search

wazuh / wazuh-packages

Wazuh - Tools for packages creation
https://wazuh.com
GNU General Public License v2.0
105 stars 96 forks source link

Bump Wazuh dashboard to OpenSearch Dashboards 2.10.0 #2521

Closed rauldpm closed 1 year ago

rauldpm commented 1 year ago

Description

It is necessary to adapt the Wazuh dashboard to version 2.10.0 of OpenSearch Dashboards Request: https://github.com/wazuh/internal-devel-requests/issues/301

Tasks

Validation

Working branch

rauldpm commented 1 year ago

Update report - Build Base and APP

2023/10/16

2023/10/17

─➤  bash generate_base.sh -r wp2521 --app-url https://packages-dev.wazuh.com/warehouse/test/4.8/ui/dashboard/wazuh-4.8.0-wp2521.zip                                                                           1 ↵
[+] Building 0.5s (12/12) FINISHED 
...
Successfully installed pathfix.py-0.6.2
sed: can't read ./src/plugins/dashboard/target/public/dashboard.chunk.1.js: No such file or directory
# Remove "New to OpenSearch Dashboards" message with link to OpenSearch Dashboards sample data in Dashboard plugin
sed -i 's|external_osdSharedDeps_React_default.a.createElement("p",null,external_osdSharedDeps_React_default.a.createElement(external_osdSharedDeps_OsdI18nReact_\["FormattedMessage"\],{id:"dashboard.listing.createNewDashboard.newToOpenSearchDashboardsDescription",defaultMessage:"New to OpenSearch Dashboards|false\&\&external_osdSharedDeps_React_default.a.createElement("p",null,external_osdSharedDeps_React_default.a.createElement(external_osdSharedDeps_OsdI18nReact_["FormattedMessage"],{id:"dashboard.listing.createNewDashboard.newToOpenSearchDashboardsDescription",defaultMessage:"New to OpenSearch Dashboards|' ./src/plugins/dashboard/target/public/dashboard.chunk.1.js
gzip -c ./src/plugins/dashboard/target/public/dashboard.chunk.1.js > ./src/plugins/dashboard/target/public/dashboard.chunk.1.js.gz
brotli -c ./src/plugins/dashboard/target/public/dashboard.chunk.1.js > ./src/plugins/dashboard/target/public/dashboard.chunk.1.js.br
rauldpm commented 1 year ago

Update report - Build RPM and DEB

rauldpm commented 1 year ago

Analysis report - RPM

Install :green_circle: ``` [root@centos7 vagrant]# yum localinstall https://packages-dev.wazuh.com/warehouse/test/4.8/rpm/var/wazuh-dashboard-4.8.0-wp2521.x86_64.rpm Loaded plugins: fastestmirror wazuh-dashboard-4.8.0-wp2521.x86_64.rpm | 269 MB 00:00:12 Examining /var/tmp/yum-root-EwxXS9/wazuh-dashboard-4.8.0-wp2521.x86_64.rpm: wazuh-dashboard-4.8.0-wp2521.x86_64 Marking /var/tmp/yum-root-EwxXS9/wazuh-dashboard-4.8.0-wp2521.x86_64.rpm to be installed Resolving Dependencies --> Running transaction check ---> Package wazuh-dashboard.x86_64 0:4.8.0-wp2521 will be installed --> Finished Dependency Resolution Dependencies Resolved =================================================================================================================================================================================================================== Package Arch Version Repository Size =================================================================================================================================================================================================================== Installing: wazuh-dashboard x86_64 4.8.0-wp2521 /wazuh-dashboard-4.8.0-wp2521.x86_64 891 M Transaction Summary =================================================================================================================================================================================================================== Install 1 Package Total size: 891 M Installed size: 891 M Is this ok [y/d/N]: y Downloading packages: Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : wazuh-dashboard-4.8.0-wp2521.x86_64 1/1 Verifying : wazuh-dashboard-4.8.0-wp2521.x86_64 1/1 Installed: wazuh-dashboard.x86_64 0:4.8.0-wp2521 Complete! ```
Certificate copy :green_circle: ``` [root@centos7 vagrant]# NODE_NAME=dashboard-1 [root@centos7 vagrant]# mkdir /etc/wazuh-dashboard/certs [root@centos7 vagrant]# tar -xf ./wazuh-certificates.tar -C /etc/wazuh-dashboard/certs/ ./$NODE_NAME.pem ./$NODE_NAME-key.pem ./root-ca.pem [root@centos7 vagrant]# mv -n /etc/wazuh-dashboard/certs/$NODE_NAME.pem /etc/wazuh-dashboard/certs/dashboard.pem [root@centos7 vagrant]# mv -n /etc/wazuh-dashboard/certs/$NODE_NAME-key.pem /etc/wazuh-dashboard/certs/dashboard-key.pem [root@centos7 vagrant]# chmod 500 /etc/wazuh-dashboard/certs [root@centos7 vagrant]# chmod 400 /etc/wazuh-dashboard/certs/* [root@centos7 vagrant]# chown -R wazuh-dashboard:wazuh-dashboard /etc/wazuh-dashboard/certs ```
Start service :red_circle: ``` [root@centos7 vagrant]# systemctl daemon-reload [root@centos7 vagrant]# systemctl enable wazuh-dashboard Created symlink from /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service to /etc/systemd/system/wazuh-dashboard.service. [root@centos7 vagrant]# systemctl start wazuh-dashboard [root@centos7 vagrant]# systemctl status wazuh-dashboard.service ● wazuh-dashboard.service - wazuh-dashboard Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; enabled; vendor preset: disabled) Active: failed (Result: exit-code) since Tue 2023-10-17 17:38:02 UTC; 5s ago Process: 6830 ExecStart=/usr/share/wazuh-dashboard/bin/opensearch-dashboards -c /etc/wazuh-dashboard/opensearch_dashboards.yml (code=exited, status=1/FAILURE) Main PID: 6830 (code=exited, status=1/FAILURE) Oct 17 17:38:00 centos7 systemd[1]: Started wazuh-dashboard. Oct 17 17:38:02 centos7 opensearch-dashboards[6830]: {"type":"log","@timestamp":"2023-10-17T17:38:02Z","tags":["info","plugins-service"],"pid":6830,"message":"Plugin \"dataSourceManagement\" has ...dataSource]"} Oct 17 17:38:02 centos7 opensearch-dashboards[6830]: {"type":"log","@timestamp":"2023-10-17T17:38:02Z","tags":["info","plugins-service"],"pid":6830,"message":"Plugin \"dataSource\" is disabled."} Oct 17 17:38:02 centos7 opensearch-dashboards[6830]: {"type":"log","@timestamp":"2023-10-17T17:38:02Z","tags":["info","plugins-service"],"pid":6830,"message":"Plugin \"visTypeXy\" is disabled."} Oct 17 17:38:02 centos7 opensearch-dashboards[6830]: {"type":"log","@timestamp":"2023-10-17T17:38:02Z","tags":["fatal","root"],"pid":6830,"message":"Error: listen EACCES: permission denied 0.0.0.0:443\n at... Oct 17 17:38:02 centos7 opensearch-dashboards[6830]: FATAL Error: listen EACCES: permission denied 0.0.0.0:443 Oct 17 17:38:02 centos7 systemd[1]: wazuh-dashboard.service: main process exited, code=exited, status=1/FAILURE Oct 17 17:38:02 centos7 systemd[1]: Unit wazuh-dashboard.service entered failed state. Oct 17 17:38:02 centos7 systemd[1]: wazuh-dashboard.service failed. Hint: Some lines were ellipsized, use -l to show in full. ```

