Closed mingo-devsec closed 5 months ago
16/01/2024 10:36:49 INFO: Initializing Wazuh indexer cluster security settings.
./wazuh-install.sh: line 1648: sudo: command not found
Will create 'wazuh' index template
SUCC: 'wazuh' template created or updated
Will create 'ism_history_indices' index template
SUCC: 'ism_history_indices' template created or updated
Will disable replicas for 'plugins.index_state_management.history' indices
SUCC: cluster's settings saved
Will create index templates to configure the alias
SUCC: 'wazuh-alerts' template created or updated
SUCC: 'wazuh-archives' template created or updated
Will create the 'rollover_policy' policy
ERROR: could not check if the policy 'rollover_policy' exists => 503
ERROR: Indexer ISM initialization failed. Check /tmp/wazuh-indexer/ism-init.log for more information.
sudo
package installed, maybe it should be added as a WUS dependencyTo resolve this issue we have two options when sudo
is not installed:
sudo
is not installed and is a required dependency to install Wazuh.sudo
to perform the installation and uninstall it at the end of the script execution.After talking with @santiago-bassett and @rauldpm we decided to follow solution number 1 proposed here https://github.com/wazuh/wazuh-packages/issues/2776#issuecomment-1898811841. However, apart from that, it is important to check in the starting stage that the environment possesses the necessary dependencies to successfully complete the installation.
The following code was added to the common_checkRoot
function:
common_logger -d "Checking sudo package."
if ! command -v sudo; then
common_logger -e "The sudo package is not installed and necessary for the installation."
exit 1;
fi
Instead of checking if the sudo
package is installed with the YUM/APT packages manager, it is done with the sudo command
.
In a Debian11 system with sudo
uninstalled, the WIA works as expected:
root@debian11sudo:/home/vagrant# sudo
bash: /usr/bin/sudo: No such file or directory
root@debian11sudo:/home/vagrant# bash wazuh-install.sh -a -i -v
29/01/2024 16:40:00 DEBUG: Checking root permissions.
29/01/2024 16:40:00 DEBUG: Checking sudo package.
29/01/2024 16:40:00 ERROR: The sudo package is not installed and necessary for the installation.
Description
During https://github.com/wazuh/wazuh/issues/21374, the Wazuh installation assistant failed to run Wazuh Indexer security admin script and then failed to initialize Wazuh Dashboard when it run from the root user instead of a local user
Reference issue
Documentation
Information
Verbose logs
Filebeat output