search

wazuh / wazuh-packages

Wazuh - Tools for packages creation
https://wazuh.com
GNU General Public License v2.0
105 stars 97 forks source link

Wazuh server show `tallylog` error message in CentOS 7 #1601

Closed rauldpm closed 1 year ago

rauldpm commented 2 years ago
Wazuh version Install type Action performed Platform
4.3.x Manager/Agent Install CentOS 7

Installing the Wazuh server package in CentOS 7 I have seen an error in the installation output, this has been reproduced in 4.3.2 and 4.3.3 versions.

pam_tally2: Error opening /var/log/tallylog for update: Permission denied
pam_tally2: Authentication error
useradd: failed to reset the tallylog entry of user "wazuh"
Full output ``` [root@ip-172-31-23-186 centos]# yum -y install wazuh-manager Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: download.cf.centos.org * extras: download.cf.centos.org * updates: download.cf.centos.org Resolving Dependencies There are unfinished transactions remaining. You might consider running yum-complete-transaction, or "yum-complete-transaction --cleanup-only" and "yum history redo last", first to finish them. If those don't work you'll have to try removing/installing packages by hand (maybe package-cleanup can help). --> Running transaction check ---> Package wazuh-manager.x86_64 0:4.3.2-1 will be installed --> Finished Dependency Resolution Dependencies Resolved =================================================================================================================================================================================================================== Package Arch Version Repository Size =================================================================================================================================================================================================================== Installing: wazuh-manager x86_64 4.3.2-1 wazuh 114 M Transaction Summary =================================================================================================================================================================================================================== Install 1 Package Total size: 114 M Installed size: 435 M Downloading packages: Running transaction check Running transaction test Transaction test succeeded Running transaction pam_tally2: Error opening /var/log/tallylog for update: Permission denied pam_tally2: Authentication error useradd: failed to reset the tallylog entry of user "wazuh" Installing : wazuh-manager-4.3.2-1.x86_64 1/1 Verifying : wazuh-manager-4.3.2-1.x86_64 1/1 Installed: wazuh-manager.x86_64 0:4.3.2-1 Complete! [root@ip-172-31-23-186 centos]# ```

It doesn't seem to affect the performance or usability of the package. The wazuh user and group are created.

The /var/log/tallylog file shows the following content repeatedly: ^@^@^@^@^@^@^@^@^@^@^@^@^

Resolution

Tests

The testing to find the error while installing the wazuh-manager package is in https://github.com/wazuh/wazuh-packages/issues/1601#issuecomment-1463624384.

Research and conclusion

The research and conclusion of this issue is in https://github.com/wazuh/wazuh-packages/issues/1601#issuecomment-1465887527.

davidcr01 commented 1 year ago

Update Report

Testing

To reproduce the behavior of the described issue, I installed the wazuh-manager package in CentOS 7 and CentOS 8 to find the error, but none of this test displayed the error specified above.

CentOS 7:

