Review the behavior of the Wazuh dashboard logs with init.d

[c-bordon]

Description

Unexpected behavior was detected in the RPM package when manipulating the service with init.d

By default, Wazuh dashboard logs are thrown to str.out, what happens when you start the service with init.d is that the logs are constantly thrown to the console:

[root@centos7-1 ~]# service wazuh-dashboard start
wazuh-dashboard started
[root@centos7-1 ~]#   log   [16:20:24.797] [info][plugins-service] Plugin "visTypeXy" is disabled.
  log   [16:20:24.940] [info][plugins-system] Setting up [42] plugins: [alertingDashboards,usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,share,opensearchUiShared,legacyExport,embeddable,expressions,data,home,console,apmOss,management,indexPatternManagement,advancedSettings,savedObjects,reportsDashboards,securityDashboards,indexManagementDashboards,dashboard,visualizations,visTypeVega,visTypeTimeline,timeline,visTypeTable,visTypeMarkdown,tileMap,regionMap,inputControlVis,ganttChartDashboards,visualize,charts,visTypeVislib,visTypeTagcloud,visTypeTimeseries,visTypeMetric,discover,wazuh,savedObjectsManagement,bfetch]
  log   [16:20:25.201] [info][savedobjects-service] Waiting until all OpenSearch nodes are compatible with OpenSearch Dashboards before starting saved objects migrations...
  log   [16:20:25.291] [error][data][opensearch] [ResponseError]: Response Error
  log   [16:20:25.297] [error][savedobjects-service] Unable to retrieve version information from OpenSearch nodes.
  log   [16:20:28.061] [info][savedobjects-service] Starting saved objects migrations
  log   [16:20:28.154] [info][plugins-system] Starting [42] plugins: [alertingDashboards,usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,share,opensearchUiShared,legacyExport,embeddable,expressions,data,home,console,apmOss,management,indexPatternManagement,advancedSettings,savedObjects,reportsDashboards,securityDashboards,indexManagementDashboards,dashboard,visualizations,visTypeVega,visTypeTimeline,timeline,visTypeTable,visTypeMarkdown,tileMap,regionMap,inputControlVis,ganttChartDashboards,visualize,charts,visTypeVislib,visTypeTagcloud,visTypeTimeseries,visTypeMetric,discover,wazuh,savedObjectsManagement,bfetch]
  log   [16:20:28.378] [info][listening] Server running at https://0.0.0.0:443
  log   [16:20:28.472] [info][server][OpenSearchDashboards][http] http server running at https://0.0.0.0:443

[root@centos7-1 ~]#   log   [15:47:02.745] [error][data][opensearch] [ConnectionError]: connect ECONNREFUSED 127.0.0.1:9200
  log   [15:47:05.260] [error][data][opensearch] [ConnectionError]: connect ECONNREFUSED 127.0.0.1:9200
  log   [15:47:07.776] [error][data][opensearch] [ConnectionError]: connect ECONNREFUSED 127.0.0.1:9200
  log   [15:47:10.318] [error][data][opensearch] [ConnectionError]: connect ECONNREFUSED 127.0.0.1:9200
  log   [15:47:12.836] [error][data][opensearch] [ConnectionError]: connect ECONNREFUSED 127.0.0.1:9200
  log   [15:47:15.334] [error][data][opensearch] [ConnectionError]: connect ECONNREFUSED 127.0.0.1:9200
  log   [15:47:17.847] [error][data][opensearch] [ConnectionError]: connect ECONNREFUSED 127.0.0.1:9200
  log   [15:47:20.335] [error][data][opensearch] [ConnectionError]: connect ECONNREFUSED 127.0.0.1:9200
  log   [15:47:22.863] [error][data][opensearch] [ConnectionError]: connect ECONNREFUSED 127.0.0.1:9200
  log   [15:47:25.353] [error][data][opensearch] [ConnectionError]: connect ECONNREFUSED 127.0.0.1:9200
  log   [15:47:27.885] [error][data][opensearch] [ConnectionError]: connect ECONNREFUSED 127.0.0.1:9200
  log   [15:47:30.375] [error][data][opensearch] [ConnectionError]: connect ECONNREFUSED 127.0.0.1:9200
  log   [15:47:32.894] [error][data][opensearch] [ConnectionError]: connect ECONNREFUSED 127.0.0.1:9200
  log   [15:47:35.392] [error][data][opensearch] [ConnectionError]: connect ECONNREFUSED 127.0.0.1:9200
  log   [15:47:37.916] [error][data][opensearch] [ConnectionError]: connect ECONNREFUSED 127.0.0.1:9200
  log   [15:47:40.455] [error][data][opensearch] [ConnectionError]: connect ECONNREFUSED 127.0.0.1:9200
  log   [15:47:42.959] [error][data][opensearch] [ConnectionError]: connect ECONNREFUSED 127.0.0.1:9200
  log   [15:47:45.470] [error][data][opensearch] [ConnectionError]: connect ECONNREFUSED 127.0.0.1:9200
  log   [15:47:47.966] [error][data][opensearch] [ConnectionError]: connect ECONNREFUSED 127.0.0.1:9200
  log   [15:47:50.478] [error][data][opensearch] [ConnectionError]: connect ECONNREFUSED 127.0.0.1:9200
  log   [15:47:52.984] [error][data][opensearch] [ConnectionError]: connect ECONNREFUSED 127.0.0.1:9200
  log   [15:47:55.482] [error][data][opensearch] [ConnectionError]: connect ECONNREFUSED 127.0.0.1:9200
  log   [15:47:58.011] [error][data][opensearch] [ConnectionError]: connect ECONNREFUSED 127.0.0.1:9200
  log   [15:48:00.516] [error][data][opensearch] [ConnectionError]: connect ECONNREFUSED 127.0.0.1:9200
  log   [15:48:03.016] [error][data][opensearch] [ConnectionError]: connect ECONNREFUSED 127.0.0.1:9200
  log   [15:48:05.525] [error][data][opensearch] [ConnectionError]: connect ECONNREFUSED 127.0.0.1:9200
  log   [15:48:08.016] [error][data][opensearch] [ConnectionError]: connect ECONNREFUSED 127.0.0.1:9200
  log   [15:48:10.544] [error][data][opensearch] [ConnectionError]: connect ECONNREFUSED 127.0.0.1:9200
  log   [15:48:13.056] [error][data][opensearch] [ConnectionError]: connect ECONNREFUSED 127.0.0.1:9200
  log   [15:48:15.566] [error][data][opensearch] [ConnectionError]: connect ECONNREFUSED 127.0.0.1:9200
  log   [15:48:18.070] [error][data][opensearch] [ConnectionError]: connect ECONNREFUSED 127.0.0.1:9200

An issue in Red Hat 9 with init.d and Wazuh indexer:

[root@redhat-9 ~]# service wazuh-indexer start
Starting wazuh-indexer: /bin/systemctl
/etc/init.d/wazuh-indexer: line 89: daemon: command not found

Tasks

Wazuh dashboard

• [x] Investigate how OpenSearch dashboard 2.3.0 handles startup via different methods (service, systemctl)
• [x] Apply the necessary changes so that the output of the service is not shown on the terminal when performing an action with systemctl/service
• [x] Validate changes

Wazuh indexer

• [x] Review service startup behavior with init.d for Wazuh indexer on Red Hat 9
• [x] Investigate why the daemon command is not present on this system
• [x] Find an alternative that is functional on all RPM systems
• [x] Validate changes

Validation

Wazuh dashboard

• [x] The Wazuh dashboard package builds successfully
• [x] The Wazuh dashboard package is installed correctly
• [x] The wazuh-dashboard service starts/stop/restart successfully
  • [x] systemctl
  • [x] service
  • [x] systemctl and service
• [x] The Wazuh dashboard output is not displayed by the terminal.

Wazuh indexer

• [x] The Wazuh indexer package builds successfully
• [x] The Wazuh indexer package is installed correctly
• [x] The wazuh-indexer service starts/stop/restart successfully on Red Hat 9

[rauldpm]

Update report - Wazuh dashboard

• A call has been made with @c-bordon to analyze the issue, after analysis, the issue has been edited to incorporate new tasks and validations.
• Investigated Wazuh server package behavior for the 4.4.0 version
• When using the service command, it was automatically redirected to systemctl.

[root@redhat9 vagrant]# service wazuh-manager stop
Redirecting to /bin/systemctl stop wazuh-manager.service

• This behavior differs from the Wazuh dashboard package, in Red Hat 9, it indicates that the service has started and immediately shows output by the terminal, however, in Red Hat 7, the service is started via systemctl and no log output is observed.

[root@redhat9 vagrant]# service wazuh-dashboard start
wazuh-dashboard started
[root@redhat9 vagrant]#   log   [19:03:01.643] [info][plugins-service] Plugin "visTypeXy" is disabled.

[root@redhat7 vagrant]# service wazuh-dashboard start
Starting wazuh-dashboard (via systemctl):                  [  OK  ]

• In Red Hat 9 there is a change regarding init.d, for the Red Hat system if statement that is incorporated into the Wazuh dashboard base package, a reference is made to the /etc/rc.d/init.d/functions script, this script exists in Red Hat 7 and 8 but not in Red Hat 9.

https://github.com/wazuh/wazuh-packages/blob/da21a806dc8667626cfc52a8b76a8e570dd84eea/stack/dashboard/base/files/etc/services/wazuh-dashboard#L10

[root@redhat9 vagrant]# ls -l /etc/rc.d/init.d/functions
ls: cannot access '/etc/rc.d/init.d/functions': No such file or directory

[root@redhat8 vagrant]# ls -l /etc/rc.d/init.d/functions 
-rw-r--r--. 1 root root 18434 Feb 15  2021 /etc/rc.d/init.d/functions

[root@redhat7 vagrant]# ls -l /etc/rc.d/init.d/functions 
-rw-r--r--. 1 root root 18281 May 22  2020 /etc/rc.d/init.d/functions

Installing OpenSearch Dashboard on Red Hat 7 and Red Hat 9

• https://opensearch.org/docs/2.3/dashboards/install/rpm/

Red Hat 9 install test

``` [root@redhat9 vagrant]# wget https://artifacts.opensearch.org/releases/bundle/opensearch-dashboards/2.3.0/opensearch-dashboards-2.3.0-linux-x64.rpm --2022-10-17 19:32:49-- https://artifacts.opensearch.org/releases/bundle/opensearch-dashboards/2.3.0/opensearch-dashboards-2.3.0-linux-x64.rpm Resolving artifacts.opensearch.org (artifacts.opensearch.org)... 18.67.240.6, 18.67.240.49, 18.67.240.45, ... Connecting to artifacts.opensearch.org (artifacts.opensearch.org)|18.67.240.6|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 197339708 (188M) [application/octet-stream] Saving to: ‘opensearch-dashboards-2.3.0-linux-x64.rpm’ opensearch-dashboards-2.3 100%[=====================================>] 188.20M 78.6MB/s in 2.4s 2022-10-17 19:32:51 (78.6 MB/s) - ‘opensearch-dashboards-2.3.0-linux-x64.rpm’ saved [197339708/197339708] [root@redhat9 vagrant]# yum localinstall opensearch-dashboards-2.3.0-linux-x64.rpm -y Updating Subscription Management repositories. This system is registered with an entitlement server, but is not receiving updates. You can use subscription-manager to assign subscriptions. Last metadata expiration check: 1:50:39 ago on Mon 17 Oct 2022 05:42:40 PM UTC. Dependencies resolved. ======================================================================================================== Package Architecture Version Repository Size ======================================================================================================== Installing: opensearch-dashboards x86_64 2.3.0-1 @commandline 188 M Transaction Summary ======================================================================================================== Install 1 Package Total size: 188 M Installed size: 782 M Downloading Packages: Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Running scriptlet: opensearch-dashboards-2.3.0-1.x86_64 1/1 Installing : opensearch-dashboards-2.3.0-1.x86_64 1/1 Running scriptlet: opensearch-dashboards-2.3.0-1.x86_64 1/1 /usr/lib/tmpfiles.d/opensearch-dashboards.conf:1: Line references path below legacy directory /var/run/, updating /var/run/opensearch-dashboards → /run/opensearch-dashboards; please update the tmpfiles.d/ drop-in file accordingly. ### NOT starting on installation, please execute the following statements to configure opensearch service to start automatically using systemd sudo systemctl daemon-reload sudo systemctl enable opensearch-dashboards.service ### You can start opensearch-dashboards service by executing sudo systemctl start opensearch-dashboards.service /usr/lib/tmpfiles.d/opensearch-dashboards.conf:1: Line references path below legacy directory /var/run/, updating /var/run/opensearch-dashboards → /run/opensearch-dashboards; please update the tmpfiles.d/ drop-in file accordingly. /usr/lib/tmpfiles.d/opensearch.conf:1: Line references path below legacy directory /var/run/, updating /var/run/opensearch → /run/opensearch; please update the tmpfiles.d/ drop-in file accordingly. Verifying : opensearch-dashboards-2.3.0-1.x86_64 1/1 Installed products updated. Installed: opensearch-dashboards-2.3.0-1.x86_64 Complete! [root@redhat9 vagrant]# systemctl status opensearch-dashboards ○ opensearch-dashboards.service - "OpenSearch Dashboards" Loaded: loaded (/usr/lib/systemd/system/opensearch-dashboards.service; disabled; vendor preset: di> Active: inactive (dead) [root@redhat9 vagrant]# service opensearch-dashboards status env: ‘/etc/init.d/opensearch-dashboards’: Permission denied [root@redhat9 vagrant]# service opensearch-dashboards start env: ‘/etc/init.d/opensearch-dashboards’: Permission denied [root@redhat9 vagrant]# ls -l /etc/init.d/opensearch-dashboards -rw-r--r--. 1 root root 4174 Sep 9 00:05 /etc/init.d/opensearch-dashboards [root@redhat9 vagrant]# systemctl start opensearch-dashboards.service [root@redhat9 vagrant]# systemctl status opensearch-dashboards.service ● opensearch-dashboards.service - "OpenSearch Dashboards" Loaded: loaded (/usr/lib/systemd/system/opensearch-dashboards.service; disabled; vendor preset: disabled) Active: active (running) since Mon 2022-10-17 19:38:48 UTC; 1s ago Main PID: 1894 (node) Tasks: 11 (limit: 23585) Memory: 118.6M CPU: 1.988s CGroup: /system.slice/opensearch-dashboards.service └─1894 /usr/share/opensearch-dashboards/bin/../node/bin/node /usr/share/opensearch-dashboards/bin/../src/cli/dist Oct 17 19:38:48 redhat9 systemd[1]: Started "OpenSearch Dashboards". [root@redhat9 ~]$ service opensearch-dashboards status env: ‘/etc/init.d/opensearch-dashboards’: Permission denied [root@redhat9 ~]$ service opensearch-dashboards start env: ‘/etc/init.d/opensearch-dashboards’: Permission denied [root@redhat9 vagrant]# systemctl status opensearch-dashboards.service ● opensearch-dashboards.service - "OpenSearch Dashboards" Loaded: loaded (/usr/lib/systemd/system/opensearch-dashboards.service; disabled; vendor preset: disabled) Active: active (running) since Mon 2022-10-17 19:49:48 UTC; 6s ago Main PID: 2190 (node) Tasks: 11 (limit: 23585) Memory: 150.3M CPU: 3.307s CGroup: /system.slice/opensearch-dashboards.service └─2190 /usr/share/opensearch-dashboards/bin/../node/bin/node /usr/share/opensearch-dashboards/bin/../src/cli/dist ```

Red Hat 7 install test

``` [root@redhat7 vagrant]# wget https://artifacts.opensearch.org/releases/bundle/opensearch-dashboards/2.3.0/opensearch-dashboards-2.3.0-linux-x64.rpm --2022-10-17 19:33:01-- https://artifacts.opensearch.org/releases/bundle/opensearch-dashboards/2.3.0/opensearch-dashboards-2.3.0-linux-x64.rpm Resolving artifacts.opensearch.org (artifacts.opensearch.org)... 18.67.240.45, 18.67.240.49, 18.67.240.13, ... Connecting to artifacts.opensearch.org (artifacts.opensearch.org)|18.67.240.45|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 197339708 (188M) [application/octet-stream] Saving to: ‘opensearch-dashboards-2.3.0-linux-x64.rpm’ 100%[==============================================================>] 197,339,708 87.1MB/s in 2.2s 2022-10-17 19:33:03 (87.1 MB/s) - ‘opensearch-dashboards-2.3.0-linux-x64.rpm’ saved [197339708/197339708] [root@redhat7 vagrant]# yum localinstall opensearch-dashboards-2.3.0-linux-x64.rpm -y Loaded plugins: product-id, search-disabled-repos Examining opensearch-dashboards-2.3.0-linux-x64.rpm: opensearch-dashboards-2.3.0-1.x86_64 Marking opensearch-dashboards-2.3.0-linux-x64.rpm to be installed Resolving Dependencies --> Running transaction check ---> Package opensearch-dashboards.x86_64 0:2.3.0-1 will be installed --> Finished Dependency Resolution Dependencies Resolved ======================================================================================================== Package Arch Version Repository Size ======================================================================================================== Installing: opensearch-dashboards x86_64 2.3.0-1 /opensearch-dashboards-2.3.0-linux-x64 782 M Transaction Summary ======================================================================================================== Install 1 Package Total size: 782 M Installed size: 782 M Downloading packages: Running transaction check Running transaction test Transaction test succeeded Running transaction Warning: RPMDB altered outside of yum. Installing : opensearch-dashboards-2.3.0-1.x86_64 1/1 ### NOT starting on installation, please execute the following statements to configure opensearch service to start automatically using systemd sudo systemctl daemon-reload sudo systemctl enable opensearch-dashboards.service ### You can start opensearch-dashboards service by executing sudo systemctl start opensearch-dashboards.service Verifying : opensearch-dashboards-2.3.0-1.x86_64 1/1 Installed: opensearch-dashboards.x86_64 0:2.3.0-1 Complete! [root@redhat7 vagrant]# systemctl status opensearch-dashboards ● opensearch-dashboards.service - "OpenSearch Dashboards" Loaded: loaded (/usr/lib/systemd/system/opensearch-dashboards.service; disabled; vendor preset: disabled) Active: inactive (dead) [root@redhat7 vagrant]# service opensearch-dashboards status env: /etc/init.d/opensearch-dashboards: Permission denied [root@redhat7 vagrant]# systemctl start opensearch-dashboards.service [root@redhat7 vagrant]# systemctl status opensearch-dashboards.service ● opensearch-dashboards.service - "OpenSearch Dashboards" Loaded: loaded (/usr/lib/systemd/system/opensearch-dashboards.service; disabled; vendor preset: disabled) Active: active (running) since Mon 2022-10-17 19:51:12 UTC; 5s ago Main PID: 3946 (node) CGroup: /system.slice/opensearch-dashboards.service └─3946 /usr/share/opensearch-dashboards/bin/../node/bin/node /usr/share/opensearch-dashboards/bin/../src/cli/dist Oct 17 19:51:12 redhat7 systemd[1]: Started "OpenSearch Dashboards". Oct 17 19:51:15 redhat7 opensearch-dashboards[3946]: {"type":"log","@timestamp":"2022-10-17T19:51:15Z","tags":["info","plugins-service"],"pid":3946,"message":"Plugin \"visTypeXy\" is disabled."} Oct 17 19:51:15 redhat7 opensearch-dashboards[3946]: {"type":"log","@timestamp":"2022-10-17T19:51:15Z","tags":["info","plugins-service"],"pid":3946,"message":"Plugin \"wizard\" is disabled."} Oct 17 19:51:15 redhat7 opensearch-dashboards[3946]: {"type":"log","@timestamp":"2022-10-17T19:51:15Z","tags":["warning","config","deprecation"],"pid":3946,"message":"\"opensearch.requestHeadersW...Allowlist\""} Oct 17 19:51:15 redhat7 opensearch-dashboards[3946]: {"type":"log","@timestamp":"2022-10-17T19:51:15Z","tags":["info","plugins-system"],"pid":3946,"message":"Setting up [46] plugins: [alertingDas...beddable,expr Oct 17 19:51:15 redhat7 opensearch-dashboards[3946]: {"type":"log","@timestamp":"2022-10-17T19:51:15Z","tags":["info","savedobjects-service"],"pid":3946,"message":"Waiting until all OpenSearch no...grations..."} Oct 17 19:51:15 redhat7 opensearch-dashboards[3946]: {"type":"log","@timestamp":"2022-10-17T19:51:15Z","tags":["error","opensearch","data"],"pid":3946,"message":"[ConnectionError]: connect ECONNR....0.0.1:9200"} Oct 17 19:51:15 redhat7 opensearch-dashboards[3946]: {"type":"log","@timestamp":"2022-10-17T19:51:15Z","tags":["error","savedobjects-service"],"pid":3946,"message":"Unable to retrieve version inf...arch nodes."} Oct 17 19:51:18 redhat7 opensearch-dashboards[3946]: {"type":"log","@timestamp":"2022-10-17T19:51:18Z","tags":["error","opensearch","data"],"pid":3946,"message":"[ConnectionError]: connect ECONNR....0.0.1:9200"} Hint: Some lines were ellipsized, use -l to show in full. [root@redhat7 vagrant]# service opensearch-dashboards status env: /etc/init.d/opensearch-dashboards: Permission denied [root@redhat7 vagrant]# service opensearch-dashboards stop env: /etc/init.d/opensearch-dashboards: Permission denied [root@redhat7 vagrant]# ls -l /etc/init.d/opensearch-dashboards -rw-r--r--. 1 root root 4174 Sep 9 00:05 /etc/init.d/opensearch-dashboards ```

• After granting execute permissions to /etc/init.d/opensearch-dashboards file, it is possible to start the opensearch-dashboards service without the logs being displayed by the terminal.

[root@redhat9 vagrant]# chmod +x /etc/init.d/opensearch-dashboards 
[root@redhat9 vagrant]# /etc/init.d/opensearch-dashboards status
opensearch-dashboards is not running
[root@redhat9 vagrant]# service opensearch-dashboards status
opensearch-dashboards is not running
[root@redhat9 vagrant]# service opensearch-dashboards start
opensearch-dashboards started
[root@redhat9 vagrant]#

• In Red Hat 7 the same result is obtained, only that the service command indicates that it has been done via systemctl

[root@redhat7 vagrant]# chmod +x /etc/init.d/opensearch-dashboards 
[root@redhat7 vagrant]# service opensearch-dashboards status
opensearch-dashboards is not running
[root@redhat7 vagrant]# service opensearch-dashboards start
Starting opensearch-dashboards (via systemctl):            [  OK  ]
[root@redhat7 vagrant]# 

• This is because, in Red Hat 7, the functions script says so.

[root@redhat7 vagrant]# grep "via" /etc/rc.d/init.d/functions 
        s=$"Starting $prog (via systemctl): "
        s=$"Stopping $prog (via systemctl): "
        s=$"Reloading $prog configuration (via systemctl): "
        s=$"Restarting $prog (via systemctl):

• The reported error also occurs on CentOS 9 Stream.

• The error could be reproduced by commenting the line https://github.com/wazuh/wazuh-packages/blob/da21a806dc8667626cfc52a8b76a8e570dd84eea/stack/dashboard/base/files/etc/services/wazuh-dashboard#L10

[rauldpm]

Update report - Wazuh dashboard

• Analyzing the OpenSearch Dashboard source code, it has been found that the service redirects the output to /var/log/opensearch-dashboards/opensearch-dashboards.std[err|out]

https://github.com/opensearch-project/OpenSearch-Dashboards/blob/caf668e73304bac890f41c37cd6c3a41257cd289/src/dev/build/tasks/os_packages/service_templates/sysv/etc/init.d/opensearch-dashboards#L70

chroot --userspec "$user":"$group" "$chroot" sh -c "
cd \"$chdir\"
exec \"$program\"
" >> /var/log/opensearch-dashboards/opensearch-dashboards.stdout 2>> /var/log/opensearch-dashboards/opensearch-dashboards.stderr &

The Wazuh dashboard service, on the other hand, does not redirect any log:

https://github.com/wazuh/wazuh-packages/blob/6f91723e8ee42d6f4698ea84e3a3f276008cf29b/stack/dashboard/base/files/etc/services/wazuh-dashboard#L60

args=-c\\\ /etc/wazuh-dashboard/opensearch_dashboards.yml
...
chroot --userspec "$user":"$group" "$chroot" sh -c "cd \"$chdir\";exec \"$program\" $args" &

By adding the redirection in the Wazuh dashboard service, the reported error has stopped showing and can be consulted in the indicated log file.

The reported error has been reproduced in a Wazuh dashboard package using the OVA v4.3.9 since no log redirection has been done in any version of the Wazuh dashboard package.

