This PR fixes the wazuh-indexer ism plugin log location from tmp to /var/log.
Tests
Build package and install package
chmod 644 debian/wazuh-indexer/DEBIAN/md5sums
chown 0:0 debian/wazuh-indexer/DEBIAN/md5sums
dh_builddeb
dpkg-deb --build debian/wazuh-indexer ..
dpkg-deb: building package `wazuh-indexer' in `../wazuh-indexer_4.8.1-1_amd64.deb'.
dpkg-genchanges -b >../wazuh-indexer_4.8.1-1_amd64.changes
dpkg-genchanges: binary-only upload (no source code included)
dpkg-source --after-build wazuh-indexer-4.8.1
dpkg-buildpackage: binary-only upload (no source included)
WARNING generated by debuild:
Making debian/rules executable!
Package wazuh-indexer_4.8.1-1_amd64.deb.sha512 added to /home/vagrant/wazuh-packages-enhancement-2657-fix-indexder-ism-log-path/stack/indexer/deb/output.
apt-get install debconf adduser procps
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
debconf is already the newest version (1.5.77).
procps is already the newest version (2:3.3.17-5).
The following packages will be upgraded:
adduser
1 upgraded, 0 newly installed, 0 to remove and 60 not upgraded.
Need to get 241 kB of archives.
After this operation, 0 B of additional disk space will be used.
Do you want to continue? [Y/n] y
Get:1 http://deb.debian.org/debian bullseye/main amd64 adduser all 3.118+deb11u1 [241 kB]
Fetched 241 kB in 0s (906 kB/s)
Reading changelogs... Done
Preconfiguring packages ...
(Reading database ... 69367 files and directories currently installed.)
Preparing to unpack .../adduser_3.118+deb11u1_all.deb ...
Unpacking adduser (3.118+deb11u1) over (3.118) ...
Setting up adduser (3.118+deb11u1) ...
Processing triggers for man-db (2.9.4-2) ...
root@debian11:/home/vagrant/wazuh-packages-enhancement-2657-fix-indexder-ism-log-path/stack/indexer/deb# apt-get install gnupg apt-transport-https
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
gnupg is already the newest version (2.2.27-2+deb11u2).
The following NEW packages will be installed:
apt-transport-https
0 upgraded, 1 newly installed, 0 to remove and 60 not upgraded.
Need to get 160 kB of archives.
After this operation, 166 kB of additional disk space will be used.
Do you want to continue? [Y/n] y
Get:1 http://deb.debian.org/debian bullseye/main amd64 apt-transport-https all 2.2.4 [160 kB]
Fetched 160 kB in 0s (614 kB/s)
Selecting previously unselected package apt-transport-https.
(Reading database ... 69367 files and directories currently installed.)
Preparing to unpack .../apt-transport-https_2.2.4_all.deb ...
Unpacking apt-transport-https (2.2.4) ...
Setting up apt-transport-https (2.2.4) ...
dpkg -i output/wazuh-indexer_4.8.1-1_amd64.deb
Selecting previously unselected package wazuh-indexer.
(Reading database ... 69371 files and directories currently installed.)
Preparing to unpack .../wazuh-indexer_4.8.1-1_amd64.deb ...
Creating wazuh-indexer group... OK
Creating wazuh-indexer user... OK
Unpacking wazuh-indexer (4.8.1-1) ...
Setting up wazuh-indexer (4.8.1-1) ...
Created opensearch keystore in /etc/wazuh-indexer/opensearch.keystore
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.10.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index does not exists, attempt to create it ... done (0-all replicas)
Populate config from /etc/wazuh-indexer/opensearch-security/
Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml
SUCC: Configuration for 'config' created or updated
Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml
SUCC: Configuration for 'roles' created or updated
Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml
SUCC: Configuration for 'rolesmapping' created or updated
Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml
SUCC: Configuration for 'internalusers' created or updated
Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml
SUCC: Configuration for 'actiongroups' created or updated
Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml
SUCC: Configuration for 'tenants' created or updated
Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml
SUCC: Configuration for 'nodesdn' created or updated
Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml
SUCC: Configuration for 'whitelist' created or updated
Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml
SUCC: Configuration for 'audit' created or updated
Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml
SUCC: Configuration for 'allowlist' created or updated
SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null
Done with success
Jan 03 10:46:06 debian11.localdomain systemd[1]: Starting Wazuh-indexer...
