c-bordon commented 6 months ago

Description

The output that we are showing in the verbose mode when creating the keys, is confusing and not descriptive. We have to validate if we can avoid this output:

c-bordon commented 6 months ago

Update report

These messages are the outputs of the execution of the certificate creation commands. In other words, this affects the certs-tool.

The debug option shows the output of the command as is, so the options I consider are: 1- remove the debug in these commands, with the risk of not capturing error messages in these commands. 2- Add more descriptive messages, such as, we are creating this certificate:

vagrant@ubuntu22:~$ openssl req -x509 -new -nodes -newkey rsa:2048 -keyout root-ca.key -out root-ca.pem -batch -subj '/OU=Wazuh/O=Wazuh/L=California/' -days 3650
..+...+........+.+.....+.+...+.....+............+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+..+.+...+............+...+...............+.........+...+.....+....+....................+.+........+.+.....+..........+.........+..+...+......+...+...............+...+...+....+........+.........+.........+.......+........+....+.....+......+....+..................+...+......+...+..+....+..+...............+...+......+...+.+.....+.+.....+.........+....+...........+.+...+..+.........+....+........+.........+................+.........+...+..+.+.........+......+..+.+..+...............+....+.........+.....+....+............+.....+...+......+.......+.....+.........+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
.+......+...+....................+...+....+...+..+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+....+...+..+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*...+............+............+......+...+......+........................+....+..+.+....................+....+........+.+..+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----

c-bordon commented 6 months ago

The message can be added in this block (example):

https://github.com/wazuh/wazuh-packages/blob/916c65c055bcb3c631cf5b6b96bcd4190bb12d03/unattended_installer/cert_tool/certFunctions.sh#L127-L143

function cert_generateIndexercertificates() {

    common_logger -d "Generating Wazuh indexer certificates."
    if [ ${#indexer_node_names[@]} -gt 0 ]; then

        for i in "${!indexer_node_names[@]}"; do
            indexer_node_name=${indexer_node_names[$i]}
            cert_generateCertificateconfiguration "${indexer_node_name}" "${indexer_node_ips[i]}"
            common_logger -d "Creating the Wazuh indexer tmp key pair."
            eval "openssl req -new -nodes -newkey rsa:2048 -keyout ${cert_tmp_path}/${indexer_node_name}-key.pem -out ${cert_tmp_path}/${indexer_node_name}.csr -config ${cert_tmp_path}/${indexer_node_name}.conf ${debug}"
            common_logger -d "Creating the Wazuh indexer certificates."
            eval "openssl x509 -req -in ${cert_tmp_path}/${indexer_node_name}.csr -CA ${cert_tmp_path}/root-ca.pem -CAkey ${cert_tmp_path}/root-ca.key -CAcreateserial -out ${cert_tmp_path}/${indexer_node_name}.pem -extfile ${cert_tmp_path}/${indexer_node_name}.conf -extensions v3_req -days 3650 ${debug}"
        done
    else
        return 1
    fi

}

davidcr01 commented 6 months ago

The output can be silenced using the > /dev/null 2>&1 parameters, redirecting the stderr and the stdout to /dev/null (discarding all types of output)

vagrant@ubuntu22:~$ openssl req -x509 -new -nodes -newkey rsa:2048 -keyout root-ca.key -out root-ca.pem -batch -subj '/OU=Wazuh/O=Wazuh/L=California/' -days 3650 >> /dev/null 2>&1
vagrant@ubuntu22:~$ echo $?
0

As we are removing the debug in these commands with the risk of not capturing error messages in these commands, it would be desirable to check if the commands are being executed correctly.

The related functions are:

cert_generateRootCAcertificate
cert_generateAdmincertificate
cert_generateIndexercertificates
cert_generateFilebeatcertificates
cert_generateDashboardcertificates

The cert_generateRootCAcertificate function:

function cert_generateRootCAcertificate() {

    common_logger -d "Creating the root certificate."

