c-bordon commented 8 months ago

Description

Analyzing the WIA, it was found that at different points of failure of the installer, the script outputs with exit 1 are generated, but the installation is not rolled back, leaving an incomplete installation on the user's machine, for example:

function dashboard_copyCertificates() {

    common_logger -d "Copying Wazuh dashboard certificates."
    eval "rm -f ${dashboard_cert_path}/* ${debug}"
    name=${dashboard_node_names[pos]}

    if [ -f "${tar_file}" ]; then
        if ! tar -tvf "${tar_file}" | grep -q "${name}" ; then
            common_logger -e "Tar file does not contain certificate for the node ${name}."
            installCommon_rollBack
            exit 1;
        fi
        eval "mkdir ${dashboard_cert_path} ${debug}"
        eval "sed -i s/dashboard.pem/${name}.pem/ /etc/wazuh-dashboard/opensearch_dashboards.yml ${debug}"
        eval "sed -i s/dashboard-key.pem/${name}-key.pem/ /etc/wazuh-dashboard/opensearch_dashboards.yml ${debug}"
        eval "tar -xf ${tar_file} -C ${dashboard_cert_path} wazuh-install-files/${name}.pem --strip-components 1 ${debug}"
        eval "tar -xf ${tar_file} -C ${dashboard_cert_path} wazuh-install-files/${name}-key.pem --strip-components 1 ${debug}"
        eval "tar -xf ${tar_file} -C ${dashboard_cert_path} wazuh-install-files/root-ca.pem --strip-components 1 ${debug}"
        eval "chown -R wazuh-dashboard:wazuh-dashboard /etc/wazuh-dashboard/ ${debug}"
        eval "chmod 500 ${dashboard_cert_path} ${debug}"
        eval "chmod 400 ${dashboard_cert_path}/* ${debug}"
        eval "chown wazuh-dashboard:wazuh-dashboard ${dashboard_cert_path}/* ${debug}"
        common_logger -d "Wazuh dashboard certificate setup finished."
    else
        common_logger -e "No certificates found. Wazuh dashboard  could not be initialized."
        exit 1
    fi

}

Tasks

[x] Analyze all the exit 1s that exist in the WIA and add a call to the installCommon_rollBack function previously

Validation

[x] Verify that in the event of these errors the script eliminates what was previously installed

davidcr01 commented 6 months ago

Update Report

Research

The following functions have an exit 1. Each function has been reviewed and checked if it is necessary to add a rollback or not.

