search

wazuh / wazuh-packages

Wazuh - Tools for packages creation
https://wazuh.com
GNU General Public License v2.0
103 stars 94 forks source link

Change OVA system due to EOL #1575

Closed rauldpm closed 1 year ago

rauldpm commented 2 years ago
Wazuh version Install type Action performed Platform
4.5 OVA -- --

It is necessary to research and choose a new operating system to use in the OVA package once CentOS 7 reaches its EOL, so that we can make the pertinent changes and carry out the necessary testing.

Currently CentOS 7 EOL is set for June 30, 2024.

Regards, Raúl.

Resolution (edit)

Research

The research of this issue is in https://github.com/wazuh/wazuh-packages/issues/1575#issuecomment-1471720669.

Extra configuration

FIPS mode should be enabled for the OVA following this documentation: https://aws.amazon.com/blogs/publicsector/enabling-fips-mode-amazon-linux-2/ This was manually tested with an EC2 instance with Amazon Linux 2. FIPS mode was configured and Wazuh installed with the assistant. Everything works fine.

Testing

The testing of this issue is in https://github.com/wazuh/wazuh-packages/issues/1575#issuecomment-1480942295.

Generation of OVA

The generation of the OVA is described in https://github.com/wazuh/wazuh-packages/issues/1575#issuecomment-1486405552. It includes the generation of the base Vagrant box for the OVA.

davidcr01 commented 1 year ago

Update Report

Research

First, it is necessary to list all the available or possible operative systems to adapt the OVA:

After talking with the team, Ubuntu systems, and RHEL systems seems to be not good for the OVA as they tend to have problems or complex systems to deploy the OVA.

With this, it seems that currently, the best option to deploy the OVA is in Amazon Linux 2. It would not have many problems due to it is RPM-based, as CentOS 7 is.

Development

As a first approach, the following workaround is to change the OS specified in the Vagrantfile, changing centos/7 to bento/amazonlinux-2 and check the results of the OVA generation.

The generate_ova.sh scripts executes the following tasks:

provision.sh :green_circle:
systemConfig - steps.sh :green_circle: Hello
preInstall - steps.sh :green_circle:
Install Wazuh (AIO) :green_circle: ``` 16/03/2023 09:53:25 INFO: Starting Wazuh installation assistant. Wazuh version: 4.5.0 16/03/2023 09:53:25 INFO: Verbose logging redirected to /var/log/wazuh-install.log 16/03/2023 09:53:27 DEBUG: Adding the Wazuh repository. [wazuh] gpgcheck=1 gpgkey=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH enabled=1 name=EL-${releasever} - Wazuh baseurl=https://packages-dev.wazuh.com/staging/yum/ protect=1 16/03/2023 09:53:28 INFO: Wazuh development repository added. 16/03/2023 09:53:28 INFO: --- Configuration files --- 16/03/2023 09:53:28 INFO: Generating configuration files. 16/03/2023 09:53:28 DEBUG: Creating the root certificate. Generating a 2048 bit RSA private key ........................+++ ...................+++ writing new private key to '/tmp/wazuh-certificates//root-ca.key' ----- Generating RSA private key, 2048 bit long modulus ..............................+++ .......................+++ e is 65537 (0x10001) Signature ok subject=/C=US/L=California/O=Wazuh/OU=Wazuh/CN=admin Getting CA Private Key 16/03/2023 09:53:28 DEBUG: Creating the Wazuh indexer certificates. Generating a 2048 bit RSA private key ......................................................................+++ ...................................+++ writing new private key to '/tmp/wazuh-certificates//wazuh-indexer-key.pem' ----- Signature ok subject=/C=US/L=California/O=Wazuh/OU=Wazuh/CN=wazuh-indexer Getting CA Private Key 16/03/2023 09:53:28 DEBUG: Creating the Wazuh server certificates. Generating a 2048 bit RSA private key .+++ ...................................+++ writing new private key to '/tmp/wazuh-certificates//wazuh-server-key.pem' ----- Signature ok subject=/C=US/L=California/O=Wazuh/OU=Wazuh/CN=wazuh-server Getting CA Private Key 16/03/2023 09:53:28 DEBUG: Creating the Wazuh dashboard certificates. Generating a 2048 bit RSA private key ....................+++ ...................+++ writing new private key to '/tmp/wazuh-certificates//wazuh-dashboard-key.pem' ----- Signature ok subject=/C=US/L=California/O=Wazuh/OU=Wazuh/CN=wazuh-dashboard Getting CA Private Key 16/03/2023 09:53:28 DEBUG: Generating random passwords. 16/03/2023 09:53:28 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation. 16/03/2023 09:53:28 INFO: --- Wazuh indexer --- 16/03/2023 09:53:28 INFO: Starting Wazuh indexer installation. Complementos cargados:dkms-build-requires, langpacks, priorities, update-motd Resolviendo dependencias --> Ejecutando prueba de transacción ---> Paquete wazuh-indexer.x86_64 0:4.5.0-40500 debe ser instalado --> Resolución de dependencias finalizada Dependencias resueltas ================================================================================ Package Arquitectura Versión Repositorio Tamaño ================================================================================ Instalando: wazuh-indexer x86_64 4.5.0-40500 wazuh 497 M Resumen de la transacción ================================================================================ Instalar 1 Paquete Tamaño total de la descarga: 497 M Tamaño instalado: 747 M Downloading packages: Running transaction check Running transaction test Transaction test succeeded Running transaction Instalando : wazuh-indexer-4.5.0-40500.x86_64 1/1 Created opensearch keystore in /etc/wazuh-indexer/opensearch.keystore Comprobando : wazuh-indexer-4.5.0-40500.x86_64 1/1 Instalado: wazuh-indexer.x86_64 0:4.5.0-40500 ¡Listo! 16/03/2023 09:56:44 INFO: Wazuh indexer installation finished. 16/03/2023 09:56:44 DEBUG: Configuring Wazuh indexer. 16/03/2023 09:56:44 INFO: Wazuh indexer post-install configuration finished. 16/03/2023 09:56:44 INFO: Starting service wazuh-indexer. Created symlink from /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service to /usr/lib/systemd/system/wazuh-indexer.service. 16/03/2023 09:56:50 INFO: wazuh-indexer service started. 16/03/2023 09:56:50 INFO: Initializing Wazuh indexer cluster security settings. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to 127.0.0.1:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.4.1 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: GREEN Number of nodes: 1 Number of data nodes: 1 .opendistro_security index does not exists, attempt to create it ... done (0-all replicas) Populate config from /etc/wazuh-indexer/opensearch-security/ Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml SUCC: Configuration for 'config' created or updated Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml SUCC: Configuration for 'roles' created or updated Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml SUCC: Configuration for 'rolesmapping' created or updated Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml SUCC: Configuration for 'internalusers' created or updated Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml SUCC: Configuration for 'actiongroups' created or updated Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml SUCC: Configuration for 'tenants' created or updated Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml SUCC: Configuration for 'nodesdn' created or updated Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml SUCC: Configuration for 'whitelist' created or updated Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml SUCC: Configuration for 'audit' created or updated Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml SUCC: Configuration for 'allowlist' created or updated SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null Done with success 16/03/2023 09:57:00 INFO: Wazuh indexer cluster initialized. 16/03/2023 09:57:00 INFO: --- Wazuh server --- 16/03/2023 09:57:00 INFO: Starting the Wazuh manager installation. Complementos cargados:dkms-build-requires, langpacks, priorities, update-motd Resolviendo dependencias --> Ejecutando prueba de transacción ---> Paquete wazuh-manager.x86_64 0:4.5.0-40500 debe ser instalado --> Resolución de dependencias finalizada Dependencias resueltas ================================================================================ Package Arquitectura Versión Repositorio Tamaño ================================================================================ Instalando: wazuh-manager x86_64 4.5.0-40500 wazuh 117 M Resumen de la transacción ================================================================================ Instalar 1 Paquete Tamaño total de la descarga: 117 M Tamaño instalado: 444 M Downloading packages: Running transaction check Running transaction test Transaction test succeeded Running transaction Instalando : wazuh-manager-4.5.0-40500.x86_64 1/1 Comprobando : wazuh-manager-4.5.0-40500.x86_64 1/1 Instalado: wazuh-manager.x86_64 0:4.5.0-40500 ¡Listo! 16/03/2023 09:57:50 INFO: Wazuh manager installation finished. 16/03/2023 09:57:50 INFO: Starting service wazuh-manager. Created symlink from /etc/systemd/system/multi-user.target.wants/wazuh-manager.service to /usr/lib/systemd/system/wazuh-manager.service. 16/03/2023 09:57:59 INFO: wazuh-manager service started. 16/03/2023 09:57:59 INFO: Starting Filebeat installation. 16/03/2023 09:58:10 INFO: Filebeat installation finished. wazuh/ wazuh/module.yml wazuh/archives/ wazuh/archives/config/ wazuh/archives/config/archives.yml wazuh/archives/ingest/ wazuh/archives/ingest/pipeline.json wazuh/archives/manifest.yml wazuh/alerts/ wazuh/alerts/config/ wazuh/alerts/config/alerts.yml wazuh/alerts/ingest/ wazuh/alerts/ingest/pipeline.json wazuh/alerts/manifest.yml wazuh/_meta/ wazuh/_meta/config.yml wazuh/_meta/fields.yml wazuh/_meta/docs.asciidoc Created filebeat keystore Successfully updated the keystore Successfully updated the keystore 16/03/2023 09:58:12 INFO: Filebeat post-install configuration finished. 16/03/2023 09:58:12 INFO: Starting service filebeat. Created symlink from /etc/systemd/system/multi-user.target.wants/filebeat.service to /usr/lib/systemd/system/filebeat.service. 16/03/2023 09:58:12 INFO: filebeat service started. 16/03/2023 09:58:12 INFO: --- Wazuh dashboard --- 16/03/2023 09:58:12 INFO: Starting Wazuh dashboard installation. Complementos cargados:dkms-build-requires, langpacks, priorities, update-motd Bloqueo existente en /var/run/yum.pid: otra copia se encuentra en ejecución como pid 14915. Another app is currently holding the yum lock; waiting for it to exit... La otra aplicación es: yum Memoria : 142 M RSS (357 MB VSZ) Iniciado: Thu Mar 16 09:58:11 2023 - 00:01 atrás Estado : Ejecutando, pid: 14915 Resolviendo dependencias --> Ejecutando prueba de transacción ---> Paquete wazuh-dashboard.x86_64 0:4.5.0-40500 debe ser instalado --> Resolución de dependencias finalizada Dependencias resueltas ================================================================================ Package Arquitectura Versión Repositorio Tamaño ================================================================================ Instalando: wazuh-dashboard x86_64 4.5.0-40500 wazuh 327 M Resumen de la transacción ================================================================================ Instalar 1 Paquete Tamaño total de la descarga: 327 M Tamaño instalado: 1.1 G Downloading packages: Running transaction check Running transaction test Transaction test succeeded Running transaction Instalando : wazuh-dashboard-4.5.0-40500.x86_64 1/1 Comprobando : wazuh-dashboard-4.5.0-40500.x86_64 1/1 Instalado: wazuh-dashboard.x86_64 0:4.5.0-40500 ¡Listo! 16/03/2023 10:00:41 INFO: Wazuh dashboard installation finished. 16/03/2023 10:00:41 DEBUG: Wazuh dashboard certificate setup finished. 16/03/2023 10:00:41 INFO: Wazuh dashboard post-install configuration finished. 16/03/2023 10:00:41 INFO: Starting service wazuh-dashboard. Created symlink from /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service to /etc/systemd/system/wazuh-dashboard.service. 16/03/2023 10:00:41 INFO: wazuh-dashboard service started. 16/03/2023 10:00:41 DEBUG: Setting Wazuh indexer cluster passwords. 16/03/2023 10:00:42 DEBUG: Creating password backup. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to 127.0.0.1:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.4.1 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: GREEN Number of nodes: 1 Number of data nodes: 1 .opendistro_security index already exists, so we do not need to create one. Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml 16/03/2023 10:00:44 DEBUG: Password backup created in /etc/wazuh-indexer/backup. 16/03/2023 10:00:44 DEBUG: Generating password hashes. 16/03/2023 10:00:46 DEBUG: Password hashes generated. 16/03/2023 10:00:46 DEBUG: Creating password backup. mkdir: no se puede crear el directorio «/etc/wazuh-indexer/backup»: File exists ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to 127.0.0.1:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.4.1 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: GREEN Number of nodes: 1 Number of data nodes: 1 .opendistro_security index already exists, so we do not need to create one. Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml 16/03/2023 10:00:47 DEBUG: Password backup created in /etc/wazuh-indexer/backup. Successfully updated the keystore 16/03/2023 10:00:48 DEBUG: filebeat started. 16/03/2023 10:00:48 DEBUG: wazuh-dashboard started. 16/03/2023 10:00:48 DEBUG: Loading new passwords changes. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to 127.0.0.1:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.4.1 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: GREEN Number of nodes: 1 Number of data nodes: 1 .opendistro_security index already exists, so we do not need to create one. Populate config from /home/vagrant Force type: internalusers Will update '/internalusers' with /etc/wazuh-indexer/backup/internal_users.yml SUCC: Configuration for 'internalusers' created or updated SUCC: Expected 1 config types for node {"updated_config_types":["internalusers"],"updated_config_size":1,"message":null} is 1 (["internalusers"]) due to: null Done with success 16/03/2023 10:00:49 DEBUG: Passwords changed. 16/03/2023 10:00:49 INFO: Initializing Wazuh dashboard web application. 16/03/2023 10:01:00 INFO: Wazuh dashboard web application initialized. 16/03/2023 10:01:00 INFO: Installation finished. ```
Clean :green_circle: ``` + systemctl stop wazuh-dashboard filebeat wazuh-indexer wazuh-manager + systemctl enable wazuh-manager + clean + rm -f /securityadmin_demo.sh + yum clean all Complementos cargados:dkms-build-requires, langpacks, priorities, update-motd Limpiando repositorios: amzn2-core amzn2extra-docker wazuh Cleaning up everything Maybe you want: rm -rf /var/cache/yum, to also free up space taken by orphaned data from disabled or removed repos ```
postProvision.sh :red_circle: This stage fails because it tries to remove the `/root/anaconda-ks.cfg` and `/root/original-ks.cfg` files that do not exist in Amazon Linux 2. These files are the kickstart files installation. Deleting the related lines no errors are generated. ``` + CURRENT_PATH=/tmp/assets + ASSETS_PATH=/tmp/assets + CUSTOM_PATH=/tmp/assets/custom + SYSTEM_USER=wazuh-user + systemctl stop wazuh-manager wazuh-indexer filebeat wazuh-dashboard + mv /tmp/assets/custom/removeVagrant.service /etc/systemd/system/ + sed -i s/USER/wazuh-user/g /etc/systemd/system/removeVagrant.service + mv /tmp/assets/custom/removeVagrant.sh /home/wazuh-user/ + sed -i s/USER/wazuh-user/g /home/wazuh-user/removeVagrant.sh + chmod 755 /home/wazuh-user/removeVagrant.sh + systemctl daemon-reload + systemctl enable removeVagrant.service Created symlink from /etc/systemd/system/multi-user.target.wants/removeVagrant.service to /etc/systemd/system/removeVagrant.service. + rm -rf /tmp/assets/custom /tmp/assets/postProvision.sh /tmp/assets/steps.sh /tmp/assets/.gitignore + find /var/log/ -type f -exec bash -c 'cat /dev/null > {}' ';' + find /var/ossec/logs/ -type f -exec bash -c 'cat /dev/null > {}' ';' ```