:green_circle: 4.3.0 ``` [root@centos7 vagrant]# yum install -y wazuh-manager-4.3.0 Failed to set locale, defaulting to C Loaded plugins: fastestmirror Examining ./manager.rpm: wazuh-manager-4.3.0-1.x86_64 Marking ./manager.rpm to be installed Resolving Dependencies --> Running transaction check ---> Package wazuh-manager.x86_64 0:4.3.0-1 will be installed --> Finished Dependency Resolution Dependencies Resolved ========================================================================================= Package Arch Version Repository Size ========================================================================================= Installing: wazuh-manager x86_64 4.3.0-1 /manager 435 M Transaction Summary ========================================================================================= Install 1 Package Total size: 435 M Installed size: 435 M Is this ok [y/d/N]: y Downloading packages: Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : wazuh-manager-4.3.0-1.x86_64 1/1 Verifying : wazuh-manager-4.3.0-1.x86_64 1/1 Installed: wazuh-manager.x86_64 0:4.3.0-1 Complete! [root@centos7 vagrant]# ```
:green_circle: 4.3.1 ``` ----------------------- [root@centos7 vagrant]# yum install ./manager.rpm Failed to set locale, defaulting to C Loaded plugins: fastestmirror Examining ./manager.rpm: wazuh-manager-4.3.1-1.x86_64 Marking ./manager.rpm to be installed Resolving Dependencies --> Running transaction check ---> Package wazuh-manager.x86_64 0:4.3.1-1 will be installed --> Finished Dependency Resolution Dependencies Resolved ========================================================================================= Package Arch Version Repository Size ========================================================================================= Installing: wazuh-manager x86_64 4.3.1-1 /manager 435 M Transaction Summary ========================================================================================= Install 1 Package Total size: 435 M Installed size: 435 M Is this ok [y/d/N]: y Downloading packages: Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : wazuh-manager-4.3.1-1.x86_64 1/1 Verifying : wazuh-manager-4.3.1-1.x86_64 1/1 Installed: wazuh-manager.x86_64 0:4.3.1-1 Complete! [root@centos7 vagrant]# ```
:green_circle: 4.3.2 ``` [root@centos7 vagrant]# yum install wazuh-manager-4.3.2 Failed to set locale, defaulting to C Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: mirror.tedra.es * extras: mirror.tedra.es * updates: mirror.tedra.es Resolving Dependencies --> Running transaction check ---> Package wazuh-manager.x86_64 0:4.3.2-1 will be installed --> Finished Dependency Resolution Dependencies Resolved ========================================================================================= Package Arch Version Repository Size ========================================================================================= Installing: wazuh-manager x86_64 4.3.2-1 wazuh 114 M Transaction Summary ========================================================================================= Install 1 Package Total download size: 114 M Installed size: 435 M Is this ok [y/d/N]: y Downloading packages: wazuh-manager-4.3.2-1.x86_64.rpm | 114 MB 00:00:29 Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : wazuh-manager-4.3.2-1.x86_64 1/1 Verifying : wazuh-manager-4.3.2-1.x86_64 1/1 Installed: wazuh-manager.x86_64 0:4.3.2-1 Complete! [root@centos7 vagrant]# ```
:green_circle: 4.3.3 ``` [root@centos7 vagrant]# yum install wazuh-manager-4.3.3 Failed to set locale, defaulting to C Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: mirror.tedra.es * extras: mirror.tedra.es * updates: mirror.tedra.es Resolving Dependencies --> Running transaction check ---> Package wazuh-manager.x86_64 0:4.3.3-1 will be installed --> Finished Dependency Resolution Dependencies Resolved ========================================================================================= Package Arch Version Repository Size ========================================================================================= Installing: wazuh-manager x86_64 4.3.3-1 wazuh 114 M Transaction Summary ========================================================================================= Install 1 Package Total download size: 114 M Installed size: 435 M Is this ok [y/d/N]: y Downloading packages: wazuh-manager-4.3.3-1.x86_64.rpm | 114 MB 00:00:29 Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : wazuh-manager-4.3.3-1.x86_64 1/1 Verifying : wazuh-manager-4.3.3-1.x86_64 1/1 Installed: wazuh-manager.x86_64 0:4.3.3-1 Complete! [root@centos7 vagrant]# ```
:green_circle: 4.3.4 ``` [root@centos7 vagrant]# yum install -y wazuh-manager-4.3.4 Failed to set locale, defaulting to C Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: mirror.tedra.es * extras: mirror.tedra.es * updates: mirror.tedra.es Resolving Dependencies --> Running transaction check ---> Package wazuh-manager.x86_64 0:4.3.4-1 will be installed --> Finished Dependency Resolution Dependencies Resolved ========================================================================================= Package Arch Version Repository Size ========================================================================================= Installing: wazuh-manager x86_64 4.3.4-1 wazuh 114 M Transaction Summary ========================================================================================= Install 1 Package Total download size: 114 M Installed size: 435 M Downloading packages: wazuh-manager-4.3.4-1.x86_64.rpm | 114 MB 00:00:29 Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : wazuh-manager-4.3.4-1.x86_64 1/1 Verifying : wazuh-manager-4.3.4-1.x86_64 1/1 Installed: wazuh-manager.x86_64 0:4.3.4-1 Complete! [root@centos7 vagrant]# ```
:green_circle: 4.3.5 ``` [root@centos7 vagrant]# yum install -y wazuh-manager-4.3.5 Failed to set locale, defaulting to C Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: mirror.tedra.es * extras: mirror.tedra.es * updates: mirror.tedra.es Resolving Dependencies --> Running transaction check ---> Package wazuh-manager.x86_64 0:4.3.5-1 will be installed --> Finished Dependency Resolution Dependencies Resolved ========================================================================================= Package Arch Version Repository Size ========================================================================================= Installing: wazuh-manager x86_64 4.3.5-1 wazuh 114 M Transaction Summary ========================================================================================= Install 1 Package Total download size: 114 M Installed size: 436 M Downloading packages: wazuh-manager-4.3.5-1.x86_64.rpm | 114 MB 00:00:30 Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : wazuh-manager-4.3.5-1.x86_64 1/1 Verifying : wazuh-manager-4.3.5-1.x86_64 1/1 Installed: wazuh-manager.x86_64 0:4.3.5-1 Complete! [root@centos7 vagrant]# ```