[x] ~~offline_download~~ There is no installation when the function is called.
[x] ~~manager_install~~ Rollback already added.
[x] ~~getHelp~~ There is no installation when the function is called.
[x] ~~main~~ Exit codes of wrong arguments.
[x] ~~checks_arch~~ There is no installation when the function is called.
[x] ~~checks_arguments~~ There is no installation when the function is called.
[x] ~~check_dist~~ There is no installation when the function is called.
[x] ~~checks_health~~ There is no installation when the function is called.
[x] ~~checks_names~~ There is no installation when the function is called.
[x] ~~checks_previousCertificate~~ There is no installation when the function is called.
[x] ~~checks_ports~~ There is no installation when the function is called.
[x] ~~checks_available_port~~ There is no installation when the function is called.
[x] ~~installCommon_cleanExit~~ Rollback already added.
[x] ~~installCommon_addWazuhRepo~~ There is no installation when the function is called.
[ ] installCommon_aptInstallList
[x] ~~installCommon_createInstallFiles~~ There is no installation when the function is called.
[ ] installCommon_changePasswords
[x] ~~installCommon_extractConfig~~ There is no installation when the function is called.
[x] ~~installCommon_getConfig~~ Rollback already added.
[x] ~~installCommon_readPasswordFileUsers~~ Rollback already added.
[x] ~~installCommon_startService~~ Rollback already added.
[ ] installCommon_yumInstallList
[x] ~~installCommon_yumRemoveWIADependencies~~ Not applicable as it is a removal function.
[x] ~~installCommon_aptRemoveWIADependencies~~ Not applicable as it is a removal function.
[ ] dashboard_copyCertificates
[x] ~~dashboard_initialize~~ Rollback already added.
[x] ~~dashboard_initializeAIO~~ Rollback already added.
[x] ~~dashboard_install~~ Rollback already added.
[x] ~~filebeat_configure~~ Rollback already added.
[ ] filebeat_copyCertificates
[x] ~~filebeat_install~~ Rollback already added.
[x] ~~indexer_copyCertificates~~ Rollback already added.
[x] ~~indexer_initialize~~ Rollback already added.
[x] ~~indexer_install~~ Rollback already added.
[ ] indexer_startCluster
[x] ~~common_checkRoot~~ There is no installation when the function is called.
[x] ~~common_checkSystem~~ There is no installation when the function is called.
[x] ~~common_checkWazuhConfigYaml~~ There is no installation when the function is called.
[x] ~~cert_checkOpenSSL~~ There is no installation when the function is called.
[x] ~~cert_checkRootCA~~ There is no installation when the function is called.
[x] ~~cert_executeAndValidate~~ There is no installation when the function is called.
[x] ~~cert_generateCertificateconfiguration~~ There is no installation when the function is called.
[x] ~~cert_readConfig~~ There is no installation when the function is called.
[x] ~~passwords_checkUser~~ Not necessary as it is only used in the Password tool.
[x] ~~passwords_checkPassword~~ Rollback already added.
[ ] passwords_createBackUp
[ ] passwords_generateHash
[x] ~~passwords_generatePassword~~ There is no installation when the function is called.
[x] ~~passwords_getApiToken~~ Rollback already added.
[x] ~~passwords_getApiUserId~~ Rollback already added.
[x] ~~passwords_readFileUsers~~ Not necessary as it is only used in the Password tool.
[x] ~~passwords_restartService~~ Rollback already added.
[ ] passwords_runSecurityAdmin

As a conclusion, the functions that may need to add a rollback:

[x] installCommon_aptInstallList
[x] installCommon_changePasswords
[x] installCommon_yumInstallList
[x] dashboard_copyCertificates
[x] filebeat_copyCertificates
[ ] ~~indexer_startCluster~~ Not added because the script exits if the Wazuh indexer node can not connect. It is not necessary to remove the Wazuh indexer. The problem can be solved and the cluster start could be tried again.
[x] passwords_createBackUp
[x] passwords_generateHash
[ ] ~~passwords_runSecurityAdmin~~ Not added because this function is called only when running the security admin, and it would uninstall the indexer when actually it would be correctly installed.

Proposed testing

As two types of rollback were added, it is necessary to test, forcing the scripts to fail:

Normal rollback added in the Installation assistant.
Rollback added in a password tool function using the Installation assistant.
Rollback added in a password tool function using the password tool.

davidcr01 commented 6 months ago

Update Report

Testing

:green_circle: Normal rollback in Assistant

The Wazuh manager is installed. The Filebeat installation fails and the Wazuh manager is uninstalled in the removal.

root@ubuntu22:/home/vagrant# bash wazuh-install.sh -g
13/03/2024 18:15:32 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0
13/03/2024 18:15:32 INFO: Verbose logging redirected to /var/log/wazuh-install.log
13/03/2024 18:15:38 INFO: Verifying that your system meets the recommended minimum hardware requirements.
13/03/2024 18:15:39 INFO: --- Configuration files ---
13/03/2024 18:15:39 INFO: Generating configuration files.
13/03/2024 18:15:39 INFO: Generating the root certificate.
13/03/2024 18:15:39 INFO: Generating Admin certificates.
13/03/2024 18:15:39 INFO: Generating Wazuh indexer certificates.
13/03/2024 18:15:40 INFO: Generating Filebeat certificates.
13/03/2024 18:15:40 INFO: Generating Wazuh dashboard certificates.
13/03/2024 18:15:40 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.

