search

wazuh / wazuh-packages

Wazuh - Tools for packages creation
https://wazuh.com
GNU General Public License v2.0
100 stars 90 forks source link

All in one installation hangs on rhel 9 #2771

Closed santipadilla closed 5 months ago

santipadilla commented 6 months ago
Wazuh version Component Install type Install method Platform
4.8.0-Alpha 2 Wazuh Indexer All-in-one All-in-one RHEL 9

I have experienced a problem with the all-in-one installation with RHEL 9. I have followed the documentation, and executed the command: curl -sO https://packages-dev.wazuh.com/4.8/wazuh-install.sh && sudo bash ./wazuh-install.sh -a

But it gets blocked in the indexer when it reaches this step: INFO: Starting service wazuh-dashboard. Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service → /etc/systemd/system/wazuh-dashboard.service.

I have tried to give more CPU and memory but the same thing happens and I have also used the command with the -i parameter but it still blocks in the same place.

Finally, I did the installation again in exactly the same way but this time on RHEL 8, and everything worked correctly.

davidcr01 commented 6 months ago

Update Report

Testing

Two tests have been performed, and the installation is not stopped:

AIO in RHEL9 with vagrant - Log ```console [root@redhat9 vagrant]# bash wazuh-install.sh -a -v -i 12/01/2024 13:48:10 DEBUG: Checking root permissions. 12/01/2024 13:48:10 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0 12/01/2024 13:48:10 INFO: Verbose logging redirected to /var/log/wazuh-install.log 12/01/2024 13:48:10 DEBUG: YUM package manager will be used. 12/01/2024 13:48:10 DEBUG: Checking system distribution. 12/01/2024 13:48:10 DEBUG: Detected distribution name: rhel 12/01/2024 13:48:10 DEBUG: Detected distribution version: 9 12/01/2024 13:48:10 DEBUG: Checking Wazuh installation. 12/01/2024 13:48:15 DEBUG: Installing check dependencies. 12/01/2024 13:48:15 DEBUG: CentOS repository file created. 12/01/2024 13:48:15 DEBUG: CentOS repositories added. 18 files removed 12/01/2024 13:48:26 DEBUG: CentOS repositories and key deleted. 12/01/2024 13:48:26 DEBUG: Checking system architecture. 12/01/2024 13:48:26 WARNING: Hardware and system checks ignored. 12/01/2024 13:48:26 INFO: Wazuh web interface port will be 443. 12/01/2024 13:48:26 DEBUG: Checking ports availability. 12/01/2024 13:48:29 WARNING: The system has Firewalld enabled. Please ensure that traffic is allowed on these ports: 1515, 1514, 443. 12/01/2024 13:48:29 DEBUG: Installing prerequisites dependencies. 12/01/2024 13:48:30 DEBUG: Checking curl tool version. 12/01/2024 13:48:30 DEBUG: Adding the Wazuh repository. [wazuh] gpgcheck=1 gpgkey=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH enabled=1 name=EL-${releasever} - Wazuh baseurl=https://packages-dev.wazuh.com/pre-release/yum/ protect=1 12/01/2024 13:48:31 INFO: Wazuh development repository added. 12/01/2024 13:48:31 INFO: --- Configuration files --- 12/01/2024 13:48:31 INFO: Generating configuration files. 12/01/2024 13:48:31 DEBUG: Creating Wazuh certificates. 12/01/2024 13:48:31 DEBUG: Reading configuration file. 12/01/2024 13:48:32 DEBUG: Creating the root certificate. .+...+.....+...+.......+...+..+......+.+.....+.+...+......+...............+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+.+............+..+.......+........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.........+.+.................+...+.......+............+..+.........+......+...+................+..+....+...........+...+...............+.......+...+......+...+...+.....+....+.........+..+............................+......+......+...+...........+.+...+...........+...+...+...+......+.+..............+....+..+...............+....+........+..........+.....+...+....+...+......+.....+.+..................+..+.+.....+...+.....................+.+.........+........+.+...............+...........+..........+...........+....+...+............+...........+.......+...............+......+.....+.+.........+......+...+.....+............................+..+......+.+..................+..+.+.....+....+.....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ...+..........+...+......+..+..........+...+.....+.......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.........+....+..+............+.+.........+.....+...+...+....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+...+...+.....+......+..........+.....+...+......+....+...+........+......+...+...+.............+..+.............+.........+.....+.......+.....+....+..+..........+...........................+..+....+.........+..+.............+...+.....+.........+.+.........+.....+.+.................+...+....+......+.....+.......+.....+...+....+........+.+......+...........+....+......+..+.+.....+......+...+.+......+...+..+.........+.+.....+....+.........+..+...+.......+...+......+............+..+...+....+......+..+..................+..........+.........+...........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ----- 12/01/2024 13:48:33 DEBUG: Generating Admin certificates. Certificate request self-signature ok subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = admin 12/01/2024 13:48:33 DEBUG: Generating Wazuh indexer certificates. 12/01/2024 13:48:33 DEBUG: Creating the Wazuh indexer certificates. 12/01/2024 13:48:33 DEBUG: Generating certificate configuration. ........+.....+.+...+...+...+.....+.+.....+...+............+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*...+....+.....+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..........+..........+..+.........+.......+.....+.........+....+.....+.......+...+......+.....+....+..............+.......+........+...+....+...+...............+..+.+.....+............+...+...+....+......+.....+......+....+...........+.+..............+.+..+..........+..+...............+...+.+..+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ .+...+..+...+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.......+.+...+...+............+...........+.......+.....+.......+..+....+..+....+......+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.......+...+...+...+...........+.+.....+.......+........+...+......+.............+..+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ----- Certificate request self-signature ok subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-indexer 12/01/2024 13:48:34 DEBUG: Generating Filebeat certificates. 12/01/2024 13:48:34 DEBUG: Creating the Wazuh server certificates. 12/01/2024 13:48:34 DEBUG: Generating certificate configuration. .........+......+.+..+.+.....+.........+..........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*...+.....+.........+...+...................+...+...+.....+.......+..+.........+......+.+..+.......+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*........+......+......+.........+........+...+.........+.........................+.....+...+...+.......+...........+.+......+...+.....+......+.+.....+...+....+..+.+.........+..............+....+...+...+.........+......+.....+..........+.........+...+..................+..+...+......+.............+...........+....+.....+.......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ......+..+...+.........+...+.......+........+......+.+...+..+.+...+.....+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+....+......+.....+......+.....................+.......+...+...+.........+.....+.+.....+.+.....+....+.....+.+........+.......+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+...+......+....+.....+.......+......+...+..+...+.......+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ----- Certificate request self-signature ok subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-server 12/01/2024 13:48:34 DEBUG: Generating Wazuh dashboard certificates. 12/01/2024 13:48:34 DEBUG: Creating the Wazuh dashboard certificates. 12/01/2024 13:48:34 DEBUG: Generating certificate configuration. .+......+..+....+...+........+....+...+.....+.............+...+.....+....+........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*......+.....+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.......+...+.......+...+..+...+.........+...+.+............+..+.+.....+.........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ......+.+.....+...+....+..+..................+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+.....+......+.........+.+.....+.......+..+...+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*........+.......+............+...............+...+..+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ----- Certificate request self-signature ok subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-dashboard 12/01/2024 13:48:35 DEBUG: Cleaning certificate files. 12/01/2024 13:48:35 DEBUG: Generating password file. 12/01/2024 13:48:35 DEBUG: Generating random passwords. 12/01/2024 13:48:35 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation. 12/01/2024 13:48:35 DEBUG: Extracting Wazuh configuration. 12/01/2024 13:48:35 DEBUG: Reading configuration file. 12/01/2024 13:48:35 INFO: --- Wazuh indexer --- 12/01/2024 13:48:35 INFO: Starting Wazuh indexer installation. Extra Packages for Enterprise Linux 9 - x86_64 912 kB/s | 20 MB 00:22 EL-9 - Wazuh 2.4 MB/s | 24 MB 00:09 Last metadata expiration check: 0:00:15 ago on Fri 12 Jan 2024 01:49:12 PM UTC. Dependencies resolved. ================================================================================ Package Architecture Version Repository Size ================================================================================ Installing: wazuh-indexer x86_64 4.8.0-1 wazuh 743 M Transaction Summary ================================================================================ Install 1 Package Total download size: 743 M Installed size: 1.0 G Downloading Packages: wazuh-indexer-4.8.0-1.x86_64.rpm 4.1 MB/s | 743 MB 03:02 -------------------------------------------------------------------------------- Total 4.1 MB/s | 743 MB 03:02 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Running scriptlet: wazuh-indexer-4.8.0-1.x86_64 1/1 Installing : wazuh-indexer-4.8.0-1.x86_64 1/1 Running scriptlet: wazuh-indexer-4.8.0-1.x86_64 1/1 Created opensearch keystore in /etc/wazuh-indexer/opensearch.keystore Couldn't write '64' to 'kernel/random/read_wakeup_threshold', ignoring: No such file or directory Verifying : wazuh-indexer-4.8.0-1.x86_64 1/1 Installed products updated. Installed: wazuh-indexer-4.8.0-1.x86_64 Complete! 12/01/2024 13:53:54 DEBUG: Checking Wazuh installation. 12/01/2024 13:53:56 DEBUG: There are Wazuh indexer remaining files. 12/01/2024 13:53:59 INFO: Wazuh indexer installation finished. 12/01/2024 13:53:59 DEBUG: Configuring Wazuh indexer. 12/01/2024 13:53:59 DEBUG: Copying Wazuh indexer certificates. 12/01/2024 13:53:59 INFO: Wazuh indexer post-install configuration finished. 12/01/2024 13:53:59 INFO: Starting service wazuh-indexer. Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service → /usr/lib/systemd/system/wazuh-indexer.service. 12/01/2024 13:54:28 INFO: wazuh-indexer service started. 12/01/2024 13:54:28 INFO: Initializing Wazuh indexer cluster security settings. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to 127.0.0.1:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.10.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: GREEN Number of nodes: 1 Number of data nodes: 1 .opendistro_security index does not exists, attempt to create it ... done (0-all replicas) Populate config from /etc/wazuh-indexer/opensearch-security/ Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml SUCC: Configuration for 'config' created or updated Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml SUCC: Configuration for 'roles' created or updated Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml SUCC: Configuration for 'rolesmapping' created or updated Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml SUCC: Configuration for 'internalusers' created or updated Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml SUCC: Configuration for 'actiongroups' created or updated Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml SUCC: Configuration for 'tenants' created or updated Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml SUCC: Configuration for 'nodesdn' created or updated Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml SUCC: Configuration for 'whitelist' created or updated Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml SUCC: Configuration for 'audit' created or updated Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml SUCC: Configuration for 'allowlist' created or updated SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null Done with success Will create 'wazuh' index template SUCC: 'wazuh' template created or updated Will create 'ism_history_indices' index template SUCC: 'ism_history_indices' template created or updated Will disable replicas for 'plugins.index_state_management.history' indices SUCC: cluster's settings saved Will create index templates to configure the alias SUCC: 'wazuh-alerts' template created or updated SUCC: 'wazuh-archives' template created or updated Will create the 'rollover_policy' policy SUCC: 'rollover_policy' policy created Will create initial indices for the aliases SUCC: 'wazuh-alerts' write index created SUCC: 'wazuh-archives' write index created SUCC: Indexer ISM initialization finished successfully. 12/01/2024 13:54:41 INFO: The Wazuh indexer cluster ISM initialized. 12/01/2024 13:54:41 INFO: Wazuh indexer cluster initialized. 12/01/2024 13:54:41 INFO: --- Wazuh server --- 12/01/2024 13:54:41 INFO: Starting the Wazuh manager installation. Last metadata expiration check: 0:05:30 ago on Fri 12 Jan 2024 01:49:12 PM UTC. Dependencies resolved. ================================================================================ Package Architecture Version Repository Size ================================================================================ Installing: wazuh-manager x86_64 4.8.0-1 wazuh 350 M Transaction Summary ================================================================================ Install 1 Package Total download size: 350 M Installed size: 854 M Downloading Packages: wazuh-manager-4.8.0-1.x86_64.rpm 3.7 MB/s | 350 MB 01:35 -------------------------------------------------------------------------------- Total 3.7 MB/s | 350 MB 01:35 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Running scriptlet: wazuh-manager-4.8.0-1.x86_64 1/1 Installing : wazuh-manager-4.8.0-1.x86_64 1/1 Running scriptlet: wazuh-manager-4.8.0-1.x86_64 1/1 Invalid syntax Bad permission list or expression Bad class-permissions Problem filling class-permissions list Bad allow rule at /var/lib/selinux/targeted/tmp/modules/100/fail2ban/cil:148 Failed to build AST /var/tmp/rpm-tmp.JDTfFe: line 176: 18765 Segmentation fault (core dumped) semodule -e wazuh Verifying : wazuh-manager-4.8.0-1.x86_64 1/1 Installed products updated. Installed: wazuh-manager-4.8.0-1.x86_64 Complete! 12/01/2024 13:57:51 DEBUG: Checking Wazuh installation. 12/01/2024 13:57:52 DEBUG: There are Wazuh remaining files. 12/01/2024 13:57:53 DEBUG: There are Wazuh indexer remaining files. 12/01/2024 13:57:56 INFO: Wazuh manager installation finished. 12/01/2024 13:57:56 INFO: Starting service wazuh-manager. Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-manager.service → /usr/lib/systemd/system/wazuh-manager.service. 12/01/2024 13:58:15 INFO: wazuh-manager service started. 12/01/2024 13:58:15 INFO: Starting Filebeat installation. Installed: filebeat-7.10.2-1.x86_64 12/01/2024 13:58:32 DEBUG: Checking Wazuh installation. 12/01/2024 13:58:34 DEBUG: There are Wazuh remaining files. 12/01/2024 13:58:35 DEBUG: There are Wazuh indexer remaining files. 12/01/2024 13:58:36 DEBUG: There are Filebeat remaining files. 12/01/2024 13:58:37 INFO: Filebeat installation finished. 12/01/2024 13:58:37 DEBUG: Configuring Filebeat. 12/01/2024 13:58:37 DEBUG: Filebeat template was download successfully. wazuh/ wazuh/_meta/ wazuh/_meta/docs.asciidoc wazuh/_meta/config.yml wazuh/_meta/fields.yml wazuh/archives/ wazuh/archives/manifest.yml wazuh/archives/config/ wazuh/archives/config/archives.yml wazuh/archives/ingest/ wazuh/archives/ingest/pipeline.json wazuh/module.yml wazuh/alerts/ wazuh/alerts/manifest.yml wazuh/alerts/config/ wazuh/alerts/config/alerts.yml wazuh/alerts/ingest/ wazuh/alerts/ingest/pipeline.json 12/01/2024 13:58:38 DEBUG: Filebeat module was downloaded successfully. 12/01/2024 13:58:38 DEBUG: Copying Filebeat certificates. Created filebeat keystore Successfully updated the keystore Successfully updated the keystore 12/01/2024 13:58:38 INFO: Filebeat post-install configuration finished. 12/01/2024 13:58:38 INFO: Starting service filebeat. Created symlink /etc/systemd/system/multi-user.target.wants/filebeat.service → /usr/lib/systemd/system/filebeat.service. 12/01/2024 13:58:39 INFO: filebeat service started. 12/01/2024 13:58:39 INFO: --- Wazuh dashboard --- 12/01/2024 13:58:39 INFO: Starting Wazuh dashboard installation. Last metadata expiration check: 0:09:28 ago on Fri 12 Jan 2024 01:49:12 PM UTC. Dependencies resolved. ================================================================================ Package Architecture Version Repository Size ================================================================================ Installing: wazuh-dashboard x86_64 4.8.0-1 wazuh 273 M Transaction Summary ================================================================================ Install 1 Package Total download size: 273 M Installed size: 902 M Downloading Packages: wazuh-dashboard-4.8.0-1.x86_64.rpm 3.6 MB/s | 273 MB 01:15 -------------------------------------------------------------------------------- Total 3.6 MB/s | 273 MB 01:15 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Running scriptlet: wazuh-dashboard-4.8.0-1.x86_64 1/1 Installing : wazuh-dashboard-4.8.0-1.x86_64 1/1 Running scriptlet: wazuh-dashboard-4.8.0-1.x86_64 1/1 Verifying : wazuh-dashboard-4.8.0-1.x86_64 1/1 Installed products updated. Installed: wazuh-dashboard-4.8.0-1.x86_64 Complete! 12/01/2024 14:02:22 DEBUG: Checking Wazuh installation. 12/01/2024 14:02:23 DEBUG: There are Wazuh remaining files. 12/01/2024 14:02:24 DEBUG: There are Wazuh indexer remaining files. 12/01/2024 14:02:25 DEBUG: There are Filebeat remaining files. 12/01/2024 14:02:26 DEBUG: There are Wazuh dashboard remaining files. 12/01/2024 14:02:26 INFO: Wazuh dashboard installation finished. 12/01/2024 14:02:26 DEBUG: Configuring Wazuh dashboard. 12/01/2024 14:02:26 DEBUG: Copying Wazuh dashboard certificates. 12/01/2024 14:02:26 DEBUG: Wazuh dashboard certificate setup finished. 12/01/2024 14:02:26 INFO: Wazuh dashboard post-install configuration finished. 12/01/2024 14:02:26 INFO: Starting service wazuh-dashboard. Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service → /etc/systemd/system/wazuh-dashboard.service. 12/01/2024 14:02:27 INFO: wazuh-dashboard service started. 12/01/2024 14:02:27 DEBUG: Setting Wazuh indexer cluster passwords. 12/01/2024 14:02:27 DEBUG: Checking Wazuh installation. 12/01/2024 14:02:29 DEBUG: There are Wazuh remaining files. 12/01/2024 14:02:30 DEBUG: There are Wazuh indexer remaining files. 12/01/2024 14:02:31 DEBUG: There are Filebeat remaining files. 12/01/2024 14:02:32 DEBUG: There are Wazuh dashboard remaining files. 12/01/2024 14:02:32 INFO: Updating the internal users. 12/01/2024 14:02:32 DEBUG: Creating password backup. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to localhost:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.10.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: GREEN Number of nodes: 1 Number of data nodes: 1 .opendistro_security index already exists, so we do not need to create one. Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml 12/01/2024 14:02:41 DEBUG: Password backup created in /etc/wazuh-indexer/backup. 12/01/2024 14:02:41 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder. 12/01/2024 14:02:41 DEBUG: The internal users have been updated before changing the passwords. 12/01/2024 14:02:45 DEBUG: Generating password hashes. 12/01/2024 14:02:51 DEBUG: Password hashes generated. 12/01/2024 14:02:51 DEBUG: Creating password backup. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to localhost:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.10.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: GREEN Number of nodes: 1 Number of data nodes: 1 .opendistro_security index already exists, so we do not need to create one. Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml 12/01/2024 14:02:56 DEBUG: Password backup created in /etc/wazuh-indexer/backup. Successfully updated the keystore 12/01/2024 14:02:57 DEBUG: Restarting filebeat service... 12/01/2024 14:02:58 DEBUG: filebeat started. 12/01/2024 14:02:59 DEBUG: Restarting wazuh-dashboard service... 12/01/2024 14:03:00 DEBUG: wazuh-dashboard started. 12/01/2024 14:03:00 DEBUG: Running security admin tool. 12/01/2024 14:03:00 DEBUG: Loading new passwords changes. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to localhost:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.10.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: GREEN Number of nodes: 1 Number of data nodes: 1 .opendistro_security index already exists, so we do not need to create one. Populate config from /home/vagrant Force type: internalusers Will update '/internalusers' with /etc/wazuh-indexer/backup/internal_users.yml SUCC: Configuration for 'internalusers' created or updated SUCC: Expected 1 config types for node {"updated_config_types":["internalusers"],"updated_config_size":1,"message":null} is 1 (["internalusers"]) due to: null Done with success 12/01/2024 14:03:07 DEBUG: Passwords changed. 12/01/2024 14:03:07 DEBUG: Changing API passwords. 12/01/2024 14:03:15 INFO: Initializing Wazuh dashboard web application. 12/01/2024 14:03:15 INFO: Wazuh dashboard web application not yet initialized. Waiting... 12/01/2024 14:03:31 INFO: Wazuh dashboard web application not yet initialized. Waiting... 12/01/2024 14:03:46 INFO: Wazuh dashboard web application initialized. 12/01/2024 14:03:46 INFO: --- Summary --- 12/01/2024 14:03:46 INFO: You can access the web interface https://:443 User: admin Password: 5*2E5+.9jq3PjxEm*auMNeg5MOxmDGjW 12/01/2024 14:03:46 DEBUG: Restoring Wazuh repository. 12/01/2024 14:03:46 INFO: Installation finished. [root@redhat9 vagrant]# ```