After importing the OVA, the system crashes when login into it. This is an unexpected behavior that must be investigated and solved. This problem does not occur if the OVA is generated by using CentOS 7 as the system base.

davidcr01 commented 1 year ago

Update Report

Development and changes

A summary of the realized changes are:

Testing

The system crash was not related to the OVA itself, it seems that my machine was having problems with the import of the OVA in VirtualBox, but another member of the team was able to generate and import the OVA successfully in VirtualBox.

:heavy_check_mark: The generation of the OVA finished successfully. The complete log is:

Show log ``` Version to build: 4.5.0 with development repository ==> default: VM not created. Moving on... Bringing machine 'default' up with 'virtualbox' provider... ==> default: Importing base box 'bento/amazonlinux-2'... Progress: 20% Progress: 40% Progress: 50% Progress: 70% Progress: 90% ==> default: Matching MAC address for NAT networking... ==> default: Checking if box 'bento/amazonlinux-2' version '1.3' is up to date... ==> default: Setting the name of the VM: vm_wazuh ==> default: Clearing any previously set network interfaces... ==> default: Preparing network interfaces based on configuration... default: Adapter 1: nat ==> default: Forwarding ports... default: 22 (guest) => 2222 (host) (adapter 1) ==> default: Running 'pre-boot' VM customizations... ==> default: Booting VM... ==> default: Waiting for machine to boot. This may take a few minutes... default: SSH address: 127.0.0.1:2222 default: SSH username: vagrant default: SSH auth method: private key default: default: Vagrant insecure key detected. Vagrant will automatically replace default: this with a newly generated keypair for better security. default: default: Inserting generated public key within guest... default: Removing insecure key from the guest if it's present... default: Key inserted! Disconnecting and reconnecting using new SSH key... ==> default: Machine booted and ready! ==> default: Checking for guest additions in VM... ==> default: Setting hostname... ==> default: Rsyncing folder: /home/davidcr01/Wazuh/1575-change-ova-4.5/ova/ => /tmp ==> default: - Exclude: [".vagrant/", "output"] ==> default: Running provisioner: shell... default: Running: /tmp/vagrant-shell20230316-36187-3hbfw2.sh default: Using dev packages default: + bash /tmp/unattended_installer/builder.sh -i -d staging default: Changing Filebeat URL... default: ++ cat /tmp/unattended_installer/wazuh-install.sh default: ++ grep wazuh_version= default: ++ cut -d '"' -f 2 default: + WAZUH_VERSION=4.5.0 default: + systemConfig default: Upgrading the system. This may take a while ... default: + echo 'Upgrading the system. This may take a while ...' default: + yum upgrade -y default: + mv /tmp/assets/custom/grub/wazuh.png /boot/grub2/ default: + mv /tmp/assets/custom/grub/grub /etc/default/ default: + grub2-mkconfig -o /boot/grub2/grub.cfg default: + mv /tmp/assets/custom/automatic_set_ram.sh /etc/ default: + chmod 755 /etc/automatic_set_ram.sh default: + mv /tmp/assets/custom/updateIndexerHeap.service /etc/systemd/system/ default: + systemctl daemon-reload default: + systemctl enable updateIndexerHeap.service default: Created symlink from /etc/systemd/system/multi-user.target.wants/updateIndexerHeap.service to /etc/systemd/system/updateIndexerHeap.service. default: + sed -i 's/root:.*:/root:$1$pNjjEA7K$USjdNwjfh7A\.vHCf8suK41::0:99999:7:::/g' /etc/shadow default: + adduser wazuh-user default: + sed -i 's/wazuh-user:!!/wazuh-user:$1$pNjjEA7K$USjdNwjfh7A\.vHCf8suK41/g' /etc/shadow default: + gpasswd -a wazuh-user wheel default: Adding user wazuh-user to group wheel default: + hostname wazuh-server default: + sed -i 's/PermitRootLogin yes/#PermitRootLogin yes/g' /etc/ssh/sshd_config default: + sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/' /etc/ssh/sshd_config default: + echo 'PermitRootLogin no' default: + bash /tmp/assets/custom/messages.sh yes 4.5.0 wazuh-user default: + cat default: + cat default: + yum install -y libnss3.so xorg-x11-fonts-100dpi xorg-x11-fonts-75dpi xorg-x11-utils xorg-x11-fonts-cyrillic xorg-x11-fonts-Type1 xorg-x11-fonts-misc fontconfig freetype ipa-gothic-fonts open-vm-tools default: Loaded plugins: dkms-build-requires, langpacks, priorities, update-motd default: Existing lock /var/run/yum.pid: another copy is running as pid 10266. default: Another app is currently holding the yum lock; waiting for it to exit... default: The other application is: yum default: Memory : 133 M RSS (349 MB VSZ) default: Started: Thu Mar 16 12:54:26 2023 - 00:01 ago default: State : Running, pid: 10266 default: Package freetype-2.8-14.amzn2.1.1.x86_64 already installed and latest version default: Resolving Dependencies default: --> Running transaction check default: ---> Package fontconfig.x86_64 0:2.13.0-4.3.amzn2 will be installed default: --> Processing Dependency: fontpackages-filesystem for package: fontconfig-2.13.0-4.3.amzn2.x86_64 default: --> Processing Dependency: dejavu-sans-fonts for package: fontconfig-2.13.0-4.3.amzn2.x86_64 default: ---> Package ipa-gothic-fonts.noarch 0:003.03-5.amzn2 will be installed default: ---> Package nss.i686 0:3.79.0-4.amzn2 will be installed default: --> Processing Dependency: nss-softokn(x86-32) >= 3.79.0-1 for package: nss-3.79.0-4.amzn2.i686 default: --> Processing Dependency: nss-pem(x86-32) for package: nss-3.79.0-4.amzn2.i686 default: --> Processing Dependency: libpthread.so.0(GLIBC_2.0) for package: nss-3.79.0-4.amzn2.i686 default: --> Processing Dependency: libpthread.so.0 for package: nss-3.79.0-4.amzn2.i686 default: --> Processing Dependency: libplds4.so for package: nss-3.79.0-4.amzn2.i686 default: --> Processing Dependency: libplc4.so for package: nss-3.79.0-4.amzn2.i686 default: --> Processing Dependency: libnssutil3.so(NSSUTIL_3.59) for package: nss-3.79.0-4.amzn2.i686 default: --> Processing Dependency: libnssutil3.so(NSSUTIL_3.39) for package: nss-3.79.0-4.amzn2.i686 default: --> Processing Dependency: libnssutil3.so(NSSUTIL_3.38) for package: nss-3.79.0-4.amzn2.i686 default: --> Processing Dependency: libnssutil3.so(NSSUTIL_3.31) for package: nss-3.79.0-4.amzn2.i686 default: --> Processing Dependency: libnssutil3.so(NSSUTIL_3.24) for package: nss-3.79.0-4.amzn2.i686 default: --> Processing Dependency: libnssutil3.so(NSSUTIL_3.21) for package: nss-3.79.0-4.amzn2.i686 default: --> Processing Dependency: libnssutil3.so(NSSUTIL_3.17.1) for package: nss-3.79.0-4.amzn2.i686 default: --> Processing Dependency: libnssutil3.so(NSSUTIL_3.15) for package: nss-3.79.0-4.amzn2.i686 default: --> Processing Dependency: libnssutil3.so(NSSUTIL_3.14) for package: nss-3.79.0-4.amzn2.i686 default: --> Processing Dependency: libnssutil3.so(NSSUTIL_3.13) for package: nss-3.79.0-4.amzn2.i686 default: --> Processing Dependency: libnssutil3.so(NSSUTIL_3.12.5) for package: nss-3.79.0-4.amzn2.i686 default: --> Processing Dependency: libnssutil3.so(NSSUTIL_3.12.3) for package: nss-3.79.0-4.amzn2.i686 default: --> Processing Dependency: libnssutil3.so(NSSUTIL_3.12) for package: nss-3.79.0-4.amzn2.i686 default: --> Processing Dependency: libnssutil3.so for package: nss-3.79.0-4.amzn2.i686 default: --> Processing Dependency: libnspr4.so for package: nss-3.79.0-4.amzn2.i686 default: --> Processing Dependency: libdl.so.2 for package: nss-3.79.0-4.amzn2.i686 default: --> Processing Dependency: libc.so.6(GLIBC_2.4) for package: nss-3.79.0-4.amzn2.i686 default: --> Processing Dependency: libc.so.6(GLIBC_2.3.4) for package: nss-3.79.0-4.amzn2.i686 default: --> Processing Dependency: libc.so.6(GLIBC_2.3) for package: nss-3.79.0-4.amzn2.i686 default: --> Processing Dependency: libc.so.6(GLIBC_2.1.3) for package: nss-3.79.0-4.amzn2.i686 default: --> Processing Dependency: libc.so.6(GLIBC_2.1) for package: nss-3.79.0-4.amzn2.i686 default: --> Processing Dependency: libc.so.6(GLIBC_2.0) for package: nss-3.79.0-4.amzn2.i686 default: --> Processing Dependency: libc.so.6 for package: nss-3.79.0-4.amzn2.i686 default: ---> Package open-vm-tools.x86_64 0:12.1.0-4.amzn2.0.2 will be installed default: --> Processing Dependency: xmlsec1-openssl for package: open-vm-tools-12.1.0-4.amzn2.0.2.x86_64 default: --> Processing Dependency: fuse for package: open-vm-tools-12.1.0-4.amzn2.0.2.x86_64 default: --> Processing Dependency: libxslt.so.1()(64bit) for package: open-vm-tools-12.1.0-4.amzn2.0.2.x86_64 default: --> Processing Dependency: libxmlsec1.so.1()(64bit) for package: open-vm-tools-12.1.0-4.amzn2.0.2.x86_64 default: --> Processing Dependency: libmspack.so.0()(64bit) for package: open-vm-tools-12.1.0-4.amzn2.0.2.x86_64 default: --> Processing Dependency: libltdl.so.7()(64bit) for package: open-vm-tools-12.1.0-4.amzn2.0.2.x86_64 default: ---> Package xorg-x11-fonts-100dpi.noarch 0:7.5-9.amzn2 will be installed default: --> Processing Dependency: mkfontdir for package: xorg-x11-fonts-100dpi-7.5-9.amzn2.noarch default: --> Processing Dependency: mkfontdir for package: xorg-x11-fonts-100dpi-7.5-9.amzn2.noarch default: ---> Package xorg-x11-fonts-75dpi.noarch 0:7.5-9.amzn2 will be installed default: ---> Package xorg-x11-fonts-Type1.noarch 0:7.5-9.amzn2 will be installed default: --> Processing Dependency: ttmkfdir for package: xorg-x11-fonts-Type1-7.5-9.amzn2.noarch default: --> Processing Dependency: ttmkfdir for package: xorg-x11-fonts-Type1-7.5-9.amzn2.noarch default: ---> Package xorg-x11-fonts-cyrillic.noarch 0:7.5-9.amzn2 will be installed default: ---> Package xorg-x11-fonts-misc.noarch 0:7.5-9.amzn2 will be installed default: ---> Package xorg-x11-utils.x86_64 0:7.5-23.amzn2 will be installed default: --> Processing Dependency: libxcb.so.1()(64bit) for package: xorg-x11-utils-7.5-23.amzn2.x86_64 default: --> Processing Dependency: libxcb-shape.so.0()(64bit) for package: xorg-x11-utils-7.5-23.amzn2.x86_64 default: --> Processing Dependency: libdmx.so.1()(64bit) for package: xorg-x11-utils-7.5-23.amzn2.x86_64 default: --> Processing Dependency: libXxf86vm.so.1()(64bit) for package: xorg-x11-utils-7.5-23.amzn2.x86_64 default: --> Processing Dependency: libXxf86misc.so.1()(64bit) for package: xorg-x11-utils-7.5-23.amzn2.x86_64 default: --> Processing Dependency: libXxf86dga.so.1()(64bit) for package: xorg-x11-utils-7.5-23.amzn2.x86_64 default: --> Processing Dependency: libXv.so.1()(64bit) for package: xorg-x11-utils-7.5-23.amzn2.x86_64 default: --> Processing Dependency: libXtst.so.6()(64bit) for package: xorg-x11-utils-7.5-23.amzn2.x86_64 default: --> Processing Dependency: libXrender.so.1()(64bit) for package: xorg-x11-utils-7.5-23.amzn2.x86_64 default: --> Processing Dependency: libXrandr.so.2()(64bit) for package: xorg-x11-utils-7.5-23.amzn2.x86_64 default: --> Processing Dependency: libXinerama.so.1()(64bit) for package: xorg-x11-utils-7.5-23.amzn2.x86_64 default: --> Processing Dependency: libXi.so.6()(64bit) for package: xorg-x11-utils-7.5-23.amzn2.x86_64 default: --> Processing Dependency: libXext.so.6()(64bit) for package: xorg-x11-utils-7.5-23.amzn2.x86_64 default: --> Processing Dependency: libX11.so.6()(64bit) for package: xorg-x11-utils-7.5-23.amzn2.x86_64 default: --> Processing Dependency: libX11-xcb.so.1()(64bit) for package: xorg-x11-utils-7.5-23.amzn2.x86_64 default: --> Running transaction check default: ---> Package dejavu-sans-fonts.noarch 0:2.33-6.amzn2 will be installed default: --> Processing Dependency: dejavu-fonts-common = 2.33-6.amzn2 for package: dejavu-sans-fonts-2.33-6.amzn2.noarch default: ---> Package fontpackages-filesystem.noarch 0:1.44-8.amzn2 will be installed default: ---> Package fuse.x86_64 0:2.9.2-11.amzn2 will be installed default: ---> Package glibc.i686 0:2.26-62.amzn2 will be installed default: ---> Package libX11.x86_64 0:1.6.7-3.amzn2.0.2 will be installed default: --> Processing Dependency: libX11-common >= 1.6.7-3.amzn2.0.2 for package: libX11-1.6.7-3.amzn2.0.2.x86_64 default: ---> Package libXext.x86_64 0:1.3.3-3.amzn2.0.2 will be installed default: ---> Package libXi.x86_64 0:1.7.9-1.amzn2.0.2 will be installed default: ---> Package libXinerama.x86_64 0:1.1.3-2.1.amzn2.0.2 will be installed default: ---> Package libXrandr.x86_64 0:1.5.1-2.amzn2.0.3 will be installed default: ---> Package libXrender.x86_64 