root@ubuntu22:/home/vagrant# bash wazuh-install.sh -ws wazuh-server -i
13/03/2024 18:17:11 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0
13/03/2024 18:17:11 INFO: Verbose logging redirected to /var/log/wazuh-install.log
13/03/2024 18:17:18 WARNING: Hardware and system checks ignored.
13/03/2024 18:17:23 INFO: --- Dependencies ----
13/03/2024 18:17:23 INFO: Installing apt-transport-https.
13/03/2024 18:17:43 INFO: Wazuh development repository added.
13/03/2024 18:17:44 INFO: --- Wazuh server ---
13/03/2024 18:17:44 INFO: Starting the Wazuh manager installation.
13/03/2024 18:21:33 INFO: Wazuh manager installation finished.
13/03/2024 18:21:33 INFO: Wazuh manager vulnerability detection configuration finished.
13/03/2024 18:21:33 INFO: Starting service wazuh-manager.
13/03/2024 18:21:55 INFO: wazuh-manager service started.
13/03/2024 18:21:55 INFO: Starting Filebeat installation.
13/03/2024 18:22:33 INFO: Filebeat installation finished.
13/03/2024 18:22:34 ERROR: No certificates found. Could not initialize Filebeat
13/03/2024 18:22:34 INFO: --- Removing existing Wazuh installation ---
13/03/2024 18:22:34 INFO: Removing Wazuh manager.
13/03/2024 18:22:56 INFO: Wazuh manager removed.
13/03/2024 18:22:56 INFO: Removing Filebeat.
13/03/2024 18:23:00 INFO: Filebeat removed.
13/03/2024 18:23:00 INFO: Installation cleaned. Check the /var/log/wazuh-install.log file to learn more about the issue.
root@ubuntu22:/home/vagrant#

:green_circle: Password function rollback using Assistant

Notice that the backup can not be created: ERROR: The backup could not be created, and every component installed is removed using the rollback function.

root@ubuntu22:/home/vagrant# bash wazuh-install.sh -a -i
14/03/2024 12:38:48 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0
14/03/2024 12:38:48 INFO: Verbose logging redirected to /var/log/wazuh-install.log
14/03/2024 12:38:56 WARNING: Hardware and system checks ignored.
14/03/2024 12:38:56 INFO: Wazuh web interface port will be 443.
14/03/2024 12:39:09 INFO: Wazuh development repository added.
14/03/2024 12:39:09 INFO: --- Configuration files ---
14/03/2024 12:39:09 INFO: Generating configuration files.
14/03/2024 12:39:10 INFO: Generating the root certificate.
14/03/2024 12:39:10 INFO: Generating Admin certificates.
14/03/2024 12:39:10 INFO: Generating Wazuh indexer certificates.
14/03/2024 12:39:10 INFO: Generating Filebeat certificates.
14/03/2024 12:39:11 INFO: Generating Wazuh dashboard certificates.
14/03/2024 12:39:11 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
14/03/2024 12:39:12 INFO: --- Wazuh indexer ---
14/03/2024 12:39:12 INFO: Starting Wazuh indexer installation.
14/03/2024 12:40:09 INFO: Wazuh indexer installation finished.
14/03/2024 12:40:09 INFO: Wazuh indexer post-install configuration finished.
14/03/2024 12:40:09 INFO: Starting service wazuh-indexer.
14/03/2024 12:40:37 INFO: wazuh-indexer service started.
14/03/2024 12:40:37 INFO: Initializing Wazuh indexer cluster security settings.
14/03/2024 12:40:51 INFO: Wazuh indexer cluster security configuration initialized.
14/03/2024 12:40:51 INFO: Wazuh indexer cluster initialized.
14/03/2024 12:40:51 INFO: --- Wazuh server ---
14/03/2024 12:40:51 INFO: Starting the Wazuh manager installation.
14/03/2024 12:42:03 INFO: Wazuh manager installation finished.
14/03/2024 12:42:04 INFO: Wazuh manager vulnerability detection configuration finished.
14/03/2024 12:42:04 INFO: Starting service wazuh-manager.
14/03/2024 12:42:26 INFO: wazuh-manager service started.
14/03/2024 12:42:26 INFO: Starting Filebeat installation.
14/03/2024 12:42:53 INFO: Filebeat installation finished.
14/03/2024 12:43:01 INFO: Filebeat post-install configuration finished.
14/03/2024 12:43:01 INFO: Starting service filebeat.
14/03/2024 12:43:04 INFO: filebeat service started.
14/03/2024 12:43:04 INFO: --- Wazuh dashboard ---
14/03/2024 12:43:04 INFO: Starting Wazuh dashboard installation.
14/03/2024 12:44:58 INFO: Wazuh dashboard installation finished.
14/03/2024 12:44:59 INFO: Wazuh dashboard post-install configuration finished.
14/03/2024 12:44:59 INFO: Starting service wazuh-dashboard.
14/03/2024 12:45:01 INFO: wazuh-dashboard service started.
14/03/2024 12:45:06 INFO: Updating the internal users.
14/03/2024 12:45:17 ERROR: The backup could not be created
14/03/2024 12:45:17 INFO: --- Removing existing Wazuh installation ---
14/03/2024 12:45:17 INFO: Removing Wazuh manager.
14/03/2024 12:45:38 INFO: Wazuh manager removed.
14/03/2024 12:45:38 INFO: Removing Wazuh indexer.
14/03/2024 12:45:44 INFO: Wazuh indexer removed.
14/03/2024 12:45:44 INFO: Removing Filebeat.
14/03/2024 12:45:48 INFO: Filebeat removed.
14/03/2024 12:45:48 INFO: Removing Wazuh dashboard.
14/03/2024 12:46:01 INFO: Wazuh dashboard removed.
14/03/2024 12:46:02 INFO: Installation cleaned. Check the /var/log/wazuh-install.log file to learn more about the issue.