AIO in RHEL9 in EC2 - Log ```console [root@ip-172-31-37-152 ec2-user]# bash wazuh-install.sh -a -i -v 12/01/2024 14:12:48 DEBUG: Checking root permissions. 12/01/2024 14:12:48 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0 12/01/2024 14:12:48 INFO: Verbose logging redirected to /var/log/wazuh-install.log 12/01/2024 14:12:48 DEBUG: YUM package manager will be used. 12/01/2024 14:12:48 DEBUG: Checking system distribution. 12/01/2024 14:12:48 DEBUG: Detected distribution name: rhel 12/01/2024 14:12:48 DEBUG: Detected distribution version: 9 12/01/2024 14:12:48 DEBUG: Checking Wazuh installation. 12/01/2024 14:12:53 DEBUG: Installing check dependencies. 12/01/2024 14:12:53 DEBUG: CentOS repository file created. 12/01/2024 14:12:53 DEBUG: CentOS repositories added. 12/01/2024 14:13:04 INFO: --- Dependencies --- 12/01/2024 14:13:04 INFO: Installing lsof. Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. CentOS Stream 9 - AppStream 48 MB/s | 18 MB 00:00 CentOS Stream 9 - BaseOS 24 MB/s | 7.9 MB 00:00 Last metadata expiration check: 0:00:03 ago on Fri 12 Jan 2024 02:13:14 PM UTC. Dependencies resolved. ================================================================================ Package Architecture Version Repository Size ================================================================================ Installing: lsof x86_64 4.94.0-3.el9 baseos 239 k Installing dependencies: libtirpc x86_64 1.3.3-2.el9 baseos 93 k Transaction Summary ================================================================================ Install 2 Packages Total download size: 332 k Installed size: 826 k Downloading Packages: (1/2): libtirpc-1.3.3-2.el9.x86_64.rpm 752 kB/s | 93 kB 00:00 (2/2): lsof-4.94.0-3.el9.x86_64.rpm 1.7 MB/s | 239 kB 00:00 -------------------------------------------------------------------------------- Total 2.2 MB/s | 332 kB 00:00 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Installing : libtirpc-1.3.3-2.el9.x86_64 1/2 Installing : lsof-4.94.0-3.el9.x86_64 2/2 Running scriptlet: lsof-4.94.0-3.el9.x86_64 2/2 Verifying : libtirpc-1.3.3-2.el9.x86_64 1/2 Verifying : lsof-4.94.0-3.el9.x86_64 2/2 Installed products updated. Installed: libtirpc-1.3.3-2.el9.x86_64 lsof-4.94.0-3.el9.x86_64 Complete! Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. CentOS Stream 9 - AppStream 48 MB/s | 18 MB 00:00 CentOS Stream 9 - BaseOS 24 MB/s | 7.9 MB 00:00 Last metadata expiration check: 0:00:03 ago on Fri 12 Jan 2024 02:13:14 PM UTC. Dependencies resolved. ================================================================================ Package Architecture Version Repository Size ================================================================================ Installing: lsof x86_64 4.94.0-3.el9 baseos 239 k Installing dependencies: libtirpc x86_64 1.3.3-2.el9 baseos 93 k Transaction Summary ================================================================================ Install 2 Packages Total download size: 332 k Installed size: 826 k Downloading Packages: (1/2): libtirpc-1.3.3-2.el9.x86_64.rpm 752 kB/s | 93 kB 00:00 (2/2): lsof-4.94.0-3.el9.x86_64.rpm 1.7 MB/s | 239 kB 00:00 -------------------------------------------------------------------------------- Total 2.2 MB/s | 332 kB 00:00 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Installing : libtirpc-1.3.3-2.el9.x86_64 1/2 Installing : lsof-4.94.0-3.el9.x86_64 2/2 Running scriptlet: lsof-4.94.0-3.el9.x86_64 2/2 Verifying : libtirpc-1.3.3-2.el9.x86_64 1/2 Verifying : lsof-4.94.0-3.el9.x86_64 2/2 Installed products updated. Installed: libtirpc-1.3.3-2.el9.x86_64 lsof-4.94.0-3.el9.x86_64 Complete! Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. 46 files removed 12/01/2024 14:13:24 DEBUG: CentOS repositories and key deleted. 12/01/2024 14:13:24 DEBUG: Checking system architecture. 12/01/2024 14:13:24 WARNING: Hardware and system checks ignored. 12/01/2024 14:13:24 INFO: Wazuh web interface port will be 443. 12/01/2024 14:13:24 DEBUG: Checking ports availability. 12/01/2024 14:13:27 DEBUG: Installing prerequisites dependencies. 12/01/2024 14:13:28 DEBUG: Checking curl tool version. 12/01/2024 14:13:28 DEBUG: Adding the Wazuh repository. [wazuh] gpgcheck=1 gpgkey=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH enabled=1 name=EL-${releasever} - Wazuh baseurl=https://packages-dev.wazuh.com/pre-release/yum/ protect=1 12/01/2024 14:13:28 INFO: Wazuh development repository added. 12/01/2024 14:13:28 INFO: --- Configuration files --- 12/01/2024 14:13:28 INFO: Generating configuration files. 12/01/2024 14:13:28 DEBUG: Creating Wazuh certificates. 12/01/2024 14:13:28 DEBUG: Reading configuration file. 12/01/2024 14:13:28 DEBUG: Creating the root certificate. ....+...+.........+........+...+....+...+...+.....+...+......+.........+....+..+......+....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*....+........+.......+.........+......+.....+...+...+...+....+...........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+......+...+...........+..........+......+......+.........+........+......+.+......+........+.+...........+..........+.....+.........+...+...+..........+...+......+...+......+...............+......+........+......+.+.....+................+..+...+.........+...+.+.....+................+.....+...+......+.......+..+.+..+..........+..+...+...+.+.....+.+............+...+............+......+.................+...+........................+...+...+....+.....+......+.+...+..................+..................+..............+......+.+......+...+............+........................+.....+.+...+..+..........+............+..+...+.+.....+.....................+...+......+......+...+.......+...+...........+......+.+...+...........+.+............+..+............................+...........+.......+...+......+......+..+.......+...+..+....+..+............+...+....+.....+......+.............+..+....+........+.......+.....+......+........................+.........+......+.+..+................+..+.......+...+..+...+...+......+....+.....+.+........+...+....+.....+..........+..........................+....+...+..+..................+..........+.....+.+.....+.......+..+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ .......+.....+...+.+...+...............+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ----- 12/01/2024 14:13:29 DEBUG: Generating Admin certificates. Certificate request self-signature ok subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = admin 12/01/2024 14:13:30 DEBUG: Generating Wazuh indexer certificates. 12/01/2024 14:13:30 DEBUG: Creating the Wazuh indexer certificates. 12/01/2024 14:13:30 DEBUG: Generating certificate configuration. ..+...+....+.....+.+..+...+.............+.....+.........+...+....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*...+....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*...+...+.+.....+...+.............+...+.....+.+.....+.+..+.......+..............+................+.........+..+...+.+......+..+............+.+..+.+...........+.+...+.....+......+.+..+...+.......+..+....+.....+....+......+..............+.+......+...+.....+...+...+..........+......+.....+.+............+..+..........+......+...+..+...+.........+.+.................+....+......+.........+...+..+..........+........+...+...+.+...+........+...+...............+................+...+........+...+..........+..+....+......+........+.........+......+.+.....+...+...+...+..........+..+.........+...+...+.......+..+......+...................+...+...........+..........+.........+.....+...+....+.....+..................+..........+.....+.+.........+...+.................+............+.+...+.........+............+.....+......+..........+..+...+....+...+.....+.......+...+...+...............+..............+....+..+...+......+...+..........+......+.....+.......+..+.+......+...+.....+............................+..+.+.....+.......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ....+.....+..........+.........+........+.......+...........+.+.........+.....+......+.+...+..+...+.+.....+..........+...+..+.........+....+..+.+..+............+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.......+..+.+.........+.........+.....+............+...+......+................+.....+...+....+...+..+.......+...+..+.+.....+.........+....+..+.........+...+......+.+......+..+......................+..............+.+...+..+..........+...+...+...+.....+.........+...+....+...........+..........+..+..........+.................+......+.......+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ----- Certificate request self-signature ok subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-indexer 12/01/2024 14:13:31 DEBUG: Generating Filebeat certificates. 12/01/2024 14:13:31 DEBUG: Creating the Wazuh server certificates. 12/01/2024 14:13:31 DEBUG: Generating certificate configuration. ...+...+..+.+......+.....+................+..+...+.......+..+...+......+.+......+..+.+..+..........+..+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.............+...+...+...+.......+..+.+.........+..+....+..............+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*....+.+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+..+...+.+.....+.........+.+.........+...+.....+.......+..+....+.....+.......+...+..+............+...+...................+...+...+..+.+.....+.......+.........+.....+...+...+..........+...+.....+.......+...+..+......................+...+..+..........+..+.........................+...+..+.............+......+.........+..+....+...........+....+..+...+.+......+..+..........+..+.+..+............+......+...................+.....+.+........+.........+.+..+.......+..+....+..+.......+...+..+...+....+...+......+......+........+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ----- Certificate request self-signature ok subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-server 12/01/2024 14:13:31 DEBUG: Generating Wazuh dashboard certificates. 12/01/2024 14:13:31 DEBUG: Creating the Wazuh dashboard certificates. 12/01/2024 14:13:31 DEBUG: Generating certificate configuration. .+..............+.......+...+......+.....+......+.+...+...............+..+....+........+.+..+...+....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*............+...........+...+.+...+..+...+.....................+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*......+..+.......+......+..+.........+...+.+...........+.+..............+.+...............+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ .+..+.+.........+..+...+...+...+.+...........+.......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..................+.........+.....+....+..+.........+.......+..+.............+.....+...+.......+.................+...+.........+......+...+....+......+.....+......+...+.+..............+...+....+.....+..........+...+..+...............+....+...............+.....+...............+.+..............+......+...+......+......+.+........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ----- Certificate request self-signature ok subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-dashboard 12/01/2024 14:13:31 DEBUG: Cleaning certificate files. 12/01/2024 14:13:31 DEBUG: Generating password file. 12/01/2024 14:13:31 DEBUG: Generating random passwords. 12/01/2024 14:13:32 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation. 12/01/2024 14:13:32 DEBUG: Extracting Wazuh configuration. 12/01/2024 14:13:32 DEBUG: Reading configuration file. 12/01/2024 14:13:32 INFO: --- Wazuh indexer --- 12/01/2024 14:13:32 INFO: Starting Wazuh indexer installation. Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. Red Hat Enterprise Linux 9 for x86_64 - AppStre 55 MB/s | 28 MB 00:00 Red Hat Enterprise Linux 9 for x86_64 - BaseOS 44 MB/s | 16 MB 00:00 Red Hat Enterprise Linux 9 Client Configuration 25 kB/s | 3.8 kB 00:00 EL-9 - Wazuh 18 MB/s | 24 MB 00:01 Last metadata expiration check: 0:00:01 ago on Fri 12 Jan 2024 02:13:51 PM UTC. Dependencies resolved. ================================================================================ Package Architecture Version Repository Size ================================================================================ Installing: wazuh-indexer x86_64 4.8.0-1 wazuh 743 M Transaction Summary ================================================================================ Install 1 Package Total download size: 743 M Installed size: 1.0 G Downloading Packages: wazuh-indexer-4.8.0-1.x86_64.rpm 105 MB/s | 743 MB 00:07 -------------------------------------------------------------------------------- Total 105 MB/s | 743 MB 00:07 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Running scriptlet: wazuh-indexer-4.8.0-1.x86_64 1/1 Installing : wazuh-indexer-4.8.0-1.x86_64 1/1 Running scriptlet: wazuh-indexer-4.8.0-1.x86_64 1/1 Created opensearch keystore in /etc/wazuh-indexer/opensearch.keystore Verifying : wazuh-indexer-4.8.0-1.x86_64 1/1 Installed products updated. Installed: wazuh-indexer-4.8.0-1.x86_64 Complete! 12/01/2024 14:16:00 DEBUG: Checking Wazuh installation. 12/01/2024 14:16:03 DEBUG: There are Wazuh indexer remaining files. 12/01/2024 14:16:05 INFO: Wazuh indexer installation finished. 12/01/2024 14:16:05 DEBUG: Configuring Wazuh indexer. 12/01/2024 14:16:05 DEBUG: Copying Wazuh indexer certificates. 12/01/2024 14:16:05 INFO: Wazuh indexer post-install configuration finished. 12/01/2024 14:16:05 INFO: Starting service wazuh-indexer. Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service → /usr/lib/systemd/system/wazuh-indexer.service. 12/01/2024 14:16:32 INFO: wazuh-indexer service started. 12/01/2024 14:16:32 INFO: Initializing Wazuh indexer cluster security settings. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to 127.0.0.1:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.10.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: GREEN Number of nodes: 1 Number of data nodes: 1 .opendistro_security index does not exists, attempt to create it ... done (0-all replicas) Populate config from /etc/wazuh-indexer/opensearch-security/ Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml SUCC: Configuration for 'config' created or updated Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml SUCC: Configuration for 'roles' created or updated Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml SUCC: Configuration for 'rolesmapping' created or updated Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml SUCC: Configuration for 'internalusers' created or updated Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml SUCC: Configuration for 'actiongroups' created or updated Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml SUCC: Configuration for 'tenants' created or updated Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml SUCC: Configuration for 'nodesdn' created or updated Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml SUCC: Configuration for 'whitelist' created or updated Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml SUCC: Configuration for 'audit' created or updated Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml SUCC: Configuration for 'allowlist' created or updated SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null Done with success Will create 'wazuh' index template SUCC: 'wazuh' template created or updated Will create 'ism_history_indices' index template SUCC: 'ism_history_indices' template created or updated Will disable replicas for 'plugins.index_state_management.history' indices SUCC: cluster's settings saved Will create index templates to configure the alias SUCC: 'wazuh-alerts' template created or updated SUCC: 'wazuh-archives' template created or updated Will create the 'rollover_policy' policy SUCC: 'rollover_policy' policy created Will create initial indices for the aliases SUCC: 'wazuh-alerts' write index created SUCC: 'wazuh-archives' write index created SUCC: Indexer ISM initialization finished successfully. 12/01/2024 14:16:47 INFO: The Wazuh indexer cluster ISM initialized. 12/01/2024 14:16:47 INFO: Wazuh indexer cluster initialized. 12/01/2024 14:16:47 INFO: --- Wazuh server --- 12/01/2024 14:16:47 INFO: Starting the Wazuh manager installation. Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. Last metadata expiration check: 0:02:57 ago on Fri 12 Jan 2024 02:13:51 PM UTC. Dependencies resolved. ================================================================================ Package Architecture Version Repository Size ================================================================================ Installing: wazuh-manager x86_64 4.8.0-1 wazuh 350 M Transaction Summary ================================================================================ Install 1 Package Total download size: 350 M Installed size: 854 M Downloading Packages: wazuh-manager-4.8.0-1.x86_64.rpm 137 MB/s | 350 MB 00:02 -------------------------------------------------------------------------------- Total 137 MB/s | 350 MB 00:02 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Running scriptlet: wazuh-manager-4.8.0-1.x86_64 1/1 Installing : wazuh-manager-4.8.0-1.x86_64 1/1 Running scriptlet: wazuh-manager-4.8.0-1.x86_64 1/1 Verifying : wazuh-manager-4.8.0-1.x86_64 1/1 Installed products updated. Installed: wazuh-manager-4.8.0-1.x86_64 Complete! 12/01/2024 14:18:59 DEBUG: Checking Wazuh installation. 12/01/2024 14:19:00 DEBUG: There are Wazuh remaining files. 12/01/2024 14:19:02 DEBUG: There are Wazuh indexer remaining files. 12/01/2024 14:19:04 INFO: Wazuh manager installation finished. 12/01/2024 14:19:04 INFO: Starting service wazuh-manager. Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-manager.service → /usr/lib/systemd/system/wazuh-manager.service. 12/01/2024 14:19:26 INFO: wazuh-manager service started. 12/01/2024 14:19:26 INFO: Starting Filebeat installation. Installed: filebeat-7.10.2-1.x86_64 12/01/2024 14:19:33 DEBUG: Checking Wazuh installation. 12/01/2024 14:19:34 DEBUG: There are Wazuh remaining files. 12/01/2024 14:19:35 DEBUG: There are Wazuh indexer remaining files. 12/01/2024 14:19:36 DEBUG: There are Filebeat remaining files. 12/01/2024 14:19:37 INFO: Filebeat installation finished. 12/01/2024 14:19:37 DEBUG: Configuring Filebeat. 12/01/2024 14:19:38 DEBUG: Filebeat template was download successfully. wazuh/ wazuh/_meta/ wazuh/_meta/docs.asciidoc wazuh/_meta/config.yml wazuh/_meta/fields.yml wazuh/archives/ wazuh/archives/manifest.yml wazuh/archives/config/ wazuh/archives/config/archives.yml wazuh/archives/ingest/ wazuh/archives/ingest/pipeline.json wazuh/module.yml wazuh/alerts/ wazuh/alerts/manifest.yml wazuh/alerts/config/ wazuh/alerts/config/alerts.yml wazuh/alerts/ingest/ wazuh/alerts/ingest/pipeline.json 12/01/2024 14:19:38 DEBUG: Filebeat module was downloaded successfully. 12/01/2024 14:19:38 DEBUG: Copying Filebeat certificates. Created filebeat keystore Successfully updated the keystore Successfully updated the keystore 12/01/2024 14:19:39 INFO: Filebeat post-install configuration finished. 12/01/2024 14:19:39 INFO: Starting service filebeat. Synchronizing state of filebeat.service with SysV service script with /usr/lib/systemd/systemd-sysv-install. Executing: /usr/lib/systemd/systemd-sysv-install enable filebeat Created symlink /etc/systemd/system/multi-user.target.wants/filebeat.service → /usr/lib/systemd/system/filebeat.service. 12/01/2024 14:19:40 INFO: filebeat service started. 12/01/2024 14:19:40 INFO: --- Wazuh dashboard --- 12/01/2024 14:19:40 INFO: Starting Wazuh dashboard installation. Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. Last metadata expiration check: 0:05:50 ago on Fri 12 Jan 2024 02:13:51 PM UTC. Dependencies resolved. ================================================================================ Package Architecture Version Repository Size ================================================================================ Installing: wazuh-dashboard x86_64 4.8.0-1 wazuh 273 M Transaction Summary ================================================================================ Install 1 Package Total download size: 273 M Installed size: 902 M Downloading Packages: wazuh-dashboard-4.8.0-1.x86_64.rpm 63 MB/s | 273 MB 00:04 -------------------------------------------------------------------------------- Total 62 MB/s | 273 MB 00:04 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Running scriptlet: wazuh-dashboard-4.8.0-1.x86_64 1/1 Installing : wazuh-dashboard-4.8.0-1.x86_64 1/1 Running scriptlet: wazuh-dashboard-4.8.0-1.x86_64 1/1 Verifying : wazuh-dashboard-4.8.0-1.x86_64 1/1 Installed products updated. Installed: wazuh-dashboard-4.8.0-1.x86_64 Complete! 12/01/2024 14:22:36 DEBUG: Checking Wazuh installation. 12/01/2024 14:22:38 DEBUG: There are Wazuh remaining files. 12/01/2024 14:22:39 DEBUG: There are Wazuh indexer remaining files. 12/01/2024 14:22:41 DEBUG: There are Filebeat remaining files. 12/01/2024 14:22:42 DEBUG: There are Wazuh dashboard remaining files. 12/01/2024 14:22:42 INFO: Wazuh dashboard installation finished. 12/01/2024 14:22:42 DEBUG: Configuring Wazuh dashboard. 12/01/2024 14:22:42 DEBUG: Copying Wazuh dashboard certificates. 12/01/2024 14:22:42 DEBUG: Wazuh dashboard certificate setup finished. 12/01/2024 14:22:42 INFO: Wazuh dashboard post-install configuration finished. 12/01/2024 14:22:42 INFO: Starting service wazuh-dashboard. Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service → /etc/systemd/system/wazuh-dashboard.service. 12/01/2024 14:22:43 INFO: wazuh-dashboard service started. 12/01/2024 14:22:43 DEBUG: Setting Wazuh indexer cluster passwords. 12/01/2024 14:22:43 DEBUG: Checking Wazuh installation. 12/01/2024 14:22:44 DEBUG: There are Wazuh remaining files. 12/01/2024 14:22:45 DEBUG: There are Wazuh indexer remaining files. 12/01/2024 14:22:47 DEBUG: There are Filebeat remaining files. 12/01/2024 14:22:48 DEBUG: There are Wazuh dashboard remaining files. 12/01/2024 14:22:48 INFO: Updating the internal users. 12/01/2024 14:22:48 DEBUG: Creating password backup. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to localhost:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.10.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: GREEN Number of nodes: 1 Number of data nodes: 1 .opendistro_security index already exists, so we do not need to create one. Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml 12/01/2024 14:22:58 DEBUG: Password backup created in /etc/wazuh-indexer/backup. 12/01/2024 14:22:58 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder. 12/01/2024 14:22:58 DEBUG: The internal users have been updated before changing the passwords. 12/01/2024 14:23:00 DEBUG: Generating password hashes. 12/01/2024 14:23:09 DEBUG: Password hashes generated. 12/01/2024 14:23:09 DEBUG: Creating password backup. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to localhost:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.10.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: GREEN Number of nodes: 1 Number of data nodes: 1 .opendistro_security index already exists, so we do not need to create one. Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml 12/01/2024 14:23:15 DEBUG: Password backup created in /etc/wazuh-indexer/backup. Successfully updated the keystore 12/01/2024 14:23:16 DEBUG: Restarting filebeat service... 12/01/2024 14:23:16 DEBUG: filebeat started. 12/01/2024 14:23:18 DEBUG: Restarting wazuh-dashboard service... 12/01/2024 14:23:19 DEBUG: wazuh-dashboard started. 12/01/2024 14:23:19 DEBUG: Running security admin tool. 12/01/2024 14:23:19 DEBUG: Loading new passwords changes. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to localhost:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.10.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: GREEN Number of nodes: 1 Number of data nodes: 1 .opendistro_security index already exists, so we do not need to create one. Populate config from /home/ec2-user Force type: internalusers Will update '/internalusers' with /etc/wazuh-indexer/backup/internal_users.yml SUCC: Configuration for 'internalusers' created or updated SUCC: Expected 1 config types for node {"updated_config_types":["internalusers"],"updated_config_size":1,"message":null} is 1 (["internalusers"]) due to: null Done with success 12/01/2024 14:23:25 DEBUG: Passwords changed. 12/01/2024 14:23:25 DEBUG: Changing API passwords. 12/01/2024 14:23:33 INFO: Initializing Wazuh dashboard web application. 12/01/2024 14:23:33 INFO: Wazuh dashboard web application not yet initialized. Waiting... 12/01/2024 14:23:50 INFO: Wazuh dashboard web application not yet initialized. Waiting... 12/01/2024 14:24:05 INFO: Wazuh dashboard web application initialized. 12/01/2024 14:24:05 INFO: --- Summary --- 12/01/2024 14:24:05 INFO: You can access the web interface https://:443 User: admin Password: jYQ1C8SKHYm.bwFT+ffikO?5JT2AONQz 12/01/2024 14:24:05 INFO: --- Dependencies --- 12/01/2024 14:24:05 INFO: Removing lsof. Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. Dependencies resolved. ================================================================================ Package Architecture Version Repository Size ================================================================================ Removing: lsof x86_64 4.94.0-3.el9 @baseos 624 k Removing unused dependencies: libtirpc x86_64 1.3.3-2.el9 @baseos 202 k Transaction Summary ================================================================================ Remove 2 Packages Freed space: 826 k Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Erasing : lsof-4.94.0-3.el9.x86_64 1/2 Erasing : libtirpc-1.3.3-2.el9.x86_64 2/2 Running scriptlet: libtirpc-1.3.3-2.el9.x86_64 2/2 Verifying : libtirpc-1.3.3-2.el9.x86_64 1/2 Verifying : lsof-4.94.0-3.el9.x86_64 2/2 Installed products updated. Removed: libtirpc-1.3.3-2.el9.x86_64 lsof-4.94.0-3.el9.x86_64 Complete! 12/01/2024 14:24:10 DEBUG: Restoring Wazuh repository. 12/01/2024 14:24:10 INFO: Installation finished. [root@ip-172-31-37-152 ec2-user]# ```