[root@wazuh-server wazuh-user]# cat /usr/share/wazuh-dashboard/VERSION 
4.3.9
[root@wazuh-server wazuh-user]# service wazuh-dashboard start
wazuh-dashboard started
[root@wazuh-server wazuh-user]#   log   [17:15:25.416] [info][plugins-service] Plugin "visTypeXy" is disabled.

[root@wazuh-server wazuh-user]#   log   [17:15:25.566] [info][plugins-system] Setting up [42] plugins: [alertingDashboards,usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,share,opensearchUiShared,legacyExport,embeddable,expressions,data,home,console,apmOss,management,indexPatternManagement,advancedSettings,savedObjects,securityDashboards,reportsDashboards,indexManagementDashboards,dashboard,visualizations,visTypeTable,visTypeVega,visTypeTimeline,timeline,visTypeMarkdown,tileMap,regionMap,inputControlVis,ganttChartDashboards,visualize,bfetch,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,discover,wazuh,savedObjectsManagement]

[root@wazuh-server wazuh-user]#   log   [17:15:25.786] [info][savedobjects-service] Waiting until all OpenSearch nodes are compatible with OpenSearch Dashboards before starting saved objects migrations...
  log   [17:15:25.821] [info][savedobjects-service] Starting saved objects migrations
  log   [17:15:25.869] [info][plugins-system] Starting [42] plugins: [alertingDashboards,usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,share,opensearchUiShared,legacyExport,embeddable,expressions,data,home,console,apmOss,management,indexPatternManagement,advancedSettings,savedObjects,securityDashboards,reportsDashboards,indexManagementDashboards,dashboard,visualizations,visTypeTable,visTypeVega,visTypeTimeline,timeline,visTypeMarkdown,tileMap,regionMap,inputControlVis,ganttChartDashboards,visualize,bfetch,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,discover,wazuh,savedObjectsManagement]
  log   [17:15:26.088] [info][listening] Server running at https://0.0.0.0:443
  log   [17:15:26.175] [info][server][OpenSearchDashboards][http] http server running at https://0.0.0.0:443

Different behavior was found in Red Hat 9 and Red Hat 7 for the same OpenSearch Dashboard package, in Red Hat 9, when starting the opensearch-dashboards service, logs were written to /var/log/opensearch-dashboards, however, in Red Hat 7, this behavior has not been reproduced despite using the same service code (where log redirection is specified)

Regarding the message displayed by Wazuh server when starting the service using the service command, the definition has been found in the /sbin/service file

[root@redhat9 vagrant]# grep "Redirecting" /sbin/service 
    echo $"Redirecting to /bin/systemctl ${ACTION} ${SERVICE_MANGLED}${OPTIONS:+ }${OPTIONS}" >&2

In this file, the following conditional is accessed when the wazuh-manager service is started:

elif [[ $ACTION =~ ^(start|stop|restart|try-restart|reload|reload-or-restart|try-reload-or-restart|force-reload|status|condrestart)$ ]]; then
    SERVICE_MANGLED=$(/usr/bin/systemd-escape --mangle "${SERVICE}")
    echo $"Redirecting to /bin/systemctl ${ACTION} ${SERVICE_MANGLED}${OPTIONS:+ }${OPTIONS}" >&2
    exec /bin/systemctl "${ACTION}" "${SERVICE_MANGLED}" ${OPTIONS}

Instead, for the opensearch-dashboards and wazuh-dashboard service, the first conditional is accessed:

if [ -f "${SERVICEDIR}/${SERVICE}" ]; then
    # LSB daemons that dies abnormally in systemd looks alive in systemd's eyes due to RemainAfterExit=yes
    # lets reap them before next start
    if [ "${ACTION}" = 'start' ] && \
            [ "$(systemctl show -p ActiveState "${SERVICE}".service --value)" = 'active' ] && \
            [ "$(systemctl show -p SubState "${SERVICE}".service --value)" = 'exited' ]; then
        /bin/systemctl stop "${SERVICE}".service
    fi

    # Workaround to be able to "stop" network.service when it's in inactive state using service instead of systemctl
    # Useful for manual testing of network 
    if [ "${SERVICE}" = 'network' ] && [ "${ACTION}" = 'stop' ] && \
            [ "$(systemctl show -p ActiveState network.service --value)" = 'inactive' ] && \
            [ "$(systemctl show -p SourcePath network.service --value)" = '/etc/rc.d/init.d/network' ]; then
        export SYSTEMCTL_SKIP_REDIRECT=1
    fi

    env -i PATH="$PATH" TERM="$TERM" SYSTEMCTL_IGNORE_DEPENDENCIES="${SYSTEMCTL_IGNORE_DEPENDENCIES}" SYSTEMCTL_SKIP_REDIRECT="${SYSTEMCTL_SKIP_REDIRECT}" "${SERVICEDIR}/${SERVICE}" "${ACTION}" ${OPTIONS}

This is because the "${SERVICEDIR}/${SERVICE}" conditional gets the following values:

• OpenSearch Dashboards: /etc/init.d/opensearch-dashboards
• Wazuh server: /etc/init.d/wazuh-manager
• Wazuh dashboard: /etc/init.d/wazuh-dashboard

[root@redhat9 vagrant]# ls -l /etc/init.d/wazuh-manager
ls: cannot access '/etc/init.d/wazuh-manager': No such file or directory
[root@redhat9 vagrant]# ls -l /etc/init.d/opensearch-dashboards
-rwxr-xr-x. 1 root root 4179 Oct 18 17:47 /etc/init.d/opensearch-dashboards
[root@redhat9 vagrant]# ls -l /etc/init.d/wazuh-dashboard
-rwxr-x---. 1 wazuh-dashboard wazuh-dashboard 3682 Oct 17 17:26 /etc/init.d/wazuh-dashboard

After performing some tests, if the /etc/init.d/wazuh-dashboard service is renamed, when starting the service using the service command, a redirection to systemctl is made (third if), fixing the reported error.

Thus, the following solutions are proposed:

• [ ] Redirect logs, just like OpenSearch Dashboards do.
  • This solution would fulfill the requirement to keep the package as faithful as possible to the original code
  • The main problem lies in the logs rotation, OpenSearch Dashboard does not manage log redirection natively, so the entire log would be stored in a single file
• [ ] Do not redirect logs (keep current package)
  • Since the problem has been reproduced in the OpenSearch Dashboard package by not redirecting the logs, we could say that it is an inherited problem due to poor log and service management
• [x] Force the use of systemctl every time the service command is used, as is done with the wazuh-manager service (implies removing the service from init.d)

These options should be discussed with the team as they have a major impact on the future of the package.

---

Recommended systems tests with the third solution

Red Hat 7

``` [root@redhat7 vagrant]# cat /etc/os-release NAME="Red Hat Enterprise Linux Server" VERSION="7.9 (Maipo)" ID="rhel" ID_LIKE="fedora" VARIANT="Server" VARIANT_ID="server" VERSION_ID="7.9" PRETTY_NAME="Red Hat Enterprise Linux Server 7.9 (Maipo)" ANSI_COLOR="0;31" CPE_NAME="cpe:/o:redhat:enterprise_linux:7.9:GA:server" HOME_URL="https://www.redhat.com/" BUG_REPORT_URL="https://bugzilla.redhat.com/" REDHAT_BUGZILLA_PRODUCT="Red Hat Enterprise Linux 7" REDHAT_BUGZILLA_PRODUCT_VERSION=7.9 REDHAT_SUPPORT_PRODUCT="Red Hat Enterprise Linux" REDHAT_SUPPORT_PRODUCT_VERSION="7.9" [root@redhat7 vagrant]# [root@redhat7 vagrant]# yum localinstall wazuh-dashboard-4.4.0-1.x86_64.rpm -y Loaded plugins: product-id, search-disabled-repos Examining wazuh-dashboard-4.4.0-1.x86_64.rpm: wazuh-dashboard-4.4.0-1.x86_64 Marking wazuh-dashboard-4.4.0-1.x86_64.rpm to be installed Resolving Dependencies --> Running transaction check ---> Package wazuh-dashboard.x86_64 0:4.4.0-1 will be installed --> Finished Dependency Resolution Dependencies Resolved ======================================================================================================== Package Arch Version Repository Size ======================================================================================================== Installing: wazuh-dashboard x86_64 4.4.0-1 /wazuh-dashboard-4.4.0-1.x86_64 709 M Transaction Summary ======================================================================================================== Install 1 Package Total size: 709 M Installed size: 709 M Downloading packages: Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : wazuh-dashboard-4.4.0-1.x86_64 1/1 Verifying : wazuh-dashboard-4.4.0-1.x86_64 1/1 epel/x86_64/metalink | 23 kB 00:00:00 epel/x86_64 | 4.7 kB 00:00:00 epel/x86_64/group_gz | 97 kB 00:00:00 epel/x86_64/updateinfo | 1.0 MB 00:00:00 epel/x86_64/primary_db | 7.0 MB 00:00:00 Installed: wazuh-dashboard.x86_64 0:4.4.0-1 Complete! [root@redhat7 vagrant]# mv /etc/init.d/wazuh-dashboard /etc/init.d/wazuh-dashboard.save [root@redhat7 vagrant]# service wazuh-dashboard start Redirecting to /bin/systemctl start wazuh-dashboard.service [root@redhat7 vagrant]# service wazuh-dashboard status Redirecting to /bin/systemctl status wazuh-dashboard.service ● wazuh-dashboard.service - wazuh-dashboard Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; disabled; vendor preset: disabled) Active: failed (Result: exit-code) since Tue 2022-10-18 20:44:43 UTC; 42s ago Process: 3953 ExecStart=/usr/share/wazuh-dashboard/bin/opensearch-dashboards -c /etc/wazuh-dashboard/opensearch_dashboards.yml (code=exited, status=1/FAILURE) Main PID: 3953 (code=exited, status=1/FAILURE) Oct 18 20:44:38 redhat7 systemd[1]: Started wazuh-dashboard. Oct 18 20:44:43 redhat7 opensearch-dashboards[3953]: {"type":"log","@timestamp":"2022-10-18T20:44:43Z","tags":["info","plugins-service"],"pid":3953,"message":"Plugin \"visTypeXy\" is disabled."} Oct 18 20:44:43 redhat7 opensearch-dashboards[3953]: {"type":"log","@timestamp":"2022-10-18T20:44:43Z","tags":["info","plugins-service"],"pid":3953,"message":"Plugin \"wizard\" is disabled."} Oct 18 20:44:43 redhat7 opensearch-dashboards[3953]: {"type":"log","@timestamp":"2022-10-18T20:44:43Z","tags":["warning","config","deprecation"],"pid":3953,"message":"\"opensearch.requestHeadersW...Allowlist\""} Oct 18 20:44:43 redhat7 opensearch-dashboards[3953]: {"type":"log","@timestamp":"2022-10-18T20:44:43Z","tags":["fatal","root"],"pid":3953,"message":"Error: ENOENT: no such file or directory, open... (/usr/share/ Oct 18 20:44:43 redhat7 opensearch-dashboards[3953]: FATAL Error: ENOENT: no such file or directory, open '/etc/wazuh-dashboard/certs/dashboard-key.pem' Oct 18 20:44:43 redhat7 systemd[1]: wazuh-dashboard.service: main process exited, code=exited, status=1/FAILURE Oct 18 20:44:43 redhat7 systemd[1]: Unit wazuh-dashboard.service entered failed state. Oct 18 20:44:43 redhat7 systemd[1]: wazuh-dashboard.service failed. Hint: Some lines were ellipsized, use -l to show in full. [root@redhat7 vagrant]# ```

Red Hat 8

``` [root@redhat8 vagrant]# cat /etc/os-release NAME="Red Hat Enterprise Linux" VERSION="8.5 (Ootpa)" ID="rhel" ID_LIKE="fedora" VERSION_ID="8.5" PLATFORM_ID="platform:el8" PRETTY_NAME="Red Hat Enterprise Linux 8.5 (Ootpa)" ANSI_COLOR="0;31" CPE_NAME="cpe:/o:redhat:enterprise_linux:8::baseos" HOME_URL="https://www.redhat.com/" DOCUMENTATION_URL="https://access.redhat.com/documentation/red_hat_enterprise_linux/8/" BUG_REPORT_URL="https://bugzilla.redhat.com/" REDHAT_BUGZILLA_PRODUCT="Red Hat Enterprise Linux 8" REDHAT_BUGZILLA_PRODUCT_VERSION=8.5 REDHAT_SUPPORT_PRODUCT="Red Hat Enterprise Linux" REDHAT_SUPPORT_PRODUCT_VERSION="8.5" [root@redhat8 vagrant]# yum localinstall wazuh-dashboard-4.4.0-1.x86_64.rpm -y Last metadata expiration check: 0:05:22 ago on Tue 18 Oct 2022 08:41:48 PM UTC. Dependencies resolved. =================================================================================================================================================================================================================== Package Architecture Version Repository Size =================================================================================================================================================================================================================== Installing: wazuh-dashboard x86_64 4.4.0-1 @commandline 172 M Transaction Summary =================================================================================================================================================================================================================== Install 1 Package Total size: 172 M Installed size: 709 M Downloading Packages: Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Running scriptlet: wazuh-dashboard-4.4.0-1.x86_64 1/1 Installing : wazuh-dashboard-4.4.0-1.x86_64 1/1 Running scriptlet: wazuh-dashboard-4.4.0-1.x86_64 1/1 Verifying : wazuh-dashboard-4.4.0-1.x86_64 1/1 Installed products updated. Installed: wazuh-dashboard-4.4.0-1.x86_64 Complete! [root@redhat8 vagrant]# mv /etc/init.d/wazuh-dashboard /etc/init.d/wazuh-dashboard.save mv: overwrite '/etc/init.d/wazuh-dashboard.save'? y [root@redhat8 vagrant]# service wazuh-dashboard start Redirecting to /bin/systemctl start wazuh-dashboard.service [root@redhat8 vagrant]# service wazuh-dashboard status Redirecting to /bin/systemctl status wazuh-dashboard.service ● wazuh-dashboard.service - wazuh-dashboard Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; disabled; vendor preset: disabled) Active: failed (Result: exit-code) since Tue 2022-10-18 20:48:27 UTC; 49s ago Process: 5460 ExecStart=/usr/share/wazuh-dashboard/bin/opensearch-dashboards -c /etc/wazuh-dashboard/opensearch_dashboards.yml (code=exited, status=1/FAILURE) Main PID: 5460 (code=exited, status=1/FAILURE) Oct 18 20:48:22 redhat8 systemd[1]: Started wazuh-dashboard. Oct 18 20:48:27 redhat8 opensearch-dashboards[5460]: {"type":"log","@timestamp":"2022-10-18T20:48:27Z","tags":["info","plugins-service"],"pid":5460,"message":"Plugin \"wizard\" is disabled."} Oct 18 20:48:27 redhat8 opensearch-dashboards[5460]: {"type":"log","@timestamp":"2022-10-18T20:48:27Z","tags":["info","plugins-service"],"pid":5460,"message":"Plugin \"visTypeXy\" is disabled."} Oct 18 20:48:27 redhat8 opensearch-dashboards[5460]: {"type":"log","@timestamp":"2022-10-18T20:48:27Z","tags":["warning","config","deprecation"],"pid":5460,"message":"\"opensearch.requestHeadersWhitelist\" is deprecated and has been replaced by \"opensearch.requestHeadersAllowlist\""} Oct 18 20:48:27 redhat8 opensearch-dashboards[5460]: {"type":"log","@timestamp":"2022-10-18T20:48:27Z","tags":["fatal","root"],"pid":5460,"message":"Error: ENOENT: no such file or directory, open '/etc/wazuh-dashboard/certs/dashboard-key.pem'\n at Object.openSync (fs.js:498:3)\n at readFileSync (fs.js:394:35)> Oct 18 20:48:27 redhat8 opensearch-dashboards[5460]: FATAL Error: ENOENT: no such file or directory, open '/etc/wazuh-dashboard/certs/dashboard-key.pem' Oct 18 20:48:27 redhat8 systemd[1]: wazuh-dashboard.service: Main process exited, code=exited, status=1/FAILURE Oct 18 20:48:27 redhat8 systemd[1]: wazuh-dashboard.service: Failed with result 'exit-code'. [root@redhat8 vagrant]# ```

Red Hat 9

``` [root@redhat9 vagrant]# cat /etc/os-release NAME="Red Hat Enterprise Linux" VERSION="9.0 (Plow)" ID="rhel" ID_LIKE="fedora" VERSION_ID="9.0" PLATFORM_ID="platform:el9" PRETTY_NAME="Red Hat Enterprise Linux 9.0 (Plow)" ANSI_COLOR="0;31" LOGO="fedora-logo-icon" CPE_NAME="cpe:/o:redhat:enterprise_linux:9::baseos" HOME_URL="https://www.redhat.com/" DOCUMENTATION_URL="https://access.redhat.com/documentation/red_hat_enterprise_linux/9/" BUG_REPORT_URL="https://bugzilla.redhat.com/" REDHAT_BUGZILLA_PRODUCT="Red Hat Enterprise Linux 9" REDHAT_BUGZILLA_PRODUCT_VERSION=9.0 REDHAT_SUPPORT_PRODUCT="Red Hat Enterprise Linux" REDHAT_SUPPORT_PRODUCT_VERSION="9.0" [root@redhat9 vagrant]# yum localinstall wazuh-dashboard-4.4.0-1.x86_64.rpm -y Extra Packages for Enterprise Linux 9 - x86_64 7.1 MB/s | 11 MB 00:01 Last metadata expiration check: 0:00:03 ago on Tue 18 Oct 2022 08:41:42 PM UTC. Dependencies resolved. ======================================================================================================== Package Architecture Version Repository Size ======================================================================================================== Installing: wazuh-dashboard x86_64 4.4.0-1 @commandline 172 M Transaction Summary ======================================================================================================== Install 1 Package Total size: 172 M Installed size: 709 M Downloading Packages: Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Running scriptlet: wazuh-dashboard-4.4.0-1.x86_64 1/1 Installing : wazuh-dashboard-4.4.0-1.x86_64 1/1 Running scriptlet: wazuh-dashboard-4.4.0-1.x86_64 1/1 Verifying : wazuh-dashboard-4.4.0-1.x86_64 1/1 Installed products updated. Installed: wazuh-dashboard-4.4.0-1.x86_64 Complete! [root@redhat9 vagrant]# mv /etc/init.d/wazuh-dashboard /etc/init.d/wazuh-dashboard.save [root@redhat9 vagrant]# service wazuh-dashboard start Redirecting to /bin/systemctl start wazuh-dashboard.service [root@redhat9 vagrant]# service wazuh-dashboard status Redirecting to /bin/systemctl status wazuh-dashboard.service × wazuh-dashboard.service - wazuh-dashboard Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; disabled; vendor preset: disabled) Active: failed (Result: exit-code) since Tue 2022-10-18 20:44:41 UTC; 23s ago Process: 4435 ExecStart=/usr/share/wazuh-dashboard/bin/opensearch-dashboards -c /etc/wazuh-dashboar> Main PID: 4435 (code=exited, status=1/FAILURE) CPU: 3.619s Oct 18 20:44:36 redhat9 systemd[1]: Started wazuh-dashboard. Oct 18 20:44:41 redhat9 opensearch-dashboards[4435]: {"type":"log","@timestamp":"2022-10-18T20:44:41Z",> Oct 18 20:44:41 redhat9 opensearch-dashboards[4435]: {"type":"log","@timestamp":"2022-10-18T20:44:41Z",> Oct 18 20:44:41 redhat9 opensearch-dashboards[4435]: {"type":"log","@timestamp":"2022-10-18T20:44:41Z",> Oct 18 20:44:41 redhat9 opensearch-dashboards[4435]: {"type":"log","@timestamp":"2022-10-18T20:44:41Z",> Oct 18 20:44:41 redhat9 opensearch-dashboards[4435]: FATAL Error: ENOENT: no such file or directory, > Oct 18 20:44:41 redhat9 systemd[1]: wazuh-dashboard.service: Main process exited, code=exited, status=1> Oct 18 20:44:41 redhat9 systemd[1]: wazuh-dashboard.service: Failed with result 'exit-code'. Oct 18 20:44:41 redhat9 systemd[1]: wazuh-dashboard.service: Consumed 3.619s CPU time. [root@redhat9 vagrant]# ```

CentOS 7

``` [root@centos7 vagrant]# cat /etc/os-release NAME="CentOS Linux" VERSION="7 (Core)" ID="centos" ID_LIKE="rhel fedora" VERSION_ID="7" PRETTY_NAME="CentOS Linux 7 (Core)" ANSI_COLOR="0;31" CPE_NAME="cpe:/o:centos:centos:7" HOME_URL="https://www.centos.org/" BUG_REPORT_URL="https://bugs.centos.org/" CENTOS_MANTISBT_PROJECT="CentOS-7" CENTOS_MANTISBT_PROJECT_VERSION="7" REDHAT_SUPPORT_PRODUCT="centos" REDHAT_SUPPORT_PRODUCT_VERSION="7" [root@centos7 vagrant]# yum localinstall wazuh-dashboard-4.4.0-1.x86_64.rpm -y Loaded plugins: fastestmirror Examining wazuh-dashboard-4.4.0-1.x86_64.rpm: wazuh-dashboard-4.4.0-1.x86_64 Marking wazuh-dashboard-4.4.0-1.x86_64.rpm to be installed Resolving Dependencies --> Running transaction check ---> Package wazuh-dashboard.x86_64 0:4.4.0-1 will be installed --> Finished Dependency Resolution Dependencies Resolved ======================================================================================================== Package Arch Version Repository Size ======================================================================================================== Installing: wazuh-dashboard x86_64 4.4.0-1 /wazuh-dashboard-4.4.0-1.x86_64 709 M Transaction Summary ======================================================================================================== Install 1 Package Total size: 709 M Installed size: 709 M Downloading packages: Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : wazuh-dashboard-4.4.0-1.x86_64 1/1 Verifying : wazuh-dashboard-4.4.0-1.x86_64 1/1 Installed: wazuh-dashboard.x86_64 0:4.4.0-1 Complete! [root@centos7 vagrant]# mv /etc/init.d/wazuh-dashboard /etc/init.d/wazuh-dashboard.save [root@centos7 vagrant]# service wazuh-dashboard start Redirecting to /bin/systemctl start wazuh-dashboard.service [root@centos7 vagrant]# service wazuh-dashboard status Redirecting to /bin/systemctl status wazuh-dashboard.service ● wazuh-dashboard.service - wazuh-dashboard Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; disabled; vendor preset: disabled) Active: failed (Result: exit-code) since Tue 2022-10-18 20:44:47 UTC; 6min ago Process: 3237 ExecStart=/usr/share/wazuh-dashboard/bin/opensearch-dashboards -c /etc/wazuh-dashboard/opensearch_dashboards.yml (code=exited, status=1/FAILURE) Main PID: 3237 (code=exited, status=1/FAILURE) Oct 18 20:44:43 centos7 systemd[1]: Started wazuh-dashboard. Oct 18 20:44:47 centos7 opensearch-dashboards[3237]: {"type":"log","@timestamp":"2022-10-18T20:44:47Z","tags":["info","plugins-service"],"pid":3237,"message":"Plugin \"visTypeXy\" is disabled."} Oct 18 20:44:47 centos7 opensearch-dashboards[3237]: {"type":"log","@timestamp":"2022-10-18T20:44:47Z","tags":["info","plugins-service"],"pid":3237,"message":"Plugin \"wizard\" is disabled."} Oct 18 20:44:47 centos7 opensearch-dashboards[3237]: {"type":"log","@timestamp":"2022-10-18T20:44:47Z","tags":["warning","config","deprecation"],"pid":3237,"message":"\"opensearch.requestHeadersW...Allowlist\""} Oct 18 20:44:47 centos7 opensearch-dashboards[3237]: {"type":"log","@timestamp":"2022-10-18T20:44:47Z","tags":["fatal","root"],"pid":3237,"message":"Error: ENOENT: no such file or directory, open... (/usr/share/ Oct 18 20:44:47 centos7 opensearch-dashboards[3237]: FATAL Error: ENOENT: no such file or directory, open '/etc/wazuh-dashboard/certs/dashboard-key.pem' Oct 18 20:44:47 centos7 systemd[1]: wazuh-dashboard.service: main process exited, code=exited, status=1/FAILURE Oct 18 20:44:47 centos7 systemd[1]: Unit wazuh-dashboard.service entered failed state. Oct 18 20:44:47 centos7 systemd[1]: wazuh-dashboard.service failed. Hint: Some lines were ellipsized, use -l to show in full. [root@centos7 vagrant]# ```

