEBUG: Extracting files from wazuh-offline.tar.gz 01/12/2023 11:03:40 DEBUG: Offline files extracted successfully. ```

:green_circle: Validation of Wazuh GPG key import

```console root@ubuntu22:/home/vagrant# bash wazuh-install.sh -of -a 04/12/2023 17:44:05 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0 04/12/2023 17:44:05 INFO: Verbose logging redirected to /var/log/wazuh-install.log 04/12/2023 17:44:05 INFO: Checking installed dependencies for Offline installation. 04/12/2023 17:44:08 INFO: Verifying that your system meets the recommended minimum hardware requirements. 04/12/2023 17:44:08 INFO: Wazuh web interface port will be 443. 04/12/2023 17:44:09 INFO: Checking wazuh-offline.tar.gz file. 04/12/2023 17:44:37 INFO: Wazuh development repository added. root@ubuntu22:/home/vagrant# grep ^ /etc/apt/sources.list /etc/apt/sources.list.d/* ... /etc/apt/sources.list:# deb-src https://mirrors.edge.kernel.org/ubuntu/ jammy-security universe /etc/apt/sources.list:deb https://mirrors.edge.kernel.org/ubuntu/ jammy-security multiverse /etc/apt/sources.list:# deb-src https://mirrors.edge.kernel.org/ubuntu/ jammy-security multiverse /etc/apt/sources.list.d/wazuh.list:deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages-dev.wazuh.com/pre-release/apt/ unstable main ```

davidcr01 commented 11 months ago

Created some EC2 instances to test the development in other OS. This issue goes to On Hold due to https://github.com/wazuh/wazuh-indexer/issues/79

davidcr01 commented 11 months ago

Update Report

Currently I am working on some errors related to the RPM-based systems. It seems that, with no internet connection, the yum install <package> can not be performed because the command tries to validate the GPG key.

+ eval 'yum install /home/ec2-user/wazuh-offline/wazuh-packages/wazuh-indexer-4.8.0-1.x86_64.rpm -y 2>&1'
+++ yum install /home/ec2-user/wazuh-offline/wazuh-packages/wazuh-indexer-4.8.0-1.x86_64.rpm -y
+ yum_output='Updating Subscription Management repositories.
Unable to read consumer identity

This system is not registered with an entitlement server. You can use subscription-manager to register.

EL-9 - Wazuh                                    0.0  B/s |   0  B     01:52    
Errors during downloading metadata for repository '\''wazuh'\'':
  - Curl error (28): Timeout was reached for https://packages-dev.wazuh.com/pre-release/yum/repodata/repomd.xml [Failed to connect to packages-dev.wazuh.com port 443: Connection timed out]
Error: Failed to download metadata for repo '\''wazuh'\'': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried'
+ install_result=1
+ eval 'echo ${yum_output} 2>&1 | tee -a /var/log/wazuh-install.log'
++ tee -a /var/log/wazuh-install.log
++ echo Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. EL-9 - Wazuh 0.0 B/s '|' 0 B 01:52 Errors during downloading metadata for repository ''\''wazuh'\'':' - Curl error '(28):' Timeout was reached for https://packages-dev.wazuh.com/pre-release/yum/repodata/repomd.xml '[Failed' to connect to packages-dev.wazuh.com port 443: Connection timed 'out]' Error: Failed to download metadata for repo ''\''wazuh'\'':' Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried
Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. EL-9 - Wazuh 0.0 B/s | 0 B 01:52 Errors during downloading metadata for repository 'wazuh': - Curl error (28): Timeout was reached for https://packages-dev.wazuh.com/pre-release/yum/repodata/repomd.xml [Failed to connect to packages-dev.wazuh.com port 443: Connection timed out] Error: Failed to download metadata for repo 'wazuh': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried
+ install_result=1

But, if I run this command manually, no errors are generated:

[root@ip-172-31-36-51 ec2-user]# eval 'yum install /home/ec2-user/wazuh-offline/wazuh-packages/wazuh-indexer-4.8.0-1.x86_64.rpm -y 2>&1'
Updating Subscription Management repositories.
Unable to read consumer identity

This system is not registered with an entitlement server. You can use subscription-manager to register.

Last metadata expiration check: 1:39:15 ago on Wed 13 Dec 2023 04:57:26 PM UTC.
Dependencies resolved.
===================================================
 Package       Arch   Version   Repository    Size
===================================================
Installing:
 wazuh-indexer x86_64 4.8.0-1   @commandline 743 M

Transaction Summary
===================================================
Install  1 Package

Total size: 743 M
Installed size: 1.0 G
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                           1/1 
  Running scriptlet: wazuh-indexer-4.8.0-1.x   1/1 
  Installing       : wazuh-indexer-4.8.0-1.x   1/1 
  Running scriptlet: wazuh-indexer-4.8.0-1.x   1/1 
Created opensearch keystore in /etc/wazuh-indexer/opensearch.keystore

  Verifying        : wazuh-indexer-4.8.0-1.x   1/1 
Installed products updated.

Installed:
  wazuh-indexer-4.8.0-1.x86_64                     

Complete!
[root@ip-172-31-36-51 ec2-user]#

It is necessary to study the root cause of this situation and fix it. This behavior is seen in RHEL9 and CentOS8. In DEB-based systems, this behavior is not reproduced.

:heavy_check_mark: The proposed solution is to use rpm instead of yum in offline installation. The problem is that yum as the package manager tries to find the dependencies of the Wazuh packages and update the database. In the offline installation, this is not necessary, so rpm can be used safely and avoid the reported error above.

davidcr01 commented 11 months ago

Update Report

Testing

Before performing an offline installation, the necessary packages and files must be created. To do this, just use the -dw to download the packages and files and the -g option to generate the certificates:

root@ip-172-31-37-181:/home/ubuntu# bash wazuh-install.sh -dw deb
14/12/2023 14:37:50 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0
14/12/2023 14:37:50 INFO: Verbose logging redirected to /var/log/wazuh-install.log
14/12/2023 14:38:11 INFO: Verifying that your system meets the recommended minimum hardware requirements.
14/12/2023 14:38:11 INFO: --- Download Packages ---
14/12/2023 14:38:11 INFO: Starting Wazuh packages download.
14/12/2023 14:38:11 INFO: Downloading Wazuh deb packages for x86_64.
14/12/2023 14:38:17 INFO: The manager package was downloaded.
14/12/2023 14:38:18 INFO: The filebeat package was downloaded.
14/12/2023 14:38:31 INFO: The indexer package was downloaded.
14/12/2023 14:38:34 INFO: The dashboard package was downloaded.
14/12/2023 14:38:34 INFO: The packages are in wazuh-offline/wazuh-packages
14/12/2023 14:38:34 INFO: Downloading configuration files and assets.
14/12/2023 14:38:35 INFO: The resource https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH was downloaded.
14/12/2023 14:38:35 INFO: The resource https://packages-dev.wazuh.com/4.8/tpl/wazuh/filebeat/filebeat.yml was downloaded.
14/12/2023 14:38:36 INFO: The resource https://raw.githubusercontent.com/wazuh/wazuh/4.8.0/extensions/elasticsearch/7.x/wazuh-template.json was downloaded.
14/12/2023 14:38:36 INFO: The resource https://packages-dev.wazuh.com/pre-release/filebeat/wazuh-filebeat-0.3.tar.gz was downloaded.
14/12/2023 14:38:36 INFO: The configuration files and assets are in wazuh-offline.tar.gz
14/12/2023 14:39:35 INFO: You can follow the installation guide here https://documentation.wazuh.com/current/deployment-options/offline-installation.html

root@ip-172-31-37-181:/home/ubuntu# vi config.yml
root@ip-172-31-37-181:/home/ubuntu# bash wazuh-install.sh -g
14/12/2023 14:39:50 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0
14/12/2023 14:39:50 INFO: Verbose logging redirected to /var/log/wazuh-install.log
14/12/2023 14:40:01 ERROR: File /home/ubuntu/wazuh-install-files.tar already exists. Please remove it if you want to use a new configuration.

One this two tar files are created, they must be sent to the offline machines.

:green_circle: Distributed installation in CentOS7

```console [root@centos7 vagrant]# bash wazuh-install.sh -wi node-1 -of -v 13/12/2023 16:54:04 DEBUG: Checking root permissions. 13/12/2023 16:54:04 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0 13/12/2023 16:54:04 INFO: Verbose logging redirected to /var/log/wazuh-install.log 13/12/2023 16:54:04 DEBUG: YUM package manager will be used. 13/12/2023 16:54:04 INFO: Checking installed dependencies for Offline installation. 13/12/2023 16:54:06 DEBUG: Offline dependencies are installed. 13/12/2023 16:54:06 DEBUG: Checking system distribution. 13/12/2023 16:54:06 DEBUG: Detected distribution name: centos 13/12/2023 16:54:06 DEBUG: Detected distribution version: 7 13/12/2023 16:54:06 DEBUG: Checking Wazuh installation. 13/12/2023 16:54:09 DEBUG: Checking previous certificate existence. 13/12/2023 16:54:09 DEBUG: Checking system architecture. 13/12/2023 16:54:09 INFO: Verifying that your system meets the recommended minimum hardware requirements. 13/12/2023 16:54:09 DEBUG: CPU cores detected: 2 13/12/2023 16:54:09 DEBUG: Free RAM memory detected: 3789 13/12/2023 16:54:09 DEBUG: Checking ports availability. 13/12/2023 16:54:10 INFO: Checking wazuh-offline.tar.gz file. 13/12/2023 16:54:10 DEBUG: wazuh-offline.tar.gz was found correctly. 13/12/2023 16:54:10 DEBUG: Extracting files from wazuh-offline.tar.gz 13/12/2023 16:54:18 DEBUG: Offline files extracted successfully. 13/12/2023 16:54:18 DEBUG: Checking curl tool version. 13/12/2023 16:54:19 DEBUG: Adding the Wazuh repository. [wazuh] gpgcheck=1 gpgkey=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH enabled=1 name=EL-${releasever} - Wazuh baseurl=https://packages-dev.wazuh.com/pre-release/yum/ protect=1 13/12/2023 16:54:19 INFO: Wazuh development repository added. 13/12/2023 16:54:19 DEBUG: Extracting Wazuh configuration. 13/12/2023 16:54:19 DEBUG: Reading configuration file. 13/12/2023 16:54:20 DEBUG: Checking if 127.0.0.1 is private. 13/12/2023 16:54:20 DEBUG: Checking if 127.0.0.1 is private. 13/12/2023 16:54:20 DEBUG: Checking if 127.0.0.1 is private. 13/12/2023 16:54:20 DEBUG: Checking node names in the configuration file. 13/12/2023 16:54:20 INFO: --- Wazuh indexer --- 13/12/2023 16:54:20 INFO: Starting Wazuh indexer installation. 13/12/2023 16:54:20 DEBUG: Installing local package /home/vagrant/wazuh-offline/wazuh-packages/wazuh-indexer-4.8.0-1.x86_64.rpm Loaded plugins: fastestmirror Examining /home/vagrant/wazuh-offline/wazuh-packages/wazuh-indexer-4.8.0-1.x86_64.rpm: wazuh-indexer-4.8.0-1.x86_64 Marking /home/vagrant/wazuh-offline/wazuh-packages/wazuh-indexer-4.8.0-1.x86_64.rpm to be installed Resolving Dependencies There are unfinished transactions remaining. You might consider running yum-complete-transaction, or "yum-complete-transaction --cleanup-only" and "yum history redo last", first to finish them. If those don't work you'll have to try removing/installing packages by hand (maybe package-cleanup can help). --> Running transaction check ---> Package wazuh-indexer.x86_64 0:4.8.0-1 will be installed --> Finished Dependency Resolution Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: wazuh-indexer x86_64 4.8.0-1 /wazuh-indexer-4.8.0-1.x86_64 1.0 G Transaction Summary ================================================================================ Install 1 Package Total size: 1.0 G Installed size: 1.0 G Downloading packages: Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : wazuh-indexer-4.8.0-1.x86_64 1/1 Created opensearch keystore in /etc/wazuh-indexer/opensearch.keystore Verifying : wazuh-indexer-4.8.0-1.x86_64 1/1 Installed: wazuh-indexer.x86_64 0:4.8.0-1 Complete! 13/12/2023 16:55:20 DEBUG: Checking Wazuh installation. 13/12/2023 16:55:21 DEBUG: There are Wazuh indexer remaining files. 13/12/2023 16:55:22 INFO: Wazuh indexer installation finished. 13/12/2023 16:55:22 DEBUG: Configuring Wazuh indexer. 13/12/2023 16:55:22 DEBUG: Copying Wazuh indexer certificates. 13/12/2023 16:55:23 INFO: Wazuh indexer post-install configuration finished. 13/12/2023 16:55:23 INFO: Starting service wazuh-indexer. Created symlink from /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service to /usr/lib/systemd/system/wazuh-indexer.service. 13/12/2023 16:55:43 INFO: wazuh-indexer service started. 13/12/2023 16:55:43 INFO: Initializing Wazuh indexer cluster security settings. 13/12/2023 16:55:44 DEBUG: Setting Wazuh indexer cluster passwords. 13/12/2023 16:55:44 DEBUG: Checking Wazuh installation. 13/12/2023 16:55:48 DEBUG: There are Wazuh indexer remaining files. 13/12/2023 16:55:49 INFO: Wazuh indexer cluster initialized. 13/12/2023 16:55:49 DEBUG: Restoring Wazuh repository. 13/12/2023 16:55:49 INFO: Installation finished. [root@centos7 vagrant]# bash wazuh-install.sh -s 13/12/2023 16:55:59 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0 13/12/2023 16:55:59 INFO: Verbose logging redirected to /var/log/wazuh-install.log 13/12/2023 16:56:07 INFO: Verifying that your system meets the recommended minimum hardware requirements. 13/12/2023 16:56:20 INFO: Wazuh indexer cluster security configuration initialized. 13/12/2023 16:56:22 INFO: The Wazuh indexer cluster ISM initialized. 13/12/2023 16:56:50 INFO: Updating the internal users. 13/12/2023 16:56:54 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder. 13/12/2023 16:57:07 INFO: Wazuh indexer cluster started. [root@centos7 vagrant]# bash wazuh-install.sh -ws wazuh-1 -of -v 13/12/2023 16:57:32 DEBUG: Checking root permissions. 13/12/2023 16:57:32 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0 13/12/2023 16:57:32 INFO: Verbose logging redirected to /var/log/wazuh-install.log 13/12/2023 16:57:32 DEBUG: YUM package manager will be used. 13/12/2023 16:57:32 INFO: Checking installed dependencies for Offline installation. 13/12/2023 16:57:34 DEBUG: Offline dependencies are installed. 13/12/2023 16:57:34 DEBUG: Checking system distribution. 13/12/2023 16:57:34 DEBUG: Detected distribution name: centos 13/12/2023 16:57:34 DEBUG: Detected distribution version: 7 13/12/2023 16:57:34 DEBUG: Checking Wazuh installation. 13/12/2023 16:57:36 DEBUG: There are Wazuh indexer remaining files. 13/12/2023 16:57:37 DEBUG: Checking previous certificate existence. 13/12/2023 16:57:37 DEBUG: Checking system architecture. 13/12/2023 16:57:37 INFO: Verifying that your system meets the recommended minimum hardware requirements. 13/12/2023 16:57:37 DEBUG: CPU cores detected: 2 13/12/2023 16:57:37 DEBUG: Free RAM memory detected: 3789 13/12/2023 16:57:37 DEBUG: Checking ports availability. 13/12/2023 16:57:39 INFO: Checking wazuh-offline.tar.gz file. 13/12/2023 16:57:39 DEBUG: wazuh-offline.tar.gz was found correctly. 13/12/2023 16:57:39 DEBUG: Extracting files from wazuh-offline.tar.gz 13/12/2023 16:57:53 DEBUG: Offline files extracted successfully. 13/12/2023 16:57:53 DEBUG: Checking curl tool version. 13/12/2023 16:57:53 DEBUG: Adding the Wazuh repository. [wazuh] gpgcheck=1 gpgkey=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH enabled=1 name=EL-${releasever} - Wazuh baseurl=https://packages-dev.wazuh.com/pre-release/yum/ protect=1 13/12/2023 16:57:53 INFO: Wazuh development repository added. 13/12/2023 16:57:53 DEBUG: Extracting Wazuh configuration. 13/12/2023 16:57:53 DEBUG: Reading configuration file. 13/12/2023 16:57:53 DEBUG: Checking if 127.0.0.1 is private. 13/12/2023 16:57:53 DEBUG: Checking if 127.0.0.1 is private. 13/12/2023 16:57:53 DEBUG: Checking if 127.0.0.1 is private. 13/12/2023 16:57:53 DEBUG: Checking node names in the configuration file. 13/12/2023 16:57:53 INFO: --- Wazuh server --- 13/12/2023 16:57:53 INFO: Starting the Wazuh manager installation. 13/12/2023 16:57:53 DEBUG: Installing local package /home/vagrant/wazuh-offline/wazuh-packages/wazuh-manager-4.8.0-1.x86_64.rpm Loaded plugins: fastestmirror Examining /home/vagrant/wazuh-offline/wazuh-packages/wazuh-manager-4.8.0-1.x86_64.rpm: wazuh-manager-4.8.0-1.x86_64 Marking /home/vagrant/wazuh-offline/wazuh-packages/wazuh-manager-4.8.0-1.x86_64.rpm to be installed Resolving Dependencies There are unfinished transactions remaining. You might consider running yum-complete-transaction, or "yum-complete-transaction --cleanup-only" and "yum history redo last", first to finish them. If those don't work you'll have to try removing/installing packages by hand (maybe package-cleanup can help). --> Running transaction check ---> Package wazuh-manager.x86_64 0:4.8.0-1 will be installed --> Finished Dependency Resolution Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: wazuh-manager x86_64 4.8.0-1 /wazuh-manager-4.8.0-1.x86_64 669 M Transaction Summary ================================================================================ Install 1 Package Total size: 669 M Installed size: 669 M Downloading packages: Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : wazuh-manager-4.8.0-1.x86_64 1/1 Verifying : wazuh-manager-4.8.0-1.x86_64 1/1 Installed: wazuh-manager.x86_64 0:4.8.0-1 Complete! 13/12/2023 16:58:50 DEBUG: Checking Wazuh installation. 13/12/2023 16:58:50 DEBUG: There are Wazuh remaining files. 13/12/2023 16:58:51 DEBUG: There are Wazuh indexer remaining files. 13/12/2023 16:58:52 INFO: Wazuh manager installation finished. 13/12/2023 16:58:52 INFO: Starting service wazuh-manager. Created symlink from /etc/systemd/system/multi-user.target.wants/wazuh-manager.service to /usr/lib/systemd/system/wazuh-manager.service. 13/12/2023 16:59:09 INFO: wazuh-manager service started. 13/12/2023 16:59:09 INFO: Starting Filebeat installation. 13/12/2023 16:59:09 DEBUG: Installing local package /home/vagrant/wazuh-offline/wazuh-packages/filebeat-oss-7.10.2-x86_64.rpm Loaded plugins: fastestmirror Examining /home/vagrant/wazuh-offline/wazuh-packages/filebeat-oss-7.10.2-x86_64.rpm: filebeat-7.10.2-1.x86_64 Marking /home/vagrant/wazuh-offline/wazuh-packages/filebeat-oss-7.10.2-x86_64.rpm to be installed Resolving Dependencies There are unfinished transactions remaining. You might consider running yum-complete-transaction, or "yum-complete-transaction --cleanup-only" and "yum history redo last", first to finish them. If those don't work you'll have to try removing/installing packages by hand (maybe package-cleanup can help). --> Running transaction check ---> Package filebeat.x86_64 0:7.10.2-1 will be installed --> Finished Dependency Resolution Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: filebeat x86_64 7.10.2-1 /filebeat-oss-7.10.2-x86_64 70 M Transaction Summary ================================================================================ Install 1 Package Total size: 70 M Installed size: 70 M Downloading packages: Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : filebeat-7.10.2-1.x86_64 1/1 Verifying : filebeat-7.10.2-1.x86_64 1/1 Installed: filebeat.x86_64 0:7.10.2-1 Complete! 13/12/2023 16:59:15 DEBUG: Checking Wazuh installation. 13/12/2023 16:59:15 DEBUG: There are Wazuh remaining files. 13/12/2023 16:59:16 DEBUG: There are Wazuh indexer remaining files. 13/12/2023 16:59:17 DEBUG: There are Filebeat remaining files. 13/12/2023 16:59:18 INFO: Filebeat installation finished. 13/12/2023 16:59:18 DEBUG: Configuring Filebeat. wazuh/ wazuh/archives/ wazuh/archives/ingest/ wazuh/archives/ingest/pipeline.json wazuh/archives/config/ wazuh/archives/config/archives.yml wazuh/archives/manifest.yml wazuh/_meta/ wazuh/_meta/config.yml wazuh/_meta/docs.asciidoc wazuh/_meta/fields.yml wazuh/alerts/ wazuh/alerts/ingest/ wazuh/alerts/ingest/pipeline.json wazuh/alerts/config/ wazuh/alerts/config/alerts.yml wazuh/alerts/manifest.yml wazuh/module.yml 13/12/2023 16:59:18 DEBUG: Copying Filebeat certificates. Created filebeat keystore Successfully updated the keystore Successfully updated the keystore 13/12/2023 16:59:18 INFO: Filebeat post-install configuration finished. 13/12/2023 16:59:18 DEBUG: Setting Wazuh indexer cluster passwords. 13/12/2023 16:59:18 DEBUG: Checking Wazuh installation. 13/12/2023 16:59:19 DEBUG: There are Wazuh remaining files. 13/12/2023 16:59:19 DEBUG: There are Wazuh indexer remaining files. 13/12/2023 16:59:20 DEBUG: There are Filebeat remaining files. Successfully updated the keystore 13/12/2023 16:59:23 DEBUG: Restarting filebeat service... 13/12/2023 16:59:23 DEBUG: filebeat started. 13/12/2023 16:59:23 DEBUG: Changing API passwords. 13/12/2023 16:59:26 INFO: Starting service filebeat. Created symlink from /etc/systemd/system/multi-user.target.wants/filebeat.service to /usr/lib/systemd/system/filebeat.service. 13/12/2023 16:59:26 INFO: filebeat service started. 13/12/2023 16:59:26 DEBUG: Restoring Wazuh repository. 13/12/2023 16:59:27 INFO: Installation finished. [root@centos7 vagrant]# bash wazuh-install.sh -wd dashboard -of -v 13/12/2023 16:59:53 DEBUG: Checking root permissions. 13/12/2023 16:59:53 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0 13/12/2023 16:59:53 INFO: Verbose logging redirected to /var/log/wazuh-install.log 13/12/2023 16:59:53 DEBUG: YUM package manager will be used. 13/12/2023 16:59:53 INFO: Checking installed dependencies for Offline installation. 13/12/2023 16:59:55 DEBUG: Offline dependencies are installed. 13/12/2023 16:59:55 DEBUG: Checking system distribution. 13/12/2023 16:59:55 DEBUG: Detected distribution name: centos 13/12/2023 16:59:55 DEBUG: Detected distribution version: 7 13/12/2023 16:59:55 DEBUG: Checking Wazuh installation. 13/12/2023 16:59:56 DEBUG: There are Wazuh remaining files. 13/12/2023 16:59:57 DEBUG: There are Wazuh indexer remaining files. 13/12/2023 16:59:57 DEBUG: There are Filebeat remaining files. 13/12/2023 16:59:58 DEBUG: Checking previous certificate existence. 13/12/2023 16:59:58 DEBUG: Checking system architecture. 13/12/2023 16:59:58 INFO: Verifying that your system meets the recommended minimum hardware requirements. 13/12/2023 16:59:58 DEBUG: CPU cores detected: 2 13/12/2023 16:59:58 DEBUG: Free RAM memory detected: 3789 13/12/2023 16:59:58 INFO: Wazuh web interface port will be 443. 13/12/2023 16:59:58 DEBUG: Checking ports availability. 13/12/2023 17:00:00 INFO: Checking wazuh-offline.tar.gz file. 13/12/2023 17:00:00 DEBUG: wazuh-offline.tar.gz was found correctly. 13/12/2023 17:00:00 DEBUG: Extracting files from wazuh-offline.tar.gz 13/12/2023 17:00:16 DEBUG: Offline files extracted successfully. 13/12/2023 17:00:16 DEBUG: Checking curl tool version. 13/12/2023 17:00:16 DEBUG: Adding the Wazuh repository. [wazuh] gpgcheck=1 gpgkey=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH enabled=1 name=EL-${releasever} - Wazuh baseurl=https://packages-dev.wazuh.com/pre-release/yum/ protect=1 13/12/2023 17:00:16 INFO: Wazuh development repository added. 13/12/2023 17:00:16 DEBUG: Extracting Wazuh configuration. 13/12/2023 17:00:16 DEBUG: Reading configuration file. 13/12/2023 17:00:16 DEBUG: Checking if 127.0.0.1 is private. 13/12/2023 17:00:16 DEBUG: Checking if 127.0.0.1 is private. 13/12/2023 17:00:16 DEBUG: Checking if 127.0.0.1 is private. 13/12/2023 17:00:16 DEBUG: Checking node names in the configuration file. 13/12/2023 17:00:16 INFO: --- Wazuh dashboard ---- 13/12/2023 17:00:16 INFO: Starting Wazuh dashboard installation. 13/12/2023 17:00:16 DEBUG: Installing local package /home/vagrant/wazuh-offline/wazuh-packages/wazuh-dashboard-4.8.0-1.x86_64.rpm Loaded plugins: fastestmirror Examining /home/vagrant/wazuh-offline/wazuh-packages/wazuh-dashboard-4.8.0-1.x86_64.rpm: wazuh-dashboard-4.8.0-1.x86_64 Marking /home/vagrant/wazuh-offline/wazuh-packages/wazuh-dashboard-4.8.0-1.x86_64.rpm to be installed Resolving Dependencies There are unfinished transactions remaining. You might consider running yum-complete-transaction, or "yum-complete-transaction --cleanup-only" and "yum history redo last", first to finish them. If those don't work you'll have to try removing/installing packages by hand (maybe package-cleanup can help). --> Running transaction check ---> Package wazuh-dashboard.x86_64 0:4.8.0-1 will be installed --> Finished Dependency Resolution Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: wazuh-dashboard x86_64 4.8.0-1 /wazuh-dashboard-4.8.0-1.x86_64 902 M Transaction Summary ================================================================================ Install 1 Package Total size: 902 M Installed size: 902 M Downloading packages: Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : wazuh-dashboard-4.8.0-1.x86_64 1/1 Verifying : wazuh-dashboard-4.8.0-1.x86_64 1/1 Installed: wazuh-dashboard.x86_64 0:4.8.0-1 Complete! 13/12/2023 17:02:08 DEBUG: Checking Wazuh installation. 13/12/2023 17:02:09 DEBUG: There are Wazuh remaining files. 13/12/2023 17:02:10 DEBUG: There are Wazuh indexer remaining files. 13/12/2023 17:02:11 DEBUG: There are Filebeat remaining files. 13/12/2023 17:02:11 DEBUG: There are Wazuh dashboard remaining files. 13/12/2023 17:02:11 INFO: Wazuh dashboard installation finished. 13/12/2023 17:02:11 DEBUG: Configuring Wazuh dashboard. 13/12/2023 17:02:11 DEBUG: Copying Wazuh dashboard certificates. 13/12/2023 17:02:11 DEBUG: Wazuh dashboard certificate setup finished. 13/12/2023 17:02:11 INFO: Wazuh dashboard post-install configuration finished. 13/12/2023 17:02:11 INFO: Starting service wazuh-dashboard. Created symlink from /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service to /etc/systemd/system/wazuh-dashboard.service. 13/12/2023 17:02:12 INFO: wazuh-dashboard service started. 13/12/2023 17:02:12 DEBUG: Setting Wazuh indexer cluster passwords. 13/12/2023 17:02:12 DEBUG: Checking Wazuh installation. 13/12/2023 17:02:12 DEBUG: There are Wazuh remaining files. 13/12/2023 17:02:13 DEBUG: There are Wazuh indexer remaining files. 13/12/2023 17:02:14 DEBUG: There are Filebeat remaining files. 13/12/2023 17:02:15 DEBUG: There are Wazuh dashboard remaining files. Successfully updated the keystore 13/12/2023 17:02:16 DEBUG: Restarting filebeat service... 13/12/2023 17:02:16 DEBUG: filebeat started. 13/12/2023 17:02:18 DEBUG: Restarting wazuh-dashboard service... 13/12/2023 17:02:22 DEBUG: wazuh-dashboard started. 13/12/2023 17:02:22 DEBUG: Changing API passwords. 13/12/2023 17:02:37 INFO: Initializing Wazuh dashboard web application. 13/12/2023 17:02:37 DEBUG: Wazuh dashboard connection was successful. 13/12/2023 17:02:37 INFO: Wazuh dashboard web application initialized. 13/12/2023 17:02:37 INFO: --- Summary --- 13/12/2023 17:02:37 INFO: You can access the web interface https://:443 User: admin Password: w593SjtkcfYCUnF?FjsS3WkaJ6xTOxkw 13/12/2023 17:02:37 DEBUG: Restoring Wazuh repository. 13/12/2023 17:02:37 INFO: Installation finished. ```