It would be necessary to specify more information about the tool used to deploy the Wazuh installation. Maybe the firewall is related to this, so please, disable the firewall before performing the installation.

santipadilla commented 6 months ago

I am doing E2E UX tests - File Integrity monitoring for release 4.8.0 - Alpha 2 and I am using Vagrant as environment.

For both rhel8 and rhel9 I have used the same configuration.

I have tried again the installation in Rhel9 by deactivating firewalld but it still hangs with: sudo systemctl stop firewalld sudo systemctl disable firewalld

In both cases I used the same installation method with: curl -sO https://packages-dev.wazuh.com/4.8/wazuh-install.sh && sudo bash ./wazuh-install.sh -a

Update

Full log of /var/log/wazuh-install.log

17/01/2024 13:38:18 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0
17/01/2024 13:38:18 INFO: Verbose logging redirected to /var/log/wazuh-install.log
0 files removed
17/01/2024 13:38:24 INFO: Verifying that your system meets the recommended minimum hardware requirements.
17/01/2024 13:38:24 INFO: Wazuh web interface port will be 443.
17/01/2024 13:38:25 WARNING: The system has Firewalld enabled. Please ensure that traffic is allowed on these ports: 1515, 1514, 443.
[wazuh]
gpgcheck=1
gpgkey=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
enabled=1
name=EL-${releasever} - Wazuh
baseurl=https://packages-dev.wazuh.com/pre-release/yum/
protect=1
17/01/2024 13:38:26 INFO: Wazuh development repository added.
17/01/2024 13:38:26 INFO: --- Configuration files ---
17/01/2024 13:38:26 INFO: Generating configuration files.
...+..+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+..+.......+..+.+..+.............+........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.............+...+..+...+......+.+..+..........+..+....+.....+.+...+.....+......+......+.+.................+.+.................+....+.....+....+.........+..+.+..+.......+...+........+....+.........+.....+.......+........+.+........+...+.........+.........+......+.+........+.........+..........+......+.........+...........+....+..+.+.........+........+......+............+...+......+....+.........+......+.........+.....+......+................+...+.....+.+.....+.+.........+......+.....+.+..+..........+......+..+..........+...+..............+..........+............+...+...+..+......+.......+....................+.............+...........+...+.+......+...........+....+...+......+..+.........+...+.+......+......+........+......+.+...............+............+..+...+............+.........+.......+...+..+...+......+.+........+......+......+....+......+.........+...+...........+......+...............+...+.+.....+.......+..+...+.......+.....+.+...........+....+.....+......+..........+......+.....+.......+...+..+.......+.........+..+............+.+..+....+.....+.+..+.+......+.....+...+.+..+...+....+.....+...+....+...+...............+...............+......+.....+.......+...+..+...+....+..+.........+.......+..+.......+.....+.........+.+.....+.............+............+.....+....+.....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
.+.....................+............+.....+....+...+..+.............+..+..........+.....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+..+...+......+..........+........+.......+......+.........+.....+.........+.........+.+.....+.+...+..+...+......+.+...+..+..................+.+..............+.+......+..............+....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*...+.....+......+.+...........+....+...+..+.+..+.....................+.......+..+...+....+.....+....+.........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
Certificate request self-signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = admin
..+..+..........+.........+.....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*............+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+.............+..+...+....+..+...+............+................+..+...+...+....+..+.+...+.................+....+...+...+.....+...+.......+...+.....+......+.+..+.+...............+..+.......+.....+......+....+..+.........+.+......+........+....+.....+......+.+.........+..+.......+.....+.+...............+..+....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
.........+..+...+.+...........+....+..+.......+...+.....+...+.+......+........+.........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.........+.....+.+.........+......+..+...+.......+.........+..............+......+.+..+.+.....+...............+.....................+.+..+.+..+.......+........+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.............+...........+....+..+.+...+......+...+.....+.+..............+...+.........+...+................+.....+.+..............+............+...+....+.....+...+..................+.+.........+..+.........+.+........+.........+.......+...+..+.+..+...+............................+...........+.........+....+.....+.+......+...+...+........+.+...............+.....+.+.....+...+.+...+..................+..+...+.......+..................+..+...+...+.+......+..+.............+..+..........+.....+......+.......+...+..+..........+.....+....+.........+...............+.....+.+...+...........+.+.....+....+.....+....+...............+........+.............+..+.......+......+..+....+...+...........+.........+......+...............+.+...+........+....+.....+.........+..........+...........+...+......+.........+......+......+..........+........+.......+.....+......+.........+....+.....+......+.+...+......+...+..+...+.......+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
Certificate request self-signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-indexer
....+..+.......+.....+.........+.+...+...............+......+.....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*...........+.....+...+....+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.............................+.......+......+.....+.......+...+..+.+...........................+..+...+...+.+.....+.+..+.......+...........+...+.+...+.....+..........+..+......+...+....+..+..................+.+.....+.+......+..............+.+...+.....+.+.....+.........+......+.+........+............+...+.......+...+..+....+.....+......+............+...+..................+.+.....+.+.....+...+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
.........+.+.....+...+....+...........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*....+.+..+.+..............+...+....+...+..................+...+...........+.+........+....+...+..+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*........+..+.........+...+................+..+.......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
Certificate request self-signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-server
.+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*....+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+.+.........+..............+.........+............+.........+..........+..+.........+.+.....+....+.....................+..+.......+...+..+.............+...............+..+....+.....+.........+.+.....+.+.....+.+........+..........+.........+...............+............+......+............+.....+.............+..............+.+..+...+.............+.........+.....+................+.....+.+...........+.........+...+.+......+.....+.+...+...........+...+...+...+.......+..............+.+..+...+.......+.....+.......+...+........+.........+...............+...+..........+..+.............+...+...+............+...+..+.......+..+......+..................+.......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
....+..+.+..+....+...+........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*......+...+.......+...+...+.....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..................+........+.+......+...............+.....+.......+..+..................+.+..+...+.......+..+......+................+..............+.+......+.....+...+....+...+.....+...+....+.....+.+.........+..+...+................+...........+...+............+....+......+...+...+..+......+.+..............+.......+...+..+.............+.................+.........+...+.............+...+......+...+..+.+..............+......+..........+.........+...+..+...+.+.........+...+.....+...+.+......+.................+......+....+..+.+..+......+.......+...+...........+......+.......+..+...+.+.........+........+...+.+.....+....+...........+....+.....+............+...+....+...+............+..+.+.................+.+......+......+..+......+.......+.........+.....+....+.....+.........+......+.+.....+..................+...+....+.....+....+.....+.........+...+...+......+.+.........+..........................+...+.+...+..+.+........+....+...+.........+...+.....+..........+...+..+.......+.....+..........+.........+..+....+......+....................+.......+..+...+...+.......+..+......+.......+...............+.....+.+......+......+............+..+...+...+...+......+....+...............+...........+...+.......+...+...+.....+...+....+.....+.+......+........+......+.+.....+.+............+...+.....+...+......+...+...+....+..............+....+.....+.+..+...+................+........+............+.+.........+......+...+................................+....+...........+........................+...+.............+.....+.......+..+.........+...................+..+......+....+...............+...+..+.+..............+...+...+..........+.........+...+..+.........+.........+...+.......+.....+.......+...............+...+...+...+............+........+.........+...+....+......+...+...........+..........+.........+......+......+..+...+...+....+..+.+..+...............+.+......+.....+...+...+.......+......+.....+............+..................+....+...+...+...........+.+...............+..+.......+...+...........+.+.....+.........+.......+.........+...+........+...+..........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
Certificate request self-signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-dashboard
17/01/2024 13:38:28 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
17/01/2024 13:38:28 INFO: --- Wazuh indexer ---
17/01/2024 13:38:28 INFO: Starting Wazuh indexer installation.
Extra Packages for Enterprise Linux 9 - x86_64  4.5 MB/s |  20 MB     00:04    
Extra Packages for Enterprise Linux 9 openh264  1.9 kB/s | 2.5 kB     00:01    
EL-9 - Wazuh                                    9.6 MB/s |  24 MB     00:02    
Dependencies resolved.
================================================================================
 Package                Architecture    Version            Repository      Size
================================================================================
Installing:
 wazuh-indexer          x86_64          4.8.0-1            wazuh          743 M

Transaction Summary
================================================================================
Install  1 Package

Total download size: 743 M
Installed size: 1.0 G
Downloading Packages:
wazuh-indexer-4.8.0-1.x86_64.rpm                 54 MB/s | 743 MB     00:13    
--------------------------------------------------------------------------------
Total                                            54 MB/s | 743 MB     00:13     
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                        1/1 
  Running scriptlet: wazuh-indexer-4.8.0-1.x86_64                           1/1 
  Installing       : wazuh-indexer-4.8.0-1.x86_64                           1/1 
  Running scriptlet: wazuh-indexer-4.8.0-1.x86_64                           1/1 
Created opensearch keystore in /etc/wazuh-indexer/opensearch.keystore

Couldn't write '64' to 'kernel/random/read_wakeup_threshold', ignoring: No such file or directory

  Verifying        : wazuh-indexer-4.8.0-1.x86_64                           1/1 
Installed products updated.

