Closed santipadilla closed 5 months ago
Two tests have been performed, and the installation is not stopped:
It would be necessary to specify more information about the tool used to deploy the Wazuh installation. Maybe the firewall is related to this, so please, disable the firewall before performing the installation.
I am doing E2E UX tests - File Integrity monitoring for release 4.8.0 - Alpha 2 and I am using Vagrant as environment.
For both rhel8 and rhel9 I have used the same configuration.
Rhel8
config.vm.define "rhel8" do |rhel8| rhel8.vm.box = "generic/rhel8" rhel8.vm.hostname = "all-rhel8" rhel8.vm.network "private_network", ip: "172.16.1.24" rhel8.vm.provider "virtualbox" do |vb| vb.name = "Rhel8 All" vb.cpus = 4 vb.memory = "8192" end end
Rhel 9
config.vm.define "rhel9" do |rhel9| rhel9.vm.box = "generic/rhel9" rhel9.vm.hostname = "all-rhel9" rhel9.vm.network "private_network", ip: "172.16.1.25" rhel9.vm.provider "virtualbox" do |vb| vb.name = "Rhel9 All" vb.cpus = 4 vb.memory = "8192" end end
I have tried again the installation in Rhel9 by deactivating firewalld but it still hangs with:
sudo systemctl stop firewalld
sudo systemctl disable firewalld
In both cases I used the same installation method with:
curl -sO https://packages-dev.wazuh.com/4.8/wazuh-install.sh && sudo bash ./wazuh-install.sh -a
Full log of /var/log/wazuh-install.log
17/01/2024 13:38:18 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0
17/01/2024 13:38:18 INFO: Verbose logging redirected to /var/log/wazuh-install.log
0 files removed
17/01/2024 13:38:24 INFO: Verifying that your system meets the recommended minimum hardware requirements.
17/01/2024 13:38:24 INFO: Wazuh web interface port will be 443.
17/01/2024 13:38:25 WARNING: The system has Firewalld enabled. Please ensure that traffic is allowed on these ports: 1515, 1514, 443.
[wazuh]
gpgcheck=1
gpgkey=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
enabled=1
name=EL-${releasever} - Wazuh
baseurl=https://packages-dev.wazuh.com/pre-release/yum/
protect=1
17/01/2024 13:38:26 INFO: Wazuh development repository added.
17/01/2024 13:38:26 INFO: --- Configuration files ---
17/01/2024 13:38:26 INFO: Generating configuration files.
...+..+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+..+.......+..+.+..+.............+........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.............+...+..+...+......+.+..+..........+..+....+.....+.+...+.....+......+......+.+.................+.+.................+....+.....+....+.........+..+.+..+.......+...+........+....+.........+.....+.......+........+.+........+...+.........+.........+......+.+........+.........+..........+......+.........+...........+....+..+.+.........+........+......+............+...+......+....+.........+......+.........+.....+......+................+...+.....+.+.....+.+.........+......+.....+.+..+..........+......+..+..........+...+..............+..........+............+...+...+..+......+.......+....................+.............+...........+...+.+......+...........+....+...+......+..+.........+...+.+......+......+........+......+.+...............+............+..+...+............+.........+.......+...+..+...+......+.+........+......+......+....+......+.........+...+...........+......+...............+...+.+.....+.......+..+...+.......+.....+.+...........+....+.....+......+..........+......+.....+.......+...+..+.......+.........+..+............+.+..+....+.....+.+..+.+......+.....+...+.+..+...+....+.....+...+....+...+...............+...............+......+.....+.......+...+..+...+....+..+.........+.......+..+.......+.....+.........+.+.....+.............+............+.....+....+.....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
.+.....................+............+.....+....+...+..+.............+..+..........+.....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+..+...+......+..........+........+.......+......+.........+.....+.........+.........+.+.....+.+...+..+...+......+.+...+..+..................+.+..............+.+......+..............+....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*...+.....+......+.+...........+....+...+..+.+..+.....................+.......+..+...+....+.....+....+.........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
Certificate request self-signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = admin
..+..+..........+.........+.....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*............+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+.............+..+...+....+..+...+............+................+..+...+...+....+..+.+...+.................+....+...+...+.....+...+.......+...+.....+......+.+..+.+...............+..+.......+.....+......+....+..+.........+.+......+........+....+.....+......+.+.........+..+.......+.....+.+...............+..+....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
.........+..+...+.+...........+....+..+.......+...+.....+...+.+......+........+.........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.........+.....+.+.........+......+..+...+.......+.........+..............+......+.+..+.+.....+...............+.....................+.+..+.+..+.......+........+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.............+...........+....+..+.+...+......+...+.....+.+..............+...+.........+...+................+.....+.+..............+............+...+....+.....+...+..................+.+.........+..+.........+.+........+.........+.......+...+..+.+..+...+............................+...........+.........+....+.....+.+......+...+...+........+.+...............+.....+.+.....+...+.+...+..................+..+...+.......+..................+..+...+...+.+......+..+.............+..+..........+.....+......+.......+...+..+..........+.....+....+.........+...............+.....+.+...+...........+.+.....+....+.....+....+...............+........+.............+..+.......+......+..+....+...+...........+.........+......+...............+.+...+........+....+.....+.........+..........+...........+...+......+.........+......+......+..........+........+.......+.....+......+.........+....+.....+......+.+...+......+...+..+...+.......+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
Certificate request self-signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-indexer
....+..+.......+.....+.........+.+...+...............+......+.....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*...........+.....+...+....+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.............................+.......+......+.....+.......+...+..+.+...........................+..+...+...+.+.....+.+..+.......+...........+...+.+...+.....+..........+..+......+...+....+..+..................+.+.....+.+......+..............+.+...+.....+.+.....+.........+......+.+........+............+...+.......+...+..+....+.....+......+............+...+..................+.+.....+.+.....+...+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
.........+.+.....+...+....+...........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*....+.+..+.+..............+...+....+...+..................+...+...........+.+........+....+...+..+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*........+..+.........+...+................+..+.......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
Certificate request self-signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-server
.+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*....+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+.+.........+..............+.........+............+.........+..........+..+.........+.+.....+....+.....................+..+.......+...+..+.............+...............+..+....+.....+.........+.+.....+.+.....+.+........+..........+.........+...............+............+......+............+.....+.............+..............+.+..+...+.............+.........+.....+................+.....+.+...........+.........+...+.+......+.....+.+...+...........+...+...+...+.......+..............+.+..+...+.......+.....+.......+...+........+.........+...............+...+..........+..+.............+...+...+............+...+..+.......+..+......+..................+.......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
....+..+.+..+....+...+........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*......+...+.......+...+...+.....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..................+........+.+......+...............+.....+.......+..+..................+.+..+...+.......+..+......+................+..............+.+......+.....+...+....+...+.....+...+....+.....+.+.........+..+...+................+...........+...+............+....+......+...+...+..+......+.+..............+.......+...+..+.............+.................+.........+...+.............+...+......+...+..+.+..............+......+..........+.........+...+..+...+.+.........+...+.....+...+.+......+.................+......+....+..+.+..+......+.......+...+...........+......+.......+..+...+.+.........+........+...+.+.....+....+...........+....+.....+............+...+....+...+............+..+.+.................+.+......+......+..+......+.......+.........+.....+....+.....+.........+......+.+.....+..................+...+....+.....+....+.....+.........+...+...+......+.+.........+..........................+...+.+...+..+.+........+....+...+.........+...+.....+..........+...+..+.......+.....+..........+.........+..+....+......+....................+.......+..+...+...+.......+..+......+.......+...............+.....+.+......+......+............+..+...+...+...+......+....+...............+...........+...+.......+...+...+.....+...+....+.....+.+......+........+......+.+.....+.+............+...+.....+...+......+...+...+....+..............+....+.....+.+..+...+................+........+............+.+.........+......+...+................................+....+...........+........................+...+.............+.....+.......+..+.........+...................+..+......+....+...............+...+..+.+..............+...+...+..........+.........+...+..+.........+.........+...+.......+.....+.......+...............+...+...+...+............+........+.........+...+....+......+...+...........+..........+.........+......+......+..+...+...+....+..+.+..+...............+.+......+.....+...+...+.......+......+.....+............+..................+....+...+...+...........+.+...............+..+.......+...+...........+.+.....+.........+.......+.........+...+........+...+..........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
Certificate request self-signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-dashboard
17/01/2024 13:38:28 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
17/01/2024 13:38:28 INFO: --- Wazuh indexer ---
17/01/2024 13:38:28 INFO: Starting Wazuh indexer installation.
Extra Packages for Enterprise Linux 9 - x86_64 4.5 MB/s | 20 MB 00:04
Extra Packages for Enterprise Linux 9 openh264 1.9 kB/s | 2.5 kB 00:01
EL-9 - Wazuh 9.6 MB/s | 24 MB 00:02
Dependencies resolved.