:green_circle: Distributed (online) installation in AL2

```console root@ip-172-31-37-181:/home/ubuntu# bash wazuh-install.sh -wi wazuh-indexer -i -v 14/12/2023 11:14:09 DEBUG: Checking root permissions. 14/12/2023 11:14:09 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0 14/12/2023 11:14:09 INFO: Verbose logging redirected to /var/log/wazuh-install.log 14/12/2023 11:14:09 DEBUG: APT package manager will be used. 14/12/2023 11:14:09 DEBUG: Installing check dependencies. Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease Hit:4 http://security.ubuntu.com/ubuntu jammy-security InRelease Hit:5 https://ppa.launchpadcontent.net/ondrej/php/ubuntu jammy InRelease Reading package lists... 14/12/2023 11:14:19 DEBUG: Checking system distribution. 14/12/2023 11:14:19 DEBUG: Detected distribution name: ubuntu 14/12/2023 11:14:19 DEBUG: Detected distribution version: 22 14/12/2023 11:14:19 DEBUG: Checking Wazuh installation. 14/12/2023 11:14:21 DEBUG: Checking previous certificate existence. 14/12/2023 11:14:21 DEBUG: Checking system architecture. 14/12/2023 11:14:21 WARNING: Hardware and system checks ignored. 14/12/2023 11:14:21 DEBUG: Checking ports availability. 14/12/2023 11:14:22 DEBUG: Installing prerequisites dependencies. Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease Hit:4 http://security.ubuntu.com/ubuntu jammy-security InRelease Hit:5 https://ppa.launchpadcontent.net/ondrej/php/ubuntu jammy InRelease Reading package lists... 14/12/2023 11:14:27 DEBUG: Checking curl tool version. 14/12/2023 11:14:27 DEBUG: Adding the Wazuh repository. gpg: keyring '/usr/share/keyrings/wazuh.gpg' created gpg: key 96B3EE5F29111145: public key "Wazuh.com (Wazuh Signing Key) " imported gpg: Total number processed: 1 gpg: imported: 1 deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages-dev.wazuh.com/pre-release/apt/ unstable main Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease Hit:4 http://security.ubuntu.com/ubuntu jammy-security InRelease Get:5 https://packages-dev.wazuh.com/pre-release/apt unstable InRelease [17.3 kB] Hit:6 https://ppa.launchpadcontent.net/ondrej/php/ubuntu jammy InRelease Get:7 https://packages-dev.wazuh.com/pre-release/apt unstable/main amd64 Packages [36.0 kB] Fetched 53.3 kB in 1s (38.5 kB/s) Reading package lists... 14/12/2023 11:14:31 INFO: Wazuh development repository added. 14/12/2023 11:14:31 DEBUG: Extracting Wazuh configuration. 14/12/2023 11:14:31 DEBUG: Reading configuration file. 14/12/2023 11:14:31 DEBUG: Checking node names in the configuration file. 14/12/2023 11:14:31 INFO: --- Wazuh indexer --- 14/12/2023 11:14:31 INFO: Starting Wazuh indexer installation. Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: wazuh-indexer 0 upgraded, 1 newly installed, 0 to remove and 84 not upgraded. Need to get 0 B/752 MB of archives. After this operation, 1050 MB of additional disk space will be used. S NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 6.2.0-1017-aws NEEDRESTART-KEXP: 6.2.0-1017-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: filebeat.service 14/12/2023 11:15:56 DEBUG: Checking Wazuh installation. 14/12/2023 11:15:57 DEBUG: There are Wazuh indexer remaining files. 14/12/2023 11:15:58 INFO: Wazuh indexer installation finished. 14/12/2023 11:15:58 DEBUG: Configuring Wazuh indexer. 14/12/2023 11:15:59 DEBUG: Copying Wazuh indexer certificates. 14/12/2023 11:15:59 INFO: Wazuh indexer post-install configuration finished. 14/12/2023 11:15:59 INFO: Starting service wazuh-indexer. Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service → /lib/systemd/system/wazuh-indexer.service. 14/12/2023 11:16:26 INFO: wazuh-indexer service started. 14/12/2023 11:16:26 INFO: Initializing Wazuh indexer cluster security settings. 14/12/2023 11:16:26 DEBUG: Setting Wazuh indexer cluster passwords. 14/12/2023 11:16:26 DEBUG: Checking Wazuh installation. 14/12/2023 11:16:28 DEBUG: There are Wazuh indexer remaining files. 14/12/2023 11:16:29 INFO: Wazuh indexer cluster initialized. 14/12/2023 11:16:29 DEBUG: Restoring Wazuh repository. 14/12/2023 11:16:29 INFO: Installation finished. root@ip-172-31-37-181:/home/ubuntu# bash wazuh-install.sh -ws wazuh-server -i -v 14/12/2023 11:17:28 DEBUG: Checking root permissions. 14/12/2023 11:17:28 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0 14/12/2023 11:17:28 INFO: Verbose logging redirected to /var/log/wazuh-install.log 14/12/2023 11:17:28 DEBUG: APT package manager will be used. 14/12/2023 11:17:28 DEBUG: Installing check dependencies. Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease Get:4 https://packages.wazuh.com/4.x/apt stable InRelease [17.3 kB] Hit:5 http://security.ubuntu.com/ubuntu jammy-security InRelease Hit:6 https://ppa.launchpadcontent.net/ondrej/php/ubuntu jammy InRelease Get:7 https://packages.wazuh.com/4.x/apt stable/main amd64 Packages [34.7 kB] Fetched 51.9 kB in 1s (45.6 kB/s) Reading package lists... 14/12/2023 11:17:36 DEBUG: Checking system distribution. 14/12/2023 11:17:36 DEBUG: Detected distribution name: ubuntu 14/12/2023 11:17:36 DEBUG: Detected distribution version: 22 14/12/2023 11:17:36 DEBUG: Checking Wazuh installation. 14/12/2023 11:17:38 DEBUG: There are Wazuh indexer remaining files. 14/12/2023 11:17:39 DEBUG: Checking previous certificate existence. 14/12/2023 11:17:39 DEBUG: Checking system architecture. 14/12/2023 11:17:39 WARNING: Hardware and system checks ignored. 14/12/2023 11:17:39 DEBUG: Checking ports availability. 14/12/2023 11:17:40 DEBUG: Installing prerequisites dependencies. Hit:1 http://security.ubuntu.com/ubuntu jammy-security InRelease Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease Hit:4 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease Hit:5 https://packages.wazuh.com/4.x/apt stable InRelease Hit:6 https://ppa.launchpadcontent.net/ondrej/php/ubuntu jammy InRelease Reading package lists... 14/12/2023 11:17:45 DEBUG: Checking curl tool version. 14/12/2023 11:17:45 DEBUG: Adding the Wazuh repository. gpg: key 96B3EE5F29111145: "Wazuh.com (Wazuh Signing Key) " not changed gpg: Total number processed: 1 gpg: unchanged: 1 deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages-dev.wazuh.com/pre-release/apt/ unstable main Hit:1 http://security.ubuntu.com/ubuntu jammy-security InRelease Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease Hit:4 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease Get:5 https://packages-dev.wazuh.com/pre-release/apt unstable InRelease [17.3 kB] Hit:6 https://ppa.launchpadcontent.net/ondrej/php/ubuntu jammy InRelease Get:7 https://packages-dev.wazuh.com/pre-release/apt unstable/main amd64 Packages [36.0 kB] Fetched 53.3 kB in 1s (38.1 kB/s) Reading package lists... 14/12/2023 11:17:49 INFO: Wazuh development repository added. 14/12/2023 11:17:49 DEBUG: Extracting Wazuh configuration. 14/12/2023 11:17:49 DEBUG: Reading configuration file. 14/12/2023 11:17:50 DEBUG: Checking node names in the configuration file. 14/12/2023 11:17:50 INFO: --- Wazuh server --- 14/12/2023 11:17:50 INFO: Starting the Wazuh manager installation. Reading package lists... Building dependency tree... Reading state information... Suggested packages: expect The following NEW packages will be installed: wazuh-manager 0 upgraded, 1 newly installed, 0 to remove and 84 not upgraded. Need to get 0 B/117 MB of archives. After this operation, 702 MB of additional NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 6.2.0-1017-aws NEEDRESTART-KEXP: 6.2.0-1017-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: filebeat.service 14/12/2023 11:19:35 DEBUG: Checking Wazuh installation. 14/12/2023 11:19:35 DEBUG: There are Wazuh remaining files. 14/12/2023 11:19:36 DEBUG: There are Wazuh indexer remaining files. 14/12/2023 11:19:37 INFO: Wazuh manager installation finished. 14/12/2023 11:19:37 INFO: Starting service wazuh-manager. Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-manager.service → /lib/systemd/system/wazuh-manager.service. 14/12/2023 11:20:01 INFO: wazuh-manager service started. 14/12/2023 11:20:01 INFO: Starting Filebeat installation. Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: filebeat 0 upgraded, 1 newly installed, 0 to remove and 84 not upgraded. Need to get 0 B/22.1 MB of archives. After this operation, 73.6 MB of additional disk space will be used. Selec NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 6.2.0-1017-aws NEEDRESTART-KEXP: 6.2.0-1017-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: filebeat.service 14/12/2023 11:20:15 DEBUG: Checking Wazuh installation. 14/12/2023 11:20:16 DEBUG: There are Wazuh remaining files. 14/12/2023 11:20:17 DEBUG: There are Wazuh indexer remaining files. 14/12/2023 11:20:17 DEBUG: There are Filebeat remaining files. 14/12/2023 11:20:18 INFO: Filebeat installation finished. 14/12/2023 11:20:18 DEBUG: Configuring Filebeat. 14/12/2023 11:20:18 DEBUG: Filebeat template was download successfully. wazuh/ wazuh/archives/ wazuh/archives/ingest/ wazuh/archives/ingest/pipeline.json wazuh/archives/config/ wazuh/archives/config/archives.yml wazuh/archives/manifest.yml wazuh/_meta/ wazuh/_meta/config.yml wazuh/_meta/docs.asciidoc wazuh/_meta/fields.yml wazuh/alerts/ wazuh/alerts/ingest/ wazuh/alerts/ingest/pipeline.json wazuh/alerts/config/ wazuh/alerts/config/alerts.yml wazuh/alerts/manifest.yml wazuh/module.yml 14/12/2023 11:20:19 DEBUG: Filebeat module was downloaded successfully. 14/12/2023 11:20:19 DEBUG: Copying Filebeat certificates. Created filebeat keystore Successfully updated the keystore Successfully updated the keystore 14/12/2023 11:20:19 INFO: Filebeat post-install configuration finished. 14/12/2023 11:20:19 DEBUG: Setting Wazuh indexer cluster passwords. 14/12/2023 11:20:19 DEBUG: Checking Wazuh installation. 14/12/2023 11:20:20 DEBUG: There are Wazuh remaining files. 14/12/2023 11:20:21 DEBUG: There are Wazuh indexer remaining files. 14/12/2023 11:20:21 DEBUG: There are Filebeat remaining files. Successfully updated the keystore 14/12/2023 11:20:24 DEBUG: Restarting filebeat service... 14/12/2023 11:20:25 DEBUG: filebeat started. 14/12/2023 11:20:25 DEBUG: Changing API passwords. 14/12/2023 11:20:27 INFO: Starting service filebeat. Synchronizing state of filebeat.service with SysV service script with /lib/systemd/systemd-sysv-install. Executing: /lib/systemd/systemd-sysv-install enable filebeat Created symlink /etc/systemd/system/multi-user.target.wants/filebeat.service → /lib/systemd/system/filebeat.service. 14/12/2023 11:20:30 INFO: filebeat service started. 14/12/2023 11:20:30 DEBUG: Restoring Wazuh repository. 14/12/2023 11:20:30 INFO: Installation finished. root@ip-172-31-37-181:/home/ubuntu# bash wazuh-install.sh -s 14/12/2023 11:20:41 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0 14/12/2023 11:20:41 INFO: Verbose logging redirected to /var/log/wazuh-install.log 14/12/2023 11:20:52 INFO: Verifying that your system meets the recommended minimum hardware requirements. 14/12/2023 11:21:10 INFO: Wazuh indexer cluster security configuration initialized. 14/12/2023 11:21:12 INFO: The Wazuh indexer cluster ISM initialized. 14/12/2023 11:21:40 INFO: Updating the internal users. 14/12/2023 11:21:45 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder. 14/12/2023 11:22:02 INFO: Wazuh indexer cluster started. root@ip-172-31-37-181:/home/ubuntu# bash wazuh-install.sh -wd wazuh-dashboard -i -v 14/12/2023 11:22:27 DEBUG: Checking root permissions. 14/12/2023 11:22:27 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0 14/12/2023 11:22:27 INFO: Verbose logging redirected to /var/log/wazuh-install.log 14/12/2023 11:22:27 DEBUG: APT package manager will be used. 14/12/2023 11:22:27 DEBUG: Installing check dependencies. Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease Hit:4 https://packages.wazuh.com/4.x/apt stable InRelease Hit:5 http://security.ubuntu.com/ubuntu jammy-security InRelease Hit:6 https://ppa.launchpadcontent.net/ondrej/php/ubuntu jammy InRelease Reading package lists... 14/12/2023 11:22:36 DEBUG: Checking system distribution. 14/12/2023 11:22:36 DEBUG: Detected distribution name: ubuntu 14/12/2023 11:22:36 DEBUG: Detected distribution version: 22 14/12/2023 11:22:36 DEBUG: Checking Wazuh installation. 14/12/2023 11:22:36 DEBUG: There are Wazuh remaining files. 14/12/2023 11:22:37 DEBUG: There are Wazuh indexer remaining files. 14/12/2023 11:22:37 DEBUG: There are Filebeat remaining files. 14/12/2023 11:22:38 DEBUG: Checking previous certificate existence. 14/12/2023 11:22:38 DEBUG: Checking system architecture. 14/12/2023 11:22:38 WARNING: Hardware and system checks ignored. 14/12/2023 11:22:38 INFO: Wazuh web interface port will be 443. 14/12/2023 11:22:38 DEBUG: Checking ports availability. 14/12/2023 11:22:39 DEBUG: Installing prerequisites dependencies. Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease Hit:4 http://security.ubuntu.com/ubuntu jammy-security InRelease Hit:5 https://packages.wazuh.com/4.x/apt stable InRelease Hit:6 https://ppa.launchpadcontent.net/ondrej/php/ubuntu jammy InRelease Reading package lists... 14/12/2023 11:22:45 DEBUG: Checking curl tool version. 14/12/2023 11:22:45 DEBUG: Adding the Wazuh repository. gpg: key 96B3EE5F29111145: "Wazuh.com (Wazuh Signing Key) " not changed gpg: Total number processed: 1 gpg: unchanged: 1 deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages-dev.wazuh.com/pre-release/apt/ unstable main Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease Hit:4 http://security.ubuntu.com/ubuntu jammy-security InRelease Get:5 https://packages-dev.wazuh.com/pre-release/apt unstable InRelease [17.3 kB] Hit:6 https://ppa.launchpadcontent.net/ondrej/php/ubuntu jammy InRelease Get:7 https://packages-dev.wazuh.com/pre-release/apt unstable/main amd64 Packages [36.0 kB] Fetched 53.3 kB in 1s (38.9 kB/s) Reading package lists... 14/12/2023 11:22:49 INFO: Wazuh development repository added. 14/12/2023 11:22:49 DEBUG: Extracting Wazuh configuration. 14/12/2023 11:22:49 DEBUG: Reading configuration file. 14/12/2023 11:22:49 DEBUG: Checking node names in the configuration file. 14/12/2023 11:22:49 INFO: --- Wazuh dashboard ---- 14/12/2023 11:22:49 INFO: Starting Wazuh dashboard installation. Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: wazuh-dashboard 0 upgraded, 1 newly installed, 0 to remove and 84 not upgraded. Need to get 0 B/186 MB of archives. After this operation, 987 MB of additional disk space will be used. NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 6.2.0-1017-aws NEEDRESTART-KEXP: 6.2.0-1017-aws NEEDRESTART-KSTA: 1 14/12/2023 11:23:57 DEBUG: Checking Wazuh installation. 14/12/2023 11:23:58 DEBUG: There are Wazuh remaining files. 14/12/2023 11:23:59 DEBUG: There are Wazuh indexer remaining files. 14/12/2023 11:23:59 DEBUG: There are Filebeat remaining files. 14/12/2023 11:24:00 DEBUG: There are Wazuh dashboard remaining files. 14/12/2023 11:24:00 INFO: Wazuh dashboard installation finished. 14/12/2023 11:24:00 DEBUG: Configuring Wazuh dashboard. 14/12/2023 11:24:00 DEBUG: Copying Wazuh dashboard certificates. 14/12/2023 11:24:00 DEBUG: Wazuh dashboard certificate setup finished. 14/12/2023 11:24:00 INFO: Wazuh dashboard post-install configuration finished. 14/12/2023 11:24:00 INFO: Starting service wazuh-dashboard. Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service → /etc/systemd/system/wazuh-dashboard.service. 14/12/2023 11:24:01 INFO: wazuh-dashboard service started. 14/12/2023 11:24:01 DEBUG: Setting Wazuh indexer cluster passwords. 14/12/2023 11:24:01 DEBUG: Checking Wazuh installation. 14/12/2023 11:24:02 DEBUG: There are Wazuh remaining files. 14/12/2023 11:24:02 DEBUG: There are Wazuh indexer remaining files. 14/12/2023 11:24:03 DEBUG: There are Filebeat remaining files. 14/12/2023 11:24:03 DEBUG: There are Wazuh dashboard remaining files. Successfully updated the keystore 14/12/2023 11:24:04 DEBUG: Restarting filebeat service... 14/12/2023 11:24:05 DEBUG: filebeat started. 14/12/2023 11:24:06 DEBUG: Restarting wazuh-dashboard service... 14/12/2023 11:24:13 DEBUG: wazuh-dashboard started. 14/12/2023 11:24:13 DEBUG: Changing API passwords. 14/12/2023 11:24:33 INFO: Initializing Wazuh dashboard web application. 14/12/2023 11:24:33 DEBUG: Wazuh dashboard connection was successful. 14/12/2023 11:24:33 INFO: Wazuh dashboard web application initialized. 14/12/2023 11:24:33 INFO: --- Summary --- 14/12/2023 11:24:33 INFO: You can access the web interface https://:443 User: admin Password: QEof+FUC.XNOAq?ZZWarQhIhQ0uPtrj6 ```

:green_circle: Distributed (online) installation in Ubuntu 22

```console [root@ip-172-31-40-241 ec2-user]# bash wazuh-install.sh -wi wazuh-indexer -i -v 14/12/2023 11:11:35 DEBUG: Checking root permissions. 14/12/2023 11:11:35 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0 14/12/2023 11:11:35 INFO: Verbose logging redirected to /var/log/wazuh-install.log 14/12/2023 11:11:35 DEBUG: YUM package manager will be used. 14/12/2023 11:11:35 DEBUG: Installing check dependencies. 14/12/2023 11:11:41 DEBUG: Checking system distribution. 14/12/2023 11:11:41 DEBUG: Detected distribution name: amzn 14/12/2023 11:11:41 DEBUG: Detected distribution version: 2 14/12/2023 11:11:41 DEBUG: Checking Wazuh installation. 14/12/2023 11:11:43 DEBUG: Checking previous certificate existence. 14/12/2023 11:11:43 DEBUG: Checking system architecture. 14/12/2023 11:11:43 WARNING: Hardware and system checks ignored. 14/12/2023 11:11:43 DEBUG: Checking ports availability. 14/12/2023 11:11:44 DEBUG: Installing prerequisites dependencies. 14/12/2023 11:11:45 DEBUG: Checking curl tool version. 14/12/2023 11:11:45 DEBUG: Adding the Wazuh repository. [wazuh] gpgcheck=1 gpgkey=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH enabled=1 name=EL-${releasever} - Wazuh baseurl=https://packages-dev.wazuh.com/pre-release/yum/ protect=1 14/12/2023 11:11:46 INFO: Wazuh development repository added. 14/12/2023 11:11:46 DEBUG: Extracting Wazuh configuration. 14/12/2023 11:11:46 DEBUG: Reading configuration file. 14/12/2023 11:11:46 DEBUG: Checking node names in the configuration file. 14/12/2023 11:11:46 INFO: --- Wazuh indexer --- 14/12/2023 11:11:46 INFO: Starting Wazuh indexer installation. Loaded plugins: extras_suggestions, langpacks, priorities, update-motd Resolving Dependencies --> Running transaction check ---> Package wazuh-indexer.x86_64 0:4.8.0-1 will be installed --> Finished Dependency Resolution Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: wazuh-indexer x86_64 4.8.0-1 wazuh 743 M Transaction Summary ================================================================================ Install 1 Package Total download size: 743 M Installed size: 1.0 G Downloading packages: Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : wazuh-indexer-4.8.0-1.x86_64 1/1 Created opensearch keystore in /etc/wazuh-indexer/opensearch.keystore Verifying : wazuh-indexer-4.8.0-1.x86_64 1/1 Installed: wazuh-indexer.x86_64 0:4.8.0-1 Complete! 14/12/2023 11:13:12 DEBUG: Checking Wazuh installation. 14/12/2023 11:13:14 DEBUG: There are Wazuh indexer remaining files. 14/12/2023 11:13:25 INFO: Wazuh indexer installation finished. 14/12/2023 11:13:25 DEBUG: Configuring Wazuh indexer. 14/12/2023 11:13:25 DEBUG: Copying Wazuh indexer certificates. 14/12/2023 11:13:25 INFO: Wazuh indexer post-install configuration finished. 14/12/2023 11:13:25 INFO: Starting service wazuh-indexer. Created symlink from /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service to /usr/lib/systemd/system/wazuh-indexer.service. 14/12/2023 11:13:48 INFO: wazuh-indexer service started. 14/12/2023 11:13:48 INFO: Initializing Wazuh indexer cluster security settings. 14/12/2023 11:13:49 DEBUG: Setting Wazuh indexer cluster passwords. 14/12/2023 11:13:49 DEBUG: Checking Wazuh installation. 14/12/2023 11:13:52 DEBUG: There are Wazuh indexer remaining files. 14/12/2023 11:13:53 INFO: Wazuh indexer cluster initialized. 14/12/2023 11:13:53 DEBUG: Restoring Wazuh repository. 14/12/2023 11:13:53 INFO: Installation finished. [root@ip-172-31-40-241 ec2-user]# bash wazuh-install.sh -ws wazuh-server -i -v 14/12/2023 11:14:23 DEBUG: Checking root permissions. 14/12/2023 11:14:23 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0 14/12/2023 11:14:23 INFO: Verbose logging redirected to /var/log/wazuh-install.log 14/12/2023 11:14:23 DEBUG: YUM package manager will be used. 14/12/2023 11:14:23 DEBUG: Installing check dependencies. 14/12/2023 11:14:28 DEBUG: Checking system distribution. 14/12/2023 11:14:28 DEBUG: Detected distribution name: amzn 14/12/2023 11:14:29 DEBUG: Detected distribution version: 2 14/12/2023 11:14:29 DEBUG: Checking Wazuh installation. 14/12/2023 11:14:30 DEBUG: There are Wazuh indexer remaining files. 14/12/2023 11:14:31 DEBUG: Checking previous certificate existence. 14/12/2023 11:14:31 DEBUG: Checking system architecture. 14/12/2023 11:14:31 WARNING: Hardware and system checks ignored. 14/12/2023 11:14:31 DEBUG: Checking ports availability. 14/12/2023 11:14:32 DEBUG: Installing prerequisites dependencies. 14/12/2023 11:14:33 DEBUG: Checking curl tool version. 14/12/2023 11:14:33 DEBUG: Adding the Wazuh repository. [wazuh] gpgcheck=1 gpgkey=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH enabled=1 name=EL-${releasever} - Wazuh baseurl=https://packages-dev.wazuh.com/pre-release/yum/ protect=1 14/12/2023 11:14:34 INFO: Wazuh development repository added. 14/12/2023 11:14:34 DEBUG: Extracting Wazuh configuration. 14/12/2023 11:14:34 DEBUG: Reading configuration file. 14/12/2023 11:14:34 DEBUG: Checking node names in the configuration file. 14/12/2023 11:14:34 INFO: --- Wazuh server --- 14/12/2023 11:14:34 INFO: Starting the Wazuh manager installation. Loaded plugins: extras_suggestions, langpacks, priorities, update-motd Resolving Dependencies --> Running transaction check ---> Package wazuh-manager.x86_64 0:4.8.0-1 will be installed --> Finished Dependency Resolution Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: wazuh-manager x86_64 4.8.0-1 wazuh 186 M Transaction Summary ================================================================================ Install 1 Package Total download size: 186 M Installed size: 669 M Downloading packages: Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : wazuh-manager-4.8.0-1.x86_64 1/1 Verifying : wazuh-manager-4.8.0-1.x86_64 1/1 Installed: wazuh-manager.x86_64 0:4.8.0-1 Complete! 14/12/2023 11:14:54 DEBUG: Checking Wazuh installation. 14/12/2023 11:14:55 DEBUG: There are Wazuh remaining files. 14/12/2023 11:14:56 DEBUG: There are Wazuh indexer remaining files. 14/12/2023 11:15:07 INFO: Wazuh manager installation finished. 14/12/2023 11:15:07 INFO: Starting service wazuh-manager. Created symlink from /etc/systemd/system/multi-user.target.wants/wazuh-manager.service to /usr/lib/systemd/system/wazuh-manager.service. 14/12/2023 11:15:25 INFO: wazuh-manager service started. 14/12/2023 11:15:25 INFO: Starting Filebeat installation. Loaded plugins: extras_suggestions, langpacks, priorities, update-motd Resolving Dependencies --> Running transaction check ---> Package filebeat.x86_64 0:7.10.2-1 will be installed --> Finished Dependency Resolution Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: filebeat x86_64 7.10.2-1 wazuh 21 M Transaction Summary ================================================================================ Install 1 Package Total download size: 21 M Installed size: 70 M Downloading packages: Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : filebeat-7.10.2-1.x86_64 1/1 Verifying : filebeat-7.10.2-1.x86_64 1/1 Installed: filebeat.x86_64 0:7.10.2-1 Complete! 14/12/2023 11:15:32 DEBUG: Checking Wazuh installation. 14/12/2023 11:15:33 DEBUG: There are Wazuh remaining files. 14/12/2023 11:15:34 DEBUG: There are Wazuh indexer remaining files. 14/12/2023 11:15:44 DEBUG: There are Filebeat remaining files. 14/12/2023 11:15:45 INFO: Filebeat installation finished. 14/12/2023 11:15:45 DEBUG: Configuring Filebeat. 14/12/2023 11:15:45 DEBUG: Filebeat template was download successfully. wazuh/ wazuh/archives/ wazuh/archives/ingest/ wazuh/archives/ingest/pipeline.json wazuh/archives/config/ wazuh/archives/config/archives.yml wazuh/archives/manifest.yml wazuh/_meta/ wazuh/_meta/config.yml wazuh/_meta/docs.asciidoc wazuh/_meta/fields.yml wazuh/alerts/ wazuh/alerts/ingest/ wazuh/alerts/ingest/pipeline.json wazuh/alerts/config/ wazuh/alerts/config/alerts.yml wazuh/alerts/manifest.yml wazuh/module.yml 14/12/2023 11:15:45 DEBUG: Filebeat module was downloaded successfully. 14/12/2023 11:15:45 DEBUG: Copying Filebeat certificates. Created filebeat keystore Successfully updated the keystore Successfully updated the keystore 14/12/2023 11:15:46 INFO: Filebeat post-install configuration finished. 14/12/2023 11:15:46 DEBUG: Setting Wazuh indexer cluster passwords. 14/12/2023 11:15:46 DEBUG: Checking Wazuh installation. 14/12/2023 11:15:47 DEBUG: There are Wazuh remaining files. 14/12/2023 11:15:47 DEBUG: There are Wazuh indexer remaining files. 14/12/2023 11:15:48 DEBUG: There are Filebeat remaining files. Successfully updated the keystore 14/12/2023 11:15:50 DEBUG: Restarting filebeat service... 14/12/2023 11:15:50 DEBUG: filebeat started. 14/12/2023 11:15:50 DEBUG: Changing API passwords. 14/12/2023 11:15:52 INFO: Starting service filebeat. Created symlink from /etc/systemd/system/multi-user.target.wants/filebeat.service to /usr/lib/systemd/system/filebeat.service. 14/12/2023 11:15:52 INFO: filebeat service started. 14/12/2023 11:15:52 DEBUG: Restoring Wazuh repository. 14/12/2023 11:15:52 INFO: Installation finished. [root@ip-172-31-40-241 ec2-user]# bash wazuh-install.sh -ws^C [root@ip-172-31-40-241 ec2-user]# bash wazuh-install.sh -s 14/12/2023 11:17:31 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0 14/12/2023 11:17:31 INFO: Verbose logging redirected to /var/log/wazuh-install.log 14/12/2023 11:17:40 INFO: Verifying that your system meets the recommended minimum hardware requirements. 14/12/2023 11:17:53 INFO: Wazuh indexer cluster security configuration initialized. 14/12/2023 11:17:55 INFO: The Wazuh indexer cluster ISM initialized. 14/12/2023 11:18:22 INFO: Updating the internal users. 14/12/2023 11:18:27 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder. 14/12/2023 11:18:42 INFO: Wazuh indexer cluster started. [root@ip-172-31-40-241 ec2-user]# bash wazuh-install.sh -wd wazuh-dashboard -i -v 14/12/2023 11:19:02 DEBUG: Checking root permissions. 14/12/2023 11:19:02 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0 14/12/2023 11:19:02 INFO: Verbose logging redirected to /var/log/wazuh-install.log 14/12/2023 11:19:02 DEBUG: YUM package manager will be used. 14/12/2023 11:19:02 DEBUG: Installing check dependencies. 14/12/2023 11:19:08 DEBUG: Checking system distribution. 14/12/2023 11:19:08 DEBUG: Detected distribution name: amzn 14/12/2023 11:19:08 DEBUG: Detected distribution version: 2 14/12/2023 11:19:08 DEBUG: Checking Wazuh installation. 14/12/2023 11:19:09 DEBUG: There are Wazuh remaining files. 14/12/2023 11:19:10 DEBUG: There are Wazuh indexer remaining files. 14/12/2023 11:19:10 DEBUG: There are Filebeat remaining files. 14/12/2023 11:19:11 DEBUG: Checking previous certificate existence. 14/12/2023 11:19:11 DEBUG: Checking system architecture. 14/12/2023 11:19:11 WARNING: Hardware and system checks ignored. 14/12/2023 11:19:11 INFO: Wazuh web interface port will be 443. 14/12/2023 11:19:11 DEBUG: Checking ports availability. 14/12/2023 11:19:12 DEBUG: Installing prerequisites dependencies. 14/12/2023 11:19:13 DEBUG: Checking curl tool version. 14/12/2023 11:19:13 DEBUG: Adding the Wazuh repository. [wazuh] gpgcheck=1 gpgkey=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH enabled=1 name=EL-${releasever} - Wazuh baseurl=https://packages-dev.wazuh.com/pre-release/yum/ protect=1 14/12/2023 11:19:14 INFO: Wazuh development repository added. 14/12/2023 11:19:14 DEBUG: Extracting Wazuh configuration. 14/12/2023 11:19:14 DEBUG: Reading configuration file. 14/12/2023 11:19:14 DEBUG: Checking node names in the configuration file. 14/12/2023 11:19:14 INFO: --- Wazuh dashboard ---- 14/12/2023 11:19:14 INFO: Starting Wazuh dashboard installation. Loaded plugins: extras_suggestions, langpacks, priorities, update-motd Resolving Dependencies --> Running transaction check ---> Package wazuh-dashboard.x86_64 0:4.8.0-1 will be installed --> Finished Dependency Resolution Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: wazuh-dashboard x86_64 4.8.0-1 wazuh 273 M Transaction Summary ================================================================================ Install 1 Package Total download size: 273 M Installed size: 902 M Downloading packages: Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : wazuh-dashboard-4.8.0-1.x86_64 1/1 Verifying : wazuh-dashboard-4.8.0-1.x86_64 1/1 Installed: wazuh-dashboard.x86_64 0:4.8.0-1 Complete! 14/12/2023 11:20:09 DEBUG: Checking Wazuh installation. 14/12/2023 11:20:11 DEBUG: There are Wazuh remaining files. 14/12/2023 11:20:23 DEBUG: There are Wazuh indexer remaining files. 14/12/2023 11:20:24 DEBUG: There are Filebeat remaining files. 14/12/2023 11:20:25 DEBUG: There are Wazuh dashboard remaining files. 14/12/2023 11:20:25 INFO: Wazuh dashboard installation finished. 14/12/2023 11:20:25 DEBUG: Configuring Wazuh dashboard. 14/12/2023 11:20:25 DEBUG: Copying Wazuh dashboard certificates. 14/12/2023 11:20:25 DEBUG: Wazuh dashboard certificate setup finished. 14/12/2023 11:20:25 INFO: Wazuh dashboard post-install configuration finished. 14/12/2023 11:20:25 INFO: Starting service wazuh-dashboard. Created symlink from /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service to /etc/systemd/system/wazuh-dashboard.service. 14/12/2023 11:20:25 INFO: wazuh-dashboard service started. 14/12/2023 11:20:25 DEBUG: Setting Wazuh indexer cluster passwords. 14/12/2023 11:20:25 DEBUG: Checking Wazuh installation. 14/12/2023 11:20:26 DEBUG: There are Wazuh remaining files. 14/12/2023 11:20:27 DEBUG: There are Wazuh indexer remaining files. 14/12/2023 11:20:28 DEBUG: There are Filebeat remaining files. 14/12/2023 11:20:28 DEBUG: There are Wazuh dashboard remaining files. Successfully updated the keystore 14/12/2023 11:20:29 DEBUG: Restarting filebeat service... 14/12/2023 11:20:29 DEBUG: filebeat started. 14/12/2023 11:20:30 DEBUG: Restarting wazuh-dashboard service... 14/12/2023 11:20:36 DEBUG: wazuh-dashboard started. 14/12/2023 11:20:36 DEBUG: Changing API passwords. 14/12/2023 11:20:51 INFO: Initializing Wazuh dashboard web application. 14/12/2023 11:20:52 DEBUG: Wazuh dashboard connection was successful. 14/12/2023 11:20:52 INFO: Wazuh dashboard web application initialized. 14/12/2023 11:20:52 INFO: --- Summary --- 14/12/2023 11:20:52 INFO: You can access the web interface https://:443 User: admin Password: +n.0dE28ZtVEGKcHRz020hdAhyULJYyt 14/12/2023 11:20:52 DEBUG: Restoring Wazuh repository. 14/12/2023 11:20:52 INFO: Installation finished. [root@ip-172-31-40-241 ec2-user]# ```