Installed:
  wazuh-indexer-4.8.0-1.x86_64                                                  

Complete!
17/01/2024 13:39:49 INFO: Wazuh indexer installation finished.
17/01/2024 13:39:49 INFO: Wazuh indexer post-install configuration finished.
17/01/2024 13:39:49 INFO: Starting service wazuh-indexer.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service → /usr/lib/systemd/system/wazuh-indexer.service.
c-bordon commented 6 months ago

I was able to replicate the error on my machine using vagrant, the problem is that the Wazuh indexer service does not start and it remains in process and for this reason the WIA does not advance:

---
17/01/2024 18:15:10 DEBUG: Checking Wazuh installation.
17/01/2024 18:15:10 DEBUG: There are Wazuh indexer remaining files.
17/01/2024 18:15:11 INFO: Wazuh indexer installation finished.
17/01/2024 18:15:11 DEBUG: Configuring Wazuh indexer.
17/01/2024 18:15:11 DEBUG: Copying Wazuh indexer certificates.
17/01/2024 18:15:11 INFO: Wazuh indexer post-install configuration finished.
17/01/2024 18:15:11 INFO: Starting service wazuh-indexer.
+ echo 'entro por el if de systemd'
entro por el if de systemd
+ eval 'systemctl daemon-reload 2>&1 | tee -a /var/log/wazuh-install.log'
++ systemctl daemon-reload
++ tee -a /var/log/wazuh-install.log
+ eval 'systemctl enable wazuh-indexer.service 2>&1 | tee -a /var/log/wazuh-install.log'
++ systemctl enable wazuh-indexer.service
++ tee -a /var/log/wazuh-install.log
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service → /usr/lib/systemd/system/wazuh-indexer.service.
+ eval 'systemctl start wazuh-indexer.service 2>&1 | tee -a /var/log/wazuh-install.log'
++ systemctl start wazuh-indexer.service
++ tee -a /var/log/wazuh-install.log
^C+++ installCommon_cleanExit
+++ rollback_conf=
+++ '[' -n '' ']'
+++ [[ '' =~ ^[N|Y|n|y]$ ]]
+++ echo -ne '\nDo you want to remove the ongoing installation?[Y/N]'

Do you want to remove the ongoing installation?[Y/N]+++ read -r rollback_conf

Reviewing the status of the service, it looks like this:

[root@rhel-9 ~]# systemctl status wazuh-indexer
● wazuh-indexer.service - Wazuh-indexer
     Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: disabled)
     Active: activating (start) since Wed 2024-01-17 19:06:27 UTC; 23s ago
       Docs: https://documentation.wazuh.com
   Main PID: 13213 (java)
      Tasks: 36 (limit: 36152)
     Memory: 3.1G
        CPU: 24.484s
     CGroup: /system.slice/wazuh-indexer.service
             └─13213 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true -Dfile.encoding=UTF->

Jan 17 19:06:36 rhel-9 systemd-entrypoint[13213]:         at io.netty.channel.AbstractChannel.bind(AbstractChannel.java:260)
Jan 17 19:06:36 rhel-9 systemd-entrypoint[13213]:         at io.netty.bootstrap.AbstractBootstrap$2.run(AbstractBootstrap.java:356)
Jan 17 19:06:36 rhel-9 systemd-entrypoint[13213]:         at io.netty.util.concurrent.AbstractEventExecutor.runTask(AbstractEventExecutor.java:174)
Jan 17 19:06:36 rhel-9 systemd-entrypoint[13213]:         at io.netty.util.concurrent.AbstractEventExecutor.safeExecute(AbstractEventExecutor.java:167)
Jan 17 19:06:36 rhel-9 systemd-entrypoint[13213]:         at io.netty.util.concurrent.SingleThreadEventExecutor.runAllTasks(SingleThreadEventExecutor.java:470)
Jan 17 19:06:36 rhel-9 systemd-entrypoint[13213]:         at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:569)
Jan 17 19:06:36 rhel-9 systemd-entrypoint[13213]:         at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:997)
Jan 17 19:06:36 rhel-9 systemd-entrypoint[13213]:         at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
Jan 17 19:06:36 rhel-9 systemd-entrypoint[13213]:         at java.base/java.lang.Thread.run(Thread.java:833)
Jan 17 19:06:36 rhel-9 systemd-entrypoint[13213]: For complete error details, refer to the log at /var/log/wazuh-indexer/wazuh-cluster.log

This error can be found in the wazuh-cluster.log

org.opensearch.transport.BindTransportException: Failed to bind to [::1]:[9300-9400]
cat /etc/wazuh-indexer/opensearch.yml 
network.host: "localhost"
node.name: "node-1"
cluster.initial_master_nodes:
- "node-1"
cluster.name: "wazuh-cluster"

node.max_local_storage_nodes: "3"
path.data: /var/lib/wazuh-indexer
path.logs: /var/log/wazuh-indexer

plugins.security.ssl.http.pemcert_filepath: /etc/wazuh-indexer/certs/wazuh-indexer.pem
plugins.security.ssl.http.pemkey_filepath: /etc/wazuh-indexer/certs/wazuh-indexer-key.pem
plugins.security.ssl.http.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem
plugins.security.ssl.transport.pemcert_filepath: /etc/wazuh-indexer/certs/wazuh-indexer.pem
plugins.security.ssl.transport.pemkey_filepath: /etc/wazuh-indexer/certs/wazuh-indexer-key.pem
plugins.security.ssl.transport.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem
plugins.security.ssl.http.enabled: true
plugins.security.ssl.transport.enforce_hostname_verification: false
plugins.security.ssl.transport.resolve_hostname: false
plugins.security.ssl.http.enabled_ciphers:
  - "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"
  - "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"
  - "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"
  - "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"
plugins.security.ssl.http.enabled_protocols:
  - "TLSv1.2"
plugins.security.authcz.admin_dn:
- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
plugins.security.check_snapshot_restore_write_privileges: true
plugins.security.enable_snapshot_restore_privilege: true
plugins.security.nodes_dn:
- "CN=indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
plugins.security.restapi.roles_enabled:
- "all_access"
- "security_rest_api_access"

plugins.security.system_indices.enabled: true
plugins.security.system_indices.indices: [".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]

### Option to allow Filebeat-oss 7.10.2 to work ###
compatibility.override_main_response_version: true
c-bordon commented 6 months ago

After new test with the same VM, the installation progressed correctly, I am going to replicate the tests to verify if the error appears again:

[vagrant@rhel-9 ~]$ sudo bash wazuh-install.sh -a
18/01/2024 12:08:56 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0
18/01/2024 12:08:56 INFO: Verbose logging redirected to /var/log/wazuh-install.log
18/01/2024 12:09:03 INFO: Verifying that your system meets the recommended minimum hardware requirements.
18/01/2024 12:09:03 INFO: Wazuh web interface port will be 443.
18/01/2024 12:09:04 WARNING: The system has Firewalld enabled. Please ensure that traffic is allowed on these ports: 1515, 1514, 443.
18/01/2024 12:09:06 INFO: Wazuh development repository added.
18/01/2024 12:09:06 INFO: --- Configuration files ---
18/01/2024 12:09:06 INFO: Generating configuration files.
18/01/2024 12:09:08 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
18/01/2024 12:09:08 INFO: --- Wazuh indexer ---
18/01/2024 12:09:08 INFO: Starting Wazuh indexer installation.
18/01/2024 12:11:43 INFO: Wazuh indexer installation finished.
18/01/2024 12:11:43 INFO: Wazuh indexer post-install configuration finished.
18/01/2024 12:11:43 INFO: Starting service wazuh-indexer.
+ echo 'entro por el if de systemd'
entro por el if de systemd
+ eval 'systemctl daemon-reload >> /var/log/wazuh-install.log 2>&1'
++ systemctl daemon-reload
+ eval 'systemctl enable wazuh-indexer.service >> /var/log/wazuh-install.log 2>&1'
++ systemctl enable wazuh-indexer.service
+ eval 'cat /etc/wazuh-indexer/opensearch.yml'
++ cat /etc/wazuh-indexer/opensearch.yml
network.host: "localhost"
node.name: "node-1"
cluster.initial_master_nodes:
- "node-1"
cluster.name: "wazuh-cluster"

node.max_local_storage_nodes: "3"
path.data: /var/lib/wazuh-indexer
path.logs: /var/log/wazuh-indexer

plugins.security.ssl.http.pemcert_filepath: /etc/wazuh-indexer/certs/wazuh-indexer.pem
plugins.security.ssl.http.pemkey_filepath: /etc/wazuh-indexer/certs/wazuh-indexer-key.pem
plugins.security.ssl.http.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem
plugins.security.ssl.transport.pemcert_filepath: /etc/wazuh-indexer/certs/wazuh-indexer.pem
plugins.security.ssl.transport.pemkey_filepath: /etc/wazuh-indexer/certs/wazuh-indexer-key.pem
plugins.security.ssl.transport.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem
plugins.security.ssl.http.enabled: true
plugins.security.ssl.transport.enforce_hostname_verification: false
plugins.security.ssl.transport.resolve_hostname: false
plugins.security.ssl.http.enabled_ciphers:
  - "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"
  - "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"
  - "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"
  - "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"
plugins.security.ssl.http.enabled_protocols:
  - "TLSv1.2"
plugins.security.authcz.admin_dn:
- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
plugins.security.check_snapshot_restore_write_privileges: true
plugins.security.enable_snapshot_restore_privilege: true
plugins.security.nodes_dn:
- "CN=indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
plugins.security.restapi.roles_enabled:
- "all_access"
- "security_rest_api_access"

plugins.security.system_indices.enabled: true
plugins.security.system_indices.indices: [".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]

### Option to allow Filebeat-oss 7.10.2 to work ###
compatibility.override_main_response_version: true
+ eval 'systemctl start wazuh-indexer.service >> /var/log/wazuh-install.log 2>&1'
++ systemctl start wazuh-indexer.service
+ echo 'este es el pipestatus: 0'
este es el pipestatus: 0
+ '[' 0 '!=' 0 ']'
+ common_logger 'wazuh-indexer service started.'
++ date '+%d/%m/%Y %H:%M:%S'
+ now='18/01/2024 12:11:54'
+ mtype=INFO:
+ debugLogger=
+ nolog=
+ '[' -n 'wazuh-indexer service started.' ']'
+ '[' -n 'wazuh-indexer service started.' ']'
+ case ${1} in
+ message='wazuh-indexer service started.'
+ shift 1
+ '[' -n '' ']'
+ '[' -z '' ']'
+ '[' 0 -eq 0 ']'
+ '[' -z '' ']'
+ printf '%s\n' '18/01/2024 12:11:54 INFO: wazuh-indexer service started.'
+ tee -a /var/log/wazuh-install.log
18/01/2024 12:11:54 INFO: wazuh-indexer service started.
+ set +x
18/01/2024 12:11:54 INFO: Initializing Wazuh indexer cluster security settings.
18/01/2024 12:12:06 INFO: The Wazuh indexer cluster ISM initialized.
18/01/2024 12:12:06 INFO: Wazuh indexer cluster initialized.
18/01/2024 12:12:06 INFO: --- Wazuh server ---
18/01/2024 12:12:06 INFO: Starting the Wazuh manager installation.
18/01/2024 12:13:51 INFO: Wazuh manager installation finished.
18/01/2024 12:13:51 INFO: Starting service wazuh-manager.
+ echo 'entro por el if de systemd'
entro por el if de systemd
+ eval 'systemctl daemon-reload >> /var/log/wazuh-install.log 2>&1'
++ systemctl daemon-reload
+ eval 'systemctl enable wazuh-manager.service >> /var/log/wazuh-install.log 2>&1'
++ systemctl enable wazuh-manager.service
+ eval 'cat /etc/wazuh-indexer/opensearch.yml'
++ cat /etc/wazuh-indexer/opensearch.yml
network.host: "localhost"
node.name: "node-1"
cluster.initial_master_nodes:
- "node-1"
cluster.name: "wazuh-cluster"

node.max_local_storage_nodes: "3"
path.data: /var/lib/wazuh-indexer
path.logs: /var/log/wazuh-indexer

plugins.security.ssl.http.pemcert_filepath: /etc/wazuh-indexer/certs/wazuh-indexer.pem
plugins.security.ssl.http.pemkey_filepath: /etc/wazuh-indexer/certs/wazuh-indexer-key.pem
plugins.security.ssl.http.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem
plugins.security.ssl.transport.pemcert_filepath: /etc/wazuh-indexer/certs/wazuh-indexer.pem
plugins.security.ssl.transport.pemkey_filepath: /etc/wazuh-indexer/certs/wazuh-indexer-key.pem
plugins.security.ssl.transport.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem
plugins.security.ssl.http.enabled: true
plugins.security.ssl.transport.enforce_hostname_verification: false
plugins.security.ssl.transport.resolve_hostname: false
plugins.security.ssl.http.enabled_ciphers:
  - "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"
  - "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"
  - "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"
  - "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"
plugins.security.ssl.http.enabled_protocols:
  - "TLSv1.2"
plugins.security.authcz.admin_dn:
- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
plugins.security.check_snapshot_restore_write_privileges: true
plugins.security.enable_snapshot_restore_privilege: true
plugins.security.nodes_dn:
- "CN=indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
plugins.security.restapi.roles_enabled:
- "all_access"
- "security_rest_api_access"

plugins.security.system_indices.enabled: true
plugins.security.system_indices.indices: [".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]

### Option to allow Filebeat-oss 7.10.2 to work ###
compatibility.override_main_response_version: true
+ eval 'systemctl start wazuh-manager.service >> /var/log/wazuh-install.log 2>&1'
++ systemctl start wazuh-manager.service
+ echo 'este es el pipestatus: 0'
este es el pipestatus: 0
+ '[' 0 '!=' 0 ']'
+ common_logger 'wazuh-manager service started.'
++ date '+%d/%m/%Y %H:%M:%S'
+ now='18/01/2024 12:13:59'
+ mtype=INFO:
+ debugLogger=
+ nolog=
+ '[' -n 'wazuh-manager service started.' ']'
+ '[' -n 'wazuh-manager service started.' ']'
+ case ${1} in
+ message='wazuh-manager service started.'
+ shift 1
+ '[' -n '' ']'
+ '[' -z '' ']'
+ '[' 0 -eq 0 ']'
+ '[' -z '' ']'
+ printf '%s\n' '18/01/2024 12:13:59 INFO: wazuh-manager service started.'
+ tee -a /var/log/wazuh-install.log
18/01/2024 12:13:59 INFO: wazuh-manager service started.
+ set +x
18/01/2024 12:13:59 INFO: Starting Filebeat installation.
18/01/2024 12:14:10 INFO: Filebeat installation finished.
18/01/2024 12:14:12 INFO: Filebeat post-install configuration finished.
18/01/2024 12:14:12 INFO: Starting service filebeat.
+ echo 'entro por el if de systemd'
entro por el if de systemd
+ eval 'systemctl daemon-reload >> /var/log/wazuh-install.log 2>&1'
++ systemctl daemon-reload
+ eval 'systemctl enable filebeat.service >> /var/log/wazuh-install.log 2>&1'
++ systemctl enable filebeat.service
+ eval 'cat /etc/wazuh-indexer/opensearch.yml'
++ cat /etc/wazuh-indexer/opensearch.yml
network.host: "localhost"
node.name: "node-1"
cluster.initial_master_nodes:
- "node-1"
cluster.name: "wazuh-cluster"

node.max_local_storage_nodes: "3"
path.data: /var/lib/wazuh-indexer
path.logs: /var/log/wazuh-indexer

plugins.security.ssl.http.pemcert_filepath: /etc/wazuh-indexer/certs/wazuh-indexer.pem
plugins.security.ssl.http.pemkey_filepath: /etc/wazuh-indexer/certs/wazuh-indexer-key.pem
plugins.security.ssl.http.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem
plugins.security.ssl.transport.pemcert_filepath: /etc/wazuh-indexer/certs/wazuh-indexer.pem
plugins.security.ssl.transport.pemkey_filepath: /etc/wazuh-indexer/certs/wazuh-indexer-key.pem
plugins.security.ssl.transport.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem
plugins.security.ssl.http.enabled: true
plugins.security.ssl.transport.enforce_hostname_verification: false
plugins.security.ssl.transport.resolve_hostname: false
plugins.security.ssl.http.enabled_ciphers:
  - "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"
  - "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"
  - "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"
  - "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"
plugins.security.ssl.http.enabled_protocols:
  - "TLSv1.2"
plugins.security.authcz.admin_dn:
- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
plugins.security.check_snapshot_restore_write_privileges: true
plugins.security.enable_snapshot_restore_privilege: true
plugins.security.nodes_dn:
- "CN=indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
plugins.security.restapi.roles_enabled:
- "all_access"
- "security_rest_api_access"

plugins.security.system_indices.enabled: true
plugins.security.system_indices.indices: [".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]