================================================================================
Package Architecture Version Repository Size
================================================================================
Installing:
wazuh-indexer x86_64 4.8.0-1 wazuh 743 M
Transaction Summary
================================================================================
Install 1 Package
Total download size: 743 M
Installed size: 1.0 G
Downloading Packages:
wazuh-indexer-4.8.0-1.x86_64.rpm 54 MB/s | 743 MB 00:13
--------------------------------------------------------------------------------
Total 54 MB/s | 743 MB 00:13
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Running scriptlet: wazuh-indexer-4.8.0-1.x86_64 1/1
Installing : wazuh-indexer-4.8.0-1.x86_64 1/1
Running scriptlet: wazuh-indexer-4.8.0-1.x86_64 1/1
Created opensearch keystore in /etc/wazuh-indexer/opensearch.keystore
Couldn't write '64' to 'kernel/random/read_wakeup_threshold', ignoring: No such file or directory
Verifying : wazuh-indexer-4.8.0-1.x86_64 1/1
Installed products updated.
Installed:
wazuh-indexer-4.8.0-1.x86_64
Complete!
17/01/2024 13:39:49 INFO: Wazuh indexer installation finished.
17/01/2024 13:39:49 INFO: Wazuh indexer post-install configuration finished.
17/01/2024 13:39:49 INFO: Starting service wazuh-indexer.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service → /usr/lib/systemd/system/wazuh-indexer.service.
I was able to replicate the error on my machine using vagrant, the problem is that the Wazuh indexer service does not start and it remains in process and for this reason the WIA does not advance:
---
17/01/2024 18:15:10 DEBUG: Checking Wazuh installation.
17/01/2024 18:15:10 DEBUG: There are Wazuh indexer remaining files.
17/01/2024 18:15:11 INFO: Wazuh indexer installation finished.
17/01/2024 18:15:11 DEBUG: Configuring Wazuh indexer.
17/01/2024 18:15:11 DEBUG: Copying Wazuh indexer certificates.
17/01/2024 18:15:11 INFO: Wazuh indexer post-install configuration finished.
17/01/2024 18:15:11 INFO: Starting service wazuh-indexer.
+ echo 'entro por el if de systemd'
entro por el if de systemd
+ eval 'systemctl daemon-reload 2>&1 | tee -a /var/log/wazuh-install.log'
++ systemctl daemon-reload
++ tee -a /var/log/wazuh-install.log
+ eval 'systemctl enable wazuh-indexer.service 2>&1 | tee -a /var/log/wazuh-install.log'
++ systemctl enable wazuh-indexer.service
++ tee -a /var/log/wazuh-install.log
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service → /usr/lib/systemd/system/wazuh-indexer.service.
+ eval 'systemctl start wazuh-indexer.service 2>&1 | tee -a /var/log/wazuh-install.log'
++ systemctl start wazuh-indexer.service
++ tee -a /var/log/wazuh-install.log
^C+++ installCommon_cleanExit
+++ rollback_conf=
+++ '[' -n '' ']'
+++ [[ '' =~ ^[N|Y|n|y]$ ]]
+++ echo -ne '\nDo you want to remove the ongoing installation?[Y/N]'
Do you want to remove the ongoing installation?[Y/N]+++ read -r rollback_conf
Reviewing the status of the service, it looks like this:
[root@rhel-9 ~]# systemctl status wazuh-indexer
● wazuh-indexer.service - Wazuh-indexer
Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: disabled)
Active: activating (start) since Wed 2024-01-17 19:06:27 UTC; 23s ago
Docs: https://documentation.wazuh.com
Main PID: 13213 (java)
Tasks: 36 (limit: 36152)
Memory: 3.1G
CPU: 24.484s
CGroup: /system.slice/wazuh-indexer.service
└─13213 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true -Dfile.encoding=UTF->
Jan 17 19:06:36 rhel-9 systemd-entrypoint[13213]: at io.netty.channel.AbstractChannel.bind(AbstractChannel.java:260)
Jan 17 19:06:36 rhel-9 systemd-entrypoint[13213]: at io.netty.bootstrap.AbstractBootstrap$2.run(AbstractBootstrap.java:356)
Jan 17 19:06:36 rhel-9 systemd-entrypoint[13213]: at io.netty.util.concurrent.AbstractEventExecutor.runTask(AbstractEventExecutor.java:174)
Jan 17 19:06:36 rhel-9 systemd-entrypoint[13213]: at io.netty.util.concurrent.AbstractEventExecutor.safeExecute(AbstractEventExecutor.java:167)
Jan 17 19:06:36 rhel-9 systemd-entrypoint[13213]: at io.netty.util.concurrent.SingleThreadEventExecutor.runAllTasks(SingleThreadEventExecutor.java:470)
Jan 17 19:06:36 rhel-9 systemd-entrypoint[13213]: at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:569)
Jan 17 19:06:36 rhel-9 systemd-entrypoint[13213]: at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:997)
Jan 17 19:06:36 rhel-9 systemd-entrypoint[13213]: at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
Jan 17 19:06:36 rhel-9 systemd-entrypoint[13213]: at java.base/java.lang.Thread.run(Thread.java:833)
Jan 17 19:06:36 rhel-9 systemd-entrypoint[13213]: For complete error details, refer to the log at /var/log/wazuh-indexer/wazuh-cluster.log
This error can be found in the wazuh-cluster.log
org.opensearch.transport.BindTransportException: Failed to bind to [::1]:[9300-9400]
cat /etc/wazuh-indexer/opensearch.yml
network.host: "localhost"
node.name: "node-1"
cluster.initial_master_nodes:
- "node-1"
cluster.name: "wazuh-cluster"
node.max_local_storage_nodes: "3"
path.data: /var/lib/wazuh-indexer
path.logs: /var/log/wazuh-indexer
plugins.security.ssl.http.pemcert_filepath: /etc/wazuh-indexer/certs/wazuh-indexer.pem
plugins.security.ssl.http.pemkey_filepath: /etc/wazuh-indexer/certs/wazuh-indexer-key.pem
plugins.security.ssl.http.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem
plugins.security.ssl.transport.pemcert_filepath: /etc/wazuh-indexer/certs/wazuh-indexer.pem
plugins.security.ssl.transport.pemkey_filepath: /etc/wazuh-indexer/certs/wazuh-indexer-key.pem
plugins.security.ssl.transport.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem
plugins.security.ssl.http.enabled: true
plugins.security.ssl.transport.enforce_hostname_verification: false
plugins.security.ssl.transport.resolve_hostname: false
plugins.security.ssl.http.enabled_ciphers:
- "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"
- "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"
- "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"
- "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"
plugins.security.ssl.http.enabled_protocols:
- "TLSv1.2"
plugins.security.authcz.admin_dn:
- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
plugins.security.check_snapshot_restore_write_privileges: true
plugins.security.enable_snapshot_restore_privilege: true
plugins.security.nodes_dn:
- "CN=indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
plugins.security.restapi.roles_enabled:
- "all_access"
- "security_rest_api_access"
plugins.security.system_indices.enabled: true
plugins.security.system_indices.indices: [".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]
### Option to allow Filebeat-oss 7.10.2 to work ###
compatibility.override_main_response_version: true
After new test with the same VM, the installation progressed correctly, I am going to replicate the tests to verify if the error appears again:
[vagrant@rhel-9 ~]$ sudo bash wazuh-install.sh -a
18/01/2024 12:08:56 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0
18/01/2024 12:08:56 INFO: Verbose logging redirected to /var/log/wazuh-install.log
18/01/2024 12:09:03 INFO: Verifying that your system meets the recommended minimum hardware requirements.
18/01/2024 12:09:03 INFO: Wazuh web interface port will be 443.
18/01/2024 12:09:04 WARNING: The system has Firewalld enabled. Please ensure that traffic is allowed on these ports: 1515, 1514, 443.
18/01/2024 12:09:06 INFO: Wazuh development repository added.
18/01/2024 12:09:06 INFO: --- Configuration files ---
18/01/2024 12:09:06 INFO: Generating configuration files.
18/01/2024 12:09:08 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
18/01/2024 12:09:08 INFO: --- Wazuh indexer ---
18/01/2024 12:09:08 INFO: Starting Wazuh indexer installation.
18/01/2024 12:11:43 INFO: Wazuh indexer installation finished.
18/01/2024 12:11:43 INFO: Wazuh indexer post-install configuration finished.
18/01/2024 12:11:43 INFO: Starting service wazuh-indexer.
