Closed c-bordon closed 6 months ago
[vagrant@amazonlinux-2 ~]$ sudo bash wazuh-install.sh -a
17/01/2024 13:59:13 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0
17/01/2024 13:59:13 INFO: Verbose logging redirected to /var/log/wazuh-install.log
17/01/2024 13:59:16 INFO: Verifying that your system meets the recommended minimum hardware requirements.
17/01/2024 13:59:16 INFO: Wazuh web interface port will be 443.
17/01/2024 13:59:17 INFO: Wazuh development repository added.
17/01/2024 13:59:17 INFO: --- Configuration files ---
17/01/2024 13:59:17 INFO: Generating configuration files.
17/01/2024 13:59:18 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
17/01/2024 13:59:18 INFO: --- Wazuh indexer ---
17/01/2024 13:59:18 INFO: Starting Wazuh indexer installation.
17/01/2024 14:01:19 INFO: Wazuh indexer installation finished.
17/01/2024 14:01:20 INFO: Wazuh indexer post-install configuration finished.
17/01/2024 14:01:20 INFO: Starting service wazuh-indexer.
17/01/2024 14:01:30 INFO: wazuh-indexer service started.
17/01/2024 14:01:30 INFO: Initializing Wazuh indexer cluster security settings.
17/01/2024 14:01:42 INFO: The Wazuh indexer cluster ISM initialized.
17/01/2024 14:01:42 INFO: Wazuh indexer cluster initialized.
17/01/2024 14:01:42 INFO: --- Wazuh server ---
17/01/2024 14:01:42 INFO: Starting the Wazuh manager installation.
17/01/2024 14:03:09 INFO: Wazuh manager installation finished.
17/01/2024 14:03:09 INFO: Wazuh manager vulnerability detection configuration finished.
17/01/2024 14:03:09 INFO: Starting service wazuh-manager.
17/01/2024 14:03:21 INFO: wazuh-manager service started.
17/01/2024 14:03:21 INFO: Starting Filebeat installation.
17/01/2024 14:03:33 INFO: Filebeat installation finished.
17/01/2024 14:03:35 INFO: Filebeat post-install configuration finished.
17/01/2024 14:03:35 INFO: Starting service filebeat.
17/01/2024 14:03:35 INFO: filebeat service started.
17/01/2024 14:03:35 INFO: --- Wazuh dashboard ---
17/01/2024 14:03:35 INFO: Starting Wazuh dashboard installation.
17/01/2024 14:04:43 INFO: Wazuh dashboard installation finished.
17/01/2024 14:04:43 INFO: Wazuh dashboard post-install configuration finished.
17/01/2024 14:04:43 INFO: Starting service wazuh-dashboard.
17/01/2024 14:04:43 INFO: wazuh-dashboard service started.
17/01/2024 14:04:44 INFO: Updating the internal users.
17/01/2024 14:04:48 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
17/01/2024 14:05:24 INFO: Initializing Wazuh dashboard web application.
17/01/2024 14:05:25 INFO: Wazuh dashboard web application initialized.
17/01/2024 14:05:25 INFO: --- Summary ---
17/01/2024 14:05:25 INFO: You can access the web interface https://<wazuh-dashboard-ip>:443
User: admin
Password: PzMB2UaCw5ikB84?5qqCCET8figPc16E
17/01/2024 14:05:25 INFO: Installation finished.
<vulnerability-detection>
<enabled>yes</enabled>
<index-status>yes</index-status>
<feed-update-interval>60m</feed-update-interval>
</vulnerability-detection>
<indexer>
<enabled>yes</enabled>
<hosts>
<host>https://localhost:9200</host>
</hosts>
<username>admin</username>
<password>PzMB2UaCw5ikB84?5qqCCET8figPc16E</password>
<ssl>
<certificate_authorities>
<ca>/etc/filebeat/certs/root-ca.pem</ca>
</certificate_authorities>
<certificate>/etc/filebeat/certs/wazuh-server.pem</certificate>
<key>/etc/filebeat/certs/wazuh-server-key.pem</key>
</ssl>
</indexer>
[vagrant@amazonlinux-2 ~]$ sudo bash wazuh-passwords-tool.sh -u admin -p TestingPassword1?