CentOS 8

``` [root@centos8 vagrant]# cat /etc/os-release NAME="CentOS Linux" VERSION="8" ID="centos" ID_LIKE="rhel fedora" VERSION_ID="8" PLATFORM_ID="platform:el8" PRETTY_NAME="CentOS Linux 8" ANSI_COLOR="0;31" CPE_NAME="cpe:/o:centos:centos:8" HOME_URL="https://centos.org/" BUG_REPORT_URL="https://bugs.centos.org/" CENTOS_MANTISBT_PROJECT="CentOS-8" CENTOS_MANTISBT_PROJECT_VERSION="8" [root@centos8 vagrant]# yum localinstall wazuh-dashboard-4.4.0-1.x86_64.rpm -y CentOS Linux 8 - AppStream 13 MB/s | 8.4 MB 00:00 CentOS Linux 8 - BaseOS 11 MB/s | 4.6 MB 00:00 CentOS Linux 8 - Extras 26 kB/s | 10 kB 00:00 Dependencies resolved. ======================================================================================================== Package Architecture Version Repository Size ======================================================================================================== Installing: wazuh-dashboard x86_64 4.4.0-1 @commandline 172 M Transaction Summary ======================================================================================================== Install 1 Package Total size: 172 M Installed size: 709 M Downloading Packages: Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Running scriptlet: wazuh-dashboard-4.4.0-1.x86_64 1/1 Installing : wazuh-dashboard-4.4.0-1.x86_64 1/1 Running scriptlet: wazuh-dashboard-4.4.0-1.x86_64 1/1 Verifying : wazuh-dashboard-4.4.0-1.x86_64 1/1 Installed: wazuh-dashboard-4.4.0-1.x86_64 Complete! [root@centos8 vagrant]# mv /etc/init.d/wazuh-dashboard /etc/init.d/wazuh-dashboard.save [root@centos8 vagrant]# service wazuh-dashboard start Redirecting to /bin/systemctl start wazuh-dashboard.service [root@centos8 vagrant]# service wazuh-dashboard status Redirecting to /bin/systemctl status wazuh-dashboard.service ● wazuh-dashboard.service - wazuh-dashboard Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; disabled; vendor preset: disabled) Active: failed (Result: exit-code) since Tue 2022-10-18 20:44:44 UTC; 7min ago Process: 4004 ExecStart=/usr/share/wazuh-dashboard/bin/opensearch-dashboards -c /etc/wazuh-dashboard/opensearch_dashboards.yml (code=exited, status=1/FAILURE) Main PID: 4004 (code=exited, status=1/FAILURE) Oct 18 20:44:40 centos8 systemd[1]: Started wazuh-dashboard. Oct 18 20:44:44 centos8 opensearch-dashboards[4004]: {"type":"log","@timestamp":"2022-10-18T20:44:44Z","tags":["info","plugins-service"],"pid":4004,"message":"Plugin \"visTypeXy\" is disabled."} Oct 18 20:44:44 centos8 opensearch-dashboards[4004]: {"type":"log","@timestamp":"2022-10-18T20:44:44Z","tags":["info","plugins-service"],"pid":4004,"message":"Plugin \"wizard\" is disabled."} Oct 18 20:44:44 centos8 opensearch-dashboards[4004]: {"type":"log","@timestamp":"2022-10-18T20:44:44Z","tags":["warning","config","deprecation"],"pid":4004,"message":"\"opensearch.requestHeadersWhitelist\" is deprecated and has been replaced by \"opensearch.requestHeade> Oct 18 20:44:44 centos8 opensearch-dashboards[4004]: {"type":"log","@timestamp":"2022-10-18T20:44:44Z","tags":["fatal","root"],"pid":4004,"message":"Error: ENOENT: no such file or directory, open '/etc/wazuh-dashboard/certs/dashboard-key.pem'\n at Object.openSync (fs> Oct 18 20:44:44 centos8 opensearch-dashboards[4004]: FATAL Error: ENOENT: no such file or directory, open '/etc/wazuh-dashboard/certs/dashboard-key.pem' Oct 18 20:44:44 centos8 systemd[1]: wazuh-dashboard.service: Main process exited, code=exited, status=1/FAILURE Oct 18 20:44:44 centos8 systemd[1]: wazuh-dashboard.service: Failed with result 'exit-code'. [root@centos8 vagrant]# ```

CentOS 9 Stream

``` [root@centos9stream vagrant]# cat /etc/os-release NAME="CentOS Stream" VERSION="9" ID="centos" ID_LIKE="rhel fedora" VERSION_ID="9" PLATFORM_ID="platform:el9" PRETTY_NAME="CentOS Stream 9" ANSI_COLOR="0;31" LOGO="fedora-logo-icon" CPE_NAME="cpe:/o:centos:centos:9" HOME_URL="https://centos.org/" BUG_REPORT_URL="https://bugzilla.redhat.com/" REDHAT_SUPPORT_PRODUCT="Red Hat Enterprise Linux 9" REDHAT_SUPPORT_PRODUCT_VERSION="CentOS Stream" [root@centos9stream vagrant]# yum localinstall wazuh-dashboard-4.4.0-1.x86_64.rpm -y CentOS Stream 9 - BaseOS 4.4 MB/s | 5.9 MB 00:01 CentOS Stream 9 - AppStream 4.8 MB/s | 15 MB 00:03 CentOS Stream 9 - Extras packages 11 kB/s | 8.7 kB 00:00 Extra Packages for Enterprise Linux 9 - x86_64 7.1 MB/s | 11 MB 00:01 Extra Packages for Enterprise Linux 9 - Next - x86_64 2.6 MB/s | 1.4 MB 00:00 Dependencies resolved. ======================================================================================================== Package Architecture Version Repository Size ======================================================================================================== Installing: wazuh-dashboard x86_64 4.4.0-1 @commandline 172 M Transaction Summary ======================================================================================================== Install 1 Package Total size: 172 M Installed size: 709 M Downloading Packages: Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Running scriptlet: wazuh-dashboard-4.4.0-1.x86_64 1/1 Installing : wazuh-dashboard-4.4.0-1.x86_64 1/1 Running scriptlet: wazuh-dashboard-4.4.0-1.x86_64 1/1 Verifying : wazuh-dashboard-4.4.0-1.x86_64 1/1 Installed: wazuh-dashboard-4.4.0-1.x86_64 Complete! [root@centos9stream vagrant]# mv /etc/init.d/wazuh-dashboard /etc/init.d/wazuh-dashboard.save [root@centos9stream vagrant]# service wazuh-dashboard status Redirecting to /bin/systemctl status wazuh-dashboard.service × wazuh-dashboard.service - wazuh-dashboard Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; disabled; vendor preset: disabled) Active: failed (Result: exit-code) since Tue 2022-10-18 20:44:34 UTC; 8min ago Duration: 4.170s Process: 5151 ExecStart=/usr/share/wazuh-dashboard/bin/opensearch-dashboards -c /etc/wazuh-dashboard/opensearch_dashboards.yml (code=exited, status=1/FAILURE) Main PID: 5151 (code=exited, status=1/FAILURE) CPU: 3.342s Oct 18 20:44:30 centos9stream systemd[1]: Started wazuh-dashboard. Oct 18 20:44:34 centos9stream opensearch-dashboards[5151]: {"type":"log","@timestamp":"2022-10-18T20:44:34Z","tags":["info","plugins-service"],"pid":5151,"message":"Plugin \"visTypeXy\" is disabled."} Oct 18 20:44:34 centos9stream opensearch-dashboards[5151]: {"type":"log","@timestamp":"2022-10-18T20:44:34Z","tags":["info","plugins-service"],"pid":5151,"message":"Plugin \"wizard\" is disabled."} Oct 18 20:44:34 centos9stream opensearch-dashboards[5151]: {"type":"log","@timestamp":"2022-10-18T20:44:34Z","tags":["warning","config","deprecation"],"pid":5151,"message":"\"opensearch.requestHeadersWhitelist\" is deprecated and has been replaced by \"opensearch.requestHeadersAllowlist\""} Oct 18 20:44:34 centos9stream opensearch-dashboards[5151]: {"type":"log","@timestamp":"2022-10-18T20:44:34Z","tags":["fatal","root"],"pid":5151,"message":"Error: ENOENT: no such file or directory, open '/etc/wazuh-dashboard/certs/dashboard-key.pem'\n at Object.openSync (fs.js:498:3)\n at readFileSync (fs.js:3> Oct 18 20:44:34 centos9stream opensearch-dashboards[5151]: FATAL Error: ENOENT: no such file or directory, open '/etc/wazuh-dashboard/certs/dashboard-key.pem' Oct 18 20:44:34 centos9stream systemd[1]: wazuh-dashboard.service: Main process exited, code=exited, status=1/FAILURE Oct 18 20:44:34 centos9stream systemd[1]: wazuh-dashboard.service: Failed with result 'exit-code'. Oct 18 20:44:34 centos9stream systemd[1]: wazuh-dashboard.service: Consumed 3.342s CPU time. ```

All services fail to start because certificates have not been configured. No unwanted log is displayed on the terminal.

[rauldpm]

Update report - Wazuh dashboard

• The Amazon Linux 2 system is not affected by the bug reported in CentOS and Red Hat systems.

• The proposed fix on removing the service from init.d works, as it natively redirects to systemctl.

• A different problem has been found using the service command, when starting the service a message is received that it has started but when checking the status it is reported that it is stopped.

  Amazon Linux 2

  - Install ``` [root@amazonlinux2 vagrant]# cat /etc/os-release NAME="Amazon Linux" VERSION="2" ID="amzn" ID_LIKE="centos rhel fedora" VERSION_ID="2" PRETTY_NAME="Amazon Linux 2" ANSI_COLOR="0;33" CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2" HOME_URL="https://amazonlinux.com/" [root@amazonlinux2 vagrant]# yum localinstall wazuh-dashboard-4.4.0-1.x86_64.rpm -y Loaded plugins: dkms-build-requires, langpacks, : priorities, update-motd Examining wazuh-dashboard-4.4.0-1.x86_64.rpm: wazuh-dashboard-4.4.0-1.x86_64 Marking wazuh-dashboard-4.4.0-1.x86_64.rpm to be installed Resolving Dependencies --> Running transaction check ---> Package wazuh-dashboard.x86_64 0:4.4.0-1 will be installed --> Finished Dependency Resolution Dependencies Resolved ================================================== Package Arch Version Repository Size ================================================== Installing: wazuh-dashboard x86_64 4.4.0-1 /wazuh-dashboard-4.4.0-1.x86_64 709 M Transaction Summary ================================================== Install 1 Package Total size: 709 M Installed size: 709 M Downloading packages: Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : wazuh-dashboard-4.4.0-1.x86_ 1/1 Verifying : wazuh-dashboard-4.4.0-1.x86_ 1/1 Installed: wazuh-dashboard.x86_64 0:4.4.0-1 Complete! ``` - Using the `service` command without the service file rename (no error reproduced) ``` [root@amazonlinux2 vagrant]# ls -l /etc/init.d/wazuh-dashboard -rwxr-x--- 1 wazuh-dashboard wazuh-dashboard 3682 Oct 17 17:26 /etc/init.d/wazuh-dashboard [root@amazonlinux2 vagrant]# service wazuh-dashboard start Starting wazuh-dashboard (via systemctl): [ OK ] [root@amazonlinux2 vagrant]# service wazuh-dashboard status wazuh-dashboard is not running [root@amazonlinux2 vagrant]# ``` - Using the `service` command with the service file rename ``` [root@amazonlinux2 vagrant]# mv /etc/init.d/wazuh-dashboard /etc/init.d/wazuh-dashboard.save [root@amazonlinux2 vagrant]# service wazuh-dashboard start Redirecting to /bin/systemctl start wazuh-dashboard.service [root@amazonlinux2 vagrant]# service wazuh-dashboard status Redirecting to /bin/systemctl status wazuh-dashboard.service ● wazuh-dashboard.service - wazuh-dashboard Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; disabled; vendor preset: disabled) Active: failed (Result: exit-code) since Wed 2022-10-19 12:30:01 UTC; 4min 19s ago Process: 5823 ExecStart=/usr/share/wazuh-dashboard/bin/opensearch-dashboards -c /etc/wazuh-dashboard/opensearch_dashboards.yml (code=exited, status=1/FAILURE) Main PID: 5823 (code=exited, status=1/FAILURE) Oct 19 12:29:57 amazonlinux2 systemd[1]: Started wazuh-dashboard. Oct 19 12:29:57 amazonlinux2 systemd[1]: Starting wazuh-dashboard... Oct 19 12:30:01 amazonlinux2 opensearch-dashboards[5823]: {"type":"log","@timestamp":"2022-10-19T12:30:01Z","tags":["info","plugins-service"],"pid":5823,"message":"Plugin \"visTypeXy\" is disabled."} Oct 19 12:30:01 amazonlinux2 opensearch-dashboards[5823]: {"type":"log","@timestamp":"2022-10-19T12:30:01Z","tags":["info","plugins-service"],"pid":5823,"message":"Plugin \"wizard\" is disabled."} Oct 19 12:30:01 amazonlinux2 opensearch-dashboards[5823]: {"type":"log","@timestamp":"2022-10-19T12:30:01Z","tags":["warning","config","deprecation"],"pid":5823,"message":"\"opensearch.requestHea...Allowlist\""} Oct 19 12:30:01 amazonlinux2 opensearch-dashboards[5823]: {"type":"log","@timestamp":"2022-10-19T12:30:01Z","tags":["fatal","root"],"pid":5823,"message":"Error: ENOENT: no such file or directory,... (/usr/share/ Oct 19 12:30:01 amazonlinux2 opensearch-dashboards[5823]: FATAL Error: ENOENT: no such file or directory, open '/etc/wazuh-dashboard/certs/dashboard-key.pem' Oct 19 12:30:01 amazonlinux2 systemd[1]: wazuh-dashboard.service: main process exited, code=exited, status=1/FAILURE Oct 19 12:30:01 amazonlinux2 systemd[1]: Unit wazuh-dashboard.service entered failed state. Oct 19 12:30:01 amazonlinux2 systemd[1]: wazuh-dashboard.service failed. Hint: Some lines were ellipsized, use -l to show in full. ```

• Same behavior occurs on Fedora when using the service command.

  Fedora 34

  ``` [root@fedora34 vagrant]# cat /etc/os-release NAME=Fedora VERSION="34 (Cloud Edition)" ID=fedora VERSION_ID=34 VERSION_CODENAME="" PLATFORM_ID="platform:f34" PRETTY_NAME="Fedora 34 (Cloud Edition)" ANSI_COLOR="0;38;2;60;110;180" LOGO=fedora-logo-icon CPE_NAME="cpe:/o:fedoraproject:fedora:34" HOME_URL="https://fedoraproject.org/" DOCUMENTATION_URL="https://docs.fedoraproject.org/en-US/fedora/34/system-administrators-guide/" SUPPORT_URL="https://fedoraproject.org/wiki/Communicating_and_getting_help" BUG_REPORT_URL="https://bugzilla.redhat.com/" REDHAT_BUGZILLA_PRODUCT="Fedora" REDHAT_BUGZILLA_PRODUCT_VERSION=34 REDHAT_SUPPORT_PRODUCT="Fedora" REDHAT_SUPPORT_PRODUCT_VERSION=34 PRIVACY_POLICY_URL="https://fedoraproject.org/wiki/Legal:PrivacyPolicy" VARIANT="Cloud Edition" VARIANT_ID=cloud [root@fedora34 vagrant]# yum localinstall wazuh-dashboard-4.4.0-1.x86_64.rpm -y Fedora 34 openh264 (From Cisco) - x86_64 1.9 kB/s | 2.5 kB 00:01 Fedora Modular 34 - x86_64 2.1 MB/s | 4.9 MB 00:02 Fedora Modular 34 - x86_64 - Updates 2.9 MB/s | 4.7 MB 00:01 Fedora 34 - x86_64 - Updates 6.8 MB/s | 34 MB 00:05 Fedora 34 - x86_64 7.4 MB/s | 74 MB 00:09 Dependencies resolved. ======================================================================================================== Package Architecture Version Repository Size ======================================================================================================== Installing: wazuh-dashboard x86_64 4.4.0-1 @commandline 172 M Transaction Summary ======================================================================================================== Install 1 Package Total size: 172 M Installed size: 709 M Downloading Packages: Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Running scriptlet: wazuh-dashboard-4.4.0-1.x86_64 1/1 Installing : wazuh-dashboard-4.4.0-1.x86_64 1/1 Running scriptlet: wazuh-dashboard-4.4.0-1.x86_64 1/1 Verifying : wazuh-dashboard-4.4.0-1.x86_64 1/1 Installed: wazuh-dashboard-4.4.0-1.x86_64 Complete! [root@fedora34 vagrant]# service wazuh-dashboard start Starting wazuh-dashboard (via systemctl): [ OK ] [root@fedora34 vagrant]# service wazuh-dashboard status wazuh-dashboard is not running [root@fedora34 vagrant]# systemctl status wazuh-dashboard × wazuh-dashboard.service - wazuh-dashboard Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; disabled; vendor preset: disabled) Active: failed (Result: exit-code) since Wed 2022-10-19 13:00:35 UTC; 1min 12s ago Process: 3057 ExecStart=/usr/share/wazuh-dashboard/bin/opensearch-dashboards -c /etc/wazuh-dashboard/opensearch_dashboards.yml (code=exited, status=1/FAILURE) Main PID: 3057 (code=exited, status=1/FAILURE) CPU: 3.302s Oct 19 13:00:32 fedora34 systemd[1]: Started wazuh-dashboard. Oct 19 13:00:35 fedora34 opensearch-dashboards[3057]: {"type":"log","@timestamp":"2022-10-19T13:00:35Z","tags":["info","plugins-service"],"pid":3057,"message":"Plugin \"visTypeXy\" is disabled."} Oct 19 13:00:35 fedora34 opensearch-dashboards[3057]: {"type":"log","@timestamp":"2022-10-19T13:00:35Z","tags":["info","plugins-service"],"pid":3057,"message":"Plugin \"wizard\" is disabled."} Oct 19 13:00:35 fedora34 opensearch-dashboards[3057]: {"type":"log","@timestamp":"2022-10-19T13:00:35Z","tags":["warning","config","deprecation"],"pid":3057,"message":"\"opensearch.requestHeadersWhitelist\" is > Oct 19 13:00:35 fedora34 opensearch-dashboards[3057]: {"type":"log","@timestamp":"2022-10-19T13:00:35Z","tags":["fatal","root"],"pid":3057,"message":"Error: ENOENT: no such file or directory, open '/etc/wazuh-d> Oct 19 13:00:35 fedora34 opensearch-dashboards[3057]: FATAL Error: ENOENT: no such file or directory, open '/etc/wazuh-dashboard/certs/dashboard-key.pem' Oct 19 13:00:35 fedora34 systemd[1]: wazuh-dashboard.service: Main process exited, code=exited, status=1/FAILURE Oct 19 13:00:35 fedora34 systemd[1]: wazuh-dashboard.service: Failed with result 'exit-code'. Oct 19 13:00:35 fedora34 systemd[1]: wazuh-dashboard.service: Consumed 3.302s CPU time. [root@fedora34 vagrant]# mv /etc/init.d/wazuh-dashboard /etc/init.d/wazuh-dashboard.save [root@fedora34 vagrant]# service wazuh-dashboard start Redirecting to /bin/systemctl start wazuh-dashboard.service [root@fedora34 vagrant]# service wazuh-dashboard status Redirecting to /bin/systemctl status wazuh-dashboard.service × wazuh-dashboard.service - wazuh-dashboard Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; disabled; vendor preset: disabled) Active: failed (Result: exit-code) since Wed 2022-10-19 13:02:30 UTC; 6s ago Process: 3101 ExecStart=/usr/share/wazuh-dashboard/bin/opensearch-dashboards -c /etc/wazuh-dashboard/opensearch_dashboards.yml (code=exited, status=1/FAILURE) Main PID: 3101 (code=exited, status=1/FAILURE) CPU: 2.905s Oct 19 13:02:27 fedora34 systemd[1]: Started wazuh-dashboard. Oct 19 13:02:30 fedora34 opensearch-dashboards[3101]: {"type":"log","@timestamp":"2022-10-19T13:02:30Z","tags":["info","plugins-service"],"pid":3101,"message":"Plugin \"visTypeXy\" is disabled."} Oct 19 13:02:30 fedora34 opensearch-dashboards[3101]: {"type":"log","@timestamp":"2022-10-19T13:02:30Z","tags":["info","plugins-service"],"pid":3101,"message":"Plugin \"wizard\" is disabled."} Oct 19 13:02:30 fedora34 opensearch-dashboards[3101]: {"type":"log","@timestamp":"2022-10-19T13:02:30Z","tags":["warning","config","deprecation"],"pid":3101,"message":"\"opensearch.requestHeadersWhitelist\" is > Oct 19 13:02:30 fedora34 opensearch-dashboards[3101]: {"type":"log","@timestamp":"2022-10-19T13:02:30Z","tags":["fatal","root"],"pid":3101,"message":"Error: ENOENT: no such file or directory, open '/etc/wazuh-d> Oct 19 13:02:30 fedora34 opensearch-dashboards[3101]: FATAL Error: ENOENT: no such file or directory, open '/etc/wazuh-dashboard/certs/dashboard-key.pem' Oct 19 13:02:30 fedora34 systemd[1]: wazuh-dashboard.service: Main process exited, code=exited, status=1/FAILURE Oct 19 13:02:30 fedora34 systemd[1]: wazuh-dashboard.service: Failed with result 'exit-code'. Oct 19 13:02:30 fedora34 systemd[1]: wazuh-dashboard.service: Consumed 2.905s CPU time. ```

• In Fedora 36 the same reported behavior is observed as in Red Hat 9 and CentOS 9 Stream systems, when starting the service using the service command the log is shown by terminal.

• When renaming the service, the proposed fix corrects the problem by redirecting it to systemctl.

  Fedora 36