+ echo 'entro por el if de systemd'
entro por el if de systemd
+ eval 'systemctl daemon-reload >> /var/log/wazuh-install.log 2>&1'
++ systemctl daemon-reload
+ eval 'systemctl enable wazuh-indexer.service >> /var/log/wazuh-install.log 2>&1'
++ systemctl enable wazuh-indexer.service
+ eval 'cat /etc/wazuh-indexer/opensearch.yml'
++ cat /etc/wazuh-indexer/opensearch.yml
network.host: "localhost"
node.name: "node-1"
cluster.initial_master_nodes:
- "node-1"
cluster.name: "wazuh-cluster"
node.max_local_storage_nodes: "3"
path.data: /var/lib/wazuh-indexer
path.logs: /var/log/wazuh-indexer
plugins.security.ssl.http.pemcert_filepath: /etc/wazuh-indexer/certs/wazuh-indexer.pem
plugins.security.ssl.http.pemkey_filepath: /etc/wazuh-indexer/certs/wazuh-indexer-key.pem
plugins.security.ssl.http.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem
plugins.security.ssl.transport.pemcert_filepath: /etc/wazuh-indexer/certs/wazuh-indexer.pem
plugins.security.ssl.transport.pemkey_filepath: /etc/wazuh-indexer/certs/wazuh-indexer-key.pem
plugins.security.ssl.transport.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem
plugins.security.ssl.http.enabled: true
plugins.security.ssl.transport.enforce_hostname_verification: false
plugins.security.ssl.transport.resolve_hostname: false
plugins.security.ssl.http.enabled_ciphers:
- "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"
- "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"
- "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"
- "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"
plugins.security.ssl.http.enabled_protocols:
- "TLSv1.2"
plugins.security.authcz.admin_dn:
- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
plugins.security.check_snapshot_restore_write_privileges: true
plugins.security.enable_snapshot_restore_privilege: true
plugins.security.nodes_dn:
- "CN=indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
plugins.security.restapi.roles_enabled:
- "all_access"
- "security_rest_api_access"
plugins.security.system_indices.enabled: true
plugins.security.system_indices.indices: [".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]
### Option to allow Filebeat-oss 7.10.2 to work ###
compatibility.override_main_response_version: true
+ eval 'systemctl start wazuh-indexer.service >> /var/log/wazuh-install.log 2>&1'
++ systemctl start wazuh-indexer.service
+ echo 'este es el pipestatus: 0'
este es el pipestatus: 0
+ '[' 0 '!=' 0 ']'
+ common_logger 'wazuh-indexer service started.'
++ date '+%d/%m/%Y %H:%M:%S'
+ now='18/01/2024 12:11:54'
+ mtype=INFO:
+ debugLogger=
+ nolog=
+ '[' -n 'wazuh-indexer service started.' ']'
+ '[' -n 'wazuh-indexer service started.' ']'
+ case ${1} in
+ message='wazuh-indexer service started.'
+ shift 1
+ '[' -n '' ']'
+ '[' -z '' ']'
+ '[' 0 -eq 0 ']'
+ '[' -z '' ']'
+ printf '%s\n' '18/01/2024 12:11:54 INFO: wazuh-indexer service started.'
+ tee -a /var/log/wazuh-install.log
18/01/2024 12:11:54 INFO: wazuh-indexer service started.
+ set +x
18/01/2024 12:11:54 INFO: Initializing Wazuh indexer cluster security settings.
18/01/2024 12:12:06 INFO: The Wazuh indexer cluster ISM initialized.
18/01/2024 12:12:06 INFO: Wazuh indexer cluster initialized.
18/01/2024 12:12:06 INFO: --- Wazuh server ---
18/01/2024 12:12:06 INFO: Starting the Wazuh manager installation.
18/01/2024 12:13:51 INFO: Wazuh manager installation finished.
18/01/2024 12:13:51 INFO: Starting service wazuh-manager.
+ echo 'entro por el if de systemd'
entro por el if de systemd
+ eval 'systemctl daemon-reload >> /var/log/wazuh-install.log 2>&1'
++ systemctl daemon-reload
+ eval 'systemctl enable wazuh-manager.service >> /var/log/wazuh-install.log 2>&1'
++ systemctl enable wazuh-manager.service
+ eval 'cat /etc/wazuh-indexer/opensearch.yml'
++ cat /etc/wazuh-indexer/opensearch.yml
network.host: "localhost"
node.name: "node-1"
cluster.initial_master_nodes:
- "node-1"
cluster.name: "wazuh-cluster"
node.max_local_storage_nodes: "3"
path.data: /var/lib/wazuh-indexer
path.logs: /var/log/wazuh-indexer
plugins.security.ssl.http.pemcert_filepath: /etc/wazuh-indexer/certs/wazuh-indexer.pem
plugins.security.ssl.http.pemkey_filepath: /etc/wazuh-indexer/certs/wazuh-indexer-key.pem
plugins.security.ssl.http.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem
plugins.security.ssl.transport.pemcert_filepath: /etc/wazuh-indexer/certs/wazuh-indexer.pem
plugins.security.ssl.transport.pemkey_filepath: /etc/wazuh-indexer/certs/wazuh-indexer-key.pem
plugins.security.ssl.transport.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem
plugins.security.ssl.http.enabled: true
plugins.security.ssl.transport.enforce_hostname_verification: false
plugins.security.ssl.transport.resolve_hostname: false
plugins.security.ssl.http.enabled_ciphers:
- "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"
- "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"
- "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"
- "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"
plugins.security.ssl.http.enabled_protocols:
- "TLSv1.2"
plugins.security.authcz.admin_dn:
- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
plugins.security.check_snapshot_restore_write_privileges: true
plugins.security.enable_snapshot_restore_privilege: true
plugins.security.nodes_dn:
- "CN=indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
plugins.security.restapi.roles_enabled:
- "all_access"
- "security_rest_api_access"
plugins.security.system_indices.enabled: true
plugins.security.system_indices.indices: [".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]
### Option to allow Filebeat-oss 7.10.2 to work ###
compatibility.override_main_response_version: true
+ eval 'systemctl start wazuh-manager.service >> /var/log/wazuh-install.log 2>&1'
++ systemctl start wazuh-manager.service
+ echo 'este es el pipestatus: 0'
este es el pipestatus: 0
+ '[' 0 '!=' 0 ']'
+ common_logger 'wazuh-manager service started.'
++ date '+%d/%m/%Y %H:%M:%S'
+ now='18/01/2024 12:13:59'
+ mtype=INFO:
+ debugLogger=
+ nolog=
+ '[' -n 'wazuh-manager service started.' ']'
+ '[' -n 'wazuh-manager service started.' ']'
+ case ${1} in
+ message='wazuh-manager service started.'
+ shift 1
+ '[' -n '' ']'
+ '[' -z '' ']'
+ '[' 0 -eq 0 ']'
+ '[' -z '' ']'
+ printf '%s\n' '18/01/2024 12:13:59 INFO: wazuh-manager service started.'
+ tee -a /var/log/wazuh-install.log
18/01/2024 12:13:59 INFO: wazuh-manager service started.
+ set +x
18/01/2024 12:13:59 INFO: Starting Filebeat installation.
18/01/2024 12:14:10 INFO: Filebeat installation finished.
18/01/2024 12:14:12 INFO: Filebeat post-install configuration finished.
18/01/2024 12:14:12 INFO: Starting service filebeat.
+ echo 'entro por el if de systemd'
entro por el if de systemd
+ eval 'systemctl daemon-reload >> /var/log/wazuh-install.log 2>&1'
++ systemctl daemon-reload
+ eval 'systemctl enable filebeat.service >> /var/log/wazuh-install.log 2>&1'
++ systemctl enable filebeat.service
+ eval 'cat /etc/wazuh-indexer/opensearch.yml'
++ cat /etc/wazuh-indexer/opensearch.yml
network.host: "localhost"
node.name: "node-1"
cluster.initial_master_nodes:
- "node-1"
cluster.name: "wazuh-cluster"
node.max_local_storage_nodes: "3"
path.data: /var/lib/wazuh-indexer
path.logs: /var/log/wazuh-indexer
plugins.security.ssl.http.pemcert_filepath: /etc/wazuh-indexer/certs/wazuh-indexer.pem
plugins.security.ssl.http.pemkey_filepath: /etc/wazuh-indexer/certs/wazuh-indexer-key.pem
plugins.security.ssl.http.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem
plugins.security.ssl.transport.pemcert_filepath: /etc/wazuh-indexer/certs/wazuh-indexer.pem
plugins.security.ssl.transport.pemkey_filepath: /etc/wazuh-indexer/certs/wazuh-indexer-key.pem
plugins.security.ssl.transport.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem
plugins.security.ssl.http.enabled: true
plugins.security.ssl.transport.enforce_hostname_verification: false
plugins.security.ssl.transport.resolve_hostname: false
plugins.security.ssl.http.enabled_ciphers:
- "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"
- "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"
- "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"
- "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"
plugins.security.ssl.http.enabled_protocols:
- "TLSv1.2"
plugins.security.authcz.admin_dn:
- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
plugins.security.check_snapshot_restore_write_privileges: true
plugins.security.enable_snapshot_restore_privilege: true
plugins.security.nodes_dn:
- "CN=indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
plugins.security.restapi.roles_enabled:
- "all_access"
- "security_rest_api_access"
plugins.security.system_indices.enabled: true
plugins.security.system_indices.indices: [".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]
### Option to allow Filebeat-oss 7.10.2 to work ###
compatibility.override_main_response_version: true
+ eval 'systemctl start filebeat.service >> /var/log/wazuh-install.log 2>&1'
++ systemctl start filebeat.service
+ echo 'este es el pipestatus: 0'
este es el pipestatus: 0
+ '[' 0 '!=' 0 ']'
+ common_logger 'filebeat service started.'
++ date '+%d/%m/%Y %H:%M:%S'
+ now='18/01/2024 12:14:12'
+ mtype=INFO:
+ debugLogger=
+ nolog=
+ '[' -n 'filebeat service started.' ']'
+ '[' -n 'filebeat service started.' ']'
+ case ${1} in
+ message='filebeat service started.'