17/01/2024 14:06:31 INFO: Updating the internal users.
17/01/2024 14:06:33 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
17/01/2024 14:06:33 INFO: Generating password hash
17/01/2024 14:06:53 WARNING: Password changed. Remember to update the password in the Wazuh dashboard Wazuh server, and Filebeat nodes if necessary, and restart the services.
<vulnerability-detection>
<enabled>yes</enabled>
<index-status>yes</index-status>
<feed-update-interval>60m</feed-update-interval>
</vulnerability-detection>
<indexer>
<enabled>yes</enabled>
<hosts>
<host>https://localhost:9200</host>
</hosts>
<username>admin</username>
<password>TestingPassword1?</password>
<ssl>
<certificate_authorities>
<ca>/etc/filebeat/certs/root-ca.pem</ca>
</certificate_authorities>
<certificate>/etc/filebeat/certs/wazuh-server.pem</certificate>
<key>/etc/filebeat/certs/wazuh-server-key.pem</key>
</ssl>
</indexer>
environment: Wazuh indexer node: Amazon Linux 2 Wazuh manager: Ubuntu Jammy Wazuh worker: Ubuntu Focal Wazuh dashboard: Centos 7
[vagrant@amazonlinux-2 ~]$ sudo bash wazuh-install.sh -wi indexer-1
17/01/2024 14:42:14 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0
17/01/2024 14:42:14 INFO: Verbose logging redirected to /var/log/wazuh-install.log
17/01/2024 14:42:16 INFO: Verifying that your system meets the recommended minimum hardware requirements.
17/01/2024 14:42:18 INFO: Wazuh development repository added.
17/01/2024 14:42:18 INFO: --- Wazuh indexer ---
17/01/2024 14:42:18 INFO: Starting Wazuh indexer installation.
17/01/2024 14:44:31 INFO: Wazuh indexer installation finished.
17/01/2024 14:44:31 INFO: Wazuh indexer post-install configuration finished.
17/01/2024 14:44:31 INFO: Starting service wazuh-indexer.
17/01/2024 14:44:42 INFO: wazuh-indexer service started.
17/01/2024 14:44:42 INFO: Initializing Wazuh indexer cluster security settings.
17/01/2024 14:44:43 INFO: Wazuh indexer cluster initialized.
17/01/2024 14:44:43 INFO: Installation finished.
[vagrant@amazonlinux-2 ~]$ sudo bash wazuh-install.sh --start-cluster
17/01/2024 14:45:01 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0
17/01/2024 14:45:01 INFO: Verbose logging redirected to /var/log/wazuh-install.log
17/01/2024 14:45:03 INFO: Verifying that your system meets the recommended minimum hardware requirements.
17/01/2024 14:45:06 INFO: Wazuh indexer cluster security configuration initialized.
17/01/2024 14:45:07 INFO: The Wazuh indexer cluster ISM initialized.
17/01/2024 14:45:08 INFO: Updating the internal users.
17/01/2024 14:45:09 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
17/01/2024 14:45:15 INFO: Wazuh indexer cluster started.
vagrant@ubuntu22:~$ sudo bash wazuh-install.sh -ws server-1
17/01/2024 14:45:37 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0
17/01/2024 14:45:37 INFO: Verbose logging redirected to /var/log/wazuh-install.log
17/01/2024 14:45:59 INFO: Verifying that your system meets the recommended minimum hardware requirements.
17/01/2024 14:46:02 INFO: --- Dependencies ----
17/01/2024 14:46:02 INFO: Installing apt-transport-https.
17/01/2024 14:46:12 INFO: Wazuh development repository added.
17/01/2024 14:46:13 INFO: --- Wazuh server ---
17/01/2024 14:46:13 INFO: Starting the Wazuh manager installation.
17/01/2024 14:48:06 INFO: Wazuh manager installation finished.
17/01/2024 14:48:06 INFO: Wazuh manager vulnerability detection configuration finished.
17/01/2024 14:48:06 INFO: Starting service wazuh-manager.
17/01/2024 14:48:23 INFO: wazuh-manager service started.