    # Create the root certificate
    eval "openssl req -x509 -new -nodes -newkey rsa:2048 -keyout ${cert_tmp_path}/root-ca.key -out ${cert_tmp_path}/root-ca.pem -batch -subj '/OU=Wazuh/O=Wazuh/L=California/' -days 3650" > /dev/null 2>&1

    # Validate the root certificate creation
    if [ "${PIPESTATUS[0]}" != 0 ]; then
        common_logger -e "Error creating Root CA certificate."
        return 1
    fi
}

The cert_generateIndexercertificates function:

function cert_generateIndexercertificates() {

    common_logger -d "Generating Wazuh indexer certificates."
    if [ ${#indexer_node_names[@]} -gt 0 ]; then
        common_logger -d "Creating the Wazuh indexer certificates."

        for i in "${!indexer_node_names[@]}"; do
            indexer_node_name=${indexer_node_names[$i]}
            cert_generateCertificateconfiguration "${indexer_node_name}" "${indexer_node_ips[i]}"
            eval "openssl req -new -nodes -newkey rsa:2048 -keyout ${cert_tmp_path}/${indexer_node_name}-key.pem -out ${cert_tmp_path}/${indexer_node_name}.csr -config ${cert_tmp_path}/${indexer_node_name}.conf" > /dev/null 2>&1
            eval "openssl x509 -req -in ${cert_tmp_path}/${indexer_node_name}.csr -CA ${cert_tmp_path}/root-ca.pem -CAkey ${cert_tmp_path}/root-ca.key -CAcreateserial -out ${cert_tmp_path}/${indexer_node_name}.pem -extfile ${cert_tmp_path}/${indexer_node_name}.conf -extensions v3_req -days 3650" > /dev/null 2>&1

            # Validate the certificate creation
            if [ "${PIPESTATUS[0]}" != 0 ] || [ "${PIPESTATUS[1]}" != 0 ]; then
                common_logger -e "Error creating certificate for ${indexer_node_name}."
                return 1
            fi
        done
    else
        return 1
    fi
}

The cert_generateAdmincertificate function:

function cert_generateAdmincertificate() {

    common_logger -d "Generating Admin certificates."

    # Generate private key
    eval "openssl genrsa -out ${cert_tmp_path}/admin-key-temp.pem 2048" > /dev/null 2>&1
    if [ "${PIPESTATUS[0]}" != 0 ]; then
        common_logger -e "Error generating Admin private key."
        return 1
    fi

    # Convert private key to PKCS8 format
    eval "openssl pkcs8 -inform PEM -outform PEM -in ${cert_tmp_path}/admin-key-temp.pem -topk8 -nocrypt -v1 PBE-SHA1-3DES -out ${cert_tmp_path}/admin-key.pem" > /dev/null 2>&1
    if [ "${PIPESTATUS[0]}" != 0 ]; then
        common_logger -e "Error converting Admin private key to PKCS8 format."
        return 1
    fi

    # Generate certificate signing request (CSR)
    eval "openssl req -new -key ${cert_tmp_path}/admin-key.pem -out ${cert_tmp_path}/admin.csr -batch -subj '/C=US/L=California/O=Wazuh/OU=Wazuh/CN=admin'" > /dev/null 2>&1
    if [ "${PIPESTATUS[0]}" != 0 ]; then
        common_logger -e "Error generating Admin CSR."
        return 1
    fi

    # Sign the certificate
    eval "openssl x509 -days 3650 -req -in ${cert_tmp_path}/admin.csr -CA ${cert_tmp_path}/root-ca.pem -CAkey ${cert_tmp_path}/root-ca.key -CAcreateserial -sha256 -out ${cert_tmp_path}/admin.pem" > /dev/null 2>&1
    if [ "${PIPESTATUS[0]}" != 0 ]; then
        common_logger -e "Error creating Admin certificate."
        return 1
    fi
}

The cert_generateFilebeatcertificates function:

function cert_generateFilebeatcertificates() {

    common_logger -d "Generating Filebeat certificates."
    if [ ${#server_node_names[@]} -gt 0 ]; then
        common_logger -d "Creating the Wazuh server certificates."