:green_circle: AIO (online) installation in AL2

```console [root@ip-172-31-40-241 ec2-user]# bash wazuh-install.sh -a -i -v 14/12/2023 11:24:39 DEBUG: Checking root permissions. 14/12/2023 11:24:39 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0 14/12/2023 11:24:39 INFO: Verbose logging redirected to /var/log/wazuh-install.log 14/12/2023 11:24:39 DEBUG: YUM package manager will be used. 14/12/2023 11:24:39 DEBUG: Installing check dependencies. 14/12/2023 11:24:39 INFO: Another process is using YUM. Waiting for it to release the lock. Next retry in 30 seconds (1/10) 14/12/2023 11:25:15 DEBUG: Checking system distribution. 14/12/2023 11:25:15 DEBUG: Detected distribution name: amzn 14/12/2023 11:25:15 DEBUG: Detected distribution version: 2 14/12/2023 11:25:15 DEBUG: Checking Wazuh installation. 14/12/2023 11:25:18 DEBUG: Checking system architecture. 14/12/2023 11:25:18 WARNING: Hardware and system checks ignored. 14/12/2023 11:25:18 INFO: Wazuh web interface port will be 443. 14/12/2023 11:25:18 DEBUG: Checking ports availability. 14/12/2023 11:25:20 DEBUG: Installing prerequisites dependencies. 14/12/2023 11:25:21 DEBUG: Checking curl tool version. 14/12/2023 11:25:21 DEBUG: Adding the Wazuh repository. [wazuh] gpgcheck=1 gpgkey=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH enabled=1 name=EL-${releasever} - Wazuh baseurl=https://packages-dev.wazuh.com/pre-release/yum/ protect=1 14/12/2023 11:25:22 INFO: Wazuh development repository added. 14/12/2023 11:25:22 INFO: --- Configuration files --- 14/12/2023 11:25:22 INFO: Generating configuration files. 14/12/2023 11:25:22 DEBUG: Creating Wazuh certificates. 14/12/2023 11:25:22 DEBUG: Reading configuration file. 14/12/2023 11:25:22 DEBUG: Creating the root certificate. Generating a 2048 bit RSA private key ..................................................................................+++ ...........+++ writing new private key to '/tmp/wazuh-certificates//root-ca.key' ----- 14/12/2023 11:25:22 DEBUG: Generating Admin certificates. Generating RSA private key, 2048 bit long modulus ..............................................+++ ...........................+++ e is 65537 (0x10001) Signature ok subject=/C=US/L=California/O=Wazuh/OU=Wazuh/CN=admin Getting CA Private Key 14/12/2023 11:25:22 DEBUG: Generating Wazuh indexer certificates. 14/12/2023 11:25:22 DEBUG: Creating the Wazuh indexer certificates. 14/12/2023 11:25:22 DEBUG: Generating certificate configuration. Generating a 2048 bit RSA private key ...........................................................................................................+++ ...............+++ writing new private key to '/tmp/wazuh-certificates//wazuh-indexer-key.pem' ----- Signature ok subject=/C=US/L=California/O=Wazuh/OU=Wazuh/CN=wazuh-indexer Getting CA Private Key 14/12/2023 11:25:22 DEBUG: Generating Filebeat certificates. 14/12/2023 11:25:22 DEBUG: Creating the Wazuh server certificates. 14/12/2023 11:25:22 DEBUG: Generating certificate configuration. Generating a 2048 bit RSA private key ........................+++ .....................................................................+++ writing new private key to '/tmp/wazuh-certificates//wazuh-server-key.pem' ----- Signature ok subject=/C=US/L=California/O=Wazuh/OU=Wazuh/CN=wazuh-server Getting CA Private Key 14/12/2023 11:25:22 DEBUG: Generating Wazuh dashboard certificates. 14/12/2023 11:25:22 DEBUG: Creating the Wazuh dashboard certificates. 14/12/2023 11:25:22 DEBUG: Generating certificate configuration. Generating a 2048 bit RSA private key ........................................................................+++ .....................+++ writing new private key to '/tmp/wazuh-certificates//wazuh-dashboard-key.pem' ----- Signature ok subject=/C=US/L=California/O=Wazuh/OU=Wazuh/CN=wazuh-dashboard Getting CA Private Key 14/12/2023 11:25:23 DEBUG: Cleaning certificate files. 14/12/2023 11:25:23 DEBUG: Generating password file. 14/12/2023 11:25:23 DEBUG: Generating random passwords. 14/12/2023 11:25:23 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation. 14/12/2023 11:25:23 DEBUG: Extracting Wazuh configuration. 14/12/2023 11:25:23 DEBUG: Reading configuration file. 14/12/2023 11:25:23 INFO: --- Wazuh indexer --- 14/12/2023 11:25:23 INFO: Starting Wazuh indexer installation. Loaded plugins: extras_suggestions, langpacks, priorities, update-motd Resolving Dependencies --> Running transaction check ---> Package wazuh-indexer.x86_64 0:4.8.0-1 will be installed --> Finished Dependency Resolution Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: wazuh-indexer x86_64 4.8.0-1 wazuh 743 M Transaction Summary ================================================================================ Install 1 Package Total download size: 743 M Installed size: 1.0 G Downloading packages: Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : wazuh-indexer-4.8.0-1.x86_64 1/1 Created opensearch keystore in /etc/wazuh-indexer/opensearch.keystore Verifying : wazuh-indexer-4.8.0-1.x86_64 1/1 Installed: wazuh-indexer.x86_64 0:4.8.0-1 Complete! 14/12/2023 11:26:49 DEBUG: Checking Wazuh installation. 14/12/2023 11:26:50 DEBUG: There are Wazuh indexer remaining files. 14/12/2023 11:27:01 INFO: Wazuh indexer installation finished. 14/12/2023 11:27:01 DEBUG: Configuring Wazuh indexer. 14/12/2023 11:27:01 DEBUG: Copying Wazuh indexer certificates. 14/12/2023 11:27:01 INFO: Wazuh indexer post-install configuration finished. 14/12/2023 11:27:01 INFO: Starting service wazuh-indexer. Created symlink from /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service to /usr/lib/systemd/system/wazuh-indexer.service. 14/12/2023 11:27:24 INFO: wazuh-indexer service started. 14/12/2023 11:27:24 INFO: Initializing Wazuh indexer cluster security settings. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to 127.0.0.1:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.10.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: GREEN Number of nodes: 1 Number of data nodes: 1 .opendistro_security index does not exists, attempt to create it ... done (0-all replicas) Populate config from /etc/wazuh-indexer/opensearch-security/ Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml SUCC: Configuration for 'config' created or updated Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml SUCC: Configuration for 'roles' created or updated Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml SUCC: Configuration for 'rolesmapping' created or updated Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml SUCC: Configuration for 'internalusers' created or updated Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml SUCC: Configuration for 'actiongroups' created or updated Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml SUCC: Configuration for 'tenants' created or updated Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml SUCC: Configuration for 'nodesdn' created or updated Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml SUCC: Configuration for 'whitelist' created or updated Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml SUCC: Configuration for 'audit' created or updated Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml SUCC: Configuration for 'allowlist' created or updated SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null Done with success Will create index templates to configure the alias SUCC: 'wazuh-alerts' template created or updated SUCC: 'wazuh-archives' template created or updated Will create the 'rollover_policy' policy SUCC: 'rollover_policy' policy created Will create initial indices for the aliases SUCC: 'wazuh-alerts' write index created SUCC: 'wazuh-archives' write index created SUCC: Indexer ISM initialization finished successfully. 14/12/2023 11:27:36 INFO: The Wazuh indexer cluster ISM initialized. 14/12/2023 11:27:36 INFO: Wazuh indexer cluster initialized. 14/12/2023 11:27:36 INFO: --- Wazuh server --- 14/12/2023 11:27:36 INFO: Starting the Wazuh manager installation. Loaded plugins: extras_suggestions, langpacks, priorities, update-motd Resolving Dependencies --> Running transaction check ---> Package wazuh-manager.x86_64 0:4.8.0-1 will be installed --> Finished Dependency Resolution Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: wazuh-manager x86_64 4.8.0-1 wazuh 186 M Transaction Summary ================================================================================ Install 1 Package Total download size: 186 M Installed size: 669 M Downloading packages: Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : wazuh-manager-4.8.0-1.x86_64 1/1 Verifying : wazuh-manager-4.8.0-1.x86_64 1/1 Installed: wazuh-manager.x86_64 0:4.8.0-1 Complete! 14/12/2023 11:27:54 DEBUG: Checking Wazuh installation. 14/12/2023 11:27:55 DEBUG: There are Wazuh remaining files. 14/12/2023 11:27:56 DEBUG: There are Wazuh indexer remaining files. 14/12/2023 11:28:07 INFO: Wazuh manager installation finished. 14/12/2023 11:28:07 INFO: Starting service wazuh-manager. Created symlink from /etc/systemd/system/multi-user.target.wants/wazuh-manager.service to /usr/lib/systemd/system/wazuh-manager.service. 14/12/2023 11:28:24 INFO: wazuh-manager service started. 14/12/2023 11:28:24 INFO: Starting Filebeat installation. Loaded plugins: extras_suggestions, langpacks, priorities, update-motd Resolving Dependencies --> Running transaction check ---> Package filebeat.x86_64 0:7.10.2-1 will be installed --> Finished Dependency Resolution Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: filebeat x86_64 7.10.2-1 wazuh 21 M Transaction Summary ================================================================================ Install 1 Package Total download size: 21 M Installed size: 70 M Downloading packages: Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : filebeat-7.10.2-1.x86_64 1/1 Verifying : filebeat-7.10.2-1.x86_64 1/1 Installed: filebeat.x86_64 0:7.10.2-1 Complete! 14/12/2023 11:28:31 DEBUG: Checking Wazuh installation. 14/12/2023 11:28:32 DEBUG: There are Wazuh remaining files. 14/12/2023 11:28:33 DEBUG: There are Wazuh indexer remaining files. 14/12/2023 11:28:43 DEBUG: There are Filebeat remaining files. 14/12/2023 11:28:44 INFO: Filebeat installation finished. 14/12/2023 11:28:44 DEBUG: Configuring Filebeat. 14/12/2023 11:28:44 DEBUG: Filebeat template was download successfully. wazuh/ wazuh/archives/ wazuh/archives/ingest/ wazuh/archives/ingest/pipeline.json wazuh/archives/config/ wazuh/archives/config/archives.yml wazuh/archives/manifest.yml wazuh/_meta/ wazuh/_meta/config.yml wazuh/_meta/docs.asciidoc wazuh/_meta/fields.yml wazuh/alerts/ wazuh/alerts/ingest/ wazuh/alerts/ingest/pipeline.json wazuh/alerts/config/ wazuh/alerts/config/alerts.yml wazuh/alerts/manifest.yml wazuh/module.yml 14/12/2023 11:28:44 DEBUG: Filebeat module was downloaded successfully. 14/12/2023 11:28:44 DEBUG: Copying Filebeat certificates. Created filebeat keystore Successfully updated the keystore Successfully updated the keystore 14/12/2023 11:28:45 INFO: Filebeat post-install configuration finished. 14/12/2023 11:28:45 INFO: Starting service filebeat. Created symlink from /etc/systemd/system/multi-user.target.wants/filebeat.service to /usr/lib/systemd/system/filebeat.service. 14/12/2023 11:28:45 INFO: filebeat service started. 14/12/2023 11:28:45 INFO: --- Wazuh dashboard --- 14/12/2023 11:28:45 INFO: Starting Wazuh dashboard installation. Loaded plugins: extras_suggestions, langpacks, priorities, update-motd Resolving Dependencies --> Running transaction check ---> Package wazuh-dashboard.x86_64 0:4.8.0-1 will be installed --> Finished Dependency Resolution Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: wazuh-dashboard x86_64 4.8.0-1 wazuh 273 M Transaction Summary ================================================================================ Install 1 Package Total download size: 273 M Installed size: 902 M Downloading packages: Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : wazuh-dashboard-4.8.0-1.x86_64 1/1 Verifying : wazuh-dashboard-4.8.0-1.x86_64 1/1 Installed: wazuh-dashboard.x86_64 0:4.8.0-1 Complete! 14/12/2023 11:29:33 DEBUG: Checking Wazuh installation. 14/12/2023 11:29:34 DEBUG: There are Wazuh remaining files. 14/12/2023 11:29:35 DEBUG: There are Wazuh indexer remaining files. 14/12/2023 11:29:35 DEBUG: There are Filebeat remaining files. 14/12/2023 11:29:36 DEBUG: There are Wazuh dashboard remaining files. 14/12/2023 11:29:36 INFO: Wazuh dashboard installation finished. 14/12/2023 11:29:36 DEBUG: Configuring Wazuh dashboard. 14/12/2023 11:29:36 DEBUG: Copying Wazuh dashboard certificates. 14/12/2023 11:29:36 DEBUG: Wazuh dashboard certificate setup finished. 14/12/2023 11:29:36 INFO: Wazuh dashboard post-install configuration finished. 14/12/2023 11:29:36 INFO: Starting service wazuh-dashboard. Created symlink from /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service to /etc/systemd/system/wazuh-dashboard.service. 14/12/2023 11:29:37 INFO: wazuh-dashboard service started. 14/12/2023 11:29:37 DEBUG: Setting Wazuh indexer cluster passwords. 14/12/2023 11:29:37 DEBUG: Checking Wazuh installation. 14/12/2023 11:29:37 INFO: Another process is using YUM. Waiting for it to release the lock. Next retry in 30 seconds (1/10) 14/12/2023 11:30:08 DEBUG: There are Wazuh remaining files. 14/12/2023 11:30:08 DEBUG: There are Wazuh indexer remaining files. 14/12/2023 11:30:09 DEBUG: There are Filebeat remaining files. 14/12/2023 11:30:10 DEBUG: There are Wazuh dashboard remaining files. 14/12/2023 11:30:10 INFO: Updating the internal users. 14/12/2023 11:30:10 DEBUG: Creating password backup. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to localhost:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.10.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: YELLOW Number of nodes: 1 Number of data nodes: 1 .opendistro_security index already exists, so we do not need to create one. Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml 14/12/2023 11:30:16 DEBUG: Password backup created in /etc/wazuh-indexer/backup. 14/12/2023 11:30:16 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder. 14/12/2023 11:30:16 DEBUG: The internal users have been updated before changing the passwords. 14/12/2023 11:30:17 DEBUG: Generating password hashes. 14/12/2023 11:30:24 DEBUG: Password hashes generated. 14/12/2023 11:30:24 DEBUG: Creating password backup. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to localhost:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.10.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: YELLOW Number of nodes: 1 Number of data nodes: 1 .opendistro_security index already exists, so we do not need to create one. Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml 14/12/2023 11:30:27 DEBUG: Password backup created in /etc/wazuh-indexer/backup. Successfully updated the keystore 14/12/2023 11:30:28 DEBUG: Restarting filebeat service... 14/12/2023 11:30:29 DEBUG: filebeat started. 14/12/2023 11:30:30 DEBUG: Restarting wazuh-dashboard service... 14/12/2023 11:30:30 DEBUG: wazuh-dashboard started. 14/12/2023 11:30:30 DEBUG: Running security admin tool. 14/12/2023 11:30:30 DEBUG: Loading new passwords changes. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to localhost:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.10.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: YELLOW Number of nodes: 1 Number of data nodes: 1 .opendistro_security index already exists, so we do not need to create one. Populate config from /home/ec2-user Force type: internalusers Will update '/internalusers' with /etc/wazuh-indexer/backup/internal_users.yml SUCC: Configuration for 'internalusers' created or updated SUCC: Expected 1 config types for node {"updated_config_types":["internalusers"],"updated_config_size":1,"message":null} is 1 (["internalusers"]) due to: null Done with success 14/12/2023 11:30:37 DEBUG: Passwords changed. 14/12/2023 11:30:37 DEBUG: Changing API passwords. 14/12/2023 11:30:44 INFO: Initializing Wazuh dashboard web application. 14/12/2023 11:30:45 INFO: Wazuh dashboard web application initialized. 14/12/2023 11:30:45 INFO: --- Summary --- 14/12/2023 11:30:45 INFO: You can access the web interface https://:443 User: admin Password: 1..bbIwBtkvxEAWsSG2MYJl9*I.hWg6+ 14/12/2023 11:30:45 DEBUG: Restoring Wazuh repository. 14/12/2023 11:30:45 INFO: Installation finished. [root@ip-172-31-40-241 ec2-user]# ```

:green_circle: AIO (online) installation in Ubuntu22

```console root@ip-172-31-37-181:/home/ubuntu# bash wazuh-install.sh -a -v 14/12/2023 11:27:00 DEBUG: Checking root permissions. 14/12/2023 11:27:00 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0 14/12/2023 11:27:00 INFO: Verbose logging redirected to /var/log/wazuh-install.log 14/12/2023 11:27:00 DEBUG: APT package manager will be used. 14/12/2023 11:27:00 DEBUG: Installing check dependencies. Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease Hit:4 http://security.ubuntu.com/ubuntu jammy-security InRelease Hit:5 https://ppa.launchpadcontent.net/ondrej/php/ubuntu jammy InRelease Reading package lists... 14/12/2023 11:27:10 DEBUG: Checking system distribution. 14/12/2023 11:27:10 DEBUG: Detected distribution name: ubuntu 14/12/2023 11:27:10 DEBUG: Detected distribution version: 22 14/12/2023 11:27:10 DEBUG: Checking Wazuh installation. 14/12/2023 11:27:12 DEBUG: Checking system architecture. 14/12/2023 11:27:12 INFO: Verifying that your system meets the recommended minimum hardware requirements. 14/12/2023 11:27:12 DEBUG: CPU cores detected: 2 14/12/2023 11:27:12 DEBUG: Free RAM memory detected: 3859 14/12/2023 11:27:12 INFO: Wazuh web interface port will be 443. 14/12/2023 11:27:12 DEBUG: Checking ports availability. 14/12/2023 11:27:13 DEBUG: Installing prerequisites dependencies. Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease Hit:4 http://security.ubuntu.com/ubuntu jammy-security InRelease Hit:5 https://ppa.launchpadcontent.net/ondrej/php/ubuntu jammy InRelease Reading package lists... 14/12/2023 11:27:18 DEBUG: Checking curl tool version. 14/12/2023 11:27:18 DEBUG: Adding the Wazuh repository. gpg: keyring '/usr/share/keyrings/wazuh.gpg' created gpg: key 96B3EE5F29111145: public key "Wazuh.com (Wazuh Signing Key) " imported gpg: Total number processed: 1 gpg: imported: 1 deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages-dev.wazuh.com/pre-release/apt/ unstable main Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease Hit:4 http://security.ubuntu.com/ubuntu jammy-security InRelease Get:5 https://packages-dev.wazuh.com/pre-release/apt unstable InRelease [17.3 kB] Hit:6 https://ppa.launchpadcontent.net/ondrej/php/ubuntu jammy InRelease Get:7 https://packages-dev.wazuh.com/pre-release/apt unstable/main amd64 Packages [36.0 kB] Fetched 53.3 kB in 1s (40.5 kB/s) Reading package lists... 14/12/2023 11:27:22 INFO: Wazuh development repository added. 14/12/2023 11:27:22 INFO: --- Configuration files --- 14/12/2023 11:27:22 INFO: Generating configuration files. 14/12/2023 11:27:22 DEBUG: Creating Wazuh certificates. 14/12/2023 11:27:22 DEBUG: Reading configuration file. 14/12/2023 11:27:22 DEBUG: Creating the root certificate. ..........+.......+..+.+..+.......+.....+....+....................+.+...........+.......+.....+.......+..............+....+......+..............+...............+......+............+...+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*......+..+.+..+............+.......+..............+....+.....+...+....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+...+...................+...+...+...............+............+.....+...+...+.+......+........+.+...+...+...+.....+..........+.....+.........+..........+..+.+..............+...+...+............+.+..............+.+......+.....+..........+......+............+...+............+..+....+.........+........+.......+......+.....+....+..........................+.+........+.......+......+.....+....+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ .....+.......+...+.........+.....+...+...+.+....................+....+..+....+........+......+.+...+...+.....+.......+.....+......+................+...+..+.+..+.......+...+...+........+......+...+..........+............+...............+........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*......+....+..+..........+..+.+..............+.+......+...+...........+......+....+............+.................+.......+...+......+..+.........+.+.....+.............+..+....+......+.....+....+.....+.........+.......+..+..........+..+.........+....+...+..............+.+...+...........+...+......+.+........+......+.+......+........+.........+.......+...............+.....+....+.....+......+....+..+.........+..................+......+....+.....+............+.+..+.+.........+.................+....+.........+...+............+..+...+......+....+...+...+..+...+.+.....+...............+.+...+..+.......+..+.+.....+..........+...+................................+...................+...+..+...+.............+..+..........+.....+.......+...+...+........+.......+....................+..........+..+......+.......+.........+...............+.....+...+.......+...+...+............+......+..+.......+..+.........+.+........+...+.......+.....+......+.+.....+....+....................+....+..+.+...+..............+.......+.....+.........+.+......+..+.............+..+.+.....+.+.........+............+........+......+......+.......+............+.....+......+...+.......+.....+...+....+...+..+............+.+..+.......+........+...+....+....................+.............+..+...+...+.......+...........+......+..........+......+........+.+.....+......+..........+...+.....+..........+.........+..+...+.......+...+.....+......+.+........................+..+.......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ----- 14/12/2023 11:27:23 DEBUG: Generating Admin certificates. Certificate request self-signature ok subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = admin 14/12/2023 11:27:23 DEBUG: Generating Wazuh indexer certificates. 14/12/2023 11:27:23 DEBUG: Creating the Wazuh indexer certificates. 14/12/2023 11:27:23 DEBUG: Generating certificate configuration. Ignoring -days without -x509; not generating a certificate ..+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*...+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.........+.....+..........+......+..+.+.....+....+......+...........+....+.....+....+.....+......+..........+..+.......+.....+.......+.........+.....+.......+.................+.+..........................+.+.....+.........+....+..+.......+..+...+.+...........+...+.......+...........+....+...+..................+..+...+...+.+...........+.......+..+.+............+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ...........+..+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+...+...+......+...+..+......+...+.......+............+...+...+.....+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+...+...+..................+.....+.+...+..+.........+....+..+......+.............+...............+..+...............+...+......+...+.+...........+.+............+..+.+..+............+.+...+...............+......+.....+.........+.+........+.+.....+.......+........+.+......+............+..+.+............+...+........+.........+...............+......+.+...+.....+.+..+............+...............+.+.....+.+...........+.......+...........+......+......+....+...+......+.....+..........+......+...+..................+..+...+...+....+...+........+.......+...............+..+...............+...............+...+.......+..+.+........+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ----- Certificate request self-signature ok subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-indexer 14/12/2023 11:27:24 DEBUG: Generating Filebeat certificates. 14/12/2023 11:27:24 DEBUG: Creating the Wazuh server certificates. 14/12/2023 11:27:24 DEBUG: Generating certificate configuration. Ignoring -days without -x509; not generating a certificate ..+...........+...+.+..................+..................+..+.+...........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*...........+.....+.+.....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*....+.....+............+.......+............+...........+............+.+......+........+.+..+....+......+...+.....+.......+..+............+.+...+.........+..+.........+.+.....+.+...+..+.......+........+....+...+........+............+.+.........+............+..............+....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ..+.+...+..+...+.+......+......+...+............+........+.......+...+.....................+...+......+..+...+.+......+..+......+................+.....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*....+.....+...+...+...+.......+............+..+....+...........+...+..........+.......................+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.........+..+...+......+.+........+.......+...+...........+......+.......+.....+.+.........+.....+...+.............+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ----- Certificate request self-signature ok subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-server 14/12/2023 11:27:24 DEBUG: Generating Wazuh dashboard certificates. 14/12/2023 11:27:24 DEBUG: Creating the Wazuh dashboard certificates. 14/12/2023 11:27:24 DEBUG: Generating certificate configuration. Ignoring -days without -x509; not generating a certificate ..+...................+..+..........+........+.+...+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*......+..+..........+........+....+...+........+.........+.+..+...+....+...+..+...+.......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+....+.........+......+.....+.......+..+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ .......+........+...+....+...+............+.................+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+.....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+..............+....+........+...+....+..+...+...............+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ----- Certificate request self-signature ok subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-dashboard 14/12/2023 11:27:24 DEBUG: Cleaning certificate files. 14/12/2023 11:27:24 DEBUG: Generating password file. 14/12/2023 11:27:24 DEBUG: Generating random passwords. 14/12/2023 11:27:24 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation. 14/12/2023 11:27:24 DEBUG: Extracting Wazuh configuration. 14/12/2023 11:27:24 DEBUG: Reading configuration file. 14/12/2023 11:27:25 INFO: --- Wazuh indexer --- 14/12/2023 11:27:25 INFO: Starting Wazuh indexer installation. Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: wazuh-indexer 0 upgraded, 1 newly installed, 0 to remove and 84 not upgraded. Need to get 0 B/752 MB of archives. After this operation, 1050 MB of additional disk space will be used. S NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 6.2.0-1017-aws NEEDRESTART-KEXP: 6.2.0-1017-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: filebeat.service 14/12/2023 11:28:48 DEBUG: Checking Wazuh installation. 14/12/2023 11:28:49 DEBUG: There are Wazuh indexer remaining files. 14/12/2023 11:28:50 INFO: Wazuh indexer installation finished. 14/12/2023 11:28:50 DEBUG: Configuring Wazuh indexer. 14/12/2023 11:28:50 DEBUG: Copying Wazuh indexer certificates. 14/12/2023 11:28:50 INFO: Wazuh indexer post-install configuration finished. 14/12/2023 11:28:50 INFO: Starting service wazuh-indexer. Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service → /lib/systemd/system/wazuh-indexer.service. 14/12/2023 11:29:16 INFO: wazuh-indexer service started. 14/12/2023 11:29:16 INFO: Initializing Wazuh indexer cluster security settings. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to 127.0.0.1:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.10.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: GREEN Number of nodes: 1 Number of data nodes: 1 .opendistro_security index does not exists, attempt to create it ... done (0-all replicas) Populate config from /etc/wazuh-indexer/opensearch-security/ Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml SUCC: Configuration for 'config' created or updated Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml SUCC: Configuration for 'roles' created or updated Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml SUCC: Configuration for 'rolesmapping' created or updated Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml SUCC: Configuration for 'internalusers' created or updated Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml SUCC: Configuration for 'actiongroups' created or updated Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml SUCC: Configuration for 'tenants' created or updated Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml SUCC: Configuration for 'nodesdn' created or updated Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml SUCC: Configuration for 'whitelist' created or updated Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml SUCC: Configuration for 'audit' created or updated Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml SUCC: Configuration for 'allowlist' created or updated SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null Done with success Will create index templates to configure the alias SUCC: 'wazuh-alerts' template created or updated SUCC: 'wazuh-archives' template created or updated Will create the 'rollover_policy' policy SUCC: 'rollover_policy' policy created Will create initial indices for the aliases SUCC: 'wazuh-alerts' write index created SUCC: 'wazuh-archives' write index created SUCC: Indexer ISM initialization finished successfully. 14/12/2023 11:29:30 INFO: The Wazuh indexer cluster ISM initialized. 14/12/2023 11:29:30 INFO: Wazuh indexer cluster initialized. 14/12/2023 11:29:30 INFO: --- Wazuh server --- 14/12/2023 11:29:30 INFO: Starting the Wazuh manager installation. Reading package lists... Building dependency tree... Reading state information... Suggested packages: expect The following NEW packages will be installed: wazuh-manager 0 upgraded, 1 newly installed, 0 to remove and 84 not upgraded. Need to get 0 B/117 MB of archives. After this operation, 702 MB of additional NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 6.2.0-1017-aws NEEDRESTART-KEXP: 6.2.0-1017-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: filebeat.service 14/12/2023 11:31:17 DEBUG: Checking Wazuh installation. 14/12/2023 11:31:18 DEBUG: There are Wazuh remaining files. 14/12/2023 11:31:19 DEBUG: There are Wazuh indexer remaining files. 14/12/2023 11:31:20 INFO: Wazuh manager installation finished. 14/12/2023 11:31:20 INFO: Starting service wazuh-manager. Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-manager.service → /lib/systemd/system/wazuh-manager.service. 14/12/2023 11:31:44 INFO: wazuh-manager service started. 14/12/2023 11:31:44 INFO: Starting Filebeat installation. Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: filebeat 0 upgraded, 1 newly installed, 0 to remove and 84 not upgraded. Need to get 0 B/22.1 MB of archives. After this operation, 73.6 MB of additional disk space will be used. Selec NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 6.2.0-1017-aws NEEDRESTART-KEXP: 6.2.0-1017-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: filebeat.service 14/12/2023 11:31:58 DEBUG: Checking Wazuh installation. 14/12/2023 11:31:59 DEBUG: There are Wazuh remaining files. 14/12/2023 11:31:59 DEBUG: There are Wazuh indexer remaining files. 14/12/2023 11:32:00 DEBUG: There are Filebeat remaining files. 14/12/2023 11:32:00 INFO: Filebeat installation finished. 14/12/2023 11:32:00 DEBUG: Configuring Filebeat. 14/12/2023 11:32:01 DEBUG: Filebeat template was download successfully. wazuh/ wazuh/archives/ wazuh/archives/ingest/ wazuh/archives/ingest/pipeline.json wazuh/archives/config/ wazuh/archives/config/archives.yml wazuh/archives/manifest.yml wazuh/_meta/ wazuh/_meta/config.yml wazuh/_meta/docs.asciidoc wazuh/_meta/fields.yml wazuh/alerts/ wazuh/alerts/ingest/ wazuh/alerts/ingest/pipeline.json wazuh/alerts/config/ wazuh/alerts/config/alerts.yml wazuh/alerts/manifest.yml wazuh/module.yml 14/12/2023 11:32:01 DEBUG: Filebeat module was downloaded successfully. 14/12/2023 11:32:01 DEBUG: Copying Filebeat certificates. Created filebeat keystore Successfully updated the keystore Successfully updated the keystore 14/12/2023 11:32:02 INFO: Filebeat post-install configuration finished. 14/12/2023 11:32:02 INFO: Starting service filebeat. Synchronizing state of filebeat.service with SysV service script with /lib/systemd/systemd-sysv-install. Executing: /lib/systemd/systemd-sysv-install enable filebeat Created symlink /etc/systemd/system/multi-user.target.wants/filebeat.service → /lib/systemd/system/filebeat.service. 14/12/2023 11:32:04 INFO: filebeat service started. 14/12/2023 11:32:04 INFO: --- Wazuh dashboard --- 14/12/2023 11:32:04 INFO: Starting Wazuh dashboard installation. Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: wazuh-dashboard 0 upgraded, 1 newly installed, 0 to remove and 84 not upgraded. Need to get 0 B/186 MB of archives. After this operation, 987 MB of additional disk space will be used. NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 6.2.0-1017-aws NEEDRESTART-KEXP: 6.2.0-1017-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: filebeat.service 14/12/2023 11:33:16 DEBUG: Checking Wazuh installation. 14/12/2023 11:33:16 DEBUG: There are Wazuh remaining files. 14/12/2023 11:33:17 DEBUG: There are Wazuh indexer remaining files. 14/12/2023 11:33:18 DEBUG: There are Filebeat remaining files. 14/12/2023 11:33:18 DEBUG: There are Wazuh dashboard remaining files. 14/12/2023 11:33:18 INFO: Wazuh dashboard installation finished. 14/12/2023 11:33:18 DEBUG: Configuring Wazuh dashboard. 14/12/2023 11:33:18 DEBUG: Copying Wazuh dashboard certificates. 14/12/2023 11:33:18 DEBUG: Wazuh dashboard certificate setup finished. 14/12/2023 11:33:18 INFO: Wazuh dashboard post-install configuration finished. 14/12/2023 11:33:18 INFO: Starting service wazuh-dashboard. Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service → /etc/systemd/system/wazuh-dashboard.service. 14/12/2023 11:33:19 INFO: wazuh-dashboard service started. 14/12/2023 11:33:19 DEBUG: Setting Wazuh indexer cluster passwords. 14/12/2023 11:33:19 DEBUG: Checking Wazuh installation. 14/12/2023 11:33:20 DEBUG: There are Wazuh remaining files. 14/12/2023 11:33:21 DEBUG: There are Wazuh indexer remaining files. 14/12/2023 11:33:21 DEBUG: There are Filebeat remaining files. 14/12/2023 11:33:22 DEBUG: There are Wazuh dashboard remaining files. 14/12/2023 11:33:22 INFO: Updating the internal users. 14/12/2023 11:33:22 DEBUG: Creating password backup. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to localhost:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.10.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: YELLOW Number of nodes: 1 Number of data nodes: 1 .opendistro_security index already exists, so we do not need to create one. Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml 14/12/2023 11:33:31 DEBUG: Password backup created in /etc/wazuh-indexer/backup. 14/12/2023 11:33:31 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder. 14/12/2023 11:33:31 DEBUG: The internal users have been updated before changing the passwords. 14/12/2023 11:33:35 DEBUG: Generating password hashes. 14/12/2023 11:33:45 DEBUG: Password hashes generated. 14/12/2023 11:33:45 DEBUG: Creating password backup. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to localhost:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.10.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: YELLOW Number of nodes: 1 Number of data nodes: 1 .opendistro_security index already exists, so we do not need to create one. Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml 14/12/2023 11:33:50 DEBUG: Password backup created in /etc/wazuh-indexer/backup. Successfully updated the keystore 14/12/2023 11:33:51 DEBUG: Restarting filebeat service... 14/12/2023 11:33:51 DEBUG: filebeat started. 14/12/2023 11:33:53 DEBUG: Restarting wazuh-dashboard service... 14/12/2023 11:33:54 DEBUG: wazuh-dashboard started. 14/12/2023 11:33:54 DEBUG: Running security admin tool. 14/12/2023 11:33:54 DEBUG: Loading new passwords changes. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to localhost:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.10.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: YELLOW Number of nodes: 1 Number of data nodes: 1 .opendistro_security index already exists, so we do not need to create one. Populate config from /home/ubuntu Force type: internalusers Will update '/internalusers' with /etc/wazuh-indexer/backup/internal_users.yml SUCC: Configuration for 'internalusers' created or updated SUCC: Expected 1 config types for node {"updated_config_types":["internalusers"],"updated_config_size":1,"message":null} is 1 (["internalusers"]) due to: null Done with success 14/12/2023 11:34:01 DEBUG: Passwords changed. 14/12/2023 11:34:01 DEBUG: Changing API passwords. 14/12/2023 11:34:08 INFO: Initializing Wazuh dashboard web application. 14/12/2023 11:34:10 INFO: Wazuh dashboard web application not yet initialized. Waiting... 14/12/2023 11:34:26 INFO: Wazuh dashboard web application not yet initialized. Waiting... 14/12/2023 11:34:41 INFO: Wazuh dashboard web application initialized. 14/12/2023 11:34:41 INFO: --- Summary --- 14/12/2023 11:34:41 INFO: You can access the web interface https://:443 User: admin Password: ZVycft07bo0UJ+l32884zp6tvbinggfL 14/12/2023 11:34:41 DEBUG: Restoring Wazuh repository. 14/12/2023 11:34:41 INFO: Installation finished. ```