:green_circle: 4.3.6 ``` [root@centos7 vagrant]# yum install -y wazuh-manager-4.3.6 Failed to set locale, defaulting to C Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: ftp.csuc.cat * extras: ftp.csuc.cat * updates: ftp.csuc.cat Resolving Dependencies --> Running transaction check ---> Package wazuh-manager.x86_64 0:4.3.6-1 will be installed --> Finished Dependency Resolution Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: wazuh-manager x86_64 4.3.6-1 wazuh 114 M Transaction Summary ================================================================================ Install 1 Package Total download size: 114 M Installed size: 437 M Downloading packages: Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : wazuh-manager-4.3.6-1.x86_64 1/1 Verifying : wazuh-manager-4.3.6-1.x86_64 1/1 Installed: wazuh-manager.x86_64 0:4.3.6-1 Complete! ```
:green_circle: 4.3.7 ``` [root@centos7 vagrant]# yum install -y wazuh-manager-4.3.7 Failed to set locale, defaulting to C Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: ftp.csuc.cat * extras: ftp.csuc.cat * updates: ftp.csuc.cat Resolving Dependencies --> Running transaction check ---> Package wazuh-manager.x86_64 0:4.3.7-2 will be installed --> Finished Dependency Resolution Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: wazuh-manager x86_64 4.3.7-2 wazuh 115 M Transaction Summary ================================================================================ Install 1 Package Total download size: 115 M Installed size: 439 M Downloading packages: Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : wazuh-manager-4.3.7-2.x86_64 1/1 Verifying : wazuh-manager-4.3.7-2.x86_64 1/1 Installed: wazuh-manager.x86_64 0:4.3.7-2 Complete! ```
:green_circle: 4.3.8 ``` [root@centos7 vagrant]# yum install -y wazuh-manager-4.3.8 Failed to set locale, defaulting to C Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: ftp.csuc.cat * extras: ftp.csuc.cat * updates: ftp.csuc.cat Resolving Dependencies --> Running transaction check ---> Package wazuh-manager.x86_64 0:4.3.8-1 will be installed --> Finished Dependency Resolution Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: wazuh-manager x86_64 4.3.8-1 wazuh 115 M Transaction Summary ================================================================================ Install 1 Package Total download size: 115 M Installed size: 439 M Downloading packages: Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : wazuh-manager-4.3.8-1.x86_64 1/1 Verifying : wazuh-manager-4.3.8-1.x86_64 1/1 Installed: wazuh-manager.x86_64 0:4.3.8-1 Complete! ```
:green_circle: 4.3.9 ``` [root@centos7 vagrant]# yum install -y wazuh-manager-4.3.9 Failed to set locale, defaulting to C Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: ftp.csuc.cat * extras: ftp.csuc.cat * updates: ftp.csuc.cat Resolving Dependencies --> Running transaction check ---> Package wazuh-manager.x86_64 0:4.3.9-1 will be installed --> Finished Dependency Resolution Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: wazuh-manager x86_64 4.3.9-1 wazuh 115 M Transaction Summary ================================================================================ Install 1 Package Total download size: 115 M Installed size: 438 M Downloading packages: Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : wazuh-manager-4.3.9-1.x86_64 1/1 Verifying : wazuh-manager-4.3.9-1.x86_64 1/1 Installed: wazuh-manager.x86_64 0:4.3.9-1 Complete! ```
:green_circle: 4.3.10 ``` [root@centos7 vagrant]# yum install -y wazuh-manager-4.3.10 Failed to set locale, defaulting to C Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: ftp.csuc.cat * extras: ftp.csuc.cat * updates: ftp.csuc.cat Resolving Dependencies --> Running transaction check ---> Package wazuh-manager.x86_64 0:4.3.10-1 will be installed --> Finished Dependency Resolution Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: wazuh-manager x86_64 4.3.10-1 wazuh 115 M Transaction Summary ================================================================================ Install 1 Package Total download size: 115 M Installed size: 438 M Downloading packages: Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : wazuh-manager-4.3.10-1.x86_64 1/1 Verifying : wazuh-manager-4.3.10-1.x86_64 1/1 Installed: wazuh-manager.x86_64 0:4.3.10-1 Complete! ```
:green_circle: 4.4.0 ``` [root@centos7 vagrant]# yum install -y wazuh-manager-4.4.0 Failed to set locale, defaulting to C Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: ftp.csuc.cat * extras: ftp.csuc.cat * updates: ftp.csuc.cat Resolving Dependencies --> Running transaction check ---> Package wazuh-manager.x86_64 0:4.4.0-0.40404.20230225 will be installed --> Finished Dependency Resolution Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: wazuh-manager x86_64 4.4.0-0.40404.20230225 wazuh 117 M Transaction Summary ================================================================================ Install 1 Package Total download size: 117 M Installed size: 444 M Downloading packages: wazuh-manager-4.4.0-0.40404.20230225.x86_64.rpm | 117 MB 00:32 Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : wazuh-manager-4.4.0-0.40404.20230225.x86_64 1/1 Verifying : wazuh-manager-4.4.0-0.40404.20230225.x86_64 1/1 Installed: wazuh-manager.x86_64 0:4.4.0-0.40404.20230225 Complete! [root@centos7 vagrant]# ```
:green_circle: 4.5.0 ``` [root@centos7 vagrant]# yum install -y wazuh-manager-4.5.0 Failed to set locale, defaulting to C Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: ftp.csuc.cat * extras: ftp.csuc.cat * updates: ftp.csuc.cat Resolving Dependencies --> Running transaction check ---> Package wazuh-manager.x86_64 0:4.5.0-40500 will be installed --> Finished Dependency Resolution Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: wazuh-manager x86_64 4.5.0-40500 wazuh 117 M Transaction Summary ================================================================================ Install 1 Package Total download size: 117 M Installed size: 444 M Downloading packages: wazuh-manager-4.5.0-40500.x86_64.rpm | 117 MB 00:35 Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : wazuh-manager-4.5.0-40500.x86_64 1/1 Verifying : wazuh-manager-4.5.0-40500.x86_64 1/1 Installed: wazuh-manager.x86_64 0:4.5.0-40500 Complete! [root@centos7 vagrant]# ```