  ``` [root@fedora36 vagrant]# cat /etc/os-release NAME="Fedora Linux" VERSION="36 (Thirty Six)" ID=fedora VERSION_ID=36 VERSION_CODENAME="" PLATFORM_ID="platform:f36" PRETTY_NAME="Fedora Linux 36 (Thirty Six)" ANSI_COLOR="0;38;2;60;110;180" LOGO=fedora-logo-icon CPE_NAME="cpe:/o:fedoraproject:fedora:36" HOME_URL="https://fedoraproject.org/" DOCUMENTATION_URL="https://docs.fedoraproject.org/en-US/fedora/f36/system-administrators-guide/" SUPPORT_URL="https://ask.fedoraproject.org/" BUG_REPORT_URL="https://bugzilla.redhat.com/" REDHAT_BUGZILLA_PRODUCT="Fedora" REDHAT_BUGZILLA_PRODUCT_VERSION=36 REDHAT_SUPPORT_PRODUCT="Fedora" REDHAT_SUPPORT_PRODUCT_VERSION=36 PRIVACY_POLICY_URL="https://fedoraproject.org/wiki/Legal:PrivacyPolicy" [root@fedora36 vagrant]# yum localinstall wazuh-dashboard-4.4.0-1.x86_64.rpm -y Fedora 36 - x86_64 32 kB/s | 20 kB 00:00 Fedora 36 openh264 (From Cisco) - x86_64 1.9 kB/s | 989 B 00:00 Fedora 36 openh264 (From Cisco) - x86_64 2.1 kB/s | 2.5 kB 00:01 Fedora Modular 36 - x86_64 38 kB/s | 20 kB 00:00 Fedora 36 - x86_64 - Updates 72 kB/s | 18 kB 00:00 Fedora 36 - x86_64 - Updates 9.1 MB/s | 25 MB 00:02 Fedora Modular 36 - x86_64 - Updates 36 kB/s | 18 kB 00:00 Fedora Modular 36 - x86_64 - Updates 1.4 MB/s | 1.8 MB 00:01 Dependencies resolved. ======================================================================================================== Package Architecture Version Repository Size ======================================================================================================== Installing: wazuh-dashboard x86_64 4.4.0-1 @commandline 172 M Transaction Summary ======================================================================================================== Install 1 Package Total size: 172 M Installed size: 709 M Downloading Packages: Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Running scriptlet: wazuh-dashboard-4.4.0-1.x86_64 1/1 Installing : wazuh-dashboard-4.4.0-1.x86_64 1/1 Running scriptlet: wazuh-dashboard-4.4.0-1.x86_64 1/1 Verifying : wazuh-dashboard-4.4.0-1.x86_64 1/1 Installed: wazuh-dashboard-4.4.0-1.x86_64 Complete! [root@fedora36 vagrant]# service wazuh-dashboard start wazuh-dashboard started [root@fedora36 vagrant]# service wazuh-dashboard status log [13:03:30.796] [info][plugins-service] Plugin "visTypeXy" is disabled. log [13:03:30.807] [info][plugins-service] Plugin "wizard" is disabled. log [13:03:30.845] [warning][config][deprecation] "opensearch.requestHeadersWhitelist" is deprecated and has been replaced by "opensearch.requestHeadersAllowlist" log [13:03:30.849] [fatal][root] Error: ENOENT: no such file or directory, open '/etc/wazuh-dashboard/certs/dashboard-key.pem' at Object.openSync (fs.js:498:3) at readFileSync (fs.js:394:35) at readFile (/usr/share/wazuh-dashboard/src/core/server/http/ssl_config.js:181:31) at new SslConfig (/usr/share/wazuh-dashboard/src/core/server/http/ssl_config.js:131:18) at new HttpConfig (/usr/share/wazuh-dashboard/src/core/server/http/http_config.js:175:16) at MapSubscriber.project (/usr/share/wazuh-dashboard/src/core/server/http/http_service.js:61:177) at MapSubscriber._next (/usr/share/wazuh-dashboard/node_modules/rxjs/internal/operators/map.js:49:35) at MapSubscriber.Subscriber.next (/usr/share/wazuh-dashboard/node_modules/rxjs/internal/Subscriber.js:66:18) at CombineLatestSubscriber.notifyNext (/usr/share/wazuh-dashboard/node_modules/rxjs/internal/observable/combineLatest.js:97:34) at InnerSubscriber._next (/usr/share/wazuh-dashboard/node_modules/rxjs/internal/InnerSubscriber.js:28:21) at InnerSubscriber.Subscriber.next (/usr/share/wazuh-dashboard/node_modules/rxjs/internal/Subscriber.js:66:18) at MapSubscriber._next (/usr/share/wazuh-dashboard/node_modules/rxjs/internal/operators/map.js:55:26) at MapSubscriber.Subscriber.next (/usr/share/wazuh-dashboard/node_modules/rxjs/internal/Subscriber.js:66:18) at DistinctUntilChangedSubscriber._next (/usr/share/wazuh-dashboard/node_modules/rxjs/internal/operators/distinctUntilChanged.js:69:30) at DistinctUntilChangedSubscriber.Subscriber.next (/usr/share/wazuh-dashboard/node_modules/rxjs/internal/Subscriber.js:66:18) at MapSubscriber._next (/usr/share/wazuh-dashboard/node_modules/rxjs/internal/operators/map.js:55:26) { errno: -2, syscall: 'open', code: 'ENOENT', path: '/etc/wazuh-dashboard/certs/dashboard-key.pem' } FATAL Error: ENOENT: no such file or directory, open '/etc/wazuh-dashboard/certs/dashboard-key.pem' ^C [root@fedora36 vagrant]# service wazuh-dashboard stop [root@fedora36 vagrant]# mv /etc/init.d/wazuh-dashboard /etc/init.d/wazuh-dashboard.save [root@fedora36 vagrant]# service wazuh-dashboard start Redirecting to /bin/systemctl start wazuh-dashboard.service [root@fedora36 vagrant]# service wazuh-dashboard status Redirecting to /bin/systemctl status wazuh-dashboard.service × wazuh-dashboard.service - wazuh-dashboard Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; disabled; vendor preset: disabled) Active: failed (Result: exit-code) since Wed 2022-10-19 13:04:59 UTC; 1s ago Process: 3025 ExecStart=/usr/share/wazuh-dashboard/bin/opensearch-dashboards -c /etc/wazuh-dashboard/opensearch_dashboards.yml (code=exited, status=1/FAILURE) Main PID: 3025 (code=exited, status=1/FAILURE) CPU: 2.915s Oct 19 13:04:56 fedora36.localdomain systemd[1]: Started wazuh-dashboard.service - wazuh-dashboard. Oct 19 13:04:59 fedora36.localdomain opensearch-dashboards[3025]: {"type":"log","@timestamp":"2022-10-19T13:04:59Z","tags":["info","plugins-service"],"pid":3025,"message":"Plugin \"visTypeXy\" is disabled."} Oct 19 13:04:59 fedora36.localdomain opensearch-dashboards[3025]: {"type":"log","@timestamp":"2022-10-19T13:04:59Z","tags":["info","plugins-service"],"pid":3025,"message":"Plugin \"wizard\" is disabled."} Oct 19 13:04:59 fedora36.localdomain opensearch-dashboards[3025]: {"type":"log","@timestamp":"2022-10-19T13:04:59Z","tags":["warning","config","deprecation"],"pid":3025,"message":"\"opensearch.requestHeadersWhi> Oct 19 13:04:59 fedora36.localdomain opensearch-dashboards[3025]: {"type":"log","@timestamp":"2022-10-19T13:04:59Z","tags":["fatal","root"],"pid":3025,"message":"Error: ENOENT: no such file or directory, open '> Oct 19 13:04:59 fedora36.localdomain opensearch-dashboards[3025]: FATAL Error: ENOENT: no such file or directory, open '/etc/wazuh-dashboard/certs/dashboard-key.pem' Oct 19 13:04:59 fedora36.localdomain systemd[1]: wazuh-dashboard.service: Main process exited, code=exited, status=1/FAILURE Oct 19 13:04:59 fedora36.localdomain systemd[1]: wazuh-dashboard.service: Failed with result 'exit-code'. Oct 19 13:04:59 fedora36.localdomain systemd[1]: wazuh-dashboard.service: Consumed 2.915s CPU time. ```

• The reported bug has not been reproduced on Debian systems:

  Ubuntu 16 Xenial Xerus

  ``` root@ubuntu16:/home/vagrant# cat /etc/os-release NAME="Ubuntu" VERSION="16.04.7 LTS (Xenial Xerus)" ID=ubuntu ID_LIKE=debian PRETTY_NAME="Ubuntu 16.04.7 LTS" VERSION_ID="16.04" HOME_URL="http://www.ubuntu.com/" SUPPORT_URL="http://help.ubuntu.com/" BUG_REPORT_URL="http://bugs.launchpad.net/ubuntu/" VERSION_CODENAME=xenial UBUNTU_CODENAME=xenial root@ubuntu16:/home/vagrant# apt install ./wazuh-dashboard_4.4.0-1_amd64.deb Reading package lists... Done Building dependency tree Reading state information... Done Note, selecting 'wazuh-dashboard' instead of './wazuh-dashboard_4.4.0-1_amd64.deb' The following NEW packages will be installed: wazuh-dashboard 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded. Need to get 0 B/147 MB of archives. After this operation, 780 MB of additional disk space will be used. Get:1 /home/vagrant/wazuh-dashboard_4.4.0-1_amd64.deb wazuh-dashboard amd64 4.4.0-1 [147 MB] Selecting previously unselected package wazuh-dashboard. (Reading database ... 54424 files and directories currently installed.) Preparing to unpack .../wazuh-dashboard_4.4.0-1_amd64.deb ... Creating wazuh-dashboard group... OK Creating wazuh-dashboard user... OK Unpacking wazuh-dashboard (4.4.0-1) ... Setting up wazuh-dashboard (4.4.0-1) ... root@ubuntu16:/home/vagrant# service wazuh-dashboard start root@ubuntu16:/home/vagrant# service wazuh-dashboard status ● wazuh-dashboard.service - wazuh-dashboard Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; disabled; vendor preset: enabled) Active: failed (Result: exit-code) since Wed 2022-10-19 12:32:29 UTC; 2s ago Process: 2412 ExecStart=/usr/share/wazuh-dashboard/bin/opensearch-dashboards -c /etc/wazuh-dashboard/opensearch_dashboards.yml (code=exited, status=1/FAILURE) Main PID: 2412 (code=exited, status=1/FAILURE) Oct 19 12:32:25 ubuntu16 systemd[1]: Started wazuh-dashboard. Oct 19 12:32:29 ubuntu16 opensearch-dashboards[2412]: {"type":"log","@timestamp":"2022-10-19T12:32:29Z","tags":["info","plugins-service"],"pid":2412,"message":"Plugin \"visTypeXy\" is disabled."} Oct 19 12:32:29 ubuntu16 opensearch-dashboards[2412]: {"type":"log","@timestamp":"2022-10-19T12:32:29Z","tags":["info","plugins-service"],"pid":2412,"message":"Plugin \"wizard\" is disabled."} Oct 19 12:32:29 ubuntu16 opensearch-dashboards[2412]: {"type":"log","@timestamp":"2022-10-19T12:32:29Z","tags":["warning","config","deprecation"],"pid":2412,"message":"\"opensearch.requestHeadersWhitelist\" is d Oct 19 12:32:29 ubuntu16 opensearch-dashboards[2412]: {"type":"log","@timestamp":"2022-10-19T12:32:29Z","tags":["fatal","root"],"pid":2412,"message":"Error: ENOENT: no such file or directory, open '/etc/wazuh-da Oct 19 12:32:29 ubuntu16 opensearch-dashboards[2412]: FATAL Error: ENOENT: no such file or directory, open '/etc/wazuh-dashboard/certs/dashboard-key.pem' Oct 19 12:32:29 ubuntu16 systemd[1]: wazuh-dashboard.service: Main process exited, code=exited, status=1/FAILURE Oct 19 12:32:29 ubuntu16 systemd[1]: wazuh-dashboard.service: Unit entered failed state. Oct 19 12:32:29 ubuntu16 systemd[1]: wazuh-dashboard.service: Failed with result 'exit-code'. ```
  Ubuntu 18 Bionic Beaver

  ``` root@ubuntu18:/home/vagrant# cat /etc/os-release NAME="Ubuntu" VERSION="18.04.6 LTS (Bionic Beaver)" ID=ubuntu ID_LIKE=debian PRETTY_NAME="Ubuntu 18.04.6 LTS" VERSION_ID="18.04" HOME_URL="https://www.ubuntu.com/" SUPPORT_URL="https://help.ubuntu.com/" BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/" PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy" VERSION_CODENAME=bionic UBUNTU_CODENAME=bionic root@ubuntu18:/home/vagrant# apt install ./wazuh-dashboard_4.4.0-1_amd64.deb Reading package lists... Done Building dependency tree Reading state information... Done Note, selecting 'wazuh-dashboard' instead of './wazuh-dashboard_4.4.0-1_amd64.deb' The following NEW packages will be installed: wazuh-dashboard 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded. Need to get 0 B/147 MB of archives. After this operation, 780 MB of additional disk space will be used. Get:1 /home/vagrant/wazuh-dashboard_4.4.0-1_amd64.deb wazuh-dashboard amd64 4.4.0-1 [147 MB] Selecting previously unselected package wazuh-dashboard. (Reading database ... 105957 files and directories currently installed.) Preparing to unpack .../wazuh-dashboard_4.4.0-1_amd64.deb ... Creating wazuh-dashboard group... OK Creating wazuh-dashboard user... OK Unpacking wazuh-dashboard (4.4.0-1) ... Setting up wazuh-dashboard (4.4.0-1) ... root@ubuntu18:/home/vagrant# service wazuh-dashboard start root@ubuntu18:/home/vagrant# service wazuh-dashboard status ● wazuh-dashboard.service - wazuh-dashboard Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; disabled; vendor preset: enabled) Active: failed (Result: exit-code) since Wed 2022-10-19 12:30:18 UTC; 1min 38s ago Process: 2617 ExecStart=/usr/share/wazuh-dashboard/bin/opensearch-dashboards -c /etc/wazuh-dashboard/opensearch_dashboards.yml (code=exited, status=1/FAILURE) Main PID: 2617 (code=exited, status=1/FAILURE) Oct 19 12:30:14 ubuntu18 systemd[1]: Started wazuh-dashboard. Oct 19 12:30:18 ubuntu18 opensearch-dashboards[2617]: {"type":"log","@timestamp":"2022-10-19T12:30:18Z","tags":["info","plugins-service"],"pid":2617,"message":"Plugin \"visTypeXy\" is disabled."} Oct 19 12:30:18 ubuntu18 opensearch-dashboards[2617]: {"type":"log","@timestamp":"2022-10-19T12:30:18Z","tags":["info","plugins-service"],"pid":2617,"message":"Plugin \"wizard\" is disabled."} Oct 19 12:30:18 ubuntu18 opensearch-dashboards[2617]: {"type":"log","@timestamp":"2022-10-19T12:30:18Z","tags":["warning","config","deprecation"],"pid":2617,"message":"\"opensearch.requestHeadersWhitelist\" is d Oct 19 12:30:18 ubuntu18 opensearch-dashboards[2617]: {"type":"log","@timestamp":"2022-10-19T12:30:18Z","tags":["fatal","root"],"pid":2617,"message":"Error: ENOENT: no such file or directory, open '/etc/wazuh-da Oct 19 12:30:18 ubuntu18 opensearch-dashboards[2617]: FATAL Error: ENOENT: no such file or directory, open '/etc/wazuh-dashboard/certs/dashboard-key.pem' Oct 19 12:30:18 ubuntu18 systemd[1]: wazuh-dashboard.service: Main process exited, code=exited, status=1/FAILURE Oct 19 12:30:18 ubuntu18 systemd[1]: wazuh-dashboard.service: Failed with result 'exit-code'. ```
  Ubuntu 20 Focal Fossa

  ``` root@ubuntu20:/home/vagrant# cat /etc/os-release NAME="Ubuntu" VERSION="20.04.4 LTS (Focal Fossa)" ID=ubuntu ID_LIKE=debian PRETTY_NAME="Ubuntu 20.04.4 LTS" VERSION_ID="20.04" HOME_URL="https://www.ubuntu.com/" SUPPORT_URL="https://help.ubuntu.com/" BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/" PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy" VERSION_CODENAME=focal UBUNTU_CODENAME=focal root@ubuntu20:/home/vagrant# apt install ./wazuh-dashboard_4.4.0-1_amd64.deb Reading package lists... Done Building dependency tree Reading state information... Done Note, selecting 'wazuh-dashboard' instead of './wazuh-dashboard_4.4.0-1_amd64.deb' The following NEW packages will be installed: wazuh-dashboard 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded. Need to get 0 B/147 MB of archives. After this operation, 780 MB of additional disk space will be used. Get:1 /home/vagrant/wazuh-dashboard_4.4.0-1_amd64.deb wazuh-dashboard amd64 4.4.0-1 [147 MB] Selecting previously unselected package wazuh-dashboard. (Reading database ... 111328 files and directories currently installed.) Preparing to unpack .../wazuh-dashboard_4.4.0-1_amd64.deb ... Creating wazuh-dashboard group... OK Creating wazuh-dashboard user... OK Unpacking wazuh-dashboard (4.4.0-1) ... Setting up wazuh-dashboard (4.4.0-1) ... root@ubuntu20:/home/vagrant# service wazuh-dashboard start root@ubuntu20:/home/vagrant# service wazuh-dashboard status ● wazuh-dashboard.service - wazuh-dashboard Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; disabled; vendor preset: enabled) Active: failed (Result: exit-code) since Wed 2022-10-19 12:33:21 UTC; 3s ago Process: 2174 ExecStart=/usr/share/wazuh-dashboard/bin/opensearch-dashboards -c /etc/wazuh-dashboard/opensearch_dashboards.yml (code=exited, status=1/FAILURE) Main PID: 2174 (code=exited, status=1/FAILURE) Oct 19 12:33:17 ubuntu20 systemd[1]: Started wazuh-dashboard. Oct 19 12:33:20 ubuntu20 opensearch-dashboards[2174]: {"type":"log","@timestamp":"2022-10-19T12:33:20Z","tags":["info","plugins-service"],"pid":2174,"message":"Plugin \"visTypeXy\" is disabled."} Oct 19 12:33:20 ubuntu20 opensearch-dashboards[2174]: {"type":"log","@timestamp":"2022-10-19T12:33:20Z","tags":["info","plugins-service"],"pid":2174,"message":"Plugin \"wizard\" is disabled."} Oct 19 12:33:21 ubuntu20 opensearch-dashboards[2174]: {"type":"log","@timestamp":"2022-10-19T12:33:21Z","tags":["warning","config","deprecation"],"pid":2174,"message":"\"opensearch.requestHeadersWhitelist\" is > Oct 19 12:33:21 ubuntu20 opensearch-dashboards[2174]: {"type":"log","@timestamp":"2022-10-19T12:33:21Z","tags":["fatal","root"],"pid":2174,"message":"Error: ENOENT: no such file or directory, open '/etc/wazuh-d> Oct 19 12:33:21 ubuntu20 opensearch-dashboards[2174]: FATAL Error: ENOENT: no such file or directory, open '/etc/wazuh-dashboard/certs/dashboard-key.pem' Oct 19 12:33:21 ubuntu20 systemd[1]: wazuh-dashboard.service: Main process exited, code=exited, status=1/FAILURE Oct 19 12:33:21 ubuntu20 systemd[1]: wazuh-dashboard.service: Failed with result 'exit-code'. ```
  Ubuntu 22 Jammy Jellyfish

  ``` root@ubuntu22:/home/vagrant# apt install ./wazuh-dashboard_4.4.0-1_amd64.deb Reading package lists... Done Building dependency tree... Done Reading state information... Done Note, selecting 'wazuh-dashboard' instead of './wazuh-dashboard_4.4.0-1_amd64.deb' The following NEW packages will be installed: wazuh-dashboard 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded. Need to get 0 B/147 MB of archives. After this operation, 780 MB of additional disk space will be used. Get:1 /home/vagrant/wazuh-dashboard_4.4.0-1_amd64.deb wazuh-dashboard amd64 4.4.0-1 [147 MB] Selecting previously unselected package wazuh-dashboard. (Reading database ... 75032 files and directories currently installed.) Preparing to unpack .../wazuh-dashboard_4.4.0-1_amd64.deb ... Creating wazuh-dashboard group... OK Creating wazuh-dashboard user... OK Unpacking wazuh-dashboard (4.4.0-1) ... Setting up wazuh-dashboard (4.4.0-1) ... Scanning processes... Scanning linux images... Running kernel seems to be up-to-date. No services need to be restarted. No containers need to be restarted. No user sessions are running outdated binaries. No VM guests are running outdated hypervisor (qemu) binaries on this host. N: Download is performed unsandboxed as root as file '/home/vagrant/wazuh-dashboard_4.4.0-1_amd64.deb' couldn't be accessed by user '_apt'. - pkgAcquire::Run (13: Permission denied) root@ubuntu22:/home/vagrant# service wazuh-dashboard start root@ubuntu22:/home/vagrant# service wazuh-dashboard status × wazuh-dashboard.service - wazuh-dashboard Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; disabled; vendor preset: enabled) Active: failed (Result: exit-code) since Wed 2022-10-19 12:35:00 UTC; 2s ago Process: 2047 ExecStart=/usr/share/wazuh-dashboard/bin/opensearch-dashboards -c /etc/wazuh-dashboard/opensearch_dashboards.yml (code=exited, status=1/FAILURE) Main PID: 2047 (code=exited, status=1/FAILURE) CPU: 3.101s Oct 19 12:34:56 ubuntu22 systemd[1]: Started wazuh-dashboard. Oct 19 12:35:00 ubuntu22 opensearch-dashboards[2047]: {"type":"log","@timestamp":"2022-10-19T12:35:00Z","tags":["info","plugins-service"],"pid":2047,"message":"Plugin \"visTypeXy\" is disabled."} Oct 19 12:35:00 ubuntu22 opensearch-dashboards[2047]: {"type":"log","@timestamp":"2022-10-19T12:35:00Z","tags":["info","plugins-service"],"pid":2047,"message":"Plugin \"wizard\" is disabled."} Oct 19 12:35:00 ubuntu22 opensearch-dashboards[2047]: {"type":"log","@timestamp":"2022-10-19T12:35:00Z","tags":["warning","config","deprecation"],"pid":2047,"message":"\"opensearch.requestHeadersWhitelist\" is > Oct 19 12:35:00 ubuntu22 opensearch-dashboards[2047]: {"type":"log","@timestamp":"2022-10-19T12:35:00Z","tags":["fatal","root"],"pid":2047,"message":"Error: ENOENT: no such file or directory, open '/etc/wazuh-d> Oct 19 12:35:00 ubuntu22 opensearch-dashboards[2047]: FATAL Error: ENOENT: no such file or directory, open '/etc/wazuh-dashboard/certs/dashboard-key.pem' Oct 19 12:35:00 ubuntu22 systemd[1]: wazuh-dashboard.service: Main process exited, code=exited, status=1/FAILURE Oct 19 12:35:00 ubuntu22 systemd[1]: wazuh-dashboard.service: Failed with result 'exit-code'. Oct 19 12:35:00 ubuntu22 systemd[1]: wazuh-dashboard.service: Consumed 3.101s CPU time. ```
  Debian 11 Bullseye

  ``` root@debian11:/home/vagrant# cat /etc/os-release PRETTY_NAME="Debian GNU/Linux 11 (bullseye)" NAME="Debian GNU/Linux" VERSION_ID="11" VERSION="11 (bullseye)" VERSION_CODENAME=bullseye ID=debian HOME_URL="https://www.debian.org/" SUPPORT_URL="https://www.debian.org/support" BUG_REPORT_URL="https://bugs.debian.org/" root@debian11:/home/vagrant# apt install ./wazuh-dashboard_4.4.0-1_amd64.deb Reading package lists... Done Building dependency tree... Done Reading state information... Done Note, selecting 'wazuh-dashboard' instead of './wazuh-dashboard_4.4.0-1_amd64.deb' The following NEW packages will be installed: wazuh-dashboard 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded. Need to get 0 B/147 MB of archives. After this operation, 780 MB of additional disk space will be used. Get:1 /home/vagrant/wazuh-dashboard_4.4.0-1_amd64.deb wazuh-dashboard amd64 4.4.0-1 [147 MB] Selecting previously unselected package wazuh-dashboard. (Reading database ... 68814 files and directories currently installed.) Preparing to unpack .../wazuh-dashboard_4.4.0-1_amd64.deb ... Creating wazuh-dashboard group... OK Creating wazuh-dashboard user... OK Unpacking wazuh-dashboard (4.4.0-1) ... Setting up wazuh-dashboard (4.4.0-1) ... root@debian11:/home/vagrant# service wazuh-dashboard start root@debian11:/home/vagrant# service wazuh-dashboard status ● wazuh-dashboard.service - wazuh-dashboard Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; disabled; vendor preset: enabled) Active: failed (Result: exit-code) since Wed 2022-10-19 12:58:34 UTC; 8s ago Process: 1984 ExecStart=/usr/share/wazuh-dashboard/bin/opensearch-dashboards -c /etc/wazuh-dashboard/opensearch_dashboards.yml (code=exited, status=1/FAILURE) Main PID: 1984 (code=exited, status=1/FAILURE) CPU: 3.255s Oct 19 12:58:30 debian11 systemd[1]: Started wazuh-dashboard. Oct 19 12:58:34 debian11 opensearch-dashboards[1984]: {"type":"log","@timestamp":"2022-10-19T12:58:34Z","tags":["info","plugins-service"],"pid":1984,"message":"Plugin \"visTypeXy\" is disabled."} Oct 19 12:58:34 debian11 opensearch-dashboards[1984]: {"type":"log","@timestamp":"2022-10-19T12:58:34Z","tags":["info","plugins-service"],"pid":1984,"message":"Plugin \"wizard\" is disabled."} Oct 19 12:58:34 debian11 opensearch-dashboards[1984]: {"type":"log","@timestamp":"2022-10-19T12:58:34Z","tags":["warning","config","deprecation"],"pid":1984,"message":"\"opensearch.requestHeadersWhitelist\" is > Oct 19 12:58:34 debian11 opensearch-dashboards[1984]: {"type":"log","@timestamp":"2022-10-19T12:58:34Z","tags":["fatal","root"],"pid":1984,"message":"Error: ENOENT: no such file or directory, open '/etc/wazuh-d> Oct 19 12:58:34 debian11 opensearch-dashboards[1984]: FATAL Error: ENOENT: no such file or directory, open '/etc/wazuh-dashboard/certs/dashboard-key.pem' Oct 19 12:58:34 debian11 systemd[1]: wazuh-dashboard.service: Main process exited, code=exited, status=1/FAILURE Oct 19 12:58:34 debian11 systemd[1]: wazuh-dashboard.service: Failed with result 'exit-code'. Oct 19 12:58:34 debian11 systemd[1]: wazuh-dashboard.service: Consumed 3.255s CPU time. ```

---

• After discussing the proposed options with the team, it has been decided to apply solution number 3, which consists of removing the init.d service from RPM systems so that the native redirection to systemctl can be carried out.

---

• After removing the service file from the RPM SPEC file, the generated package does not reproduce the problem and the use of the service command redirects to systemctl.

  Red Hat 7 with fix