+ shift 1
+ '[' -n '' ']'
+ '[' -z '' ']'
+ '[' 0 -eq 0 ']'
+ '[' -z '' ']'
+ printf '%s\n' '18/01/2024 12:14:12 INFO: filebeat service started.'
+ tee -a /var/log/wazuh-install.log
18/01/2024 12:14:12 INFO: filebeat service started.
+ set +x
18/01/2024 12:14:12 INFO: --- Wazuh dashboard ---
18/01/2024 12:14:12 INFO: Starting Wazuh dashboard installation.
18/01/2024 12:15:41 INFO: Wazuh dashboard installation finished.
18/01/2024 12:15:41 INFO: Wazuh dashboard post-install configuration finished.
18/01/2024 12:15:41 INFO: Starting service wazuh-dashboard.
+ echo 'entro por el if de systemd'
entro por el if de systemd
+ eval 'systemctl daemon-reload >> /var/log/wazuh-install.log 2>&1'
++ systemctl daemon-reload
+ eval 'systemctl enable wazuh-dashboard.service >> /var/log/wazuh-install.log 2>&1'
++ systemctl enable wazuh-dashboard.service
+ eval 'cat /etc/wazuh-indexer/opensearch.yml'
++ cat /etc/wazuh-indexer/opensearch.yml
network.host: "localhost"
node.name: "node-1"
cluster.initial_master_nodes:
- "node-1"
cluster.name: "wazuh-cluster"
node.max_local_storage_nodes: "3"
path.data: /var/lib/wazuh-indexer
path.logs: /var/log/wazuh-indexer
plugins.security.ssl.http.pemcert_filepath: /etc/wazuh-indexer/certs/wazuh-indexer.pem
plugins.security.ssl.http.pemkey_filepath: /etc/wazuh-indexer/certs/wazuh-indexer-key.pem
plugins.security.ssl.http.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem
plugins.security.ssl.transport.pemcert_filepath: /etc/wazuh-indexer/certs/wazuh-indexer.pem
plugins.security.ssl.transport.pemkey_filepath: /etc/wazuh-indexer/certs/wazuh-indexer-key.pem
plugins.security.ssl.transport.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem
plugins.security.ssl.http.enabled: true
plugins.security.ssl.transport.enforce_hostname_verification: false
plugins.security.ssl.transport.resolve_hostname: false
plugins.security.ssl.http.enabled_ciphers:
- "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"
- "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"
- "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"
- "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"
plugins.security.ssl.http.enabled_protocols:
- "TLSv1.2"
plugins.security.authcz.admin_dn:
- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
plugins.security.check_snapshot_restore_write_privileges: true
plugins.security.enable_snapshot_restore_privilege: true
plugins.security.nodes_dn:
- "CN=indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
plugins.security.restapi.roles_enabled:
- "all_access"
- "security_rest_api_access"
plugins.security.system_indices.enabled: true
plugins.security.system_indices.indices: [".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]
### Option to allow Filebeat-oss 7.10.2 to work ###
compatibility.override_main_response_version: true
+ eval 'systemctl start wazuh-dashboard.service >> /var/log/wazuh-install.log 2>&1'
++ systemctl start wazuh-dashboard.service
+ echo 'este es el pipestatus: 0'
este es el pipestatus: 0
+ '[' 0 '!=' 0 ']'
+ common_logger 'wazuh-dashboard service started.'
++ date '+%d/%m/%Y %H:%M:%S'
+ now='18/01/2024 12:15:41'
+ mtype=INFO:
+ debugLogger=
+ nolog=
+ '[' -n 'wazuh-dashboard service started.' ']'
+ '[' -n 'wazuh-dashboard service started.' ']'
+ case ${1} in
+ message='wazuh-dashboard service started.'
+ shift 1
+ '[' -n '' ']'
+ '[' -z '' ']'
+ '[' 0 -eq 0 ']'
+ '[' -z '' ']'
+ printf '%s\n' '18/01/2024 12:15:41 INFO: wazuh-dashboard service started.'
+ tee -a /var/log/wazuh-install.log
18/01/2024 12:15:41 INFO: wazuh-dashboard service started.
+ set +x
18/01/2024 12:15:43 INFO: Updating the internal users.
18/01/2024 12:15:46 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
18/01/2024 12:16:02 INFO: Initializing Wazuh dashboard web application.
18/01/2024 12:16:03 INFO: Wazuh dashboard web application initialized.
18/01/2024 12:16:03 INFO: --- Summary ---
18/01/2024 12:16:03 INFO: You can access the web interface https://<wazuh-dashboard-ip>:443
User: admin
Password: ED6Ka+1Z*ggL.wxDVAJKOitGRVlPg?Ym
18/01/2024 12:16:03 INFO: Installation finished.
[vagrant@rhel-9 ~]$ cat /etc/*release
NAME="Red Hat Enterprise Linux"
VERSION="9.0 (Plow)"
ID="rhel"
ID_LIKE="fedora"
VERSION_ID="9.0"
PLATFORM_ID="platform:el9"
PRETTY_NAME="Red Hat Enterprise Linux 9.0 (Plow)"
ANSI_COLOR="0;31"
LOGO="fedora-logo-icon"
CPE_NAME="cpe:/o:redhat:enterprise_linux:9::baseos"
HOME_URL="https://www.redhat.com/"
DOCUMENTATION_URL="https://access.redhat.com/documentation/red_hat_enterprise_linux/9/"
BUG_REPORT_URL="https://bugzilla.redhat.com/"
REDHAT_BUGZILLA_PRODUCT="Red Hat Enterprise Linux 9"
REDHAT_BUGZILLA_PRODUCT_VERSION=9.0
REDHAT_SUPPORT_PRODUCT="Red Hat Enterprise Linux"
REDHAT_SUPPORT_PRODUCT_VERSION="9.0"
Red Hat Enterprise Linux release 9.0 (Plow)
Red Hat Enterprise Linux release 9.0 (Plow)
in a new test, I started with a new fresh VM from the same box, On the first try, the installation got stuck, but after a reboot, the installation finished successfully without any change:
cbordon@cbordon-MS-7C88:~/Documents/wazuh/vagrant/rhel/9$ vagrant destroy -f && vagrant up && vagrant ssh
==> default: Forcing shutdown of VM...
==> default: Destroying VM and associated drives...
Bringing machine 'default' up with 'virtualbox' provider...
==> default: Importing base box 'generic/rhel9'...
==> default: Matching MAC address for NAT networking...
==> default: Checking if box 'generic/rhel9' version '4.0.2' is up to date...
==> default: Setting the name of the VM: rhel-9
==> default: Clearing any previously set network interfaces...
==> default: Preparing network interfaces based on configuration...
default: Adapter 1: nat
default: Adapter 2: hostonly
==> default: Forwarding ports...
default: 22 (guest) => 2222 (host) (adapter 1)
==> default: Running 'pre-boot' VM customizations...
==> default: Booting VM...
==> default: Waiting for machine to boot. This may take a few minutes...
default: SSH address: 127.0.0.1:2222
default: SSH username: vagrant
default: SSH auth method: private key
default:
default: Vagrant insecure key detected. Vagrant will automatically replace
default: this with a newly generated keypair for better security.
default:
default: Inserting generated public key within guest...
default: Removing insecure key from the guest if it's present...
default: Key inserted! Disconnecting and reconnecting using new SSH key...
==> default: Machine booted and ready!
==> default: Checking for guest additions in VM...
default: The guest additions on this VM do not match the installed version of
default: VirtualBox! In most cases this is fine, but in rare cases it can
default: prevent things such as shared folders from working properly. If you see
default: shared folder errors, please make sure the guest additions within the
default: virtual machine match the version of VirtualBox you have installed on
default: your host and reload your VM.
default:
default: Guest Additions Version: 6.1.30
default: VirtualBox Version: 7.0
==> default: Setting hostname...
==> default: Configuring and enabling network interfaces...
[vagrant@rhel-9 ~]$ curl -sO https://packages-dev.wazuh.com/4.8/wazuh-install.sh && sudo bash ./wazuh-install.sh -a
18/01/2024 12:23:24 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0
18/01/2024 12:23:24 INFO: Verbose logging redirected to /var/log/wazuh-install.log
18/01/2024 12:23:32 INFO: Verifying that your system meets the recommended minimum hardware requirements.
18/01/2024 12:23:32 INFO: Wazuh web interface port will be 443.
18/01/2024 12:23:33 WARNING: The system has Firewalld enabled. Please ensure that traffic is allowed on these ports: 1515, 1514, 443.
18/01/2024 12:23:35 INFO: Wazuh development repository added.
18/01/2024 12:23:35 INFO: --- Configuration files ---
18/01/2024 12:23:35 INFO: Generating configuration files.
18/01/2024 12:23:37 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
18/01/2024 12:23:37 INFO: --- Wazuh indexer ---
18/01/2024 12:23:37 INFO: Starting Wazuh indexer installation.
18/01/2024 12:26:07 INFO: Wazuh indexer installation finished.