CentOS 8

:green_circle: 4.3.0 ``` [root@centos8 vagrant]# yum install -y wazuh-manager-4.3.0 Last metadata expiration check: 0:00:12 ago on Fri Mar 10 10:35:42 2023. Dependencies resolved. ================================================================================ Package Architecture Version Repository Size ================================================================================ Installing: wazuh-manager x86_64 4.3.0-1 wazuh 114 M Transaction Summary ================================================================================ Install 1 Package Total download size: 114 M Installed size: 435 M Downloading Packages: wazuh-manager-4.3.0-1.x86_64.rpm 4.0 MB/s | 114 MB 00:28 -------------------------------------------------------------------------------- Total 4.0 MB/s | 114 MB 00:28 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Running scriptlet: wazuh-manager-4.3.0-1.x86_64 1/1 Installing : wazuh-manager-4.3.0-1.x86_64 1/1 Running scriptlet: wazuh-manager-4.3.0-1.x86_64 1/1 Verifying : wazuh-manager-4.3.0-1.x86_64 1/1 Installed: wazuh-manager-4.3.0-1.x86_64 Complete! [root@centos8 vagrant]# ```
:green_circle: 4.3.1 ``` [root@centos8 vagrant]# yum install -y wazuh-manager-4.3.1 Last metadata expiration check: 0:01:19 ago on Fri Mar 10 10:35:42 2023. Dependencies resolved. ================================================================================ Package Architecture Version Repository Size ================================================================================ Installing: wazuh-manager x86_64 4.3.1-1 wazuh 114 M Transaction Summary ================================================================================ Install 1 Package Total download size: 114 M Installed size: 435 M Downloading Packages: wazuh-manager-4.3.1-1.x86_64.rpm 3.9 MB/s | 114 MB 00:29 -------------------------------------------------------------------------------- Total 3.9 MB/s | 114 MB 00:29 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Running scriptlet: wazuh-manager-4.3.1-1.x86_64 1/1 Installing : wazuh-manager-4.3.1-1.x86_64 1/1 Running scriptlet: wazuh-manager-4.3.1-1.x86_64 1/1 Verifying : wazuh-manager-4.3.1-1.x86_64 1/1 Installed: wazuh-manager-4.3.1-1.x86_64 Complete! [root@centos8 vagrant]# ```
:green_circle: 4.3.2 ``` [root@centos8 vagrant]# yum install -y wazuh-manager-4.3.2 Last metadata expiration check: 0:02:26 ago on Fri Mar 10 10:35:42 2023. Dependencies resolved. ================================================================================ Package Architecture Version Repository Size ================================================================================ Installing: wazuh-manager x86_64 4.3.2-1 wazuh 114 M Transaction Summary ================================================================================ Install 1 Package Total download size: 114 M Installed size: 435 M Downloading Packages: wazuh-manager-4.3.2-1.x86_64.rpm 4.0 MB/s | 114 MB 00:28 -------------------------------------------------------------------------------- Total 4.0 MB/s | 114 MB 00:28 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Running scriptlet: wazuh-manager-4.3.2-1.x86_64 1/1 Installing : wazuh-manager-4.3.2-1.x86_64 1/1 Running scriptlet: wazuh-manager-4.3.2-1.x86_64 1/1 Verifying : wazuh-manager-4.3.2-1.x86_64 1/1 Installed: wazuh-manager-4.3.2-1.x86_64 Complete! [root@centos8 vagrant]# ```
:green_circle: 4.3.3 ``` [root@centos8 vagrant]# yum install -y wazuh-manager-4.3.3 Last metadata expiration check: 0:03:34 ago on Fri Mar 10 10:35:42 2023. Dependencies resolved. ================================================================================ Package Architecture Version Repository Size ================================================================================ Installing: wazuh-manager x86_64 4.3.3-1 wazuh 114 M Transaction Summary ================================================================================ Install 1 Package Total download size: 114 M Installed size: 435 M Downloading Packages: wazuh-manager-4.3.3-1.x86_64.rpm 4.0 MB/s | 114 MB 00:28 -------------------------------------------------------------------------------- Total 4.0 MB/s | 114 MB 00:28 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Running scriptlet: wazuh-manager-4.3.3-1.x86_64 1/1 Installing : wazuh-manager-4.3.3-1.x86_64 1/1 Running scriptlet: wazuh-manager-4.3.3-1.x86_64 1/1 Verifying : wazuh-manager-4.3.3-1.x86_64 1/1 Installed: wazuh-manager-4.3.3-1.x86_64 Complete! [root@centos8 vagrant]# ```
:green_circle: 4.3.4 ``` [root@centos8 vagrant]# yum install -y wazuh-manager-4.3.4 Last metadata expiration check: 0:04:46 ago on Fri Mar 10 10:35:42 2023. Dependencies resolved. ================================================================================ Package Architecture Version Repository Size ================================================================================ Installing: wazuh-manager x86_64 4.3.4-1 wazuh 114 M Transaction Summary ================================================================================ Install 1 Package Total download size: 114 M Installed size: 435 M Downloading Packages: wazuh-manager-4.3.4-1.x86_64.rpm 2.6 MB/s | 114 MB 00:44 -------------------------------------------------------------------------------- Total 2.6 MB/s | 114 MB 00:44 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Running scriptlet: wazuh-manager-4.3.4-1.x86_64 1/1 Installing : wazuh-manager-4.3.4-1.x86_64 1/1 Running scriptlet: wazuh-manager-4.3.4-1.x86_64 1/1 Verifying : wazuh-manager-4.3.4-1.x86_64 1/1 Installed: wazuh-manager-4.3.4-1.x86_64 Complete! ```
:green_circle: 4.3.5 ``` [root@centos8 vagrant]# yum install -y wazuh-manager-4.3.5 Last metadata expiration check: 0:06:11 ago on Fri Mar 10 10:35:42 2023. Dependencies resolved. ================================================================================ Package Architecture Version Repository Size ================================================================================ Installing: wazuh-manager x86_64 4.3.5-1 wazuh 114 M Transaction Summary ================================================================================ Install 1 Package Total download size: 114 M Installed size: 436 M Downloading Packages: wazuh-manager-4.3.5-1.x86_64.rpm 2.1 MB/s | 114 MB 00:55 -------------------------------------------------------------------------------- Total 2.1 MB/s | 114 MB 00:55 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Running scriptlet: wazuh-manager-4.3.5-1.x86_64 1/1 Installing : wazuh-manager-4.3.5-1.x86_64 1/1 Running scriptlet: wazuh-manager-4.3.5-1.x86_64 1/1 Verifying : wazuh-manager-4.3.5-1.x86_64 1/1 Installed: wazuh-manager-4.3.5-1.x86_64 Complete! ```
:green_circle: 4.3.6 ``` [root@centos8 vagrant]# yum install -y wazuh-manager-4.3.6 Last metadata expiration check: 0:07:47 ago on Fri Mar 10 10:35:42 2023. Dependencies resolved. ================================================================================ Package Architecture Version Repository Size ================================================================================ Installing: wazuh-manager x86_64 4.3.6-1 wazuh 114 M Transaction Summary ================================================================================ Install 1 Package Total download size: 114 M Installed size: 437 M Downloading Packages: wazuh-manager-4.3.6-1.x86_64.rpm 4.0 MB/s | 114 MB 00:28 -------------------------------------------------------------------------------- Total 4.0 MB/s | 114 MB 00:28 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Running scriptlet: wazuh-manager-4.3.6-1.x86_64 1/1 Installing : wazuh-manager-4.3.6-1.x86_64 1/1 Running scriptlet: wazuh-manager-4.3.6-1.x86_64 1/1 Verifying : wazuh-manager-4.3.6-1.x86_64 1/1 Installed: wazuh-manager-4.3.6-1.x86_64 Complete! ```