  ``` [root@redhat7 vagrant]# cat /etc/os-release NAME="Red Hat Enterprise Linux Server" VERSION="7.9 (Maipo)" ID="rhel" ID_LIKE="fedora" VARIANT="Server" VARIANT_ID="server" VERSION_ID="7.9" PRETTY_NAME="Red Hat Enterprise Linux Server 7.9 (Maipo)" ANSI_COLOR="0;31" CPE_NAME="cpe:/o:redhat:enterprise_linux:7.9:GA:server" HOME_URL="https://www.redhat.com/" BUG_REPORT_URL="https://bugzilla.redhat.com/" REDHAT_BUGZILLA_PRODUCT="Red Hat Enterprise Linux 7" REDHAT_BUGZILLA_PRODUCT_VERSION=7.9 REDHAT_SUPPORT_PRODUCT="Red Hat Enterprise Linux" REDHAT_SUPPORT_PRODUCT_VERSION="7.9" [root@redhat7 vagrant]# yum localinstall wazuh-dashboard-4.4.0-1.x86_64.rpm -y Loaded plugins: product-id, search-disabled-repos Examining wazuh-dashboard-4.4.0-1.x86_64.rpm: wazuh-dashboard-4.4.0-1.x86_64 Marking wazuh-dashboard-4.4.0-1.x86_64.rpm to be installed Resolving Dependencies --> Running transaction check ---> Package wazuh-dashboard.x86_64 0:4.4.0-1 will be installed --> Finished Dependency Resolution Dependencies Resolved ======================================================================================================== Package Arch Version Repository Size ======================================================================================================== Installing: wazuh-dashboard x86_64 4.4.0-1 /wazuh-dashboard-4.4.0-1.x86_64 709 M Transaction Summary ======================================================================================================== Install 1 Package Total size: 709 M Installed size: 709 M Downloading packages: Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : wazuh-dashboard-4.4.0-1.x86_64 1/1 Verifying : wazuh-dashboard-4.4.0-1.x86_64 1/1 epel/x86_64/metalink | 29 kB 00:00:00 epel/x86_64 | 4.7 kB 00:00:00 epel/x86_64/group_gz | 97 kB 00:00:00 epel/x86_64/updateinfo | 1.0 MB 00:00:00 epel/x86_64/primary_db | 7.0 MB 00:00:00 Installed: wazuh-dashboard.x86_64 0:4.4.0-1 Complete! [root@redhat7 vagrant]# ls -l /etc/init.d/ total 44 -rw-r--r--. 1 root root 18281 May 22 2020 functions -rwxr-xr-x. 1 root root 4569 May 22 2020 netconsole -rwxr-xr-x. 1 root root 7928 May 22 2020 network -rw-r--r--. 1 root root 1160 May 12 2020 README -rwxr-xr-x. 1 root root 2437 Oct 19 2017 rhnsd [root@redhat7 vagrant]# service wazuh-dashboard start Redirecting to /bin/systemctl start wazuh-dashboard.service [root@redhat7 vagrant]# service wazuh-dashboard status Redirecting to /bin/systemctl status wazuh-dashboard.service ● wazuh-dashboard.service - wazuh-dashboard Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; disabled; vendor preset: disabled) Active: failed (Result: exit-code) since Wed 2022-10-19 13:51:20 UTC; 16s ago Process: 3976 ExecStart=/usr/share/wazuh-dashboard/bin/opensearch-dashboards -c /etc/wazuh-dashboard/opensearch_dashboards.yml (code=exited, status=1/FAILURE) Main PID: 3976 (code=exited, status=1/FAILURE) Oct 19 13:51:15 redhat7 systemd[1]: Started wazuh-dashboard. Oct 19 13:51:20 redhat7 opensearch-dashboards[3976]: {"type":"log","@timestamp":"2022-10-19T13:51:20Z","tags":["info","plugins-service"],"pid":3976,"message":"Plugin \"visTypeXy\" is disabled."} Oct 19 13:51:20 redhat7 opensearch-dashboards[3976]: {"type":"log","@timestamp":"2022-10-19T13:51:20Z","tags":["info","plugins-service"],"pid":3976,"message":"Plugin \"wizard\" is disabled."} Oct 19 13:51:20 redhat7 opensearch-dashboards[3976]: {"type":"log","@timestamp":"2022-10-19T13:51:20Z","tags":["warning","config","deprecation"],"pid":3976,"message":"\"opensearch.requestHeadersW...Allowlist\""} Oct 19 13:51:20 redhat7 opensearch-dashboards[3976]: {"type":"log","@timestamp":"2022-10-19T13:51:20Z","tags":["fatal","root"],"pid":3976,"message":"Error: ENOENT: no such file or directory, open... (/usr/share/ Oct 19 13:51:20 redhat7 opensearch-dashboards[3976]: FATAL Error: ENOENT: no such file or directory, open '/etc/wazuh-dashboard/certs/dashboard-key.pem' Oct 19 13:51:20 redhat7 systemd[1]: wazuh-dashboard.service: main process exited, code=exited, status=1/FAILURE Oct 19 13:51:20 redhat7 systemd[1]: Unit wazuh-dashboard.service entered failed state. Oct 19 13:51:20 redhat7 systemd[1]: wazuh-dashboard.service failed. Hint: Some lines were ellipsized, use -l to show in full. [root@redhat7 vagrant]# ```
  Red Hat 9 with fix

  ``` [root@redhat9 vagrant]# cat /etc/os-release NAME="Red Hat Enterprise Linux" VERSION="9.0 (Plow)" ID="rhel" ID_LIKE="fedora" VERSION_ID="9.0" PLATFORM_ID="platform:el9" PRETTY_NAME="Red Hat Enterprise Linux 9.0 (Plow)" ANSI_COLOR="0;31" LOGO="fedora-logo-icon" CPE_NAME="cpe:/o:redhat:enterprise_linux:9::baseos" HOME_URL="https://www.redhat.com/" DOCUMENTATION_URL="https://access.redhat.com/documentation/red_hat_enterprise_linux/9/" BUG_REPORT_URL="https://bugzilla.redhat.com/" REDHAT_BUGZILLA_PRODUCT="Red Hat Enterprise Linux 9" REDHAT_BUGZILLA_PRODUCT_VERSION=9.0 REDHAT_SUPPORT_PRODUCT="Red Hat Enterprise Linux" REDHAT_SUPPORT_PRODUCT_VERSION="9.0" [root@redhat9 vagrant]# yum localinstall wazuh-dashboard-4.4.0-1.x86_64.rpm -y Extra Packages for Enterprise Linux 9 - x86_64 11 MB/s | 11 MB 00:00 Last metadata expiration check: 0:00:02 ago on Wed 19 Oct 2022 01:49:21 PM UTC. Dependencies resolved. ======================================================================================================== Package Architecture Version Repository Size ======================================================================================================== Installing: wazuh-dashboard x86_64 4.4.0-1 @commandline 172 M Transaction Summary ======================================================================================================== Install 1 Package Total size: 172 M Installed size: 709 M Downloading Packages: Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Running scriptlet: wazuh-dashboard-4.4.0-1.x86_64 1/1 Installing : wazuh-dashboard-4.4.0-1.x86_64 1/1 Running scriptlet: wazuh-dashboard-4.4.0-1.x86_64 1/1 Verifying : wazuh-dashboard-4.4.0-1.x86_64 1/1 Installed products updated. Installed: wazuh-dashboard-4.4.0-1.x86_64 Complete! [root@redhat9 vagrant]# ls -l /etc/init.d ls: cannot access '/etc/init.d': No such file or directory [root@redhat9 vagrant]# service wazuh-dashboard start Redirecting to /bin/systemctl start wazuh-dashboard.service [root@redhat9 vagrant]# service wazuh-dashboard status Redirecting to /bin/systemctl status wazuh-dashboard.service × wazuh-dashboard.service - wazuh-dashboard Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; disabled; vendor preset: disabled) Active: failed (Result: exit-code) since Wed 2022-10-19 13:51:29 UTC; 58s ago Process: 4472 ExecStart=/usr/share/wazuh-dashboard/bin/opensearch-dashboards -c /etc/wazuh-dashboard/opensearch_dashboards.yml (code=exited, status=1/FAILURE) Main PID: 4472 (code=exited, status=1/FAILURE) CPU: 3.747s Oct 19 13:51:24 redhat9 systemd[1]: Started wazuh-dashboard. Oct 19 13:51:29 redhat9 opensearch-dashboards[4472]: {"type":"log","@timestamp":"2022-10-19T13:51:29Z","tags":["info","plugins-service"],"pid":4472,"message":"Plugin \"visTypeXy\" is disabled."} Oct 19 13:51:29 redhat9 opensearch-dashboards[4472]: {"type":"log","@timestamp":"2022-10-19T13:51:29Z","tags":["info","plugins-service"],"pid":4472,"message":"Plugin \"wizard\" is disabled."} Oct 19 13:51:29 redhat9 opensearch-dashboards[4472]: {"type":"log","@timestamp":"2022-10-19T13:51:29Z","tags":["warning","config","deprecation"],"pid":4472,"message":"\"opensearch.requestHeadersWhitelist\" is d> Oct 19 13:51:29 redhat9 opensearch-dashboards[4472]: {"type":"log","@timestamp":"2022-10-19T13:51:29Z","tags":["fatal","root"],"pid":4472,"message":"Error: ENOENT: no such file or directory, open '/etc/wazuh-da> Oct 19 13:51:29 redhat9 opensearch-dashboards[4472]: FATAL Error: ENOENT: no such file or directory, open '/etc/wazuh-dashboard/certs/dashboard-key.pem' Oct 19 13:51:29 redhat9 systemd[1]: wazuh-dashboard.service: Main process exited, code=exited, status=1/FAILURE Oct 19 13:51:29 redhat9 systemd[1]: wazuh-dashboard.service: Failed with result 'exit-code'. Oct 19 13:51:29 redhat9 systemd[1]: wazuh-dashboard.service: Consumed 3.747s CPU time. [root@redhat9 vagrant]# ```

---

• Package construction using the Packages_builder pipeline ends with SUCCESS status: https://devel.ci.wazuh.info/view/Packages/job/Packages_builder/8845/

• The package generated with the modifications made in the SPEC file, performs all the actions through systemctl when used with the service command, the reported behavior is not observed.

  Red Hat 9 Jenkins package install test

  ``` [root@redhat9 vagrant]# cat /etc/os-release NAME="Red Hat Enterprise Linux" VERSION="9.0 (Plow)" ID="rhel" ID_LIKE="fedora" VERSION_ID="9.0" PLATFORM_ID="platform:el9" PRETTY_NAME="Red Hat Enterprise Linux 9.0 (Plow)" ANSI_COLOR="0;31" LOGO="fedora-logo-icon" CPE_NAME="cpe:/o:redhat:enterprise_linux:9::baseos" HOME_URL="https://www.redhat.com/" DOCUMENTATION_URL="https://access.redhat.com/documentation/red_hat_enterprise_linux/9/" BUG_REPORT_URL="https://bugzilla.redhat.com/" REDHAT_BUGZILLA_PRODUCT="Red Hat Enterprise Linux 9" REDHAT_BUGZILLA_PRODUCT_VERSION=9.0 REDHAT_SUPPORT_PRODUCT="Red Hat Enterprise Linux" REDHAT_SUPPORT_PRODUCT_VERSION="9.0" [root@redhat9 vagrant]# wget https://packages-dev.wazuh.com/warehouse/test/4.4/rpm/wazuh-dashboard-4.4.0-wp.1880.x86_64.rpm --2022-10-19 15:16:35-- https://packages-dev.wazuh.com/warehouse/test/4.4/rpm/wazuh-dashboard-4.4.0-wp.1880.x86_64.rpm Resolving packages-dev.wazuh.com (packages-dev.wazuh.com)... 52.84.66.124, 52.84.66.65, 52.84.66.126, ... Connecting to packages-dev.wazuh.com (packages-dev.wazuh.com)|52.84.66.124|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 180722644 (172M) [binary/octet-stream] Saving to: ‘wazuh-dashboard-4.4.0-wp.1880.x86_64.rpm’ wazuh-dashboard-4.4.0-wp.1880.x86_64.rpm 100%[=====================================================================================================================>] 172.35M 22.7MB/s in 8.6s 2022-10-19 15:16:44 (20.0 MB/s) - ‘wazuh-dashboard-4.4.0-wp.1880.x86_64.rpm’ saved [180722644/180722644] [root@redhat9 vagrant]# yum localinstall wazuh-dashboard-4.4.0-wp.1880.x86_64.rpm -y Extra Packages for Enterprise Linux 9 - x86_64 2.1 MB/s | 11 MB 00:05 Last metadata expiration check: 0:00:05 ago on Wed 19 Oct 2022 03:16:56 PM UTC. Dependencies resolved. =================================================================================================================================================================================================================== Package Architecture Version Repository Size =================================================================================================================================================================================================================== Installing: wazuh-dashboard x86_64 4.4.0-wp.1880 @commandline 172 M Transaction Summary =================================================================================================================================================================================================================== Install 1 Package Total size: 172 M Installed size: 709 M Downloading Packages: Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Running scriptlet: wazuh-dashboard-4.4.0-wp.1880.x86_64 1/1 Installing : wazuh-dashboard-4.4.0-wp.1880.x86_64 1/1 Running scriptlet: wazuh-dashboard-4.4.0-wp.1880.x86_64 1/1 Verifying : wazuh-dashboard-4.4.0-wp.1880.x86_64 1/1 Installed products updated. Installed: wazuh-dashboard-4.4.0-wp.1880.x86_64 Complete! [root@redhat9 vagrant]# service wazuh-dashboard status Redirecting to /bin/systemctl status wazuh-dashboard.service ○ wazuh-dashboard.service - wazuh-dashboard Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; disabled; vendor preset: disabled) Active: inactive (dead) [root@redhat9 vagrant]# service wazuh-dashboard start Redirecting to /bin/systemctl start wazuh-dashboard.service [root@redhat9 vagrant]# service wazuh-dashboard status Redirecting to /bin/systemctl status wazuh-dashboard.service × wazuh-dashboard.service - wazuh-dashboard Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; disabled; vendor preset: disabled) Active: failed (Result: exit-code) since Wed 2022-10-19 15:18:39 UTC; 4s ago Process: 4434 ExecStart=/usr/share/wazuh-dashboard/bin/opensearch-dashboards -c /etc/wazuh-dashboard/opensearch_dashboards.yml (code=exited, status=1/FAILURE) Main PID: 4434 (code=exited, status=1/FAILURE) CPU: 3.624s Oct 19 15:18:35 redhat9 systemd[1]: Started wazuh-dashboard. Oct 19 15:18:39 redhat9 opensearch-dashboards[4434]: {"type":"log","@timestamp":"2022-10-19T15:18:39Z","tags":["info","plugins-service"],"pid":4434,"message":"Plugin \"visTypeXy\" is disabled."} Oct 19 15:18:39 redhat9 opensearch-dashboards[4434]: {"type":"log","@timestamp":"2022-10-19T15:18:39Z","tags":["info","plugins-service"],"pid":4434,"message":"Plugin \"wizard\" is disabled."} Oct 19 15:18:39 redhat9 opensearch-dashboards[4434]: {"type":"log","@timestamp":"2022-10-19T15:18:39Z","tags":["warning","config","deprecation"],"pid":4434,"message":"\"opensearch.requestHeadersWhitelist\" is d> Oct 19 15:18:39 redhat9 opensearch-dashboards[4434]: {"type":"log","@timestamp":"2022-10-19T15:18:39Z","tags":["fatal","root"],"pid":4434,"message":"Error: ENOENT: no such file or directory, open '/etc/wazuh-da> Oct 19 15:18:39 redhat9 opensearch-dashboards[4434]: FATAL Error: ENOENT: no such file or directory, open '/etc/wazuh-dashboard/certs/dashboard-key.pem' Oct 19 15:18:39 redhat9 systemd[1]: wazuh-dashboard.service: Main process exited, code=exited, status=1/FAILURE Oct 19 15:18:39 redhat9 systemd[1]: wazuh-dashboard.service: Failed with result 'exit-code'. Oct 19 15:18:39 redhat9 systemd[1]: wazuh-dashboard.service: Consumed 3.624s CPU time. [root@redhat9 vagrant]# service wazuh-dashboard restart Redirecting to /bin/systemctl restart wazuh-dashboard.service [root@redhat9 vagrant]# service wazuh-dashboard status Redirecting to /bin/systemctl status wazuh-dashboard.service × wazuh-dashboard.service - wazuh-dashboard Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; disabled; vendor preset: disabled) Active: failed (Result: exit-code) since Wed 2022-10-19 15:18:55 UTC; 5s ago Process: 4460 ExecStart=/usr/share/wazuh-dashboard/bin/opensearch-dashboards -c /etc/wazuh-dashboard/opensearch_dashboards.yml (code=exited, status=1/FAILURE) Main PID: 4460 (code=exited, status=1/FAILURE) CPU: 3.300s Oct 19 15:18:52 redhat9 systemd[1]: Started wazuh-dashboard. Oct 19 15:18:55 redhat9 opensearch-dashboards[4460]: {"type":"log","@timestamp":"2022-10-19T15:18:55Z","tags":["info","plugins-service"],"pid":4460,"message":"Plugin \"visTypeXy\" is disabled."} Oct 19 15:18:55 redhat9 opensearch-dashboards[4460]: {"type":"log","@timestamp":"2022-10-19T15:18:55Z","tags":["info","plugins-service"],"pid":4460,"message":"Plugin \"wizard\" is disabled."} Oct 19 15:18:55 redhat9 opensearch-dashboards[4460]: {"type":"log","@timestamp":"2022-10-19T15:18:55Z","tags":["warning","config","deprecation"],"pid":4460,"message":"\"opensearch.requestHeadersWhitelist\" is d> Oct 19 15:18:55 redhat9 opensearch-dashboards[4460]: {"type":"log","@timestamp":"2022-10-19T15:18:55Z","tags":["fatal","root"],"pid":4460,"message":"Error: ENOENT: no such file or directory, open '/etc/wazuh-da> Oct 19 15:18:55 redhat9 opensearch-dashboards[4460]: FATAL Error: ENOENT: no such file or directory, open '/etc/wazuh-dashboard/certs/dashboard-key.pem' Oct 19 15:18:55 redhat9 systemd[1]: wazuh-dashboard.service: Main process exited, code=exited, status=1/FAILURE Oct 19 15:18:55 redhat9 systemd[1]: wazuh-dashboard.service: Failed with result 'exit-code'. Oct 19 15:18:55 redhat9 systemd[1]: wazuh-dashboard.service: Consumed 3.300s CPU time. [root@redhat9 vagrant]# systemctl stop wazuh-dashboard [root@redhat9 vagrant]# systemctl start wazuh-dashboard [root@redhat9 vagrant]# systemctl status wazuh-dashboard × wazuh-dashboard.service - wazuh-dashboard Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; disabled; vendor preset: disabled) Active: failed (Result: exit-code) since Wed 2022-10-19 15:19:25 UTC; 1s ago Process: 4485 ExecStart=/usr/share/wazuh-dashboard/bin/opensearch-dashboards -c /etc/wazuh-dashboard/opensearch_dashboards.yml (code=exited, status=1/FAILURE) Main PID: 4485 (code=exited, status=1/FAILURE) CPU: 3.402s Oct 19 15:19:22 redhat9 systemd[1]: Started wazuh-dashboard. Oct 19 15:19:25 redhat9 opensearch-dashboards[4485]: {"type":"log","@timestamp":"2022-10-19T15:19:25Z","tags":["info","plugins-service"],"pid":4485,"message":"Plugin \"visTypeXy\" is disabled."} Oct 19 15:19:25 redhat9 opensearch-dashboards[4485]: {"type":"log","@timestamp":"2022-10-19T15:19:25Z","tags":["info","plugins-service"],"pid":4485,"message":"Plugin \"wizard\" is disabled."} Oct 19 15:19:25 redhat9 opensearch-dashboards[4485]: {"type":"log","@timestamp":"2022-10-19T15:19:25Z","tags":["warning","config","deprecation"],"pid":4485,"message":"\"opensearch.requestHeadersWhitelist\" is d> Oct 19 15:19:25 redhat9 opensearch-dashboards[4485]: {"type":"log","@timestamp":"2022-10-19T15:19:25Z","tags":["fatal","root"],"pid":4485,"message":"Error: ENOENT: no such file or directory, open '/etc/wazuh-da> Oct 19 15:19:25 redhat9 opensearch-dashboards[4485]: FATAL Error: ENOENT: no such file or directory, open '/etc/wazuh-dashboard/certs/dashboard-key.pem' Oct 19 15:19:25 redhat9 systemd[1]: wazuh-dashboard.service: Main process exited, code=exited, status=1/FAILURE Oct 19 15:19:25 redhat9 systemd[1]: wazuh-dashboard.service: Failed with result 'exit-code'. Oct 19 15:19:25 redhat9 systemd[1]: wazuh-dashboard.service: Consumed 3.402s CPU time. [root@redhat9 vagrant]# ```

• An error was found in the Test_install_stack pipeline, which does not get the package since it looks for the path: warehouse/test/4.4/rpm/var/wazuh-indexer-4.4.0-wp.1880.x86_64.rpm when it should be warehouse/test/4.4/rpm/wazuh-indexer-4.4.0-wp.1880.x86_64.rpm

• This is because the Wazuh server and Wazuh agent packages are generated in the installation folder (/var or /opt), while the Wazuh indexer and Wazuh dashboard use /usr/share, so they are not created in that folder.

  • https://github.com/wazuh/wazuh-jenkins/blob/4.4/src/org/wazuh/Pkg.groovy#L607-L622

case CSystem.CENTOS:
case CSystem.CENTOS_5:
   if(target == TARGET.INDEXER || target == TARGET.DASHBOARD || debug == "yes"){
      path = "rpm"
   }else{
      path = "rpm/${shortInstallation}"
   }
break
break
case CSystem.DEBIAN:
   if(target == TARGET.INDEXER || target == TARGET.DASHBOARD || debug == "yes"){
      path = "deb"
   }else{
      path = "deb/${shortInstallation}"
   }
break

• In the case of the stack test, the package type is not taken into account and only the system type is checked, so it has been necessary to add an if statement for the Wazuh dashboard and Wazuh indexer in the following code:
  • https://github.com/wazuh/wazuh-jenkins/blob/4.4/vars/s3Helper.groovy#L499-L501

if(target_system == 'rpm' || target_system == 'rpm5' || target_system == 'deb'){
  result += install_path + '/'
}

• The tests have failed because the ECR image for building the base packages has not been updated after the pull request https://github.com/wazuh/wazuh-packages/pull/1890/ merge, generating packages with invalid permissions. Stopped until the images are updated.
• The base images have been updated and new packages have been generated:
  • https://devel.ci.wazuh.info/view/Packages/job/Packages_builder/8850/
• The package generation fails due to an error with the base file:

19:30:13  Removing queryWorkbenchDashboards...
19:30:13  Plugin removal complete
19:30:13  Removing anomalyDetectionDashboards...
19:30:13  Plugin removal complete
19:30:13  Removing observabilityDashboards...
19:30:13  Plugin removal complete
19:30:13  Building target platforms: x86_64
19:30:13  Building for target x86_64
19:30:13  Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.pr84NL
19:30:13  + umask 022
19:30:13  + cd /build/rpmbuild/BUILD
19:30:13  + cp /tmp/wazuh-dashboard-base-4.4.0-wp.1880-linux-x64.tar.xz ./
19:30:13  + groupadd wazuh-dashboard
19:30:13  + useradd -g wazuh-dashboard wazuh-dashboard
19:30:13  + exit 0
19:30:13  Executing(%build): /bin/sh -e /var/tmp/rpm-tmp.Wmtv0K
19:30:13  + umask 022
19:30:13  + cd /build/rpmbuild/BUILD
19:30:13  + tar -xf wazuh-dashboard-base-4.4.0-wp.1880-linux-x64.tar.xz
19:30:13  xz: (stdin): Compressed data is corrupt
19:30:13  tar: Child returned status 1
19:30:13  tar: Error is not recoverable: exiting now
19:30:13  error: Bad exit status from /var/tmp/rpm-tmp.Wmtv0K (%build)
19:30:13  RPM build errors:
19:30:13      Bad exit status from /var/tmp/rpm-tmp.Wmtv0K (%build)

• The failure seems to have been punctual, when performing a pipeline retry the package has been generated correctly:
  • https://devel.ci.wazuh.info/view/Packages/job/Packages_builder/8851/
• Installation tests for Amazon Linux 2, Red Hat 7, Red Hat 8, Red Hat 9, CentOS 7 and CentOS 8 have been launched again:

System	Build	Result	Artifacts
CentOS 7	https://devel.ci.wazuh.info/view/Tests/job/Test_install_stack/527/	:green_circle:	archive_CentOS7.zip
CentOS 8	https://devel.ci.wazuh.info/view/Tests/job/Test_install_stack/528/	:green_circle:	archive_CentOS8.zip
Red Hat 7	https://devel.ci.wazuh.info/view/Tests/job/Test_install_stack/529/	:green_circle:	archive_RedHat7.zip
Red Hat 8	https://devel.ci.wazuh.info/view/Tests/job/Test_install_stack/530/	:green_circle:	archive_RedHat8.zip
Red Hat 9	https://devel.ci.wazuh.info/view/Tests/job/Test_install_stack/531/	:green_circle:	archive_RedHat9.zip
Amazon Linux 2	https://devel.ci.wazuh.info/view/Tests/job/Test_install_stack/532/	:green_circle:	archive_AmazonLinux2.zip