17/01/2024 14:48:23 INFO: Starting Filebeat installation.
17/01/2024 14:48:35 INFO: Filebeat installation finished.
17/01/2024 14:48:37 INFO: Filebeat post-install configuration finished.
17/01/2024 14:48:59 INFO: Starting service filebeat.
17/01/2024 14:48:59 INFO: filebeat service started.
17/01/2024 14:48:59 INFO: Installation finished.
<vulnerability-detection>
<enabled>yes</enabled>
<index-status>yes</index-status>
<feed-update-interval>60m</feed-update-interval>
</vulnerability-detection>
<indexer>
<enabled>yes</enabled>
<hosts>
<host>https://192.168.56.244:9200</host>
</hosts>
<username>admin</username>
<password>a9a9iU4?MBIl1qaxR8jB?xFV.bfjEDyV</password>
<ssl>
<certificate_authorities>
<ca>/etc/filebeat/certs/root-ca.pem</ca>
</certificate_authorities>
<certificate>/etc/filebeat/certs/server-1.pem</certificate>
<key>/etc/filebeat/certs/server-1-key.pem</key>
</ssl>
</indexer>
vagrant@ubuntu20:~$ sudo bash wazuh-install.sh -ws server-2
17/01/2024 14:54:22 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0
17/01/2024 14:54:22 INFO: Verbose logging redirected to /var/log/wazuh-install.log
17/01/2024 14:54:39 INFO: Verifying that your system meets the recommended minimum hardware requirements.
17/01/2024 14:54:42 INFO: --- Dependencies ----
17/01/2024 14:54:42 INFO: Installing apt-transport-https.
17/01/2024 14:54:52 INFO: Wazuh development repository added.
17/01/2024 14:54:52 INFO: --- Wazuh server ---
17/01/2024 14:54:52 INFO: Starting the Wazuh manager installation.
17/01/2024 14:56:42 INFO: Wazuh manager installation finished.
17/01/2024 14:56:42 INFO: Wazuh manager vulnerability detection configuration finished.
17/01/2024 14:56:42 INFO: Starting service wazuh-manager.
17/01/2024 14:57:02 INFO: wazuh-manager service started.
17/01/2024 14:57:02 INFO: Starting Filebeat installation.
17/01/2024 14:57:14 INFO: Filebeat installation finished.
17/01/2024 14:57:16 INFO: Filebeat post-install configuration finished.
17/01/2024 14:57:34 INFO: Starting service filebeat.
17/01/2024 14:57:35 INFO: filebeat service started.
17/01/2024 14:57:35 INFO: Installation finished.
<vulnerability-detection>
<enabled>yes</enabled>
<index-status>yes</index-status>
<feed-update-interval>60m</feed-update-interval>
</vulnerability-detection>
<indexer>
<enabled>yes</enabled>
<hosts>
<host>https://192.168.56.244:9200</host>
</hosts>
<username>admin</username>
<password>a9a9iU4?MBIl1qaxR8jB?xFV.bfjEDyV</password>
<ssl>
<certificate_authorities>
<ca>/etc/filebeat/certs/root-ca.pem</ca>
</certificate_authorities>
<certificate>/etc/filebeat/certs/server-1.pem</certificate>
<key>/etc/filebeat/certs/server-1-key.pem</key>
</ssl>
</indexer>
[vagrant@centos-7 ~]$ sudo bash wazuh-install.sh -wd dashboard-1
17/01/2024 14:58:05 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0
17/01/2024 14:58:05 INFO: Verbose logging redirected to /var/log/wazuh-install.log
17/01/2024 14:58:12 INFO: --- Dependencies ---
17/01/2024 14:58:12 INFO: Installing lsof.
17/01/2024 14:58:25 INFO: Verifying that your system meets the recommended minimum hardware requirements.
17/01/2024 14:58:25 INFO: Wazuh web interface port will be 443.
17/01/2024 14:58:28 INFO: Wazuh development repository added.
17/01/2024 14:58:28 INFO: --- Wazuh dashboard ----
17/01/2024 14:58:28 INFO: Starting Wazuh dashboard installation.
17/01/2024 15:00:01 INFO: Wazuh dashboard installation finished.