:green_circle: 4.3.7 ``` [root@centos8 vagrant]# yum install -y wazuh-manager-4.3.7 Last metadata expiration check: 0:08:57 ago on Fri Mar 10 10:35:42 2023. Dependencies resolved. ================================================================================ Package Architecture Version Repository Size ================================================================================ Installing: wazuh-manager x86_64 4.3.7-2 wazuh 115 M Transaction Summary ================================================================================ Install 1 Package Total download size: 115 M Installed size: 439 M Downloading Packages: wazuh-manager-4.3.7-2.x86_64.rpm 3.9 MB/s | 115 MB 00:29 -------------------------------------------------------------------------------- Total 3.9 MB/s | 115 MB 00:29 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Running scriptlet: wazuh-manager-4.3.7-2.x86_64 1/1 Installing : wazuh-manager-4.3.7-2.x86_64 1/1 Running scriptlet: wazuh-manager-4.3.7-2.x86_64 1/1 Verifying : wazuh-manager-4.3.7-2.x86_64 1/1 Installed: wazuh-manager-4.3.7-2.x86_64 Complete! ```
:green_circle: 4.3.8 ``` [root@centos8 vagrant]# yum install -y wazuh-manager-4.3.8 Last metadata expiration check: 0:10:06 ago on Fri Mar 10 10:35:42 2023. Dependencies resolved. ================================================================================ Package Architecture Version Repository Size ================================================================================ Installing: wazuh-manager x86_64 4.3.8-1 wazuh 115 M Transaction Summary ================================================================================ Install 1 Package Total download size: 115 M Installed size: 439 M Downloading Packages: wazuh-manager-4.3.8-1.x86_64.rpm 3.8 MB/s | 115 MB 00:30 -------------------------------------------------------------------------------- Total 3.8 MB/s | 115 MB 00:30 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Running scriptlet: wazuh-manager-4.3.8-1.x86_64 1/1 Installing : wazuh-manager-4.3.8-1.x86_64 1/1 Running scriptlet: wazuh-manager-4.3.8-1.x86_64 1/1 Verifying : wazuh-manager-4.3.8-1.x86_64 1/1 Installed: wazuh-manager-4.3.8-1.x86_64 Complete! ```
:green_circle: 4.3.9 ``` [root@centos8 vagrant]# yum install -y wazuh-manager-4.3.9 Last metadata expiration check: 0:11:16 ago on Fri Mar 10 10:35:42 2023. Dependencies resolved. ================================================================================ Package Architecture Version Repository Size ================================================================================ Installing: wazuh-manager x86_64 4.3.9-1 wazuh 115 M Transaction Summary ================================================================================ Install 1 Package Total download size: 115 M Installed size: 438 M Downloading Packages: wazuh-manager-4.3.9-1.x86_64.rpm 3.8 MB/s | 115 MB 00:30 -------------------------------------------------------------------------------- Total 3.8 MB/s | 115 MB 00:30 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Running scriptlet: wazuh-manager-4.3.9-1.x86_64 1/1 Installing : wazuh-manager-4.3.9-1.x86_64 1/1 Running scriptlet: wazuh-manager-4.3.9-1.x86_64 1/1 Verifying : wazuh-manager-4.3.9-1.x86_64 1/1 Installed: wazuh-manager-4.3.9-1.x86_64 Complete! ```
:green_circle: 4.3.10 ``` [root@centos8 vagrant]# yum install -y wazuh-manager-4.3.10 Last metadata expiration check: 0:12:25 ago on Fri Mar 10 10:35:42 2023. Dependencies resolved. ================================================================================ Package Architecture Version Repository Size ================================================================================ Installing: wazuh-manager x86_64 4.3.10-1 wazuh 115 M Transaction Summary ================================================================================ Install 1 Package Total download size: 115 M Installed size: 438 M Downloading Packages: wazuh-manager-4.3.10-1.x86_64.rpm 3.9 MB/s | 115 MB 00:29 -------------------------------------------------------------------------------- Total 3.9 MB/s | 115 MB 00:29 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Running scriptlet: wazuh-manager-4.3.10-1.x86_64 1/1 Installing : wazuh-manager-4.3.10-1.x86_64 1/1 Running scriptlet: wazuh-manager-4.3.10-1.x86_64 1/1 Verifying : wazuh-manager-4.3.10-1.x86_64 1/1 Installed: wazuh-manager-4.3.10-1.x86_64 Complete! ```
:green_circle: 4.4.0 ``` [root@centos8 vagrant]# yum install wazuh-manager-4.4.0 Failed to set locale, defaulting to C.UTF-8 Last metadata expiration check: 0:01:57 ago on Fri Mar 10 14:58:56 2023. Dependencies resolved. ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: wazuh-manager x86_64 4.4.0-0.40404.20230225 wazuh 117 M Transaction Summary ================================================================================ Install 1 Package Total download size: 117 M Installed size: 444 M Is this ok [y/N]: y Downloading Packages: wazuh-manager-4.4.0-0.40404.20230225.x86_64.rpm 3.7 MB/s | 117 MB 00:31 -------------------------------------------------------------------------------- Total 3.7 MB/s | 117 MB 00:31 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Running scriptlet: wazuh-manager-4.4.0-0.40404.20230225.x86_64 1/1 Installing : wazuh-manager-4.4.0-0.40404.20230225.x86_64 1/1 Running scriptlet: wazuh-manager-4.4.0-0.40404.20230225.x86_64 1/1 Verifying : wazuh-manager-4.4.0-0.40404.20230225.x86_64 1/1 Installed: wazuh-manager-4.4.0-0.40404.20230225.x86_64 Complete! ```
:green_circle: 4.5.0 ``` [root@centos8 vagrant]# yum install wazuh-manager-4.5.0 Failed to set locale, defaulting to C.UTF-8 EL-8 - Wazuh 1.7 MB/s | 7.0 MB 00:04 Last metadata expiration check: 0:00:04 ago on Fri Mar 10 14:58:56 2023. Dependencies resolved. ================================================================================ Package Architecture Version Repository Size ================================================================================ Installing: wazuh-manager x86_64 4.5.0-40500 wazuh 117 M Transaction Summary ================================================================================ Install 1 Package Total download size: 117 M Installed size: 444 M Is this ok [y/N]: y Downloading Packages: wazuh-manager-4.5.0-40500.x86_64.rpm 3.7 MB/s | 117 MB 00:31 -------------------------------------------------------------------------------- Total 3.7 MB/s | 117 MB 00:31 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Running scriptlet: wazuh-manager-4.5.0-40500.x86_64 1/1 Installing : wazuh-manager-4.5.0-40500.x86_64 1/1 Running scriptlet: wazuh-manager-4.5.0-40500.x86_64 1/1 Verifying : wazuh-manager-4.5.0-40500.x86_64 1/1 Installed: wazuh-manager-4.5.0-40500.x86_64 Complete! ```
davidcr01 commented 1 year ago