0:0.9.10-1.amzn2.0.2 will be installed default: ---> Package libXtst.x86_64 0:1.2.3-1.amzn2.0.2 will be installed default: ---> Package libXv.x86_64 0:1.0.11-1.amzn2.0.2 will be installed default: ---> Package libXxf86dga.x86_64 0:1.1.4-2.1.amzn2.0.2 will be installed default: ---> Package libXxf86misc.x86_64 0:1.0.3-7.1.amzn2.0.2 will be installed default: ---> Package libXxf86vm.x86_64 0:1.1.4-1.amzn2.0.2 will be installed default: ---> Package libdmx.x86_64 0:1.1.3-3.amzn2.0.2 will be installed default: ---> Package libmspack.x86_64 0:0.5-0.8.alpha.amzn2 will be installed default: ---> Package libtool-ltdl.x86_64 0:2.4.2-22.2.amzn2.0.2 will be installed default: ---> Package libxcb.x86_64 0:1.12-1.amzn2.0.2 will be installed default: --> Processing Dependency: libXau.so.6()(64bit) for package: libxcb-1.12-1.amzn2.0.2.x86_64 default: ---> Package libxslt.x86_64 0:1.1.28-6.amzn2 will be installed default: ---> Package nspr.i686 0:4.34.0-3.1.amzn2 will be installed default: ---> Package nss-pem.i686 0:1.0.3-5.amzn2 will be installed default: ---> Package nss-softokn.i686 0:3.79.0-4.amzn2 will be installed default: --> Processing Dependency: nss-softokn-freebl(x86-32) >= 3.79.0-4.amzn2 for package: nss-softokn-3.79.0-4.amzn2.i686 default: --> Processing Dependency: libsqlite3.so.0 for package: nss-softokn-3.79.0-4.amzn2.i686 default: ---> Package nss-util.i686 0:3.79.0-1.amzn2 will be installed default: ---> Package ttmkfdir.x86_64 0:3.0.9-42.amzn2.0.2 will be installed default: ---> Package xmlsec1.x86_64 0:1.2.20-7.amzn2.0.1 will be installed default: ---> Package xmlsec1-openssl.x86_64 0:1.2.20-7.amzn2.0.1 will be installed default: ---> Package xorg-x11-font-utils.x86_64 1:7.5-21.amzn2 will be installed default: --> Processing Dependency: libfontenc.so.1()(64bit) for package: 1:xorg-x11-font-utils-7.5-21.amzn2.x86_64 default: --> Running transaction check default: ---> Package dejavu-fonts-common.noarch 0:2.33-6.amzn2 will be installed default: ---> Package libX11-common.noarch 0:1.6.7-3.amzn2.0.2 will be installed default: ---> Package libXau.x86_64 0:1.0.8-2.1.amzn2.0.2 will be installed default: ---> Package libfontenc.x86_64 0:1.1.3-3.amzn2.0.2 will be installed default: ---> Package nss-softokn-freebl.i686 0:3.79.0-4.amzn2 will be installed default: ---> Package sqlite.i686 0:3.7.17-8.amzn2.1.2 will be installed default: --> Processing Dependency: libtinfo.so.6 for package: sqlite-3.7.17-8.amzn2.1.2.i686 default: --> Processing Dependency: libreadline.so.6 for package: sqlite-3.7.17-8.amzn2.1.2.i686 default: --> Processing Dependency: libncurses.so.6 for package: sqlite-3.7.17-8.amzn2.1.2.i686 default: --> Running transaction check default: ---> Package ncurses-libs.i686 0:6.0-8.20170212.amzn2.1.4 will be installed default: ---> Package readline.i686 0:6.2-10.amzn2.0.2 will be installed default: --> Finished Dependency Resolution default: default: Dependencies Resolved default: default: ================================================================================ default: Package Arch Version Repository Size default: ================================================================================ default: Installing: default: fontconfig x86_64 2.13.0-4.3.amzn2 amzn2-core 253 k default: ipa-gothic-fonts noarch 003.03-5.amzn2 amzn2-core 3.5 M default: nss i686 3.79.0-4.amzn2 amzn2-core 958 k default: open-vm-tools x86_64 12.1.0-4.amzn2.0.2 amzn2-core 829 k default: xorg-x11-fonts-100dpi noarch 7.5-9.amzn2 amzn2-core 3.1 M default: xorg-x11-fonts-75dpi noarch 7.5-9.amzn2 amzn2-core 2.8 M default: xorg-x11-fonts-Type1 noarch 7.5-9.amzn2 amzn2-core 521 k default: xorg-x11-fonts-cyrillic noarch 7.5-9.amzn2 amzn2-core 398 k default: xorg-x11-fonts-misc noarch 7.5-9.amzn2 amzn2-core 5.8 M default: xorg-x11-utils x86_64 7.5-23.amzn2 amzn2-core 114 k default: Installing for dependencies: default: dejavu-fonts-common noarch 2.33-6.amzn2 amzn2-core 64 k default: dejavu-sans-fonts noarch 2.33-6.amzn2 amzn2-core 1.4 M default: fontpackages-filesystem noarch 1.44-8.amzn2 amzn2-core 10 k default: fuse x86_64 2.9.2-11.amzn2 amzn2-core 86 k default: glibc i686 2.26-62.amzn2 amzn2-core 4.1 M default: libX11 x86_64 1.6.7-3.amzn2.0.2 amzn2-core 606 k default: libX11-common noarch 1.6.7-3.amzn2.0.2 amzn2-core 165 k default: libXau x86_64 1.0.8-2.1.amzn2.0.2 amzn2-core 29 k default: libXext x86_64 1.3.3-3.amzn2.0.2 amzn2-core 39 k default: libXi x86_64 1.7.9-1.amzn2.0.2 amzn2-core 41 k default: libXinerama x86_64 1.1.3-2.1.amzn2.0.2 amzn2-core 14 k default: libXrandr x86_64 1.5.1-2.amzn2.0.3 amzn2-core 27 k default: libXrender x86_64 0.9.10-1.amzn2.0.2 amzn2-core 26 k default: libXtst x86_64 1.2.3-1.amzn2.0.2 amzn2-core 20 k default: libXv x86_64 1.0.11-1.amzn2.0.2 amzn2-core 18 k default: libXxf86dga x86_64 1.1.4-2.1.amzn2.0.2 amzn2-core 19 k default: libXxf86misc x86_64 1.0.3-7.1.amzn2.0.2 amzn2-core 19 k default: libXxf86vm x86_64 1.1.4-1.amzn2.0.2 amzn2-core 17 k default: libdmx x86_64 1.1.3-3.amzn2.0.2 amzn2-core 16 k default: libfontenc x86_64 1.1.3-3.amzn2.0.2 amzn2-core 31 k default: libmspack x86_64 0.5-0.8.alpha.amzn2 amzn2-core 62 k default: libtool-ltdl x86_64 2.4.2-22.2.amzn2.0.2 amzn2-core 49 k default: libxcb x86_64 1.12-1.amzn2.0.2 amzn2-core 216 k default: libxslt x86_64 1.1.28-6.amzn2 amzn2-core 240 k default: ncurses-libs i686 6.0-8.20170212.amzn2.1.4 amzn2-core 323 k default: nspr i686 4.34.0-3.1.amzn2 amzn2-core 136 k default: nss-pem i686 1.0.3-5.amzn2 amzn2-core 78 k default: nss-softokn i686 3.79.0-4.amzn2 amzn2-core 412 k default: nss-softokn-freebl i686 3.79.0-4.amzn2 amzn2-core 343 k default: nss-util i686 3.79.0-1.amzn2 amzn2-core 81 k default: readline i686 6.2-10.amzn2.0.2 amzn2-core 199 k default: sqlite i686 3.7.17-8.amzn2.1.2 amzn2-core 422 k default: ttmkfdir x86_64 3.0.9-42.amzn2.0.2 amzn2-core 50 k default: xmlsec1 x86_64 1.2.20-7.amzn2.0.1 amzn2-core 180 k default: xmlsec1-openssl x86_64 1.2.20-7.amzn2.0.1 amzn2-core 78 k default: xorg-x11-font-utils x86_64 1:7.5-21.amzn2 amzn2-core 103 k default: default: Transaction Summary default: ================================================================================ default: Install 10 Packages (+36 Dependent packages) default: default: Total download size: 28 M default: Installed size: 57 M default: Downloading packages: default: -------------------------------------------------------------------------------- default: Total 1.8 MB/s | 28 MB 00:15 default: Running transaction check default: Running transaction test default: Transaction test succeeded default: Running transaction default: Installing : fontpackages-filesystem-1.44-8.amzn2.noarch 1/46 default: Installing : glibc-2.26-62.amzn2.i686 2/46 default: Installing : libtool-ltdl-2.4.2-22.2.amzn2.0.2.x86_64 3/46 default: Installing : libxslt-1.1.28-6.amzn2.x86_64 4/46 default: Installing : xmlsec1-1.2.20-7.amzn2.0.1.x86_64 5/46 default: Installing : xmlsec1-openssl-1.2.20-7.amzn2.0.1.x86_64 6/46 default: Installing : ttmkfdir-3.0.9-42.amzn2.0.2.x86_64 7/46 default: Installing : libmspack-0.5-0.8.alpha.amzn2.x86_64 8/46 default: Installing : libfontenc-1.1.3-3.amzn2.0.2.x86_64 9/46 default: Installing : 1:xorg-x11-font-utils-7.5-21.amzn2.x86_64 10/46 default: Installing : fuse-2.9.2-11.amzn2.x86_64 11/46 default: Installing : libXau-1.0.8-2.1.amzn2.0.2.x86_64 12/46 default: Installing : libxcb-1.12-1.amzn2.0.2.x86_64 13/46 default: Installing : dejavu-fonts-common-2.33-6.amzn2.noarch 14/46 default: Installing : dejavu-sans-fonts-2.33-6.amzn2.noarch 15/46 default: Installing : fontconfig-2.13.0-4.3.amzn2.x86_64 16/46 default: Installing : libX11-common-1.6.7-3.amzn2.0.2.noarch 17/46 default: Installing : libX11-1.6.7-3.amzn2.0.2.x86_64 18/46 default: Installing : libXext-1.3.3-3.amzn2.0.2.x86_64 19/46 default: Installing : libXi-1.7.9-1.amzn2.0.2.x86_64 20/46 default: Installing : libXrender-0.9.10-1.amzn2.0.2.x86_64 21/46 default: Installing : libXrandr-1.5.1-2.amzn2.0.3.x86_64 22/46 default: Installing : libXtst-1.2.3-1.amzn2.0.2.x86_64 23/46 default: Installing : libXxf86vm-1.1.4-1.amzn2.0.2.x86_64 24/46 default: Installing : libdmx-1.1.3-3.amzn2.0.2.x86_64 25/46 default: Installing : libXxf86misc-1.0.3-7.1.amzn2.0.2.x86_64 26/46 default: Installing : libXv-1.0.11-1.amzn2.0.2.x86_64 27/46 default: Installing : libXinerama-1.1.3-2.1.amzn2.0.2.x86_64 28/46 default: Installing : libXxf86dga-1.1.4-2.1.amzn2.0.2.x86_64 29/46 default: Installing : xorg-x11-utils-7.5-23.amzn2.x86_64 30/46 default: Installing : xorg-x11-fonts-misc-7.5-9.amzn2.noarch 31/46 default: Installing : xorg-x11-fonts-Type1-7.5-9.amzn2.noarch 32/46 default: Installing : open-vm-tools-12.1.0-4.amzn2.0.2.x86_64 33/46 default: Installing : xorg-x11-fonts-100dpi-7.5-9.amzn2.noarch 34/46 default: Installing : xorg-x11-fonts-75dpi-7.5-9.amzn2.noarch 35/46 default: Installing : xorg-x11-fonts-cyrillic-7.5-9.amzn2.noarch 36/46 default: Installing : ipa-gothic-fonts-003.03-5.amzn2.noarch 37/46 default: Installing : nspr-4.34.0-3.1.amzn2.i686 38/46 default: Installing : nss-util-3.79.0-1.amzn2.i686 39/46 default: Installing : ncurses-libs-6.0-8.20170212.amzn2.1.4.i686 40/46 default: Installing : readline-6.2-10.amzn2.0.2.i686 41/46 default: Installing : sqlite-3.7.17-8.amzn2.1.2.i686 42/46 default: Installing : nss-softokn-freebl-3.79.0-4.amzn2.i686 43/46 default: Installing : nss-softokn-3.79.0-4.amzn2.i686 44/46 default: Installing : nss-pem-1.0.3-5.amzn2.i686 45/46 default: Installing : nss-3.79.0-4.amzn2.i686 46/46 default: Verifying : ttmkfdir-3.0.9-42.amzn2.0.2.x86_64 1/46 default: Verifying : 1:xorg-x11-font-utils-7.5-21.amzn2.x86_64 2/46 default: Verifying : libXxf86vm-1.1.4-1.amzn2.0.2.x86_64 3/46 default: Verifying : nss-softokn-freebl-3.79.0-4.amzn2.i686 4/46 default: Verifying : fontpackages-filesystem-1.44-8.amzn2.noarch 5/46 default: Verifying : libXrender-0.9.10-1.amzn2.0.2.x86_64 6/46 default: Verifying : xorg-x11-fonts-100dpi-7.5-9.amzn2.noarch 7/46 default: Verifying : libxcb-1.12-1.amzn2.0.2.x86_64 8/46 default: Verifying : libXrandr-1.5.1-2.amzn2.0.3.x86_64 9/46 default: Verifying : libdmx-1.1.3-3.amzn2.0.2.x86_64 10/46 default: Verifying : libXext-1.3.3-3.amzn2.0.2.x86_64 11/46 default: Verifying : glibc-2.26-62.amzn2.i686 12/46 default: Verifying : xorg-x11-utils-7.5-23.amzn2.x86_64 13/46 default: Verifying : xorg-x11-fonts-misc-7.5-9.amzn2.noarch 14/46 default: Verifying : libmspack-0.5-0.8.alpha.amzn2.x86_64 15/46 default: Verifying : nss-util-3.79.0-1.amzn2.i686 16/46 default: Verifying : libXxf86misc-1.0.3-7.1.amzn2.0.2.x86_64 17/46 default: Verifying : nss-3.79.0-4.amzn2.i686 18/46 default: Verifying : dejavu-fonts-common-2.33-6.amzn2.noarch 19/46 default: Verifying : nss-pem-1.0.3-5.amzn2.i686 20/46 default: Verifying : libfontenc-1.1.3-3.amzn2.0.2.x86_64 21/46 default: Verifying : fuse-2.9.2-11.amzn2.x86_64 22/46 default: Verifying : xorg-x11-fonts-Type1-7.5-9.amzn2.noarch 23/46 default: Verifying : open-vm-tools-12.1.0-4.amzn2.0.2.x86_64 24/46 default: Verifying : nspr-4.34.0-3.1.amzn2.i686 25/46 default: Verifying : libtool-ltdl-2.4.2-22.2.amzn2.0.2.x86_64 26/46 default: Verifying : readline-6.2-10.amzn2.0.2.i686 27/46 default: Verifying : dejavu-sans-fonts-2.33-6.amzn2.noarch 28/46 default: Verifying : xmlsec1-openssl-1.2.20-7.amzn2.0.1.x86_64 29/46 default: Verifying : fontconfig-2.13.0-4.3.amzn2.x86_64 30/46 default: Verifying : nss-softokn-3.79.0-4.amzn2.i686 31/46 default: Verifying : libXv-1.0.11-1.amzn2.0.2.x86_64 32/46 default: Verifying : libX11-1.6.7-3.amzn2.0.2.x86_64 33/46 default: Verifying : libX11-common-1.6.7-3.amzn2.0.2.noarch 34/46 default: Verifying : sqlite-3.7.17-8.amzn2.1.2.i686 35/46 default: Verifying : libXinerama-1.1.3-2.1.amzn2.0.2.x86_64 36/46 default: Verifying : xmlsec1-1.2.20-7.amzn2.0.1.x86_64 37/46 default: Verifying : libXi-1.7.9-1.amzn2.0.2.x86_64 38/46 default: Verifying : libXau-1.0.8-2.1.amzn2.0.2.x86_64 39/46 default: Verifying : xorg-x11-fonts-75dpi-7.5-9.amzn2.noarch 40/46 default: Verifying : libxslt-1.1.28-6.amzn2.x86_64 41/46 default: Verifying : libXtst-1.2.3-1.amzn2.0.2.x86_64 42/46 default: Verifying : xorg-x11-fonts-cyrillic-7.5-9.amzn2.noarch 43/46 default: Verifying : ipa-gothic-fonts-003.03-5.amzn2.noarch 44/46 default: Verifying : ncurses-libs-6.0-8.20170212.amzn2.1.4.i686 45/46 default: Verifying : libXxf86dga-1.1.4-2.1.amzn2.0.2.x86_64 46/46 default: default: Installed: default: fontconfig.x86_64 0:2.13.0-4.3.amzn2 default: ipa-gothic-fonts.noarch 0:003.03-5.amzn2 default: nss.i686 0:3.79.0-4.amzn2 default: open-vm-tools.x86_64 0:12.1.0-4.amzn2.0.2 default: xorg-x11-fonts-100dpi.noarch 0:7.5-9.amzn2 default: xorg-x11-fonts-75dpi.noarch 0:7.5-9.amzn2 default: xorg-x11-fonts-Type1.noarch 0:7.5-9.amzn2 default: xorg-x11-fonts-cyrillic.noarch 0:7.5-9.amzn2 default: xorg-x11-fonts-misc.noarch 0:7.5-9.amzn2 default: xorg-x11-utils.x86_64 0:7.5-23.amzn2 default: default: Dependency Installed: default: dejavu-fonts-common.noarch 0:2.33-6.amzn2 default: dejavu-sans-fonts.noarch 0:2.33-6.amzn2 default: fontpackages-filesystem.noarch 0:1.44-8.amzn2 default: fuse.x86_64 0:2.9.2-11.amzn2 default: glibc.i686 0:2.26-62.amzn2 default: libX11.x86_64 0:1.6.7-3.amzn2.0.2 default: libX11-common.noarch 0:1.6.7-3.amzn2.0.2 default: libXau.x86_64 0:1.0.8-2.1.amzn2.0.2 default: libXext.x86_64 0:1.3.3-3.amzn2.0.2 default: libXi.x86_64 0:1.7.9-1.amzn2.0.2 default: libXinerama.x86_64 0:1.1.3-2.1.amzn2.0.2 default: libXrandr.x86_64 0:1.5.1-2.amzn2.0.3 default: libXrender.x86_64 0:0.9.10-1.amzn2.0.2 default: libXtst.x86_64 0:1.2.3-1.amzn2.0.2 default: libXv.x86_64 0:1.0.11-1.amzn2.0.2 default: libXxf86dga.x86_64 0:1.1.4-2.1.amzn2.0.2 default: libXxf86misc.x86_64 0:1.0.3-7.1.amzn2.0.2 default: libXxf86vm.x86_64 0:1.1.4-1.amzn2.0.2 default: libdmx.x86_64 0:1.1.3-3.amzn2.0.2 default: libfontenc.x86_64 0:1.1.3-3.amzn2.0.2 default: libmspack.x86_64 0:0.5-0.8.alpha.amzn2 default: libtool-ltdl.x86_64 0:2.4.2-22.2.amzn2.0.2 default: libxcb.x86_64 0:1.12-1.amzn2.0.2 default: libxslt.x86_64 0:1.1.28-6.amzn2 default: ncurses-libs.i686 0:6.0-8.20170212.amzn2.1.4 default: nspr.i686 0:4.34.0-3.1.amzn2 default: nss-pem.i686 0:1.0.3-5.amzn2 default: nss-softokn.i686 0:3.79.0-4.amzn2 default: nss-softokn-freebl.i686 0:3.79.0-4.amzn2 default: nss-util.i686 0:3.79.0-1.amzn2 default: readline.i686 0:6.2-10.amzn2.0.2 default: sqlite.i686 0:3.7.17-8.amzn2.1.2 default: ttmkfdir.x86_64 0:3.0.9-42.amzn2.0.2 default: xmlsec1.x86_64 0:1.2.20-7.amzn2.0.1 default: xmlsec1-openssl.x86_64 0:1.2.20-7.amzn2.0.1 default: xorg-x11-font-utils.x86_64 1:7.5-21.amzn2 default: default: Complete! default: + preInstall default: + sed -i 's/passwords+=\(.*\)/passwords+=\("${users[i]}"\)/g' /tmp/unattended_installer/wazuh-install.sh default: + sed -i 's/api_passwords+=\(.*\)//g' /tmp/unattended_installer/wazuh-install.sh default: + sed -i 's/passwords_checkPassword .*//g' /tmp/unattended_installer/wazuh-install.sh default: + sed -i 's/filecorrect=.*/filecorrect=1/g' /tmp/unattended_installer/wazuh-install.sh default: + sed -i 's/main "$@"//g' /tmp/unattended_installer/wazuh-install.sh default: + cat /tmp/assets/custom/functions.sh default: + echo '' default: + echo 'main "$@"' default: + bash /tmp/unattended_installer/wazuh-install.sh -a -v default: 16/03/2023 12:54:50 INFO: Starting Wazuh installation assistant. Wazuh version: 4.5.0 default: 16/03/2023 12:54:50 INFO: Verbose logging redirected to /var/log/wazuh-install.log default: 16/03/2023 12:54:52 DEBUG: Adding the Wazuh repository. default: [wazuh] default: gpgcheck=1 default: gpgkey=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH default: enabled=1 default: name=EL-${releasever} - Wazuh default: baseurl=https://packages-dev.wazuh.com/staging/yum/ default: protect=1 default: 16/03/2023 12:54:53 INFO: Wazuh development repository added. default: 16/03/2023 12:54:53 INFO: --- Configuration files --- default: 16/03/2023 12:54:53 INFO: Generating configuration files. default: 16/03/2023 12:54:53 DEBUG: Creating the root certificate. default: Generating a 2048 bit RSA private key default: ..........................................................................+++ default: .+++ default: writing new private key to '/tmp/wazuh-certificates//root-ca.key' default: ----- default: Generating RSA private key, 2048 bit long modulus default: ............+++ default: .....+++ default: e is 65537 (0x10001) default: Signature ok default: subject=/C=US/L=California/O=Wazuh/OU=Wazuh/CN=admin default: Getting CA Private Key default: 16/03/2023 12:54:53 DEBUG: Creating the Wazuh indexer certificates. default: Generating a 2048 bit RSA private key default: .........+++ default: ...............................+++ default: writing new private key to '/tmp/wazuh-certificates//wazuh-indexer-key.pem' default: ----- default: Signature ok default: subject=/C=US/L=California/O=Wazuh/OU=Wazuh/CN=wazuh-indexer default: Getting CA Private Key default: 16/03/2023 12:54:53 DEBUG: Creating the Wazuh server certificates. default: Generating a 2048 bit RSA private key default: ........+++ default: ..........+++ default: writing new private key to '/tmp/wazuh-certificates//wazuh-server-key.pem' default: ----- default: Signature ok default: subject=/C=US/L=California/O=Wazuh/OU=Wazuh/CN=wazuh-server default: Getting CA Private Key default: 16/03/2023 12:54:53 DEBUG: Creating the Wazuh dashboard certificates. default: Generating a 2048 bit RSA private key default: ......................................................+++ default: ..................................................+++ default: writing new private key to '/tmp/wazuh-certificates//wazuh-dashboard-key.pem' default: ----- default: Signature ok default: subject=/C=US/L=California/O=Wazuh/OU=Wazuh/CN=wazuh-dashboard default: Getting CA Private Key default: 16/03/2023 12:54:54 DEBUG: Generating random passwords. default: 16/03/2023 12:54:54 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation. default: 16/03/2023 12:54:54 INFO: --- Wazuh indexer --- default: 16/03/2023 12:54:54 INFO: Starting Wazuh indexer installation. default: Loaded plugins: dkms-build-requires, langpacks, priorities, update-motd default: Existing lock /var/run/yum.pid: another copy is running as pid 10952. default: Another app is currently holding the yum lock; waiting for it to exit... default: The other application is: yum default: Memory : 108 M RSS (325 MB VSZ) default: Started: Thu Mar 16 12:54:50 2023 - 00:04 ago default: State : Running, pid: 10952 default: Resolving Dependencies default: --> Running transaction check default: ---> Package wazuh-indexer.x86_64 0:4.5.0-40500 will be installed default: --> Finished Dependency Resolution default: default: Dependencies Resolved default: default: ================================================================================ default: Package Arch Version Repository Size default: ================================================================================ default: Installing: default: wazuh-indexer x86_64 4.5.0-40500 wazuh 497 M default: default: Transaction Summary default: ================================================================================ default: Install 1 Package default: default: Total download size: 497 M default: Installed size: 747 M default: Downloading packages: default: Running transaction check default: Running transaction test default: Transaction test succeeded default: Running transaction default: Installing : wazuh-indexer-4.5.0-40500.x86_64 1/1 default: Created opensearch keystore in /etc/wazuh-indexer/opensearch.keystore default: Verifying : wazuh-indexer-4.5.0-40500.x86_64 1/1 default: default: Installed: default: wazuh-indexer.x86_64 0:4.5.0-40500 default: default: Complete! default: 16/03/2023 12:58:16 INFO: Wazuh indexer installation finished. default: 16/03/2023 12:58:16 DEBUG: Configuring Wazuh indexer. default: 16/03/2023 12:58:16 INFO: Wazuh indexer post-install configuration finished. default: 16/03/2023 12:58:16 INFO: Starting service wazuh-indexer. default: Created symlink from /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service to /usr/lib/systemd/system/wazuh-indexer.service. default: 16/03/2023 12:58:23 INFO: wazuh-indexer service started. default: 16/03/2023 12:58:23 INFO: Initializing Wazuh indexer cluster security settings. default: ************************************************************************** default: ** This tool will be deprecated in the next major release of OpenSearch ** default: ** https://github.com/opensearch-project/security/issues/1755 ** default: ************************************************************************** default: Security Admin v7 default: Will connect to 127.0.0.1:9200 ... done default: Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" default: OpenSearch Version: 2.4.1 default: Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... default: Clustername: wazuh-cluster default: Clusterstate: GREEN default: Number of nodes: 1 default: Number of data nodes: 1 default: .opendistro_security index does not exists, attempt to create it ... done (0-all replicas) default: Populate config from /etc/wazuh-indexer/opensearch-security/ default: Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml default: SUCC: Configuration for 'config' created or updated default: Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml default: SUCC: Configuration for 'roles' created or updated default: Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml default: SUCC: Configuration for 'rolesmapping' created or updated default: Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml default: SUCC: Configuration for 'internalusers' created or updated default: Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml default: SUCC: Configuration for 'actiongroups' created or updated default: Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml default: SUCC: Configuration for 'tenants' created or updated default: Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml default: SUCC: Configuration for 'nodesdn' created or updated default: Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml default: SUCC: Configuration for 'whitelist' created or updated default: Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml default: SUCC: Configuration for 'audit' created or updated default: Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml default: SUCC: Configuration for 'allowlist' created or updated default: SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null default: Done with success default: 16/03/2023 12:58:33 INFO: Wazuh indexer cluster initialized. default: 16/03/2023 12:58:33 INFO: --- Wazuh server --- default: 16/03/2023 12:58:33 INFO: Starting the Wazuh manager installation. default: Loaded plugins: dkms-build-requires, langpacks, priorities, update-motd default: Resolving Dependencies default: --> Running transaction check default: ---> Package wazuh-manager.x86_64 0:4.5.0-40500 will be installed default: --> Finished Dependency Resolution default: default: Dependencies Resolved default: default: ================================================================================ default: Package Arch Version Repository Size default: ================================================================================ default: Installing: default: wazuh-manager x86_64 4.5.0-40500 wazuh 117 M default: default: Transaction Summary default: ================================================================================ default: Install 1 Package default: default: Total download size: 117 M default: Installed size: 444 M default: Downloading packages: default: Running transaction check default: Running transaction test default: Transaction test succeeded default: Running transaction default: Installing : wazuh-manager-4.5.0-40500.x86_64 1/1 default: Verifying : wazuh-manager-4.5.0-40500.x86_64 1/1 default: default: Installed: default: wazuh-manager.x86_64 0:4.5.0-40500 default: default: Complete! default: 16/03/2023 12:59:23 INFO: Wazuh manager installation finished. default: 16/03/2023 12:59:23 INFO: Starting service wazuh-manager. default: Created symlink from /etc/systemd/system/multi-user.target.wants/wazuh-manager.service to /usr/lib/systemd/system/wazuh-manager.service. default: 16/03/2023 12:59:31 INFO: wazuh-manager service started. default: 16/03/2023 12:59:31 INFO: Starting Filebeat installation. default: 16/03/2023 12:59:42 INFO: Filebeat installation finished. default: wazuh/ default: wazuh/module.yml default: wazuh/archives/ default: wazuh/archives/config/ default: wazuh/archives/config/archives.yml default: wazuh/archives/ingest/ default: wazuh/archives/ingest/pipeline.json default: wazuh/archives/manifest.yml default: wazuh/alerts/ default: wazuh/alerts/config/ default: wazuh/alerts/config/alerts.yml default: wazuh/alerts/ingest/ default: wazuh/alerts/ingest/pipeline.json default: wazuh/alerts/manifest.yml default: wazuh/_meta/ default: wazuh/_meta/config.yml default: wazuh/_meta/fields.yml default: wazuh/_meta/docs.asciidoc default: Created filebeat keystore default: Successfully updated the keystore default: Successfully updated the keystore default: 16/03/2023 12:59:43 INFO: Filebeat post-install configuration finished. default: 16/03/2023 12:59:43 INFO: Starting service filebeat. default: Created symlink from /etc/systemd/system/multi-user.target.wants/filebeat.service to /usr/lib/systemd/system/filebeat.service. default: 16/03/2023 12:59:43 INFO: filebeat service started. default: 16/03/2023 12:59:43 INFO: --- Wazuh dashboard --- default: 16/03/2023 12:59:43 INFO: Starting Wazuh dashboard installation. default: Loaded plugins: dkms-build-requires, langpacks, priorities, update-motd default: Existing lock /var/run/yum.pid: another copy is running as pid 14539. default: Another app is currently holding the yum lock; waiting for it to exit... default: The other application is: yum default: Memory : 164 M RSS (380 MB VSZ) default: Started: Thu Mar 16 12:59:41 2023 - 00:02 ago default: State : Running, pid: 14539 default: Resolving Dependencies default: --> Running transaction check default: ---> Package wazuh-dashboard.x86_64 0:4.5.0-40500 will be installed default: --> Finished Dependency Resolution default: default: Dependencies Resolved default: default: ================================================================================ default: Package Arch Version Repository Size default: ================================================================================ default: Installing: default: wazuh-dashboard x86_64 4.5.0-40500 wazuh 327 M default: default: Transaction Summary default: ================================================================================ default: Install 1 Package default: default: Total download size: 327 M default: Installed size: 1.1 G default: Downloading packages: default: Running transaction check default: Running transaction test default: Transaction test succeeded default: Running transaction default: Installing : wazuh-dashboard-4.5.0-40500.x86_64 1/1 default: Verifying : wazuh-dashboard-4.5.0-40500.x86_64 1/1 default: default: Installed: default: wazuh-dashboard.x86_64 0:4.5.0-40500 default: default: Complete! default: 16/03/2023 13:02:09 INFO: Wazuh dashboard installation finished. default: 16/03/2023 13:02:09 DEBUG: Wazuh dashboard certificate setup finished. default: 16/03/2023 13:02:09 INFO: Wazuh dashboard post-install configuration finished. default: 16/03/2023 13:02:09 INFO: Starting service wazuh-dashboard. default: Created symlink from /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service to /etc/systemd/system/wazuh-dashboard.service. default: 16/03/2023 13:02:09 INFO: wazuh-dashboard service started. default: 16/03/2023 13:02:09 DEBUG: Setting Wazuh indexer cluster passwords. default: 16/03/2023 13:02:13 DEBUG: Creating password backup. default: ************************************************************************** default: ** This tool will be deprecated in the next major release of OpenSearch ** default: ** https://github.com/opensearch-project/security/issues/1755 ** default: ************************************************************************** default: Security Admin v7 default: Will connect to 127.0.0.1:9200 ... done default: Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" default: OpenSearch Version: 2.4.1 default: Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... default: Clustername: wazuh-cluster default: Clusterstate: GREEN default: Number of nodes: 1 default: Number of data nodes: 1 default: .opendistro_security index already exists, so we do not need to create one. default: Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml default: SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml default: Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml default: SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml default: Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml default: SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml default: Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml default: SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml default: Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml default: SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml default: Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml default: SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml default: Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml default: SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml default: Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml default: SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml default: Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml default: SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml default: Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml default: SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml default: 16/03/2023 13:02:15 DEBUG: Password backup created in /etc/wazuh-indexer/backup. default: 16/03/2023 13:02:15 DEBUG: Generating password hashes. default: 16/03/2023 13:02:17 DEBUG: Password hashes generated. default: 16/03/2023 13:02:17 DEBUG: Creating password backup. default: mkdir: cannot create directory ‘/etc/wazuh-indexer/backup’: File exists default: ************************************************************************** default: ** This tool will be deprecated in the next major release of OpenSearch ** default: ** https://github.com/opensearch-project/security/issues/1755 ** default: ************************************************************************** default: Security Admin v7 default: Will connect to 127.0.0.1:9200 ... done default: Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" default: OpenSearch Version: 2.4.1 default: Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... default: Clustername: wazuh-cluster default: Clusterstate: GREEN default: Number of nodes: 1 default: Number of data nodes: 1 default: .opendistro_security index already exists, so we do not need to create one. default: Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml default: SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml default: Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml default: SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml default: Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml default: SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml default: Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml default: SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml default: Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml default: SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml default: Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml default: SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml default: Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml default: SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml default: Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml default: SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml default: Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml default: SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml default: Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml default: SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml default: 16/03/2023 13:02:18 DEBUG: Password backup created in /etc/wazuh-indexer/backup. default: Successfully updated the keystore default: 16/03/2023 13:02:18 DEBUG: filebeat started. default: 16/03/2023 13:02:19 DEBUG: wazuh-dashboard started. default: 16/03/2023 13:02:19 DEBUG: Loading new passwords changes. default: ************************************************************************** default: ** This tool will be deprecated in the next major release of OpenSearch ** default: ** https://github.com/opensearch-project/security/issues/1755 ** default: ************************************************************************** default: Security Admin v7 default: Will connect to 127.0.0.1:9200 ... done default: Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" default: OpenSearch Version: 2.4.1 default: Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... default: Clustername: wazuh-cluster default: Clusterstate: GREEN default: Number of nodes: 1 default: Number of data nodes: 1 default: .opendistro_security index already exists, so we do not need to create one. default: Populate config from /home/vagrant default: Force type: internalusers default: Will update '/internalusers' with /etc/wazuh-indexer/backup/internal_users.yml default: SUCC: Configuration for 'internalusers' created or updated default: SUCC: Expected 1 config types for node {"updated_config_types":["internalusers"],"updated_config_size":1,"message":null} is 1 (["internalusers"]) due to: null default: Done with success default: 16/03/2023 13:02:20 DEBUG: Passwords changed. default: 16/03/2023 13:02:20 INFO: Initializing Wazuh dashboard web application. default: 16/03/2023 13:02:31 INFO: Wazuh dashboard web application initialized. default: 16/03/2023 13:02:31 INFO: --- Summary --- default: 16/03/2023 13:02:31 INFO: You can access the web interface https:// default: User: admin default: Password: admin default: 16/03/2023 13:02:31 INFO: Installation finished. default: + systemctl stop wazuh-dashboard filebeat wazuh-indexer wazuh-manager default: + systemctl enable wazuh-manager default: + clean default: + rm -f /securityadmin_demo.sh default: + yum clean all default: Loaded plugins: dkms-build-requires, langpacks, priorities, update-motd default: Cleaning repos: amzn2-core amzn2extra-docker wazuh default: Cleaning up everything default: Maybe you want: rm -rf /var/cache/yum, to also free up space taken by orphaned data from disabled or removed repos ==> default: Running provisioner: shell... default: Running: /tmp/vagrant-shell20230316-36187-irhwd8.sh default: +++ dirname /tmp/vagrant-shell default: ++ cd /tmp default: ++ pwd -P default: + CURRENT_PATH=/tmp default: + ASSETS_PATH=/tmp/assets default: + CUSTOM_PATH=/tmp/assets/custom default: + SYSTEM_USER=wazuh-user default: + systemctl stop wazuh-manager wazuh-indexer filebeat wazuh-dashboard default: + mv /tmp/assets/custom/removeVagrant.service /etc/systemd/system/ default: + sed -i s/USER/wazuh-user/g /etc/systemd/system/removeVagrant.service default: + mv /tmp/assets/custom/removeVagrant.sh /home/wazuh-user/ default: + sed -i s/USER/wazuh-user/g /home/wazuh-user/removeVagrant.sh default: + chmod 755 /home/wazuh-user/removeVagrant.sh default: + systemctl daemon-reload default: + systemctl enable removeVagrant.service default: Created symlink from /etc/systemd/system/multi-user.target.wants/removeVagrant.service to /etc/systemd/system/removeVagrant.service. default: + rm -rf /tmp/amazon.log /tmp/assets /tmp/centos.log /tmp/generate_ova.sh /tmp/hsperfdata_root /tmp/Ova2Ovf.py /tmp/provision.sh /tmp/README.md /tmp/setOVADefault.sh /tmp/unattended_installer /tmp/Vagrantfile /tmp/vagrant-shell /tmp/vboxguest-Module.symvers /tmp/wazuh_ovf_template /tmp/.gitignore default: + find /var/log/ -type f -exec bash -c 'cat /dev/null > {}' ';' default: + find /var/ossec/logs/ -type f -exec bash -c 'cat /dev/null > {}' ';' default: + history -c default: + shutdown -r now ==> default: Saving VM state and suspending execution... Exporting ova Successfully exported 1 machine(s). ==> default: Discarding saved state of VM... ==> default: Destroying VM and associated drives... wazuh-4.5.0.ovf wazuh-4.5.0-disk001.vmdk Setting up ova for VMware ESXi Standarizing OVA Setting OVA to default wazuh-4.5.0.ovf wazuh-4.5.0-disk001.vmdk OVF extracted Files renamed OVF Version changed OVF Size changed Manifest changed wazuh-4.5.0.ovf wazuh-4.5.0-disk-1.vmdk wazuh-4.5.0.mf New OVA created Cleaned temporary directory Process finished ==> default: VM not created. Moving on... ```