Wazuh installation assistant

• Modified script to use custom packages

All in One install - Red Hat 9

``` [root@redhat9 vagrant]# bash wazuh-install.sh -a 19/10/2022 20:00:34 INFO: Starting Wazuh installation assistant. Wazuh version: 4.4.0 19/10/2022 20:00:34 INFO: Verbose logging redirected to /var/log/wazuh-install.log 19/10/2022 20:00:41 INFO: Wazuh development repository added. 19/10/2022 20:00:41 INFO: --- Configuration files --- 19/10/2022 20:00:41 INFO: Generating configuration files. 19/10/2022 20:00:44 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation. 19/10/2022 20:00:45 INFO: --- Wazuh indexer --- 19/10/2022 20:00:45 INFO: Starting Wazuh indexer installation. --2022-10-19 20:00:45-- https://packages-dev.wazuh.com/warehouse/test/4.4/rpm/wazuh-indexer-4.4.0-wp.1880.x86_64.rpm Resolving packages-dev.wazuh.com (packages-dev.wazuh.com)... 52.84.66.16, 52.84.66.65, 52.84.66.126, ... Connecting to packages-dev.wazuh.com (packages-dev.wazuh.com)|52.84.66.16|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 416023164 (397M) [binary/octet-stream] Saving to: ‘wazuh-indexer-4.4.0-wp.1880.x86_64.rpm.2’ wazuh-indexer-4.4.0-wp.18 100%[=====================================>] 396.75M 91.3MB/s in 4.6s 2022-10-19 20:00:50 (85.7 MB/s) - ‘wazuh-indexer-4.4.0-wp.1880.x86_64.rpm.2’ saved [416023164/416023164] 19/10/2022 20:01:28 INFO: Wazuh indexer installation finished. 19/10/2022 20:01:28 INFO: Wazuh indexer post-install configuration finished. 19/10/2022 20:01:28 INFO: Starting service wazuh-indexer. 19/10/2022 20:01:38 INFO: wazuh-indexer service started. 19/10/2022 20:01:38 INFO: Initializing Wazuh indexer cluster security settings. 19/10/2022 20:01:48 INFO: Wazuh indexer cluster initialized. 19/10/2022 20:01:48 INFO: --- Wazuh server --- 19/10/2022 20:01:48 INFO: Starting the Wazuh manager installation. --2022-10-19 20:01:48-- https://packages-dev.wazuh.com/warehouse/test/4.4/rpm/var/wazuh-manager-4.4.0-wp.1880.x86_64.rpm Resolving packages-dev.wazuh.com (packages-dev.wazuh.com)... 52.84.66.65, 52.84.66.16, 52.84.66.124, ... Connecting to packages-dev.wazuh.com (packages-dev.wazuh.com)|52.84.66.65|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 121968089 (116M) [binary/octet-stream] Saving to: ‘wazuh-manager-4.4.0-wp.1880.x86_64.rpm’ wazuh-manager-4.4.0-wp.18 100%[=====================================>] 116.32M 24.2MB/s in 5.9s 2022-10-19 20:01:55 (19.8 MB/s) - ‘wazuh-manager-4.4.0-wp.1880.x86_64.rpm’ saved [121968089/121968089] 19/10/2022 20:02:18 INFO: Wazuh manager installation finished. 19/10/2022 20:02:18 INFO: Starting service wazuh-manager. 19/10/2022 20:02:30 INFO: wazuh-manager service started. 19/10/2022 20:02:30 INFO: Starting Filebeat installation. 19/10/2022 20:02:36 INFO: Filebeat installation finished. 19/10/2022 20:02:37 INFO: Filebeat post-install configuration finished. 19/10/2022 20:02:37 INFO: Starting service filebeat. 19/10/2022 20:02:37 INFO: filebeat service started. 19/10/2022 20:02:37 INFO: --- Wazuh dashboard --- 19/10/2022 20:02:37 INFO: Starting Wazuh dashboard installation. --2022-10-19 20:02:37-- https://packages-dev.wazuh.com/warehouse/test/4.4/rpm/wazuh-dashboard-4.4.0-wp.1880.x86_64.rpm Resolving packages-dev.wazuh.com (packages-dev.wazuh.com)... 52.84.66.16, 52.84.66.65, 52.84.66.124, ... Connecting to packages-dev.wazuh.com (packages-dev.wazuh.com)|52.84.66.16|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 180719416 (172M) [binary/octet-stream] Saving to: ‘wazuh-dashboard-4.4.0-wp.1880.x86_64.rpm’ wazuh-dashboard-4.4.0-wp. 100%[=====================================>] 172.35M 24.6MB/s in 8.1s 2022-10-19 20:02:46 (21.3 MB/s) - ‘wazuh-dashboard-4.4.0-wp.1880.x86_64.rpm’ saved [180719416/180719416] 19/10/2022 20:03:36 INFO: Wazuh dashboard installation finished. 19/10/2022 20:03:36 INFO: Wazuh dashboard post-install configuration finished. 19/10/2022 20:03:36 INFO: Starting service wazuh-dashboard. 19/10/2022 20:03:36 INFO: wazuh-dashboard service started. 19/10/2022 20:03:56 INFO: Initializing Wazuh dashboard web application. 19/10/2022 20:03:56 INFO: Wazuh dashboard web application initialized. 19/10/2022 20:03:56 INFO: --- Summary --- 19/10/2022 20:03:56 INFO: You can access the web interface https:// User: admin Password: BsBp.65tQfW9alGqcw?7Mk49*u?.p?IU 19/10/2022 20:03:56 INFO: Installation finished. [root@redhat9 vagrant]# curl -k -u admin:BsBp.65tQfW9alGqcw?7Mk49*u?.p?IU https://127.0.0.1:9200 { "name" : "node-1", "cluster_name" : "wazuh-cluster", "cluster_uuid" : "GEj1lyLHTfudW-a6ArJc9g", "version" : { "number" : "7.10.2", "build_type" : "rpm", "build_hash" : "6f6e84ebc54af31a976f53af36a5c69d474a5140", "build_date" : "2022-09-09T00:07:12.137133581Z", "build_snapshot" : false, "lucene_version" : "9.3.0", "minimum_wire_compatibility_version" : "7.10.0", "minimum_index_compatibility_version" : "7.0.0" }, "tagline" : "The OpenSearch Project: https://opensearch.org/" } [root@redhat9 vagrant]# service wazuh-dashboard status Redirecting to /bin/systemctl status wazuh-dashboard.service ● wazuh-dashboard.service - wazuh-dashboard Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; enabled; vendor preset: disabled) Active: active (running) since Wed 2022-10-19 20:03:45 UTC; 3min 54s ago Main PID: 9486 (node) Tasks: 11 (limit: 29537) Memory: 134.8M CPU: 5.281s CGroup: /system.slice/wazuh-dashboard.service └─9486 /usr/share/wazuh-dashboard/bin/../node/bin/node --no-warnings --max-http-header-siz> Oct 19 20:03:49 redhat9 opensearch-dashboards[9486]: {"type":"log","@timestamp":"2022-10-19T20:03:49Z",> Oct 19 20:03:49 redhat9 opensearch-dashboards[9486]: {"type":"log","@timestamp":"2022-10-19T20:03:49Z",> Oct 19 20:03:49 redhat9 opensearch-dashboards[9486]: {"type":"log","@timestamp":"2022-10-19T20:03:49Z",> Oct 19 20:03:49 redhat9 opensearch-dashboards[9486]: {"type":"log","@timestamp":"2022-10-19T20:03:49Z",> Oct 19 20:03:49 redhat9 opensearch-dashboards[9486]: {"type":"log","@timestamp":"2022-10-19T20:03:49Z",> Oct 19 20:03:50 redhat9 opensearch-dashboards[9486]: {"type":"log","@timestamp":"2022-10-19T20:03:50Z",> Oct 19 20:03:50 redhat9 opensearch-dashboards[9486]: {"type":"log","@timestamp":"2022-10-19T20:03:50Z",> Oct 19 20:03:50 redhat9 opensearch-dashboards[9486]: {"type":"log","@timestamp":"2022-10-19T20:03:50Z",> Oct 19 20:03:50 redhat9 opensearch-dashboards[9486]: {"type":"log","@timestamp":"2022-10-19T20:03:50Z",> Oct 19 20:03:56 redhat9 opensearch-dashboards[9486]: {"type":"response","@timestamp":"2022-10-19T20:03:> [root@redhat9 vagrant]# ```

---

Update report - Wazuh indexer

• Package https://packages-dev.wazuh.com/warehouse/test/4.4/rpm/wazuh-indexer-4.4.0-wp.1880.x86_64.rpm has been installed on Red Hat 7 and Red Hat 9 with different results when using init.d.
• As can be seen in the following outputs, in Red Hat 7 the use of init.d does not present any problem (the wazuh-indexer service fails due to certificates), however, in Red Hat 9 there is a more complex error with init.d.
  • service X status: No redirection, error in the service command itself.
  • service X start: Redirection to systemctl is made and it fails by the daemon command.

Red Hat 7

``` [root@redhat7 vagrant]# cat /etc/os-release NAME="Red Hat Enterprise Linux Server" VERSION="7.9 (Maipo)" ID="rhel" ID_LIKE="fedora" VARIANT="Server" VARIANT_ID="server" VERSION_ID="7.9" PRETTY_NAME="Red Hat Enterprise Linux Server 7.9 (Maipo)" ANSI_COLOR="0;31" CPE_NAME="cpe:/o:redhat:enterprise_linux:7.9:GA:server" HOME_URL="https://www.redhat.com/" BUG_REPORT_URL="https://bugzilla.redhat.com/" REDHAT_BUGZILLA_PRODUCT="Red Hat Enterprise Linux 7" REDHAT_BUGZILLA_PRODUCT_VERSION=7.9 REDHAT_SUPPORT_PRODUCT="Red Hat Enterprise Linux" REDHAT_SUPPORT_PRODUCT_VERSION="7.9" [root@redhat7 vagrant]# wget https://packages-dev.wazuh.com/warehouse/test/4.4/rpm/wazuh-indexer-4.4.0-wp.1880.x86_64.rpm --2022-10-19 20:29:30-- https://packages-dev.wazuh.com/warehouse/test/4.4/rpm/wazuh-indexer-4.4.0-wp.1880.x86_64.rpm Resolving packages-dev.wazuh.com (packages-dev.wazuh.com)... 52.84.66.16, 52.84.66.124, 52.84.66.126, ... Connecting to packages-dev.wazuh.com (packages-dev.wazuh.com)|52.84.66.16|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 416023164 (397M) [binary/octet-stream] Saving to: ‘wazuh-indexer-4.4.0-wp.1880.x86_64.rpm’ 100%[==============================================================>] 416,023,164 106MB/s in 3.8s 2022-10-19 20:29:34 (104 MB/s) - ‘wazuh-indexer-4.4.0-wp.1880.x86_64.rpm’ saved [416023164/416023164] [root@redhat7 vagrant]# yum localinstall wazuh-indexer-4.4.0-wp.1880.x86_64.rpm -y Loaded plugins: product-id, search-disabled-repos Examining wazuh-indexer-4.4.0-wp.1880.x86_64.rpm: wazuh-indexer-4.4.0-wp.1880.x86_64 Marking wazuh-indexer-4.4.0-wp.1880.x86_64.rpm to be installed Resolving Dependencies --> Running transaction check ---> Package wazuh-indexer.x86_64 0:4.4.0-wp.1880 will be installed --> Finished Dependency Resolution Dependencies Resolved ======================================================================================================== Package Arch Version Repository Size ======================================================================================================== Installing: wazuh-indexer x86_64 4.4.0-wp.1880 /wazuh-indexer-4.4.0-wp.1880.x86_64 644 M Transaction Summary ======================================================================================================== Install 1 Package Total size: 644 M Installed size: 644 M Downloading packages: Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : wazuh-indexer-4.4.0-wp.1880.x86_64 1/1 Created opensearch keystore in /etc/wazuh-indexer/opensearch.keystore Verifying : wazuh-indexer-4.4.0-wp.1880.x86_64 1/1 epel/x86_64/metalink | 31 kB 00:00:00 epel/x86_64 | 4.7 kB 00:00:00 epel/x86_64/group_gz | 97 kB 00:00:00 epel/x86_64/updateinfo | 1.0 MB 00:00:00 epel/x86_64/primary_db | 7.0 MB 00:00:00 Installed: wazuh-indexer.x86_64 0:4.4.0-wp.1880 Complete! [root@redhat7 vagrant]# service wazuh-indexer status ● wazuh-indexer.service - Wazuh-indexer Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; disabled; vendor preset: disabled) Active: inactive (dead) Docs: https://documentation.wazuh.com [root@redhat7 vagrant]# service wazuh-indexer start Starting wazuh-indexer (via systemctl): Job for wazuh-indexer.service failed because the control process exited with error code. See "systemctl status wazuh-indexer.service" and "journalctl -xe" for details. [FAILED] [root@redhat7 vagrant]# service wazuh-indexer status ● wazuh-indexer.service - Wazuh-indexer Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; disabled; vendor preset: disabled) Active: failed (Result: exit-code) since Wed 2022-10-19 20:46:14 UTC; 6s ago Docs: https://documentation.wazuh.com Process: 3997 ExecStart=/usr/share/wazuh-indexer/bin/systemd-entrypoint -p ${PID_DIR}/wazuh-indexer.pid --quiet (code=exited, status=1/FAILURE) Main PID: 3997 (code=exited, status=1/FAILURE) Oct 19 20:46:14 redhat7 systemd-entrypoint[3997]: at org.opensearch.cli.EnvironmentAwareCommand.ex...04) Oct 19 20:46:14 redhat7 systemd-entrypoint[3997]: at org.opensearch.cli.Command.mainWithoutErrorHa...38) Oct 19 20:46:14 redhat7 systemd-entrypoint[3997]: at org.opensearch.cli.Command.main(Command.java:101) Oct 19 20:46:14 redhat7 systemd-entrypoint[3997]: at org.opensearch.bootstrap.OpenSearch.main(Open...37) Oct 19 20:46:14 redhat7 systemd-entrypoint[3997]: at org.opensearch.bootstrap.OpenSearch.main(Open...03) Oct 19 20:46:14 redhat7 systemd-entrypoint[3997]: For complete error details, refer to the log at ...log Oct 19 20:46:14 redhat7 systemd[1]: wazuh-indexer.service: main process exited, code=exited, stat...LURE Oct 19 20:46:14 redhat7 systemd[1]: Failed to start Wazuh-indexer. Oct 19 20:46:14 redhat7 systemd[1]: Unit wazuh-indexer.service entered failed state. Oct 19 20:46:14 redhat7 systemd[1]: wazuh-indexer.service failed. Hint: Some lines were ellipsized, use -l to show in full. [root@redhat7 vagrant]# ```

Red Hat 9

``` [root@redhat9 vagrant]# cat /etc/os-release NAME="Red Hat Enterprise Linux" VERSION="9.0 (Plow)" ID="rhel" ID_LIKE="fedora" VERSION_ID="9.0" PLATFORM_ID="platform:el9" PRETTY_NAME="Red Hat Enterprise Linux 9.0 (Plow)" ANSI_COLOR="0;31" LOGO="fedora-logo-icon" CPE_NAME="cpe:/o:redhat:enterprise_linux:9::baseos" HOME_URL="https://www.redhat.com/" DOCUMENTATION_URL="https://access.redhat.com/documentation/red_hat_enterprise_linux/9/" BUG_REPORT_URL="https://bugzilla.redhat.com/" REDHAT_BUGZILLA_PRODUCT="Red Hat Enterprise Linux 9" REDHAT_BUGZILLA_PRODUCT_VERSION=9.0 REDHAT_SUPPORT_PRODUCT="Red Hat Enterprise Linux" REDHAT_SUPPORT_PRODUCT_VERSION="9.0" [root@redhat9 vagrant]# wget https://packages-dev.wazuh.com/warehouse/test/4.4/rpm/wazuh-indexer-4.4.0-wp.1880.x86_64.rpm --2022-10-19 20:30:22-- https://packages-dev.wazuh.com/warehouse/test/4.4/rpm/wazuh-indexer-4.4.0-wp.1880.x86_64.rpm Resolving packages-dev.wazuh.com (packages-dev.wazuh.com)... 52.84.66.126, 52.84.66.16, 52.84.66.65, ... Connecting to packages-dev.wazuh.com (packages-dev.wazuh.com)|52.84.66.126|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 416023164 (397M) [binary/octet-stream] Saving to: ‘wazuh-indexer-4.4.0-wp.1880.x86_64.rpm.1’ wazuh-indexer-4.4.0-wp.18 100%[=====================================>] 396.75M 107MB/s in 3.8s 2022-10-19 20:30:26 (104 MB/s) - ‘wazuh-indexer-4.4.0-wp.1880.x86_64.rpm.1’ saved [416023164/416023164] [root@redhat9 vagrant]# yum localinstall wazuh-indexer-4.4.0-wp.1880.x86_64.rpm -y Extra Packages for Enterprise Linux 9 - x86_64 10 MB/s | 11 MB 00:01 Last metadata expiration check: 0:00:02 ago on Wed 19 Oct 2022 08:30:35 PM UTC. Dependencies resolved. ======================================================================================================== Package Architecture Version Repository Size ======================================================================================================== Installing: wazuh-indexer x86_64 4.4.0-wp.1880 @commandline 397 M Transaction Summary ======================================================================================================== Install 1 Package Total size: 397 M Installed size: 644 M Downloading Packages: Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Running scriptlet: wazuh-indexer-4.4.0-wp.1880.x86_64 1/1 Installing : wazuh-indexer-4.4.0-wp.1880.x86_64 1/1 Running scriptlet: wazuh-indexer-4.4.0-wp.1880.x86_64 1/1 Created opensearch keystore in /etc/wazuh-indexer/opensearch.keystore Couldn't write '64' to 'kernel/random/read_wakeup_threshold', ignoring: No such file or directory Verifying : wazuh-indexer-4.4.0-wp.1880.x86_64 1/1 Installed products updated. Installed: wazuh-indexer-4.4.0-wp.1880.x86_64 Complete! [root@redhat9 vagrant]# service wazuh-indexer status /etc/init.d/wazuh-indexer: line 124: status: command not found [root@redhat9 vagrant]# service wazuh-indexer start Starting wazuh-indexer: /bin/systemctl /etc/init.d/wazuh-indexer: line 89: daemon: command not found [root@redhat9 vagrant]# service wazuh-indexer status /etc/init.d/wazuh-indexer: line 124: status: command not found [root@redhat9 vagrant]# systemctl status wazuh-indexer ○ wazuh-indexer.service - Wazuh-indexer Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; disabled; vendor preset: disabled) Active: inactive (dead) Docs: https://documentation.wazuh.com [root@redhat9 vagrant]# ```

• Analyzing the service file of Wazuh indexer, it is observed that it fails in line 124 and 89

https://github.com/wazuh/wazuh-packages/blob/39db588c25039209a25adba05272a677c50b315f/stack/indexer/base/files/etc/init.d/wazuh-indexer#L89

https://github.com/wazuh/wazuh-packages/blob/39db588c25039209a25adba05272a677c50b315f/stack/indexer/base/files/etc/init.d/wazuh-indexer#L124

• The installation of OpenSearch 2.3.0 produces the same result, so the error reported is derived from the OpenSearch code

  OpenSearch 2.3.0 install

  ``` [root@redhat9 vagrant]# yum localinstall opensearch-2.3.0-linux-x64.rpm -y Last metadata expiration check: 0:26:45 ago on Wed 19 Oct 2022 08:30:35 PM UTC. Dependencies resolved. ======================================================================================================== Package Architecture Version Repository Size ======================================================================================================== Installing: opensearch x86_64 2.3.0-1 @commandline 397 M Transaction Summary ======================================================================================================== Install 1 Package Total size: 397 M Installed size: 644 M Downloading Packages: Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Running scriptlet: opensearch-2.3.0-1.x86_64 1/1 Installing : opensearch-2.3.0-1.x86_64 1/1 Running scriptlet: opensearch-2.3.0-1.x86_64 1/1 /usr/lib/tmpfiles.d/opensearch.conf:1: Line references path below legacy directory /var/run/, updating /var/run/opensearch → /run/opensearch; please update the tmpfiles.d/ drop-in file accordingly. ### NOT starting on installation, please execute the following statements to configure opensearch service to start automatically using systemd sudo systemctl daemon-reload sudo systemctl enable opensearch.service ### You can start opensearch service by executing sudo systemctl start opensearch.service ### Create opensearch demo certificates in /etc/opensearch/ See demo certs creation log in /var/log/opensearch/install_demo_configuration.log /usr/lib/tmpfiles.d/opensearch.conf:1: Line references path below legacy directory /var/run/, updating /var/run/opensearch → /run/opensearch; please update the tmpfiles.d/ drop-in file accordingly. Couldn't write '64' to 'kernel/random/read_wakeup_threshold', ignoring: No such file or directory Verifying : opensearch-2.3.0-1.x86_64 1/1 Installed products updated. Installed: opensearch-2.3.0-1.x86_64 Complete! [root@redhat9 vagrant]# ls -l /etc/init.d/opensearch -rw-r--r--. 1 root root 3599 Sep 9 00:11 /etc/init.d/opensearch [root@redhat9 vagrant]# service opensearch status env: ‘/etc/init.d/opensearch’: Permission denied [root@redhat9 vagrant]# chmod +x /etc/init.d/opensearch [root@redhat9 vagrant]# service opensearch status /etc/init.d/opensearch: line 123: status: command not found [root@redhat9 vagrant]# service opensearch start Starting opensearch: /etc/init.d/opensearch: line 91: daemon: command not found [root@redhat9 vagrant]# ```

• After applying the fix proposed for Wazuh dashboard (remove the service file from init.d), redirection to systemctl is performed. No error found.