18/01/2024 12:26:07 INFO: Wazuh indexer post-install configuration finished.
18/01/2024 12:26:07 INFO: Starting service wazuh-indexer.
^C
Do you want to remove the ongoing installation?[Y/N]Y
18/01/2024 12:29:22 INFO: --- Removing existing Wazuh installation ---
18/01/2024 12:29:22 INFO: Removing Wazuh indexer.
18/01/2024 12:29:23 INFO: Wazuh indexer removed.
18/01/2024 12:29:24 INFO: Installation cleaned.
[vagrant@rhel-9 ~]$ sudo poweroff
Connection to 127.0.0.1 closed by remote host.
cbordon@cbordon-MS-7C88:~/Documents/wazuh/vagrant/rhel/9$ vagrant up && vagrant ssh
Bringing machine 'default' up with 'virtualbox' provider...
==> default: Checking if box 'generic/rhel9' version '4.0.2' is up to date...
==> default: Clearing any previously set forwarded ports...
==> default: Clearing any previously set network interfaces...
==> default: Preparing network interfaces based on configuration...
default: Adapter 1: nat
default: Adapter 2: hostonly
==> default: Forwarding ports...
default: 22 (guest) => 2222 (host) (adapter 1)
==> default: Running 'pre-boot' VM customizations...
==> default: Booting VM...
==> default: Waiting for machine to boot. This may take a few minutes...
default: SSH address: 127.0.0.1:2222
default: SSH username: vagrant
default: SSH auth method: private key
==> default: Machine booted and ready!
==> default: Checking for guest additions in VM...
default: The guest additions on this VM do not match the installed version of
default: VirtualBox! In most cases this is fine, but in rare cases it can
default: prevent things such as shared folders from working properly. If you see
default: shared folder errors, please make sure the guest additions within the
default: virtual machine match the version of VirtualBox you have installed on
default: your host and reload your VM.
default:
default: Guest Additions Version: 6.1.30
default: VirtualBox Version: 7.0
==> default: Setting hostname...
==> default: Configuring and enabling network interfaces...
==> default: Machine already provisioned. Run `vagrant provision` or use the `--provision`
==> default: flag to force provisioning. Provisioners marked to run always will still run.
Last login: Thu Jan 18 12:26:17 2024 from 10.0.2.2
[vagrant@rhel-9 ~]$ sudo bash ./wazuh-install.sh -a
18/01/2024 12:30:21 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0
18/01/2024 12:30:21 INFO: Verbose logging redirected to /var/log/wazuh-install.log
18/01/2024 12:30:29 INFO: Verifying that your system meets the recommended minimum hardware requirements.
18/01/2024 12:30:29 INFO: Wazuh web interface port will be 443.
18/01/2024 12:30:30 WARNING: The system has Firewalld enabled. Please ensure that traffic is allowed on these ports: 1515, 1514, 443.
18/01/2024 12:30:32 INFO: Wazuh development repository added.
18/01/2024 12:30:32 INFO: --- Configuration files ---
18/01/2024 12:30:32 INFO: Generating configuration files.
18/01/2024 12:30:34 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
18/01/2024 12:30:34 INFO: --- Wazuh indexer ---
18/01/2024 12:30:34 INFO: Starting Wazuh indexer installation.
18/01/2024 12:33:03 INFO: Wazuh indexer installation finished.
18/01/2024 12:33:03 INFO: Wazuh indexer post-install configuration finished.
18/01/2024 12:33:03 INFO: Starting service wazuh-indexer.
18/01/2024 12:33:13 INFO: wazuh-indexer service started.
18/01/2024 12:33:13 INFO: Initializing Wazuh indexer cluster security settings.
18/01/2024 12:33:25 INFO: The Wazuh indexer cluster ISM initialized.
18/01/2024 12:33:25 INFO: Wazuh indexer cluster initialized.
18/01/2024 12:33:25 INFO: --- Wazuh server ---
18/01/2024 12:33:25 INFO: Starting the Wazuh manager installation.
18/01/2024 12:35:05 INFO: Wazuh manager installation finished.
18/01/2024 12:35:05 INFO: Starting service wazuh-manager.
18/01/2024 12:35:15 INFO: wazuh-manager service started.
18/01/2024 12:35:15 INFO: Starting Filebeat installation.
18/01/2024 12:35:24 INFO: Filebeat installation finished.
18/01/2024 12:35:26 INFO: Filebeat post-install configuration finished.
18/01/2024 12:35:26 INFO: Starting service filebeat.
18/01/2024 12:35:26 INFO: filebeat service started.
18/01/2024 12:35:26 INFO: --- Wazuh dashboard ---
18/01/2024 12:35:26 INFO: Starting Wazuh dashboard installation.
18/01/2024 12:36:58 INFO: Wazuh dashboard installation finished.
18/01/2024 12:36:58 INFO: Wazuh dashboard post-install configuration finished.
18/01/2024 12:36:58 INFO: Starting service wazuh-dashboard.
18/01/2024 12:36:58 INFO: wazuh-dashboard service started.
18/01/2024 12:37:01 INFO: Updating the internal users.
18/01/2024 12:37:04 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
18/01/2024 12:37:22 INFO: Initializing Wazuh dashboard web application.
18/01/2024 12:37:23 INFO: Wazuh dashboard web application initialized.
18/01/2024 12:37:23 INFO: --- Summary ---
18/01/2024 12:37:23 INFO: You can access the web interface https://<wazuh-dashboard-ip>:443
User: admin
Password: LX23xavcsLI0tdgRcL?0wZ6?Qxs?F1pc
18/01/2024 12:37:23 INFO: Installation finished.
In a new VM, restart the VM without doing anything, and after the restart perform the installation without problems
cbordon@cbordon-MS-7C88:~/Documents/wazuh/vagrant/rhel/9$ vagrant destroy -f && vagrant up && vagrant ssh
==> default: Forcing shutdown of VM...
==> default: Destroying VM and associated drives...
Bringing machine 'default' up with 'virtualbox' provider...
==> default: Importing base box 'generic/rhel9'...
==> default: Matching MAC address for NAT networking...
==> default: Checking if box 'generic/rhel9' version '4.0.2' is up to date...
==> default: A newer version of the box 'generic/rhel9' for provider 'virtualbox' is
==> default: available! You currently have version '4.0.2'. The latest is version
==> default: '4.3.12'. Run `vagrant box update` to update.
==> default: Setting the name of the VM: rhel-9
==> default: Clearing any previously set network interfaces...
==> default: Preparing network interfaces based on configuration...
default: Adapter 1: nat
default: Adapter 2: hostonly
==> default: Forwarding ports...
default: 22 (guest) => 2222 (host) (adapter 1)
==> default: Running 'pre-boot' VM customizations...
==> default: Booting VM...
==> default: Waiting for machine to boot. This may take a few minutes...
default: SSH address: 127.0.0.1:2222
default: SSH username: vagrant
default: SSH auth method: private key
default:
default: Vagrant insecure key detected. Vagrant will automatically replace
default: this with a newly generated keypair for better security.
default:
default: Inserting generated public key within guest...
default: Removing insecure key from the guest if it's present...
default: Key inserted! Disconnecting and reconnecting using new SSH key...
==> default: Machine booted and ready!
==> default: Checking for guest additions in VM...
default: The guest additions on this VM do not match the installed version of
default: VirtualBox! In most cases this is fine, but in rare cases it can
default: prevent things such as shared folders from working properly. If you see
default: shared folder errors, please make sure the guest additions within the
default: virtual machine match the version of VirtualBox you have installed on
default: your host and reload your VM.
default:
default: Guest Additions Version: 6.1.30
default: VirtualBox Version: 7.0
==> default: Setting hostname...
==> default: Configuring and enabling network interfaces...
[vagrant@rhel-9 ~]$ sudo poweroff
Connection to 127.0.0.1 closed by remote host.
cbordon@cbordon-MS-7C88:~/Documents/wazuh/vagrant/rhel/9$ vagrant up && vagrant ssh
Bringing machine 'default' up with 'virtualbox' provider...
==> default: Checking if box 'generic/rhel9' version '4.0.2' is up to date...
==> default: Clearing any previously set forwarded ports...
==> default: Clearing any previously set network interfaces...
==> default: Preparing network interfaces based on configuration...
default: Adapter 1: nat
default: Adapter 2: hostonly
==> default: Forwarding ports...
default: 22 (guest) => 2222 (host) (adapter 1)
==> default: Running 'pre-boot' VM customizations...
==> default: Booting VM...
==> default: Waiting for machine to boot. This may take a few minutes...
default: SSH address: 127.0.0.1:2222
default: SSH username: vagrant
default: SSH auth method: private key
==> default: Machine booted and ready!
==> default: Checking for guest additions in VM...
default: The guest additions on this VM do not match the installed version of
default: VirtualBox! In most cases this is fine, but in rare cases it can
default: prevent things such as shared folders from working properly. If you see
default: shared folder errors, please make sure the guest additions within the
default: virtual machine match the version of VirtualBox you have installed on
default: your host and reload your VM.
default:
default: Guest Additions Version: 6.1.30
default: VirtualBox Version: 7.0
==> default: Setting hostname...