The Wazuh logo is displayed correctly after login into the VM.

Show logo ![Captura desde 2023-03-24 11-27-15](https://user-images.githubusercontent.com/72193239/227499995-75962535-9757-46c5-aab6-0843d989c05b.png)

VMWare In VMWare, the OVA is imported successfully and all the components of Wazuh are working correctly.

Wazuh indexer status ![Captura desde 2023-03-23 10-06-40](https://user-images.githubusercontent.com/72193239/227174902-5f154be3-7c76-4c81-b55d-4eb0e45c75d5.png)
Wazuh manager status ![Captura desde 2023-03-23 10-07-28](https://user-images.githubusercontent.com/72193239/227174969-81618d6b-86b5-4f34-817d-f12bdc280332.png)
Filebeat status ![Captura desde 2023-03-23 10-07-41](https://user-images.githubusercontent.com/72193239/227174996-0e668aeb-4d22-48e2-8b50-d4edb025943e.png)
Wazuh dashboard status ![Captura desde 2023-03-23 10-07-53](https://user-images.githubusercontent.com/72193239/227175032-1ded782a-f3ef-453e-a18e-c1089b29e050.png)
Wazuh app working ![Captura desde 2023-03-23 10-06-09](https://user-images.githubusercontent.com/72193239/227175166-a6729feb-56dc-46be-bc48-ade10fef55f1.png)

VirtualBox In VMWare, the OVA is imported successfully (in my case, changing the Graphic Controller to VMSVGA in the VirtualBox configuration) and all the components of Wazuh are working correctly.