        for i in "${!server_node_names[@]}"; do
            server_name="${server_node_names[i]}"
            j=$((i+1))
            declare -a server_ips=(server_node_ip_"$j"[@])
            cert_generateCertificateconfiguration "${server_name}" "${!server_ips}"
            eval "openssl req -new -nodes -newkey rsa:2048 -keyout ${cert_tmp_path}/${server_name}-key.pem -out ${cert_tmp_path}/${server_name}.csr  -config ${cert_tmp_path}/${server_name}.conf" > /dev/null 2>&1
            eval "openssl x509 -req -in ${cert_tmp_path}/${server_name}.csr -CA ${cert_tmp_path}/root-ca.pem -CAkey ${cert_tmp_path}/root-ca.key -CAcreateserial -out ${cert_tmp_path}/${server_name}.pem -extfile ${cert_tmp_path}/${server_name}.conf -extensions v3_req -days 3650" > /dev/null 2>&1

            # Validate the certificate creation
            if [ "${PIPESTATUS[0]}" != 0 ] || [ "${PIPESTATUS[1]}" != 0 ]; then
                common_logger -e "Error creating certificate for ${server_name}."
                return 1
            fi
        done
    else
        return 1
    fi
}

The cert_generateDashboardcertificates function:

function cert_generateDashboardcertificates() {

    common_logger -d "Generating Wazuh dashboard certificates."
    if [ ${#dashboard_node_names[@]} -gt 0 ]; then
        common_logger -d "Creating the Wazuh dashboard certificates."

        for i in "${!dashboard_node_names[@]}"; do
            dashboard_node_name="${dashboard_node_names[i]}"
            cert_generateCertificateconfiguration "${dashboard_node_name}" "${dashboard_node_ips[i]}"
            eval "openssl req -new -nodes -newkey rsa:2048 -keyout ${cert_tmp_path}/${dashboard_node_name}-key.pem -out ${cert_tmp_path}/${dashboard_node_name}.csr -config ${cert_tmp_path}/${dashboard_node_name}.conf" > /dev/null 2>&1
            eval "openssl x509 -req -in ${cert_tmp_path}/${dashboard_node_name}.csr -CA ${cert_tmp_path}/root-ca.pem -CAkey ${cert_tmp_path}/root-ca.key -CAcreateserial -out ${cert_tmp_path}/${dashboard_node_name}.pem -extfile ${cert_tmp_path}/${dashboard_node_name}.conf -extensions v3_req -days 3650" > /dev/null 2>&1

            # Validate the certificate creation
            if [ "${PIPESTATUS[0]}" != 0 ] || [ "${PIPESTATUS[1]}" != 0 ]; then
                common_logger -e "Error creating certificate for ${dashboard_node_name}."
                return 1
            fi
        done
    else
        return 1
    fi
}

teddytpc1 commented 6 months ago

@davidjiglesias if we suppress the log mentioned in the description, we will also suppress the error log. We didn't find a way to get rid only of the ++---+++ log. I think that the only improvement we can add is the one proposed by @c-bordon here: 2- Add more descriptive messages, such as, we are creating this certificate

@davidcr01 will continue to implement this.

davidcr01 commented 6 months ago

Update Report

Next workaround

As removing the ++--++ output is very desirable, I will implement a methodology that will perform the following steps in the openssl commands:

The commands will be executed "silently" saving the output of the command in a variable
The exit code of the command will be checked
If the command fails, the output of the command will be displayed in the terminal.

With this, the output will be silenced but shown when an error is generated. By this way, we are catching the possible errors while reducing the noise of the script output.

davidcr01 commented 5 months ago

Update Report

Testing

Generating certificates

:green_circle: Success case - Without verbose

```console root@ubuntu22:/home/vagrant# bash wazuh-certs-tool.sh -A 29/01/2024 14:16:58 INFO: Generating the root certificate. 29/01/2024 14:16:59 INFO: Generating Admin certificates. 29/01/2024 14:16:59 INFO: Admin certificates created. 29/01/2024 14:16:59 INFO: Generating Wazuh indexer certificates. 29/01/2024 14:16:59 INFO: Wazuh indexer certificates created. 29/01/2024 14:16:59 INFO: Generating Filebeat certificates. 29/01/2024 14:17:00 INFO: Wazuh server certificates created. 29/01/2024 14:17:00 INFO: Generating Wazuh dashboard certificates. 29/01/2024 14:17:00 INFO: Wazuh dashboard certificates created. ```

:green_circle: Success case - With verbose