Update Report

Research

I have found that this issue could be related to the vagrant Guest Addition configuration, reported in: https://github.com/Varying-Vagrant-Vagrants/VVV/issues/1781

This configuration changes the permissions of the /var/log/tallylog and, when creating a user, the installation process displays the error. By default, the permissions for this file are:

[root@centos7 vagrant]# ls -l /var/log/tallylog
-rw-------. 1 root root 64000 Mar 10 15:27 /var/log/tallylog

And its content is the reported one:

^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^
tallylog" [noeol] 1L, 64000C

I found this file only in a CentOS 7 system, in CentOS 8 this log file is not created or used.

CentOS 7

In this system, the /var/log/tallylog log file, by default, has read and write permissions for the owner (600), and with these permissions, the installation concludes without errors as I commented in the previous report:

:green_circle: Default permissions ``` [root@centos7 vagrant]# yum install wazuh-manager-4.3.2 Failed to set locale, defaulting to C Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: mirror.tedra.es * extras: mirror.tedra.es * updates: mirror.tedra.es Resolving Dependencies --> Running transaction check ---> Package wazuh-manager.x86_64 0:4.3.2-1 will be installed --> Finished Dependency Resolution Dependencies Resolved ========================================================================================= Package Arch Version Repository Size ========================================================================================= Installing: wazuh-manager x86_64 4.3.2-1 wazuh 114 M Transaction Summary ========================================================================================= Install 1 Package Total download size: 114 M Installed size: 435 M Is this ok [y/d/N]: y Downloading packages: wazuh-manager-4.3.2-1.x86_64.rpm | 114 MB 00:00:29 Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : wazuh-manager-4.3.2-1.x86_64 1/1 Verifying : wazuh-manager-4.3.2-1.x86_64 1/1 Installed: wazuh-manager.x86_64 0:4.3.2-1 Complete! ```

:heavy_check_mark: With this, we can ensure that by default the installation is correct if the permissions of the log file are not modified.

:warning: But, after some testing, I have found that if the permissions of the log file contain write permissions for "others" or "public" (XX6), the installation displayed the reported error.

Tests changing the log file To ensure this behavior, I made a battery test of the installation of the package changing the permission of the log file:

:red_circle: 666 (red expected) ``` [root@centos7 vagrant]# chmod -v 666 /var/log/tallylog [root@centos7 vagrant]# yum install wazuh-manager-4.3.2 Failed to set locale, defaulting to C Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: mirror.librelabucm.org * extras: mirror.librelabucm.org * updates: mirror.librelabucm.org base | 3.6 kB 00:00 extras | 2.9 kB 00:00 updates | 2.9 kB 00:00 wazuh | 3.4 kB 00:00 Resolving Dependencies --> Running transaction check ---> Package wazuh-manager.x86_64 0:4.3.2-1 will be installed --> Finished Dependency Resolution Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: wazuh-manager x86_64 4.3.2-1 wazuh 114 M Transaction Summary ================================================================================ Install 1 Package Total download size: 114 M Installed size: 435 M Is this ok [y/d/N]: y Downloading packages: wazuh-manager-4.3.2-1.x86_64.rpm | 114 MB 00:32 Running transaction check Running transaction test Transaction test succeeded Running transaction pam_tally2: /var/log/tallylog is either world writable or not a normal file pam_tally2: Authentication error useradd: failed to reset the tallylog entry of user "wazuh" Installing : wazuh-manager-4.3.2-1.x86_64 1/1 Verifying : wazuh-manager-4.3.2-1.x86_64 1/1 Installed: wazuh-manager.x86_64 0:4.3.2-1 Complete! ```
:green_circle: 600 ``` [root@centos7 vagrant]# chmod -v 600 /var/log/tallylog mode of '/var/log/tallylog' changed from 0666 (rw-rw-rw-) to 0600 (rw-------) [root@centos7 vagrant]# ls -l /var/log/tallylog -rw-------. 1 root root 64000 Mar 10 15:27 /var/log/tallylog [root@centos7 vagrant]# [root@centos7 vagrant]# yum install -y wazuh-manager-4.3.2 Failed to set locale, defaulting to C Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: mirror.librelabucm.org * extras: mirror.librelabucm.org * updates: mirror.librelabucm.org Resolving Dependencies --> Running transaction check ---> Package wazuh-manager.x86_64 0:4.3.2-1 will be installed --> Finished Dependency Resolution Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: wazuh-manager x86_64 4.3.2-1 wazuh 114 M Transaction Summary ================================================================================ Install 1 Package Total download size: 114 M Installed size: 435 M Downloading packages: wazuh-manager-4.3.2-1.x86_64.rpm | 114 MB 00:30 Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : wazuh-manager-4.3.2-1.x86_64 1/1 Verifying : wazuh-manager-4.3.2-1.x86_64 1/1 Installed: wazuh-manager.x86_64 0:4.3.2-1 Complete! [root@centos7 vagrant]# ```