Analysis of service error

[root@centos7 vagrant]# /usr/share/wazuh-dashboard/bin/opensearch-dashboards -c /etc/wazuh-dashboard/opensearch_dashboards.yml 
OpenSearch Dashboards should not be run as root.  Use --allow-root to continue.
[root@centos7 vagrant]# /usr/share/wazuh-dashboard/bin/opensearch-dashboards --allow-root -c /etc/wazuh-dashboard/opensearch_dashboards.yml 
  log   [19:07:07.430] [info][plugins-service] Plugin "dataSourceManagement" has been disabled since the following direct or transitive dependencies are missing or disabled: [dataSource]
  log   [19:07:07.433] [info][plugins-service] Plugin "dataSource" is disabled.
  log   [19:07:07.433] [info][plugins-service] Plugin "visTypeXy" is disabled.
  log   [19:07:07.520] [info][plugins-system] Setting up [47] plugins: [usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,share,opensearchUiShared,legacyExport,embeddable,expressions,data,home,apmOss,savedObjects,reportsDashboards,dashboard,mlCommonsDashboards,visualizations,visTypeVega,visTypeTimeline,visTypeTable,visTypeMarkdown,visBuilder,visAugmenter,alertingDashboards,tileMap,regionMap,customImportMapDashboards,inputControlVis,ganttChartDashboards,visualize,indexManagementDashboards,notificationsDashboards,management,indexPatternManagement,advancedSettings,console,dataExplorer,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,discover,savedObjectsManagement,securityDashboards,wazuh,bfetch]
  log   [19:07:07.692] [info][savedobjects-service] Waiting until all OpenSearch nodes are compatible with OpenSearch Dashboards before starting saved objects migrations...
  log   [19:07:07.709] [info][savedobjects-service] Starting saved objects migrations
  log   [19:07:07.741] [info][plugins-system] Starting [47] plugins: [usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,share,opensearchUiShared,legacyExport,embeddable,expressions,data,home,apmOss,savedObjects,reportsDashboards,dashboard,mlCommonsDashboards,visualizations,visTypeVega,visTypeTimeline,visTypeTable,visTypeMarkdown,visBuilder,visAugmenter,alertingDashboards,tileMap,regionMap,customImportMapDashboards,inputControlVis,ganttChartDashboards,visualize,indexManagementDashboards,notificationsDashboards,management,indexPatternManagement,advancedSettings,console,dataExplorer,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,discover,savedObjectsManagement,securityDashboards,wazuh,bfetch]
  log   [19:07:07.892] [info][listening] Server running at https://0.0.0.0:443
[root@centos7 vagrant]# /usr/share/wazuh-dashboard/bin/opensearch-dashboards -c /etc/wazuh-dashboard/opensearch_dashboards.yml 
OpenSearch Dashboards should not be run as root.  Use --allow-root to continue.
[root@centos7 vagrant]# /usr/share/opensearch-dashboards/bin/opensearch-dashboards -c /etc/opensearch-dashboards/opensearch_dashboards.yml 
OpenSearch Dashboards should not be run as root.  Use --allow-root to continue.
[root@centos7 vagrant]# /usr/share/wazuh-dashboard/node/fallback/bin/node --version
v14.21.3
[root@centos7 vagrant]# /usr/share/wazuh-dashboard/node/bin/node --version
/usr/share/wazuh-dashboard/node/bin/node: /lib64/libm.so.6: version `GLIBC_2.27' not found (required by /usr/share/wazuh-dashboard/node/bin/node)
/usr/share/wazuh-dashboard/node/bin/node: /lib64/libc.so.6: version `GLIBC_2.25' not found (required by /usr/share/wazuh-dashboard/node/bin/node)
/usr/share/wazuh-dashboard/node/bin/node: /lib64/libc.so.6: version `GLIBC_2.28' not found (required by /usr/share/wazuh-dashboard/node/bin/node)
/usr/share/wazuh-dashboard/node/bin/node: /lib64/libstdc++.so.6: version `CXXABI_1.3.9' not found (required by /usr/share/wazuh-dashboard/node/bin/node)
/usr/share/wazuh-dashboard/node/bin/node: /lib64/libstdc++.so.6: version `GLIBCXX_3.4.20' not found (required by /usr/share/wazuh-dashboard/node/bin/node)
/usr/share/wazuh-dashboard/node/bin/node: /lib64/libstdc++.so.6: version `GLIBCXX_3.4.21' not found (required by /usr/share/wazuh-dashboard/node/bin/node)
setcap 'cap_net_bind_service=+ep' /usr/share/wazuh-dashboard/node/fallback/bin/node
rauldpm commented 1 year ago