  OpenSearch 2.3.0 without init.d service file

  ``` [root@redhat9 vagrant]# mv /etc/init.d/opensearch /etc/init.d/opensearch.save [root@redhat9 vagrant]# service opensearch status Redirecting to /bin/systemctl status opensearch.service ○ opensearch.service - OpenSearch Loaded: loaded (/usr/lib/systemd/system/opensearch.service; disabled; vendor preset: disabled) Active: inactive (dead) Docs: https://opensearch.org/ [root@redhat9 vagrant]# service opensearch start Redirecting to /bin/systemctl start opensearch.service [root@redhat9 vagrant]# service opensearch status Redirecting to /bin/systemctl status opensearch.service ● opensearch.service - OpenSearch Loaded: loaded (/usr/lib/systemd/system/opensearch.service; disabled; vendor preset: disabled) Active: active (running) since Wed 2022-10-19 21:00:10 UTC; 3s ago Docs: https://opensearch.org/ Main PID: 4920 (java) Tasks: 66 (limit: 29537) Memory: 1.2G CPU: 16.912s CGroup: /system.slice/opensearch.service └─4920 /usr/share/opensearch/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.t> Oct 19 20:59:59 redhat9 systemd[1]: Starting OpenSearch... Oct 19 21:00:00 redhat9 systemd-entrypoint[4920]: WARNING: A terminally deprecated method in java.lang.> Oct 19 21:00:00 redhat9 systemd-entrypoint[4920]: WARNING: System::setSecurityManager has been called b> Oct 19 21:00:00 redhat9 systemd-entrypoint[4920]: WARNING: Please consider reporting this to the mainta> Oct 19 21:00:00 redhat9 systemd-entrypoint[4920]: WARNING: System::setSecurityManager will be removed i> Oct 19 21:00:01 redhat9 systemd-entrypoint[4920]: WARNING: A terminally deprecated method in java.lang.> Oct 19 21:00:01 redhat9 systemd-entrypoint[4920]: WARNING: System::setSecurityManager has been called b> Oct 19 21:00:01 redhat9 systemd-entrypoint[4920]: WARNING: Please consider reporting this to the mainta> Oct 19 21:00:01 redhat9 systemd-entrypoint[4920]: WARNING: System::setSecurityManager will be removed i> Oct 19 21:00:10 redhat9 systemd[1]: Started OpenSearch. [root@redhat9 vagrant]# ```
  Wazuh indexer without init.d service file

  ``` [root@redhat9 vagrant]# mv /etc/init.d/wazuh-indexer /etc/init.d/wazuh-indexer.save [root@redhat9 vagrant]# service wazuh-indexer status Redirecting to /bin/systemctl status wazuh-indexer.service ○ wazuh-indexer.service - Wazuh-indexer Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; disabled; vendor preset: disabled) Active: inactive (dead) Docs: https://documentation.wazuh.com [root@redhat9 vagrant]# service wazuh-indexer start Redirecting to /bin/systemctl start wazuh-indexer.service Job for wazuh-indexer.service failed because the control process exited with error code. See "systemctl status wazuh-indexer.service" and "journalctl -xeu wazuh-indexer.service" for details. [root@redhat9 vagrant]# service wazuh-indexer status Redirecting to /bin/systemctl status wazuh-indexer.service × wazuh-indexer.service - Wazuh-indexer Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; disabled; vendor preset: disabled) Active: failed (Result: exit-code) since Wed 2022-10-19 21:02:10 UTC; 4s ago Docs: https://documentation.wazuh.com Process: 5242 ExecStart=/usr/share/wazuh-indexer/bin/systemd-entrypoint -p ${PID_DIR}/wazuh-indexer> Main PID: 5242 (code=exited, status=1/FAILURE) CPU: 5.376s Oct 19 21:02:10 redhat9 systemd-entrypoint[5242]: at org.opensearch.cli.EnvironmentAwareCommand> Oct 19 21:02:10 redhat9 systemd-entrypoint[5242]: at org.opensearch.cli.Command.mainWithoutErro> Oct 19 21:02:10 redhat9 systemd-entrypoint[5242]: at org.opensearch.cli.Command.main(Command.ja> Oct 19 21:02:10 redhat9 systemd-entrypoint[5242]: at org.opensearch.bootstrap.OpenSearch.main(O> Oct 19 21:02:10 redhat9 systemd-entrypoint[5242]: at org.opensearch.bootstrap.OpenSearch.main(O> Oct 19 21:02:10 redhat9 systemd-entrypoint[5242]: For complete error details, refer to the log at /var/> Oct 19 21:02:10 redhat9 systemd[1]: wazuh-indexer.service: Main process exited, code=exited, status=1/F> Oct 19 21:02:10 redhat9 systemd[1]: wazuh-indexer.service: Failed with result 'exit-code'. Oct 19 21:02:10 redhat9 systemd[1]: Failed to start Wazuh-indexer. Oct 19 21:02:10 redhat9 systemd[1]: wazuh-indexer.service: Consumed 5.376s CPU time. [root@redhat9 vagrant]# ``` - Failed due to certificates

[rauldpm]

Update report - Wazuh dashboard

• Another possible solution has been found, which consists of hosting the file /etc/rc.d/init.d/functions and /etc/init.d/functions (they have the same content) so that they are installed on the system if these do not exist.
• This produces the following problem: It is a system file that is maintained by the system and not us.
• A test has been carried out on the systems: Red Hat 7, Red Hat 8, Red Hat 9, CentOS 7, CentOS 8, and Amazon Linux 2, replacing these files with the content provided by the Red Hat 7 system
• All systems have been able to use the Wazuh indexer and Wazuh dashboard service through the service command, performing the native redirection to systemctl.
• This option is discarded since we must not maintain or modify system files, this implies that the current solution adopted forces users to use the package through systemctl and the corresponding binary in systems that do not have systemctl or service

Test removing the service on Red Hat 9, same as the Wazuh server

• Wazuh dashboard 4.4.0: https://devel.ci.wazuh.info/view/Packages/job/Packages_builder/8861/
• Wazuh indexer 4.4.0: https://devel.ci.wazuh.info/view/Packages/job/Packages_builder/8863/

Wazuh dashboard install 4.4.0

+

Red Hat 7

``` [root@redhat7 vagrant]# ls -l /etc/init.d/ total 44 -rw-r--r--. 1 root root 18281 May 22 2020 functions -rwxr-xr-x. 1 root root 4569 May 22 2020 netconsole -rwxr-xr-x. 1 root root 7928 May 22 2020 network -rw-r--r--. 1 root root 1160 May 12 2020 README -rwxr-xr-x. 1 root root 2437 Oct 19 2017 rhnsd [root@redhat7 vagrant]# yum localinstall wazuh-dashboard-4.4.0-wp.1880.x86_64.rpm -y Loaded plugins: product-id, search-disabled-repos Examining wazuh-dashboard-4.4.0-wp.1880.x86_64.rpm: wazuh-dashboard-4.4.0-wp.1880.x86_64 Marking wazuh-dashboard-4.4.0-wp.1880.x86_64.rpm to be installed Resolving Dependencies --> Running transaction check ---> Package wazuh-dashboard.x86_64 0:4.4.0-wp.1880 will be installed --> Finished Dependency Resolution Dependencies Resolved ======================================================================================================== Package Arch Version Repository Size ======================================================================================================== Installing: wazuh-dashboard x86_64 4.4.0-wp.1880 /wazuh-dashboard-4.4.0-wp.1880.x86_64 709 M Transaction Summary ======================================================================================================== Install 1 Package Total size: 709 M Installed size: 709 M Downloading packages: Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : wazuh-dashboard-4.4.0-wp.1880.x86_64 1/1 Verifying : wazuh-dashboard-4.4.0-wp.1880.x86_64 1/1 epel/x86_64/metalink | 31 kB 00:00:00 epel/x86_64 | 4.7 kB 00:00:00 epel/x86_64/group_gz | 97 kB 00:00:00 epel/x86_64/updateinfo | 1.0 MB 00:00:00 epel/x86_64/primary_db | 7.0 MB 00:00:00 Installed: wazuh-dashboard.x86_64 0:4.4.0-wp.1880 Complete! [root@redhat7 vagrant]# ls -l /etc/init.d/ total 48 -rw-r--r--. 1 root root 18281 May 22 2020 functions -rwxr-xr-x. 1 root root 4569 May 22 2020 netconsole -rwxr-xr-x. 1 root root 7928 May 22 2020 network -rw-r--r--. 1 root root 1160 May 12 2020 README -rwxr-xr-x. 1 root root 2437 Oct 19 2017 rhnsd -rwxr-x---. 1 wazuh-dashboard wazuh-dashboard 3682 Oct 20 15:07 wazuh-dashboard [root@redhat7 vagrant]# service wazuh-dashboard status wazuh-dashboard is not running [root@redhat7 vagrant]# service wazuh-dashboard start Starting wazuh-dashboard (via systemctl): [ OK ] [root@redhat7 vagrant]# service wazuh-dashboard status wazuh-dashboard is not running [root@redhat7 vagrant]# systemctl status wazuh-dashboard ● wazuh-dashboard.service - wazuh-dashboard Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; disabled; vendor preset: disabled) Active: failed (Result: exit-code) since Thu 2022-10-20 15:25:28 UTC; 5s ago Process: 3973 ExecStart=/usr/share/wazuh-dashboard/bin/opensearch-dashboards -c /etc/wazuh-dashboard/opensearch_dashboards.yml (code=exited, status=1/FAILURE) Main PID: 3973 (code=exited, status=1/FAILURE) Oct 20 15:25:24 redhat7 systemd[1]: Started wazuh-dashboard. Oct 20 15:25:28 redhat7 opensearch-dashboards[3973]: {"type":"log","@timestamp":"2022-10-20T15:25:28Z","tags":["info","plugins-service"],"pid":3973,"message":"Plugin \"visTypeXy\" is disabled."} Oct 20 15:25:28 redhat7 opensearch-dashboards[3973]: {"type":"log","@timestamp":"2022-10-20T15:25:28Z","tags":["info","plugins-service"],"pid":3973,"message":"Plugin \"wizard\" is disabled."} Oct 20 15:25:28 redhat7 opensearch-dashboards[3973]: {"type":"log","@timestamp":"2022-10-20T15:25:28Z","tags":["warning","config","deprecation"],"pid":3973,"message":"\"opensearch.requestHeadersW...Allowlist\""} Oct 20 15:25:28 redhat7 opensearch-dashboards[3973]: {"type":"log","@timestamp":"2022-10-20T15:25:28Z","tags":["fatal","root"],"pid":3973,"message":"Error: ENOENT: no such file or directory, open... (/usr/share/ Oct 20 15:25:28 redhat7 opensearch-dashboards[3973]: FATAL Error: ENOENT: no such file or directory, open '/etc/wazuh-dashboard/certs/dashboard-key.pem' Oct 20 15:25:28 redhat7 systemd[1]: wazuh-dashboard.service: main process exited, code=exited, status=1/FAILURE Oct 20 15:25:28 redhat7 systemd[1]: Unit wazuh-dashboard.service entered failed state. Oct 20 15:25:28 redhat7 systemd[1]: wazuh-dashboard.service failed. Hint: Some lines were ellipsized, use -l to show in full. [root@redhat7 vagrant]# ```

• Red Hat 9

  ``` [root@redhat9 vagrant]# ls -l /etc/init.d/ ls: cannot access '/etc/init.d/': No such file or directory [root@redhat9 vagrant]# yum localinstall wazuh-dashboard-4.4.0-wp.1880.x86_64.rpm -y Extra Packages for Enterprise Linux 9 - x86_64 6.1 MB/s | 11 MB 00:01 Last metadata expiration check: 0:00:02 ago on Thu 20 Oct 2022 03:23:14 PM UTC. Dependencies resolved. ======================================================================================================== Package Architecture Version Repository Size ======================================================================================================== Installing: wazuh-dashboard x86_64 4.4.0-wp.1880 @commandline 172 M Transaction Summary ======================================================================================================== Install 1 Package Total size: 172 M Installed size: 709 M Downloading Packages: Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Running scriptlet: wazuh-dashboard-4.4.0-wp.1880.x86_64 1/1 Installing : wazuh-dashboard-4.4.0-wp.1880.x86_64 1/1 Running scriptlet: wazuh-dashboard-4.4.0-wp.1880.x86_64 1/1 Verifying : wazuh-dashboard-4.4.0-wp.1880.x86_64 1/1 Installed products updated. Installed: wazuh-dashboard-4.4.0-wp.1880.x86_64 Complete! [root@redhat9 vagrant]# ls -l /etc/init.d/ total 0 [root@redhat9 vagrant]# service wazuh-dashboard status Redirecting to /bin/systemctl status wazuh-dashboard.service ○ wazuh-dashboard.service - wazuh-dashboard Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; disabled; vendor preset: disabled) Active: inactive (dead) [root@redhat9 vagrant]# service wazuh-dashboard start Redirecting to /bin/systemctl start wazuh-dashboard.service [root@redhat9 vagrant]# service wazuh-dashboard status Redirecting to /bin/systemctl status wazuh-dashboard.service × wazuh-dashboard.service - wazuh-dashboard Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; disabled; vendor preset: disabled) Active: failed (Result: exit-code) since Thu 2022-10-20 15:24:48 UTC; 141ms ago Process: 4459 ExecStart=/usr/share/wazuh-dashboard/bin/opensearch-dashboards -c /etc/wazuh-dashboard/opensearch_dashboards.yml (code=exited, status=1/FAILURE) Main PID: 4459 (code=exited, status=1/FAILURE) CPU: 3.273s Oct 20 15:24:44 redhat9 systemd[1]: Started wazuh-dashboard. Oct 20 15:24:48 redhat9 opensearch-dashboards[4459]: {"type":"log","@timestamp":"2022-10-20T15:24:48Z","tags":["info","plugins-service"],"pid":4459,"message":"Plugin \"visTypeXy\" is disabled."} Oct 20 15:24:48 redhat9 opensearch-dashboards[4459]: {"type":"log","@timestamp":"2022-10-20T15:24:48Z","tags":["info","plugins-service"],"pid":4459,"message":"Plugin \"wizard\" is disabled."} Oct 20 15:24:48 redhat9 opensearch-dashboards[4459]: {"type":"log","@timestamp":"2022-10-20T15:24:48Z","tags":["warning","config","deprecation"],"pid":4459,"message":"\"opensearch.requestHeadersWhitelist\" is d> Oct 20 15:24:48 redhat9 opensearch-dashboards[4459]: {"type":"log","@timestamp":"2022-10-20T15:24:48Z","tags":["fatal","root"],"pid":4459,"message":"Error: ENOENT: no such file or directory, open '/etc/wazuh-da> Oct 20 15:24:48 redhat9 opensearch-dashboards[4459]: FATAL Error: ENOENT: no such file or directory, open '/etc/wazuh-dashboard/certs/dashboard-key.pem' Oct 20 15:24:48 redhat9 systemd[1]: wazuh-dashboard.service: Main process exited, code=exited, status=1/FAILURE Oct 20 15:24:48 redhat9 systemd[1]: wazuh-dashboard.service: Failed with result 'exit-code'. Oct 20 15:24:48 redhat9 systemd[1]: wazuh-dashboard.service: Consumed 3.273s CPU time. [root@redhat9 vagrant]# ```

Wazuh dashboard upgrade 4.3.9 -> 4.4.0

+

Red Hat 7

``` [root@redhat7 vagrant]# ls -l /etc/init.d/ total 44 -rw-r--r--. 1 root root 18281 May 22 2020 functions -rwxr-xr-x. 1 root root 4569 May 22 2020 netconsole -rwxr-xr-x. 1 root root 7928 May 22 2020 network -rw-r--r--. 1 root root 1160 May 12 2020 README -rwxr-xr-x. 1 root root 2437 Oct 19 2017 rhnsd [root@redhat7 vagrant]# yum localinstall wazuh-dashboard-4.3.9-1.x86_64.rpm -y Loaded plugins: product-id, search-disabled-repos Examining wazuh-dashboard-4.3.9-1.x86_64.rpm: wazuh-dashboard-4.3.9-1.x86_64 Marking wazuh-dashboard-4.3.9-1.x86_64.rpm to be installed Resolving Dependencies --> Running transaction check ---> Package wazuh-dashboard.x86_64 0:4.3.9-1 will be installed --> Finished Dependency Resolution Dependencies Resolved ======================================================================================================== Package Arch Version Repository Size ======================================================================================================== Installing: wazuh-dashboard x86_64 4.3.9-1 /wazuh-dashboard-4.3.9-1.x86_64 589 M Transaction Summary ======================================================================================================== Install 1 Package Total size: 589 M Installed size: 589 M Downloading packages: Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : wazuh-dashboard-4.3.9-1.x86_64 1/1 Verifying : wazuh-dashboard-4.3.9-1.x86_64 1/1 epel/x86_64/metalink | 31 kB 00:00:00 epel/x86_64 | 4.7 kB 00:00:00 epel/x86_64/group_gz | 97 kB 00:00:00 epel/x86_64/updateinfo | 1.0 MB 00:00:00 epel/x86_64/primary_db | 7.0 MB 00:00:00 Installed: wazuh-dashboard.x86_64 0:4.3.9-1 Complete! [root@redhat7 vagrant]# ls -l /etc/init.d/ total 48 -rw-r--r--. 1 root root 18281 May 22 2020 functions -rwxr-xr-x. 1 root root 4569 May 22 2020 netconsole -rwxr-xr-x. 1 root root 7928 May 22 2020 network -rw-r--r--. 1 root root 1160 May 12 2020 README -rwxr-xr-x. 1 root root 2437 Oct 19 2017 rhnsd -rwxr-x---. 1 wazuh-dashboard wazuh-dashboard 3599 Oct 6 18:35 wazuh-dashboard [root@redhat7 vagrant]# yum localinstall wazuh-dashboard-4.4.0-wp.1880.x86_64.rpm -y Loaded plugins: product-id, search-disabled-repos Examining wazuh-dashboard-4.4.0-wp.1880.x86_64.rpm: wazuh-dashboard-4.4.0-wp.1880.x86_64 Marking wazuh-dashboard-4.4.0-wp.1880.x86_64.rpm as an update to wazuh-dashboard-4.3.9-1.x86_64 Resolving Dependencies --> Running transaction check ---> Package wazuh-dashboard.x86_64 0:4.3.9-1 will be updated ---> Package wazuh-dashboard.x86_64 0:4.4.0-wp.1880 will be an update --> Finished Dependency Resolution Dependencies Resolved ======================================================================================================== Package Arch Version Repository Size ======================================================================================================== Updating: wazuh-dashboard x86_64 4.4.0-wp.1880 /wazuh-dashboard-4.4.0-wp.1880.x86_64 709 M Transaction Summary ======================================================================================================== Upgrade 1 Package Total size: 709 M Downloading packages: Running transaction check Running transaction test Transaction test succeeded Running transaction Updating : wazuh-dashboard-4.4.0-wp.1880.x86_64 1/2 Cleanup : wazuh-dashboard-4.3.9-1.x86_64 2/2 Verifying : wazuh-dashboard-4.4.0-wp.1880.x86_64 1/2 Verifying : wazuh-dashboard-4.3.9-1.x86_64 2/2 Updated: wazuh-dashboard.x86_64 0:4.4.0-wp.1880 Complete! [root@redhat7 vagrant]# ls -l /etc/init.d/ total 48 -rw-r--r--. 1 root root 18281 May 22 2020 functions -rwxr-xr-x. 1 root root 4569 May 22 2020 netconsole -rwxr-xr-x. 1 root root 7928 May 22 2020 network -rw-r--r--. 1 root root 1160 May 12 2020 README -rwxr-xr-x. 1 root root 2437 Oct 19 2017 rhnsd -rwxr-x---. 1 wazuh-dashboard wazuh-dashboard 3682 Oct 20 15:07 wazuh-dashboard [root@redhat7 vagrant]# service wazuh-dashboard status wazuh-dashboard is not running [root@redhat7 vagrant]# service wazuh-dashboard start Starting wazuh-dashboard (via systemctl): [ OK ] [root@redhat7 vagrant]# service wazuh-dashboard status wazuh-dashboard is not running [root@redhat7 vagrant]# systemctl status wazuh-dashboard ● wazuh-dashboard.service - wazuh-dashboard Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; disabled; vendor preset: disabled) Active: failed (Result: exit-code) since Thu 2022-10-20 15:20:29 UTC; 11s ago Process: 4087 ExecStart=/usr/share/wazuh-dashboard/bin/opensearch-dashboards -c /etc/wazuh-dashboard/opensearch_dashboards.yml (code=exited, status=1/FAILURE) Main PID: 4087 (code=exited, status=1/FAILURE) Oct 20 15:20:25 redhat7 systemd[1]: Started wazuh-dashboard. Oct 20 15:20:29 redhat7 opensearch-dashboards[4087]: {"type":"log","@timestamp":"2022-10-20T15:20:29Z","tags":["info","plugins-service"],"pid":4087,"message":"Plugin \"visTypeXy\" is disabled."} Oct 20 15:20:29 redhat7 opensearch-dashboards[4087]: {"type":"log","@timestamp":"2022-10-20T15:20:29Z","tags":["info","plugins-service"],"pid":4087,"message":"Plugin \"wizard\" is disabled."} Oct 20 15:20:29 redhat7 opensearch-dashboards[4087]: {"type":"log","@timestamp":"2022-10-20T15:20:29Z","tags":["warning","config","deprecation"],"pid":4087,"message":"\"opensearch.requestHeadersW...Allowlist\""} Oct 20 15:20:29 redhat7 opensearch-dashboards[4087]: {"type":"log","@timestamp":"2022-10-20T15:20:29Z","tags":["fatal","root"],"pid":4087,"message":"Error: ENOENT: no such file or directory, open... (/usr/share/ Oct 20 15:20:29 redhat7 opensearch-dashboards[4087]: FATAL Error: ENOENT: no such file or directory, open '/etc/wazuh-dashboard/certs/dashboard-key.pem' Oct 20 15:20:29 redhat7 systemd[1]: wazuh-dashboard.service: main process exited, code=exited, status=1/FAILURE Oct 20 15:20:29 redhat7 systemd[1]: Unit wazuh-dashboard.service entered failed state. Oct 20 15:20:29 redhat7 systemd[1]: wazuh-dashboard.service failed. Hint: Some lines were ellipsized, use -l to ```

• Red Hat 9

  ``` [root@redhat9 vagrant]# ls -l /etc/init.d/ ls: cannot access '/etc/init.d/': No such file or directory [root@redhat9 vagrant]# yum localinstall wazuh-dashboard-4.3.9-1.x86_64.rpm -y Extra Packages for Enterprise Linux 9 - x86_64 7.6 MB/s | 11 MB 00:01 Last metadata expiration check: 0:00:02 ago on Thu 20 Oct 2022 03:17:26 PM UTC. Dependencies resolved. ======================================================================================================== Package Architecture Version Repository Size ======================================================================================================== Installing: wazuh-dashboard x86_64 4.3.9-1 @commandline 151 M Transaction Summary ======================================================================================================== Install 1 Package Total size: 151 M Installed size: 589 M Downloading Packages: Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Running scriptlet: wazuh-dashboard-4.3.9-1.x86_64 1/1 Installing : wazuh-dashboard-4.3.9-1.x86_64 1/1 Running scriptlet: wazuh-dashboard-4.3.9-1.x86_64 1/1 Verifying : wazuh-dashboard-4.3.9-1.x86_64 1/1 Installed products updated. Installed: wazuh-dashboard-4.3.9-1.x86_64 Complete! [root@redhat9 vagrant]# ls -l /etc/init.d/ total 4 -rwxr-x---. 1 wazuh-dashboard wazuh-dashboard 3599 Oct 6 18:35 wazuh-dashboard [root@redhat9 vagrant]# yum localinstall wazuh-dashboard-4.4.0-wp.1880.x86_64.rpm -y Last metadata expiration check: 0:01:15 ago on Thu 20 Oct 2022 03:17:26 PM UTC. Dependencies resolved. ======================================================================================================== Package Architecture Version Repository Size ======================================================================================================== Upgrading: wazuh-dashboard x86_64 4.4.0-wp.1880 @commandline 172 M Transaction Summary ======================================================================================================== Upgrade 1 Package Total size: 172 M Downloading Packages: Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Running scriptlet: wazuh-dashboard-4.4.0-wp.1880.x86_64 1/2 Upgrading : wazuh-dashboard-4.4.0-wp.1880.x86_64 1/2 Running scriptlet: wazuh-dashboard-4.4.0-wp.1880.x86_64 1/2 Running scriptlet: wazuh-dashboard-4.3.9-1.x86_64 2/2 Cleanup : wazuh-dashboard-4.3.9-1.x86_64 2/2 Running scriptlet: wazuh-dashboard-4.3.9-1.x86_64 2/2 Running scriptlet: wazuh-dashboard-4.4.0-wp.1880.x86_64 2/2 Running scriptlet: wazuh-dashboard-4.3.9-1.x86_64 2/2 Verifying : wazuh-dashboard-4.4.0-wp.1880.x86_64 1/2 Verifying : wazuh-dashboard-4.3.9-1.x86_64 2/2 Installed products updated. Upgraded: wazuh-dashboard-4.4.0-wp.1880.x86_64 Complete! [root@redhat9 vagrant]# ls -l /etc/init.d/ total 0 [root@redhat9 vagrant]# service wazuh-dashboard status Redirecting to /bin/systemctl status wazuh-dashboard.service ○ wazuh-dashboard.service - wazuh-dashboard Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; disabled; vendor preset: disabled) Active: inactive (dead) [root@redhat9 vagrant]# service wazuh-dashboard start Redirecting to /bin/systemctl start wazuh-dashboard.service [root@redhat9 vagrant]# service wazuh-dashboard status Redirecting to /bin/systemctl status wazuh-dashboard.service × wazuh-dashboard.service - wazuh-dashboard Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; disabled; vendor preset: disabled) Active: failed (Result: exit-code) since Thu 2022-10-20 15:21:31 UTC; 104ms ago Process: 4584 ExecStart=/usr/share/wazuh-dashboard/bin/opensearch-dashboards -c /etc/wazuh-dashboard/opensearch_dashboards.yml (code=exited, status=1/FAILURE) Main PID: 4584 (code=exited, status=1/FAILURE) CPU: 3.455s Oct 20 15:21:27 redhat9 systemd[1]: Started wazuh-dashboard. Oct 20 15:21:31 redhat9 opensearch-dashboards[4584]: {"type":"log","@timestamp":"2022-10-20T15:21:31Z","tags":["info","plugins-service"],"pid":4584,"message":"Plugin \"visTypeXy\" is disabled."} Oct 20 15:21:31 redhat9 opensearch-dashboards[4584]: {"type":"log","@timestamp":"2022-10-20T15:21:31Z","tags":["info","plugins-service"],"pid":4584,"message":"Plugin \"wizard\" is disabled."} Oct 20 15:21:31 redhat9 opensearch-dashboards[4584]: {"type":"log","@timestamp":"2022-10-20T15:21:31Z","tags":["warning","config","deprecation"],"pid":4584,"message":"\"opensearch.requestHeadersWhitelist\" is d> Oct 20 15:21:31 redhat9 opensearch-dashboards[4584]: {"type":"log","@timestamp":"2022-10-20T15:21:31Z","tags":["fatal","root"],"pid":4584,"message":"Error: ENOENT: no such file or directory, open '/etc/wazuh-da> Oct 20 15:21:31 redhat9 opensearch-dashboards[4584]: FATAL Error: ENOENT: no such file or directory, open '/etc/wazuh-dashboard/certs/dashboard-key.pem' Oct 20 15:21:31 redhat9 systemd[1]: wazuh-dashboard.service: Main process exited, code=exited, status=1/FAILURE Oct 20 15:21:31 redhat9 systemd[1]: wazuh-dashboard.service: Failed with result 'exit-code'. Oct 20 15:21:31 redhat9 systemd[1]: wazuh-dashboard.service: Consumed 3.455s CPU time. [root@redhat9 vagrant]# ```