```console root@ubuntu22:/home/vagrant# bash wazuh-certs-tool.sh -A -v 29/01/2024 14:17:32 DEBUG: Reading configuration file. 29/01/2024 14:17:32 DEBUG: Checking if 127.0.0.1 is private. 29/01/2024 14:17:32 DEBUG: Checking if 127.0.0.1 is private. 29/01/2024 14:17:32 DEBUG: Checking if 127.0.0.1 is private. 29/01/2024 14:17:32 DEBUG: Checking if the root CA exists. 29/01/2024 14:17:32 INFO: Generating the root certificate. 29/01/2024 14:17:32 DEBUG: Creating the root certificate. 29/01/2024 14:17:33 INFO: Generating Admin certificates. 29/01/2024 14:17:33 DEBUG: Generating Admin private key. 29/01/2024 14:17:33 DEBUG: Converting Admin private key to PKCS8 format. 29/01/2024 14:17:33 DEBUG: Generating Admin CSR. 29/01/2024 14:17:33 DEBUG: Creating Admin certificate. 29/01/2024 14:17:33 INFO: Admin certificates created. 29/01/2024 14:17:33 INFO: Generating Wazuh indexer certificates. 29/01/2024 14:17:33 DEBUG: Creating the certificates for node-1 indexer node. 29/01/2024 14:17:33 DEBUG: Generating certificate configuration. 29/01/2024 14:17:33 DEBUG: Creating the Wazuh indexer tmp key pair. 29/01/2024 14:17:33 DEBUG: Creating the Wazuh indexer certificates. 29/01/2024 14:17:33 INFO: Wazuh indexer certificates created. 29/01/2024 14:17:33 INFO: Generating Filebeat certificates. 29/01/2024 14:17:33 DEBUG: Generating the certificates for wazuh-1 server node. 29/01/2024 14:17:33 DEBUG: Generating certificate configuration. 29/01/2024 14:17:33 DEBUG: Creating the Wazuh server tmp key pair. 29/01/2024 14:17:34 DEBUG: Creating the Wazuh server certificates. 29/01/2024 14:17:34 INFO: Wazuh server certificates created. 29/01/2024 14:17:34 INFO: Generating Wazuh dashboard certificates. 29/01/2024 14:17:34 DEBUG: Generating certificate configuration. 29/01/2024 14:17:34 DEBUG: Creating the Wazuh dashboard tmp key pair. 29/01/2024 14:17:34 DEBUG: Creating the Wazuh dashboard certificates. 29/01/2024 14:17:34 INFO: Wazuh dashboard certificates created. 29/01/2024 14:17:34 DEBUG: Cleaning certificate files. ```

:green_circle: Error case - With verbose

```console root@ubuntu22:/home/vagrant# bash wazuh-certs-tool.sh -A -v 29/01/2024 13:55:48 DEBUG: Reading configuration file. 29/01/2024 13:55:48 DEBUG: Checking if 127.0.0.1 is private. 29/01/2024 13:55:48 DEBUG: Checking if 127.0.0.1 is private. 29/01/2024 13:55:48 DEBUG: Checking if 127.0.0.1 is private. 29/01/2024 13:55:48 DEBUG: Checking if the root CA exists. 29/01/2024 13:55:48 INFO: Generating the root certificate. 29/01/2024 13:55:48 DEBUG: Creating the root certificate. 29/01/2024 13:55:48 ERROR: Error generating the certificates. 29/01/2024 13:55:48 DEBUG: Error executing command: openssl req -x509 -new -nodes rsa:2048 -keyout /tmp/wazuh-certificates/root-ca.key -out /tmp/wazuh-certificates/root-ca.pem -batch -subj '/OU=Wazuh/O=Wazuh/L=California/' -days 3650 29/01/2024 13:55:48 DEBUG: Error output: req: Use -help for summary. 29/01/2024 13:55:48 DEBUG: Cleaning certificate files. ```

:green_circle: Error case - Without verbose

```console root@ubuntu22:/home/vagrant# bash wazuh-certs-tool.sh -A 29/01/2024 11:49:11 INFO: Generating the root certificate. 29/01/2024 11:49:11 ERROR: Error generating the certificates. ```