:green_circle: Password function rollback using password tool

The Wazuh indexer is installed and the cluster is initialized. After changing the passwords and failing, the Wazuh indexer that is installed is not uninstalled, as the Wazuh password tool does not have the rollback function.

root@ubuntu22:/home/vagrant# bash wazuh-install.sh -wi wazuh-indexer -i && bash wazuh-install.sh -s
14/03/2024 12:59:40 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0
14/03/2024 12:59:40 INFO: Verbose logging redirected to /var/log/wazuh-install.log
14/03/2024 12:59:46 WARNING: Hardware and system checks ignored.
14/03/2024 12:59:56 INFO: Wazuh development repository added.
14/03/2024 12:59:56 INFO: --- Wazuh indexer ---
14/03/2024 12:59:56 INFO: Starting Wazuh indexer installation.
14/03/2024 13:00:52 INFO: Wazuh indexer installation finished.
14/03/2024 13:00:52 INFO: Wazuh indexer post-install configuration finished.
14/03/2024 13:00:52 INFO: Starting service wazuh-indexer.
14/03/2024 13:01:11 INFO: wazuh-indexer service started.
14/03/2024 13:01:11 INFO: Initializing Wazuh indexer cluster security settings.
14/03/2024 13:01:14 INFO: Wazuh indexer cluster initialized.
14/03/2024 13:01:14 INFO: Installation finished.
14/03/2024 13:01:14 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0
14/03/2024 13:01:14 INFO: Verbose logging redirected to /var/log/wazuh-install.log
14/03/2024 13:01:21 INFO: Verifying that your system meets the recommended minimum hardware requirements.
14/03/2024 13:01:35 INFO: Wazuh indexer cluster security configuration initialized.
14/03/2024 13:02:02 INFO: Updating the internal users.
14/03/2024 13:02:06 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
14/03/2024 13:02:18 INFO: Wazuh indexer cluster started.
root@ubuntu22:/home/vagrant# bash wazuh-passwords-tool.sh -a
14/03/2024 13:02:28 INFO: Updating the internal users.
14/03/2024 13:02:32 ERROR: The backup could not be created
root@ubuntu22:/home/vagrant#

wazuh / wazuh-packages

Add roll back to the different WIA exit points #2785

Description

Tasks

Validation

Update Report

Research

Proposed testing

Update Report

Testing

:green_circle: Normal rollback in Assistant

:green_circle: Password function rollback using Assistant

:green_circle: Password function rollback using password tool