As the final testing, the offline installation has been tested in 5 instances of EC2 with the internet connection disabled. This has been done creating the TestOffline SG, which deny all the outbound traffic.

[root@ip-172-31-40-241 ec2-user]# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
^C
--- 8.8.8.8 ping statistics ---
4 packets transmitted, 0 received, 100% packet loss, time 3074ms

[root@ip-172-31-40-241 ec2-user]#

:green_circle: AIO offline (no internet) in Debian 11

```console root@ip-172-31-46-216:/home/admin# ping 8.8.8.8 PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data. ^C --- 8.8.8.8 ping statistics --- 3 packets transmitted, 0 received, 100% packet loss, time 2027ms root@ip-172-31-46-216:/home/admin# bash wazuh-install.sh -a -of -v 13/12/2023 17:58:49 DEBUG: Checking root permissions. 13/12/2023 17:58:49 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0 13/12/2023 17:58:49 INFO: Verbose logging redirected to /var/log/wazuh-install.log 13/12/2023 17:58:49 DEBUG: APT package manager will be used. 13/12/2023 17:58:49 INFO: Checking installed dependencies for Offline installation. 13/12/2023 17:58:51 DEBUG: Offline dependencies are installed. 13/12/2023 17:58:51 DEBUG: Checking system distribution. 13/12/2023 17:58:51 ERROR: The recommended systems are: Red Hat Enterprise Linux 7, 8, 9; CentOS 7, 8; Amazon Linux 2; Ubuntu 16.04, 18.04, 20.04, 22.04. The current system does not match this list. Use -i|--ignore-check to skip this check. root@ip-172-31-46-216:/home/admin# bash wazuh-install.sh -a -of -v -i 13/12/2023 17:59:06 DEBUG: Checking root permissions. 13/12/2023 17:59:06 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0 13/12/2023 17:59:06 INFO: Verbose logging redirected to /var/log/wazuh-install.log 13/12/2023 17:59:06 DEBUG: APT package manager will be used. 13/12/2023 17:59:06 INFO: Checking installed dependencies for Offline installation. 13/12/2023 17:59:07 DEBUG: Offline dependencies are installed. 13/12/2023 17:59:07 DEBUG: Checking system distribution. 13/12/2023 17:59:07 DEBUG: Detected distribution name: debian 13/12/2023 17:59:07 DEBUG: Detected distribution version: 11 13/12/2023 17:59:07 DEBUG: Checking Wazuh installation. 13/12/2023 17:59:09 DEBUG: Checking system architecture. 13/12/2023 17:59:09 WARNING: Hardware and system checks ignored. 13/12/2023 17:59:09 INFO: Wazuh web interface port will be 443. 13/12/2023 17:59:09 DEBUG: Checking ports availability. 13/12/2023 17:59:10 INFO: Checking wazuh-offline.tar.gz file. 13/12/2023 17:59:10 DEBUG: wazuh-offline.tar.gz was found correctly. 13/12/2023 17:59:10 DEBUG: Extracting files from wazuh-offline.tar.gz 13/12/2023 17:59:19 DEBUG: Offline files extracted successfully. 13/12/2023 17:59:19 DEBUG: Checking curl tool version. 13/12/2023 17:59:19 DEBUG: Adding the Wazuh repository. gpg: keyring '/usr/share/keyrings/wazuh.gpg' created gpg: directory '/root/.gnupg' created gpg: /root/.gnupg/trustdb.gpg: trustdb created gpg: key 96B3EE5F29111145: public key "Wazuh.com (Wazuh Signing Key) " imported gpg: Total number processed: 1 gpg: imported: 1 deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages-dev.wazuh.com/pre-release/apt/ unstable main Err:1 http://cdn-aws.deb.debian.org/debian bullseye InRelease Cannot initiate the connection to cdn-aws.deb.debian.org:80 (2600:9000:24f3:200:c:a756:bac0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to cdn-aws.deb.debian.org:80 (2600:9000:24f3:d000:c:a756:bac0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to cdn-aws.deb.debian.org:80 (2600:9000:24f3:1a00:c:a756:bac0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to cdn-aws.deb.debian.org:80 (2600:9000:24f3:dc00:c:a756:bac0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to cdn-aws.deb.debian.org:80 (2600:9000:24f3:2c00:c:a756:bac0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to cdn-aws.deb.debian.org:80 (2600:9000:24f3:3a00:c:a756:bac0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to cdn-aws.deb.debian.org:80 (2600:9000:24f3:ae00:c:a756:bac0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to cdn-aws.deb.debian.org:80 (2600:9000:24f3:9000:c:a756:bac0:93a1). - connect (101: Network is unreachable) Could not connect to cdn-aws.deb.debian.org:80 (18.160.46.116), connection timed out Could not connect to cdn-aws.deb.debian.org:80 (18.160.46.35), connection timed out Could not connect to cdn-aws.deb.debian.org:80 (18.160.46.41), connection timed out Could not connect to cdn-aws.deb.debian.org:80 (18.160.46.40), connection timed out Err:2 http://cdn-aws.deb.debian.org/debian bullseye-updates InRelease Cannot initiate the connection to cdn-aws.deb.debian.org:80 (2600:9000:24f3:200:c:a756:bac0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to cdn-aws.deb.debian.org:80 (2600:9000:24f3:d000:c:a756:bac0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to cdn-aws.deb.debian.org:80 (2600:9000:24f3:1a00:c:a756:bac0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to cdn-aws.deb.debian.org:80 (2600:9000:24f3:dc00:c:a756:bac0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to cdn-aws.deb.debian.org:80 (2600:9000:24f3:2c00:c:a756:bac0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to cdn-aws.deb.debian.org:80 (2600:9000:24f3:3a00:c:a756:bac0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to cdn-aws.deb.debian.org:80 (2600:9000:24f3:ae00:c:a756:bac0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to cdn-aws.deb.debian.org:80 (2600:9000:24f3:9000:c:a756:bac0:93a1). - connect (101: Network is unreachable) Err:3 http://cdn-aws.deb.debian.org/debian bullseye-backports InRelease Cannot initiate the connection to cdn-aws.deb.debian.org:80 (2600:9000:24f3:200:c:a756:bac0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to cdn-aws.deb.debian.org:80 (2600:9000:24f3:d000:c:a756:bac0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to cdn-aws.deb.debian.org:80 (2600:9000:24f3:1a00:c:a756:bac0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to cdn-aws.deb.debian.org:80 (2600:9000:24f3:dc00:c:a756:bac0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to cdn-aws.deb.debian.org:80 (2600:9000:24f3:2c00:c:a756:bac0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to cdn-aws.deb.debian.org:80 (2600:9000:24f3:3a00:c:a756:bac0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to cdn-aws.deb.debian.org:80 (2600:9000:24f3:ae00:c:a756:bac0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to cdn-aws.deb.debian.org:80 (2600:9000:24f3:9000:c:a756:bac0:93a1). - connect (101: Network is unreachable) Err:4 https://packages-dev.wazuh.com/pre-release/apt unstable InRelease Cannot initiate the connection to packages-dev.wazuh.com:443 (2600:9000:2199:2c00:14:ca3a:45c0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to packages-dev.wazuh.com:443 (2600:9000:2199:1200:14:ca3a:45c0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to packages-dev.wazuh.com:443 (2600:9000:2199:7200:14:ca3a:45c0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to packages-dev.wazuh.com:443 (2600:9000:2199:a400:14:ca3a:45c0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to packages-dev.wazuh.com:443 (2600:9000:2199:1600:14:ca3a:45c0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to packages-dev.wazuh.com:443 (2600:9000:2199:4000:14:ca3a:45c0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to packages-dev.wazuh.com:443 (2600:9000:2199:b200:14:ca3a:45c0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to packages-dev.wazuh.com:443 (2600:9000:2199:c800:14:ca3a:45c0:93a1). - connect (101: Network is unreachable) Could not connect to packages-dev.wazuh.com:443 (99.84.208.61), connection timed out Could not connect to packages-dev.wazuh.com:443 (99.84.208.42), connection timed out Could not connect to packages-dev.wazuh.com:443 (99.84.208.124), connection timed out Could not connect to packages-dev.wazuh.com:443 (99.84.208.121), connection timed out Err:5 http://security.debian.org/debian-security bullseye-security InRelease Cannot initiate the connection to debian.map.fastlydns.net:80 (2a04:4e42:78::644). - connect (101: Network is unreachable) Could not connect to debian.map.fastlydns.net:80 (146.75.30.132), connection timed out Cannot initiate the connection to security.debian.org:80 (2a04:4e42:600::644). - connect (101: Network is unreachable) Cannot initiate the connection to security.debian.org:80 (2a04:4e42::644). - connect (101: Network is unreachable) Cannot initiate the connection to security.debian.org:80 (2a04:4e42:400::644). - connect (101: Network is unreachable) Cannot initiate the connection to security.debian.org:80 (2a04:4e42:200::644). - connect (101: Network is unreachable) Could not connect to security.debian.org:80 (151.101.66.132), connection timed out Could not connect to security.debian.org:80 (151.101.130.132), connection timed out Could not connect to security.debian.org:80 (151.101.194.132), connection timed out Could not connect to security.debian.org:80 (151.101.2.132), connection timed out Reading package lists... W: Failed to fetch http://cdn-aws.deb.debian.org/debian/dists/bullseye/InRelease Cannot initiate the connection to cdn-aws.deb.debian.org:80 (2600:9000:24f3:200:c:a756:bac0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to cdn-aws.deb.debian.org:80 (2600:9000:24f3:d000:c:a756:bac0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to cdn-aws.deb.debian.org:80 (2600:9000:24f3:1a00:c:a756:bac0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to cdn-aws.deb.debian.org:80 (2600:9000:24f3:dc00:c:a756:bac0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to cdn-aws.deb.debian.org:80 (2600:9000:24f3:2c00:c:a756:bac0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to cdn-aws.deb.debian.org:80 (2600:9000:24f3:3a00:c:a756:bac0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to cdn-aws.deb.debian.org:80 (2600:9000:24f3:ae00:c:a756:bac0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to cdn-aws.deb.debian.org:80 (2600:9000:24f3:9000:c:a756:bac0:93a1). - connect (101: Network is unreachable) Could not connect to cdn-aws.deb.debian.org:80 (18.160.46.116), connection timed out Could not connect to cdn-aws.deb.debian.org:80 (18.160.46.35), connection timed out Could not connect to cdn-aws.deb.debian.org:80 (18.160.46.41), connection timed out Could not connect to cdn-aws.deb.debian.org:80 (18.160.46.40), connection timed out W: Failed to fetch http://security.debian.org/debian-security/dists/bullseye-security/InRelease Cannot initiate the connection to debian.map.fastlydns.net:80 (2a04:4e42:78::644). - connect (101: Network is unreachable) Could not connect to debian.map.fastlydns.net:80 (146.75.30.132), connection timed out Cannot initiate the connection to security.debian.org:80 (2a04:4e42:600::644). - connect (101: Network is unreachable) Cannot initiate the connection to security.debian.org:80 (2a04:4e42::644). - connect (101: Network is unreachable) Cannot initiate the connection to security.debian.org:80 (2a04:4e42:400::644). - connect (101: Network is unreachable) Cannot initiate the connection to security.debian.org:80 (2a04:4e42:200::644). - connect (101: Network is unreachable) Could not connect to security.debian.org:80 (151.101.66.132), connection timed out Could not connect to security.debian.org:80 (151.101.130.132), connection timed out Could not connect to security.debian.org:80 (151.101.194.132), connection timed out Could not connect to security.debian.org:80 (151.101.2.132), connection timed out W: Failed to fetch http://cdn-aws.deb.debian.org/debian/dists/bullseye-updates/InRelease Cannot initiate the connection to cdn-aws.deb.debian.org:80 (2600:9000:24f3:200:c:a756:bac0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to cdn-aws.deb.debian.org:80 (2600:9000:24f3:d000:c:a756:bac0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to cdn-aws.deb.debian.org:80 (2600:9000:24f3:1a00:c:a756:bac0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to cdn-aws.deb.debian.org:80 (2600:9000:24f3:dc00:c:a756:bac0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to cdn-aws.deb.debian.org:80 (2600:9000:24f3:2c00:c:a756:bac0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to cdn-aws.deb.debian.org:80 (2600:9000:24f3:3a00:c:a756:bac0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to cdn-aws.deb.debian.org:80 (2600:9000:24f3:ae00:c:a756:bac0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to cdn-aws.deb.debian.org:80 (2600:9000:24f3:9000:c:a756:bac0:93a1). - connect (101: Network is unreachable) W: Failed to fetch http://cdn-aws.deb.debian.org/debian/dists/bullseye-backports/InRelease Cannot initiate the connection to cdn-aws.deb.debian.org:80 (2600:9000:24f3:200:c:a756:bac0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to cdn-aws.deb.debian.org:80 (2600:9000:24f3:d000:c:a756:bac0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to cdn-aws.deb.debian.org:80 (2600:9000:24f3:1a00:c:a756:bac0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to cdn-aws.deb.debian.org:80 (2600:9000:24f3:dc00:c:a756:bac0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to cdn-aws.deb.debian.org:80 (2600:9000:24f3:2c00:c:a756:bac0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to cdn-aws.deb.debian.org:80 (2600:9000:24f3:3a00:c:a756:bac0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to cdn-aws.deb.debian.org:80 (2600:9000:24f3:ae00:c:a756:bac0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to cdn-aws.deb.debian.org:80 (2600:9000:24f3:9000:c:a756:bac0:93a1). - connect (101: Network is unreachable) W: Failed to fetch https://packages-dev.wazuh.com/pre-release/apt/dists/unstable/InRelease Cannot initiate the connection to packages-dev.wazuh.com:443 (2600:9000:2199:2c00:14:ca3a:45c0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to packages-dev.wazuh.com:443 (2600:9000:2199:1200:14:ca3a:45c0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to packages-dev.wazuh.com:443 (2600:9000:2199:7200:14:ca3a:45c0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to packages-dev.wazuh.com:443 (2600:9000:2199:a400:14:ca3a:45c0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to packages-dev.wazuh.com:443 (2600:9000:2199:1600:14:ca3a:45c0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to packages-dev.wazuh.com:443 (2600:9000:2199:4000:14:ca3a:45c0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to packages-dev.wazuh.com:443 (2600:9000:2199:b200:14:ca3a:45c0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to packages-dev.wazuh.com:443 (2600:9000:2199:c800:14:ca3a:45c0:93a1). - connect (101: Network is unreachable) Could not connect to packages-dev.wazuh.com:443 (99.84.208.61), connection timed out Could not connect to packages-dev.wazuh.com:443 (99.84.208.42), connection timed out Could not connect to packages-dev.wazuh.com:443 (99.84.208.124), connection timed out Could not connect to packages-dev.wazuh.com:443 (99.84.208.121), connection timed out W: Some index files failed to download. They have been ignored, or old ones used instead. 13/12/2023 18:00:22 INFO: Wazuh development repository added. 13/12/2023 18:00:22 INFO: --- Configuration files --- 13/12/2023 18:00:22 INFO: Generating configuration files. 13/12/2023 18:00:22 DEBUG: Creating Wazuh certificates. 13/12/2023 18:00:22 DEBUG: Reading configuration file. 13/12/2023 18:00:22 DEBUG: Creating the root certificate. Generating a RSA private key ....+++++ ............................................+++++ writing new private key to '/tmp/wazuh-certificates//root-ca.key' ----- 13/12/2023 18:00:22 DEBUG: Generating Admin certificates. Generating RSA private key, 2048 bit long modulus (2 primes) ..................................................................+++++ .....................+++++ e is 65537 (0x010001) Signature ok subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = admin Getting CA Private Key 13/12/2023 18:00:22 DEBUG: Generating Wazuh indexer certificates. 13/12/2023 18:00:22 DEBUG: Creating the Wazuh indexer certificates. 13/12/2023 18:00:22 DEBUG: Generating certificate configuration. Ignoring -days; not generating a certificate Generating a RSA private key ..+++++ ...................................+++++ writing new private key to '/tmp/wazuh-certificates//wazuh-indexer-key.pem' ----- Signature ok subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-indexer Getting CA Private Key 13/12/2023 18:00:22 DEBUG: Generating Filebeat certificates. 13/12/2023 18:00:22 DEBUG: Creating the Wazuh server certificates. 13/12/2023 18:00:22 DEBUG: Generating certificate configuration. Ignoring -days; not generating a certificate Generating a RSA private key ...........................................................................................................+++++ ..............................................................................................................................................+++++ writing new private key to '/tmp/wazuh-certificates//wazuh-server-key.pem' ----- Signature ok subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-server Getting CA Private Key 13/12/2023 18:00:23 DEBUG: Generating Wazuh dashboard certificates. 13/12/2023 18:00:23 DEBUG: Creating the Wazuh dashboard certificates. 13/12/2023 18:00:23 DEBUG: Generating certificate configuration. Ignoring -days; not generating a certificate Generating a RSA private key ..................+++++ ......................................................................................+++++ writing new private key to '/tmp/wazuh-certificates//wazuh-dashboard-key.pem' ----- Signature ok subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-dashboard Getting CA Private Key 13/12/2023 18:00:23 DEBUG: Cleaning certificate files. 13/12/2023 18:00:23 DEBUG: Generating password file. 13/12/2023 18:00:23 DEBUG: Generating random passwords. 13/12/2023 18:00:23 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation. 13/12/2023 18:00:23 DEBUG: Extracting Wazuh configuration. 13/12/2023 18:00:23 DEBUG: Reading configuration file. 13/12/2023 18:00:24 INFO: --- Wazuh indexer --- 13/12/2023 18:00:24 INFO: Starting Wazuh indexer installation. Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: wazuh-indexer 0 upgraded, 1 newly installed, 0 to remove and 38 not upgraded. Need to get 0 B/752 MB of archives. After this operation, 1050 MB of additional disk space will be used. Get:1 /home/admin/wazuh-offline/wazuh-packages/wazuh-indexer_4.8.0-1_amd64.deb wazuh-indexer amd64 4.8.0-1 [752 MB] Selecting previously unselected (Reading database ... 28797 files and directories c Preparing to unpack .../wazuh-indexer_4.8.0-1_amd6 Created opensearch keystore in /etc/wazuh-indexer/opensearch.keystore 13/12/2023 18:01:54 DEBUG: Checking Wazuh installation. 13/12/2023 18:01:54 DEBUG: There are Wazuh indexer remaining files. 13/12/2023 18:01:55 INFO: Wazuh indexer installation finished. 13/12/2023 18:01:55 DEBUG: Configuring Wazuh indexer. 13/12/2023 18:01:55 DEBUG: Copying Wazuh indexer certificates. 13/12/2023 18:01:55 INFO: Wazuh indexer post-install configuration finished. 13/12/2023 18:01:55 INFO: Starting service wazuh-indexer. Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service → /lib/systemd/system/wazuh-indexer.service. 13/12/2023 18:02:21 INFO: wazuh-indexer service started. 13/12/2023 18:02:21 INFO: Initializing Wazuh indexer cluster security settings. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to 127.0.0.1:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.10.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: GREEN Number of nodes: 1 Number of data nodes: 1 .opendistro_security index does not exists, attempt to create it ... done (0-all replicas) Populate config from /etc/wazuh-indexer/opensearch-security/ Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml SUCC: Configuration for 'config' created or updated Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml SUCC: Configuration for 'roles' created or updated Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml SUCC: Configuration for 'rolesmapping' created or updated Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml SUCC: Configuration for 'internalusers' created or updated Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml SUCC: Configuration for 'actiongroups' created or updated Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml SUCC: Configuration for 'tenants' created or updated Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml SUCC: Configuration for 'nodesdn' created or updated Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml SUCC: Configuration for 'whitelist' created or updated Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml SUCC: Configuration for 'audit' created or updated Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml SUCC: Configuration for 'allowlist' created or updated SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null Done with success Will create index templates to configure the alias SUCC: 'wazuh-alerts' template created or updated SUCC: 'wazuh-archives' template created or updated Will create the 'rollover_policy' policy SUCC: 'rollover_policy' policy created Will create initial indices for the aliases SUCC: 'wazuh-alerts' write index created SUCC: 'wazuh-archives' write index created SUCC: Indexer ISM initialization finished successfully. 13/12/2023 18:02:34 INFO: The Wazuh indexer cluster ISM initialized. 13/12/2023 18:02:34 INFO: Wazuh indexer cluster initialized. 13/12/2023 18:02:34 INFO: --- Wazuh server --- 13/12/2023 18:02:34 INFO: Starting the Wazuh manager installation. Reading package lists... Building dependency tree... Reading state information... Suggested packages: expect The following NEW packages will be installed: wazuh-manager 0 upgraded, 1 newly installed, 0 to remove and 38 not upgraded. Need to get 0 B/117 MB of archives. After this operation, 702 MB of additional disk space will be used. Get:1 /home/admin/wazuh-offline/wazuh-packages/wazuh-manager_4.8.0-1_amd64.deb wazuh-manager amd64 4.8.0-1 [117 MB] Select(Reading database ... 29972 files and directories c Preparing to unpack .../wazuh-manager_4.8.0-1_amd6 Setting up wazuh-manager (4.8.0-1) ... 13/12/2023 18:04:07 DEBUG: Checking Wazuh installation. 13/12/2023 18:04:08 DEBUG: There are Wazuh remaining files. 13/12/2023 18:04:08 DEBUG: There are Wazuh indexer remaining files. 13/12/2023 18:04:09 INFO: Wazuh manager installation finished. 13/12/2023 18:04:09 INFO: Starting service wazuh-manager. Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-manager.service → /lib/systemd/system/wazuh-manager.service. 13/12/2023 18:04:32 INFO: wazuh-manager service started. 13/12/2023 18:04:32 INFO: Starting Filebeat installation. Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: filebeat 0 upgraded, 1 newly installed, 0 to remove and 38 not upgraded. Need to get 0 B/22.1 MB of archives. After this operation, 73.6 MB of additional disk space will be used. Get:1 /home/admin/wazuh-offline/wazuh-packages/filebeat-oss-7.10.2-amd64.deb filebeat amd64 7.10.2 [22.1 MB] Setting up filebeat (7.10.2) ...-oss-7.10.2-amd64.deb ...y installed.) 13/12/2023 18:04:38 DEBUG: Checking Wazuh installation. 13/12/2023 18:04:38 DEBUG: There are Wazuh remaining files. 13/12/2023 18:04:39 DEBUG: There are Wazuh indexer remaining files. 13/12/2023 18:04:39 DEBUG: There are Filebeat remaining files. 13/12/2023 18:04:39 INFO: Filebeat installation finished. 13/12/2023 18:04:39 DEBUG: Configuring Filebeat. wazuh/ wazuh/archives/ wazuh/archives/ingest/ wazuh/archives/ingest/pipeline.json wazuh/archives/config/ wazuh/archives/config/archives.yml wazuh/archives/manifest.yml wazuh/_meta/ wazuh/_meta/config.yml wazuh/_meta/docs.asciidoc wazuh/_meta/fields.yml wazuh/alerts/ wazuh/alerts/ingest/ wazuh/alerts/ingest/pipeline.json wazuh/alerts/config/ wazuh/alerts/config/alerts.yml wazuh/alerts/manifest.yml wazuh/module.yml 13/12/2023 18:04:39 DEBUG: Copying Filebeat certificates. Created filebeat keystore Successfully updated the keystore Successfully updated the keystore 13/12/2023 18:04:40 INFO: Filebeat post-install configuration finished. 13/12/2023 18:04:40 INFO: Starting service filebeat. Synchronizing state of filebeat.service with SysV service script with /lib/systemd/systemd-sysv-install. Executing: /lib/systemd/systemd-sysv-install enable filebeat Created symlink /etc/systemd/system/multi-user.target.wants/filebeat.service → /lib/systemd/system/filebeat.service. 13/12/2023 18:04:41 INFO: filebeat service started. 13/12/2023 18:04:41 INFO: --- Wazuh dashboard --- 13/12/2023 18:04:41 INFO: Starting Wazuh dashboard installation. Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: wazuh-dashboard 0 upgraded, 1 newly installed, 0 to remove and 38 not upgraded. Need to get 0 B/186 MB of archives. After this operation, 987 MB of additional disk space will be used. Get:1 /home/admin/wazuh-offline/wazuh-packages/wazuh-dashboard_4.8.0-1_amd64.deb wazuh-dashboard amd64 4 Setting up wazuh-dashboard (4.8.0-1) ...4.8.0-1_amd64.deb ...stalled.). 13/12/2023 18:05:49 DEBUG: Checking Wazuh installation. 13/12/2023 18:05:49 DEBUG: There are Wazuh remaining files. 13/12/2023 18:05:50 DEBUG: There are Wazuh indexer remaining files. 13/12/2023 18:05:50 DEBUG: There are Filebeat remaining files. 13/12/2023 18:05:51 DEBUG: There are Wazuh dashboard remaining files. 13/12/2023 18:05:51 INFO: Wazuh dashboard installation finished. 13/12/2023 18:05:51 DEBUG: Configuring Wazuh dashboard. 13/12/2023 18:05:51 DEBUG: Copying Wazuh dashboard certificates. 13/12/2023 18:05:51 DEBUG: Wazuh dashboard certificate setup finished. 13/12/2023 18:05:51 INFO: Wazuh dashboard post-install configuration finished. 13/12/2023 18:05:51 INFO: Starting service wazuh-dashboard. Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service → /etc/systemd/system/wazuh-dashboard.service. 13/12/2023 18:05:52 INFO: wazuh-dashboard service started. 13/12/2023 18:05:52 DEBUG: Setting Wazuh indexer cluster passwords. 13/12/2023 18:05:52 DEBUG: Checking Wazuh installation. 13/12/2023 18:05:52 DEBUG: There are Wazuh remaining files. 13/12/2023 18:05:52 DEBUG: There are Wazuh indexer remaining files. 13/12/2023 18:05:53 DEBUG: There are Filebeat remaining files. 13/12/2023 18:05:53 DEBUG: There are Wazuh dashboard remaining files. 13/12/2023 18:05:53 INFO: Updating the internal users. 13/12/2023 18:05:53 DEBUG: Creating password backup. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to localhost:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.10.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: YELLOW Number of nodes: 1 Number of data nodes: 1 .opendistro_security index already exists, so we do not need to create one. Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml 13/12/2023 18:06:02 DEBUG: Password backup created in /etc/wazuh-indexer/backup. 13/12/2023 18:06:02 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder. 13/12/2023 18:06:02 DEBUG: The internal users have been updated before changing the passwords. 13/12/2023 18:06:04 DEBUG: Generating password hashes. 13/12/2023 18:06:15 DEBUG: Password hashes generated. 13/12/2023 18:06:15 DEBUG: Creating password backup. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to localhost:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.10.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: YELLOW Number of nodes: 1 Number of data nodes: 1 .opendistro_security index already exists, so we do not need to create one. Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml 13/12/2023 18:06:19 DEBUG: Password backup created in /etc/wazuh-indexer/backup. Successfully updated the keystore 13/12/2023 18:06:19 DEBUG: Restarting filebeat service... 13/12/2023 18:06:19 DEBUG: filebeat started. 13/12/2023 18:06:21 DEBUG: Restarting wazuh-dashboard service... 13/12/2023 18:06:21 DEBUG: wazuh-dashboard started. 13/12/2023 18:06:21 DEBUG: Running security admin tool. 13/12/2023 18:06:21 DEBUG: Loading new passwords changes. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to localhost:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.10.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: YELLOW Number of nodes: 1 Number of data nodes: 1 .opendistro_security index already exists, so we do not need to create one. Populate config from /home/admin Force type: internalusers Will update '/internalusers' with /etc/wazuh-indexer/backup/internal_users.yml SUCC: Configuration for 'internalusers' created or updated SUCC: Expected 1 config types for node {"updated_config_types":["internalusers"],"updated_config_size":1,"message":null} is 1 (["internalusers"]) due to: null Done with success 13/12/2023 18:06:27 DEBUG: Passwords changed. 13/12/2023 18:06:27 DEBUG: Changing API passwords. 13/12/2023 18:06:35 INFO: Initializing Wazuh dashboard web application. 13/12/2023 18:06:35 INFO: Wazuh dashboard web application not yet initialized. Waiting... 13/12/2023 18:06:51 INFO: Wazuh dashboard web application not yet initialized. Waiting... 13/12/2023 18:07:06 INFO: Wazuh dashboard web application initialized. 13/12/2023 18:07:06 INFO: --- Summary --- 13/12/2023 18:07:06 INFO: You can access the web interface https://:443 User: admin Password: uMr0VEqd+bhxWwA?8bWAnlbyckD0lrdr 13/12/2023 18:07:06 DEBUG: Restoring Wazuh repository. 13/12/2023 18:07:06 INFO: Installation finished. root@ip-172-31-46-216:/home/admin# ```

:green_circle: AIO offline (no internet) in Ubuntu 22