Analysis report - RPM

Install, certificates, service :green_circle: ``` [root@centos7 vagrant]# yum localinstall wazuh-dashboard-4.8.0-wp2521.x86_64.rpm -y Loaded plugins: fastestmirror Examining wazuh-dashboard-4.8.0-wp2521.x86_64.rpm: wazuh-dashboard-4.8.0-wp2521.x86_64 Marking wazuh-dashboard-4.8.0-wp2521.x86_64.rpm to be installed Resolving Dependencies --> Running transaction check ---> Package wazuh-dashboard.x86_64 0:4.8.0-wp2521 will be installed --> Finished Dependency Resolution Dependencies Resolved =================================================================================================================================================================================================================== Package Arch Version Repository Size =================================================================================================================================================================================================================== Installing: wazuh-dashboard x86_64 4.8.0-wp2521 /wazuh-dashboard-4.8.0-wp2521.x86_64 891 M Transaction Summary =================================================================================================================================================================================================================== Install 1 Package Total size: 891 M Installed size: 891 M Downloading packages: Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : wazuh-dashboard-4.8.0-wp2521.x86_64 1/1 chmod: cannot access ‘/etc/wazuh-dashboard/opensearch_dashboards.keystore’: No such file or directory Verifying : wazuh-dashboard-4.8.0-wp2521.x86_64 1/1 Installed: wazuh-dashboard.x86_64 0:4.8.0-wp2521 Complete! [root@centos7 vagrant]# nano /etc/wazuh-dashboard/opensearch_dashboards.yml ``` ``` [root@centos7 vagrant]# NODE_NAME=dashboard-1 [root@centos7 vagrant]# mkdir /etc/wazuh-dashboard/certs [root@centos7 vagrant]# tar -xf ./wazuh-certificates.tar -C /etc/wazuh-dashboard/certs/ ./$NODE_NAME.pem ./$NODE_NAME-key.pem ./root-ca.pem [root@centos7 vagrant]# mv -n /etc/wazuh-dashboard/certs/$NODE_NAME.pem /etc/wazuh-dashboard/certs/dashboard.pem [root@centos7 vagrant]# mv -n /etc/wazuh-dashboard/certs/$NODE_NAME-key.pem /etc/wazuh-dashboard/certs/dashboard-key.pem [root@centos7 vagrant]# chmod 500 /etc/wazuh-dashboard/certs [root@centos7 vagrant]# chmod 400 /etc/wazuh-dashboard/certs/* [root@centos7 vagrant]# chown -R wazuh-dashboard:wazuh-dashboard /etc/wazuh-dashboard/certs ``` ``` [root@centos7 vagrant]# systemctl status wazuh-dashboard.service ● wazuh-dashboard.service - wazuh-dashboard Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; enabled; vendor preset: disabled) Active: active (running) since Thu 2023-10-19 13:55:42 UTC; 4s ago Main PID: 4930 (node) CGroup: /system.slice/wazuh-dashboard.service └─4930 /usr/share/wazuh-dashboard/node/fallback/bin/node --no-warnings --max-http-header-size=65536 --unhandled-rejections=warn /usr/share/wazuh-dashboard/src/cli/dist Oct 19 13:55:42 centos7 systemd[1]: Started wazuh-dashboard. Oct 19 13:55:44 centos7 opensearch-dashboards[4930]: {"type":"log","@timestamp":"2023-10-19T13:55:44Z","tags":["info","plugins-service"],"pid":4930,"message":"Plugin \"dataSourceManagement\" has ...dataSource]"} Oct 19 13:55:44 centos7 opensearch-dashboards[4930]: {"type":"log","@timestamp":"2023-10-19T13:55:44Z","tags":["info","plugins-service"],"pid":4930,"message":"Plugin \"dataSource\" is disabled."} Oct 19 13:55:44 centos7 opensearch-dashboards[4930]: {"type":"log","@timestamp":"2023-10-19T13:55:44Z","tags":["info","plugins-service"],"pid":4930,"message":"Plugin \"visTypeXy\" is disabled."} Oct 19 13:55:44 centos7 opensearch-dashboards[4930]: {"type":"log","@timestamp":"2023-10-19T13:55:44Z","tags":["info","plugins-system"],"pid":4930,"message":"Setting up [47] plugins: [usageCollec...s,data,home,a Oct 19 13:55:44 centos7 opensearch-dashboards[4930]: {"type":"log","@timestamp":"2023-10-19T13:55:44Z","tags":["info","savedobjects-service"],"pid":4930,"message":"Waiting until all OpenSearch no...grations..."} Oct 19 13:55:44 centos7 opensearch-dashboards[4930]: {"type":"log","@timestamp":"2023-10-19T13:55:44Z","tags":["error","opensearch","data"],"pid":4930,"message":"[ResponseError]: Response Error"} Oct 19 13:55:44 centos7 opensearch-dashboards[4930]: {"type":"log","@timestamp":"2023-10-19T13:55:44Z","tags":["error","savedobjects-service"],"pid":4930,"message":"Unable to retrieve version inf...arch nodes."} Hint: Some lines were ellipsized, use -l to show in full ```
WUI access :red_circle: ![image](https://github.com/wazuh/wazuh-packages/assets/14913942/fde3ba37-2397-4f76-9ef1-36383d2acd62) 
Oct 19 13:55:44 centos7 opensearch-dashboards[4930]: {"type":"log","@timestamp":"2023-10-19T13:55:44Z","tags":["error","opensearch","data"],"pid":4930,"message":"[ResponseError]: Response Error"}
Oct 19 13:55:44 centos7 opensearch-dashboards[4930]: {"type":"log","@timestamp":"2023-10-19T13:55:44Z","tags":["error","savedobjects-service"],"pid":4930,"message":"Unable to retrieve version information from OpenSearch nodes."}
Oct 19 14:19:47 centos7 opensearch-dashboards[4930]: {"type":"log","@timestamp":"2023-10-19T14:19:47Z","tags":["warning","savedobjects-service"],"pid":4930,"message":"Unable to connect to OpenSearch. Error: Given the configuration, the ConnectionPool was not able to find a usable Connection for this request."}
[2023-10-19T14:21:59,791][WARN ][o.o.s.a.BackendRegistry  ] [node-1] No 'Authorization' header, send 401 and 'WWW-Authenticate Basic'

image

rauldpm commented 1 year ago

Update report

On hold due

rauldpm commented 1 year ago

Update report - Build RPM

image

https://github.com/wazuh/wazuh-dashboard-plugins/blob/d02feb433e0f4e0b20c74794bf836c0ebe29d07d/plugins/main/public/components/settings/miscellaneous/miscellaneous.tsx#L34

window.location.href = getHttp().basePath.prepend('/app/wazuh#/health-check?debug');
rauldpm commented 1 year ago

Update report - Build APP with latest changes

Analysis report - RPM

Detected changes

image

image

image

image

Logs - Fresh install (AIO 4.8.0)

Oct 24 16:57:17 centos7 opensearch-dashboards[6932]: {"type":"error","@timestamp":"2023-10-24T16:57:17Z","tags":["connection","client","error"],"pid":6932,"level":"error","error":{"message":"140658201536384:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1563:SSL alert number 46\n","name":"Error","stack":"Error: 140658201536384:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1563:SSL alert number 46\n","code":"ERR_SSL_SSLV3_ALERT_CERTIFICATE_UNKNOWN"},"message":"140658201536384:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1563:SSL alert number 46\n"}
Oct 24 16:57:07 centos7 opensearch-dashboards[6932]: {"type":"log","@timestamp":"2023-10-24T16:57:07Z","tags":["error","opensearch","data"],"pid":6932,"message":"[ResponseError]: Response Error"}
rauldpm commented 1 year ago