Jan 03 10:46:08 debian11.localdomain systemd-entrypoint[34506]: WARNING: A terminally deprecated method in java.lang.System has been called
Jan 03 10:46:08 debian11.localdomain systemd-entrypoint[34506]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
Jan 03 10:46:08 debian11.localdomain systemd-entrypoint[34506]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch
Jan 03 10:46:08 debian11.localdomain systemd-entrypoint[34506]: WARNING: System::setSecurityManager will be removed in a future release
Jan 03 10:46:10 debian11.localdomain systemd-entrypoint[34506]: WARNING: A terminally deprecated method in java.lang.System has been called
Jan 03 10:46:10 debian11.localdomain systemd-entrypoint[34506]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
Jan 03 10:46:10 debian11.localdomain systemd-entrypoint[34506]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
Jan 03 10:46:10 debian11.localdomain systemd-entrypoint[34506]: WARNING: System::setSecurityManager will be removed in a future release
Jan 03 10:46:25 debian11.localdomain systemd[1]: Started Wazuh-indexer.
Will create 'wazuh' index template
ERROR: /etc/wazuh-indexer/wazuh-template.json not found
Will create index templates to configure the alias
SUCC: 'wazuh-alerts' template created or updated
SUCC: 'wazuh-archives' template created or updated
Will create the 'rollover_policy' policy
SUCC: 'rollover_policy' policy created
Will create initial indices for the aliases
SUCC: 'wazuh-alerts' write index created
SUCC: 'wazuh-archives' write index created
SUCC: Indexer ISM initialization finished successfully.
cat /tmp/wazuh-indexer/ism-init.log
cat: /tmp/wazuh-indexer/ism-init.log: No such file or directory
<!-- Minimum checks required -->
- Build the package in any supported platform
- [x] Linux
- [x] Package installation
- [x] Check log is created in correct location
Description
This PR fixes the
wazuh-indexer
ism plugin log location fromtmp
to/var/log.
Tests
WARNING generated by debuild: Making debian/rules executable!
Package wazuh-indexer_4.8.1-1_amd64.deb.sha512 added to /home/vagrant/wazuh-packages-enhancement-2657-fix-indexder-ism-log-path/stack/indexer/deb/output.
apt-get install debconf adduser procps
Reading package lists... Done Building dependency tree... Done Reading state information... Done debconf is already the newest version (1.5.77). procps is already the newest version (2:3.3.17-5). The following packages will be upgraded: adduser 1 upgraded, 0 newly installed, 0 to remove and 60 not upgraded. Need to get 241 kB of archives. After this operation, 0 B of additional disk space will be used. Do you want to continue? [Y/n] y Get:1 http://deb.debian.org/debian bullseye/main amd64 adduser all 3.118+deb11u1 [241 kB] Fetched 241 kB in 0s (906 kB/s) Reading changelogs... Done Preconfiguring packages ... (Reading database ... 69367 files and directories currently installed.) Preparing to unpack .../adduser_3.118+deb11u1_all.deb ... Unpacking adduser (3.118+deb11u1) over (3.118) ... Setting up adduser (3.118+deb11u1) ... Processing triggers for man-db (2.9.4-2) ... root@debian11:/home/vagrant/wazuh-packages-enhancement-2657-fix-indexder-ism-log-path/stack/indexer/deb# apt-get install gnupg apt-transport-https Reading package lists... Done Building dependency tree... Done Reading state information... Done gnupg is already the newest version (2.2.27-2+deb11u2). The following NEW packages will be installed: apt-transport-https 0 upgraded, 1 newly installed, 0 to remove and 60 not upgraded. Need to get 160 kB of archives. After this operation, 166 kB of additional disk space will be used. Do you want to continue? [Y/n] y Get:1 http://deb.debian.org/debian bullseye/main amd64 apt-transport-https all 2.2.4 [160 kB] Fetched 160 kB in 0s (614 kB/s) Selecting previously unselected package apt-transport-https. (Reading database ... 69367 files and directories currently installed.) Preparing to unpack .../apt-transport-https_2.2.4_all.deb ... Unpacking apt-transport-https (2.2.4) ... Setting up apt-transport-https (2.2.4) ...
dpkg -i output/wazuh-indexer_4.8.1-1_amd64.deb
Selecting previously unselected package wazuh-indexer. (Reading database ... 69371 files and directories currently installed.) Preparing to unpack .../wazuh-indexer_4.8.1-1_amd64.deb ... Creating wazuh-indexer group... OK Creating wazuh-indexer user... OK Unpacking wazuh-indexer (4.8.1-1) ... Setting up wazuh-indexer (4.8.1-1) ... Created opensearch keystore in /etc/wazuh-indexer/opensearch.keystore
NODE_NAME=node-1
mkdir /etc/wazuh-indexer/certs
tar -xf ./wazuh-certificates.tar -C /etc/wazuh-indexer/certs/ ./$NODE_NAME.pem ./$NODE_NAME-key.pem ./admin.pem ./admin-key.pem ./root-ca.pem mv -n /etc/wazuh-indexer/certs/$NODE_NAME.pem /etc/wazuh-indexer/certs/indexer.pem mv -n /etc/wazuh-indexer/certs/$NODE_NAME-key.pem /etc/wazuh-indexer/certs/indexer-key.pem chmod 500 /etc/wazuh-indexer/certs chmod 400 /etc/wazuh-indexer/certs/* chown -R wazuh-indexer:wazuh-indexer /etc/wazuh-indexer/certs
systemctl daemon-reload
systemctl enable wazuh-indexer systemctl start wazuh-indexer Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service → /lib/systemd/system/wazuh-indexer.service.