Wazuh indexer status ![Captura desde 2023-03-24 11-28-41](https://user-images.githubusercontent.com/72193239/227498194-c967ba2f-de1b-4077-8505-6456e251af91.png)
Wazuh manager status ![Captura desde 2023-03-24 11-28-55](https://user-images.githubusercontent.com/72193239/227498268-21a517bb-2202-471e-b529-bd6f0e888b08.png)
Filebeat ![Captura desde 2023-03-24 11-29-10](https://user-images.githubusercontent.com/72193239/227498288-0fe0c86d-2bff-4ee6-a96b-f2a1e0d69b63.png)
Wazuh dashboard status ![Captura desde 2023-03-24 11-29-24](https://user-images.githubusercontent.com/72193239/227498316-7335af66-7b96-4ba6-b5b7-a83ea3b2b962.png)
Wazuh app working ![Captura desde 2023-03-24 11-28-19](https://user-images.githubusercontent.com/72193239/227498152-04f14960-15c8-430e-9ebb-ff61ec97706f.png)
davidcr01 commented 1 year ago

Update Report

Meeting

After talking with the team and discussing the current progress, we thought it is not a good idea to use a foreign Vagrant box to perform this task. Generally, it is not recommended to use third-party software that is not maintainable or unofficial. Due to this reasons, two alternatives are available using the official image of Amazon Linux 2 :

davidcr01 commented 1 year ago

Update Report - OVA and BOX generation

After talking with the team about the alternatives, we conclude that the best option is to create the Vagrant box from the VM. Instead of uploading it to the Vagrant cloud, we can store it in S3. Here is an example: https://github.com/wazuh/wazuh-jenkins/blob/079d26833b5340451ce83f886e87f7fd409c6696/quality/deployments/vagrant/macos/Vagrantfile#L111

The steps to follow this process is:

The process is described in this documentation: https://docs.aws.amazon.com/en_us/AWSEC2/latest/UserGuide/amazon-linux-2-virtual-machine.html Besides, there is a GitHub repository that explains exactly what we want to achieve: https://github.com/poflynn/AMZN2Vagrant/tree/master

Creating the VM

Amazon officially provides some [virtual disks ] (https://cdn.amazonlinux.com/os-images/2.0.20230307.0/) of Amazon Linux 2.

The steps are:

  1. Download de Virtual Image Disk of Amazon. https://cdn.amazonlinux.com/os-images/latest/virtualbox/
  2. Create a new VM in VagrantBox, adding the existing .vdi disk with the following criteria.
    • name: AMZN
    • type: linux
    • version: Other Linux 64bit
  3. In the host machine, create a new folder seedconfig and create two files inside this folder, user-data and meta-data.

The meta-data file content is:

local-hostname:localhost.localdomain

The user-data file contains some configuration to create the Vagrant box. Its content is:

#cloud-config 
users:
  - default
  - name: vagrant
    groups: wheel
    sudo: ['ALL=(ALL) NOPASSWD:ALL']
    plain_text_passwd: vagrant
    ssh-authorized-keys:
      - ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key
    lock_passwd: false

chpasswd:
  list: |
    root:vagrant
  expire: False

# Required so we can install VirtualBox Guest Additions later
packages:
  - kernel-devel
  - kernel-headers
  - gcc
  - make
  - perl
  - bzip2
  - mod_ssl
  - git 

runcmd:

  # Stop cloud-init from randomizing root password on startup
  - sed -i 's/.*root:RANDOM/#&/g' /etc/cloud/cloud.cfg.d/99_onprem.cfg

  # Make it look like RedHat
  - ln -s /etc/system-release /etc/redhat-release

  1. With both files in the same folder, execute: genisoimage -output seed.iso -volid cidata -joliet -rock user-data meta-data. This command will generate the seed.iso file.

  2. Attach the seed.iso file to the VM in Storage -> CD -> Select/Create optical virtual disk.

  3. Start the VM. In the first run, the VM will install some packages defined in the user-data file

Install the GuestAdditions

GuestAdditions are mandatory in the Vagrant configuration. It allows some features such as shared folders.

The steps to perform this task are:

  1. Power off the VM.
  2. Remove the seed.iso file from the machine.
  3. Start the VM and log in as the root user. The password is vagrant.
  4. Insert the GuestAdditions image by clicking on Devices -> Insert Guest Additions CD image. If an error is displayed, maybe the seed.iso did not extract correctly.
  5. Install the GuestAdditions with the following commands: 
    
sudo yum -y update
sudo yum -y install kernel-headers kernel-devel

Mount the inserted guest additions CD

mount -r -t iso9660 /dev/cdrom /media cd /media ./VBoxLinuxAdditions.run systemctl enable vboxadd.service

In these steps, some warnings can be displayed.

## Clean the VM

When we use a Vagrant box, it should be as clean as possible, without history, ssh keys, logs, and unnecessary packages.

The clean-up commands are:

Uninstall amazon-ssm-agent

yum remove -y amazon-ssm-agent

Delete YUM cache

yum clean all rm -rf /var/cache/yum

Disable the root login via SSH.

sed -i 's/PermitRootLogin yes/#PermitRootLogin no/g' /etc/ssh/sshd_config sed -i 's/^PasswordAuthentication no/PasswordAuthentication yes/g' /etc/ssh/sshd_config && sudo service sshd restart

Tries to optimize the VDI

find /var/log -type f | while read f; do echo -ne '' > $f; done dd if=/dev/zero of=/ZERO bs=1M rm -f /ZERO

Delete bash history, SSH authorized keys and the ec2-user user.

userdel -r ec2-user unset HISTFILE rm /root/.bash_history cat /dev/null > ~/.bash_history && history -c

shutdown -h now


## Create the Vagrant box

In the host machine, execute the following commands:

vagrant init vagrant package --base AMZN --output amazonlinux2.box

This will generate the Amazon Linux 2 Vagrant box in the current path.

## Create the OVA

With the box generated, the OVA can be generated easily by changing the vagrant base box that the builder script uses.

config.vm.box_url = "https://packages-dev.wazuh.com/vms/ova/amazonlinux2.box" config.vm.box = "amazonlinux2"



With this change, the OVA is generated successfully and works as expected.

<details><summary>Display screenshot</summary>

![image](https://user-images.githubusercontent.com/72193239/228767742-fa80ee4f-c879-41e4-8d05-272b64a2997f.png)

</details>

## Upload to S3

The Vagrant box and the OVA have been uploaded to S3. The files are stored in https://packages-dev.wazuh.com/ provisionally, in the folder `vms/ova`. These files were uploaded manually. If it is necessary to modify them, please follow the steps given previously.
davidcr01 commented 1 year ago

Update Report

After talking with the team about the current progress, we decided to perform some changes in the process. It would be ideal for creating the Vagrant box with the wazuh-user and disabling the connection via an insecure SSH key, removing the vagrant user, and disabling the root login via SSH. These are some steps that are performed in the post-provision.sh script of the generation of the OVA.

Next steps

The next steps are to re-create the Vagrant box with the mentioned configuration and create the AMI from that box.

davidcr01 commented 1 year ago

Update Report

Development

To perform the steps given above, I will follow the steps explained in the documentation above. Starting from the beginning, the vagrant user can be removed easily by removing it from the user-data file.

With this, the user-data file would change to:

#cloud-config 
users:
  - default
  - name: wazuh-user
    groups: wheel
    sudo: ['ALL=(ALL) NOPASSWD:ALL']
    plain_text_passwd: wazuh
    ssh-authorized-keys:
    lock_passwd: false

chpasswd:
  list: |
    root:wazuh
  expire: False

And the rest of the file would be the same. This change specifies that the default user of the machine would be wazuh-user with wazuh as the password. This user can use superuser privileges without typing the password.

As the vagrant user is removed, in the Vagrantfile it is necessary to specify which user are we going to use to login and specify that the login will be via password:

config.ssh.username = "wazuh-user"
config.ssh.password = "wazuh"
config.ssh.insert_key = false

With this, we have created a Vagrant box:

davidcr01 commented 1 year ago

Update Report

Development

Problem with the OVA functionality

:x: With the new Vagrant box, the generation of the OVA finished successfully without executing the postProvision.sh, but for an unknown reason the Wazuh dashboard was not installed correctly although the log of the OVA installation does not show any error. The rest of the components worked correctly.

image

To investigate these errors, some tests have been done.

It seems that some of the steps performed in the postProvision stage are necessary for the correct functionality of the Wazuh installation.

This steps are:

CURRENT_PATH="$( cd $(dirname $0) ; pwd -P )"
ASSETS_PATH="${CURRENT_PATH}/assets"
CUSTOM_PATH="${ASSETS_PATH}/custom"
SYSTEM_USER="wazuh-user"

systemctl stop wazuh-manager wazuh-indexer filebeat wazuh-dashboard

# Remove everything related to vagrant
mv ${CUSTOM_PATH}/removeVagrant.service /etc/systemd/system/
sed -i "s/USER/${SYSTEM_USER}/g" /etc/systemd/system/removeVagrant.service
mv ${CUSTOM_PATH}/removeVagrant.sh /home/${SYSTEM_USER}/
sed -i "s/USER/${SYSTEM_USER}/g" /home/${SYSTEM_USER}/removeVagrant.sh
chmod 755 /home/${SYSTEM_USER}/removeVagrant.sh
systemctl daemon-reload
systemctl enable removeVagrant.service

# Clear synced files
rm -rf ${CURRENT_PATH}/* ${CURRENT_PATH}/.gitignore

# Remove logs 
find /var/log/ -type f -exec bash -c 'cat /dev/null > {}' \;
find /var/ossec/logs/ -type f -exec bash -c 'cat /dev/null > {}' \;

history -c
shutdown -r now > /dev/null 2>&1

The part of removing everything related to Vagrant is not necessary anymore, as the created Vagrant box does not have anything related to Vagrant. Hence, the result steps of the postProvision stage are:

systemctl daemon-reload

# Clear synced files
rm -rf ${CURRENT_PATH}/* ${CURRENT_PATH}/.gitignore

# Remove logs
find /var/log/ -type f -exec bash -c 'cat /dev/null > {}' \;
find /var/ossec/logs/ -type f -exec bash -c 'cat /dev/null > {}' \;

history -c
shutdown -r now > /dev/null 2>&1

:heavy_check_mark: With these steps added to the clean function of the steps.sh file, the OVA works correctly. Hence, the postProvision stage can be deleted, and its necessary commands can be moved to the provision stage.

Problem with the sync folders

Due to the pre-configuration of the Vagrant box (can not be accessed by the SSH configuration of Vagrant as it does not have the vagrant user), a problem has been found in the following commands of the Vagrantfile

config.vm.synced_folder ".", "/vagrant", disabled: true
config.vm.synced_folder ".", "/tmp", type: "rsync", :rsync__exclude => ['output']

In the Vagrantfile, the connection with the VM is configured via password. When Vagrant executes the sync commands, the following output is generated:

==> default: SSH address: 127.0.0.1:2222
==> default: SSH username: wazuh-user
==> default: SSH auth method: password
==> default: Machine booted and ready!
==> default: Checking for guest additions in VM...
==> default: Setting hostname...
==> default: The machine you're rsyncing folders to is configured to use
==> default: password-based authentication. Vagrant can't script rsync to automatically
==> default: enter this password, so you'll likely be prompted for a password
==> default: shortly.
==> default: 
==> default: If you don't want to have to do this, please enable automatic
==> default: key insertion using `config.ssh.insert_key`.
==> default: Rsyncing folder: /home/davidcr01/Wazuh/1575-change-ova-4.5/ova/ => /tmp
==> default:   - Exclude: [".vagrant/", "output"]
wazuh-user@127.0.0.1's password:

:x: With this, the script is stopped waiting for the password, and this may produce problems in the automatic scripts to generate the OVA.

Some tests have been done to insert the password automatically, with no success:

:heavy_check_mark: The only alternative that works and avoids creating the vagrant user is to change the Vagrantfile, adding the following command:

config.ssh.insert_key = true

With this, the access to the Vagrant machine is done via password, but it inserts the insecure Vagrant key into it. This change makes Vagrant not to ask for the password to sync the folders. In the clean function explained above, it can be removed by adding the following command:

rm ~/.ssh/authorized_keys

This file only contains the insecure key of Vagrant, so it can be performed safely.

image

davidcr01 commented 1 year ago

Update Report

AMI base

Once the OVA and the Vagrant box are created and uploaded to S3 (packages-dev.wazuh.com), we can create the related AMI.