Update report

rauldpm commented 1 year ago

Analysis report - RPM DEB

Install 4.5.4 Stack ``` [root@centos7 vagrant]# curl -sO https://packages.wazuh.com/4.5/wazuh-install.sh && sudo bash ./wazuh-install.sh -a 26/10/2023 12:47:31 INFO: Starting Wazuh installation assistant. Wazuh version: 4.5.4 26/10/2023 12:47:31 INFO: Verbose logging redirected to /var/log/wazuh-install.log 26/10/2023 12:47:35 INFO: --- Dependencies --- 26/10/2023 12:47:35 INFO: Installing lsof. 26/10/2023 12:47:41 INFO: Wazuh web interface port will be 443. 26/10/2023 12:47:42 INFO: Wazuh repository added. 26/10/2023 12:47:42 INFO: --- Configuration files --- 26/10/2023 12:47:42 INFO: Generating configuration files. 26/10/2023 12:47:42 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation. 26/10/2023 12:47:42 INFO: --- Wazuh indexer --- 26/10/2023 12:47:42 INFO: Starting Wazuh indexer installation. 26/10/2023 12:48:26 INFO: Wazuh indexer installation finished. 26/10/2023 12:48:26 INFO: Wazuh indexer post-install configuration finished. 26/10/2023 12:48:26 INFO: Starting service wazuh-indexer. 26/10/2023 12:48:33 INFO: wazuh-indexer service started. 26/10/2023 12:48:33 INFO: Initializing Wazuh indexer cluster security settings. 26/10/2023 12:48:43 INFO: Wazuh indexer cluster initialized. 26/10/2023 12:48:43 INFO: --- Wazuh server --- 26/10/2023 12:48:43 INFO: Starting the Wazuh manager installation. 26/10/2023 12:49:05 INFO: Wazuh manager installation finished. 26/10/2023 12:49:05 INFO: Starting service wazuh-manager. 26/10/2023 12:49:19 INFO: wazuh-manager service started. 26/10/2023 12:49:19 INFO: Starting Filebeat installation. 26/10/2023 12:49:22 INFO: Filebeat installation finished. 26/10/2023 12:49:22 INFO: Filebeat post-install configuration finished. 26/10/2023 12:49:22 INFO: Starting service filebeat. 26/10/2023 12:49:22 INFO: filebeat service started. 26/10/2023 12:49:22 INFO: --- Wazuh dashboard --- 26/10/2023 12:49:22 INFO: Starting Wazuh dashboard installation. 26/10/2023 12:50:05 INFO: Wazuh dashboard installation finished. 26/10/2023 12:50:05 INFO: Wazuh dashboard post-install configuration finished. 26/10/2023 12:50:05 INFO: Starting service wazuh-dashboard. 26/10/2023 12:50:05 INFO: wazuh-dashboard service started. 26/10/2023 12:50:19 INFO: Initializing Wazuh dashboard web application. 26/10/2023 12:50:19 INFO: Wazuh dashboard web application initialized. 26/10/2023 12:50:19 INFO: --- Summary --- 26/10/2023 12:50:19 INFO: You can access the web interface https://:443 User: admin Password: KBwK9.Ten?MYHHGu8hs9VgTs*JNWZXSA 26/10/2023 12:50:19 INFO: Installation finished. ```
Check 4.5.4 Stack ``` [root@centos7 vagrant]# curl -k -u admin:KBwK9.Ten?MYHHGu8hs9VgTs*JNWZXSA https://localhost:9200/_cat/nodes?v ip heap.percent ram.percent cpu load_1m load_5m load_15m node.role node.roles cluster_manager name 127.0.0.1 16 95 0 0.04 0.24 0.15 dimr cluster_manager,data,ingest,remote_cluster_client * node-1 ``` ``` [root@centos7 vagrant]# curl -k -u admin:KBwK9.Ten?MYHHGu8hs9VgTs*JNWZXSA https://localhost:9200/_cluster/health?pretty { "cluster_name" : "wazuh-cluster", "status" : "green", "timed_out" : false, "number_of_nodes" : 1, "number_of_data_nodes" : 1, "discovered_master" : true, "discovered_cluster_manager" : true, "active_primary_shards" : 7, "active_shards" : 7, "relocating_shards" : 0, "initializing_shards" : 0, "unassigned_shards" : 0, "delayed_unassigned_shards" : 0, "number_of_pending_tasks" : 0, "number_of_in_flight_fetch" : 0, "task_max_waiting_in_queue_millis" : 0, "active_shards_percent_as_number" : 100.0 } ``` ``` [root@centos7 vagrant]# curl -k -u admin:KBwK9.Ten?MYHHGu8hs9VgTs*JNWZXSA https://localhost:9200/_cat/shards .opensearch-observability 0 p STARTED 0 208b 127.0.0.1 node-1 .opendistro_security 0 p STARTED 10 44kb 127.0.0.1 node-1 .kibana_1 0 p STARTED 4 60.7kb 127.0.0.1 node-1 wazuh-alerts-4.x-2023.10.26 2 p STARTED 71 187.2kb 127.0.0.1 node-1 wazuh-alerts-4.x-2023.10.26 1 p STARTED 68 187.6kb 127.0.0.1 node-1 wazuh-alerts-4.x-2023.10.26 0 p STARTED 71 198.9kb 127.0.0.1 node-1 wazuh-monitoring-2023.43w 0 p STARTED 0 208b 127.0.0.1 node-1 ```
Upgrade to 4.8.0 - Stop Filebeat and Wazuh dashboard services ``` [root@centos7 vagrant]# systemctl stop filebeat [root@centos7 vagrant]# systemctl stop wazuh-dashboard ``` - Stop shard allocation ``` [root@centos7 vagrant]# curl -X PUT "https://localhost:9200/_cluster/settings" -u admin:KBwK9.Ten?MYHHGu8hs9VgTs*JNWZXSA -k -H 'Content-Type: application/json' -d' > { > "persistent": { > "cluster.routing.allocation.enable": "primaries" > } > } > ' {"acknowledged":true,"persistent":{"cluster":{"routing":{"allocation":{"enable":"primaries"}}}},"transient":{}} ``` ``` [root@centos7 vagrant]# curl -X POST "https://localhost:9200/_flush/synced" -u admin:KBwK9.Ten?MYHHGu8hs9VgTs*JNWZXSA -k {"_shards":{"total":7,"successful":7,"failed":0}} ``` - Stop Wazuh indexer service and upgrade ``` [root@centos7 vagrant]# systemctl stop wazuh-indexer [root@centos7 vagrant]# yum install https://packages-dev.wazuh.com/warehouse/test/4.8/rpm/var/wazuh-indexer-4.8.0-wp2521.x86_64.rpm Loaded plugins: fastestmirror wazuh-indexer-4.8.0-wp2521.x86_64.rpm | 743 MB 00:00:32 Examining /var/tmp/yum-root-Dkr1w1/wazuh-indexer-4.8.0-wp2521.x86_64.rpm: wazuh-indexer-4.8.0-wp2520.x86_64 Marking /var/tmp/yum-root-Dkr1w1/wazuh-indexer-4.8.0-wp2521.x86_64.rpm