:green_circle: 640 ``` [root@centos7 vagrant]# chmod -v 640 /var/log/tallylog mode of '/var/log/tallylog' changed from 0600 (rw-------) to 0640 (rw-r-----) [root@centos7 vagrant]# yum install -y wazuh-manager-4.3.2 Failed to set locale, defaulting to C Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: mirror.librelabucm.org * extras: mirror.librelabucm.org * updates: mirror.librelabucm.org Resolving Dependencies --> Running transaction check ---> Package wazuh-manager.x86_64 0:4.3.2-1 will be installed --> Finished Dependency Resolution Dependencies Resolved ======================================================================================================== Package Arch Version Repository Size ======================================================================================================== Installing: wazuh-manager x86_64 4.3.2-1 wazuh 114 M Transaction Summary ======================================================================================================== Install 1 Package Total download size: 114 M Installed size: 435 M Downloading packages: wazuh-manager-4.3.2-1.x86_64.rpm | 114 MB 00:00:30 Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : wazuh-manager-4.3.2-1.x86_64 1/1 Verifying : wazuh-manager-4.3.2-1.x86_64 1/1 Installed: wazuh-manager.x86_64 0:4.3.2-1 Complete! [root@centos7 vagrant]# ```
:green_circle: 660 ``` [root@centos7 vagrant]# chmod -v 660 /var/log/tallylog mode of '/var/log/tallylog' changed from 0640 (rw-r-----) to 0660 (rw-rw----) [root@centos7 vagrant]# yum install -y wazuh-manager-4.3.2 Failed to set locale, defaulting to C Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: mirror.librelabucm.org * extras: mirror.librelabucm.org * updates: mirror.librelabucm.org Resolving Dependencies --> Running transaction check ---> Package wazuh-manager.x86_64 0:4.3.2-1 will be installed --> Finished Dependency Resolution Dependencies Resolved ======================================================================================================== Package Arch Version Repository Size ======================================================================================================== Installing: wazuh-manager x86_64 4.3.2-1 wazuh 114 M Transaction Summary ======================================================================================================== Install 1 Package Total download size: 114 M Installed size: 435 M Downloading packages: wazuh-manager-4.3.2-1.x86_64.rpm | 114 MB 00:00:33 Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : wazuh-manager-4.3.2-1.x86_64 1/1 Verifying : wazuh-manager-4.3.2-1.x86_64 1/1 Installed: wazuh-manager.x86_64 0:4.3.2-1 Complete! ```
:green_circle: 664 ``` [root@centos7 vagrant]# chmod -v 664 /var/log/tallylog mode of '/var/log/tallylog' changed from 0660 (rw-rw----) to 0664 (rw-rw-r--) [root@centos7 vagrant]# yum install -y wazuh-manager-4.3.2 Failed to set locale, defaulting to C Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: mirror.librelabucm.org * extras: mirror.librelabucm.org * updates: mirror.librelabucm.org Resolving Dependencies --> Running transaction check ---> Package wazuh-manager.x86_64 0:4.3.2-1 will be installed --> Finished Dependency Resolution Dependencies Resolved ======================================================================================================== Package Arch Version Repository Size ======================================================================================================== Installing: wazuh-manager x86_64 4.3.2-1 wazuh 114 M Transaction Summary ======================================================================================================== Install 1 Package Total download size: 114 M Installed size: 435 M Downloading packages: wazuh-manager-4.3.2-1.x86_64.rpm | 114 MB 00:00:31 Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : wazuh-manager-4.3.2-1.x86_64 1/1 Verifying : wazuh-manager-4.3.2-1.x86_64 1/1 Installed: wazuh-manager.x86_64 0:4.3.2-1 Complete! ```
:red_circle: 006 (red expected) ``` [root@centos7 vagrant]# chmod -v 006 /var/log/tallylog mode of '/var/log/tallylog' retained as 0006 (------rw-) [root@centos7 vagrant]# yum install -y wazuh-manager-4.3.2 Failed to set locale, defaulting to C Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: mirror.librelabucm.org * extras: mirror.librelabucm.org * updates: mirror.librelabucm.org Resolving Dependencies --> Running transaction check ---> Package wazuh-manager.x86_64 0:4.3.2-1 will be installed --> Finished Dependency Resolution Dependencies Resolved ======================================================================================================== Package Arch Version Repository Size ======================================================================================================== Installing: wazuh-manager x86_64 4.3.2-1 wazuh 114 M Transaction Summary ======================================================================================================== Install 1 Package Total download size: 114 M Installed size: 435 M Downloading packages: wazuh-manager-4.3.2-1.x86_64.rpm | 114 MB 00:00:29 Running transaction check Running transaction test Transaction test succeeded Running transaction pam_tally2: /var/log/tallylog is either world writable or not a normal file pam_tally2: Authentication error useradd: failed to reset the tallylog entry of user "wazuh" Installing : wazuh-manager-4.3.2-1.x86_64 1/1 Verifying : wazuh-manager-4.3.2-1.x86_64 1/1 Installed: wazuh-manager.x86_64 0:4.3.2-1 Complete! [root@centos7 vagrant]# ```