==> default: Configuring and enabling network interfaces...
==> default: Machine already provisioned. Run `vagrant provision` or use the `--provision`
==> default: flag to force provisioning. Provisioners marked to run always will still run.
Last login: Thu Jan 18 12:43:56 2024 from 10.0.2.2
[vagrant@rhel-9 ~]$ curl -sO https://packages-dev.wazuh.com/4.8/wazuh-install.sh && sudo bash ./wazuh-install.sh -a
18/01/2024 12:45:56 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0
18/01/2024 12:45:56 INFO: Verbose logging redirected to /var/log/wazuh-install.log
18/01/2024 12:46:04 INFO: Verifying that your system meets the recommended minimum hardware requirements.
18/01/2024 12:46:04 INFO: Wazuh web interface port will be 443.
18/01/2024 12:46:05 WARNING: The system has Firewalld enabled. Please ensure that traffic is allowed on these ports: 1515, 1514, 443.
18/01/2024 12:46:07 INFO: Wazuh development repository added.
18/01/2024 12:46:07 INFO: --- Configuration files ---
18/01/2024 12:46:07 INFO: Generating configuration files.
18/01/2024 12:46:08 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
18/01/2024 12:46:08 INFO: --- Wazuh indexer ---
18/01/2024 12:46:08 INFO: Starting Wazuh indexer installation.
18/01/2024 12:48:46 INFO: Wazuh indexer installation finished.
18/01/2024 12:48:46 INFO: Wazuh indexer post-install configuration finished.
18/01/2024 12:48:46 INFO: Starting service wazuh-indexer.
18/01/2024 12:48:56 INFO: wazuh-indexer service started.
18/01/2024 12:48:56 INFO: Initializing Wazuh indexer cluster security settings.
18/01/2024 12:49:09 INFO: The Wazuh indexer cluster ISM initialized.
18/01/2024 12:49:09 INFO: Wazuh indexer cluster initialized.
18/01/2024 12:49:09 INFO: --- Wazuh server ---
18/01/2024 12:49:09 INFO: Starting the Wazuh manager installation.
18/01/2024 12:50:59 INFO: Wazuh manager installation finished.
18/01/2024 12:50:59 INFO: Starting service wazuh-manager.
18/01/2024 12:51:10 INFO: wazuh-manager service started.
18/01/2024 12:51:10 INFO: Starting Filebeat installation.
18/01/2024 12:51:18 INFO: Filebeat installation finished.
18/01/2024 12:51:20 INFO: Filebeat post-install configuration finished.
18/01/2024 12:51:20 INFO: Starting service filebeat.
18/01/2024 12:51:20 INFO: filebeat service started.
18/01/2024 12:51:20 INFO: --- Wazuh dashboard ---
18/01/2024 12:51:20 INFO: Starting Wazuh dashboard installation.
18/01/2024 12:52:54 INFO: Wazuh dashboard installation finished.
18/01/2024 12:52:54 INFO: Wazuh dashboard post-install configuration finished.
18/01/2024 12:52:54 INFO: Starting service wazuh-dashboard.
18/01/2024 12:52:54 INFO: wazuh-dashboard service started.
18/01/2024 12:52:56 INFO: Updating the internal users.
18/01/2024 12:52:58 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
18/01/2024 12:53:15 INFO: Initializing Wazuh dashboard web application.
18/01/2024 12:53:16 INFO: Wazuh dashboard web application initialized.
18/01/2024 12:53:16 INFO: --- Summary ---
18/01/2024 12:53:16 INFO: You can access the web interface https://<wazuh-dashboard-ip>:443
User: admin
Password: tT7CbCCHfPbi1.akxJPVD1zLzgCd*alU
18/01/2024 12:53:16 INFO: Installation finished.
With the AWS quickstart AMI this error does not occur:
cbordon@cbordon-MS-7C88:~/Downloads$ ssh -i cbordon-1.pem -p 2200 ec2-user@184.73.62.250
The authenticity of host '[184.73.62.250]:2200 ([184.73.62.250]:2200)' can't be established.
ED25519 key fingerprint is SHA256:Yfm+tBB5f2HNpLtDz48Y+I11JruXg9qvq5o50RIkzSY.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '[184.73.62.250]:2200' (ED25519) to the list of known hosts.
Register this system with Red Hat Insights: insights-client --register
Create an account or view all your systems at https://red.ht/insights-dashboard
[ec2-user@ip-172-31-47-163 ~]$ curl -sO https://packages-dev.wazuh.com/4.8/wazuh-install.sh && sudo bash ./wazuh-install.sh -a
18/01/2024 13:04:29 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0
18/01/2024 13:04:29 INFO: Verbose logging redirected to /var/log/wazuh-install.log
18/01/2024 13:04:41 INFO: --- Dependencies ---
18/01/2024 13:04:41 INFO: Installing lsof.
18/01/2024 13:05:00 INFO: Verifying that your system meets the recommended minimum hardware requirements.
18/01/2024 13:05:00 ERROR: Your system does not meet the recommended minimum hardware requirements of 4Gb of RAM and 2 CPU cores. If you want to proceed with the installation use the -i option to ignore these requirements.
[ec2-user@ip-172-31-47-163 ~]$ curl -sO https://packages-dev.wazuh.com/4.8/wazuh-install.sh && sudo bash ./wazuh-install.sh -a -i
18/01/2024 13:05:29 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0
18/01/2024 13:05:29 INFO: Verbose logging redirected to /var/log/wazuh-install.log
18/01/2024 13:05:41 WARNING: Hardware and system checks ignored.
18/01/2024 13:05:41 INFO: Wazuh web interface port will be 443.
18/01/2024 13:05:45 INFO: Wazuh development repository added.
18/01/2024 13:05:45 INFO: --- Configuration files ---
18/01/2024 13:05:45 INFO: Generating configuration files.
18/01/2024 13:05:48 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
18/01/2024 13:05:49 INFO: --- Wazuh indexer ---
18/01/2024 13:05:49 INFO: Starting Wazuh indexer installation.
18/01/2024 13:08:24 INFO: Wazuh indexer installation finished.
18/01/2024 13:08:24 INFO: Wazuh indexer post-install configuration finished.
18/01/2024 13:08:24 INFO: Starting service wazuh-indexer.
18/01/2024 13:08:48 INFO: wazuh-indexer service started.
18/01/2024 13:08:48 INFO: Initializing Wazuh indexer cluster security settings.
18/01/2024 13:09:03 INFO: The Wazuh indexer cluster ISM initialized.
18/01/2024 13:09:03 INFO: Wazuh indexer cluster initialized.
18/01/2024 13:09:03 INFO: --- Wazuh server ---
18/01/2024 13:09:03 INFO: Starting the Wazuh manager installation.
18/01/2024 13:12:58 INFO: Wazuh manager installation finished.
18/01/2024 13:12:58 INFO: Starting service wazuh-manager.
18/01/2024 13:13:18 INFO: wazuh-manager service started.
18/01/2024 13:13:18 INFO: Starting Filebeat installation.
18/01/2024 13:13:30 INFO: Filebeat installation finished.
18/01/2024 13:13:30 INFO: Filebeat post-install configuration finished.
18/01/2024 13:13:30 INFO: Starting service filebeat.
18/01/2024 13:13:31 INFO: filebeat service started.
18/01/2024 13:13:31 INFO: --- Wazuh dashboard ---
18/01/2024 13:13:31 INFO: Starting Wazuh dashboard installation.
18/01/2024 13:13:52 ERROR: Wazuh dashboard installation failed.
18/01/2024 13:13:52 INFO: --- Removing existing Wazuh installation ---
18/01/2024 13:13:52 INFO: Removing Wazuh manager.
18/01/2024 13:14:18 INFO: Wazuh manager removed.
18/01/2024 13:14:18 INFO: Removing Wazuh indexer.
18/01/2024 13:14:21 INFO: Wazuh indexer removed.
18/01/2024 13:14:21 INFO: Removing Filebeat.
18/01/2024 13:14:23 INFO: Filebeat removed.
18/01/2024 13:14:24 INFO: Installation cleaned. Check the /var/log/wazuh-install.log file to learn more about the issue.
With 4.7.2 this error does not appear, possibly it may be with the version of OpenSearch since the point at which the installation process gets stuck is systemctl start wazuh-indexer
cbordon@cbordon-MS-7C88:~/Documents/wazuh/vagrant/rhel/9$ vagrant destroy -f && vagrant up && vagrant ssh
==> default: Forcing shutdown of VM...
==> default: Destroying VM and associated drives...
Bringing machine 'default' up with 'virtualbox' provider...
==> default: Importing base box 'generic/rhel9'...
==> default: Matching MAC address for NAT networking...
==> default: Checking if box 'generic/rhel9' version '4.0.2' is up to date...
==> default: Setting the name of the VM: rhel-9
==> default: Clearing any previously set network interfaces...
==> default: Preparing network interfaces based on configuration...
default: Adapter 1: nat
default: Adapter 2: hostonly
==> default: Forwarding ports...
default: 22 (guest) => 2222 (host) (adapter 1)
==> default: Running 'pre-boot' VM customizations...