### Option to allow Filebeat-oss 7.10.2 to work ###
compatibility.override_main_response_version: true
+ eval 'systemctl start filebeat.service >> /var/log/wazuh-install.log 2>&1'
++ systemctl start filebeat.service
+ echo 'este es el pipestatus: 0'
este es el pipestatus: 0
+ '[' 0 '!=' 0 ']'
+ common_logger 'filebeat service started.'
++ date '+%d/%m/%Y %H:%M:%S'
+ now='18/01/2024 12:14:12'
+ mtype=INFO:
+ debugLogger=
+ nolog=
+ '[' -n 'filebeat service started.' ']'
+ '[' -n 'filebeat service started.' ']'
+ case ${1} in
+ message='filebeat service started.'
+ shift 1
+ '[' -n '' ']'
+ '[' -z '' ']'
+ '[' 0 -eq 0 ']'
+ '[' -z '' ']'
+ printf '%s\n' '18/01/2024 12:14:12 INFO: filebeat service started.'
+ tee -a /var/log/wazuh-install.log
18/01/2024 12:14:12 INFO: filebeat service started.
+ set +x
18/01/2024 12:14:12 INFO: --- Wazuh dashboard ---
18/01/2024 12:14:12 INFO: Starting Wazuh dashboard installation.
18/01/2024 12:15:41 INFO: Wazuh dashboard installation finished.
18/01/2024 12:15:41 INFO: Wazuh dashboard post-install configuration finished.
18/01/2024 12:15:41 INFO: Starting service wazuh-dashboard.
+ echo 'entro por el if de systemd'
entro por el if de systemd
+ eval 'systemctl daemon-reload >> /var/log/wazuh-install.log 2>&1'
++ systemctl daemon-reload
+ eval 'systemctl enable wazuh-dashboard.service >> /var/log/wazuh-install.log 2>&1'
++ systemctl enable wazuh-dashboard.service
+ eval 'cat /etc/wazuh-indexer/opensearch.yml'
++ cat /etc/wazuh-indexer/opensearch.yml
network.host: "localhost"
node.name: "node-1"
cluster.initial_master_nodes:
- "node-1"
cluster.name: "wazuh-cluster"

node.max_local_storage_nodes: "3"
path.data: /var/lib/wazuh-indexer
path.logs: /var/log/wazuh-indexer

plugins.security.ssl.http.pemcert_filepath: /etc/wazuh-indexer/certs/wazuh-indexer.pem
plugins.security.ssl.http.pemkey_filepath: /etc/wazuh-indexer/certs/wazuh-indexer-key.pem
plugins.security.ssl.http.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem
plugins.security.ssl.transport.pemcert_filepath: /etc/wazuh-indexer/certs/wazuh-indexer.pem
plugins.security.ssl.transport.pemkey_filepath: /etc/wazuh-indexer/certs/wazuh-indexer-key.pem
plugins.security.ssl.transport.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem
plugins.security.ssl.http.enabled: true
plugins.security.ssl.transport.enforce_hostname_verification: false
plugins.security.ssl.transport.resolve_hostname: false
plugins.security.ssl.http.enabled_ciphers:
  - "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"
  - "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"
  - "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"
  - "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"
plugins.security.ssl.http.enabled_protocols:
  - "TLSv1.2"
plugins.security.authcz.admin_dn:
- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
plugins.security.check_snapshot_restore_write_privileges: true
plugins.security.enable_snapshot_restore_privilege: true
plugins.security.nodes_dn:
- "CN=indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
plugins.security.restapi.roles_enabled:
- "all_access"
- "security_rest_api_access"

plugins.security.system_indices.enabled: true
plugins.security.system_indices.indices: [".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]

### Option to allow Filebeat-oss 7.10.2 to work ###
compatibility.override_main_response_version: true
+ eval 'systemctl start wazuh-dashboard.service >> /var/log/wazuh-install.log 2>&1'
++ systemctl start wazuh-dashboard.service
+ echo 'este es el pipestatus: 0'
este es el pipestatus: 0
+ '[' 0 '!=' 0 ']'
+ common_logger 'wazuh-dashboard service started.'
++ date '+%d/%m/%Y %H:%M:%S'
+ now='18/01/2024 12:15:41'
+ mtype=INFO:
+ debugLogger=
+ nolog=
+ '[' -n 'wazuh-dashboard service started.' ']'
+ '[' -n 'wazuh-dashboard service started.' ']'
+ case ${1} in
+ message='wazuh-dashboard service started.'
+ shift 1
+ '[' -n '' ']'
+ '[' -z '' ']'
+ '[' 0 -eq 0 ']'
+ '[' -z '' ']'
+ printf '%s\n' '18/01/2024 12:15:41 INFO: wazuh-dashboard service started.'
+ tee -a /var/log/wazuh-install.log
18/01/2024 12:15:41 INFO: wazuh-dashboard service started.
+ set +x
18/01/2024 12:15:43 INFO: Updating the internal users.
18/01/2024 12:15:46 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
18/01/2024 12:16:02 INFO: Initializing Wazuh dashboard web application.
18/01/2024 12:16:03 INFO: Wazuh dashboard web application initialized.
18/01/2024 12:16:03 INFO: --- Summary ---
18/01/2024 12:16:03 INFO: You can access the web interface https://<wazuh-dashboard-ip>:443
    User: admin
    Password: ED6Ka+1Z*ggL.wxDVAJKOitGRVlPg?Ym
18/01/2024 12:16:03 INFO: Installation finished.
[vagrant@rhel-9 ~]$ cat /etc/*release
NAME="Red Hat Enterprise Linux"
VERSION="9.0 (Plow)"
ID="rhel"
ID_LIKE="fedora"
VERSION_ID="9.0"
PLATFORM_ID="platform:el9"
PRETTY_NAME="Red Hat Enterprise Linux 9.0 (Plow)"
ANSI_COLOR="0;31"
LOGO="fedora-logo-icon"
CPE_NAME="cpe:/o:redhat:enterprise_linux:9::baseos"
HOME_URL="https://www.redhat.com/"
DOCUMENTATION_URL="https://access.redhat.com/documentation/red_hat_enterprise_linux/9/"
BUG_REPORT_URL="https://bugzilla.redhat.com/"

REDHAT_BUGZILLA_PRODUCT="Red Hat Enterprise Linux 9"
REDHAT_BUGZILLA_PRODUCT_VERSION=9.0
REDHAT_SUPPORT_PRODUCT="Red Hat Enterprise Linux"
REDHAT_SUPPORT_PRODUCT_VERSION="9.0"
Red Hat Enterprise Linux release 9.0 (Plow)
Red Hat Enterprise Linux release 9.0 (Plow)
c-bordon commented 6 months ago

Update report

in a new test, I started with a new fresh VM from the same box, On the first try, the installation got stuck, but after a reboot, the installation finished successfully without any change:

cbordon@cbordon-MS-7C88:~/Documents/wazuh/vagrant/rhel/9$ vagrant destroy -f && vagrant up && vagrant ssh
==> default: Forcing shutdown of VM...
==> default: Destroying VM and associated drives...
Bringing machine 'default' up with 'virtualbox' provider...
==> default: Importing base box 'generic/rhel9'...
==> default: Matching MAC address for NAT networking...
==> default: Checking if box 'generic/rhel9' version '4.0.2' is up to date...
==> default: Setting the name of the VM: rhel-9
==> default: Clearing any previously set network interfaces...
==> default: Preparing network interfaces based on configuration...
    default: Adapter 1: nat
    default: Adapter 2: hostonly
==> default: Forwarding ports...
    default: 22 (guest) => 2222 (host) (adapter 1)
==> default: Running 'pre-boot' VM customizations...
==> default: Booting VM...
==> default: Waiting for machine to boot. This may take a few minutes...
    default: SSH address: 127.0.0.1:2222
    default: SSH username: vagrant
    default: SSH auth method: private key
    default: 
    default: Vagrant insecure key detected. Vagrant will automatically replace
    default: this with a newly generated keypair for better security.
    default: 
    default: Inserting generated public key within guest...
    default: Removing insecure key from the guest if it's present...
    default: Key inserted! Disconnecting and reconnecting using new SSH key...
==> default: Machine booted and ready!
==> default: Checking for guest additions in VM...
    default: The guest additions on this VM do not match the installed version of
    default: VirtualBox! In most cases this is fine, but in rare cases it can
    default: prevent things such as shared folders from working properly. If you see
    default: shared folder errors, please make sure the guest additions within the
    default: virtual machine match the version of VirtualBox you have installed on
    default: your host and reload your VM.
    default: 
    default: Guest Additions Version: 6.1.30
    default: VirtualBox Version: 7.0
==> default: Setting hostname...
==> default: Configuring and enabling network interfaces...
[vagrant@rhel-9 ~]$ curl -sO https://packages-dev.wazuh.com/4.8/wazuh-install.sh && sudo bash ./wazuh-install.sh -a
18/01/2024 12:23:24 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0
18/01/2024 12:23:24 INFO: Verbose logging redirected to /var/log/wazuh-install.log
18/01/2024 12:23:32 INFO: Verifying that your system meets the recommended minimum hardware requirements.
18/01/2024 12:23:32 INFO: Wazuh web interface port will be 443.
18/01/2024 12:23:33 WARNING: The system has Firewalld enabled. Please ensure that traffic is allowed on these ports: 1515, 1514, 443.
18/01/2024 12:23:35 INFO: Wazuh development repository added.
18/01/2024 12:23:35 INFO: --- Configuration files ---
18/01/2024 12:23:35 INFO: Generating configuration files.
18/01/2024 12:23:37 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
18/01/2024 12:23:37 INFO: --- Wazuh indexer ---
18/01/2024 12:23:37 INFO: Starting Wazuh indexer installation.
18/01/2024 12:26:07 INFO: Wazuh indexer installation finished.
18/01/2024 12:26:07 INFO: Wazuh indexer post-install configuration finished.
18/01/2024 12:26:07 INFO: Starting service wazuh-indexer.
^C
Do you want to remove the ongoing installation?[Y/N]Y
18/01/2024 12:29:22 INFO: --- Removing existing Wazuh installation ---
18/01/2024 12:29:22 INFO: Removing Wazuh indexer.
18/01/2024 12:29:23 INFO: Wazuh indexer removed.
18/01/2024 12:29:24 INFO: Installation cleaned.
[vagrant@rhel-9 ~]$ sudo poweroff
Connection to 127.0.0.1 closed by remote host.
cbordon@cbordon-MS-7C88:~/Documents/wazuh/vagrant/rhel/9$ vagrant up && vagrant ssh
Bringing machine 'default' up with 'virtualbox' provider...
==> default: Checking if box 'generic/rhel9' version '4.0.2' is up to date...
==> default: Clearing any previously set forwarded ports...
==> default: Clearing any previously set network interfaces...
==> default: Preparing network interfaces based on configuration...
    default: Adapter 1: nat
    default: Adapter 2: hostonly
==> default: Forwarding ports...
    default: 22 (guest) => 2222 (host) (adapter 1)
==> default: Running 'pre-boot' VM customizations...
==> default: Booting VM...
==> default: Waiting for machine to boot. This may take a few minutes...
    default: SSH address: 127.0.0.1:2222
    default: SSH username: vagrant
    default: SSH auth method: private key
==> default: Machine booted and ready!
==> default: Checking for guest additions in VM...
    default: The guest additions on this VM do not match the installed version of
    default: VirtualBox! In most cases this is fine, but in rare cases it can
    default: prevent things such as shared folders from working properly. If you see
    default: shared folder errors, please make sure the guest additions within the
    default: virtual machine match the version of VirtualBox you have installed on
    default: your host and reload your VM.
    default: 
    default: Guest Additions Version: 6.1.30
    default: VirtualBox Version: 7.0
==> default: Setting hostname...
==> default: Configuring and enabling network interfaces...
==> default: Machine already provisioned. Run `vagrant provision` or use the `--provision`
==> default: flag to force provisioning. Provisioners marked to run always will still run.
Last login: Thu Jan 18 12:26:17 2024 from 10.0.2.2
[vagrant@rhel-9 ~]$ sudo bash ./wazuh-install.sh -a
18/01/2024 12:30:21 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0
18/01/2024 12:30:21 INFO: Verbose logging redirected to /var/log/wazuh-install.log
18/01/2024 12:30:29 INFO: Verifying that your system meets the recommended minimum hardware requirements.
18/01/2024 12:30:29 INFO: Wazuh web interface port will be 443.
18/01/2024 12:30:30 WARNING: The system has Firewalld enabled. Please ensure that traffic is allowed on these ports: 1515, 1514, 443.
18/01/2024 12:30:32 INFO: Wazuh development repository added.
18/01/2024 12:30:32 INFO: --- Configuration files ---
18/01/2024 12:30:32 INFO: Generating configuration files.
18/01/2024 12:30:34 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
18/01/2024 12:30:34 INFO: --- Wazuh indexer ---
18/01/2024 12:30:34 INFO: Starting Wazuh indexer installation.
18/01/2024 12:33:03 INFO: Wazuh indexer installation finished.
18/01/2024 12:33:03 INFO: Wazuh indexer post-install configuration finished.
18/01/2024 12:33:03 INFO: Starting service wazuh-indexer.
18/01/2024 12:33:13 INFO: wazuh-indexer service started.
18/01/2024 12:33:13 INFO: Initializing Wazuh indexer cluster security settings.
18/01/2024 12:33:25 INFO: The Wazuh indexer cluster ISM initialized.
18/01/2024 12:33:25 INFO: Wazuh indexer cluster initialized.
18/01/2024 12:33:25 INFO: --- Wazuh server ---
18/01/2024 12:33:25 INFO: Starting the Wazuh manager installation.
18/01/2024 12:35:05 INFO: Wazuh manager installation finished.
18/01/2024 12:35:05 INFO: Starting service wazuh-manager.
18/01/2024 12:35:15 INFO: wazuh-manager service started.
18/01/2024 12:35:15 INFO: Starting Filebeat installation.
18/01/2024 12:35:24 INFO: Filebeat installation finished.
18/01/2024 12:35:26 INFO: Filebeat post-install configuration finished.
18/01/2024 12:35:26 INFO: Starting service filebeat.
18/01/2024 12:35:26 INFO: filebeat service started.
18/01/2024 12:35:26 INFO: --- Wazuh dashboard ---
18/01/2024 12:35:26 INFO: Starting Wazuh dashboard installation.
18/01/2024 12:36:58 INFO: Wazuh dashboard installation finished.
18/01/2024 12:36:58 INFO: Wazuh dashboard post-install configuration finished.
18/01/2024 12:36:58 INFO: Starting service wazuh-dashboard.
18/01/2024 12:36:58 INFO: wazuh-dashboard service started.
18/01/2024 12:37:01 INFO: Updating the internal users.
18/01/2024 12:37:04 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
18/01/2024 12:37:22 INFO: Initializing Wazuh dashboard web application.
18/01/2024 12:37:23 INFO: Wazuh dashboard web application initialized.
18/01/2024 12:37:23 INFO: --- Summary ---
18/01/2024 12:37:23 INFO: You can access the web interface https://<wazuh-dashboard-ip>:443
    User: admin
    Password: LX23xavcsLI0tdgRcL?0wZ6?Qxs?F1pc
18/01/2024 12:37:23 INFO: Installation finished.
c-bordon commented 6 months ago