This error is displayed by installing any of the version of the package. For example, installing the 4.4.0 version of the wazuh-manager package, the error keeps displaying:

Show log ``` [root@centos7 vagrant]# yum install -y wazuh-manager-4.4.0 Failed to set locale, defaulting to C Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: mirror.librelabucm.org * extras: mirror.librelabucm.org * updates: mirror.librelabucm.org Resolving Dependencies --> Running transaction check ---> Package wazuh-manager.x86_64 0:4.4.0-1 will be installed --> Finished Dependency Resolution Dependencies Resolved ======================================================================================================== Package Arch Version Repository Size ======================================================================================================== Installing: wazuh-manager x86_64 4.4.0-1 wazuh 117 M Transaction Summary ======================================================================================================== Install 1 Package Total download size: 117 M Installed size: 444 M Downloading packages: wazuh-manager-4.4.0-1.x86_64.rpm | 117 MB 00:00:30 Running transaction check Running transaction test Transaction test succeeded Running transaction pam_tally2: /var/log/tallylog is either world writable or not a normal file pam_tally2: Authentication error useradd: failed to reset the tallylog entry of user "wazuh" Installing : wazuh-manager-4.4.0-1.x86_64 1/1 Verifying : wazuh-manager-4.4.0-1.x86_64 1/1 Installed: wazuh-manager.x86_64 0:4.4.0-1 Complete! ```

Conclusion

As a conclusion of this research, the generated error may be shown in systems that use the pam_tally tool, and modify the permissions of the /var/log/tallylog log file with XX6 permissions. Despite the error displayed, the creation of the user and group wazuh is correctly done. This seems to be a bug or rare behavior of the pam_tally tool, and it does not concern the correct functionality of Wazuh.