==> default: Booting VM...
==> default: Waiting for machine to boot. This may take a few minutes...
default: SSH address: 127.0.0.1:2222
default: SSH username: vagrant
default: SSH auth method: private key
default:
default: Vagrant insecure key detected. Vagrant will automatically replace
default: this with a newly generated keypair for better security.
default:
default: Inserting generated public key within guest...
default: Removing insecure key from the guest if it's present...
default: Key inserted! Disconnecting and reconnecting using new SSH key...
==> default: Machine booted and ready!
==> default: Checking for guest additions in VM...
default: The guest additions on this VM do not match the installed version of
default: VirtualBox! In most cases this is fine, but in rare cases it can
default: prevent things such as shared folders from working properly. If you see
default: shared folder errors, please make sure the guest additions within the
default: virtual machine match the version of VirtualBox you have installed on
default: your host and reload your VM.
default:
default: Guest Additions Version: 6.1.30
default: VirtualBox Version: 7.0
==> default: Setting hostname...
==> default: Configuring and enabling network interfaces...
[vagrant@rhel-9 ~]$ curl -sO https://packages-dev.wazuh.com/4.7/wazuh-install.sh && sudo bash ./wazuh-install.sh -a
18/01/2024 13:10:39 INFO: Starting Wazuh installation assistant. Wazuh version: 4.7.2
18/01/2024 13:10:39 INFO: Verbose logging redirected to /var/log/wazuh-install.log
18/01/2024 13:10:47 INFO: Wazuh web interface port will be 443.
18/01/2024 13:10:48 WARNING: The system has Firewalld enabled. Please ensure that traffic is allowed on these ports: 1515, 1514, 443.
18/01/2024 13:10:50 INFO: Wazuh development repository added.
18/01/2024 13:10:50 INFO: --- Configuration files ---
18/01/2024 13:10:50 INFO: Generating configuration files.
18/01/2024 13:10:52 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
18/01/2024 13:10:52 INFO: --- Wazuh indexer ---
18/01/2024 13:10:52 INFO: Starting Wazuh indexer installation.
18/01/2024 13:13:18 INFO: Wazuh indexer installation finished.
18/01/2024 13:13:18 INFO: Wazuh indexer post-install configuration finished.
18/01/2024 13:13:18 INFO: Starting service wazuh-indexer.
18/01/2024 13:13:28 INFO: wazuh-indexer service started.
18/01/2024 13:13:28 INFO: Initializing Wazuh indexer cluster security settings.
18/01/2024 13:13:39 INFO: Wazuh indexer cluster initialized.
18/01/2024 13:13:39 INFO: --- Wazuh server ---
18/01/2024 13:13:39 INFO: Starting the Wazuh manager installation.
18/01/2024 13:14:33 INFO: Wazuh manager installation finished.
18/01/2024 13:14:33 INFO: Starting service wazuh-manager.
18/01/2024 13:14:40 INFO: wazuh-manager service started.
18/01/2024 13:14:40 INFO: Starting Filebeat installation.
18/01/2024 13:14:48 INFO: Filebeat installation finished.
18/01/2024 13:14:48 ERROR: Error downloading wazuh-template.json file.
18/01/2024 13:14:48 INFO: --- Removing existing Wazuh installation ---
18/01/2024 13:14:48 INFO: Removing Wazuh manager.
18/01/2024 13:15:01 INFO: Wazuh manager removed.
18/01/2024 13:15:01 INFO: Removing Wazuh indexer.
18/01/2024 13:15:03 INFO: Wazuh indexer removed.
18/01/2024 13:15:03 INFO: Removing Filebeat.
18/01/2024 13:15:04 INFO: Filebeat removed.
18/01/2024 13:15:04 INFO: Installation cleaned. Check the /var/log/wazuh-install.log file to learn more about the issue.
alvistack/rhel-9
boxcbordon@cbordon-MS-7C88:~/Documents/wazuh/vagrant/rhel/9$ vagrant destroy -f && vagrant up && vagrant ssh
==> default: VM not created. Moving on...
Bringing machine 'default' up with 'virtualbox' provider...
==> default: Importing base box 'alvistack/rhel-9'...
==> default: Matching MAC address for NAT networking...
==> default: Checking if box 'alvistack/rhel-9' version '20230415.1.1' is up to date...
==> default: A newer version of the box 'alvistack/rhel-9' for provider 'virtualbox' is
==> default: available! You currently have version '20230415.1.1'. The latest is version
==> default: '20240115.1.1'. Run `vagrant box update` to update.
==> default: Setting the name of the VM: rhel-9
==> default: Clearing any previously set network interfaces...
==> default: Preparing network interfaces based on configuration...
default: Adapter 1: nat
default: Adapter 2: hostonly
==> default: Forwarding ports...
default: 22 (guest) => 2222 (host) (adapter 1)
==> default: Running 'pre-boot' VM customizations...
==> default: Booting VM...
==> default: Waiting for machine to boot. This may take a few minutes...
default: SSH address: 127.0.0.1:2222
default: SSH username: vagrant
default: SSH auth method: private key
default:
default: Vagrant insecure key detected. Vagrant will automatically replace
default: this with a newly generated keypair for better security.
default:
default: Inserting generated public key within guest...
default: Removing insecure key from the guest if it's present...
default: Key inserted! Disconnecting and reconnecting using new SSH key...
==> default: Machine booted and ready!
==> default: Checking for guest additions in VM...
default: No guest additions were detected on the base box for this VM! Guest
default: additions are required for forwarded ports, shared folders, host only
default: networking, and more. If SSH fails on this machine, please install
default: the guest additions and repackage the box to continue.
default:
default: This is not an error message; everything may continue to work properly,
default: in which case you may ignore this message.
==> default: Setting hostname...
==> default: Configuring and enabling network interfaces...
==> default: Mounting shared folders...
default: /vagrant => /home/cbordon/Documents/wazuh/vagrant/rhel/9
[vagrant@rhel-9 ~]$ curl -sO https://packages-dev.wazuh.com/4.8/wazuh-install.sh && sudo bash ./wazuh-install.sh -a
18/01/2024 13:50:19 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0
18/01/2024 13:50:19 INFO: Verbose logging redirected to /var/log/wazuh-install.log
18/01/2024 13:50:28 INFO: --- Dependencies ---
18/01/2024 13:50:28 INFO: Installing lsof.
18/01/2024 13:51:11 INFO: Verifying that your system meets the recommended minimum hardware requirements.
18/01/2024 13:51:11 INFO: Wazuh web interface port will be 443.
18/01/2024 13:51:15 INFO: Wazuh development repository added.
18/01/2024 13:51:15 INFO: --- Configuration files ---
18/01/2024 13:51:15 INFO: Generating configuration files.
18/01/2024 13:51:16 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
18/01/2024 13:51:16 INFO: --- Wazuh indexer ---
18/01/2024 13:51:16 INFO: Starting Wazuh indexer installation.
18/01/2024 13:54:04 INFO: Wazuh indexer installation finished.
18/01/2024 13:54:04 INFO: Wazuh indexer post-install configuration finished.
18/01/2024 13:54:04 INFO: Starting service wazuh-indexer.
18/01/2024 13:54:15 INFO: wazuh-indexer service started.
18/01/2024 13:54:15 INFO: Initializing Wazuh indexer cluster security settings.
18/01/2024 13:54:28 INFO: The Wazuh indexer cluster ISM initialized.
18/01/2024 13:54:28 INFO: Wazuh indexer cluster initialized.
18/01/2024 13:54:28 INFO: --- Wazuh server ---
18/01/2024 13:54:28 INFO: Starting the Wazuh manager installation.
18/01/2024 13:56:02 INFO: Wazuh manager installation finished.
18/01/2024 13:56:02 INFO: Starting service wazuh-manager.
18/01/2024 13:56:09 INFO: wazuh-manager service started.
18/01/2024 13:56:09 INFO: Starting Filebeat installation.
18/01/2024 13:56:18 INFO: Filebeat installation finished.
18/01/2024 13:56:20 INFO: Filebeat post-install configuration finished.
18/01/2024 13:56:20 INFO: Starting service filebeat.
18/01/2024 13:56:20 INFO: filebeat service started.
18/01/2024 13:56:20 INFO: --- Wazuh dashboard ---
18/01/2024 13:56:20 INFO: Starting Wazuh dashboard installation.
18/01/2024 13:57:47 INFO: Wazuh dashboard installation finished.
18/01/2024 13:57:48 INFO: Wazuh dashboard post-install configuration finished.
18/01/2024 13:57:48 INFO: Starting service wazuh-dashboard.
18/01/2024 13:57:48 INFO: wazuh-dashboard service started.
18/01/2024 13:57:50 INFO: Updating the internal users.
18/01/2024 13:57:53 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
18/01/2024 13:58:09 INFO: Initializing Wazuh dashboard web application.
18/01/2024 13:58:10 INFO: Wazuh dashboard web application initialized.