Installation

:green_circle: Console log

```console 29/01/2024 14:49:54 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0 29/01/2024 14:49:54 INFO: Verbose logging redirected to /var/log/wazuh-install.log 29/01/2024 14:50:22 WARNING: Hardware and system checks ignored. 29/01/2024 14:50:22 INFO: Wazuh web interface port will be 443. 29/01/2024 14:50:28 INFO: --- Dependencies ---- 29/01/2024 14:50:28 INFO: Installing apt-transport-https. 29/01/2024 14:50:36 INFO: Wazuh development repository added. 29/01/2024 14:50:36 INFO: --- Configuration files --- 29/01/2024 14:50:36 INFO: Generating configuration files. 29/01/2024 14:50:36 INFO: Generating the root certificate. 29/01/2024 14:50:36 INFO: Generating Admin certificates. 29/01/2024 14:50:37 INFO: Generating Wazuh indexer certificates. 29/01/2024 14:50:37 INFO: Generating Filebeat certificates. 29/01/2024 14:50:38 INFO: Generating Wazuh dashboard certificates. 29/01/2024 14:50:38 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation. 29/01/2024 14:50:39 INFO: --- Wazuh indexer --- 29/01/2024 14:50:39 INFO: Starting Wazuh indexer installation. 29/01/2024 14:54:28 INFO: Wazuh indexer installation finished. 29/01/2024 14:54:28 INFO: Wazuh indexer post-install configuration finished. 29/01/2024 14:54:28 INFO: Starting service wazuh-indexer. 29/01/2024 14:54:50 INFO: wazuh-indexer service started. 29/01/2024 14:54:50 INFO: Initializing Wazuh indexer cluster security settings. 29/01/2024 14:55:00 INFO: Wazuh indexer cluster security configuration initialized. 29/01/2024 14:55:02 INFO: The Wazuh indexer cluster ISM initialized. 29/01/2024 14:55:02 INFO: Wazuh indexer cluster initialized. 29/01/2024 14:55:02 INFO: --- Wazuh server --- 29/01/2024 14:55:02 INFO: Starting the Wazuh manager installation. 29/01/2024 14:58:01 INFO: Wazuh manager installation finished. 29/01/2024 14:58:01 INFO: Wazuh manager vulnerability detection configuration finished. 29/01/2024 14:58:01 INFO: Starting service wazuh-manager. 29/01/2024 14:58:25 INFO: wazuh-manager service started. 29/01/2024 14:58:25 INFO: Starting Filebeat installation. 29/01/2024 14:58:39 INFO: Filebeat installation finished. 29/01/2024 14:58:41 INFO: Filebeat post-install configuration finished. 29/01/2024 14:58:41 INFO: Starting service filebeat. 29/01/2024 14:58:43 INFO: filebeat service started. 29/01/2024 14:58:43 INFO: --- Wazuh dashboard --- 29/01/2024 14:58:43 INFO: Starting Wazuh dashboard installation. 29/01/2024 15:00:42 INFO: Wazuh dashboard installation finished. 29/01/2024 15:00:42 INFO: Wazuh dashboard post-install configuration finished. 29/01/2024 15:00:42 INFO: Starting service wazuh-dashboard. 29/01/2024 15:00:43 INFO: wazuh-dashboard service started. 29/01/2024 15:00:46 INFO: Updating the internal users. 29/01/2024 15:00:56 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder. 29/01/2024 15:01:58 INFO: Initializing Wazuh dashboard web application. 29/01/2024 15:01:59 INFO: Wazuh dashboard web application initialized. 29/01/2024 15:01:59 INFO: --- Summary --- 29/01/2024 15:01:59 INFO: You can access the web interface https://:443 User: admin Password: 8A..Hu?crSicob*Tpo6hDmhlYuNZgLjB 29/01/2024 15:01:59 INFO: Installation finished. ```

:green_circle: Log in the `wazuh-install.log`