17/01/2024 15:00:01 INFO: Wazuh dashboard post-install configuration finished.
17/01/2024 15:00:01 INFO: Starting service wazuh-dashboard.
17/01/2024 15:00:01 INFO: wazuh-dashboard service started.
17/01/2024 15:00:14 INFO: Initializing Wazuh dashboard web application.
17/01/2024 15:00:15 INFO: Wazuh dashboard web application initialized.
17/01/2024 15:00:15 INFO: --- Summary ---
17/01/2024 15:00:15 INFO: You can access the web interface https://192.168.56.249:443
User: admin
Password: a9a9iU4?MBIl1qaxR8jB?xFV.bfjEDyV
17/01/2024 15:00:15 INFO: --- Dependencies ---
17/01/2024 15:00:15 INFO: Removing lsof.
17/01/2024 15:00:15 INFO: Installation finished.
--- User admin password updated
[vagrant@amazonlinux-2 ~]$ sudo bash wazuh-passwords-tool.sh -u admin -p TestingPassword1?
17/01/2024 15:02:31 INFO: Updating the internal users.
17/01/2024 15:02:33 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
17/01/2024 15:02:33 INFO: Generating password hash
17/01/2024 15:02:36 WARNING: Password changed. Remember to update the password in the Wazuh dashboard Wazuh server, and Filebeat nodes if necessary, and restart the services.
vagrant@ubuntu22:~$ echo TestingPassword1? | sudo filebeat keystore add password --stdin --force
Successfully updated the keystore
vagrant@ubuntu22:~$ sudo systemctl restart filebeat
vagrant@ubuntu22:~$ sudo sed -i 's/<password>.*<\/password>/<password>TestingPassword1?<\/password>/g' /var/ossec/etc/ossec.conf
vagrant@ubuntu22:~$ sudo systemctl restart wazuh-manager
<vulnerability-detection>
<enabled>yes</enabled>
<index-status>yes</index-status>
<feed-update-interval>60m</feed-update-interval>
</vulnerability-detection>
<indexer>
<enabled>yes</enabled>
<hosts>
<host>https://192.168.56.244:9200</host>
</hosts>
<username>admin</username>
<password>TestingPassword1?</password>
<ssl>
<certificate_authorities>
<ca>/etc/filebeat/certs/root-ca.pem</ca>
</certificate_authorities>
<certificate>/etc/filebeat/certs/server-1.pem</certificate>
<key>/etc/filebeat/certs/server-1-key.pem</key>
</ssl>
</indexer>
vagrant@ubuntu20:~$ echo TestingPassword1? | sudo filebeat keystore add password --stdin --force
Successfully updated the keystore
vagrant@ubuntu20:~$ sudo systemctl restart filebeat
vagrant@ubuntu20:~$ sudo sed -i 's/<password>.*<\/password>/<password>TestingPassword1?<\/password>/g' /var/ossec/etc/ossec.conf
vagrant@ubuntu20:~$ sudo systemctl restart wazuh-manager
<vulnerability-detection>
<enabled>yes</enabled>
<index-status>yes</index-status>
<feed-update-interval>60m</feed-update-interval>
</vulnerability-detection>
<indexer>
<enabled>yes</enabled>
<hosts>
<host>https://192.168.56.244:9200</host>
</hosts>
<username>admin</username>
<password>TestingPassword1?</password>
<ssl>
<certificate_authorities>
<ca>/etc/filebeat/certs/root-ca.pem</ca>
</certificate_authorities>
<certificate>/etc/filebeat/certs/server-1.pem</certificate>
<key>/etc/filebeat/certs/server-1-key.pem</key>
</ssl>
</indexer>
Description
A function is added to modify the ossec.conf adding the necessary parameters for the Vulnerability detection configuration
Logs example
AIO: https://github.com/wazuh/wazuh/issues/21413#issuecomment-1894268410 Distributed (3 nodes for Wazuh indexer): https://github.com/wazuh/wazuh/issues/21413#issuecomment-1894408237 Distributed (1 node for Wazuh indexer): https://github.com/wazuh/wazuh/issues/21413#issuecomment-1894081252