```console root@ip-172-31-37-181:/home/ubuntu# bash wazuh-install.sh -a -of -v 13/12/2023 18:01:24 DEBUG: Checking root permissions. 13/12/2023 18:01:24 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0 13/12/2023 18:01:24 INFO: Verbose logging redirected to /var/log/wazuh-install.log 13/12/2023 18:01:24 DEBUG: APT package manager will be used. 13/12/2023 18:01:24 INFO: Checking installed dependencies for Offline installation. 13/12/2023 18:01:29 DEBUG: Offline dependencies are installed. 13/12/2023 18:01:29 DEBUG: Checking system distribution. 13/12/2023 18:01:29 DEBUG: Detected distribution name: ubuntu 13/12/2023 18:01:29 DEBUG: Detected distribution version: 22 13/12/2023 18:01:29 DEBUG: Checking Wazuh installation. 13/12/2023 18:01:31 DEBUG: Checking system architecture. 13/12/2023 18:01:31 INFO: Verifying that your system meets the recommended minimum hardware requirements. 13/12/2023 18:01:31 DEBUG: CPU cores detected: 2 13/12/2023 18:01:31 DEBUG: Free RAM memory detected: 3859 13/12/2023 18:01:31 INFO: Wazuh web interface port will be 443. 13/12/2023 18:01:31 DEBUG: Checking ports availability. 13/12/2023 18:01:33 INFO: Checking wazuh-offline.tar.gz file. 13/12/2023 18:01:33 DEBUG: wazuh-offline.tar.gz was found correctly. 13/12/2023 18:01:33 DEBUG: Extracting files from wazuh-offline.tar.gz 13/12/2023 18:01:43 DEBUG: Offline files extracted successfully. 13/12/2023 18:01:43 DEBUG: Checking curl tool version. 13/12/2023 18:01:43 DEBUG: Adding the Wazuh repository. gpg: keyring '/usr/share/keyrings/wazuh.gpg' created gpg: key 96B3EE5F29111145: public key "Wazuh.com (Wazuh Signing Key) " imported gpg: Total number processed: 1 gpg: imported: 1 deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages-dev.wazuh.com/pre-release/apt/ unstable main Ign:1 https://ppa.launchpadcontent.net/ondrej/php/ubuntu jammy InRelease Ign:2 https://packages-dev.wazuh.com/pre-release/apt unstable InRelease Ign:1 https://ppa.launchpadcontent.net/ondrej/php/ubuntu jammy InRelease Ign:3 http://security.ubuntu.com/ubuntu jammy-security InRelease Ign:2 https://packages-dev.wazuh.com/pre-release/apt unstable InRelease Ign:3 http://security.ubuntu.com/ubuntu jammy-security InRelease Ign:4 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease Ign:5 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease Ign:6 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease Ign:1 https://ppa.launchpadcontent.net/ondrej/php/ubuntu jammy InRelease Ign:4 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease Ign:5 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease Ign:6 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease Ign:2 https://packages-dev.wazuh.com/pre-release/apt unstable InRelease Ign:3 http://security.ubuntu.com/ubuntu jammy-security InRelease Ign:4 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease Ign:5 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease Ign:6 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease Err:1 https://ppa.launchpadcontent.net/ondrej/php/ubuntu jammy InRelease Cannot initiate the connection to ppa.launchpadcontent.net:443 (2620:2d:4000:1::81). - connect (101: Network is unreachable) Could not connect to ppa.launchpadcontent.net:443 (185.125.190.80), connection timed out Err:2 https://packages-dev.wazuh.com/pre-release/apt unstable InRelease Cannot initiate the connection to packages-dev.wazuh.com:443 (2600:9000:2199:7a00:14:ca3a:45c0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to packages-dev.wazuh.com:443 (2600:9000:2199:200:14:ca3a:45c0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to packages-dev.wazuh.com:443 (2600:9000:2199:4a00:14:ca3a:45c0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to packages-dev.wazuh.com:443 (2600:9000:2199:4c00:14:ca3a:45c0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to packages-dev.wazuh.com:443 (2600:9000:2199:1800:14:ca3a:45c0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to packages-dev.wazuh.com:443 (2600:9000:2199:4200:14:ca3a:45c0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to packages-dev.wazuh.com:443 (2600:9000:2199:2000:14:ca3a:45c0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to packages-dev.wazuh.com:443 (2600:9000:2199:1400:14:ca3a:45c0:93a1). - connect (101: Network is unreachable) Could not connect to packages-dev.wazuh.com:443 (99.84.208.121), connection timed out Could not connect to packages-dev.wazuh.com:443 (99.84.208.124), connection timed out Could not connect to packages-dev.wazuh.com:443 (99.84.208.61), connection timed out Could not connect to packages-dev.wazuh.com:443 (99.84.208.42), connection timed out Err:3 http://security.ubuntu.com/ubuntu jammy-security InRelease Cannot initiate the connection to security.ubuntu.com:80 (2620:2d:4000:1::19). - connect (101: Network is unreachable) Cannot initiate the connection to security.ubuntu.com:80 (2620:2d:4000:1::16). - connect (101: Network is unreachable) Cannot initiate the connection to security.ubuntu.com:80 (2620:2d:4002:1::102). - connect (101: Network is unreachable) Cannot initiate the connection to security.ubuntu.com:80 (2620:2d:4002:1::103). - connect (101: Network is unreachable) Cannot initiate the connection to security.ubuntu.com:80 (2620:2d:4002:1::101). - connect (101: Network is unreachable) Could not connect to security.ubuntu.com:80 (91.189.91.83), connection timed out Could not connect to security.ubuntu.com:80 (91.189.91.81), connection timed out Could not connect to security.ubuntu.com:80 (185.125.190.39), connection timed out Could not connect to security.ubuntu.com:80 (185.125.190.36), connection timed out Could not connect to security.ubuntu.com:80 (91.189.91.82), connection timed out Err:4 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c05:17c8:ad29:43bf:eb48). - connect (101: Network is unreachable) Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c04:b8fe:122c:bb55:6b84). - connect (101: Network is unreachable) Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c00:e093:e2e5:23b4:529f). - connect (101: Network is unreachable) Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c00:7447:9a97:fa56:cd92). - connect (101: Network is unreachable) Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c01:ed0c:fdfa:1470:afc0). - connect (101: Network is unreachable) Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c03:edb9:571f:f204:4ac8). - connect (101: Network is unreachable) Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c01:32a9:41b2:cfa3:904a). - connect (101: Network is unreachable) Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c02:7669:c120:50a2:9af4). - connect (101: Network is unreachable) Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c02:b55:260f:8030:b812). - connect (101: Network is unreachable) Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c00:2637:a32b:ccef:30d5). - connect (101: Network is unreachable) Could not connect to us-east-1.ec2.archive.ubuntu.com:80 (34.237.137.22), connection timed out Could not connect to us-east-1.ec2.archive.ubuntu.com:80 (52.91.65.63), connection timed out Could not connect to us-east-1.ec2.archive.ubuntu.com:80 (34.201.250.36), connection timed out Could not connect to us-east-1.ec2.archive.ubuntu.com:80 (54.87.19.168), connection timed out Could not connect to us-east-1.ec2.archive.ubuntu.com:80 (52.207.133.243), connection timed out Could not connect to us-east-1.ec2.archive.ubuntu.com:80 (3.209.10.109), connection timed out Could not connect to us-east-1.ec2.archive.ubuntu.com:80 (3.87.126.146), connection timed out Could not connect to us-east-1.ec2.archive.ubuntu.com:80 (54.165.17.230), connection timed out Could not connect to us-east-1.ec2.archive.ubuntu.com:80 (18.232.150.247), connection timed out Could not connect to us-east-1.ec2.archive.ubuntu.com:80 (54.144.148.213), connection timed out Err:5 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c05:17c8:ad29:43bf:eb48). - connect (101: Network is unreachable) Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c04:b8fe:122c:bb55:6b84). - connect (101: Network is unreachable) Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c00:e093:e2e5:23b4:529f). - connect (101: Network is unreachable) Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c00:7447:9a97:fa56:cd92). - connect (101: Network is unreachable) Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c01:ed0c:fdfa:1470:afc0). - connect (101: Network is unreachable) Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c03:edb9:571f:f204:4ac8). - connect (101: Network is unreachable) Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c01:32a9:41b2:cfa3:904a). - connect (101: Network is unreachable) Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c02:7669:c120:50a2:9af4). - connect (101: Network is unreachable) Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c02:b55:260f:8030:b812). - connect (101: Network is unreachable) Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c00:2637:a32b:ccef:30d5). - connect (101: Network is unreachable) Err:6 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c05:17c8:ad29:43bf:eb48). - connect (101: Network is unreachable) Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c04:b8fe:122c:bb55:6b84). - connect (101: Network is unreachable) Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c00:e093:e2e5:23b4:529f). - connect (101: Network is unreachable) Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c00:7447:9a97:fa56:cd92). - connect (101: Network is unreachable) Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c01:ed0c:fdfa:1470:afc0). - connect (101: Network is unreachable) Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c03:edb9:571f:f204:4ac8). - connect (101: Network is unreachable) Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c01:32a9:41b2:cfa3:904a). - connect (101: Network is unreachable) Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c02:7669:c120:50a2:9af4). - connect (101: Network is unreachable) Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c02:b55:260f:8030:b812). - connect (101: Network is unreachable) Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c00:2637:a32b:ccef:30d5). - connect (101: Network is unreachable) Reading package lists... W: Failed to fetch http://us-east-1.ec2.archive.ubuntu.com/ubuntu/dists/jammy/InRelease Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c05:17c8:ad29:43bf:eb48). - connect (101: Network is unreachable) Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c04:b8fe:122c:bb55:6b84). - connect (101: Network is unreachable) Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c00:e093:e2e5:23b4:529f). - connect (101: Network is unreachable) Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c00:7447:9a97:fa56:cd92). - connect (101: Network is unreachable) Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c01:ed0c:fdfa:1470:afc0). - connect (101: Network is unreachable) Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c03:edb9:571f:f204:4ac8). - connect (101: Network is unreachable) Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c01:32a9:41b2:cfa3:904a). - connect (101: Network is unreachable) Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c02:7669:c120:50a2:9af4). - connect (101: Network is unreachable) Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c02:b55:260f:8030:b812). - connect (101: Network is unreachable) Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c00:2637:a32b:ccef:30d5). - connect (101: Network is unreachable) Could not connect to us-east-1.ec2.archive.ubuntu.com:80 (34.237.137.22), connection timed out Could not connect to us-east-1.ec2.archive.ubuntu.com:80 (52.91.65.63), connection timed out Could not connect to us-east-1.ec2.archive.ubuntu.com:80 (34.201.250.36), connection timed out Could not connect to us-east-1.ec2.archive.ubuntu.com:80 (54.87.19.168), connection timed out Could not connect to us-east-1.ec2.archive.ubuntu.com:80 (52.207.133.243), connection timed out Could not connect to us-east-1.ec2.archive.ubuntu.com:80 (3.209.10.109), connection timed out Could not connect to us-east-1.ec2.archive.ubuntu.com:80 (3.87.126.146), connection timed out Could not connect to us-east-1.ec2.archive.ubuntu.com:80 (54.165.17.230), connection timed out Could not connect to us-east-1.ec2.archive.ubuntu.com:80 (18.232.150.247), connection timed out Could not connect to us-east-1.ec2.archive.ubuntu.com:80 (54.144.148.213), connection timed out W: Failed to fetch http://us-east-1.ec2.archive.ubuntu.com/ubuntu/dists/jammy-updates/InRelease Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c05:17c8:ad29:43bf:eb48). - connect (101: Network is unreachable) Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c04:b8fe:122c:bb55:6b84). - connect (101: Network is unreachable) Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c00:e093:e2e5:23b4:529f). - connect (101: Network is unreachable) Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c00:7447:9a97:fa56:cd92). - connect (101: Network is unreachable) Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c01:ed0c:fdfa:1470:afc0). - connect (101: Network is unreachable) Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c03:edb9:571f:f204:4ac8). - connect (101: Network is unreachable) Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c01:32a9:41b2:cfa3:904a). - connect (101: Network is unreachable) Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c02:7669:c120:50a2:9af4). - connect (101: Network is unreachable) Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c02:b55:260f:8030:b812). - connect (101: Network is unreachable) Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c00:2637:a32b:ccef:30d5). - connect (101: Network is unreachable) W: Failed to fetch http://us-east-1.ec2.archive.ubuntu.com/ubuntu/dists/jammy-backports/InRelease Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c05:17c8:ad29:43bf:eb48). - connect (101: Network is unreachable) Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c04:b8fe:122c:bb55:6b84). - connect (101: Network is unreachable) Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c00:e093:e2e5:23b4:529f). - connect (101: Network is unreachable) Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c00:7447:9a97:fa56:cd92). - connect (101: Network is unreachable) Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c01:ed0c:fdfa:1470:afc0). - connect (101: Network is unreachable) Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c03:edb9:571f:f204:4ac8). - connect (101: Network is unreachable) Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c01:32a9:41b2:cfa3:904a). - connect (101: Network is unreachable) Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c02:7669:c120:50a2:9af4). - connect (101: Network is unreachable) Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c02:b55:260f:8030:b812). - connect (101: Network is unreachable) Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c00:2637:a32b:ccef:30d5). - connect (101: Network is unreachable) W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/jammy-security/InRelease Cannot initiate the connection to security.ubuntu.com:80 (2620:2d:4000:1::19). - connect (101: Network is unreachable) Cannot initiate the connection to security.ubuntu.com:80 (2620:2d:4000:1::16). - connect (101: Network is unreachable) Cannot initiate the connection to security.ubuntu.com:80 (2620:2d:4002:1::102). - connect (101: Network is unreachable) Cannot initiate the connection to security.ubuntu.com:80 (2620:2d:4002:1::103). - connect (101: Network is unreachable) Cannot initiate the connection to security.ubuntu.com:80 (2620:2d:4002:1::101). - connect (101: Network is unreachable) Could not connect to security.ubuntu.com:80 (91.189.91.83), connection timed out Could not connect to security.ubuntu.com:80 (91.189.91.81), connection timed out Could not connect to security.ubuntu.com:80 (185.125.190.39), connection timed out Could not connect to security.ubuntu.com:80 (185.125.190.36), connection timed out Could not connect to security.ubuntu.com:80 (91.189.91.82), connection timed out W: Failed to fetch https://ppa.launchpadcontent.net/ondrej/php/ubuntu/dists/jammy/InRelease Cannot initiate the connection to ppa.launchpadcontent.net:443 (2620:2d:4000:1::81). - connect (101: Network is unreachable) Could not connect to ppa.launchpadcontent.net:443 (185.125.190.80), connection timed out W: Failed to fetch https://packages-dev.wazuh.com/pre-release/apt/dists/unstable/InRelease Cannot initiate the connection to packages-dev.wazuh.com:443 (2600:9000:2199:7a00:14:ca3a:45c0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to packages-dev.wazuh.com:443 (2600:9000:2199:200:14:ca3a:45c0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to packages-dev.wazuh.com:443 (2600:9000:2199:4a00:14:ca3a:45c0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to packages-dev.wazuh.com:443 (2600:9000:2199:4c00:14:ca3a:45c0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to packages-dev.wazuh.com:443 (2600:9000:2199:1800:14:ca3a:45c0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to packages-dev.wazuh.com:443 (2600:9000:2199:4200:14:ca3a:45c0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to packages-dev.wazuh.com:443 (2600:9000:2199:2000:14:ca3a:45c0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to packages-dev.wazuh.com:443 (2600:9000:2199:1400:14:ca3a:45c0:93a1). - connect (101: Network is unreachable) Could not connect to packages-dev.wazuh.com:443 (99.84.208.121), connection timed out Could not connect to packages-dev.wazuh.com:443 (99.84.208.124), connection timed out Could not connect to packages-dev.wazuh.com:443 (99.84.208.61), connection timed out Could not connect to packages-dev.wazuh.com:443 (99.84.208.42), connection timed out W: Some index files failed to download. They have been ignored, or old ones used instead. 13/12/2023 18:02:24 INFO: Wazuh development repository added. 13/12/2023 18:02:24 INFO: --- Configuration files --- 13/12/2023 18:02:25 INFO: Generating configuration files. 13/12/2023 18:02:25 DEBUG: Creating Wazuh certificates. 13/12/2023 18:02:25 DEBUG: Reading configuration file. 13/12/2023 18:02:25 DEBUG: Creating the root certificate. .......+...+.+.....+.+.....+.......+........+..................+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+....+.....+......+...+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*...+......+.....+....+......+........+..........+..+...+.+..................+..+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ..+......+.+..+...+...+.......+...+..+...+....+..........................+..........+.....+......+.+.........+..............+....+........+.........+......+...+....+.....+.......+........+.+..+.......+............+......+........+.+......+..+...+.......+...+.........+.....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*......+......+..+.............+..+...+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*...........+.........+.+..................+...+..+...+...................+......+...+...........+....+............+..+.+.....+.........+..........+..+.........+.......+..+.....................+.+......+........+...............+.+......+...+.....+....+.....+.......+..............+.........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ----- 13/12/2023 18:02:25 DEBUG: Generating Admin certificates. Certificate request self-signature ok subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = admin 13/12/2023 18:02:26 DEBUG: Generating Wazuh indexer certificates. 13/12/2023 18:02:26 DEBUG: Creating the Wazuh indexer certificates. 13/12/2023 18:02:26 DEBUG: Generating certificate configuration. Ignoring -days without -x509; not generating a certificate ...+......+.......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+...+......+.+...+.....+.+.....+.......+.........+........+...+...+.+...+.....+..........+..+.+...+..+.......+..+.+.....+....+........+.+.....+.+...............+...+............+......+...+..+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.......+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ....+..+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*......+...+......+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+.+...........+.........+.+......+..+.......+......+........+.........+...............+.......+...........+............+..........+.....+.......+......+........+.+........+.+.....+......+..................+...+.........+.+...+..+.......+..+...+.+......+........+.......+......+..+...+...+.+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ----- Certificate request self-signature ok subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-indexer 13/12/2023 18:02:26 DEBUG: Generating Filebeat certificates. 13/12/2023 18:02:26 DEBUG: Creating the Wazuh server certificates. 13/12/2023 18:02:26 DEBUG: Generating certificate configuration. Ignoring -days without -x509; not generating a certificate ..+.......+........+......+...+.+..+...............+...............+...+......+..........+........+.+............+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*......+.....+...+....+......+..+..........+...+.........+.....+......................+.....+.+........+.+........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+............+...+...........+..........+...+.....+.....................+....+..+.+..+...+.......+............+...+...........+....+..+.+...+......+...........+...+............+.........+.+..............+...+............+....+......+.........+.....+.+.....+....+.....+.+......+........+...............+.......+............+..+..........+...+..+..........+...+.....+.+..+...+.........+.+.....+.......+..+.+.....+.......+.........+...+..+..................+.+..+.......+...........+............+....+...+...+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ .......+...........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ----- Certificate request self-signature ok subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-server 13/12/2023 18:02:26 DEBUG: Generating Wazuh dashboard certificates. 13/12/2023 18:02:26 DEBUG: Creating the Wazuh dashboard certificates. 13/12/2023 18:02:26 DEBUG: Generating certificate configuration. Ignoring -days without -x509; not generating a certificate .......+...+.....+.+....................+.+...+.....+.......+..+......+......+.+............+..+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*....+.+........+.+..+...+......+...+.......+......+.....+.......+..+....+..+.........+....+..+....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.......+.+.....+...+.......+..+.......+.....+....+.....+......+...+..........+......+.........+...+.....+....+.........+.....+............+...+.......+.....+....+...+..+....+.........+..+..........+...+.......................+..........+..................+............+.........+...+..+.+.....+.......+.....+...+.......+.....+......+.......+............+.....+.+.....+.........+.+......+.....................+..............+...+.......+.....+......+............+.+..+...+...............+.........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ .+...+......+...+......+.......+..+.......+......+..+...+...+....+...+........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+.........+......+.....+....+...+.................+.+..+...+.+....................+......+.........+....+......+........+...+...+.......+.........+...+...+...+............+..+..........+..+.+.........+..............+................+.....+...+.+.....+.......+...+..+.......+.....+.......+.........+.....+.+........+......+.+...+...+.....+...+....+............+........+.+...............+..+.......+..+...+.+.....+......+.+..+.......+......+..................+..+...............+.........+...+......+.........+.+...........+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ----- Certificate request self-signature ok subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-dashboard 13/12/2023 18:02:27 DEBUG: Cleaning certificate files. 13/12/2023 18:02:27 DEBUG: Generating password file. 13/12/2023 18:02:27 DEBUG: Generating random passwords. 13/12/2023 18:02:27 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation. 13/12/2023 18:02:27 DEBUG: Extracting Wazuh configuration. 13/12/2023 18:02:27 DEBUG: Reading configuration file. 13/12/2023 18:02:28 INFO: --- Wazuh indexer --- 13/12/2023 18:02:28 INFO: Starting Wazuh indexer installation. Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: wazuh-indexer 0 upgraded, 1 newly installed, 0 to remove and 84 not upgraded. Need to get 0 B/752 MB of archives. After this operation, 1050 MB of additional disk space will be used. Selecting previously unselected package wazuh-(Reading database ... 151751 files and directories Preparing to unpack .../wazuh-indexer_4.8.0-1_amd6 Created opensearch keystore in /etc/wazuh-indexer/ Processing triggers for libc-bin (2.35-0ubuntu3.5) NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 6.2.0-1017-aws NEEDRESTART-KEXP: 6.2.0-1017-aws NEEDRESTART-KSTA: 1 13/12/2023 18:04:00 DEBUG: Checking Wazuh installation. 13/12/2023 18:04:01 DEBUG: There are Wazuh indexer remaining files. 13/12/2023 18:04:02 INFO: Wazuh indexer installation finished. 13/12/2023 18:04:02 DEBUG: Configuring Wazuh indexer. 13/12/2023 18:04:02 DEBUG: Copying Wazuh indexer certificates. 13/12/2023 18:04:02 INFO: Wazuh indexer post-install configuration finished. 13/12/2023 18:04:02 INFO: Starting service wazuh-indexer. Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service → /lib/systemd/system/wazuh-indexer.service. 13/12/2023 18:04:36 INFO: wazuh-indexer service started. 13/12/2023 18:04:36 INFO: Initializing Wazuh indexer cluster security settings. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to 127.0.0.1:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.10.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: GREEN Number of nodes: 1 Number of data nodes: 1 .opendistro_security index does not exists, attempt to create it ... done (0-all replicas) Populate config from /etc/wazuh-indexer/opensearch-security/ Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml SUCC: Configuration for 'config' created or updated Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml SUCC: Configuration for 'roles' created or updated Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml SUCC: Configuration for 'rolesmapping' created or updated Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml SUCC: Configuration for 'internalusers' created or updated Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml SUCC: Configuration for 'actiongroups' created or updated Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml SUCC: Configuration for 'tenants' created or updated Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml SUCC: Configuration for 'nodesdn' created or updated Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml SUCC: Configuration for 'whitelist' created or updated Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml SUCC: Configuration for 'audit' created or updated Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml SUCC: Configuration for 'allowlist' created or updated SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null Done with success Will create index templates to configure the alias SUCC: 'wazuh-alerts' template created or updated SUCC: 'wazuh-archives' template created or updated Will create the 'rollover_policy' policy SUCC: 'rollover_policy' policy created Will create initial indices for the aliases SUCC: 'wazuh-alerts' write index created SUCC: 'wazuh-archives' write index created SUCC: Indexer ISM initialization finished successfully. 13/12/2023 18:04:49 INFO: The Wazuh indexer cluster ISM initialized. 13/12/2023 18:04:49 INFO: Wazuh indexer cluster initialized. 13/12/2023 18:04:49 INFO: --- Wazuh server --- 13/12/2023 18:04:49 INFO: Starting the Wazuh manager installation. Reading package lists... Building dependency tree... Reading state information... Suggested packages: expect The following NEW packages will be installed: wazuh-manager 0 upgraded, 1 newly installed, 0 to remove and 84 not upgraded. Need to get 0 B/117 MB of archives. After this operation, 702 MB of additional NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 6.2.0-1017-aws NEEDRESTART-KEXP: 6.2.0-1017-aws NEEDRESTART-KSTA: 1 13/12/2023 18:06:56 DEBUG: Checking Wazuh installation. 13/12/2023 18:06:57 DEBUG: There are Wazuh remaining files. 13/12/2023 18:06:58 DEBUG: There are Wazuh indexer remaining files. 13/12/2023 18:06:59 INFO: Wazuh manager installation finished. 13/12/2023 18:06:59 INFO: Starting service wazuh-manager. Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-manager.service → /lib/systemd/system/wazuh-manager.service. 13/12/2023 18:07:25 INFO: wazuh-manager service started. 13/12/2023 18:07:25 INFO: Starting Filebeat installation. Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: filebeat 0 upgraded, 1 newly installed, 0 to remove and 84 not upgraded. Need to get 0 B/22.1 MB of archives. After this operation, 73.6 MB of additional disk space will be used. Selec NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 6.2.0-1017-aws NEEDRESTART-KEXP: 6.2.0-1017-aws NEEDRESTART-KSTA: 1 13/12/2023 18:07:40 DEBUG: Checking Wazuh installation. 13/12/2023 18:07:41 DEBUG: There are Wazuh remaining files. 13/12/2023 18:07:42 DEBUG: There are Wazuh indexer remaining files. 13/12/2023 18:07:42 DEBUG: There are Filebeat remaining files. 13/12/2023 18:07:43 INFO: Filebeat installation finished. 13/12/2023 18:07:43 DEBUG: Configuring Filebeat. wazuh/ wazuh/archives/ wazuh/archives/ingest/ wazuh/archives/ingest/pipeline.json wazuh/archives/config/ wazuh/archives/config/archives.yml wazuh/archives/manifest.yml wazuh/_meta/ wazuh/_meta/config.yml wazuh/_meta/docs.asciidoc wazuh/_meta/fields.yml wazuh/alerts/ wazuh/alerts/ingest/ wazuh/alerts/ingest/pipeline.json wazuh/alerts/config/ wazuh/alerts/config/alerts.yml wazuh/alerts/manifest.yml wazuh/module.yml 13/12/2023 18:07:43 DEBUG: Copying Filebeat certificates. Created filebeat keystore Successfully updated the keystore Successfully updated the keystore 13/12/2023 18:07:44 INFO: Filebeat post-install configuration finished. 13/12/2023 18:07:44 INFO: Starting service filebeat. Synchronizing state of filebeat.service with SysV service script with /lib/systemd/systemd-sysv-install. Executing: /lib/systemd/systemd-sysv-install enable filebeat Created symlink /etc/systemd/system/multi-user.target.wants/filebeat.service → /lib/systemd/system/filebeat.service. 13/12/2023 18:07:46 INFO: filebeat service started. 13/12/2023 18:07:46 INFO: --- Wazuh dashboard --- 13/12/2023 18:07:46 INFO: Starting Wazuh dashboard installation. Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: wazuh-dashboard 0 upgraded, 1 newly installed, 0 to remove and 84 not upgraded. Need to get 0 B/186 MB of archives. After this operation, 987 MB of additional disk space will be used. NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 6.2.0-1017-aws NEEDRESTART-KEXP: 6.2.0-1017-aws NEEDRESTART-KSTA: 1 13/12/2023 18:09:06 DEBUG: Checking Wazuh installation. 13/12/2023 18:09:07 DEBUG: There are Wazuh remaining files. 13/12/2023 18:09:07 DEBUG: There are Wazuh indexer remaining files. 13/12/2023 18:09:08 DEBUG: There are Filebeat remaining files. 13/12/2023 18:09:09 DEBUG: There are Wazuh dashboard remaining files. 13/12/2023 18:09:09 INFO: Wazuh dashboard installation finished. 13/12/2023 18:09:09 DEBUG: Configuring Wazuh dashboard. 13/12/2023 18:09:09 DEBUG: Copying Wazuh dashboard certificates. 13/12/2023 18:09:09 DEBUG: Wazuh dashboard certificate setup finished. 13/12/2023 18:09:09 INFO: Wazuh dashboard post-install configuration finished. 13/12/2023 18:09:09 INFO: Starting service wazuh-dashboard. Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service → /etc/systemd/system/wazuh-dashboard.service. 13/12/2023 18:09:10 INFO: wazuh-dashboard service started. 13/12/2023 18:09:10 DEBUG: Setting Wazuh indexer cluster passwords. 13/12/2023 18:09:10 DEBUG: Checking Wazuh installation. 13/12/2023 18:09:11 DEBUG: There are Wazuh remaining files. 13/12/2023 18:09:12 DEBUG: There are Wazuh indexer remaining files. 13/12/2023 18:09:12 DEBUG: There are Filebeat remaining files. 13/12/2023 18:09:13 DEBUG: There are Wazuh dashboard remaining files. 13/12/2023 18:09:13 INFO: Updating the internal users. 13/12/2023 18:09:13 DEBUG: Creating password backup. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to localhost:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.10.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: YELLOW Number of nodes: 1 Number of data nodes: 1 .opendistro_security index already exists, so we do not need to create one. Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml 13/12/2023 18:09:23 DEBUG: Password backup created in /etc/wazuh-indexer/backup. 13/12/2023 18:09:23 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder. 13/12/2023 18:09:23 DEBUG: The internal users have been updated before changing the passwords. 13/12/2023 18:09:27 DEBUG: Generating password hashes. 13/12/2023 18:09:39 DEBUG: Password hashes generated. 13/12/2023 18:09:39 DEBUG: Creating password backup. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to localhost:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.10.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: YELLOW Number of nodes: 1 Number of data nodes: 1 .opendistro_security index already exists, so we do not need to create one. Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml 13/12/2023 18:09:45 DEBUG: Password backup created in /etc/wazuh-indexer/backup. Successfully updated the keystore 13/12/2023 18:09:46 DEBUG: Restarting filebeat service... 13/12/2023 18:09:47 DEBUG: filebeat started. 13/12/2023 18:09:49 DEBUG: Restarting wazuh-dashboard service... 13/12/2023 18:09:49 DEBUG: wazuh-dashboard started. 13/12/2023 18:09:49 DEBUG: Running security admin tool. 13/12/2023 18:09:49 DEBUG: Loading new passwords changes. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to localhost:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.10.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: YELLOW Number of nodes: 1 Number of data nodes: 1 .opendistro_security index already exists, so we do not need to create one. Populate config from /home/ubuntu Force type: internalusers Will update '/internalusers' with /etc/wazuh-indexer/backup/internal_users.yml SUCC: Configuration for 'internalusers' created or updated SUCC: Expected 1 config types for node {"updated_config_types":["internalusers"],"updated_config_size":1,"message":null} is 1 (["internalusers"]) due to: null Done with success 13/12/2023 18:09:56 DEBUG: Passwords changed. 13/12/2023 18:09:56 DEBUG: Changing API passwords. 13/12/2023 18:10:04 INFO: Initializing Wazuh dashboard web application. 13/12/2023 18:10:04 INFO: Wazuh dashboard web application not yet initialized. Waiting... 13/12/2023 18:10:21 INFO: Wazuh dashboard web application not yet initialized. Waiting... 13/12/2023 18:10:36 INFO: Wazuh dashboard web application initialized. 13/12/2023 18:10:36 INFO: --- Summary --- 13/12/2023 18:10:36 INFO: You can access the web interface https://:443 User: admin Password: QEof+FUC.XNOAq?ZZWarQhIhQ0uPtrj6 13/12/2023 18:10:36 DEBUG: Restoring Wazuh repository. 13/12/2023 18:10:36 INFO: Installation finished. ```