Wazuh indexer install 4.4.0

+

Red Hat 7

``` [root@redhat7 vagrant]# ls -l /etc/init.d/ total 44 -rw-r--r--. 1 root root 18281 May 22 2020 functions -rwxr-xr-x. 1 root root 4569 May 22 2020 netconsole -rwxr-xr-x. 1 root root 7928 May 22 2020 network -rw-r--r--. 1 root root 1160 May 12 2020 README -rwxr-xr-x. 1 root root 2437 Oct 19 2017 rhnsd [root@redhat7 vagrant]# yum localinstall wazuh-indexer-4.4.0-wp.1880.x86_64.rpm -y Loaded plugins: product-id, search-disabled-repos Examining wazuh-indexer-4.4.0-wp.1880.x86_64.rpm: wazuh-indexer-4.4.0-wp.1880.x86_64 Marking wazuh-indexer-4.4.0-wp.1880.x86_64.rpm to be installed Resolving Dependencies --> Running transaction check ---> Package wazuh-indexer.x86_64 0:4.4.0-wp.1880 will be installed --> Finished Dependency Resolution Dependencies Resolved ======================================================================================================== Package Arch Version Repository Size ======================================================================================================== Installing: wazuh-indexer x86_64 4.4.0-wp.1880 /wazuh-indexer-4.4.0-wp.1880.x86_64 644 M Transaction Summary ======================================================================================================== Install 1 Package Total size: 644 M Installed size: 644 M Downloading packages: Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : wazuh-indexer-4.4.0-wp.1880.x86_64 1/1 Created opensearch keystore in /etc/wazuh-indexer/opensearch.keystore Verifying : wazuh-indexer-4.4.0-wp.1880.x86_64 1/1 epel/x86_64/metalink | 31 kB 00:00:00 epel/x86_64 | 4.7 kB 00:00:00 epel/x86_64/group_gz | 97 kB 00:00:00 epel/x86_64/updateinfo | 1.0 MB 00:00:00 epel/x86_64/primary_db | 7.0 MB 00:00:00 Installed: wazuh-indexer.x86_64 0:4.4.0-wp.1880 Complete! [root@redhat7 vagrant]# ls -l /etc/init.d/ total 48 -rw-r--r--. 1 root root 18281 May 22 2020 functions -rwxr-xr-x. 1 root root 4569 May 22 2020 netconsole -rwxr-xr-x. 1 root root 7928 May 22 2020 network -rw-r--r--. 1 root root 1160 May 12 2020 README -rwxr-xr-x. 1 root root 2437 Oct 19 2017 rhnsd -rw-r--r--. 1 wazuh-indexer wazuh-indexer 3703 Oct 20 15:38 wazuh-indexer [root@redhat7 vagrant]# service wazuh-indexer status env: /etc/init.d/wazuh-indexer: Permission denied [root@redhat7 vagrant]# chmod +x /etc/init.d/wazuh-indexer [root@redhat7 vagrant]# service wazuh-indexer status ● wazuh-indexer.service - Wazuh-indexer Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; disabled; vendor preset: disabled) Active: inactive (dead) Docs: https://documentation.wazuh.com [root@redhat7 vagrant]# service wazuh-indexer start Starting wazuh-indexer (via systemctl): Job for wazuh-indexer.service failed because the control process exited with error code. See "systemctl status wazuh-indexer.service" and "journalctl -xe" for details. [FAILED] [root@redhat7 vagrant]# service wazuh-indexer status ● wazuh-indexer.service - Wazuh-indexer Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; disabled; vendor preset: disabled) Active: failed (Result: exit-code) since Thu 2022-10-20 15:47:13 UTC; 9s ago Docs: https://documentation.wazuh.com Process: 4023 ExecStart=/usr/share/wazuh-indexer/bin/systemd-entrypoint -p ${PID_DIR}/wazuh-indexer.pid --quiet (code=exited, status=1/FAILURE) Main PID: 4023 (code=exited, status=1/FAILURE) Oct 20 15:47:13 redhat7 systemd-entrypoint[4023]: at org.opensearch.cli.EnvironmentAwareCommand.ex...04) Oct 20 15:47:13 redhat7 systemd-entrypoint[4023]: at org.opensearch.cli.Command.mainWithoutErrorHa...38) Oct 20 15:47:13 redhat7 systemd-entrypoint[4023]: at org.opensearch.cli.Command.main(Command.java:101) Oct 20 15:47:13 redhat7 systemd-entrypoint[4023]: at org.opensearch.bootstrap.OpenSearch.main(Open...37) Oct 20 15:47:13 redhat7 systemd-entrypoint[4023]: at org.opensearch.bootstrap.OpenSearch.main(Open...03) Oct 20 15:47:13 redhat7 systemd-entrypoint[4023]: For complete error details, refer to the log at ...log Oct 20 15:47:13 redhat7 systemd[1]: wazuh-indexer.service: main process exited, code=exited, stat...LURE Oct 20 15:47:13 redhat7 systemd[1]: Failed to start Wazuh-indexer. Oct 20 15:47:13 redhat7 systemd[1]: Unit wazuh-indexer.service entered failed state. Oct 20 15:47:13 redhat7 systemd[1]: wazuh-indexer.service failed. Hint: Some lines were ellipsized, use -l to show in full. [root@redhat7 vagrant]# ```

• Red Hat 9

  ``` [root@redhat9 vagrant]# ls -l /etc/init.d ls: cannot access '/etc/init.d': No such file or directory [root@redhat9 vagrant]# yum localinstall wazuh-indexer-4.4.0-wp.1880.x86_64.rpm -y Extra Packages for Enterprise Linux 9 - x86_64 8.9 MB/s | 11 MB 00:01 Last metadata expiration check: 0:00:02 ago on Thu 20 Oct 2022 03:46:18 PM UTC. Dependencies resolved. ======================================================================================================== Package Architecture Version Repository Size ======================================================================================================== Installing: wazuh-indexer x86_64 4.4.0-wp.1880 @commandline 397 M Transaction Summary ======================================================================================================== Install 1 Package Total size: 397 M Installed size: 644 M Downloading Packages: Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Running scriptlet: wazuh-indexer-4.4.0-wp.1880.x86_64 1/1 Installing : wazuh-indexer-4.4.0-wp.1880.x86_64 1/1 Running scriptlet: wazuh-indexer-4.4.0-wp.1880.x86_64 1/1 Created opensearch keystore in /etc/wazuh-indexer/opensearch.keystore Couldn't write '64' to 'kernel/random/read_wakeup_threshold', ignoring: No such file or directory Verifying : wazuh-indexer-4.4.0-wp.1880.x86_64 1/1 Installed products updated. Installed: wazuh-indexer-4.4.0-wp.1880.x86_64 Complete! [root@redhat9 vagrant]# ls -l /etc/init.d/ total 0 [root@redhat9 vagrant]# service wazuh-indexer status Redirecting to /bin/systemctl status wazuh-indexer.service ○ wazuh-indexer.service - Wazuh-indexer Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; disabled; vendor preset: disabled) Active: inactive (dead) Docs: https://documentation.wazuh.com [root@redhat9 vagrant]# service wazuh-indexer start Redirecting to /bin/systemctl start wazuh-indexer.service Job for wazuh-indexer.service failed because the control process exited with error code. See "systemctl status wazuh-indexer.service" and "journalctl -xeu wazuh-indexer.service" for details. [root@redhat9 vagrant]# service wazuh-indexer status Redirecting to /bin/systemctl status wazuh-indexer.service × wazuh-indexer.service - Wazuh-indexer Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; disabled; vendor preset: disabled) Active: failed (Result: exit-code) since Thu 2022-10-20 15:47:57 UTC; 1s ago Docs: https://documentation.wazuh.com Process: 4479 ExecStart=/usr/share/wazuh-indexer/bin/systemd-entrypoint -p ${PID_DIR}/wazuh-indexer.pid --quiet (code=exited, status=1/FAILURE) Main PID: 4479 (code=exited, status=1/FAILURE) CPU: 5.223s Oct 20 15:47:57 redhat9 systemd-entrypoint[4479]: at org.opensearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:104) Oct 20 15:47:57 redhat9 systemd-entrypoint[4479]: at org.opensearch.cli.Command.mainWithoutErrorHandling(Command.java:138) Oct 20 15:47:57 redhat9 systemd-entrypoint[4479]: at org.opensearch.cli.Command.main(Command.java:101) Oct 20 15:47:57 redhat9 systemd-entrypoint[4479]: at org.opensearch.bootstrap.OpenSearch.main(OpenSearch.java:137) Oct 20 15:47:57 redhat9 systemd-entrypoint[4479]: at org.opensearch.bootstrap.OpenSearch.main(OpenSearch.java:103) Oct 20 15:47:57 redhat9 systemd-entrypoint[4479]: For complete error details, refer to the log at /var/log/wazuh-indexer/wazuh-cluster.log Oct 20 15:47:57 redhat9 systemd[1]: wazuh-indexer.service: Main process exited, code=exited, status=1/FAILURE Oct 20 15:47:57 redhat9 systemd[1]: wazuh-indexer.service: Failed with result 'exit-code'. Oct 20 15:47:57 redhat9 systemd[1]: Failed to start Wazuh-indexer. Oct 20 15:47:57 redhat9 systemd[1]: wazuh-indexer.service: Consumed 5.223s CPU time. [root@redhat9 vagrant]# ```

Wazuh indexer upgrade 4.3.9 -> 4.4.0

+

Red Hat 7

``` [root@redhat7 vagrant]# ls -l /etc/init.d/ total 44 -rw-r--r--. 1 root root 18281 May 22 2020 functions -rwxr-xr-x. 1 root root 4569 May 22 2020 netconsole -rwxr-xr-x. 1 root root 7928 May 22 2020 network -rw-r--r--. 1 root root 1160 May 12 2020 README -rwxr-xr-x. 1 root root 2437 Oct 19 2017 rhnsd [root@redhat7 vagrant]# yum localinstall wazuh-indexer-4.3 wazuh-indexer-4.3.9-1.x86_64.rpm [root@redhat7 vagrant]# yum localinstall wazuh-indexer-4.3.9-1.x86_64.rpm -y Loaded plugins: product-id, search-disabled-repos Examining wazuh-indexer-4.3.9-1.x86_64.rpm: wazuh-indexer-4.3.9-1.x86_64 Marking wazuh-indexer-4.3.9-1.x86_64.rpm to be installed Resolving Dependencies --> Running transaction check ---> Package wazuh-indexer.x86_64 0:4.3.9-1 will be installed --> Finished Dependency Resolution Dependencies Resolved ======================================================================================================== Package Arch Version Repository Size ======================================================================================================== Installing: wazuh-indexer x86_64 4.3.9-1 /wazuh-indexer-4.3.9-1.x86_64 614 M Transaction Summary ======================================================================================================== Install 1 Package Total size: 614 M Installed size: 614 M Downloading packages: Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : wazuh-indexer-4.3.9-1.x86_64 1/1 Created opensearch keystore in /etc/wazuh-indexer/opensearch.keystore Verifying : wazuh-indexer-4.3.9-1.x86_64 1/1 epel/x86_64/metalink | 31 kB 00:00:00 epel/x86_64 | 4.7 kB 00:00:00 epel/x86_64/group_gz | 97 kB 00:00:00 epel/x86_64/updateinfo | 1.0 MB 00:00:00 epel/x86_64/primary_db | 7.0 MB 00:00:00 Installed: wazuh-indexer.x86_64 0:4.3.9-1 Complete! [root@redhat7 vagrant]# ls -l /etc/init.d/ total 48 -rw-r--r--. 1 root root 18281 May 22 2020 functions -rwxr-xr-x. 1 root root 4569 May 22 2020 netconsole -rwxr-xr-x. 1 root root 7928 May 22 2020 network -rw-r--r--. 1 root root 1160 May 12 2020 README -rwxr-xr-x. 1 root root 2437 Oct 19 2017 rhnsd -rwxr-x---. 1 root root 3703 Oct 6 14:28 wazuh-indexer [root@redhat7 vagrant]# yum localinstall wazuh-indexer-4.4.0-wp.1880.x86_64.rpm -y Loaded plugins: product-id, search-disabled-repos Examining wazuh-indexer-4.4.0-wp.1880.x86_64.rpm: wazuh-indexer-4.4.0-wp.1880.x86_64 Marking wazuh-indexer-4.4.0-wp.1880.x86_64.rpm as an update to wazuh-indexer-4.3.9-1.x86_64 Resolving Dependencies --> Running transaction check ---> Package wazuh-indexer.x86_64 0:4.3.9-1 will be updated ---> Package wazuh-indexer.x86_64 0:4.4.0-wp.1880 will be an update --> Finished Dependency Resolution Dependencies Resolved ======================================================================================================== Package Arch Version Repository Size ======================================================================================================== Updating: wazuh-indexer x86_64 4.4.0-wp.1880 /wazuh-indexer-4.4.0-wp.1880.x86_64 644 M Transaction Summary ======================================================================================================== Upgrade 1 Package Total size: 644 M Downloading packages: Running transaction check Running transaction test Transaction test succeeded Running transaction Updating : wazuh-indexer-4.4.0-wp.1880.x86_64 1/2 Cleanup : wazuh-indexer-4.3.9-1.x86_64 2/2 Verifying : wazuh-indexer-4.4.0-wp.1880.x86_64 1/2 Verifying : wazuh-indexer-4.3.9-1.x86_64 2/2 Updated: wazuh-indexer.x86_64 0:4.4.0-wp.1880 Complete! [root@redhat7 vagrant]# ls -l /etc/init.d/ total 48 -rw-r--r--. 1 root root 18281 May 22 2020 functions -rwxr-xr-x. 1 root root 4569 May 22 2020 netconsole -rwxr-xr-x. 1 root root 7928 May 22 2020 network -rw-r--r--. 1 root root 1160 May 12 2020 README -rwxr-xr-x. 1 root root 2437 Oct 19 2017 rhnsd -rw-r--r--. 1 wazuh-indexer wazuh-indexer 3703 Oct 20 15:38 wazuh-indexer [root@redhat7 vagrant]# service wazuh-indexer status env: /etc/init.d/wazuh-indexer: Permission denied [root@redhat7 vagrant]# chmod +x /etc/init.d/wazuh-indexer [root@redhat7 vagrant]# service wazuh-indexer status ● wazuh-indexer.service - Wazuh-indexer Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; disabled; vendor preset: disabled) Active: inactive (dead) Docs: https://documentation.wazuh.com [root@redhat7 vagrant]# service wazuh-indexer start Starting wazuh-indexer (via systemctl): Job for wazuh-indexer.service failed because the control process exited with error code. See "systemctl status wazuh-indexer.service" and "journalctl -xe" for details. [FAILED] [root@redhat7 vagrant]# service wazuh-indexer status ● wazuh-indexer.service - Wazuh-indexer Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; disabled; vendor preset: disabled) Active: failed (Result: exit-code) since Thu 2022-10-20 15:53:15 UTC; 4s ago Docs: https://documentation.wazuh.com Process: 4197 ExecStart=/usr/share/wazuh-indexer/bin/systemd-entrypoint -p ${PID_DIR}/wazuh-indexer.pid --quiet (code=exited, status=1/FAILURE) Main PID: 4197 (code=exited, status=1/FAILURE) Oct 20 15:53:14 redhat7 systemd-entrypoint[4197]: at org.opensearch.cli.EnvironmentAwareCommand.ex...04) Oct 20 15:53:14 redhat7 systemd-entrypoint[4197]: at org.opensearch.cli.Command.mainWithoutErrorHa...38) Oct 20 15:53:14 redhat7 systemd-entrypoint[4197]: at org.opensearch.cli.Command.main(Command.java:101) Oct 20 15:53:14 redhat7 systemd-entrypoint[4197]: at org.opensearch.bootstrap.OpenSearch.main(Open...37) Oct 20 15:53:14 redhat7 systemd-entrypoint[4197]: at org.opensearch.bootstrap.OpenSearch.main(Open...03) Oct 20 15:53:14 redhat7 systemd-entrypoint[4197]: For complete error details, refer to the log at ...log Oct 20 15:53:15 redhat7 systemd[1]: wazuh-indexer.service: main process exited, code=exited, stat...LURE Oct 20 15:53:15 redhat7 systemd[1]: Failed to start Wazuh-indexer. Oct 20 15:53:15 redhat7 systemd[1]: Unit wazuh-indexer.service entered failed state. Oct 20 15:53:15 redhat7 systemd[1]: wazuh-indexer.service failed. Hint: Some lines were ellipsized, use -l to show in full. [root@redhat7 vagrant]# yum remove wazuh-indexer.x86_64 -y Loaded plugins: product-id, search-disabled-repos Resolving Dependencies --> Running transaction check ---> Package wazuh-indexer.x86_64 0:4.4.0-wp.1880 will be erased --> Finished Dependency Resolution Dependencies Resolved ======================================================================================================== Package Arch Version Repository Size ======================================================================================================== Removing: wazuh-indexer x86_64 4.4.0-wp.1880 @/wazuh-indexer-4.4.0-wp.1880.x86_64 644 M Transaction Summary ======================================================================================================== Remove 1 Package Installed size: 644 M Downloading packages: Running transaction check Running transaction test Transaction test succeeded Running transaction Stopping wazuh-indexer service... OK Erasing : wazuh-indexer-4.4.0-wp.1880.x86_64 1/1 Verifying : wazuh-indexer-4.4.0-wp.1880.x86_64 1/1 Removed: wazuh-indexer.x86_64 0:4.4.0-wp.1880 Complete! [root@redhat7 vagrant]# ls -l /etc/init.d/ total 44 -rw-r--r--. 1 root root 18281 May 22 2020 functions -rwxr-xr-x. 1 root root 4569 May 22 2020 netconsole -rwxr-xr-x. 1 root root 7928 May 22 2020 network -rw-r--r--. 1 root root 1160 May 12 2020 README -rwxr-xr-x. 1 root root 2437 Oct 19 2017 rhnsd [root@redhat7 vagrant]# ```

• Red Hat 9

  ``` [root@redhat9 vagrant]# ls -l /etc/init.d/ ls: cannot access '/etc/init.d/': No such file or directory [root@redhat9 vagrant]# yum localinstall wazuh-indexer-4.3.9-1.x86_64.rpm -y Extra Packages for Enterprise Linux 9 - x86_64 6.2 MB/s | 11 MB 00:01 Last metadata expiration check: 0:00:02 ago on Thu 20 Oct 2022 03:51:06 PM UTC. Dependencies resolved. ======================================================================================================== Package Architecture Version Repository Size ======================================================================================================== Installing: wazuh-indexer x86_64 4.3.9-1 @commandline 361 M Transaction Summary ======================================================================================================== Install 1 Package Total size: 361 M Installed size: 614 M Downloading Packages: Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Running scriptlet: wazuh-indexer-4.3.9-1.x86_64 1/1 Installing : wazuh-indexer-4.3.9-1.x86_64 1/1 Running scriptlet: wazuh-indexer-4.3.9-1.x86_64 1/1 Created opensearch keystore in /etc/wazuh-indexer/opensearch.keystore Couldn't write '64' to 'kernel/random/read_wakeup_threshold', ignoring: No such file or directory Verifying : wazuh-indexer-4.3.9-1.x86_64 1/1 Installed products updated. Installed: wazuh-indexer-4.3.9-1.x86_64 Complete! [root@redhat9 vagrant]# ls -l /etc/init.d/ total 4 -rwxr-x---. 1 root root 3703 Oct 6 14:28 wazuh-indexer [root@redhat9 vagrant]# yum localinstall wazuh-indexer-4.4.0-wp.1880.x86_64.rpm -y Last metadata expiration check: 0:00:51 ago on Thu 20 Oct 2022 03:51:06 PM UTC. Dependencies resolved. ======================================================================================================== Package Architecture Version Repository Size ======================================================================================================== Upgrading: wazuh-indexer x86_64 4.4.0-wp.1880 @commandline 397 M Transaction Summary ======================================================================================================== Upgrade 1 Package Total size: 397 M Downloading Packages: Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Running scriptlet: wazuh-indexer-4.4.0-wp.1880.x86_64 1/2 Upgrading : wazuh-indexer-4.4.0-wp.1880.x86_64 1/2 Running scriptlet: wazuh-indexer-4.4.0-wp.1880.x86_64 1/2 Running scriptlet: wazuh-indexer-4.3.9-1.x86_64 2/2 Cleanup : wazuh-indexer-4.3.9-1.x86_64 2/2 Running scriptlet: wazuh-indexer-4.3.9-1.x86_64 2/2 Running scriptlet: wazuh-indexer-4.4.0-wp.1880.x86_64 2/2 Running scriptlet: wazuh-indexer-4.3.9-1.x86_64 2/2 Couldn't write '64' to 'kernel/random/read_wakeup_threshold', ignoring: No such file or directory Verifying : wazuh-indexer-4.4.0-wp.1880.x86_64 1/2 Verifying : wazuh-indexer-4.3.9-1.x86_64 2/2 Installed products updated. Upgraded: wazuh-indexer-4.4.0-wp.1880.x86_64 Complete! [root@redhat9 vagrant]# ls -l /etc/init.d/ total 0 [root@redhat9 vagrant]# service wazuh-indexer status Redirecting to /bin/systemctl status wazuh-indexer.service ○ wazuh-indexer.service - Wazuh-indexer Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; disabled; vendor preset: disabled) Active: inactive (dead) Docs: https://documentation.wazuh.com [root@redhat9 vagrant]# service wazuh-indexer start Redirecting to /bin/systemctl start wazuh-indexer.service Job for wazuh-indexer.service failed because the control process exited with an error code. See "systemctl status wazuh-indexer.service" and "journalctl -xeu wazuh-indexer.service" for details. [root@redhat9 vagrant]# ```

---

Wazuh dashboard and Wazuh indexer stack tests

System	Build	Result	Artifacts
CentOS 7	https://devel.ci.wazuh.info/view/Tests/job/Test_install_stack/546/console	:green_circle:	archive_CentOS7.zip
CentOS 8	https://devel.ci.wazuh.info/view/Tests/job/Test_install_stack/547/console	:green_circle:	archive_CentOS8.zip
Red Hat 7	https://devel.ci.wazuh.info/view/Tests/job/Test_install_stack/548/console	:green_circle:	archive_RedHat7.zip
Red Hat 8	https://devel.ci.wazuh.info/view/Tests/job/Test_install_stack/549/console	:green_circle:	archive_RedHat8.zip
Red Hat 9	https://devel.ci.wazuh.info/view/Tests/job/Test_install_stack/550/console	:green_circle:	archive_RedHat9.zip
Amazon Linux 2	https://devel.ci.wazuh.info/view/Tests/job/Test_install_stack/551/console	:green_circle:	archive_AmazonLinux2.zip

---

About CentOS 9 Stream and Fedora 36

• A different behavior has been found for the Wazuh server regarding the init.d service.
• In the proposed fix for the Wazuh dashboard and Wazuh indexer, the value of NAME and VERSION of the /etc/os-release file is checked, so if NAME contains the value Red Hat Enterprise Linux and VERSION contains the value 9 or higher, the service in init.d is removed. This is the behavior that is performed in the Wazuh server SPEC file, so it is expected that the Wazuh indexer and Wazuh dashboard do not remove the init.d service on CentOS 9 Stream and Fedora 36 systems, ​​however, Wazuh server does not install the file in the init.d directory and the cause of this has not been found in the Wazuh server SPEC file.
• In any case, CentOS 9 Stream and Fedora 36 are not systems on the recommended list, so they cannot be taken into account explicitly. If these systems were to be part of the list of recommended systems at some point, it would suffice to add in the conditional what is necessary for it to match according to the /etc/os-release file.

[rauldpm]

Update report

After an investigation of the problem in CentOS 9 Stream and Fedora 36, the following has been discovered:

• The behavior of the Wazuh dashboard and Wazuh indexer is the same as the Wazuh server
  • CentOS 7: init.d services are created in /etc/rc.d/init.d
  • CentOS 9 Stream: init.d services are created in /etc/rc.d/init.d
  • Red Hat 7: init.d services are created in /etc/rc.d/init.d
  • Red Hat 9: init.d services are not created in /etc/rc.d/init.d

This behavior of the Wazuh dashboard and Wazuh indexer differs from OpenSearch and OpenSearch dashboards, which in CentOS 9 Stream and Red Hat 9 install the init.d service in /etc/init.d, this is because these systems have left to actively use init.d in favor of systemd and that directory is no longer a link to /etc/rc.d/init.d, thus presenting the errors reported in this issue.

That said since such systems are not on the recommended list, no further action is required for such behavior in the CentOS 9 Stream and Fedora 36 systems with the Wazuh server install process.

---

The changes requested in the pull requests have been worked on.