/usr/share/wazuh-indexer/bin/indexer-security-init.sh
This tool will be deprecated in the next major release of OpenSearch https://github.com/opensearch-project/security/issues/1755
Security Admin v7 Will connect to 127.0.0.1:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.10.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: GREEN Number of nodes: 1 Number of data nodes: 1 .opendistro_security index does not exists, attempt to create it ... done (0-all replicas) Populate config from /etc/wazuh-indexer/opensearch-security/ Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml SUCC: Configuration for 'config' created or updated Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml SUCC: Configuration for 'roles' created or updated Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml SUCC: Configuration for 'rolesmapping' created or updated Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml SUCC: Configuration for 'internalusers' created or updated Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml SUCC: Configuration for 'actiongroups' created or updated Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml SUCC: Configuration for 'tenants' created or updated Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml SUCC: Configuration for 'nodesdn' created or updated Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml SUCC: Configuration for 'whitelist' created or updated Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml SUCC: Configuration for 'audit' created or updated Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml SUCC: Configuration for 'allowlist' created or updated SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null Done with success
systemctl status wazuh-indexer
● wazuh-indexer.service - Wazuh-indexer Loaded: loaded (/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: enabled) Active: active (running) since Wed 2024-01-03 10:46:25 UTC; 1h 33min ago Docs: https://documentation.wazuh.com Main PID: 34506 (java) Tasks: 70 (limit: 4661) Memory: 1.3G CPU: 1min 16.552s CGroup: /system.slice/wazuh-indexer.service └─34506 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true -Dfile.encodin>
Jan 03 10:46:06 debian11.localdomain systemd[1]: Starting Wazuh-indexer... Jan 03 10:46:08 debian11.localdomain systemd-entrypoint[34506]: WARNING: A terminally deprecated method in java.lang.System has been called Jan 03 10:46:08 debian11.localdomain systemd-entrypoint[34506]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar) Jan 03 10:46:08 debian11.localdomain systemd-entrypoint[34506]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch Jan 03 10:46:08 debian11.localdomain systemd-entrypoint[34506]: WARNING: System::setSecurityManager will be removed in a future release Jan 03 10:46:10 debian11.localdomain systemd-entrypoint[34506]: WARNING: A terminally deprecated method in java.lang.System has been called Jan 03 10:46:10 debian11.localdomain systemd-entrypoint[34506]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar) Jan 03 10:46:10 debian11.localdomain systemd-entrypoint[34506]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security Jan 03 10:46:10 debian11.localdomain systemd-entrypoint[34506]: WARNING: System::setSecurityManager will be removed in a future release Jan 03 10:46:25 debian11.localdomain systemd[1]: Started Wazuh-indexer.
curl -k -u admin:admin https://192.168.56.111:9200
{ "name" : "node-1", "cluster_name" : "wazuh-cluster", "cluster_uuid" : "yee6KXaLQ8yin8TOliFrSg", "version" : { "number" : "7.10.2", "build_type" : "rpm", "build_hash" : "eee49cb340edc6c4d489bcd9324dda571fc8dc03", "build_date" : "2023-09-20T23:54:29.889267151Z", "build_snapshot" : false, "lucene_version" : "9.7.0", "minimum_wire_compatibility_version" : "7.10.0", "minimum_index_compatibility_version" : "7.0.0" }, "tagline" : "The OpenSearch Project: https://opensearch.org/"
cat /tmp/wazuh-indexer/ism-init.log
cat: /tmp/wazuh-indexer/ism-init.log: No such file or directory
cat /var/log/wazuh-indexer/ism-init.log
cat: /var/log/wazuh-indexer/ism-init.log: No such file or directory
bash /usr/share/wazuh-indexer/bin/indexer-ism-init.sh
Will create 'wazuh' index template ERROR: /etc/wazuh-indexer/wazuh-template.json not found Will create index templates to configure the alias SUCC: 'wazuh-alerts' template created or updated SUCC: 'wazuh-archives' template created or updated Will create the 'rollover_policy' policy SUCC: 'rollover_policy' policy created Will create initial indices for the aliases SUCC: 'wazuh-alerts' write index created SUCC: 'wazuh-archives' write index created SUCC: Indexer ISM initialization finished successfully.
cat /tmp/wazuh-indexer/ism-init.log
cat: /tmp/wazuh-indexer/ism-init.log: No such file or directory
ls /var/log/wazuh-indexer/ism-init.log
/var/log/wazuh-indexer/ism-init.log
cat /var/log/wazuh-indexer/ism-init.log
{"acknowledged":true,"shards_acknowledged":true,"index":"wazuh-archives-4.x-2024.01.03-000001"}