:green_circle: AIO offline (no internet) in CentOS 8

```console [root@ip-172-31-36-173 centos]# bash wazuh-install.sh -a -of -v -i 14/12/2023 10:29:51 DEBUG: Checking root permissions. 14/12/2023 10:29:51 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0 14/12/2023 10:29:51 INFO: Verbose logging redirected to /var/log/wazuh-install.log 14/12/2023 10:29:51 DEBUG: YUM package manager will be used. 14/12/2023 10:29:51 INFO: Checking installed dependencies for Offline installation. 14/12/2023 10:29:54 DEBUG: Offline dependencies are installed. 14/12/2023 10:29:54 DEBUG: Checking system distribution. 14/12/2023 10:29:54 DEBUG: Detected distribution name: centos 14/12/2023 10:29:54 DEBUG: Detected distribution version: 8 14/12/2023 10:29:54 DEBUG: Checking Wazuh installation. 14/12/2023 10:29:57 DEBUG: Checking system architecture. 14/12/2023 10:29:57 WARNING: Hardware and system checks ignored. 14/12/2023 10:29:57 INFO: Wazuh web interface port will be 443. 14/12/2023 10:29:57 DEBUG: Checking ports availability. 14/12/2023 10:29:59 INFO: Checking wazuh-offline.tar.gz file. 14/12/2023 10:29:59 DEBUG: wazuh-offline.tar.gz was found correctly. 14/12/2023 10:29:59 DEBUG: Extracting files from wazuh-offline.tar.gz 14/12/2023 10:29:59 ERROR: Missing necessary offline file: /home/centos/wazuh-offline/wazuh-files/filebeat.yml [root@ip-172-31-36-173 centos]# tree bash: tree: command not found [root@ip-172-31-36-173 centos]# ls wazuh-offline/wazuh-packages/ filebeat-oss-7.10.2-x86_64.rpm wazuh-dashboard-4.8.0-1.x86_64.rpm wazuh-indexer-4.8.0-1.x86_64.rpm wazuh-manager-4.8.0-1.x86_64.rpm [root@ip-172-31-36-173 centos]# ls wazuh-offline/wazuh-packages/ filebeat-oss-7.10.2-x86_64.rpm wazuh-dashboard-4.8.0-1.x86_64.rpm wazuh-indexer-4.8.0-1.x86_64.rpm wazuh-manager-4.8.0-1.x86_64.rpm [root@ip-172-31-36-173 centos]# ls wazuh-offline/wazuh-packages/^C [root@ip-172-31-36-173 centos]# rm -rf wazuh-offline [root@ip-172-31-36-173 centos]# tar -xvf wazuh-offline.tar.gz wazuh-offline/ wazuh-offline/wazuh-packages/ wazuh-offline/wazuh-packages/wazuh-manager-4.8.0-1.x86_64.rpm wazuh-offline/wazuh-packages/filebeat-oss-7.10.2-x86_64.rpm wazuh-offline/wazuh-packages/wazuh-indexer-4.8.0-1.x86_64.rpm wazuh-offline/wazuh-packages/wazuh-dashboard-4.8.0-1.x86_64.rpm wazuh-offline/wazuh-files/ wazuh-offline/wazuh-files/GPG-KEY-WAZUH wazuh-offline/wazuh-files/filebeat.yml wazuh-offline/wazuh-files/wazuh-template.json wazuh-offline/wazuh-files/wazuh-filebeat-0.3.tar.gz [root@ip-172-31-36-173 centos]# bash wazuh-install.sh -a -of -v -i 14/12/2023 10:31:24 DEBUG: Checking root permissions. 14/12/2023 10:31:24 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0 14/12/2023 10:31:24 INFO: Verbose logging redirected to /var/log/wazuh-install.log 14/12/2023 10:31:24 DEBUG: YUM package manager will be used. 14/12/2023 10:31:24 INFO: Checking installed dependencies for Offline installation. 14/12/2023 10:31:28 DEBUG: Offline dependencies are installed. 14/12/2023 10:31:28 DEBUG: Checking system distribution. 14/12/2023 10:31:28 DEBUG: Detected distribution name: centos 14/12/2023 10:31:28 DEBUG: Detected distribution version: 8 14/12/2023 10:31:28 DEBUG: Checking Wazuh installation. 14/12/2023 10:31:31 DEBUG: Checking system architecture. 14/12/2023 10:31:31 WARNING: Hardware and system checks ignored. 14/12/2023 10:31:31 INFO: Wazuh web interface port will be 443. 14/12/2023 10:31:31 DEBUG: Checking ports availability. 14/12/2023 10:31:34 INFO: Checking wazuh-offline.tar.gz file. 14/12/2023 10:31:34 DEBUG: wazuh-offline.tar.gz was found correctly. 14/12/2023 10:31:34 DEBUG: Extracting files from wazuh-offline.tar.gz 14/12/2023 10:31:34 DEBUG: Offline files extracted successfully. 14/12/2023 10:31:34 DEBUG: Checking curl tool version. 14/12/2023 10:31:34 DEBUG: Adding the Wazuh repository. [wazuh] gpgcheck=1 gpgkey=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH enabled=1 name=EL-${releasever} - Wazuh baseurl=https://packages-dev.wazuh.com/pre-release/yum/ protect=1 14/12/2023 10:31:34 INFO: Wazuh development repository added. 14/12/2023 10:31:34 INFO: --- Configuration files --- 14/12/2023 10:31:34 INFO: Generating configuration files. 14/12/2023 10:31:34 DEBUG: Creating Wazuh certificates. 14/12/2023 10:31:34 DEBUG: Reading configuration file. 14/12/2023 10:31:34 DEBUG: Creating the root certificate. Generating a RSA private key ....+++++ ..........................+++++ writing new private key to '/tmp/wazuh-certificates//root-ca.key' ----- 14/12/2023 10:31:34 DEBUG: Generating Admin certificates. Generating RSA private key, 2048 bit long modulus (2 primes) ................................................................................+++++ .....................+++++ e is 65537 (0x010001) Signature ok subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = admin Getting CA Private Key 14/12/2023 10:31:34 DEBUG: Generating Wazuh indexer certificates. 14/12/2023 10:31:34 DEBUG: Creating the Wazuh indexer certificates. 14/12/2023 10:31:34 DEBUG: Generating certificate configuration. Ignoring -days; not generating a certificate Generating a RSA private key .............................+++++ ................................+++++ writing new private key to '/tmp/wazuh-certificates//wazuh-indexer-key.pem' ----- Signature ok subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-indexer Getting CA Private Key 14/12/2023 10:31:35 DEBUG: Generating Filebeat certificates. 14/12/2023 10:31:35 DEBUG: Creating the Wazuh server certificates. 14/12/2023 10:31:35 DEBUG: Generating certificate configuration. Ignoring -days; not generating a certificate Generating a RSA private key ........................................+++++ ....................................................+++++ writing new private key to '/tmp/wazuh-certificates//wazuh-server-key.pem' ----- Signature ok subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-server Getting CA Private Key 14/12/2023 10:31:35 DEBUG: Generating Wazuh dashboard certificates. 14/12/2023 10:31:35 DEBUG: Creating the Wazuh dashboard certificates. 14/12/2023 10:31:35 DEBUG: Generating certificate configuration. Ignoring -days; not generating a certificate Generating a RSA private key ....................................................................+++++ ......+++++ writing new private key to '/tmp/wazuh-certificates//wazuh-dashboard-key.pem' ----- Signature ok subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-dashboard Getting CA Private Key 14/12/2023 10:31:35 DEBUG: Cleaning certificate files. 14/12/2023 10:31:35 DEBUG: Generating password file. 14/12/2023 10:31:35 DEBUG: Generating random passwords. 14/12/2023 10:31:35 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation. 14/12/2023 10:31:35 DEBUG: Extracting Wazuh configuration. 14/12/2023 10:31:35 DEBUG: Reading configuration file. 14/12/2023 10:31:36 INFO: --- Wazuh indexer --- 14/12/2023 10:31:36 INFO: Starting Wazuh indexer installation. Verifying... ######################################## Preparing... ######################################## Updating / installing... wazuh-indexer-4.8.0-1 ######################################## Created opensearch keystore in /etc/wazuh-indexer/opensearch.keystore 14/12/2023 10:32:51 DEBUG: Checking Wazuh installation. 14/12/2023 10:32:53 DEBUG: There are Wazuh indexer remaining files. 14/12/2023 10:32:55 INFO: Wazuh indexer installation finished. 14/12/2023 10:32:55 DEBUG: Configuring Wazuh indexer. 14/12/2023 10:32:55 DEBUG: Copying Wazuh indexer certificates. 14/12/2023 10:32:55 INFO: Wazuh indexer post-install configuration finished. 14/12/2023 10:32:55 INFO: Starting service wazuh-indexer. Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service → /usr/lib/systemd/system/wazuh-indexer.service. 14/12/2023 10:33:26 INFO: wazuh-indexer service started. 14/12/2023 10:33:26 INFO: Initializing Wazuh indexer cluster security settings. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to 127.0.0.1:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.10.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: GREEN Number of nodes: 1 Number of data nodes: 1 .opendistro_security index does not exists, attempt to create it ... done (0-all replicas) Populate config from /etc/wazuh-indexer/opensearch-security/ Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml SUCC: Configuration for 'config' created or updated Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml SUCC: Configuration for 'roles' created or updated Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml SUCC: Configuration for 'rolesmapping' created or updated Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml SUCC: Configuration for 'internalusers' created or updated Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml SUCC: Configuration for 'actiongroups' created or updated Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml SUCC: Configuration for 'tenants' created or updated Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml SUCC: Configuration for 'nodesdn' created or updated Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml SUCC: Configuration for 'whitelist' created or updated Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml SUCC: Configuration for 'audit' created or updated Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml SUCC: Configuration for 'allowlist' created or updated SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null Done with success Will create index templates to configure the alias SUCC: 'wazuh-alerts' template created or updated SUCC: 'wazuh-archives' template created or updated Will create the 'rollover_policy' policy SUCC: 'rollover_policy' policy created Will create initial indices for the aliases SUCC: 'wazuh-alerts' write index created SUCC: 'wazuh-archives' write index created SUCC: Indexer ISM initialization finished successfully. 14/12/2023 10:33:40 INFO: The Wazuh indexer cluster ISM initialized. 14/12/2023 10:33:40 INFO: Wazuh indexer cluster initialized. 14/12/2023 10:33:40 INFO: --- Wazuh server --- 14/12/2023 10:33:40 INFO: Starting the Wazuh manager installation. Verifying... ######################################## Preparing... ######################################## Updating / installing... wazuh-manager-4.8.0-1 ######################################## 14/12/2023 10:35:21 DEBUG: Checking Wazuh installation. 14/12/2023 10:35:22 DEBUG: There are Wazuh remaining files. 14/12/2023 10:35:23 DEBUG: There are Wazuh indexer remaining files. 14/12/2023 10:35:25 INFO: Wazuh manager installation finished. 14/12/2023 10:35:25 INFO: Starting service wazuh-manager. Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-manager.service → /usr/lib/systemd/system/wazuh-manager.service. 14/12/2023 10:35:43 INFO: wazuh-manager service started. 14/12/2023 10:35:43 INFO: Starting Filebeat installation. Verifying... ######################################## Preparing... ######################################## Updating / installing... filebeat-7.10.2-1 ######################################## 14/12/2023 10:35:45 DEBUG: Checking Wazuh installation. 14/12/2023 10:36:14 DEBUG: There are Wazuh remaining files. 14/12/2023 10:36:16 DEBUG: There are Wazuh indexer remaining files. 14/12/2023 10:36:17 DEBUG: There are Filebeat remaining files. 14/12/2023 10:36:18 INFO: Filebeat installation finished. 14/12/2023 10:36:18 DEBUG: Configuring Filebeat. wazuh/ wazuh/archives/ wazuh/archives/ingest/ wazuh/archives/ingest/pipeline.json wazuh/archives/config/ wazuh/archives/config/archives.yml wazuh/archives/manifest.yml wazuh/_meta/ wazuh/_meta/config.yml wazuh/_meta/docs.asciidoc wazuh/_meta/fields.yml wazuh/alerts/ wazuh/alerts/ingest/ wazuh/alerts/ingest/pipeline.json wazuh/alerts/config/ wazuh/alerts/config/alerts.yml wazuh/alerts/manifest.yml wazuh/module.yml 14/12/2023 10:36:18 DEBUG: Copying Filebeat certificates. Created filebeat keystore Successfully updated the keystore Successfully updated the keystore 14/12/2023 10:36:18 INFO: Filebeat post-install configuration finished. 14/12/2023 10:36:18 INFO: Starting service filebeat. Synchronizing state of filebeat.service with SysV service script with /usr/lib/systemd/systemd-sysv-install. Executing: /usr/lib/systemd/systemd-sysv-install enable filebeat Created symlink /etc/systemd/system/multi-user.target.wants/filebeat.service → /usr/lib/systemd/system/filebeat.service. 14/12/2023 10:36:19 INFO: filebeat service started. 14/12/2023 10:36:19 INFO: --- Wazuh dashboard --- 14/12/2023 10:36:19 INFO: Starting Wazuh dashboard installation. Verifying... ######################################## Preparing... ######################################## Updating / installing... wazuh-dashboard-4.8.0-1 ######################################## 14/12/2023 10:38:01 DEBUG: Checking Wazuh installation. 14/12/2023 10:38:03 DEBUG: There are Wazuh remaining files. 14/12/2023 10:38:03 DEBUG: There are Wazuh indexer remaining files. 14/12/2023 10:38:05 DEBUG: There are Filebeat remaining files. 14/12/2023 10:38:06 DEBUG: There are Wazuh dashboard remaining files. 14/12/2023 10:38:06 INFO: Wazuh dashboard installation finished. 14/12/2023 10:38:06 DEBUG: Configuring Wazuh dashboard. 14/12/2023 10:38:06 DEBUG: Copying Wazuh dashboard certificates. 14/12/2023 10:38:06 DEBUG: Wazuh dashboard certificate setup finished. 14/12/2023 10:38:06 INFO: Wazuh dashboard post-install configuration finished. 14/12/2023 10:38:06 INFO: Starting service wazuh-dashboard. Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service → /etc/systemd/system/wazuh-dashboard.service. 14/12/2023 10:38:06 INFO: wazuh-dashboard service started. 14/12/2023 10:38:06 DEBUG: Setting Wazuh indexer cluster passwords. 14/12/2023 10:38:06 DEBUG: Checking Wazuh installation. 14/12/2023 10:38:07 DEBUG: There are Wazuh remaining files. 14/12/2023 10:38:08 DEBUG: There are Wazuh indexer remaining files. 14/12/2023 10:38:10 DEBUG: There are Filebeat remaining files. 14/12/2023 10:38:11 DEBUG: There are Wazuh dashboard remaining files. 14/12/2023 10:38:11 INFO: Updating the internal users. 14/12/2023 10:38:11 DEBUG: Creating password backup. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to localhost:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.10.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: YELLOW Number of nodes: 1 Number of data nodes: 1 .opendistro_security index already exists, so we do not need to create one. Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml 14/12/2023 10:38:19 DEBUG: Password backup created in /etc/wazuh-indexer/backup. 14/12/2023 10:38:19 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder. 14/12/2023 10:38:19 DEBUG: The internal users have been updated before changing the passwords. 14/12/2023 10:38:20 DEBUG: Generating password hashes. 14/12/2023 10:38:31 DEBUG: Password hashes generated. 14/12/2023 10:38:31 DEBUG: Creating password backup. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to localhost:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.10.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: YELLOW Number of nodes: 1 Number of data nodes: 1 .opendistro_security index already exists, so we do not need to create one. Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml 14/12/2023 10:38:36 DEBUG: Password backup created in /etc/wazuh-indexer/backup. Successfully updated the keystore 14/12/2023 10:38:36 DEBUG: Restarting filebeat service... 14/12/2023 10:38:36 DEBUG: filebeat started. 14/12/2023 10:38:38 DEBUG: Restarting wazuh-dashboard service... 14/12/2023 10:38:38 DEBUG: wazuh-dashboard started. 14/12/2023 10:38:38 DEBUG: Running security admin tool. 14/12/2023 10:38:38 DEBUG: Loading new passwords changes. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to localhost:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.10.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: YELLOW Number of nodes: 1 Number of data nodes: 1 .opendistro_security index already exists, so we do not need to create one. Populate config from /home/centos Force type: internalusers Will update '/internalusers' with /etc/wazuh-indexer/backup/internal_users.yml SUCC: Configuration for 'internalusers' created or updated SUCC: Expected 1 config types for node {"updated_config_types":["internalusers"],"updated_config_size":1,"message":null} is 1 (["internalusers"]) due to: null Done with success 14/12/2023 10:38:43 DEBUG: Passwords changed. 14/12/2023 10:38:43 DEBUG: Changing API passwords. 14/12/2023 10:38:50 INFO: Initializing Wazuh dashboard web application. 14/12/2023 10:38:50 INFO: Wazuh dashboard web application not yet initialized. Waiting... 14/12/2023 10:39:07 INFO: Wazuh dashboard web application not yet initialized. Waiting... 14/12/2023 10:39:22 INFO: Wazuh dashboard web application initialized. 14/12/2023 10:39:22 INFO: --- Summary --- 14/12/2023 10:39:22 INFO: You can access the web interface https://:443 User: admin Password: mPYw0F7TlA?VNvvVX7EB03uWQ8oL.kdl 14/12/2023 10:39:22 DEBUG: Restoring Wazuh repository. 14/12/2023 10:39:22 INFO: Installation finished. [root@ip-172-31-36-173 centos]# ```

:green_circle: AIO offline (no internet) in RHEL9

```console [root@ip-172-31-36-51 ec2-user]# bash wazuh-install.sh -a -of -v -i 14/12/2023 10:36:38 DEBUG: Checking root permissions. 14/12/2023 10:36:38 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0 14/12/2023 10:36:38 INFO: Verbose logging redirected to /var/log/wazuh-install.log 14/12/2023 10:36:38 DEBUG: YUM package manager will be used. 14/12/2023 10:36:38 INFO: Checking installed dependencies for Offline installation. 14/12/2023 10:36:42 DEBUG: Offline dependencies are installed. 14/12/2023 10:36:42 DEBUG: Checking system distribution. 14/12/2023 10:36:42 DEBUG: Detected distribution name: rhel 14/12/2023 10:36:42 DEBUG: Detected distribution version: 9 14/12/2023 10:36:42 DEBUG: Checking Wazuh installation. 14/12/2023 10:36:47 DEBUG: Checking system architecture. 14/12/2023 10:36:47 WARNING: Hardware and system checks ignored. 14/12/2023 10:36:47 INFO: Wazuh web interface port will be 443. 14/12/2023 10:36:47 DEBUG: Checking ports availability. 14/12/2023 10:36:49 INFO: Checking wazuh-offline.tar.gz file. 14/12/2023 10:36:49 DEBUG: wazuh-offline.tar.gz was found correctly. 14/12/2023 10:36:49 DEBUG: Extracting files from wazuh-offline.tar.gz 14/12/2023 10:37:04 DEBUG: Offline files extracted successfully. 14/12/2023 10:37:04 DEBUG: Checking curl tool version. 14/12/2023 10:37:04 DEBUG: Adding the Wazuh repository. [wazuh] gpgcheck=1 gpgkey=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH enabled=1 name=EL-${releasever} - Wazuh baseurl=https://packages-dev.wazuh.com/pre-release/yum/ protect=1 14/12/2023 10:37:04 INFO: Wazuh development repository added. 14/12/2023 10:37:04 INFO: --- Configuration files --- 14/12/2023 10:37:04 INFO: Generating configuration files. 14/12/2023 10:37:04 DEBUG: Creating Wazuh certificates. 14/12/2023 10:37:04 DEBUG: Reading configuration file. 14/12/2023 10:37:04 DEBUG: Creating the root certificate. .....+...+.+............+.....+..........+...+.....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*...........+.....+.......+..+...+...+....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*......+....+...+..............+....+.....+......+.+.....+....+.....+.............+..+....+..+.........+...+...+....+......+........+....+......+............+..+..........+........+...+......+.+...+...............+......+.....+...+......+.+...........+....+........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ...+...+.....+.+........+.......+.....+.+..................+..+...............+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*...+.....+......+.+..+...+....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+...+........+....+........+.......+.....+.+..+...............+......+....+...+..+............+.........+.........+.+..+.......+.....+..........+...+.....+...+..........+.....+......+.+...............+..+..................+............+.......+.....+.........+.+...+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ----- 14/12/2023 10:37:05 DEBUG: Generating Admin certificates. Certificate request self-signature ok subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = admin 14/12/2023 10:37:05 DEBUG: Generating Wazuh indexer certificates. 14/12/2023 10:37:05 DEBUG: Creating the Wazuh indexer certificates. 14/12/2023 10:37:05 DEBUG: Generating certificate configuration. Ignoring -days without -x509; not generating a certificate .........+.....+..................+.+.....+.+............+........+....+...........+...+.+...+.....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.....+..........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*....+....+.....+......+.+.....+...+..........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*......+............+.....+....+...........+.+.....+.......+........+...+......+.+...+..+.........+.........+....+...........+....+..+.+..+.+............+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ----- Certificate request self-signature ok subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-indexer 14/12/2023 10:37:06 DEBUG: Generating Filebeat certificates. 14/12/2023 10:37:06 DEBUG: Creating the Wazuh server certificates. 14/12/2023 10:37:06 DEBUG: Generating certificate configuration. Ignoring -days without -x509; not generating a certificate ................+.+..+....+.....+..........+.........+.........+..+....+.....+...............+....+..+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*....+......+..+...+.........+.............+..+....+..............+...+....+...+...................................+...+...+.........+.....................+.......+...+..+.......+.....+.............+..+.+......+.....+.+..+...............+...+....+...+..+...+.......+.....+.+...+.....+....+.....+................+..+...+.........+......+....+...+...+.....+......+.+........+......+...................+..+...+.......+.....+..................+.........+.+..+....+...+..+....+.....+.........+...+..................+.+...........+.........+......+.......+..+...+...+...+..........+......+...+......+......+......+..+...+....+...+..+.+..+...+....+.......................+.+..+............+...+............+.+......+......+...+.....+...............+....+.....+................+.........+..+.+.....+.............+......+...............+...+.....+............+......+............+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ .+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*...+.+.....+....+.....+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+.................+...+...+......+.+..+.......+.........+...........+.+..+.+...........+.........+....+...........+.+.....+...+.......+.....+..........+...........+...+.......+.....+.........+....+.........+.....+..........+.....+......+....+.....+.+......+...........+....+......+..+...+.......+...........+....+..+.+..+...+...................+........+.+...........+...+............+.+...+..+.......+..+.+............+..+.+...+.........+..+...+............+......+....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ----- Certificate request self-signature ok subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-server 14/12/2023 10:37:07 DEBUG: Generating Wazuh dashboard certificates. 14/12/2023 10:37:07 DEBUG: Creating the Wazuh dashboard certificates. 14/12/2023 10:37:07 DEBUG: Generating certificate configuration. Ignoring -days without -x509; not generating a certificate .....+...+.........+...+....+.....+...+..........+.....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+.+.........+..+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+........+...............+.......+.....+...+......+....+.................+............+...+....+.........+......+........+.+......+.....+...+.+.................+....+.........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ..........+.+.........+........+...+....+...+......+.....+.........+.+............+...+..+.......+..+...+...+....+.........+..+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*....+...+.....+...................+...+.....+.+..+...+..........+.....+.+........+.+.....+.......+..+...+............+......+......+.............+..+.+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.....+......+.......................+....+..+....+.....+....+............+........+.+.....+.......+...+......+.........+.....+.+......+..+...+...+...............+......+....+.....+......+.............+.....+.+..+...............+....+........+.+.....+......+..........+......+..+............................+.................+..........+...+..+......+...............+.......+...+..+.......+..+...............+.........+......+.+...+..+.......+..+...+...+...+.+...+...........+......+.........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ----- Certificate request self-signature ok subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-dashboard 14/12/2023 10:37:07 DEBUG: Cleaning certificate files. 14/12/2023 10:37:07 DEBUG: Generating password file. 14/12/2023 10:37:07 DEBUG: Generating random passwords. 14/12/2023 10:37:07 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation. 14/12/2023 10:37:07 DEBUG: Extracting Wazuh configuration. 14/12/2023 10:37:07 DEBUG: Reading configuration file. 14/12/2023 10:37:08 INFO: --- Wazuh indexer --- 14/12/2023 10:37:08 INFO: Starting Wazuh indexer installation. Verifying... ######################################## Preparing... ######################################## Updating / installing... wazuh-indexer-4.8.0-1 ######################################## Created opensearch keystore in /etc/wazuh-indexer/opensearch.keystore 14/12/2023 10:38:34 DEBUG: Checking Wazuh installation. 14/12/2023 10:38:36 DEBUG: There are Wazuh indexer remaining files. 14/12/2023 10:38:38 INFO: Wazuh indexer installation finished. 14/12/2023 10:38:38 DEBUG: Configuring Wazuh indexer. 14/12/2023 10:38:38 DEBUG: Copying Wazuh indexer certificates. 14/12/2023 10:38:38 INFO: Wazuh indexer post-install configuration finished. 14/12/2023 10:38:38 INFO: Starting service wazuh-indexer. Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service → /usr/lib/systemd/system/wazuh-indexer.service. 14/12/2023 10:39:10 INFO: wazuh-indexer service started. 14/12/2023 10:39:10 INFO: Initializing Wazuh indexer cluster security settings. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to 127.0.0.1:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.10.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: GREEN Number of nodes: 1 Number of data nodes: 1 .opendistro_security index does not exists, attempt to create it ... done (0-all replicas) Populate config from /etc/wazuh-indexer/opensearch-security/ Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml SUCC: Configuration for 'config' created or updated Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml SUCC: Configuration for 'roles' created or updated Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml SUCC: Configuration for 'rolesmapping' created or updated Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml SUCC: Configuration for 'internalusers' created or updated Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml SUCC: Configuration for 'actiongroups' created or updated Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml SUCC: Configuration for 'tenants' created or updated Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml SUCC: Configuration for 'nodesdn' created or updated Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml SUCC: Configuration for 'whitelist' created or updated Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml SUCC: Configuration for 'audit' created or updated Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml SUCC: Configuration for 'allowlist' created or updated SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null Done with success Will create index templates to configure the alias SUCC: 'wazuh-alerts' template created or updated SUCC: 'wazuh-archives' template created or updated Will create the 'rollover_policy' policy SUCC: 'rollover_policy' policy created Will create initial indices for the aliases SUCC: 'wazuh-alerts' write index created SUCC: 'wazuh-archives' write index created SUCC: Indexer ISM initialization finished successfully. 14/12/2023 10:39:25 INFO: The Wazuh indexer cluster ISM initialized. 14/12/2023 10:39:25 INFO: Wazuh indexer cluster initialized. 14/12/2023 10:39:25 INFO: --- Wazuh server --- 14/12/2023 10:39:25 INFO: Starting the Wazuh manager installation. Verifying... ######################################## Preparing... ######################################## Updating / installing... wazuh-manager-4.8.0-1 ######################################## 14/12/2023 10:40:30 DEBUG: Checking Wazuh installation. 14/12/2023 10:40:32 DEBUG: There are Wazuh remaining files. 14/12/2023 10:40:33 DEBUG: There are Wazuh indexer remaining files. 14/12/2023 10:40:35 INFO: Wazuh manager installation finished. 14/12/2023 10:40:35 INFO: Starting service wazuh-manager. Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-manager.service → /usr/lib/systemd/system/wazuh-manager.service. 14/12/2023 10:40:55 INFO: wazuh-manager service started. 14/12/2023 10:40:55 INFO: Starting Filebeat installation. Verifying... ######################################## Preparing... ######################################## Updating / installing... filebeat-7.10.2-1 ######################################## 14/12/2023 10:40:57 DEBUG: Checking Wazuh installation. 14/12/2023 10:41:25 DEBUG: There are Wazuh remaining files. 14/12/2023 10:41:26 DEBUG: There are Wazuh indexer remaining files. 14/12/2023 10:41:27 DEBUG: There are Filebeat remaining files. 14/12/2023 10:41:28 INFO: Filebeat installation finished. 14/12/2023 10:41:28 DEBUG: Configuring Filebeat. wazuh/ wazuh/archives/ wazuh/archives/ingest/ wazuh/archives/ingest/pipeline.json wazuh/archives/config/ wazuh/archives/config/archives.yml wazuh/archives/manifest.yml wazuh/_meta/ wazuh/_meta/config.yml wazuh/_meta/docs.asciidoc wazuh/_meta/fields.yml wazuh/alerts/ wazuh/alerts/ingest/ wazuh/alerts/ingest/pipeline.json wazuh/alerts/config/ wazuh/alerts/config/alerts.yml wazuh/alerts/manifest.yml wazuh/module.yml 14/12/2023 10:41:28 DEBUG: Copying Filebeat certificates. Created filebeat keystore Successfully updated the keystore Successfully updated the keystore 14/12/2023 10:41:29 INFO: Filebeat post-install configuration finished. 14/12/2023 10:41:29 INFO: Starting service filebeat. Synchronizing state of filebeat.service with SysV service script with /usr/lib/systemd/systemd-sysv-install. Executing: /usr/lib/systemd/systemd-sysv-install enable filebeat Created symlink /etc/systemd/system/multi-user.target.wants/filebeat.service → /usr/lib/systemd/system/filebeat.service. 14/12/2023 10:41:29 INFO: filebeat service started. 14/12/2023 10:41:29 INFO: --- Wazuh dashboard --- 14/12/2023 10:41:29 INFO: Starting Wazuh dashboard installation. Verifying... ######################################## Preparing... ######################################## Updating / installing... wazuh-dashboard-4.8.0-1 ######################################## 14/12/2023 10:43:33 DEBUG: Checking Wazuh installation. 14/12/2023 10:43:37 DEBUG: There are Wazuh remaining files. 14/12/2023 10:43:38 DEBUG: There are Wazuh indexer remaining files. 14/12/2023 10:43:39 DEBUG: There are Filebeat remaining files. 14/12/2023 10:43:40 DEBUG: There are Wazuh dashboard remaining files. 14/12/2023 10:43:40 INFO: Wazuh dashboard installation finished. 14/12/2023 10:43:40 DEBUG: Configuring Wazuh dashboard. 14/12/2023 10:43:40 DEBUG: Copying Wazuh dashboard certificates. 14/12/2023 10:43:40 DEBUG: Wazuh dashboard certificate setup finished. 14/12/2023 10:43:40 INFO: Wazuh dashboard post-install configuration finished. 14/12/2023 10:43:40 INFO: Starting service wazuh-dashboard. Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service → /etc/systemd/system/wazuh-dashboard.service. 14/12/2023 10:43:41 INFO: wazuh-dashboard service started. 14/12/2023 10:43:41 DEBUG: Setting Wazuh indexer cluster passwords. 14/12/2023 10:43:41 DEBUG: Checking Wazuh installation. 14/12/2023 10:43:42 DEBUG: There are Wazuh remaining files. 14/12/2023 10:43:43 DEBUG: There are Wazuh indexer remaining files. 14/12/2023 10:43:45 DEBUG: There are Filebeat remaining files. 14/12/2023 10:43:46 DEBUG: There are Wazuh dashboard remaining files. 14/12/2023 10:43:46 INFO: Updating the internal users. 14/12/2023 10:43:46 DEBUG: Creating password backup. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to localhost:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.10.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: YELLOW Number of nodes: 1 Number of data nodes: 1 .opendistro_security index already exists, so we do not need to create one. Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml 14/12/2023 10:43:56 DEBUG: Password backup created in /etc/wazuh-indexer/backup. 14/12/2023 10:43:56 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder. 14/12/2023 10:43:56 DEBUG: The internal users have been updated before changing the passwords. 14/12/2023 10:43:58 DEBUG: Generating password hashes. 14/12/2023 10:44:08 DEBUG: Password hashes generated. 14/12/2023 10:44:09 DEBUG: Creating password backup. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to localhost:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.10.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: YELLOW Number of nodes: 1 Number of data nodes: 1 .opendistro_security index already exists, so we do not need to create one. Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml 14/12/2023 10:44:14 DEBUG: Password backup created in /etc/wazuh-indexer/backup. Successfully updated the keystore 14/12/2023 10:44:14 DEBUG: Restarting filebeat service... 14/12/2023 10:44:15 DEBUG: filebeat started. 14/12/2023 10:44:17 DEBUG: Restarting wazuh-dashboard service... 14/12/2023 10:44:17 DEBUG: wazuh-dashboard started. 14/12/2023 10:44:17 DEBUG: Running security admin tool. 14/12/2023 10:44:17 DEBUG: Loading new passwords changes. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to localhost:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.10.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: YELLOW Number of nodes: 1 Number of data nodes: 1 .opendistro_security index already exists, so we do not need to create one. Populate config from /home/ec2-user Force type: internalusers Will update '/internalusers' with /etc/wazuh-indexer/backup/internal_users.yml SUCC: Configuration for 'internalusers' created or updated SUCC: Expected 1 config types for node {"updated_config_types":["internalusers"],"updated_config_size":1,"message":null} is 1 (["internalusers"]) due to: null Done with success 14/12/2023 10:44:25 DEBUG: Passwords changed. 14/12/2023 10:44:25 DEBUG: Changing API passwords. 14/12/2023 10:44:33 INFO: Initializing Wazuh dashboard web application. 14/12/2023 10:44:33 INFO: Wazuh dashboard web application not yet initialized. Waiting... 14/12/2023 10:44:49 INFO: Wazuh dashboard web application not yet initialized. Waiting... 14/12/2023 10:45:04 INFO: Wazuh dashboard web application initialized. 14/12/2023 10:45:04 INFO: --- Summary --- 14/12/2023 10:45:04 INFO: You can access the web interface https://:443 User: admin Password: Z6FjgiIoQEhWjRS.E0d.YnAaK*vK6ykv 14/12/2023 10:45:04 DEBUG: Restoring Wazuh repository. 14/12/2023 10:45:04 INFO: Installation finished. ```