18/01/2024 13:58:10 INFO: --- Summary ---
18/01/2024 13:58:10 INFO: You can access the web interface https://<wazuh-dashboard-ip>:443
User: admin
Password: 2qj0ERiCjNEt7kDWd.xxQDes3Rbv*NmG
18/01/2024 13:58:10 INFO: --- Dependencies ---
18/01/2024 13:58:10 INFO: Removing lsof.
18/01/2024 13:58:11 INFO: Installation finished.
Tests I have performed some additional tests:
Findings
0.0.0.0
for network.host
.localhost
for network.host
localhost
instead of 0.0.0.0
to replicate the WIA configuration. The step-by-step guide does not indicate to use 0.0.0.0
but it is the default value in the opensearch.yml
.::1
instead of 127.0.0.1
.127.0.0.1
.@davidcr01, we have to revert this change:
localhost
should not be used to configure Wazuh indexer or generate certificates.The changes of https://github.com/wazuh/wazuh-packages/pull/2422/files were reverted.
:green_circle: The certificates generation worked successfully
:green_circle: The certificates generation worked successfully
:green_circle: The installation didn't stop and finished successfully:
Errors were found in the ossec.log
file:
[root@redhat9 vagrant]# cat /var/ossec/logs/ossec.log | grep -i -E "error|warn"
2024/01/24 16:54:45 wazuh-modulesd:content-updater: ERROR: Action for 'vulnerability_feed_manager' failed: Orchestration run failed: Error -1 from server: Couldn't resolve host name
The Wazuh indexer service was successfully activated:
● wazuh-indexer.service - Wazuh-indexer
Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; enabled; preset: disabled)
Active: active (running) since Wed 2024-01-24 15:18:35 UTC; 10min ago
Docs: https://documentation.wazuh.com
Main PID: 6332 (java)
Tasks: 62 (limit: 4688)
Memory: 366.5M
CPU: 1min 23.761s
CGroup: /system.slice/wazuh-indexer.service
└─6332 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=t>
Jan 24 15:17:59 redhat9 systemd[1]: Starting Wazuh-indexer...
Jan 24 15:18:02 redhat9 systemd-entrypoint[6332]: WARNING: A terminally deprecated method in java.lang.System has been called
Jan 24 15:18:02 redhat9 systemd-entrypoint[6332]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
Jan 24 15:18:02 redhat9 systemd-entrypoint[6332]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch
Jan 24 15:18:02 redhat9 systemd-entrypoint[6332]: WARNING: System::setSecurityManager will be removed in a future release
Jan 24 15:18:06 redhat9 systemd-entrypoint[6332]: WARNING: A terminally deprecated method in java.lang.System has been called
Jan 24 15:18:06 redhat9 systemd-entrypoint[6332]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
Jan 24 15:18:06 redhat9 systemd-entrypoint[6332]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
Jan 24 15:18:06 redhat9 systemd-entrypoint[6332]: WARNING: System::setSecurityManager will be removed in a future release
[root@redhat9 vagrant]# cat /etc/wazuh-indexer/opensearch.yml
network.host: "127.0.0.1"
node.name: "node-1"
cluster.initial_master_nodes:
- "node-1"
cluster.name: "wazuh-cluster"
node.max_local_storage_nodes: "3"
path.data: /var/lib/wazuh-indexer
path.logs: /var/log/wazuh-indexer
plugins.security.ssl.http.pemcert_filepath: /etc/wazuh-indexer/certs/wazuh-indexer.pem
plugins.security.ssl.http.pemkey_filepath: /etc/wazuh-indexer/certs/wazuh-indexer-key.pem
plugins.security.ssl.http.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem
plugins.security.ssl.transport.pemcert_filepath: /etc/wazuh-indexer/certs/wazuh-indexer.pem
plugins.security.ssl.transport.pemkey_filepath: /etc/wazuh-indexer/certs/wazuh-indexer-key.pem
plugins.security.ssl.transport.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem
plugins.security.ssl.http.enabled: true
plugins.security.ssl.transport.enforce_hostname_verification: false
plugins.security.ssl.transport.resolve_hostname: false
plugins.security.ssl.http.enabled_ciphers:
- "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"
- "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"
- "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"
- "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"
plugins.security.ssl.http.enabled_protocols:
- "TLSv1.2"
plugins.security.authcz.admin_dn:
- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
plugins.security.check_snapshot_restore_write_privileges: true
plugins.security.enable_snapshot_restore_privilege: true
plugins.security.nodes_dn:
- "CN=indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
plugins.security.restapi.roles_enabled:
- "all_access"
- "security_rest_api_access"
plugins.security.system_indices.enabled: true
plugins.security.system_indices.indices: [".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]
### Option to allow Filebeat-oss 7.10.2 to work ###
compatibility.override_main_response_version: true
[root@redhat9 vagrant]# cat /etc/wazuh-dashboard/opensearch_dashboards.yml
server.host: 0.0.0.0
opensearch.hosts: https://127.0.0.1:9200
server.port: 443
opensearch.ssl.verificationMode: certificate
# opensearch.username: kibanaserver
# opensearch.password: kibanaserver
opensearch.requestHeadersAllowlist: ["securitytenant","Authorization"]
opensearch_security.multitenancy.enabled: false
opensearch_security.readonly_mode.roles: ["kibana_read_only"]
server.ssl.enabled: true
server.ssl.key: "/etc/wazuh-dashboard/certs/wazuh-dashboard-key.pem"
server.ssl.certificate: "/etc/wazuh-dashboard/certs/wazuh-dashboard.pem"
opensearch.ssl.certificateAuthorities: ["/etc/wazuh-dashboard/certs/root-ca.pem"]
uiSettings.overrides.defaultRoute: /app/wz-home
opensearch_security.cookie.secure: true
:red_circle: The problem seems to be the localhost
value specified in the /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml
configuration file:
hosts:
- default:
url: https://localhost
port: 55000
username: wazuh-wui
password: "TCHJrSVBdonZpe7DXL+N4lzv*kzZMHWr"
run_as: false
This value enables the IPv6, which is causing the problem. If the localhost
value is changed for the 127.0.0.1
the problem is solved:
In the dashboard_initialize
function of the dashboard.sh
file of the WIA, the localhost
value of the /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml
file is replaced by the IP address of the dashboard node:
if [ -f "/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml" ]; then
eval "sed -i 's,url: https://localhost,url: https://${wazuh_api_address},g' /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml ${debug}"
fi
But this replacement is not done in the dashboard_initializeAIO
, function that is executed when an AIO installation is performed. In this case, the specified value by default is localhost
, which is enabling the IPv6. Adding a snippet code that replaces the localhost
value with 127.0.0.1
solves the problem:
function dashboard_initializeAIO() {
common_logger "Initializing Wazuh dashboard web application."
installCommon_getPass "admin"
http_code=$(curl -XGET https://localhost:"${http_port}"/status -uadmin:"${u_pass}" -k -w %"{http_code}" -s -o /dev/null)
retries=0
max_dashboard_initialize_retries=20
while [ "${http_code}" -ne "200" ] && [ "${retries}" -lt "${max_dashboard_initialize_retries}" ]
do
http_code=$(curl -XGET https://localhost:"${http_port}"/status -uadmin:"${u_pass}" -k -w %"{http_code}" -s -o /dev/null)
common_logger "Wazuh dashboard web application not yet initialized. Waiting..."
retries=$((retries+1))
sleep 15
done
if [ "${http_code}" -eq "200" ]; then
if [ -f "/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml" ]; then
eval "sed -i 's,url: https://localhost,url: https://127.0.0.1,g' /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml ${debug}"
fi
common_logger "Wazuh dashboard web application initialized."
common_logger -nl "--- Summary ---"
common_logger -nl "You can access the web interface https://<wazuh-dashboard-ip>:${http_port}\n User: admin\n Password: ${u_pass}"
else
common_logger -e "Wazuh dashboard installation failed."
installCommon_rollBack
exit 1
fi
}
[root@redhat9 vagrant]# netstat -tuln
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:55000 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:1514 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:1515 0.0.0.0:* LISTEN
tcp6 0 0 127.0.0.1:9300 :::* LISTEN
tcp6 0 0 :::22 :::* LISTEN
tcp6 0 0 127.0.0.1:9200 :::* LISTEN
udp 0 0 127.0.0.1:323 0.0.0.0:*
udp6 0 0 ::1:323
[root@redhat9 vagrant]# cat /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml | grep "url: https://127" -A 5
url: https://127.0.0.1
port: 55000
username: wazuh-wui
password: "iKxH?70x*gvfha2FX1TacgmJJxF3QOYK"
run_as: false
[root@redhat9 vagrant]#
I have experienced a problem with the all-in-one installation with RHEL 9. I have followed the documentation, and executed the command:
curl -sO https://packages-dev.wazuh.com/4.8/wazuh-install.sh && sudo bash ./wazuh-install.sh -a
But it gets blocked in the indexer when it reaches this step:
INFO: Starting service wazuh-dashboard. Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service → /etc/systemd/system/wazuh-dashboard.service.
I have tried to give more CPU and memory but the same thing happens and I have also used the command with the -i parameter but it still blocks in the same place.
Finally, I did the installation again in exactly the same way but this time on RHEL 8, and everything worked correctly.