as an update to wazuh-indexer-4.5.4-1.x86_64 Resolving Dependencies --> Running transaction check ---> Package wazuh-indexer.x86_64 0:4.5.4-1 will be updated ---> Package wazuh-indexer.x86_64 0:4.8.0-wp2520 will be an update --> Finished Dependency Resolution Dependencies Resolved ============================================================================================================================================================================================================================================================================================================================= Package Arch Version Repository Size ============================================================================================================================================================================================================================================================================================================================= Updating: wazuh-indexer x86_64 4.8.0-wp2520 /wazuh-indexer-4.8.0-wp2521.x86_64 1.0 G Transaction Summary ============================================================================================================================================================================================================================================================================================================================= Upgrade 1 Package Total size: 1.0 G Is this ok [y/d/N]: y Downloading packages: Running transaction check Running transaction test Transaction test succeeded Running transaction Updating : wazuh-indexer-4.8.0-wp2520.x86_64 1/2 Cleanup : wazuh-indexer-4.5.4-1.x86_64 2/2 Verifying : wazuh-indexer-4.8.0-wp2520.x86_64 1/2 Verifying : wazuh-indexer-4.5.4-1.x86_64 2/2 Updated: wazuh-indexer.x86_64 0:4.8.0-wp2520 Complete! ``` - Check Wazuh indexer service and cluster status ``` [root@centos7 vagrant]# systemctl status wazuh-indexer ● wazuh-indexer.service - Wazuh-indexer Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: disabled) Active: active (running) since Thu 2023-10-26 12:59:05 UTC; 4s ago Docs: https://documentation.wazuh.com Main PID: 8326 (java) CGroup: /system.slice/wazuh-indexer.service └─8326 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djna.nosys=true -XX:-OmitStackTraceInFastThrow -XX:+ShowCodeDetailsInExceptionM... Oct 26 12:58:58 centos7 systemd[1]: Starting Wazuh-indexer... Oct 26 12:58:59 centos7 systemd-entrypoint[8326]: WARNING: A terminally deprecated method in java.lang.System has been called Oct 26 12:58:59 centos7 systemd-entrypoint[8326]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar) Oct 26 12:58:59 centos7 systemd-entrypoint[8326]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch Oct 26 12:58:59 centos7 systemd-entrypoint[8326]: WARNING: System::setSecurityManager will be removed in a future release Oct 26 12:59:00 centos7 systemd-entrypoint[8326]: WARNING: A terminally deprecated method in java.lang.System has been called Oct 26 12:59:00 centos7 systemd-entrypoint[8326]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar) Oct 26 12:59:00 centos7 systemd-entrypoint[8326]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security Oct 26 12:59:00 centos7 systemd-entrypoint[8326]: WARNING: System::setSecurityManager will be removed in a future release Oct 26 12:59:05 centos7 systemd[1]: Started Wazuh-indexer. ``` ``` [root@centos7 vagrant]# curl -k -u admin:KBwK9.Ten?MYHHGu8hs9VgTs*JNWZXSA https://localhost:9200/_cat/nodes?v ip heap.percent ram.percent cpu load_1m load_5m load_15m node.role node.roles cluster_manager name 127.0.0.1 22 96 3 0.44 0.27 0.18 dimr cluster_manager,data,ingest,remote_cluster_client * node-1 ``` ``` [root@centos7 vagrant]# curl -X PUT "https://localhost:9200/_cluster/settings" -u admin:KBwK9.Ten?MYHHGu8hs9VgTs*JNWZXSA -k -H 'Content-Type: application/json' -d' > { > "persistent": { > "cluster.routing.allocation.enable": "all" > } > } > ' {"acknowledged":true,"persistent":{"cluster":{"routing":{"allocation":{"enable":"all"}}}},"transient":{}} ``` ``` [root@centos7 vagrant]# curl -k -u admin:KBwK9.Ten?MYHHGu8hs9VgTs*JNWZXSA https://localhost:9200/_cat/nodes?v ip heap.percent ram.percent cpu load_1m load_5m load_15m node.role node.roles cluster_manager name 127.0.0.1 22 96 1 0.37 0.26 0.17 dimr cluster_manager,data,ingest,remote_cluster_client * node-1 ``` ``` [root@centos7 vagrant]# curl -k -u admin:KBwK9.Ten?MYHHGu8hs9VgTs*JNWZXSA https://localhost:9200/_cluster/health?pretty { "cluster_name" : "wazuh-cluster", "status" : "green", "timed_out" : false, "number_of_nodes" : 1, "number_of_data_nodes" : 1, "discovered_master" : true, "discovered_cluster_manager" : true, "active_primary_shards" : 9, "active_shards" : 9, "relocating_shards" : 0, "initializing_shards" : 0, "unassigned_shards" : 0, "delayed_unassigned_shards" : 0, "number_of_pending_tasks" : 0, "number_of_in_flight_fetch" : 0, "task_max_waiting_in_queue_millis" : 0, "active_shards_percent_as_number" : 100.0 } ``` ``` [root@centos7 vagrant]# curl -k -u admin:KBwK9.Ten?MYHHGu8hs9VgTs*JNWZXSA https://localhost:9200/_cat/shards .opensearch-observability 0 p STARTED 0 208b 127.0.0.1 node-1 .plugins-ml-config 0 p STARTED 1 3.8kb 127.0.0.1 node-1 .opensearch-sap-log-types-config 0 p STARTED 127.0.0.1 node-1 wazuh-monitoring-2023.43w 0 p STARTED 0 208b 127.0.0.1 node-1 wazuh-alerts-4.x-2023.10.26 