:green_circle: AIO offline (no internet) in AL2

```console [root@ip-172-31-40-241 ec2-user]# bash wazuh-install.sh -a -of -v 14/12/2023 10:51:49 DEBUG: Checking root permissions. 14/12/2023 10:51:49 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0 14/12/2023 10:51:49 INFO: Verbose logging redirected to /var/log/wazuh-install.log 14/12/2023 10:51:49 DEBUG: YUM package manager will be used. 14/12/2023 10:51:49 INFO: Checking installed dependencies for Offline installation. 14/12/2023 10:51:51 DEBUG: Offline dependencies are installed. 14/12/2023 10:51:51 DEBUG: Checking system distribution. 14/12/2023 10:51:51 DEBUG: Detected distribution name: amzn 14/12/2023 10:51:51 DEBUG: Detected distribution version: 2 14/12/2023 10:51:51 DEBUG: Checking Wazuh installation. 14/12/2023 10:51:54 DEBUG: Checking system architecture. 14/12/2023 10:51:54 INFO: Verifying that your system meets the recommended minimum hardware requirements. 14/12/2023 10:51:54 DEBUG: CPU cores detected: 2 14/12/2023 10:51:54 DEBUG: Free RAM memory detected: 3862 14/12/2023 10:51:54 INFO: Wazuh web interface port will be 443. 14/12/2023 10:51:54 DEBUG: Checking ports availability. 14/12/2023 10:51:55 INFO: Checking wazuh-offline.tar.gz file. 14/12/2023 10:51:55 DEBUG: wazuh-offline.tar.gz was found correctly. 14/12/2023 10:51:55 DEBUG: Extracting files from wazuh-offline.tar.gz 14/12/2023 10:52:14 DEBUG: Offline files extracted successfully. 14/12/2023 10:52:14 DEBUG: Checking curl tool version. 14/12/2023 10:52:14 DEBUG: Adding the Wazuh repository. [wazuh] gpgcheck=1 gpgkey=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH enabled=1 name=EL-${releasever} - Wazuh baseurl=https://packages-dev.wazuh.com/pre-release/yum/ protect=1 14/12/2023 10:52:14 INFO: Wazuh development repository added. 14/12/2023 10:52:14 INFO: --- Configuration files --- 14/12/2023 10:52:14 INFO: Generating configuration files. 14/12/2023 10:52:14 DEBUG: Creating Wazuh certificates. 14/12/2023 10:52:14 DEBUG: Reading configuration file. 14/12/2023 10:52:14 DEBUG: Creating the root certificate. Generating a 2048 bit RSA private key .........................+++ ...................+++ writing new private key to '/tmp/wazuh-certificates//root-ca.key' ----- 14/12/2023 10:52:14 DEBUG: Generating Admin certificates. Generating RSA private key, 2048 bit long modulus .................+++ ..........................+++ e is 65537 (0x10001) Signature ok subject=/C=US/L=California/O=Wazuh/OU=Wazuh/CN=admin Getting CA Private Key 14/12/2023 10:52:14 DEBUG: Generating Wazuh indexer certificates. 14/12/2023 10:52:14 DEBUG: Creating the Wazuh indexer certificates. 14/12/2023 10:52:14 DEBUG: Generating certificate configuration. Generating a 2048 bit RSA private key .......................+++ .......................................................+++ writing new private key to '/tmp/wazuh-certificates//wazuh-indexer-key.pem' ----- Signature ok subject=/C=US/L=California/O=Wazuh/OU=Wazuh/CN=wazuh-indexer Getting CA Private Key 14/12/2023 10:52:14 DEBUG: Generating Filebeat certificates. 14/12/2023 10:52:14 DEBUG: Creating the Wazuh server certificates. 14/12/2023 10:52:14 DEBUG: Generating certificate configuration. Generating a 2048 bit RSA private key ....................+++ ............................+++ writing new private key to '/tmp/wazuh-certificates//wazuh-server-key.pem' ----- Signature ok subject=/C=US/L=California/O=Wazuh/OU=Wazuh/CN=wazuh-server Getting CA Private Key 14/12/2023 10:52:14 DEBUG: Generating Wazuh dashboard certificates. 14/12/2023 10:52:14 DEBUG: Creating the Wazuh dashboard certificates. 14/12/2023 10:52:14 DEBUG: Generating certificate configuration. Generating a 2048 bit RSA private key .+++ .+++ writing new private key to '/tmp/wazuh-certificates//wazuh-dashboard-key.pem' ----- Signature ok subject=/C=US/L=California/O=Wazuh/OU=Wazuh/CN=wazuh-dashboard Getting CA Private Key 14/12/2023 10:52:15 DEBUG: Cleaning certificate files. 14/12/2023 10:52:15 DEBUG: Generating password file. 14/12/2023 10:52:15 DEBUG: Generating random passwords. 14/12/2023 10:52:15 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation. 14/12/2023 10:52:15 DEBUG: Extracting Wazuh configuration. 14/12/2023 10:52:15 DEBUG: Reading configuration file. 14/12/2023 10:52:15 INFO: --- Wazuh indexer --- 14/12/2023 10:52:15 INFO: Starting Wazuh indexer installation. Preparing... ######################################## Updating / installing... wazuh-indexer-4.8.0-1 ######################################## Created opensearch keystore in /etc/wazuh-indexer/opensearch.keystore 14/12/2023 10:53:21 DEBUG: Checking Wazuh installation. 14/12/2023 10:53:22 DEBUG: There are Wazuh indexer remaining files. 14/12/2023 10:53:23 INFO: Wazuh indexer installation finished. 14/12/2023 10:53:23 DEBUG: Configuring Wazuh indexer. 14/12/2023 10:53:23 DEBUG: Copying Wazuh indexer certificates. 14/12/2023 10:53:24 INFO: Wazuh indexer post-install configuration finished. 14/12/2023 10:53:24 INFO: Starting service wazuh-indexer. Created symlink from /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service to /usr/lib/systemd/system/wazuh-indexer.service. 14/12/2023 10:53:47 INFO: wazuh-indexer service started. 14/12/2023 10:53:47 INFO: Initializing Wazuh indexer cluster security settings. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to 127.0.0.1:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.10.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: GREEN Number of nodes: 1 Number of data nodes: 1 .opendistro_security index does not exists, attempt to create it ... done (0-all replicas) Populate config from /etc/wazuh-indexer/opensearch-security/ Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml SUCC: Configuration for 'config' created or updated Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml SUCC: Configuration for 'roles' created or updated Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml SUCC: Configuration for 'rolesmapping' created or updated Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml SUCC: Configuration for 'internalusers' created or updated Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml SUCC: Configuration for 'actiongroups' created or updated Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml SUCC: Configuration for 'tenants' created or updated Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml SUCC: Configuration for 'nodesdn' created or updated Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml SUCC: Configuration for 'whitelist' created or updated Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml SUCC: Configuration for 'audit' created or updated Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml SUCC: Configuration for 'allowlist' created or updated SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null Done with success Will create index templates to configure the alias SUCC: 'wazuh-alerts' template created or updated SUCC: 'wazuh-archives' template created or updated Will create the 'rollover_policy' policy SUCC: 'rollover_policy' policy created Will create initial indices for the aliases SUCC: 'wazuh-alerts' write index created SUCC: 'wazuh-archives' write index created SUCC: Indexer ISM initialization finished successfully. 14/12/2023 10:54:00 INFO: The Wazuh indexer cluster ISM initialized. 14/12/2023 10:54:00 INFO: Wazuh indexer cluster initialized. 14/12/2023 10:54:00 INFO: --- Wazuh server --- 14/12/2023 10:54:00 INFO: Starting the Wazuh manager installation. Preparing... ######################################## Updating / installing... wazuh-manager-4.8.0-1 ######################################## 14/12/2023 10:54:10 DEBUG: Checking Wazuh installation. 14/12/2023 10:54:11 DEBUG: There are Wazuh remaining files. 14/12/2023 10:54:12 DEBUG: There are Wazuh indexer remaining files. 14/12/2023 10:54:13 INFO: Wazuh manager installation finished. 14/12/2023 10:54:13 INFO: Starting service wazuh-manager. Created symlink from /etc/systemd/system/multi-user.target.wants/wazuh-manager.service to /usr/lib/systemd/system/wazuh-manager.service. 14/12/2023 10:54:30 INFO: wazuh-manager service started. 14/12/2023 10:54:30 INFO: Starting Filebeat installation. Preparing... ######################################## Updating / installing... filebeat-7.10.2-1 ######################################## 14/12/2023 10:54:31 DEBUG: Checking Wazuh installation. 14/12/2023 10:54:32 DEBUG: There are Wazuh remaining files. 14/12/2023 10:54:32 DEBUG: There are Wazuh indexer remaining files. 14/12/2023 10:54:33 DEBUG: There are Filebeat remaining files. 14/12/2023 10:54:34 INFO: Filebeat installation finished. 14/12/2023 10:54:34 DEBUG: Configuring Filebeat. wazuh/ wazuh/archives/ wazuh/archives/ingest/ wazuh/archives/ingest/pipeline.json wazuh/archives/config/ wazuh/archives/config/archives.yml wazuh/archives/manifest.yml wazuh/_meta/ wazuh/_meta/config.yml wazuh/_meta/docs.asciidoc wazuh/_meta/fields.yml wazuh/alerts/ wazuh/alerts/ingest/ wazuh/alerts/ingest/pipeline.json wazuh/alerts/config/ wazuh/alerts/config/alerts.yml wazuh/alerts/manifest.yml wazuh/module.yml 14/12/2023 10:54:34 DEBUG: Copying Filebeat certificates. Created filebeat keystore Successfully updated the keystore Successfully updated the keystore 14/12/2023 10:54:34 INFO: Filebeat post-install configuration finished. 14/12/2023 10:54:34 INFO: Starting service filebeat. Created symlink from /etc/systemd/system/multi-user.target.wants/filebeat.service to /usr/lib/systemd/system/filebeat.service. 14/12/2023 10:54:34 INFO: filebeat service started. 14/12/2023 10:54:34 INFO: --- Wazuh dashboard --- 14/12/2023 10:54:34 INFO: Starting Wazuh dashboard installation. Preparing... ######################################## Updating / installing... wazuh-dashboard-4.8.0-1 ######################################## 14/12/2023 10:55:10 DEBUG: Checking Wazuh installation. 14/12/2023 10:55:12 DEBUG: There are Wazuh remaining files. 14/12/2023 10:55:12 DEBUG: There are Wazuh indexer remaining files. 14/12/2023 10:55:13 DEBUG: There are Filebeat remaining files. 14/12/2023 10:55:14 DEBUG: There are Wazuh dashboard remaining files. 14/12/2023 10:55:14 INFO: Wazuh dashboard installation finished. 14/12/2023 10:55:14 DEBUG: Configuring Wazuh dashboard. 14/12/2023 10:55:14 DEBUG: Copying Wazuh dashboard certificates. 14/12/2023 10:55:14 DEBUG: Wazuh dashboard certificate setup finished. 14/12/2023 10:55:14 INFO: Wazuh dashboard post-install configuration finished. 14/12/2023 10:55:14 INFO: Starting service wazuh-dashboard. Created symlink from /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service to /etc/systemd/system/wazuh-dashboard.service. 14/12/2023 10:55:14 INFO: wazuh-dashboard service started. 14/12/2023 10:55:14 DEBUG: Setting Wazuh indexer cluster passwords. 14/12/2023 10:55:14 DEBUG: Checking Wazuh installation. 14/12/2023 10:55:15 DEBUG: There are Wazuh remaining files. 14/12/2023 10:55:16 DEBUG: There are Wazuh indexer remaining files. 14/12/2023 10:55:17 DEBUG: There are Filebeat remaining files. 14/12/2023 10:55:18 DEBUG: There are Wazuh dashboard remaining files. 14/12/2023 10:55:18 INFO: Updating the internal users. 14/12/2023 10:55:18 DEBUG: Creating password backup. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to localhost:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.10.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: YELLOW Number of nodes: 1 Number of data nodes: 1 .opendistro_security index already exists, so we do not need to create one. Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml 14/12/2023 10:55:24 DEBUG: Password backup created in /etc/wazuh-indexer/backup. 14/12/2023 10:55:24 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder. 14/12/2023 10:55:24 DEBUG: The internal users have been updated before changing the passwords. 14/12/2023 10:55:26 DEBUG: Generating password hashes. 14/12/2023 10:55:35 DEBUG: Password hashes generated. 14/12/2023 10:55:35 DEBUG: Creating password backup. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to localhost:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.10.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: YELLOW Number of nodes: 1 Number of data nodes: 1 .opendistro_security index already exists, so we do not need to create one. Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml 14/12/2023 10:55:39 DEBUG: Password backup created in /etc/wazuh-indexer/backup. Successfully updated the keystore 14/12/2023 10:55:39 DEBUG: Restarting filebeat service... 14/12/2023 10:55:39 DEBUG: filebeat started. 14/12/2023 10:55:41 DEBUG: Restarting wazuh-dashboard service... 14/12/2023 10:55:41 DEBUG: wazuh-dashboard started. 14/12/2023 10:55:41 DEBUG: Running security admin tool. 14/12/2023 10:55:41 DEBUG: Loading new passwords changes. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to localhost:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.10.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: YELLOW Number of nodes: 1 Number of data nodes: 1 .opendistro_security index already exists, so we do not need to create one. Populate config from /home/ec2-user Force type: internalusers Will update '/internalusers' with /etc/wazuh-indexer/backup/internal_users.yml SUCC: Configuration for 'internalusers' created or updated SUCC: Expected 1 config types for node {"updated_config_types":["internalusers"],"updated_config_size":1,"message":null} is 1 (["internalusers"]) due to: null Done with success 14/12/2023 10:55:47 DEBUG: Passwords changed. 14/12/2023 10:55:47 DEBUG: Changing API passwords. 14/12/2023 10:55:54 INFO: Initializing Wazuh dashboard web application. 14/12/2023 10:55:56 INFO: Wazuh dashboard web application initialized. 14/12/2023 10:55:56 INFO: --- Summary --- 14/12/2023 10:55:56 INFO: You can access the web interface https://:443 User: admin Password: +n.0dE28ZtVEGKcHRz020hdAhyULJYyt 14/12/2023 10:55:56 DEBUG: Restoring Wazuh repository. 14/12/2023 10:55:56 INFO: Installation finished. [root@ip-172-31-40-241 ec2-user]# ```

davidcr01 commented 11 months ago

Update Report

By petition of the team, in case of offline installation, the import of the Wazuh GPG key and repository have been removed. Two tests in Ubuntu22 and RHEL9 have been performed:

:green_circle: RHEL9 - AIO

```console [root@ip-172-31-36-51 ec2-user]# bash wazuh-install.sh -a -v -of -i 18/12/2023 16:06:24 DEBUG: Checking root permissions. 18/12/2023 16:06:24 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0 18/12/2023 16:06:24 INFO: Verbose logging redirected to /var/log/wazuh-install.log 18/12/2023 16:06:24 DEBUG: YUM package manager will be used. 18/12/2023 16:06:24 INFO: Checking installed dependencies for Offline installation. 18/12/2023 16:06:27 DEBUG: Offline dependencies are installed. 18/12/2023 16:06:27 DEBUG: Checking system distribution. 18/12/2023 16:06:27 DEBUG: Detected distribution name: rhel 18/12/2023 16:06:27 DEBUG: Detected distribution version: 9 18/12/2023 16:06:27 DEBUG: Checking Wazuh installation. 18/12/2023 16:06:30 DEBUG: Checking system architecture. 18/12/2023 16:06:30 WARNING: Hardware and system checks ignored. 18/12/2023 16:06:30 INFO: Wazuh web interface port will be 443. 18/12/2023 16:06:30 DEBUG: Checking ports availability. 18/12/2023 16:06:31 INFO: Checking wazuh-offline.tar.gz file. 18/12/2023 16:06:31 DEBUG: wazuh-offline.tar.gz was found correctly. 18/12/2023 16:06:31 DEBUG: Extracting files from wazuh-offline.tar.gz 18/12/2023 16:06:43 DEBUG: Offline files extracted successfully. 18/12/2023 16:06:43 DEBUG: Checking curl tool version. 18/12/2023 16:06:43 INFO: --- Configuration files --- 18/12/2023 16:06:43 INFO: Generating configuration files. 18/12/2023 16:06:43 DEBUG: Creating Wazuh certificates. 18/12/2023 16:06:43 DEBUG: Reading configuration file. 18/12/2023 16:06:43 DEBUG: Creating the root certificate. ......+.....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*...+.+......+..+..................+...+......+......+...+....+...+.........+...+..+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.....+.......+...............+...+..+......+...............+..........+.....+.............+..+...+.+........+......+....+..+.+...+..............+.+..+...+......+.+..+.......+.........+..............+.......+.....+..................+...+...+.........+.......+........+...+....+...+...+..+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ...+..........+......+..+....+.........+.....+.......+........+.+...+..+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*....+.....+....+...+........+....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*...+....+.........+............+...+......+......+..+...+.......+.....+.......+.........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ----- 18/12/2023 16:06:44 DEBUG: Generating Admin certificates. Certificate request self-signature ok subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = admin 18/12/2023 16:06:44 DEBUG: Generating Wazuh indexer certificates. 18/12/2023 16:06:44 DEBUG: Creating the Wazuh indexer certificates. 18/12/2023 16:06:44 DEBUG: Generating certificate configuration. Ignoring -days without -x509; not generating a certificate ...+..+.+.................+.+......+.....+...+.+.....+.+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.......+...+...+..+..................+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..........+.+...+.....+...+..........+..+.............+...........................+...+...+..+.......+.....+................+..+...+.........+.+............+..+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ .....+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.....+.......+..+...+.........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*...+.+...+..+....+...........+.............+..+.........+.+...........+..........+.....+.......+.....+.......+...+........+...+.+......+........+.+......+...+..............+.......+...+......+..+.......+......+..+.......+......+.....+.+..............+.+........+.............+.....+....+.....+.........+......+.+...+..+.......+..+...+.....................+.+...+...+..+...+...+...............+.......+.....+.......+..+..........+...+...+...............+..+.+......+...........+............+......+.......+...............+..+...+......................+..+.........+............+.......+......+............+..+.+............+..+............+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ----- Certificate request self-signature ok subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-indexer 18/12/2023 16:06:45 DEBUG: Generating Filebeat certificates. 18/12/2023 16:06:45 DEBUG: Creating the Wazuh server certificates. 18/12/2023 16:06:45 DEBUG: Generating certificate configuration. Ignoring -days without -x509; not generating a certificate ..+..+...+.......+.....+.+.....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*........+.......+......+..............+....+..+.......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*...+.......+..+......+....+..................+..+.+.....+..................+....+...+..+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ .....+....+..+.......+...+...+.........+......+..+.......+.....+.......+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*......+............+.....+.+....................+.+.....+......+...+.......+.....+.......+......+......+.........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.....+..........+...+.....+.........+...+....+.........+.....+.+...........+...+.+........+......+.+.....+.+.....+.........+.+.....+.........+.+........+......+...+...............+......+..........+..+....+........................+.........+.....+............+.+........+....+...+...+..+.........+....+.....+....+........+...+....+..+.........+......+.+..............+.+...............+............+...+...+..+....+...+........+............+...+...+......+.+.........+...........+...+....+.....+.......+...........+........................+....+.....+.........................+......+........+.+.........+..+...+...+...+..........+..+...+.......+.....+....+.........+.........+......+..+....+...+..+....+..............+......................+...........+..........+.........+...+........+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ----- Certificate request self-signature ok subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-server 18/12/2023 16:06:45 DEBUG: Generating Wazuh dashboard certificates. 18/12/2023 16:06:45 DEBUG: Creating the Wazuh dashboard certificates. 18/12/2023 16:06:45 DEBUG: Generating certificate configuration. Ignoring -days without -x509; not generating a certificate ..+.......+......+..+....+...+..+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*......+.........+.....+.+......+.....+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ..+...+............+.+.........+...+.....+...+.+...+.....+......+.+........+............+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*........+....+.........+............+.....+..........+........+..........+.....+......+.+..+..........+.....+.......+..................+...+..+.+......+...........+...+....+..+......+...+....+..+......+...+....+......+..+............+.+......+...+...+...+.....+.+......+...............+........+.+......+....................+.......+......+..+..................+.+...+........+....+...+...+........+.+..............+....+.....+.............+...+.....+......+.+..+.+.........+..+...+.+.........+.................+.+.........+........+......+.+..................+...+...+............+.....+...............+..........+.....+.........+....+...........+...+.+..+...+....+...........+....+...+...+..+...+......+.+.......................+.+........+.+.....+.+........+......+......+.+..+......+.+......+..............+......+...+............+.............+..+............+.+.........+..+.+.........+......+............+.....+...+...+....+....................+...+....+........+...+............+.+..+...+................+.....+.+.........+...+..+...+...+.......+...+........+..........+.................+....+..................+......+.....+.......+...+......+......+..+......+.+...+...+........+....+..+...+.......+...+........+...+.......+..+...+..........+.........+..............+.......+.....+....+...+........+.........+..........+...+..+.........+.+...+........+...+.......+..............+.+........+.+.....+......+.......+......+.........+...+.........+........+......+.........+...+.......+..+...+.+......+.....+....+..+...+.+.....+..........+...........+.......+...+..................+.........+...+.....+...+....+..+.+..+.+...........+.+..+.......+.....+......+.........................+...+..+............+.+.........+.....+.+..+....+.....+.........+.+...............+...+...........+....+.................+......+.......+..+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ----- Certificate request self-signature ok subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-dashboard 18/12/2023 16:06:46 DEBUG: Cleaning certificate files. 18/12/2023 16:06:46 DEBUG: Generating password file. 18/12/2023 16:06:46 DEBUG: Generating random passwords. 18/12/2023 16:06:46 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation. 18/12/2023 16:06:46 DEBUG: Extracting Wazuh configuration. 18/12/2023 16:06:46 DEBUG: Reading configuration file. 18/12/2023 16:06:47 INFO: --- Wazuh indexer --- 18/12/2023 16:06:47 INFO: Starting Wazuh indexer installation. 18/12/2023 16:06:47 DEBUG: Installing local package: /home/ec2-user/wazuh-offline/wazuh-packages/wazuh-indexer-4.8.0-1.x86_64.rpm warning: /home/ec2-user/wazuh-offline/wazuh-packages/wazuh-indexer-4.8.0-1.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID 29111145: NOKEY Verifying... ######################################## Preparing... ######################################## Updating / installing... wazuh-indexer-4.8.0-1 ######################################## Created opensearch keystore in /etc/wazuh-indexer/opensearch.keystore 18/12/2023 16:07:58 DEBUG: Checking Wazuh installation. 18/12/2023 16:07:59 DEBUG: There are Wazuh indexer remaining files. 18/12/2023 16:08:01 INFO: Wazuh indexer installation finished. 18/12/2023 16:08:01 DEBUG: Configuring Wazuh indexer. 18/12/2023 16:08:01 DEBUG: Copying Wazuh indexer certificates. 18/12/2023 16:08:01 INFO: Wazuh indexer post-install configuration finished. 18/12/2023 16:08:01 INFO: Starting service wazuh-indexer. Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service → /usr/lib/systemd/system/wazuh-indexer.service. 18/12/2023 16:08:29 INFO: wazuh-indexer service started. 18/12/2023 16:08:29 INFO: Initializing Wazuh indexer cluster security settings. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to 127.0.0.1:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.10.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: GREEN Number of nodes: 1 Number of data nodes: 1 .opendistro_security index does not exists, attempt to create it ... done (0-all replicas) Populate config from /etc/wazuh-indexer/opensearch-security/ Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml SUCC: Configuration for 'config' created or updated Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml SUCC: Configuration for 'roles' created or updated Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml SUCC: Configuration for 'rolesmapping' created or updated Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml SUCC: Configuration for 'internalusers' created or updated Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml SUCC: Configuration for 'actiongroups' created or updated Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml SUCC: Configuration for 'tenants' created or updated Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml SUCC: Configuration for 'nodesdn' created or updated Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml SUCC: Configuration for 'whitelist' created or updated Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml SUCC: Configuration for 'audit' created or updated Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml SUCC: Configuration for 'allowlist' created or updated SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null Done with success Will create index templates to configure the alias SUCC: 'wazuh-alerts' template created or updated SUCC: 'wazuh-archives' template created or updated Will create the 'rollover_policy' policy SUCC: 'rollover_policy' policy created Will create initial indices for the aliases SUCC: 'wazuh-alerts' write index created SUCC: 'wazuh-archives' write index created SUCC: Indexer ISM initialization finished successfully. 18/12/2023 16:08:42 INFO: The Wazuh indexer cluster ISM initialized. 18/12/2023 16:08:42 INFO: Wazuh indexer cluster initialized. 18/12/2023 16:08:42 INFO: --- Wazuh server --- 18/12/2023 16:08:42 INFO: Starting the Wazuh manager installation. 18/12/2023 16:08:42 DEBUG: Installing local package: /home/ec2-user/wazuh-offline/wazuh-packages/wazuh-manager-4.8.0-1.x86_64.rpm warning: /home/ec2-user/wazuh-offline/wazuh-packages/wazuh-manager-4.8.0-1.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID 29111145: NOKEY Verifying... ######################################## Preparing... ######################################## Updating / installing... wazuh-manager-4.8.0-1 ######################################## 18/12/2023 16:09:35 DEBUG: Checking Wazuh installation. 18/12/2023 16:09:37 DEBUG: There are Wazuh remaining files. 18/12/2023 16:09:38 DEBUG: There are Wazuh indexer remaining files. 18/12/2023 16:09:39 INFO: Wazuh manager installation finished. 18/12/2023 16:09:39 INFO: Starting service wazuh-manager. Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-manager.service → /usr/lib/systemd/system/wazuh-manager.service. 18/12/2023 16:09:56 INFO: wazuh-manager service started. 18/12/2023 16:09:56 INFO: Starting Filebeat installation. 18/12/2023 16:09:56 DEBUG: Installing local package: /home/ec2-user/wazuh-offline/wazuh-packages/filebeat-oss-7.10.2-x86_64.rpm warning: /home/ec2-user/wazuh-offline/wazuh-packages/filebeat-oss-7.10.2-x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID 29111145: NOKEY Verifying... ######################################## Preparing... ######################################## Updating / installing... filebeat-7.10.2-1 ######################################## 18/12/2023 16:09:58 DEBUG: Checking Wazuh installation. 18/12/2023 16:10:26 DEBUG: There are Wazuh remaining files. 18/12/2023 16:10:27 DEBUG: There are Wazuh indexer remaining files. 18/12/2023 16:10:28 DEBUG: There are Filebeat remaining files. 18/12/2023 16:10:28 INFO: Filebeat installation finished. 18/12/2023 16:10:28 DEBUG: Configuring Filebeat. wazuh/ wazuh/archives/ wazuh/archives/ingest/ wazuh/archives/ingest/pipeline.json wazuh/archives/config/ wazuh/archives/config/archives.yml wazuh/archives/manifest.yml wazuh/_meta/ wazuh/_meta/config.yml wazuh/_meta/docs.asciidoc wazuh/_meta/fields.yml wazuh/alerts/ wazuh/alerts/ingest/ wazuh/alerts/ingest/pipeline.json wazuh/alerts/config/ wazuh/alerts/config/alerts.yml wazuh/alerts/manifest.yml wazuh/module.yml 18/12/2023 16:10:28 DEBUG: Copying Filebeat certificates. Created filebeat keystore Successfully updated the keystore Successfully updated the keystore 18/12/2023 16:10:29 INFO: Filebeat post-install configuration finished. 18/12/2023 16:10:29 INFO: Starting service filebeat. Synchronizing state of filebeat.service with SysV service script with /usr/lib/systemd/systemd-sysv-install. Executing: /usr/lib/systemd/systemd-sysv-install enable filebeat Created symlink /etc/systemd/system/multi-user.target.wants/filebeat.service → /usr/lib/systemd/system/filebeat.service. 18/12/2023 16:10:29 INFO: filebeat service started. 18/12/2023 16:10:29 INFO: --- Wazuh dashboard --- 18/12/2023 16:10:29 INFO: Starting Wazuh dashboard installation. 18/12/2023 16:10:29 DEBUG: Installing local package: /home/ec2-user/wazuh-offline/wazuh-packages/wazuh-dashboard-4.8.0-1.x86_64.rpm warning: /home/ec2-user/wazuh-offline/wazuh-packages/wazuh-dashboard-4.8.0-1.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID 29111145: NOKEY Verifying... ######################################## Preparing... ######################################## Updating / installing... wazuh-dashboard-4.8.0-1 ######################################## 18/12/2023 16:12:10 DEBUG: Checking Wazuh installation. 18/12/2023 16:12:14 DEBUG: There are Wazuh remaining files. 18/12/2023 16:12:15 DEBUG: There are Wazuh indexer remaining files. 18/12/2023 16:12:15 DEBUG: There are Filebeat remaining files. 18/12/2023 16:12:16 DEBUG: There are Wazuh dashboard remaining files. 18/12/2023 16:12:16 INFO: Wazuh dashboard installation finished. 18/12/2023 16:12:16 DEBUG: Configuring Wazuh dashboard. 18/12/2023 16:12:16 DEBUG: Copying Wazuh dashboard certificates. 18/12/2023 16:12:16 DEBUG: Wazuh dashboard certificate setup finished. 18/12/2023 16:12:16 INFO: Wazuh dashboard post-install configuration finished. 18/12/2023 16:12:16 INFO: Starting service wazuh-dashboard. Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service → /etc/systemd/system/wazuh-dashboard.service. 18/12/2023 16:12:17 INFO: wazuh-dashboard service started. 18/12/2023 16:12:17 DEBUG: Setting Wazuh indexer cluster passwords. 18/12/2023 16:12:17 DEBUG: Checking Wazuh installation. 18/12/2023 16:12:18 DEBUG: There are Wazuh remaining files. 18/12/2023 16:12:19 DEBUG: There are Wazuh indexer remaining files. 18/12/2023 16:12:20 DEBUG: There are Filebeat remaining files. 18/12/2023 16:12:21 DEBUG: There are Wazuh dashboard remaining files. 18/12/2023 16:12:21 INFO: Updating the internal users. 18/12/2023 16:12:21 DEBUG: Creating password backup. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to localhost:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.10.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: YELLOW Number of nodes: 1 Number of data nodes: 1 .opendistro_security index already exists, so we do not need to create one. Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml 18/12/2023 16:12:29 DEBUG: Password backup created in /etc/wazuh-indexer/backup. 18/12/2023 16:12:30 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder. 18/12/2023 16:12:30 DEBUG: The internal users have been updated before changing the passwords. 18/12/2023 16:12:31 DEBUG: Generating password hashes. 18/12/2023 16:12:40 DEBUG: Password hashes generated. 18/12/2023 16:12:40 DEBUG: Creating password backup. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to localhost:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.10.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: YELLOW Number of nodes: 1 Number of data nodes: 1 .opendistro_security index already exists, so we do not need to create one. Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml 18/12/2023 16:12:44 DEBUG: Password backup created in /etc/wazuh-indexer/backup. Successfully updated the keystore 18/12/2023 16:12:45 DEBUG: Restarting filebeat service... 18/12/2023 16:12:45 DEBUG: filebeat started. 18/12/2023 16:12:47 DEBUG: Restarting wazuh-dashboard service... 18/12/2023 16:12:48 DEBUG: wazuh-dashboard started. 18/12/2023 16:12:48 DEBUG: Running security admin tool. 18/12/2023 16:12:48 DEBUG: Loading new passwords changes. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to localhost:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.10.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: YELLOW Number of nodes: 1 Number of data nodes: 1 .opendistro_security index already exists, so we do not need to create one. Populate config from /home/ec2-user Force type: internalusers Will update '/internalusers' with /etc/wazuh-indexer/backup/internal_users.yml SUCC: Configuration for 'internalusers' created or updated SUCC: Expected 1 config types for node {"updated_config_types":["internalusers"],"updated_config_size":1,"message":null} is 1 (["internalusers"]) due to: null Done with success 18/12/2023 16:12:55 DEBUG: Passwords changed. 18/12/2023 16:12:55 DEBUG: Changing API passwords. 18/12/2023 16:13:02 INFO: Initializing Wazuh dashboard web application. 18/12/2023 16:13:03 INFO: Wazuh dashboard web application not yet initialized. Waiting... 18/12/2023 16:13:19 INFO: Wazuh dashboard web application not yet initialized. Waiting... 18/12/2023 16:13:34 INFO: Wazuh dashboard web application initialized. 18/12/2023 16:13:34 INFO: --- Summary --- 18/12/2023 16:13:34 INFO: You can access the web interface https://:443 User: admin Password: 3*0Cu8ucKhhqwHi8YAmV3aElZa+qdFUk 18/12/2023 16:13:34 INFO: Installation finished. [root@ip-172-31-36-51 ec2-user]# yum repolist Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. repo id repo name rhel-9-appstream-rhui-rpms Red Hat Enterprise Linux 9 for x86_64 - AppStream from RHUI (RPMs) rhel-9-baseos-rhui-rpms Red Hat Enterprise Linux 9 for x86_64 - BaseOS from RHUI (RPMs) rhui-client-config-server-9 Red Hat Enterprise Linux 9 Client Configuration ```