New test

In a new VM, restart the VM without doing anything, and after the restart perform the installation without problems

cbordon@cbordon-MS-7C88:~/Documents/wazuh/vagrant/rhel/9$ vagrant destroy -f && vagrant up && vagrant ssh
==> default: Forcing shutdown of VM...
==> default: Destroying VM and associated drives...
Bringing machine 'default' up with 'virtualbox' provider...
==> default: Importing base box 'generic/rhel9'...
==> default: Matching MAC address for NAT networking...
==> default: Checking if box 'generic/rhel9' version '4.0.2' is up to date...
==> default: A newer version of the box 'generic/rhel9' for provider 'virtualbox' is
==> default: available! You currently have version '4.0.2'. The latest is version
==> default: '4.3.12'. Run `vagrant box update` to update.
==> default: Setting the name of the VM: rhel-9
==> default: Clearing any previously set network interfaces...
==> default: Preparing network interfaces based on configuration...
    default: Adapter 1: nat
    default: Adapter 2: hostonly
==> default: Forwarding ports...
    default: 22 (guest) => 2222 (host) (adapter 1)
==> default: Running 'pre-boot' VM customizations...
==> default: Booting VM...
==> default: Waiting for machine to boot. This may take a few minutes...
    default: SSH address: 127.0.0.1:2222
    default: SSH username: vagrant
    default: SSH auth method: private key
    default: 
    default: Vagrant insecure key detected. Vagrant will automatically replace
    default: this with a newly generated keypair for better security.
    default: 
    default: Inserting generated public key within guest...
    default: Removing insecure key from the guest if it's present...
    default: Key inserted! Disconnecting and reconnecting using new SSH key...
==> default: Machine booted and ready!
==> default: Checking for guest additions in VM...
    default: The guest additions on this VM do not match the installed version of
    default: VirtualBox! In most cases this is fine, but in rare cases it can
    default: prevent things such as shared folders from working properly. If you see
    default: shared folder errors, please make sure the guest additions within the
    default: virtual machine match the version of VirtualBox you have installed on
    default: your host and reload your VM.
    default: 
    default: Guest Additions Version: 6.1.30
    default: VirtualBox Version: 7.0
==> default: Setting hostname...
==> default: Configuring and enabling network interfaces...
[vagrant@rhel-9 ~]$ sudo poweroff
Connection to 127.0.0.1 closed by remote host.
cbordon@cbordon-MS-7C88:~/Documents/wazuh/vagrant/rhel/9$ vagrant up && vagrant ssh
Bringing machine 'default' up with 'virtualbox' provider...
==> default: Checking if box 'generic/rhel9' version '4.0.2' is up to date...
==> default: Clearing any previously set forwarded ports...
==> default: Clearing any previously set network interfaces...
==> default: Preparing network interfaces based on configuration...
    default: Adapter 1: nat
    default: Adapter 2: hostonly
==> default: Forwarding ports...
    default: 22 (guest) => 2222 (host) (adapter 1)
==> default: Running 'pre-boot' VM customizations...
==> default: Booting VM...
==> default: Waiting for machine to boot. This may take a few minutes...
    default: SSH address: 127.0.0.1:2222
    default: SSH username: vagrant
    default: SSH auth method: private key
==> default: Machine booted and ready!
==> default: Checking for guest additions in VM...
    default: The guest additions on this VM do not match the installed version of
    default: VirtualBox! In most cases this is fine, but in rare cases it can
    default: prevent things such as shared folders from working properly. If you see
    default: shared folder errors, please make sure the guest additions within the
    default: virtual machine match the version of VirtualBox you have installed on
    default: your host and reload your VM.
    default: 
    default: Guest Additions Version: 6.1.30
    default: VirtualBox Version: 7.0
==> default: Setting hostname...
==> default: Configuring and enabling network interfaces...
==> default: Machine already provisioned. Run `vagrant provision` or use the `--provision`
==> default: flag to force provisioning. Provisioners marked to run always will still run.
Last login: Thu Jan 18 12:43:56 2024 from 10.0.2.2
[vagrant@rhel-9 ~]$ curl -sO https://packages-dev.wazuh.com/4.8/wazuh-install.sh && sudo bash ./wazuh-install.sh -a
18/01/2024 12:45:56 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0
18/01/2024 12:45:56 INFO: Verbose logging redirected to /var/log/wazuh-install.log
18/01/2024 12:46:04 INFO: Verifying that your system meets the recommended minimum hardware requirements.
18/01/2024 12:46:04 INFO: Wazuh web interface port will be 443.
18/01/2024 12:46:05 WARNING: The system has Firewalld enabled. Please ensure that traffic is allowed on these ports: 1515, 1514, 443.
18/01/2024 12:46:07 INFO: Wazuh development repository added.
18/01/2024 12:46:07 INFO: --- Configuration files ---
18/01/2024 12:46:07 INFO: Generating configuration files.
18/01/2024 12:46:08 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
18/01/2024 12:46:08 INFO: --- Wazuh indexer ---
18/01/2024 12:46:08 INFO: Starting Wazuh indexer installation.
18/01/2024 12:48:46 INFO: Wazuh indexer installation finished.
18/01/2024 12:48:46 INFO: Wazuh indexer post-install configuration finished.
18/01/2024 12:48:46 INFO: Starting service wazuh-indexer.
18/01/2024 12:48:56 INFO: wazuh-indexer service started.
18/01/2024 12:48:56 INFO: Initializing Wazuh indexer cluster security settings.
18/01/2024 12:49:09 INFO: The Wazuh indexer cluster ISM initialized.
18/01/2024 12:49:09 INFO: Wazuh indexer cluster initialized.
18/01/2024 12:49:09 INFO: --- Wazuh server ---
18/01/2024 12:49:09 INFO: Starting the Wazuh manager installation.
18/01/2024 12:50:59 INFO: Wazuh manager installation finished.
18/01/2024 12:50:59 INFO: Starting service wazuh-manager.
18/01/2024 12:51:10 INFO: wazuh-manager service started.
18/01/2024 12:51:10 INFO: Starting Filebeat installation.
18/01/2024 12:51:18 INFO: Filebeat installation finished.
18/01/2024 12:51:20 INFO: Filebeat post-install configuration finished.
18/01/2024 12:51:20 INFO: Starting service filebeat.
18/01/2024 12:51:20 INFO: filebeat service started.
18/01/2024 12:51:20 INFO: --- Wazuh dashboard ---
18/01/2024 12:51:20 INFO: Starting Wazuh dashboard installation.
18/01/2024 12:52:54 INFO: Wazuh dashboard installation finished.
18/01/2024 12:52:54 INFO: Wazuh dashboard post-install configuration finished.
18/01/2024 12:52:54 INFO: Starting service wazuh-dashboard.
18/01/2024 12:52:54 INFO: wazuh-dashboard service started.
18/01/2024 12:52:56 INFO: Updating the internal users.
18/01/2024 12:52:58 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
18/01/2024 12:53:15 INFO: Initializing Wazuh dashboard web application.
18/01/2024 12:53:16 INFO: Wazuh dashboard web application initialized.
18/01/2024 12:53:16 INFO: --- Summary ---
18/01/2024 12:53:16 INFO: You can access the web interface https://<wazuh-dashboard-ip>:443
    User: admin
    Password: tT7CbCCHfPbi1.akxJPVD1zLzgCd*alU
18/01/2024 12:53:16 INFO: Installation finished.
c-bordon commented 6 months ago

AMI

With the AWS quickstart AMI this error does not occur:

cbordon@cbordon-MS-7C88:~/Downloads$ ssh -i cbordon-1.pem -p 2200 ec2-user@184.73.62.250
The authenticity of host '[184.73.62.250]:2200 ([184.73.62.250]:2200)' can't be established.
ED25519 key fingerprint is SHA256:Yfm+tBB5f2HNpLtDz48Y+I11JruXg9qvq5o50RIkzSY.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes  
Warning: Permanently added '[184.73.62.250]:2200' (ED25519) to the list of known hosts.
Register this system with Red Hat Insights: insights-client --register
Create an account or view all your systems at https://red.ht/insights-dashboard
[ec2-user@ip-172-31-47-163 ~]$ curl -sO https://packages-dev.wazuh.com/4.8/wazuh-install.sh && sudo bash ./wazuh-install.sh -a
18/01/2024 13:04:29 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0
18/01/2024 13:04:29 INFO: Verbose logging redirected to /var/log/wazuh-install.log
18/01/2024 13:04:41 INFO: --- Dependencies ---
18/01/2024 13:04:41 INFO: Installing lsof.
18/01/2024 13:05:00 INFO: Verifying that your system meets the recommended minimum hardware requirements.
18/01/2024 13:05:00 ERROR: Your system does not meet the recommended minimum hardware requirements of 4Gb of RAM and 2 CPU cores. If you want to proceed with the installation use the -i option to ignore these requirements.
[ec2-user@ip-172-31-47-163 ~]$ curl -sO https://packages-dev.wazuh.com/4.8/wazuh-install.sh && sudo bash ./wazuh-install.sh -a -i
18/01/2024 13:05:29 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0
18/01/2024 13:05:29 INFO: Verbose logging redirected to /var/log/wazuh-install.log
18/01/2024 13:05:41 WARNING: Hardware and system checks ignored.
18/01/2024 13:05:41 INFO: Wazuh web interface port will be 443.
18/01/2024 13:05:45 INFO: Wazuh development repository added.
18/01/2024 13:05:45 INFO: --- Configuration files ---
18/01/2024 13:05:45 INFO: Generating configuration files.
18/01/2024 13:05:48 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
18/01/2024 13:05:49 INFO: --- Wazuh indexer ---
18/01/2024 13:05:49 INFO: Starting Wazuh indexer installation.
18/01/2024 13:08:24 INFO: Wazuh indexer installation finished.
18/01/2024 13:08:24 INFO: Wazuh indexer post-install configuration finished.
18/01/2024 13:08:24 INFO: Starting service wazuh-indexer.
18/01/2024 13:08:48 INFO: wazuh-indexer service started.
18/01/2024 13:08:48 INFO: Initializing Wazuh indexer cluster security settings.
18/01/2024 13:09:03 INFO: The Wazuh indexer cluster ISM initialized.
18/01/2024 13:09:03 INFO: Wazuh indexer cluster initialized.
18/01/2024 13:09:03 INFO: --- Wazuh server ---
18/01/2024 13:09:03 INFO: Starting the Wazuh manager installation.
18/01/2024 13:12:58 INFO: Wazuh manager installation finished.
18/01/2024 13:12:58 INFO: Starting service wazuh-manager.
18/01/2024 13:13:18 INFO: wazuh-manager service started.
18/01/2024 13:13:18 INFO: Starting Filebeat installation.
18/01/2024 13:13:30 INFO: Filebeat installation finished.
18/01/2024 13:13:30 INFO: Filebeat post-install configuration finished.
18/01/2024 13:13:30 INFO: Starting service filebeat.
18/01/2024 13:13:31 INFO: filebeat service started.
18/01/2024 13:13:31 INFO: --- Wazuh dashboard ---
18/01/2024 13:13:31 INFO: Starting Wazuh dashboard installation.
18/01/2024 13:13:52 ERROR: Wazuh dashboard installation failed.
18/01/2024 13:13:52 INFO: --- Removing existing Wazuh installation ---
18/01/2024 13:13:52 INFO: Removing Wazuh manager.
18/01/2024 13:14:18 INFO: Wazuh manager removed.
18/01/2024 13:14:18 INFO: Removing Wazuh indexer.
18/01/2024 13:14:21 INFO: Wazuh indexer removed.
18/01/2024 13:14:21 INFO: Removing Filebeat.
18/01/2024 13:14:23 INFO: Filebeat removed.
18/01/2024 13:14:24 INFO: Installation cleaned. Check the /var/log/wazuh-install.log file to learn more about the issue.
c-bordon commented 6 months ago

Test with 4.7.2

With 4.7.2 this error does not appear, possibly it may be with the version of OpenSearch since the point at which the installation process gets stuck is systemctl start wazuh-indexer

cbordon@cbordon-MS-7C88:~/Documents/wazuh/vagrant/rhel/9$ vagrant destroy -f && vagrant up && vagrant ssh
==> default: Forcing shutdown of VM...
==> default: Destroying VM and associated drives...
Bringing machine 'default' up with 'virtualbox' provider...
==> default: Importing base box 'generic/rhel9'...
==> default: Matching MAC address for NAT networking...
==> default: Checking if box 'generic/rhel9' version '4.0.2' is up to date...
==> default: Setting the name of the VM: rhel-9
==> default: Clearing any previously set network interfaces...
==> default: Preparing network interfaces based on configuration...
    default: Adapter 1: nat
    default: Adapter 2: hostonly
==> default: Forwarding ports...
    default: 22 (guest) => 2222 (host) (adapter 1)
==> default: Running 'pre-boot' VM customizations...
==> default: Booting VM...
==> default: Waiting for machine to boot. This may take a few minutes...
    default: SSH address: 127.0.0.1:2222
    default: SSH username: vagrant
    default: SSH auth method: private key
    default: 
    default: Vagrant insecure key detected. Vagrant will automatically replace
    default: this with a newly generated keypair for better security.
    default: 
    default: Inserting generated public key within guest...
    default: Removing insecure key from the guest if it's present...
    default: Key inserted! Disconnecting and reconnecting using new SSH key...
==> default: Machine booted and ready!
==> default: Checking for guest additions in VM...
    default: The guest additions on this VM do not match the installed version of
    default: VirtualBox! In most cases this is fine, but in rare cases it can
    default: prevent things such as shared folders from working properly. If you see
    default: shared folder errors, please make sure the guest additions within the
    default: virtual machine match the version of VirtualBox you have installed on
    default: your host and reload your VM.
    default: 
    default: Guest Additions Version: 6.1.30
    default: VirtualBox Version: 7.0
==> default: Setting hostname...
==> default: Configuring and enabling network interfaces...
[vagrant@rhel-9 ~]$ curl -sO https://packages-dev.wazuh.com/4.7/wazuh-install.sh && sudo bash ./wazuh-install.sh -a
18/01/2024 13:10:39 INFO: Starting Wazuh installation assistant. Wazuh version: 4.7.2
18/01/2024 13:10:39 INFO: Verbose logging redirected to /var/log/wazuh-install.log
18/01/2024 13:10:47 INFO: Wazuh web interface port will be 443.
18/01/2024 13:10:48 WARNING: The system has Firewalld enabled. Please ensure that traffic is allowed on these ports: 1515, 1514, 443.
18/01/2024 13:10:50 INFO: Wazuh development repository added.
18/01/2024 13:10:50 INFO: --- Configuration files ---
18/01/2024 13:10:50 INFO: Generating configuration files.
18/01/2024 13:10:52 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
18/01/2024 13:10:52 INFO: --- Wazuh indexer ---
18/01/2024 13:10:52 INFO: Starting Wazuh indexer installation.
18/01/2024 13:13:18 INFO: Wazuh indexer installation finished.
18/01/2024 13:13:18 INFO: Wazuh indexer post-install configuration finished.
18/01/2024 13:13:18 INFO: Starting service wazuh-indexer.
18/01/2024 13:13:28 INFO: wazuh-indexer service started.
18/01/2024 13:13:28 INFO: Initializing Wazuh indexer cluster security settings.
18/01/2024 13:13:39 INFO: Wazuh indexer cluster initialized.
18/01/2024 13:13:39 INFO: --- Wazuh server ---
18/01/2024 13:13:39 INFO: Starting the Wazuh manager installation.
18/01/2024 13:14:33 INFO: Wazuh manager installation finished.
18/01/2024 13:14:33 INFO: Starting service wazuh-manager.
18/01/2024 13:14:40 INFO: wazuh-manager service started.
18/01/2024 13:14:40 INFO: Starting Filebeat installation.
18/01/2024 13:14:48 INFO: Filebeat installation finished.
18/01/2024 13:14:48 ERROR: Error downloading wazuh-template.json file.
18/01/2024 13:14:48 INFO: --- Removing existing Wazuh installation ---
18/01/2024 13:14:48 INFO: Removing Wazuh manager.
18/01/2024 13:15:01 INFO: Wazuh manager removed.
18/01/2024 13:15:01 INFO: Removing Wazuh indexer.
18/01/2024 13:15:03 INFO: Wazuh indexer removed.
18/01/2024 13:15:03 INFO: Removing Filebeat.
18/01/2024 13:15:04 INFO: Filebeat removed.
18/01/2024 13:15:04 INFO: Installation cleaned. Check the /var/log/wazuh-install.log file to learn more about the issue.
c-bordon commented 6 months ago

New test with alvistack/rhel-9 box

cbordon@cbordon-MS-7C88:~/Documents/wazuh/vagrant/rhel/9$ vagrant destroy -f && vagrant up && vagrant ssh
==> default: VM not created. Moving on...
Bringing machine 'default' up with 'virtualbox' provider...
==> default: Importing base box 'alvistack/rhel-9'...
==> default: Matching MAC address for NAT networking...
==> default: Checking if box 'alvistack/rhel-9' version '20230415.1.1' is up to date...
==> default: A newer version of the box 'alvistack/rhel-9' for provider 'virtualbox' is
==> default: available! You currently have version '20230415.1.1'. The latest is version
==> default: '20240115.1.1'. Run `vagrant box update` to update.
==> default: Setting the name of the VM: rhel-9
==> default: Clearing any previously set network interfaces...
==> default: Preparing network interfaces based on configuration...
    default: Adapter 1: nat
    default: Adapter 2: hostonly
==> default: Forwarding ports...
    default: 22 (guest) => 2222 (host) (adapter 1)
==> default: Running 'pre-boot' VM customizations...
==> default: Booting VM...
==> default: Waiting for machine to boot. This may take a few minutes...
    default: SSH address: 127.0.0.1:2222
    default: SSH username: vagrant
    default: SSH auth method: private key
    default: 
    default: Vagrant insecure key detected. Vagrant will automatically replace
    default: this with a newly generated keypair for better security.
    default: 
    default: Inserting generated public key within guest...
    default: Removing insecure key from the guest if it's present...
    default: Key inserted! Disconnecting and reconnecting using new SSH key...
==> default: Machine booted and ready!
==> default: Checking for guest additions in VM...
    default: No guest additions were detected on the base box for this VM! Guest
    default: additions are required for forwarded ports, shared folders, host only
    default: networking, and more. If SSH fails on this machine, please install
    default: the guest additions and repackage the box to continue.
    default: 
    default: This is not an error message; everything may continue to work properly,
    default: in which case you may ignore this message.
==> default: Setting hostname...
==> default: Configuring and enabling network interfaces...
==> default: Mounting shared folders...
    default: /vagrant => /home/cbordon/Documents/wazuh/vagrant/rhel/9
[vagrant@rhel-9 ~]$ curl -sO https://packages-dev.wazuh.com/4.8/wazuh-install.sh && sudo bash ./wazuh-install.sh -a
18/01/2024 13:50:19 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0
18/01/2024 13:50:19 INFO: Verbose logging redirected to /var/log/wazuh-install.log
18/01/2024 13:50:28 INFO: --- Dependencies ---
18/01/2024 13:50:28 INFO: Installing lsof.
18/01/2024 13:51:11 INFO: Verifying that your system meets the recommended minimum hardware requirements.
18/01/2024 13:51:11 INFO: Wazuh web interface port will be 443.
18/01/2024 13:51:15 INFO: Wazuh development repository added.
18/01/2024 13:51:15 INFO: --- Configuration files ---
18/01/2024 13:51:15 INFO: Generating configuration files.
18/01/2024 13:51:16 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
18/01/2024 13:51:16 INFO: --- Wazuh indexer ---
18/01/2024 13:51:16 INFO: Starting Wazuh indexer installation.
18/01/2024 13:54:04 INFO: Wazuh indexer installation finished.
18/01/2024 13:54:04 INFO: Wazuh indexer post-install configuration finished.
18/01/2024 13:54:04 INFO: Starting service wazuh-indexer.
18/01/2024 13:54:15 INFO: wazuh-indexer service started.
18/01/2024 13:54:15 INFO: Initializing Wazuh indexer cluster security settings.
18/01/2024 13:54:28 INFO: The Wazuh indexer cluster ISM initialized.
18/01/2024 13:54:28 INFO: Wazuh indexer cluster initialized.
18/01/2024 13:54:28 INFO: --- Wazuh server ---
18/01/2024 13:54:28 INFO: Starting the Wazuh manager installation.
18/01/2024 13:56:02 INFO: Wazuh manager installation finished.
18/01/2024 13:56:02 INFO: Starting service wazuh-manager.
18/01/2024 13:56:09 INFO: wazuh-manager service started.
18/01/2024 13:56:09 INFO: Starting Filebeat installation.
18/01/2024 13:56:18 INFO: Filebeat installation finished.
18/01/2024 13:56:20 INFO: Filebeat post-install configuration finished.
18/01/2024 13:56:20 INFO: Starting service filebeat.
18/01/2024 13:56:20 INFO: filebeat service started.
18/01/2024 13:56:20 INFO: --- Wazuh dashboard ---
18/01/2024 13:56:20 INFO: Starting Wazuh dashboard installation.
18/01/2024 13:57:47 INFO: Wazuh dashboard installation finished.
18/01/2024 13:57:48 INFO: Wazuh dashboard post-install configuration finished.
18/01/2024 13:57:48 INFO: Starting service wazuh-dashboard.
18/01/2024 13:57:48 INFO: wazuh-dashboard service started.
18/01/2024 13:57:50 INFO: Updating the internal users.
18/01/2024 13:57:53 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
18/01/2024 13:58:09 INFO: Initializing Wazuh dashboard web application.
18/01/2024 13:58:10 INFO: Wazuh dashboard web application initialized.
18/01/2024 13:58:10 INFO: --- Summary ---
18/01/2024 13:58:10 INFO: You can access the web interface https://<wazuh-dashboard-ip>:443
    User: admin
    Password: 2qj0ERiCjNEt7kDWd.xxQDes3Rbv*NmG
18/01/2024 13:58:10 INFO: --- Dependencies ---
18/01/2024 13:58:10 INFO: Removing lsof.
18/01/2024 13:58:11 INFO: Installation finished.
teddytpc1 commented 6 months ago