0 p STARTED 71 198.9kb 127.0.0.1 node-1 wazuh-alerts-4.x-2023.10.26 1 p STARTED 68 187.6kb 127.0.0.1 node-1 wazuh-alerts-4.x-2023.10.26 2 p STARTED 71 187.2kb 127.0.0.1 node-1 .opendistro_security 0 p STARTED 10 44kb 127.0.0.1 node-1 .kibana_1 0 p STARTED 4 32.3kb 127.0.0.1 node-1 ``` - Upgrade Wazuh manager ``` [root@centos7 vagrant]# yum install https://packages-dev.wazuh.com/warehouse/test/4.8/rpm/var/wazuh-manager-4.8.0-wp2521.x86_64.rpm -y Loaded plugins: fastestmirror wazuh-manager-4.8.0-wp2521.x86_64.rpm | 165 MB 00:00:07 Examining /var/tmp/yum-root-Dkr1w1/wazuh-manager-4.8.0-wp2521.x86_64.rpm: wazuh-manager-4.8.0-wp2521.x86_64 Marking /var/tmp/yum-root-Dkr1w1/wazuh-manager-4.8.0-wp2521.x86_64.rpm as an update to wazuh-manager-4.5.4-1.x86_64 Resolving Dependencies --> Running transaction check ---> Package wazuh-manager.x86_64 0:4.5.4-1 will be updated ---> Package wazuh-manager.x86_64 0:4.8.0-wp2521 will be an update --> Finished Dependency Resolution Dependencies Resolved ============================================================================================================================================================================================================================================================================================================================= Package Arch Version Repository Size ============================================================================================================================================================================================================================================================================================================================= Updating: wazuh-manager x86_64 4.8.0-wp2521 /wazuh-manager-4.8.0-wp2521.x86_64 602 M Transaction Summary ============================================================================================================================================================================================================================================================================================================================= Upgrade 1 Package Total size: 602 M Downloading packages: Running transaction check Running transaction test Transaction test succeeded Running transaction Updating : wazuh-manager-4.8.0-wp2521.x86_64 1/2 warning: /var/ossec/etc/ossec.conf created as /var/ossec/etc/ossec.conf.rpmnew Cleanup : wazuh-manager-4.5.4-1.x86_64 2/2 Verifying : wazuh-manager-4.8.0-wp2521.x86_64 1/2 Verifying : wazuh-manager-4.5.4-1.x86_64 2/2 Updated: wazuh-manager.x86_64 0:4.8.0-wp2521 Complete! ``` - Check Wazuh manager status ``` [root@centos7 vagrant]# systemctl status wazuh-manager.service ● wazuh-manager.service - Wazuh manager Loaded: loaded (/usr/lib/systemd/system/wazuh-manager.service; enabled; vendor preset: disabled) Active: active (running) since Thu 2023-10-26 13:02:07 UTC; 3min 17s ago CGroup: /system.slice/wazuh-manager.service ├─9120 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py ├─9160 /var/ossec/bin/wazuh-authd ├─9175 /var/ossec/bin/wazuh-db ├─9189 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py ├─9192 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py ├─9195 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py ├─9208 /var/ossec/bin/wazuh-execd ├─9223 /var/ossec/bin/wazuh-analysisd ├─9289 /var/ossec/bin/wazuh-syscheckd ├─9305 /var/ossec/bin/wazuh-remoted ├─9337 /var/ossec/bin/wazuh-logcollector ├─9388 /var/ossec/bin/wazuh-monitord └─9437 /var/ossec/bin/wazuh-modulesd Oct 26 13:01:59 centos7 env[9061]: Started wazuh-db... Oct 26 13:02:00 centos7 env[9061]: Started wazuh-execd... Oct 26 13:02:01 centos7 env[9061]: Started wazuh-analysisd... Oct 26 13:02:01 centos7 env[9061]: Started wazuh-syscheckd... Oct 26 13:02:02 centos7 env[9061]: Started wazuh-remoted... Oct 26 13:02:03 centos7 env[9061]: Started wazuh-logcollector... Oct 26 13:02:04 centos7 env[9061]: Started wazuh-monitord... Oct 26 13:02:05 centos7 env[9061]: Started wazuh-modulesd... Oct 26 13:02:07 centos7 env[9061]: Completed. Oct 26 13:02:07 centos7 systemd[1]: Started Wazuh manager. ``` - Upgrade Filebeat ``` [root@centos7 vagrant]# curl -s https://packages.wazuh.com/4.x/filebeat/wazuh-filebeat-0.2.tar.gz | sudo tar -xvz -C /usr/share/filebeat/module wazuh/alerts/ wazuh/alerts/config/ wazuh/alerts/config/alerts.yml wazuh/alerts/manifest.yml wazuh/alerts/ingest/ wazuh/alerts/ingest/pipeline.json wazuh/archives/ wazuh/archives/config/ wazuh/archives/config/archives.yml wazuh/archives/manifest.yml wazuh/archives/ingest/ wazuh/archives/ingest/pipeline.json wazuh/module.yml ``` ``` [root@centos7 vagrant]# curl -so /etc/filebeat/wazuh-template.json https://raw.githubusercontent.com/wazuh/wazuh/4.8.0/extensions/elasticsearch/7.x/wazuh-template.json [root@centos7 vagrant]# chmod go+r /etc/filebeat/wazuh-template.json ``` - Check Filebeat status ``` [root@centos7 vagrant]# systemctl daemon-reload [root@centos7 vagrant]# systemctl enable filebeat [root@centos7 vagrant]# systemctl start filebeat [root@centos7 vagrant]# filebeat test output elasticsearch: https://127.0.0.1:9200... parse url... OK connection... parse host... OK dns lookup... OK addresses: 127.0.0.1 dial up... OK TLS... security: server's certificate chain verification is enabled handshake... OK TLS version: TLSv1.2 dial up... OK talk to server... OK version: 7.10.2 ``` - Upgrade Wazuh dashboard ``` [root@centos7 vagrant]# yum install https://packages-dev.wazuh.com/warehouse/test/4.8/rpm/var/wazuh-dashboard-4.8.0-wp2521.x86_64.rpm -y Loaded plugins: fastestmirror wazuh-dashboard-4.8.0-wp2521.x86_64.rpm | 268 MB 00:00:12 Examining /var/tmp/yum-root-Dkr1w1/wazuh-dashboard-4.8.0-wp2521.x86_64.rpm: wazuh-dashboard-4.8.0-wp2521.x86_64 Marking /var/tmp/yum-root-Dkr1w1/wazuh-dashboard-4.8.0-wp2521.x86_64.rpm as an update to wazuh-dashboard-4.5.4-1.x86_64 Resolving Dependencies --> Running transaction check ---> Package wazuh-dashboard.x86_64 0:4.5.4-1 will be updated ---> Package wazuh-dashboard.x86_64 0:4.8.0-wp2521 will be an update --> Finished Dependency Resolution Dependencies Resolved ============================================================================================================================================================================================================================================================================================================================= Package Arch Version Repository Size ============================================================================================================================================================================================================================================================================================================================= Updating: wazuh-dashboard x86_64 4.8.0-wp2521 /wazuh-dashboard-4.8.0-wp2521.x86_64 889 M Transaction Summary ============================================================================================================================================================================================================================================================================================================================= Upgrade 1 Package Total size: 889 M Downloading packages: Running transaction check Running transaction test Transaction test succeeded Running transaction Updating : wazuh-dashboard-4.8.0-wp2521.x86_64 1/2 warning: /etc/wazuh-dashboard/opensearch_dashboards.yml created as /etc/wazuh-dashboard/opensearch_dashboards.yml.rpmnew Cleanup : wazuh-dashboard-4.5.4-1.x86_64 2/2 Verifying : wazuh-dashboard-4.8.0-wp2521.x86_64 1/2 Verifying : wazuh-dashboard-4.5.4-1.x86_64 2/2 Updated: wazuh-dashboard.x86_64 0:4.8.0-wp2521 Complete! ``` - Check Wazuh dashboard status ``` [root@centos7 vagrant]# systemctl daemon-reload [root@centos7 vagrant]# systemctl enable wazuh-dashboard [root@centos7 vagrant]# systemctl start wazuh-dashboard [root@centos7 vagrant]# systemctl status wazuh-dashboard.service ● wazuh-dashboard.service - wazuh-dashboard Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; enabled; vendor preset: disabled) Active: active (running) since Thu 2023-10-26 13:05:16 UTC; 14s ago Main PID: 10751 (node) CGroup: /system.slice/wazuh-dashboard.service └─10751 /usr/share/wazuh-dashboard/node/fallback/bin/node --no-warnings --max-http-header-size=65536 --unhandled-rejections=warn /usr/share/wazuh-dashboard/src/cli/dist Oct 26 13:05:19 centos7 opensearch-dashboards[10751]: {"type":"log","@timestamp":"2023-10-26T13:05:19Z","tags":["info","savedobjects-service"],"pid":10751,"message":"Waiting until all OpenSearch nodes are compatible with OpenSearch Dashboards before starting saved objects migrations..."} Oct 26 13:05:19 centos7 opensearch-dashboards[10751]: {"type":"log","@timestamp":"2023-10-26T13:05:19Z","tags":["info","savedobjects-service"],"pid":10751,"message":"Starting saved objects migrations"} Oct 26 13:05:19 centos7 opensearch-dashboards[10751]: {"type":"log","@timestamp":"2023-10-26T13:05:19Z","tags":["info","savedobjects-service"],"pid":10751,"message":"Detected mapping change in \"properties.visualization-visbuilder\""} Oct 26 13:05:19 centos7 opensearch-dashboards[10751]: {"type":"log","@timestamp":"2023-10-26T13:05:19Z","tags":["info","savedobjects-service"],"pid":10751,"message":"Creating index .kibana_2."} Oct 26 13:05:19 centos7 opensearch-dashboards[10751]: {"type":"log","@timestamp":"2023-10-26T13:05:19Z","tags":["info","savedobjects-service"],"pid":10751,"message":"Migrating .kibana_1 saved objects to .kibana_2"} Oct 26 13:05:19 centos7 opensearch-dashboards[10751]: {"type":"log","@timestamp":"2023-10-26T13:05:19Z","tags":["info","savedobjects-service"],"pid":10751,"message":"Pointing alias .kibana to .kibana_2."} Oct 26 13:05:19 centos7 opensearch-dashboards[10751]: {"type":"log","@timestamp":"2023-10-26T13:05:19Z","tags":["info","savedobjects-service"],"pid":10751,"message":"Finished in 165ms."} Oct 26 13:05:19 centos7 opensearch-dashboards[10751]: {"type":"log","@timestamp":"2023-10-26T13:05:19Z","tags":["info","plugins-system"],"pid":10751,"message":"Starting [46] plugins: [usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,share,opensearch...expressions,data,home,ap Oct 26 13:05:19 centos7 opensearch-dashboards[10751]: {"type":"log","@timestamp":"2023-10-26T13:05:19Z","tags":["listening","info"],"pid":10751,"message":"Server running at https://0.0.0.0:443"} Oct 26 13:05:19 centos7 opensearch-dashboards[10751]: {"type":"log","@timestamp":"2023-10-26T13:05:19Z","tags":["info","http","server","OpenSearchDashboards"],"pid":10751,"message":"http server running at https://0.0.0.0:443"} Hint: Some lines were ellipsized, use -l to show in full. ```