:green_circle: Ubuntu22 - AIO

```console root@ip-172-31-37-181:/home/ubuntu# bash wazuh-install.sh -a -v -of 18/12/2023 16:06:05 DEBUG: Checking root permissions. 18/12/2023 16:06:05 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0 18/12/2023 16:06:05 INFO: Verbose logging redirected to /var/log/wazuh-install.log 18/12/2023 16:06:06 DEBUG: APT package manager will be used. 18/12/2023 16:06:06 INFO: Checking installed dependencies for Offline installation. 18/12/2023 16:06:09 DEBUG: Offline dependencies are installed. 18/12/2023 16:06:09 DEBUG: Checking system distribution. 18/12/2023 16:06:09 DEBUG: Detected distribution name: ubuntu 18/12/2023 16:06:09 DEBUG: Detected distribution version: 22 18/12/2023 16:06:09 DEBUG: Checking Wazuh installation. 18/12/2023 16:06:12 DEBUG: Checking system architecture. 18/12/2023 16:06:12 INFO: Verifying that your system meets the recommended minimum hardware requirements. 18/12/2023 16:06:12 DEBUG: CPU cores detected: 2 18/12/2023 16:06:12 DEBUG: Free RAM memory detected: 3859 18/12/2023 16:06:12 INFO: Wazuh web interface port will be 443. 18/12/2023 16:06:12 DEBUG: Checking ports availability. 18/12/2023 16:06:14 INFO: Checking wazuh-offline.tar.gz file. 18/12/2023 16:06:14 DEBUG: wazuh-offline.tar.gz was found correctly. 18/12/2023 16:06:14 DEBUG: Extracting files from wazuh-offline.tar.gz 18/12/2023 16:06:32 DEBUG: Offline files extracted successfully. 18/12/2023 16:06:32 DEBUG: Checking curl tool version. 18/12/2023 16:06:32 INFO: --- Configuration files --- 18/12/2023 16:06:33 INFO: Generating configuration files. 18/12/2023 16:06:33 DEBUG: Creating Wazuh certificates. 18/12/2023 16:06:33 DEBUG: Reading configuration file. 18/12/2023 16:06:33 DEBUG: Creating the root certificate. ..+..+.+...+......+.....+.........+.......+...+..+...+................+.....+....+..+....+.....+......+..................+....+...+..+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*...+...+..+..................+.+.....+.+........+.+......+......+..+.......+......+..+.......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*....+.+......+.........+.........+..+...+......+..........+.....+....+..+.........+.+...+...........+....+.....+....+......+...........+.+..+......+.+.....+.+.....+....+..............+.+..............+...................+........+......................+..+....+.....+.+.....+....+..+....+......+.....+.......+......+.....+....+...+..+.+..+....+...+.......................+...+.+.....+.+........+.......+...+..+...+.......+........+....+..+....+.........+........+.........+...+.......+...+...+...+......+...+.....+............+.+........+....+...+.....+..........+.....+...+......+...+..........+............+......+..+...+.......+......+......+.....+...+...............+..........+...+..............+....+..+....+.........+.....+............+....+...+.....+............+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ...+......+...+.+.........+...........+....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*........+...+.+..+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+....+...+.....+...+....+...+...+...........+...+...+....+.....+...+...+.......+..+....+..+............+.+..+....+...+..+...+.............+.........+.........+.....+.......+..+............+.+............+...............+...+.........+.....................+..............+.........+.+.....+....+............+............+..+.+.....+.......+.....+.+.........+..+...+...+.......+......+...............+..............+.+.....+....+..+...+...+....+...........+.........+......+....+...........+....+........+.+.........+...........+.......+..+..........+..+.+........+....+...+...+.....+....+..+...+..........+.....+.............+..+.+.....+.......+...+......+.....+...+...+....+...+...........+.+.....+....+.........+..+.+............+......+..+....+...+........+...+.+...+...+...+....................+...............+....+..+.+.....+.........+........................+.........+.+..+...+.+...+..+...+.............+.....+...+....+...+........+......+....+..+...+......+....+......+..............+...................+..+.+...+.....+.+.....................+..+.......+...........+...+.........+.+..+...................+......+..+...+....+........+.......+.....+....+.....+....+...+............+.................+....+..+....+.........+.........+......+.....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ----- 18/12/2023 16:06:34 DEBUG: Generating Admin certificates. Certificate request self-signature ok subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = admin 18/12/2023 16:06:35 DEBUG: Generating Wazuh indexer certificates. 18/12/2023 16:06:35 DEBUG: Creating the Wazuh indexer certificates. 18/12/2023 16:06:35 DEBUG: Generating certificate configuration. Ignoring -days without -x509; not generating a certificate ....+......+.+..+..........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.......+.....+....+..+....+...+..+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+...+...+..........+..+.......+.....+.+......+......+............+..+...............+....+.....+....+.....+...+....+.....+......+..........+........+.........+.+...........+.+..+...+...+.+......+........+....+...........+.......+..+.+..+.......+..+..........+...+...+..+...+...+....+..+...+.+.....+............+.........+...............+....+..+...+......+...+.+.........+..+..........+......+..+.......+...+...........+.......+..+...+...............+...+......+......+............+............+................+..+...+....+...+......+...........+......+....+......+........+.+...+...+.....+.............+...........+....+.....+................+...+..+.+..+.+.....................+.....+.+.....+....+......+...+..+.........+...+.+..............+.+.....+....+........+.......+..+................+........+.........+...+...+....+......+..+.......+......+.........+............+...+...+.....+............+............+.+........+.+...+..+...............+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ............+.+......+.....+....+............+..+...+.......+...+..+.+......+.....+...+.+..+..........+.....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+.+.....+.............+..+....+..+.......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+.+......+..............+......+.........+......+.+..+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ----- Certificate request self-signature ok subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-indexer 18/12/2023 16:06:35 DEBUG: Generating Filebeat certificates. 18/12/2023 16:06:35 DEBUG: Creating the Wazuh server certificates. 18/12/2023 16:06:35 DEBUG: Generating certificate configuration. Ignoring -days without -x509; not generating a certificate .....+......+..............+......+.........+...+......+.+...+.....+..........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+..........+.....+....+.....+.........+....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*....+..+...+..........+.....+......+...+.+......+...........+....+.....+....+.....+..........+..+....+...+............+........+...+..........+..+.+.....+.+........+.+..+..........+.........+......+...+.....+....+...+..+.......+...+..+......+...+.+........+.+..............+......+......+.............+........+....+...+..+......+...+..........+..+....+.....+....+...............+.........+..+...+......+.......+..+.+......+....................................+.....+............+...............+..........+...+.........+...........+...+.+...+..+.........+......+.+........+..........+..............+......+.+...+...+...+...........+....+......+..............+....+..+.........+......+.+...+.....+.........+................+......+......+..+.+..+.......+..+....+......+.....+.+............+...+............+..+....+...........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ .....+......+.+...+...........+.+..+...+.......+..+.+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*...+...+.+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+...+.........+.........+.....+.+...+........+.......+...+.....+..........+..+...............+.+..+............+............+.....................+...+....+..+.+.........+...+..+......+.......+...+.....+....+...+......+..+..........+.....+....+..............+......+.+..+...............+............................+..+.+..+....+.........+..+.......+......+...........+.+..+......+..........+.....+.+...+..+...+...+....+...+......+...........+...+...+.......+............+...+.....+.+..............+.......+........+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ----- Certificate request self-signature ok subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-server 18/12/2023 16:06:36 DEBUG: Generating Wazuh dashboard certificates. 18/12/2023 16:06:36 DEBUG: Creating the Wazuh dashboard certificates. 18/12/2023 16:06:36 DEBUG: Generating certificate configuration. Ignoring -days without -x509; not generating a certificate .......+........+...+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*....+.+..+......+....+......+..+.........+...+..........+..+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+................................+.+..+.......+...+...............+...+..+...+.........+...+......+.......+..............+...+.+.....+..........+.........+..+.+..+......+.+......+.....+.......+............+.....+.........+.+........+.+..+...+.+......+........+.......+..+.+..+...+.........+......+....+..+......+.............+.........+..................+.....+...+......+.+..+.............+.....+...+.+...+..+......+....+...+...............+..+......+....+...............+...+.....+...+.........+................+..+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ....................+...+.....+......+.+...+......+.....+.+........+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+..+...+....+...+........+...+.+...........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*........+...+...........+......+....+.....+.+........+......+...................+..+.......+..+...+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ----- Certificate request self-signature ok subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-dashboard 18/12/2023 16:06:37 DEBUG: Cleaning certificate files. 18/12/2023 16:06:37 DEBUG: Generating password file. 18/12/2023 16:06:37 DEBUG: Generating random passwords. 18/12/2023 16:06:37 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation. 18/12/2023 16:06:37 DEBUG: Extracting Wazuh configuration. 18/12/2023 16:06:37 DEBUG: Reading configuration file. 18/12/2023 16:06:38 INFO: --- Wazuh indexer --- 18/12/2023 16:06:38 INFO: Starting Wazuh indexer installation. Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: wazuh-indexer 0 upgraded, 1 newly installed, 0 to remove and 84 not upgraded. Need to get 0 B/752 MB of archives. After this operation, 1050 MB of additional disk space will be used. Selecting previously unselected package wazuh-(Reading database ... 151751 files and directories Preparing to unpack .../wazuh-indexer_4.8.0-1_amd6 Created opensearch keystore in /etc/wazuh-indexer/ Processing triggers for libc-bin (2.35-0ubuntu3.5) NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 6.2.0-1017-aws NEEDRESTART-KEXP: 6.2.0-1017-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: filebeat.service 18/12/2023 16:08:14 DEBUG: Checking Wazuh installation. 18/12/2023 16:08:15 DEBUG: There are Wazuh indexer remaining files. 18/12/2023 16:08:17 INFO: Wazuh indexer installation finished. 18/12/2023 16:08:17 DEBUG: Configuring Wazuh indexer. 18/12/2023 16:08:17 DEBUG: Copying Wazuh indexer certificates. 18/12/2023 16:08:17 INFO: Wazuh indexer post-install configuration finished. 18/12/2023 16:08:17 INFO: Starting service wazuh-indexer. Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service → /lib/systemd/system/wazuh-indexer.service. 18/12/2023 16:08:46 INFO: wazuh-indexer service started. 18/12/2023 16:08:46 INFO: Initializing Wazuh indexer cluster security settings. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to 127.0.0.1:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.10.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: GREEN Number of nodes: 1 Number of data nodes: 1 .opendistro_security index does not exists, attempt to create it ... done (0-all replicas) Populate config from /etc/wazuh-indexer/opensearch-security/ Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml SUCC: Configuration for 'config' created or updated Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml SUCC: Configuration for 'roles' created or updated Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml SUCC: Configuration for 'rolesmapping' created or updated Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml SUCC: Configuration for 'internalusers' created or updated Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml SUCC: Configuration for 'actiongroups' created or updated Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml SUCC: Configuration for 'tenants' created or updated Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml SUCC: Configuration for 'nodesdn' created or updated Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml SUCC: Configuration for 'whitelist' created or updated Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml SUCC: Configuration for 'audit' created or updated Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml SUCC: Configuration for 'allowlist' created or updated SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null Done with success Will create index templates to configure the alias SUCC: 'wazuh-alerts' template created or updated SUCC: 'wazuh-archives' template created or updated Will create the 'rollover_policy' policy SUCC: 'rollover_policy' policy created Will create initial indices for the aliases SUCC: 'wazuh-alerts' write index created SUCC: 'wazuh-archives' write index created SUCC: Indexer ISM initialization finished successfully. 18/12/2023 16:08:59 INFO: The Wazuh indexer cluster ISM initialized. 18/12/2023 16:08:59 INFO: Wazuh indexer cluster initialized. 18/12/2023 16:08:59 INFO: --- Wazuh server --- 18/12/2023 16:08:59 INFO: Starting the Wazuh manager installation. Reading package lists... Building dependency tree... Reading state information... Suggested packages: expect The following NEW packages will be installed: wazuh-manager 0 upgraded, 1 newly installed, 0 to remove and 84 not upgraded. Need to get 0 B/117 MB of archives. After this operation, 702 MB of additional disk space will be used. Selecting previously(Reading database ... 152926 files and directories Preparing to unpack .../wazuh-manager_4.8.0-1_amd6 NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 6.2.0-1017-aws NEEDRESTART-KEXP: 6.2.0-1017-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: filebeat.service 18/12/2023 16:11:24 DEBUG: Checking Wazuh installation. 18/12/2023 16:11:24 DEBUG: There are Wazuh remaining files. 18/12/2023 16:11:25 DEBUG: There are Wazuh indexer remaining files. 18/12/2023 16:11:26 INFO: Wazuh manager installation finished. 18/12/2023 16:11:26 INFO: Starting service wazuh-manager. Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-manager.service → /lib/systemd/system/wazuh-manager.service. 18/12/2023 16:11:54 INFO: wazuh-manager service started. 18/12/2023 16:11:54 INFO: Starting Filebeat installation. Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: filebeat 0 upgraded, 1 newly installed, 0 to remove and 84 not upgraded. Need to get 0 B/22.1 MB of archives. After this operation, 73.6 MB of additional disk space will be used.(Reading database ... 174972 files and directories Preparing to unpack .../filebeat_7.10.2_amd64.deb NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 6.2.0-1017-aws NEEDRESTART-KEXP: 6.2.0-1017-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: filebeat.service 18/12/2023 16:12:10 DEBUG: Checking Wazuh installation. 18/12/2023 16:12:11 DEBUG: There are Wazuh remaining files. 18/12/2023 16:12:11 DEBUG: There are Wazuh indexer remaining files. 18/12/2023 16:12:12 DEBUG: There are Filebeat remaining files. 18/12/2023 16:12:13 INFO: Filebeat installation finished. 18/12/2023 16:12:13 DEBUG: Configuring Filebeat. wazuh/ wazuh/archives/ wazuh/archives/ingest/ wazuh/archives/ingest/pipeline.json wazuh/archives/config/ wazuh/archives/config/archives.yml wazuh/archives/manifest.yml wazuh/_meta/ wazuh/_meta/config.yml wazuh/_meta/docs.asciidoc wazuh/_meta/fields.yml wazuh/alerts/ wazuh/alerts/ingest/ wazuh/alerts/ingest/pipeline.json wazuh/alerts/config/ wazuh/alerts/config/alerts.yml wazuh/alerts/manifest.yml wazuh/module.yml 18/12/2023 16:12:13 DEBUG: Copying Filebeat certificates. Created filebeat keystore Successfully updated the keystore Successfully updated the keystore 18/12/2023 16:12:14 INFO: Filebeat post-install configuration finished. 18/12/2023 16:12:14 INFO: Starting service filebeat. Synchronizing state of filebeat.service with SysV service script with /lib/systemd/systemd-sysv-install. Executing: /lib/systemd/systemd-sysv-install enable filebeat Created symlink /etc/systemd/system/multi-user.target.wants/filebeat.service → /lib/systemd/system/filebeat.service. 18/12/2023 16:12:16 INFO: filebeat service started. 18/12/2023 16:12:16 INFO: --- Wazuh dashboard --- 18/12/2023 16:12:16 INFO: Starting Wazuh dashboard installation. Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: wazuh-dashboard 0 upgraded, 1 newly installed, 0 to remove and 84 not upgraded. Need to get 0 B/186 MB of archives. After this operation, 987 MB of additional disk space will be used. Selecting previously unselected package wazuh(Reading database ... 175291 files and directories Preparing to unpack .../wazuh-dashboard_4.8.0-1_am NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 6.2.0-1017-aws NEEDRESTART-KEXP: 6.2.0-1017-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: filebeat.service 18/12/2023 16:13:41 DEBUG: Checking Wazuh installation. 18/12/2023 16:13:42 DEBUG: There are Wazuh remaining files. 18/12/2023 16:13:43 DEBUG: There are Wazuh indexer remaining files. 18/12/2023 16:13:44 DEBUG: There are Filebeat remaining files. 18/12/2023 16:13:44 DEBUG: There are Wazuh dashboard remaining files. 18/12/2023 16:13:44 INFO: Wazuh dashboard installation finished. 18/12/2023 16:13:44 DEBUG: Configuring Wazuh dashboard. 18/12/2023 16:13:44 DEBUG: Copying Wazuh dashboard certificates. 18/12/2023 16:13:45 DEBUG: Wazuh dashboard certificate setup finished. 18/12/2023 16:13:45 INFO: Wazuh dashboard post-install configuration finished. 18/12/2023 16:13:45 INFO: Starting service wazuh-dashboard. Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service → /etc/systemd/system/wazuh-dashboard.service. 18/12/2023 16:13:46 INFO: wazuh-dashboard service started. 18/12/2023 16:13:46 DEBUG: Setting Wazuh indexer cluster passwords. 18/12/2023 16:13:46 DEBUG: Checking Wazuh installation. 18/12/2023 16:13:46 DEBUG: There are Wazuh remaining files. 18/12/2023 16:13:47 DEBUG: There are Wazuh indexer remaining files. 18/12/2023 16:13:48 DEBUG: There are Filebeat remaining files. 18/12/2023 16:13:48 DEBUG: There are Wazuh dashboard remaining files. 18/12/2023 16:13:48 INFO: Updating the internal users. 18/12/2023 16:13:48 DEBUG: Creating password backup. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to localhost:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.10.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: YELLOW Number of nodes: 1 Number of data nodes: 1 .opendistro_security index already exists, so we do not need to create one. Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml 18/12/2023 16:13:59 DEBUG: Password backup created in /etc/wazuh-indexer/backup. 18/12/2023 16:13:59 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder. 18/12/2023 16:13:59 DEBUG: The internal users have been updated before changing the passwords. 18/12/2023 16:14:03 DEBUG: Generating password hashes. 18/12/2023 16:14:16 DEBUG: Password hashes generated. 18/12/2023 16:14:16 DEBUG: Creating password backup. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to localhost:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.10.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: YELLOW Number of nodes: 1 Number of data nodes: 1 .opendistro_security index already exists, so we do not need to create one. Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml 18/12/2023 16:14:24 DEBUG: Password backup created in /etc/wazuh-indexer/backup. Successfully updated the keystore 18/12/2023 16:14:25 DEBUG: Restarting filebeat service... 18/12/2023 16:14:26 DEBUG: filebeat started. 18/12/2023 16:14:28 DEBUG: Restarting wazuh-dashboard service... 18/12/2023 16:14:30 DEBUG: wazuh-dashboard started. 18/12/2023 16:14:30 DEBUG: Running security admin tool. 18/12/2023 16:14:30 DEBUG: Loading new passwords changes. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to localhost:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.10.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: YELLOW Number of nodes: 1 Number of data nodes: 1 .opendistro_security index already exists, so we do not need to create one. Populate config from /home/ubuntu Force type: internalusers Will update '/internalusers' with /etc/wazuh-indexer/backup/internal_users.yml SUCC: Configuration for 'internalusers' created or updated SUCC: Expected 1 config types for node {"updated_config_types":["internalusers"],"updated_config_size":1,"message":null} is 1 (["internalusers"]) due to: null Done with success 18/12/2023 16:14:38 DEBUG: Passwords changed. 18/12/2023 16:14:38 DEBUG: Changing API passwords. 18/12/2023 16:14:46 INFO: Initializing Wazuh dashboard web application. 18/12/2023 16:14:46 INFO: Wazuh dashboard web application not yet initialized. Waiting... 18/12/2023 16:15:03 INFO: Wazuh dashboard web application not yet initialized. Waiting... 18/12/2023 16:15:18 INFO: Wazuh dashboard web application initialized. 18/12/2023 16:15:18 INFO: --- Summary --- 18/12/2023 16:15:18 INFO: You can access the web interface https://:443 User: admin Password: XCJG1fAtjYs6gNHr2+FAtdn7vvbSOLNa 18/12/2023 16:15:18 INFO: Installation finished. root@ip-172-31-37-181:/home/ubuntu# yum repolist Command 'yum' not found, did you mean: command 'gum' from snap gum (0.12.0) command 'sum' from deb coreutils (8.32-4.1ubuntu1) command 'yum4' from deb nextgen-yum4 (4.5.2-6) command 'uum' from deb freewnn-jserver (1.1.1~a021+cvs20130302-7build1) command 'num' from deb quickcal (2.4-1) command 'zum' from deb perforate (1.2-5.1) See 'snap info ' for additional versions. root@ip-172-31-37-181:/home/ubuntu# cat /etc/ap apache2/ apparmor.d/ apt/ apparmor/ apport/ root@ip-172-31-37-181:/home/ubuntu# cat /etc/apt/ apt.conf.d/ preferences.d/ trusted.gpg.d/ auth.conf.d/ sources.list keyrings/ sources.list.d/ root@ip-172-31-37-181:/home/ubuntu# cat /etc/apt/sources.list sources.list sources.list.d/ root@ip-172-31-37-181:/home/ubuntu# ls -l /etc/apt/sources.list.d/ total 4 -rw-r--r-- 1 root root 140 Sep 6 17:34 ondrej-ubuntu-php-jammy.list root@ip-172-31-37-181:/home/ubuntu# ```

We must consider that, because of the Wazuh Filebeat template fetched via curl in the WIA, the wazuh-install.sh -s|--start-cluster option does not work. This will be fixed in https://github.com/wazuh/wazuh-automation/issues/1475, where the Wazuh Filebeat template is not needed to be downloaded.

davidcr01 commented 10 months ago

Update Report

Documentation

Currently working on the documentation of these changes in the following branch: https://github.com/wazuh/wazuh-documentation/tree/wp-1422-improve-offline-documentation-4.9

The aim is to create an index for the Offline installation that contains two alternatives: step-by-step installation and using the assistant.

wazuh / wazuh-packages

Improve offline installation experience #1422

Update Report

Workaround

Tasks

Update Report

Validations

Update Report

Update Report

Testing

Update Report

Update Report

Documentation