Closed s-ocando closed 11 months ago
Reviewing the code I was able to identify that the -i
option does not prevent port validation, port validation is performed whenever the offline option is not chosen.
The debate remains open to define whether it is necessary to open the OS and hardware skip in 2 options, although the message is clear, by choosing the -i
option the user is agreeing to install on a system that is not recommended or with incomplete hardware requirements.
The problem occurs because the port validation we perform is about whether the port is not in use, at the moment we do not validate port blocking by firewalld or any other option external to the host.
I'm going to check if we can add some type of post-installation validation to check that the port is listening correctly.
The option that occurs to me in the firewalld situation is to validate the existence of the service installed and turned on, and inform the user about this, if they want us to add the necessary rules and restart the service, they must re-execute the script with some additional option from the type -f | --firewalld
[root@rocky8 unattended_installer]# bash wazuh-install.sh -a -i
20/10/2023 19:34:18 INFO: Starting Wazuh installation assistant. Wazuh version: 4.7.0
20/10/2023 19:34:18 INFO: Verbose logging redirected to /var/log/wazuh-install.log
20/10/2023 19:34:27 WARNING: Hardware and system checks ignored.
20/10/2023 19:34:27 INFO: Wazuh web interface port will be 443.
20/10/2023 19:34:28 ERROR: The system has a firewalld installed. Use the -f | -firewalld option to add the necessary rules to allow traffic.
Validations and messages are added depending on the type of installation
Installation fails because there is no Wazuh package for version 4.9.0
I used the installation assistant to perform a distributed deployment of Wazuh. I had to use the
ignore
option to install it on Rocky Linux 8. However, this caused the installation assistant not to check the ports, and deployments that seem to be working fine, such as the server, was failing as Filebeat was unable to communicate with the Indexer.Shall the server installation include testing the Filebeat output and warning the user if it fails?
Shall we have different
ignore
options? For instance,ignore-os
, which would enable installations on non-recommended operating systems while still verifying the ports and hardware requirements.We need to inform the user about the need to open the necessary ports on each component so the deployment can work as expected regardless if the
ignore
option is used.Steps to reproduce
Vagrant box:
generic/rocky8
Vagranfile
``` server_ip = "192.168.56.2" indexer_ip = "192.168.56.3" dashboard_ip = "192.168.56.4" agent_ip = "192.168.56.5" Vagrant.configure("2") do |config| config.vm.define "server" do |server| server.vm.box = "generic/rocky8" server.vm.network :private_network, ip: "#{server_ip}" server.vm.provider "virtualbox" do |pmv| pmv.memory = 1024 pmv.cpus = 1 pmv.linked_clone=true end server.vm.hostname = "server" end config.vm.define "indexer" do |indexer| indexer.vm.box = "generic/rocky8" indexer.vm.network :private_network, ip: "#{indexer_ip}" indexer.vm.provider "virtualbox" do |pmv| pmv.memory = 4096 pmv.cpus = 2 pmv.linked_clone=true end indexer.vm.hostname = "indexer" end config.vm.define "dashboard" do |dashboard| dashboard.vm.box = "generic/rocky8" dashboard.vm.network :private_network, ip: "#{dashboard_ip}" dashboard.vm.provider "virtualbox" do |pmv| pmv.memory = 4096 pmv.cpus = 2 pmv.linked_clone=true end dashboard.vm.hostname = "dashboard" end config.vm.define "agent" do |agent| agent.vm.box = "generic/rocky8" agent.vm.network :private_network, ip: "#{agent_ip}" agent.vm.provider "virtualbox" do |pmv| pmv.memory = 1024 pmv.cpus = 1 pmv.linked_clone=true end agent.vm.hostname = "agent" end end ```Download the installation assistant on each node:
Edit the configuration file and create the installation files.
Configuration file (config.yml)
```yml nodes: # Wazuh indexer nodes indexer: - name: node-1 ip: "192.168.56.3" #- name: node-2 # ip: "Copy
wazuh-install-files.tar
on each node.Install the Wazuh indexer on its corresponding node and initialize the cluster:
9200
on the Wazuh indexer node:Note that in addition to opening ports
9200
and9300
for the Wazuh indexer, it might be necessary to open port443
for the Wazuh dashboard and ports55000
,1514
,1515
and1516
for the Wazuh server. Not knowing which ports to open could lead to issues that the user may struggle to resolve.