Additional tests

Tests I have performed some additional tests:

Findings

teddytpc1 commented 6 months ago

@davidcr01, we have to revert this change:

davidcr01 commented 6 months ago

Update Report

The changes of https://github.com/wazuh/wazuh-packages/pull/2422/files were reverted.

Testing

Certificates generation - basic configuration

Configuration file config.yml ```console [root@redhat9 vagrant]# cat config.yml nodes: # Wazuh indexer nodes indexer: - name: node-1 ip: ip-10-0-2-193.us-west-1.compute.internal - name: node-2 ip: www.google.com - name: node-3 ip: 192.168.56.254 # Wazuh server nodes # If there is more than one Wazuh server # node, each one must have a node_type server: - name: wazuh-1 ip: ip-10-0-2-193.us-west-1.compute.internal node_type: master - name: wazuh-2 ip: info.wazuh.com node_type: worker - name: wazuh-3 ip: 10.10.25.250 node_type: worker # Wazuh dashboard nodes dashboard: - name: dashboard ip: testing.info.com ```

:green_circle: The certificates generation worked successfully

Certificates generation ```console [root@redhat9 vagrant]# bash wazuh-certs-tool.sh -A 24/01/2024 13:01:32 INFO: Admin certificates created. 24/01/2024 13:01:32 INFO: Wazuh indexer certificates created. 24/01/2024 13:01:33 INFO: Wazuh server certificates created. 24/01/2024 13:01:34 INFO: Wazuh dashboard certificates created. [root@redhat9 vagrant]# ls -la wazuh-certificates/ total 80 drwxr--r--. 2 root root 4096 Jan 24 13:01 . drwx------. 4 vagrant vagrant 4096 Jan 24 13:01 .. -rwxr--r--. 1 root root 1704 Jan 24 13:01 admin-key.pem -rwxr--r--. 1 root root 1119 Jan 24 13:01 admin.pem -rwxr--r--. 1 root root 1704 Jan 24 13:01 dashboard-key.pem -rwxr--r--. 1 root root 1298 Jan 24 13:01 dashboard.pem -rwxr--r--. 1 root root 1704 Jan 24 13:01 node-1-key.pem -rwxr--r--. 1 root root 1326 Jan 24 13:01 node-1.pem -rwxr--r--. 1 root root 1704 Jan 24 13:01 node-2-key.pem -rwxr--r--. 1 root root 1289 Jan 24 13:01 node-2.pem -rwxr--r--. 1 root root 1704 Jan 24 13:01 node-3-key.pem -rwxr--r--. 1 root root 1277 Jan 24 13:01 node-3.pem -rwxr--r--. 1 root root 1704 Jan 24 13:01 root-ca.key -rwxr--r--. 1 root root 1204 Jan 24 13:01 root-ca.pem -rwxr--r--. 1 root root 1704 Jan 24 13:01 wazuh-1-key.pem -rwxr--r--. 1 root root 1330 Jan 24 13:01 wazuh-1.pem -rwxr--r--. 1 root root 1704 Jan 24 13:01 wazuh-2-key.pem -rwxr--r--. 1 root root 1289 Jan 24 13:01 wazuh-2.pem -rwxr--r--. 1 root root 1704 Jan 24 13:01 wazuh-3-key.pem -rwxr--r--. 1 root root 1277 Jan 24 13:01 wazuh-3.pem [root@redhat9 vagrant]# openssl x509 -in wazuh-certificates/dashboard.pem -noout -text | grep DNS DNS:testing.info.com [root@redhat9 vagrant]# openssl x509 -in wazuh-certificates/node-1.pem -noout -text | grep DNS DNS:ip-10-0-2-193.us-west-1.compute.internal [root@redhat9 vagrant]# openssl x509 -in wazuh-certificates/node-2.pem -noout -text | grep DNS DNS:www.google.com [root@redhat9 vagrant]# openssl x509 -in wazuh-certificates/node-3.pem -noout -text | grep IP IP Address:192.168.56.254 [root@redhat9 vagrant]# openssl x509 -in wazuh-certificates/wazuh-1.pem -noout -text | grep DNS DNS:ip-10-0-2-193.us-west-1.compute.internal [root@redhat9 vagrant]# openssl x509 -in wazuh-certificates/wazuh-2.pem -noout -text | grep DNS DNS:info.wazuh.com [root@redhat9 vagrant]# openssl x509 -in wazuh-certificates/wazuh-3.pem -noout -text | grep IP IP Address:10.10.25.250 ```

Certificates generation - multiple IPs and DNS

Configuration file config.yml ```console [root@redhat9 vagrant]# cat config.yml nodes: # Wazuh indexer nodes #indexer: # - name: node-1 # ip: ip-10-0-2-193.us-west-1.compute.internal # - name: node-2 # ip: www.google.com # - name: node-3 # ip: 192.168.56.254 # Wazuh server nodes # If there is more than one Wazuh server # node, each one must have a node_type server: - name: wazuh-1 ip: ip-10-0-2-193.us-west-1.compute.internal ip: 192.168.56.250 node_type: master - name: wazuh-2 ip: info.wazuh.com ip: 192.168.56.251 ip: 10.10.0.250 node_type: worker - name: wazuh-3 ip: 10.10.25.250 node_type: worker # Wazuh dashboard nodes #dashboard: # - name: dashboard # ip: testing.info.com ```

:green_circle: The certificates generation worked successfully

Certificates generation ```console [root@redhat9 vagrant]# bash wazuh-certs-tool.sh -ca 24/01/2024 13:08:22 INFO: Authority certificates created. [root@redhat9 vagrant]# ls wazuh-certificates/ root-ca.key root-ca.pem [root@redhat9 vagrant]# mv wazuh-certificates/ wazuh-CA [root@redhat9 vagrant]# bash wazuh-certs-tool.sh -ws wazuh-CA/root-ca.key wazuh-CA/root-ca.pem 24/01/2024 13:09:52 INFO: Wazuh server certificates created. [root@redhat9 vagrant]# ls -la wazuh-certificates/ total 36 drwxr--r--. 2 root root 170 Jan 24 13:09 . drwx------. 5 vagrant vagrant 4096 Jan 24 13:09 .. -rwxr--r--. 1 root root 1708 Jan 24 13:09 root-ca.key -rwxr--r--. 1 root root 1204 Jan 24 13:09 root-ca.pem -rwxr--r--. 1 root root 1704 Jan 24 13:09 wazuh-1-key.pem -rwxr--r--. 1 root root 1338 Jan 24 13:09 wazuh-1.pem -rwxr--r--. 1 root root 1704 Jan 24 13:09 wazuh-2-key.pem -rwxr--r--. 1 root root 1310 Jan 24 13:09 wazuh-2.pem -rwxr--r--. 1 root root 1704 Jan 24 13:09 wazuh-3-key.pem -rwxr--r--. 1 root root 1277 Jan 24 13:09 wazuh-3.pem [root@redhat9 vagrant]# openssl x509 -in wazuh-certificates/wazuh-1.pem -noout -text | grep DNS DNS:ip-10-0-2-193.us-west-1.compute.internal, IP Address:192.168.56.250 [root@redhat9 vagrant]# openssl x509 -in wazuh-certificates/wazuh-2.pem -noout -text | grep IP DNS:info.wazuh.com, IP Address:192.168.56.251, IP Address:10.10.0.250 [root@redhat9 vagrant]# openssl x509 -in wazuh-certificates/wazuh-3.pem -noout -text | grep IP IP Address:10.10.25.250 ```
davidcr01 commented 6 months ago

Update Report

Installation

:green_circle: The installation didn't stop and finished successfully:

Show console log ```console [root@redhat9 vagrant]# bash wazuh-install.sh -a -i 24/01/2024 15:15:24 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0 24/01/2024 15:15:24 INFO: Verbose logging redirected to /var/log/wazuh-install.log 24/01/2024 15:15:36 WARNING: Hardware and system checks ignored. 24/01/2024 15:15:36 INFO: Wazuh web interface port will be 443. 24/01/2024 15:15:40 INFO: Wazuh development repository added. 24/01/2024 15:15:40 INFO: --- Configuration files --- 24/01/2024 15:15:40 INFO: Generating configuration files. 24/01/2024 15:15:42 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation. 24/01/2024 15:15:43 INFO: --- Wazuh indexer --- 24/01/2024 15:15:43 INFO: Starting Wazuh indexer installation. 24/01/2024 15:17:58 INFO: Wazuh indexer installation finished. 24/01/2024 15:17:58 INFO: Wazuh indexer post-install configuration finished. 24/01/2024 15:17:58 INFO: Starting service wazuh-indexer. 24/01/2024 15:18:36 INFO: wazuh-indexer service started. 24/01/2024 15:18:36 INFO: Initializing Wazuh indexer cluster security settings. 24/01/2024 15:18:59 INFO: Wazuh indexer cluster security configuration initialized. 24/01/2024 15:19:04 INFO: The Wazuh indexer cluster ISM initialized. 24/01/2024 15:19:04 INFO: Wazuh indexer cluster initialized. 24/01/2024 15:19:04 INFO: --- Wazuh server --- 24/01/2024 15:19:04 INFO: Starting the Wazuh manager installation. 24/01/2024 15:21:08 INFO: Wazuh manager installation finished. 24/01/2024 15:21:08 INFO: Wazuh manager vulnerability detection configuration finished. 24/01/2024 15:21:08 INFO: Starting service wazuh-manager. 24/01/2024 15:21:29 INFO: wazuh-manager service started. 24/01/2024 15:21:29 INFO: Starting Filebeat installation. 24/01/2024 15:21:54 INFO: Filebeat installation finished. 24/01/2024 15:21:56 INFO: Filebeat post-install configuration finished. 24/01/2024 15:21:56 INFO: Starting service filebeat. 24/01/2024 15:21:58 INFO: filebeat service started. 24/01/2024 15:21:58 INFO: --- Wazuh dashboard --- 24/01/2024 15:21:58 INFO: Starting Wazuh dashboard installation. ^[[A24/01/2024 15:25:03 INFO: Wazuh dashboard installation finished. 24/01/2024 15:25:03 INFO: Wazuh dashboard post-install configuration finished. 24/01/2024 15:25:03 INFO: Starting service wazuh-dashboard. 24/01/2024 15:25:04 INFO: wazuh-dashboard service started. 24/01/2024 15:25:13 INFO: Updating the internal users. 24/01/2024 15:25:32 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder. 24/01/2024 15:27:20 INFO: Initializing Wazuh dashboard web application. 24/01/2024 15:27:23 INFO: Wazuh dashboard web application initialized. 24/01/2024 15:27:23 INFO: --- Summary --- 24/01/2024 15:27:23 INFO: You can access the web interface https://:443 User: admin Password: Lqc6aZ0C30zTqQBsX2Gm+VNVYIXVrabv 24/01/2024 15:27:23 INFO: Installation finished. ```
Show log - wazuh-install.log ```console [root@redhat9 vagrant]# cat /var/log/wazuh-install.log 24/01/2024 15:15:24 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0 24/01/2024 15:15:24 INFO: Verbose logging redirected to /var/log/wazuh-install.log 0 files removed 24/01/2024 15:15:36 WARNING: Hardware and system checks ignored. 24/01/2024 15:15:36 INFO: Wazuh web interface port will be 443. [wazuh] gpgcheck=1 gpgkey=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH enabled=1 name=EL-${releasever} - Wazuh baseurl=https://packages-dev.wazuh.com/pre-release/yum/ protect=1 24/01/2024 15:15:40 INFO: Wazuh development repository added. 24/01/2024 15:15:40 INFO: --- Configuration files --- 24/01/2024 15:15:40 INFO: Generating configuration files. ...+...+..+...+...+.+.....+....+..+..........+...+..+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*....+...+..+......+.......+..+.+......+......+..+..........+...+.....+...+....+..+.+.....+..................+.+...+.....+.+..+.........+....+...........+..................+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*....+.+........+.........+..................+.........+.+...+..+....+...+.....+.+......+.........+.....+.+.....+...+......+............+....+...+..+...+...+..........+.....+...+.......+.................+......+....+.....+.+......+...............+...........+....+...+.....+......+...............+......+...+...+.......+.....+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ .....+..+...+....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+......+...+............+...+......+.+...+.........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+....+.....+....+......+.....................+.........+.........+..+...+......+......+.+..+.+....................+.+......+...+.....+.......+.....+.......+......+.....+............+...+....+..+.........+.........+.+...........+.+.....+...............+...+....+.....+..........+......+......+......+........+....+.....+.+.....+.......+........+.+..............+.+...+..+......+..........+..+.+..............+......+..........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ----- Certificate request self-signature ok subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = admin ...+.........+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.....+..+.......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+..+............................+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ..+..+......+.........+....+..+...+....+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*...+........+...+....+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*....+...+...+..+...+...+.+.....+.........+.+....................+...+......+....+......+.....+......+.+...+......+...+..+....+......+...+.....+............+.+...+.....+.......+..+......+.......+............+..................+...+..+............+...+...+................+...+..................+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ----- Certificate request self-signature ok subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-indexer .+..+.......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+..+..........+...+..+...+......+.+......+.........+...+...+..+.+...........+.+........+..............................+.......+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*......+..................+...+......+...+.....+...+...+................+...+.....+.+......+.....+.............+..+.+..+...+.........+......+.......+.....+...+....+.........+..+..................+......+....+...........+....+......+...+..+.+........+......+.....................+....+.....+...+...+...+.+...+........+.......+...........+.........+.+..+....+...+..............................+..+.+..+............+...+.+.....+.........+.+......+........+.......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ..+..........+..+...+............+............+.+.........+........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*....+...+......+..+...+.......+..+.+..............+.......+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*................+...+...+.........+....+............+...+...........+......+..........+...+.........+...+.................+...+.........+.+..+.......+...........+...+....+......+...............+.....+.+...+.....+...+...+.........+.+...........+.+............+.....+......+....+..+.+...+.....+....+..+..........+.........+..+...+....+.....+.......+.....+....+......+.....+.+...........................+..+....+...........+....+.........+..+...+.+..+...+......................+..+.+............+.....+..........+..+..........+..+.+........+....+..+.+............+......+..+...+.........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ----- Certificate request self-signature ok subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-server .........+..+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+...+..............+......+.+.....+....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.........+............+.......+........+....+.....+....+.....+......+.+..+.+.........+.....+.+..............+......+.+.....................+.........+...+.....+......+...............+......+...+...+....+.........+............+...+..+....+.........+...........+.+.....+.......+.....+......+......+....+........................+.....+.+..+....+...............+.....+.+.........+......+..+...+....+......+..+......+......+......+...+.......+...+...........+.............+......+.........+..+...................+............+..+............+....+.....+....+........+.......+.....+......+.......+..+...+...+......+...+.+......+......+..............+.+..+...+...+..........+.........+.....+.+..+.........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ...+............+.........+...+.......+.....+....+..+...+.+......+.....+.......+...+...+..............+.......+.....+......+....+...........+...+....+...........+......+......+.........+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.......+....+...+.....+.+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*...............+....+.........+..+......+............+...+.......+...+........+.+.....+....+..+.......+........+.......+..+...............+.+..................+..+.............+..+...+....+......+.....+.+..............+.......+..+...+.......+...........+......+.+..+...+...............+...+.........+.+...........+....+...........+.+..+.......+.....+......+....+.....+.+............+..+.............+.....+.+......+...+...+..+.......+......+..............+.+..+...+....+.....+.+...............+........+....+......+......+........+......................+........+............+...............+.+.....+...+.+.....+......+...+..........+......+.....+...+...+.......+.................+....+.....+......+.+........+....+...+.....+....+.....+.+.....+..........+...+..+............+...............+.......+...+...+..+......+.+......+.....+...+.+...+..+..........+.....+...............+...+.+..............+..........+......+..+..........+...+......+...............+...+...........+.+...+...+.....+.........+.............+......+.........+...+.....+.......+..+.+........+.+.....+....+..............+......+............+.........+.+............+..+....+.....+.+........+.......+......+..+......+............+....+...+........+....+..................+..+....+..+...............+...+.......+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ----- Certificate request self-signature ok subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-dashboard 24/01/2024 15:15:42 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation. 24/01/2024 15:15:43 INFO: --- Wazuh indexer --- 24/01/2024 15:15:43 INFO: Starting Wazuh indexer installation. Extra Packages for Enterprise Linux 9 - x86_64 9.0 MB/s | 20 MB 00:02 EL-9 - Wazuh 7.5 MB/s | 24 MB 00:03 Last metadata expiration check: 0:00:11 ago on Wed 24 Jan 2024 03:16:00 PM UTC. Dependencies resolved. ================================================================================ Package Architecture Version Repository Size ================================================================================ Installing: wazuh-indexer x86_64 4.8.0-1 wazuh 743 M Transaction Summary ================================================================================ Install 1 Package Total download size: 743 M Installed size: 1.0 G Downloading Packages: wazuh-indexer-4.8.0-1.x86_64.rpm 30 MB/s | 743 MB 00:25 -------------------------------------------------------------------------------- Total 30 MB/s | 743 MB 00:25 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Running scriptlet: wazuh-indexer-4.8.0-1.x86_64 1/1 Installing : wazuh-indexer-4.8.0-1.x86_64 1/1 Running scriptlet: wazuh-indexer-4.8.0-1.x86_64 1/1 Created opensearch keystore in /etc/wazuh-indexer/opensearch.keystore Couldn't write '64' to 'kernel/random/read_wakeup_threshold', ignoring: No such file or directory Verifying : wazuh-indexer-4.8.0-1.x86_64 1/1 Installed products updated. Installed: wazuh-indexer-4.8.0-1.x86_64 Complete! 24/01/2024 15:17:58 INFO: Wazuh indexer installation finished. 24/01/2024 15:17:58 INFO: Wazuh indexer post-install configuration finished. 24/01/2024 15:17:58 INFO: Starting service wazuh-indexer. Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service → /usr/lib/systemd/system/wazuh-indexer.service. 24/01/2024 15:18:36 INFO: wazuh-indexer service started. 24/01/2024 15:18:36 INFO: Initializing Wazuh indexer cluster security settings. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to 127.0.0.1:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.10.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: GREEN Number of nodes: 1 Number of data nodes: 1 .opendistro_security index does not exists, attempt to create it ... done (0-all replicas) Populate config from /etc/wazuh-indexer/opensearch-security/ Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml SUCC: Configuration for 'config' created or updated Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml SUCC: Configuration for 'roles' created or updated Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml SUCC: Configuration for 'rolesmapping' created or updated Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml SUCC: Configuration for 'internalusers' created or updated Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml SUCC: Configuration for 'actiongroups' created or updated Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml SUCC: Configuration for 'tenants' created or updated Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml SUCC: Configuration for 'nodesdn' created or updated Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml SUCC: Configuration for 'whitelist' created or updated Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml SUCC: Configuration for 'audit' created or updated Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml SUCC: Configuration for 'allowlist' created or updated SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null Done with success 24/01/2024 15:18:59 INFO: Wazuh indexer cluster security configuration initialized. Will create 'wazuh' index template SUCC: 'wazuh' template created or updated Will create 'ism_history_indices' index template SUCC: 'ism_history_indices' template created or updated Will disable replicas for 'plugins.index_state_management.history' indices SUCC: cluster's settings saved Will create index templates to configure the alias SUCC: 'wazuh-alerts' template created or updated SUCC: 'wazuh-archives' template created or updated Will create the 'rollover_policy' policy SUCC: 'rollover_policy' policy created Will create initial indices for the aliases SUCC: 'wazuh-alerts' write index created SUCC: 'wazuh-archives' write index created SUCC: Indexer ISM initialization finished successfully. 24/01/2024 15:19:04 INFO: The Wazuh indexer cluster ISM initialized. 24/01/2024 15:19:04 INFO: Wazuh indexer cluster initialized. 24/01/2024 15:19:04 INFO: --- Wazuh server --- 24/01/2024 15:19:04 INFO: Starting the Wazuh manager installation. Last metadata expiration check: 0:03:06 ago on Wed 24 Jan 2024 03:16:00 PM UTC. Dependencies resolved. ================================================================================ Package Architecture Version Repository Size ================================================================================ Installing: wazuh-manager x86_64 4.8.0-1 wazuh 350 M Transaction Summary ================================================================================ Install 1 Package Total download size: 350 M Installed size: 854 M Downloading Packages: wazuh-manager-4.8.0-1.x86_64.rpm 33 MB/s | 350 MB 00:10 -------------------------------------------------------------------------------- Total 32 MB/s | 350 MB 00:10 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Running scriptlet: wazuh-manager-4.8.0-1.x86_64 1/1 Installing : wazuh-manager-4.8.0-1.x86_64 1/1 Running scriptlet: wazuh-manager-4.8.0-1.x86_64 1/1 Verifying : wazuh-manager-4.8.0-1.x86_64 1/1 Installed products updated. Installed: wazuh-manager-4.8.0-1.x86_64 Complete! 24/01/2024 15:21:08 INFO: Wazuh manager installation finished. 24/01/2024 15:21:08 INFO: Wazuh manager vulnerability detection configuration finished. 24/01/2024 15:21:08 INFO: Starting service wazuh-manager. Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-manager.service → /usr/lib/systemd/system/wazuh-manager.service. 24/01/2024 15:21:29 INFO: wazuh-manager service started. 24/01/2024 15:21:29 INFO: Starting Filebeat installation. Installed: filebeat-7.10.2-1.x86_64 24/01/2024 15:21:54 INFO: Filebeat installation finished. wazuh/ wazuh/archives/ wazuh/archives/ingest/ wazuh/archives/ingest/pipeline.json wazuh/archives/config/ wazuh/archives/config/archives.yml wazuh/archives/manifest.yml wazuh/_meta/ wazuh/_meta/config.yml wazuh/_meta/docs.asciidoc wazuh/_meta/fields.yml wazuh/alerts/ wazuh/alerts/ingest/ wazuh/alerts/ingest/pipeline.json wazuh/alerts/config/ wazuh/alerts/config/alerts.yml wazuh/alerts/manifest.yml wazuh/module.yml Created filebeat keystore Successfully updated the keystore Successfully updated the keystore 24/01/2024 15:21:56 INFO: Filebeat post-install configuration finished. 24/01/2024 15:21:56 INFO: Starting service filebeat. Created symlink /etc/systemd/system/multi-user.target.wants/filebeat.service → /usr/lib/systemd/system/filebeat.service. 24/01/2024 15:21:58 INFO: filebeat service started. 24/01/2024 15:21:58 INFO: --- Wazuh dashboard --- 24/01/2024 15:21:58 INFO: Starting Wazuh dashboard installation. Last metadata expiration check: 0:06:00 ago on Wed 24 Jan 2024 03:16:00 PM UTC. Dependencies resolved. ================================================================================ Package Architecture Version Repository Size ================================================================================ Installing: wazuh-dashboard x86_64 4.8.0-1 wazuh 273 M Transaction Summary ================================================================================ Install 1 Package Total download size: 273 M Installed size: 902 M Downloading Packages: wazuh-dashboard-4.8.0-1.x86_64.rpm 27 MB/s | 273 MB 00:09 -------------------------------------------------------------------------------- Total 27 MB/s | 273 MB 00:10 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Running scriptlet: wazuh-dashboard-4.8.0-1.x86_64 1/1 Installing : wazuh-dashboard-4.8.0-1.x86_64 1/1 Running scriptlet: wazuh-dashboard-4.8.0-1.x86_64 1/1 Verifying : wazuh-dashboard-4.8.0-1.x86_64 1/1 Installed products updated. Installed: wazuh-dashboard-4.8.0-1.x86_64 Complete! 24/01/2024 15:25:03 INFO: Wazuh dashboard installation finished. 24/01/2024 15:25:03 INFO: Wazuh dashboard post-install configuration finished. 24/01/2024 15:25:03 INFO: Starting service wazuh-dashboard. Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service → /etc/systemd/system/wazuh-dashboard.service. 24/01/2024 15:25:04 INFO: wazuh-dashboard service started. 24/01/2024 15:25:13 INFO: Updating the internal users. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to 127.0.0.1:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.10.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: GREEN Number of nodes: 1 Number of data nodes: 1 .opendistro_security index already exists, so we do not need to create one. Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml 24/01/2024 15:25:32 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to 127.0.0.1:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.10.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: GREEN Number of nodes: 1 Number of data nodes: 1 .opendistro_security index already exists, so we do not need to create one. Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml Successfully updated the keystore ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to 127.0.0.1:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.10.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: GREEN Number of nodes: 1 Number of data nodes: 1 .opendistro_security index already exists, so we do not need to create one. Populate config from /home/vagrant Force type: internalusers Will update '/internalusers' with /etc/wazuh-indexer/backup/internal_users.yml SUCC: Configuration for 'internalusers' created or updated SUCC: Expected 1 config types for node {"updated_config_types":["internalusers"],"updated_config_size":1,"message":null} is 1 (["internalusers"]) due to: null Done with success 24/01/2024 15:27:20 INFO: Initializing Wazuh dashboard web application. 24/01/2024 15:27:23 INFO: Wazuh dashboard web application initialized. 24/01/2024 15:27:23 INFO: Installation finished. ```

Errors were found in the ossec.log file:

[root@redhat9 vagrant]# cat /var/ossec/logs/ossec.log | grep -i -E "error|warn"
2024/01/24 16:54:45 wazuh-modulesd:content-updater: ERROR: Action for 'vulnerability_feed_manager' failed: Orchestration run failed: Error -1 from server: Couldn't resolve host name

The Wazuh indexer service was successfully activated:

● wazuh-indexer.service - Wazuh-indexer
     Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; enabled; preset: disabled)
     Active: active (running) since Wed 2024-01-24 15:18:35 UTC; 10min ago
       Docs: https://documentation.wazuh.com
   Main PID: 6332 (java)
      Tasks: 62 (limit: 4688)
     Memory: 366.5M
        CPU: 1min 23.761s
     CGroup: /system.slice/wazuh-indexer.service
             └─6332 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=t>

Jan 24 15:17:59 redhat9 systemd[1]: Starting Wazuh-indexer...
Jan 24 15:18:02 redhat9 systemd-entrypoint[6332]: WARNING: A terminally deprecated method in java.lang.System has been called
Jan 24 15:18:02 redhat9 systemd-entrypoint[6332]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
Jan 24 15:18:02 redhat9 systemd-entrypoint[6332]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch
Jan 24 15:18:02 redhat9 systemd-entrypoint[6332]: WARNING: System::setSecurityManager will be removed in a future release
Jan 24 15:18:06 redhat9 systemd-entrypoint[6332]: WARNING: A terminally deprecated method in java.lang.System has been called
Jan 24 15:18:06 redhat9 systemd-entrypoint[6332]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
Jan 24 15:18:06 redhat9 systemd-entrypoint[6332]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
Jan 24 15:18:06 redhat9 systemd-entrypoint[6332]: WARNING: System::setSecurityManager will be removed in a future release
[root@redhat9 vagrant]# cat /etc/wazuh-indexer/opensearch.yml 
network.host: "127.0.0.1"
node.name: "node-1"
cluster.initial_master_nodes:
- "node-1"
cluster.name: "wazuh-cluster"

node.max_local_storage_nodes: "3"
path.data: /var/lib/wazuh-indexer
path.logs: /var/log/wazuh-indexer

plugins.security.ssl.http.pemcert_filepath: /etc/wazuh-indexer/certs/wazuh-indexer.pem
plugins.security.ssl.http.pemkey_filepath: /etc/wazuh-indexer/certs/wazuh-indexer-key.pem
plugins.security.ssl.http.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem
plugins.security.ssl.transport.pemcert_filepath: /etc/wazuh-indexer/certs/wazuh-indexer.pem
plugins.security.ssl.transport.pemkey_filepath: /etc/wazuh-indexer/certs/wazuh-indexer-key.pem
plugins.security.ssl.transport.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem
plugins.security.ssl.http.enabled: true
plugins.security.ssl.transport.enforce_hostname_verification: false
plugins.security.ssl.transport.resolve_hostname: false
plugins.security.ssl.http.enabled_ciphers:
  - "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"
  - "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"
  - "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"
  - "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"
plugins.security.ssl.http.enabled_protocols:
  - "TLSv1.2"
plugins.security.authcz.admin_dn:
- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
plugins.security.check_snapshot_restore_write_privileges: true
plugins.security.enable_snapshot_restore_privilege: true
plugins.security.nodes_dn:
- "CN=indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
plugins.security.restapi.roles_enabled:
- "all_access"
- "security_rest_api_access"

plugins.security.system_indices.enabled: true
plugins.security.system_indices.indices: [".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]

### Option to allow Filebeat-oss 7.10.2 to work ###
compatibility.override_main_response_version: true
[root@redhat9 vagrant]# cat /etc/wazuh-dashboard/opensearch_dashboards.yml 
server.host: 0.0.0.0
opensearch.hosts: https://127.0.0.1:9200
server.port: 443
opensearch.ssl.verificationMode: certificate
# opensearch.username: kibanaserver
# opensearch.password: kibanaserver
opensearch.requestHeadersAllowlist: ["securitytenant","Authorization"]
opensearch_security.multitenancy.enabled: false
opensearch_security.readonly_mode.roles: ["kibana_read_only"]
server.ssl.enabled: true
server.ssl.key: "/etc/wazuh-dashboard/certs/wazuh-dashboard-key.pem"
server.ssl.certificate: "/etc/wazuh-dashboard/certs/wazuh-dashboard.pem"
opensearch.ssl.certificateAuthorities: ["/etc/wazuh-dashboard/certs/root-ca.pem"]
uiSettings.overrides.defaultRoute: /app/wz-home
opensearch_security.cookie.secure: true

:red_circle: The problem seems to be the localhost value specified in the /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml configuration file:

hosts:
  - default:
      url: https://localhost
      port: 55000
      username: wazuh-wui
      password: "TCHJrSVBdonZpe7DXL+N4lzv*kzZMHWr"
      run_as: false

This value enables the IPv6, which is causing the problem. If the localhost value is changed for the 127.0.0.1 the problem is solved: image

davidcr01 commented 6 months ago

Update Report

Development

In the dashboard_initialize function of the dashboard.sh file of the WIA, the localhost value of the /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml file is replaced by the IP address of the dashboard node:

        if [ -f "/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml" ]; then
            eval "sed -i 's,url: https://localhost,url: https://${wazuh_api_address},g' /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml ${debug}"
        fi

But this replacement is not done in the dashboard_initializeAIO, function that is executed when an AIO installation is performed. In this case, the specified value by default is localhost, which is enabling the IPv6. Adding a snippet code that replaces the localhost value with 127.0.0.1 solves the problem:

function dashboard_initializeAIO() {

    common_logger "Initializing Wazuh dashboard web application."
    installCommon_getPass "admin"
    http_code=$(curl -XGET https://localhost:"${http_port}"/status -uadmin:"${u_pass}" -k -w %"{http_code}" -s -o /dev/null)
    retries=0
    max_dashboard_initialize_retries=20
    while [ "${http_code}" -ne "200" ] && [ "${retries}" -lt "${max_dashboard_initialize_retries}" ]
    do
        http_code=$(curl -XGET https://localhost:"${http_port}"/status -uadmin:"${u_pass}" -k -w %"{http_code}" -s -o /dev/null)
        common_logger "Wazuh dashboard web application not yet initialized. Waiting..."
        retries=$((retries+1))
        sleep 15
    done
    if [ "${http_code}" -eq "200" ]; then
        if [ -f "/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml" ]; then
            eval "sed -i 's,url: https://localhost,url: https://127.0.0.1,g' /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml ${debug}"
        fi
        common_logger "Wazuh dashboard web application initialized."
        common_logger -nl "--- Summary ---"
        common_logger -nl "You can access the web interface https://<wazuh-dashboard-ip>:${http_port}\n    User: admin\n    Password: ${u_pass}"
    else
        common_logger -e "Wazuh dashboard installation failed."
        installCommon_rollBack
        exit 1
    fi
}

image


[root@redhat9 vagrant]# netstat -tuln
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:55000           0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:1514            0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:1515            0.0.0.0:*               LISTEN     
tcp6       0      0 127.0.0.1:9300          :::*                    LISTEN     
tcp6       0      0 :::22                   :::*                    LISTEN     
tcp6       0      0 127.0.0.1:9200          :::*                    LISTEN     
udp        0      0 127.0.0.1:323           0.0.0.0:*                          
udp6       0      0 ::1:323   

[root@redhat9 vagrant]# cat /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml | grep "url: https://127" -A 5
      url: https://127.0.0.1
      port: 55000
      username: wazuh-wui
      password: "iKxH?70x*gvfha2FX1TacgmJJxF3QOYK"
      run_as: false
[root@redhat9 vagrant]#