Notes

RPM WIA ``` [root@centos7 unattended_installer]# bash wazuh-install.sh -a 26/10/2023 17:52:24 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0 26/10/2023 17:52:24 INFO: Verbose logging redirected to /var/log/wazuh-install.log 26/10/2023 17:52:26 INFO: --- Dependencies --- 26/10/2023 17:52:26 INFO: Installing lsof. 26/10/2023 17:52:30 INFO: Verifying that your system meets the recommended minimum hardware requirements. 26/10/2023 17:52:30 INFO: Wazuh web interface port will be 443. 26/10/2023 17:52:31 INFO: Wazuh development repository added. 26/10/2023 17:52:31 INFO: --- Configuration files --- 26/10/2023 17:52:31 INFO: Generating configuration files. 26/10/2023 17:52:32 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation. 26/10/2023 17:52:32 INFO: --- Wazuh indexer --- 26/10/2023 17:52:32 INFO: Starting Wazuh indexer installation. 26/10/2023 17:53:42 INFO: Wazuh indexer installation finished. 26/10/2023 17:53:42 INFO: Wazuh indexer post-install configuration finished. 26/10/2023 17:53:42 INFO: Starting service wazuh-indexer. 26/10/2023 17:53:49 INFO: wazuh-indexer service started. 26/10/2023 17:53:49 INFO: Initializing Wazuh indexer cluster security settings. 26/10/2023 17:53:59 INFO: Wazuh indexer cluster initialized. 26/10/2023 17:53:59 INFO: --- Wazuh server --- 26/10/2023 17:53:59 INFO: Starting the Wazuh manager installation. 26/10/2023 17:54:28 INFO: Wazuh manager installation finished. 26/10/2023 17:54:28 INFO: Starting service wazuh-manager. 26/10/2023 17:54:40 INFO: wazuh-manager service started. 26/10/2023 17:54:40 INFO: Starting Filebeat installation. 26/10/2023 17:54:47 INFO: Filebeat installation finished. 26/10/2023 17:54:48 INFO: Filebeat post-install configuration finished. 26/10/2023 17:54:48 INFO: Starting service filebeat. 26/10/2023 17:54:48 INFO: filebeat service started. 26/10/2023 17:54:48 INFO: --- Wazuh dashboard --- 26/10/2023 17:54:49 INFO: Installing chrome. 26/10/2023 17:55:09 INFO: --- Dependencies --- 26/10/2023 17:55:09 INFO: Installing xorg-x11-fonts-100dpi. 26/10/2023 17:55:11 INFO: Installing xorg-x11-fonts-75dpi. 26/10/2023 17:55:12 INFO: Installing xorg-x11-utils. 26/10/2023 17:55:13 INFO: Installing xorg-x11-fonts-cyrillic. 26/10/2023 17:55:14 INFO: Installing xorg-x11-fonts-Type1. 26/10/2023 17:55:15 INFO: Installing xorg-x11-fonts-misc. 26/10/2023 17:55:18 INFO: Starting Wazuh dashboard installation. 26/10/2023 17:56:04 INFO: Wazuh dashboard installation finished. 26/10/2023 17:56:04 INFO: Wazuh dashboard post-install configuration finished. 26/10/2023 17:56:04 INFO: Starting service wazuh-dashboard. 26/10/2023 17:56:04 INFO: wazuh-dashboard service started. 26/10/2023 17:56:06 INFO: Updating the internal users. 26/10/2023 17:56:07 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder. 26/10/2023 17:56:20 INFO: Initializing Wazuh dashboard web application. 26/10/2023 17:56:21 INFO: Wazuh dashboard web application initialized. 26/10/2023 17:56:21 INFO: --- Summary --- 26/10/2023 17:56:21 INFO: You can access the web interface https://:443 User: admin Password: Q0ehfBMTM0CYZ.*f6xHqAiIDC0kENxnv 26/10/2023 17:56:21 INFO: Installation finished. ``` ``` [root@centos7 unattended_installer]# hostname -I 10.0.2.15 192.168.56.4 ``` ``` [root@centos7 unattended_installer]# curl -k -u admin:Q0ehfBMTM0CYZ.*f6xHqAiIDC0kENxnv https://localhost:9200/_cluster/health?pretty { "cluster_name" : "wazuh-cluster", "status" : "green", "timed_out" : false, "number_of_nodes" : 1, "number_of_data_nodes" : 1, "discovered_master" : true, "discovered_cluster_manager" : true, "active_primary_shards" : 10, "active_shards" : 10, "relocating_shards" : 0, "initializing_shards" : 0, "unassigned_shards" : 0, "delayed_unassigned_shards" : 0, "number_of_pending_tasks" : 0, "number_of_in_flight_fetch" : 0, "task_max_waiting_in_queue_millis" : 0, "active_shards_percent_as_number" : 100.0 } ``` ![1](https://github.com/wazuh/wazuh-packages/assets/14913942/04625f27-0d25-46e5-b451-717d7d096f44) ![2](https://github.com/wazuh/wazuh-packages/assets/14913942/b1b39a85-520f-4776-9144-477b6a9d06bf)
DEB WIA ``` root@debian11:/home/vagrant/wazuh-packages/unattended_installer# bash wazuh-install.sh -a -i 26/10/2023 19:40:31 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0 26/10/2023 19:40:31 INFO: Verbose logging redirected to /var/log/wazuh-install.log 26/10/2023 19:40:35 WARNING: Hardware and system checks ignored. 26/10/2023 19:40:35 INFO: Wazuh web interface port will be 443. 26/10/2023 19:40:40 INFO: Wazuh development repository added. 26/10/2023 19:40:40 INFO: --- Configuration files --- 26/10/2023 19:40:40 INFO: Generating configuration files. 26/10/2023 19:40:40 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation. 26/10/2023 19:40:40 INFO: --- Wazuh indexer --- 26/10/2023 19:40:40 INFO: Starting Wazuh indexer installation. 26/10/2023 19:41:18 INFO: Wazuh indexer installation finished. 26/10/2023 19:41:18 INFO: Wazuh indexer post-install configuration finished. 26/10/2023 19:41:18 INFO: Starting service wazuh-indexer. 26/10/2023 19:41:33 INFO: wazuh-indexer service started. 26/10/2023 19:41:33 INFO: Initializing Wazuh indexer cluster security settings. 26/10/2023 19:41:44 INFO: Wazuh indexer cluster initialized. 26/10/2023 19:41:44 INFO: --- Wazuh server --- 26/10/2023 19:41:44 INFO: Starting the Wazuh manager installation. 26/10/2023 19:42:11 INFO: Wazuh manager installation finished. 26/10/2023 19:42:11 INFO: Starting service wazuh-manager. 26/10/2023 19:42:25 INFO: wazuh-manager service started. 26/10/2023 19:42:25 INFO: Starting Filebeat installation. 26/10/2023 19:42:27 INFO: Filebeat installation finished. 26/10/2023 19:42:29 INFO: Filebeat post-install configuration finished. 26/10/2023 19:42:29 INFO: Starting service filebeat. 26/10/2023 19:42:29 INFO: filebeat service started. 26/10/2023 19:42:29 INFO: --- Wazuh dashboard --- 26/10/2023 19:42:30 INFO: --- Dependencies ---- 26/10/2023 19:42:30 INFO: Installing chromium-browser. 26/10/2023 19:42:30 WARNING: Cannot install optional dependency: chromium-browser. 26/10/2023 19:42:30 INFO: Installing libnss3-dev. 26/10/2023 19:42:30 WARNING: Cannot install optional dependency: libnss3-dev. 26/10/2023 19:42:30 INFO: Installing fonts-liberation. 26/10/2023 19:42:30 WARNING: Cannot install optional dependency: fonts-liberation. 26/10/2023 19:42:30 WARNING: Wazuh dashboard dependencies skipped. PDF report generation may not work. 26/10/2023 19:42:30 INFO: Starting Wazuh dashboard installation. 26/10/2023 19:43:12 INFO: Wazuh dashboard installation finished. 26/10/2023 19:43:12 INFO: Wazuh dashboard post-install configuration finished. 26/10/2023 19:43:12 INFO: Starting service wazuh-dashboard. 26/10/2023 19:43:12 INFO: wazuh-dashboard service started. 26/10/2023 19:43:13 INFO: Updating the internal users. 26/10/2023 19:43:17 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder. 26/10/2023 19:43:45 INFO: Initializing Wazuh dashboard web application. 26/10/2023 19:43:48 INFO: Wazuh dashboard web application initialized. 26/10/2023 19:43:48 INFO: --- Summary --- 26/10/2023 19:43:48 INFO: You can access the web interface https://:443 User: admin Password: +C.i63rfi1DRpCH2eXULiC5HNVpvwUqt 26/10/2023 19:43:48 INFO: Installation finished. ``` ``` root@debian11:/home/vagrant/wazuh-packages/unattended_installer# hostname -I 10.0.2.15 192.168.56.44 ``` ``` root@debian11:/home/vagrant/wazuh-packages/unattended_installer# curl -k -u admin:+C.i63rfi1DRpCH2eXULiC5HNVpvwUqt https://localhost:9200/_cluster/health?pretty { "cluster_name" : "wazuh-cluster", "status" : "green", "timed_out" : false, "number_of_nodes" : 1, "number_of_data_nodes" : 1, "discovered_master" : true, "discovered_cluster_manager" : true, "active_primary_shards" : 9, "active_shards" : 9, "relocating_shards" : 0, "initializing_shards" : 0, "unassigned_shards" : 0, "delayed_unassigned_shards" : 0, "number_of_pending_tasks" : 0, "number_of_in_flight_fetch" : 0, "task_max_waiting_in_queue_millis" : 0, "active_shards_percent_as_number" : 100.0 } ``` ![3](https://github.com/wazuh/wazuh-packages/assets/14913942/e9defd1e-f3d1-4d18-8b9d-4028428ff23c) ![4](https://github.com/wazuh/wazuh-packages/assets/14913942/c220441a-4ada-436b-a784-f3a728338596)
davidjiglesias commented 1 year ago

LGTM!