To perform this, is necessary to have the AWS account configured in the system, and the AWS CLI installed.

To generate the AMI, I executed the following command:

aws ec2 import-image --description "AL2_OVA_base" --disk-containers "file://containers.json" --profile wazuh-qa --region us-west-1

Where wazuh-qa is the AWS configured profile and the containers.json has the following content:

[
  {
    "Description": "Amazon Linux 2 OVA",
    "Format": "ova",
    "UserBucket": {
        "S3Bucket": "packages-dev.wazuh.com",
        "S3Key": "vms/ova/amazonlinux-2.ova"
    }
  }
]

To check the status of the AMI generation, I used the following command:

  aws ec2 describe-import-image-tasks --import-task-ids import-ami-XXXXXXXXXXXX --profile wazuh-qa --region us-west-1

And the previous command returns the following content:

{
    "ImportImageTasks": [
        {
            "Description": "AL2_OVA_base",
            "ImportTaskId": "import-ami-093a05b9ea18ad79d",
            "SnapshotDetails": [
                {
                    "DiskImageSize": 0.0,
                    "Status": "completed"
                }
            ],
            "Status": "pending"
        }
    ]
}

Once the AMI is generated, its information can be consulted in the AWS console, and launch an instance using the generated AMI. image

The OVA is created by default in us-west-1, but it's necessary to copy it to us-east-1.

image

The instance has been created with:

These features are specified in https://github.com/wazuh/wazuh-jenkins/blob/master/src/org/wazuh/TFInstance.groovy and https://github.com/wazuh/wazuh-jenkins/blob/master/jenkins-files/packages/Packages_builder_OVA.groovy

davidcr01 commented 1 year ago

Update Report

AMI workaround

Once the AMI is created, it's necessary to perform some steps to clean up the AMI with the configuration that Amazon adds to it.

After this, a new AMI will be generated, and this AMI will be used to build the OVA through the automatic process.

AMI development

With this, the commands that have to be executed in the AMI are:

sudo yum remove -y amazon-ssm-agent 
sudo rm -rf /var/log/*
sudo rm -rf /tmp/*
sudo yum autoremove
sudo rm  ~/.ssh/*
sudo su
rm -rf /root/.ssh/*
cat /dev/null > /root/.bash_history && history -c && exit
cat /dev/null > ~/.bash_history && history -c && sudo shutdown -h now

After this, in AWS console, I clicked on Actions -> Images and Templates -> Create image, add it a name (Amazon-Linux2-for-OVA-wp1575) and a description (AMI created from AL2_OVA_base_wp1575 after clean up). This AMI provisionally will be used to generate the OVA in the Packages_builder_OVA Jenkins pipeline. The id of the AMI is ami-01801051d5737dbfe.

davidcr01 commented 1 year ago

Update Report

I had to rebuild the Vagrant box and the OVA due to they did not have the git tool installed. This tool is necessary for the wazuh_ova_generation.yml:

https://github.com/wazuh/wazuh-jenkins/blob/e2553fd49ba6248aaa593f4e52f595479799694e/ansible-playbooks/wazuh_ova_generation.yml#L14-L23

Besides, it is necessary to rebuild the AMIs. Summarizing, repeat the process.

davidcr01 commented 1 year ago

Update Report

After all the steps mentioned above, a strange behavior has been found in the Packages_builder_OVA pipeline. It seems that the provision.sh script is trying to execute a second time when the script is removed. This behavior is seen in the following: https://ci.wazuh.info/job/Packages_Builder_OVA/224

The error is:

16:42:17  fatal: [Packages_Builder_OVA_B224_20230421143406]: FAILED! => {
16:42:17      "changed": true,
16:42:17      "cmd": [
16:42:17          "sh",
16:42:17          "provision.sh",
16:42:17          "staging",
16:42:17          "yes"
16:42:17      ],
16:42:17      "delta": "0:00:00.006995",
16:42:17      "end": "2023-04-21 14:42:17.678561",
16:42:17      "invocation": {
16:42:17          "module_args": {
16:42:17              "_raw_params": "sh provision.sh staging yes",
16:42:17              "_uses_shell": false,
16:42:17              "argv": null,
16:42:17              "chdir": "/var/provision/wazuh-packages/ova",
16:42:17              "creates": null,
16:42:17              "executable": null,
16:42:17              "removes": null,
16:42:17              "stdin": null,
16:42:17              "stdin_add_newline": true,
16:42:17              "strip_empty_ends": true,
16:42:17              "warn": true
16:42:17          }
16:42:17      },
16:42:17      "rc": 127,
16:42:17      "start": "2023-04-21 14:42:17.671566"
16:42:17  }
16:42:17  
16:42:17  STDERR:
16:42:17  
16:42:17  sh: provision.sh: No such file or directory

But, it has been proved that this script is being executed. If an error is produced in the provision.sh script, it will report it. This is seen in: https://ci.wazuh.info/job/Packages_Builder_OVA/222/console

Is necessary to investigate this behavior and finish the OVA generation development.

c-bordon commented 1 year ago

Update report

I was working on the tests and I was able to validate that the ova is built correctly locally, I am working on the Jenkins build process

image image

c-bordon commented 1 year ago

Update report

I was adapting the branches pointing to master since the destination of this development was changed to 4.6.0, for this reason I had to generate new packages in staging, to be able to build the OVA

c-bordon commented 1 year ago

Update report

I am debugging an error when trying to use the provision.sh script, at the moment exists in the path where it is searched for but I cannot find why it is failing, I keep validating options.


16:24:54  TASK [Clean history] ***********************************************************
16:24:54  task path: /home/ec2-user/workspace/Packages_Builder_OVA/ansible-playbooks/wazuh_ova_generation.yml:34
16:24:54  changed: [Packages_Builder_OVA_B235_20230703192249] => {
16:24:54      "changed": true,
16:24:54      "cmd": "ls -la \"/var/provision/wazuh-packages/ova\"",
16:24:54      "delta": "0:00:00.003868",
16:24:54      "end": "2023-07-03 19:24:53.993063",
16:24:54      "invocation": {
16:24:54          "module_args": {
16:24:54              "_raw_params": "ls -la \"/var/provision/wazuh-packages/ova\"",
16:24:54              "_uses_shell": true,
16:24:54              "argv": null,
16:24:54              "chdir": null,
16:24:54              "creates": null,
16:24:54              "executable": null,
16:24:54              "removes": null,
16:24:54              "stdin": null,
16:24:54              "stdin_add_newline": true,
16:24:54              "strip_empty_ends": true,
16:24:54              "warn": true
16:24:54          }
16:24:54      },
16:24:54      "rc": 0,
16:24:54      "start": "2023-07-03 19:24:53.989195"
16:24:54  }
16:24:54  
16:24:54  STDOUT:
16:24:54  
16:24:54  total 44
16:24:54  drwxr-xr-x  3 root root  185 Jul  3 19:24 .
16:24:54  drwxr-xr-x 22 root root 4096 Jul  3 19:24 ..
16:24:54  drwxr-xr-x  3 root root   36 Jul  3 19:24 assets
16:24:54  -rwxr-xr-x  1 root root 6630 Jul  3 19:24 generate_ova.sh
16:24:54  -rw-r--r--  1 root root   27 Jul  3 19:24 .gitignore
16:24:54  -rwxr-xr-x  1 root root 2020 Jul  3 19:24 Ova2Ovf.py
16:24:54  -rwxr-xr-x  1 root root 1109 Jul  3 19:24 provision.sh
16:24:54  -rw-r--r--  1 root root 1205 Jul  3 19:24 README.md
16:24:54  -rwxr-xr-x  1 root root 1480 Jul  3 19:24 setOVADefault.sh
16:24:54  -rwxr-xr-x  1 root root  756 Jul  3 19:24 Vagrantfile
16:24:54  -rw-r--r--  1 root root 5543 Jul  3 19:24 wazuh_ovf_template
16:33:20  TASK [Run provision script] ****************************************************
16:33:20  task path: /home/ec2-user/workspace/Packages_Builder_OVA/ansible-playbooks/wazuh_ova_generation.yml:37
16:33:20  fatal: [Packages_Builder_OVA_B235_20230703192249]: FAILED! => {
16:33:20      "changed": true,
16:33:20      "cmd": [
16:33:20          "sh",
16:33:20          "provision.sh",
16:33:20          "staging",
16:33:20          "yes"
16:33:20      ],
16:33:20      "delta": "0:00:00.002836",
16:33:20      "end": "2023-07-03 19:33:20.346639",
16:33:20      "invocation": {
16:33:20          "module_args": {
16:33:20              "_raw_params": "sh provision.sh staging yes",
16:33:20              "_uses_shell": false,
16:33:20              "argv": null,
16:33:20              "chdir": "/var/provision/wazuh-packages/ova",
16:33:20              "creates": null,
16:33:20              "executable": null,
16:33:20              "removes": null,
16:33:20              "stdin": null,
16:33:20              "stdin_add_newline": true,
16:33:20              "strip_empty_ends": true,
16:33:20              "warn": true
16:33:20          }
16:33:20      },
16:33:20      "rc": 127,
16:33:20      "start": "2023-07-03 19:33:20.343803"
16:33:20  }
16:33:20  
16:33:20  STDERR:
16:33:20  
16:33:20  sh: provision.sh: No such file or directory
c-bordon commented 1 year ago

Update report:

I found that the error is possibly occurring in the shutdown of the instance that occurs in the "clean" stage in the steps.sh script that is part of provision.sh.

Removing this step, the construction of the OVA is successful, although I have encountered some performance problems, which I am investigating if they are due to this.

https://ci.wazuh.info/view/Packages/job/Packages_Builder_OVA/246/console

The error that occurs is that after starting the OVA, the virtual machine stops responding, it freezes, I'm investigating what could be the reason

c-bordon commented 1 year ago

On Hold by release protocol

c-bordon commented 1 year ago

Update report

Adapt the branches pointing to master in both wazuh-packages and wazuh-jenkins, test the creation of the OVAs and both locally and through the pipeline, the OVAs are built correctly.

I find an error when running it on Virtualbox, after a moment the Virtualbox terminal is frozen. The VM continues to work, Wazuh dashboard as per ssh connection, I don't know if this is due to the version of Virtualbox I have, I'm going to request that someone else test it locally. This does not happen when running the OVA in VMware Player, the OVA works correctly here

image

vcerenu commented 1 year ago

The modifications made for the change of the operating system of the OVA on branch 4.4.5 were applied, a creation test was carried out and it finished correctly:

https://ci.wazuh.info/job/Packages_Builder_OVA/264/console

It remains to carry out a test on the OVA generated to verify that all the Wazuh functionalities have been installed correctly

vcerenu commented 1 year ago

The changes made on the 4.4.5 branch were applied, the execution of the OVA was tested and the same problem was found as the version created for 4.7.0.

https://ci.wazuh.info/job/Packages_Builder_OVA/266/console

All possible causes were analyzed (memory, VirtualBox version, CPU, network, etc) and it was found that the error is generated when the OVA VM is started in Virtualbox using the XboxVGA video driver, which is loaded by default. when we import the OVA:

image

The video driver was modified for VMSVGA and we no longer had the freeze problem in the VM window that started:

image

After solving this problem, we proceeded to verify that the Wazuh stack has been deployed correctly and that FIPS is enabled on the server:

image

image

pro-akim commented 1 year ago

Update

4.4.5 OVA testing done in https://github.com/wazuh/wazuh/issues/18115

teddytpc1 commented 1 year ago

Testing has finished. The PR https://github.com/wazuh/wazuh-documentation/pull/6287 will be merged as part of https://github.com/wazuh/wazuh/issues/18190.