```console root@ubuntu22:/home/vagrant# bash wazuh-install.sh -a -i -v 29/01/2024 15:09:22 DEBUG: Checking root permissions. 29/01/2024 15:09:22 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0 29/01/2024 15:09:22 INFO: Verbose logging redirected to /var/log/wazuh-install.log 29/01/2024 15:09:22 DEBUG: APT package manager will be used. 29/01/2024 15:09:22 DEBUG: Checking system distribution. 29/01/2024 15:09:22 DEBUG: Detected distribution name: ubuntu 29/01/2024 15:09:22 DEBUG: Detected distribution version: 22 29/01/2024 15:09:22 DEBUG: Checking Wazuh installation. 29/01/2024 15:09:24 DEBUG: Installing check dependencies. Hit:1 https://mirrors.edge.kernel.org/ubuntu jammy InRelease Get:2 https://mirrors.edge.kernel.org/ubuntu jammy-updates InRelease [119 kB] Hit:3 https://mirrors.edge.kernel.org/ubuntu jammy-backports InRelease Get:4 https://mirrors.edge.kernel.org/ubuntu jammy-security InRelease [110 kB] Get:5 https://mirrors.edge.kernel.org/ubuntu jammy-updates/main amd64 Packages [1,325 kB] Fetched 1,555 kB in 3s (463 kB/s) Reading package lists... 29/01/2024 15:09:36 DEBUG: Checking system architecture. 29/01/2024 15:09:36 WARNING: Hardware and system checks ignored. 29/01/2024 15:09:36 INFO: Wazuh web interface port will be 443. 29/01/2024 15:09:36 DEBUG: Checking ports availability. 29/01/2024 15:09:37 DEBUG: Installing prerequisites dependencies. Hit:1 https://mirrors.edge.kernel.org/ubuntu jammy InRelease Hit:2 https://mirrors.edge.kernel.org/ubuntu jammy-updates InRelease Hit:3 https://mirrors.edge.kernel.org/ubuntu jammy-backports InRelease Hit:4 https://mirrors.edge.kernel.org/ubuntu jammy-security InRelease Reading package lists... 29/01/2024 15:09:42 DEBUG: Checking curl tool version. 29/01/2024 15:09:42 DEBUG: Adding the Wazuh repository. gpg: keyring '/usr/share/keyrings/wazuh.gpg' created gpg: key 96B3EE5F29111145: public key "Wazuh.com (Wazuh Signing Key) " imported gpg: Total number processed: 1 gpg: imported: 1 deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages-dev.wazuh.com/pre-release/apt/ unstable main Hit:1 https://mirrors.edge.kernel.org/ubuntu jammy InRelease Hit:2 https://mirrors.edge.kernel.org/ubuntu jammy-updates InRelease Hit:3 https://mirrors.edge.kernel.org/ubuntu jammy-backports InRelease Hit:4 https://mirrors.edge.kernel.org/ubuntu jammy-security InRelease Get:5 https://packages-dev.wazuh.com/pre-release/apt unstable InRelease [17.3 kB] Get:6 https://packages-dev.wazuh.com/pre-release/apt unstable/main amd64 Packages [36.6 kB] Fetched 53.9 kB in 2s (22.2 kB/s) Reading package lists... 29/01/2024 15:09:47 INFO: Wazuh development repository added. 29/01/2024 15:09:47 INFO: --- Configuration files --- 29/01/2024 15:09:47 INFO: Generating configuration files. 29/01/2024 15:09:47 DEBUG: Creating Wazuh certificates. 29/01/2024 15:09:47 DEBUG: Reading configuration file. 29/01/2024 15:09:48 INFO: Generating the root certificate. 29/01/2024 15:09:48 DEBUG: Creating the root certificate. 29/01/2024 15:09:48 INFO: Generating Admin certificates. 29/01/2024 15:09:48 DEBUG: Generating Admin private key. 29/01/2024 15:09:48 DEBUG: Converting Admin private key to PKCS8 format. 29/01/2024 15:09:48 DEBUG: Generating Admin CSR. 29/01/2024 15:09:48 DEBUG: Creating Admin certificate. 29/01/2024 15:09:48 INFO: Generating Wazuh indexer certificates. 29/01/2024 15:09:48 DEBUG: Creating the certificates for wazuh-indexer indexer node. 29/01/2024 15:09:48 DEBUG: Generating certificate configuration. 29/01/2024 15:09:48 DEBUG: Creating the Wazuh indexer tmp key pair. 29/01/2024 15:09:49 DEBUG: Creating the Wazuh indexer certificates. 29/01/2024 15:09:49 INFO: Generating Filebeat certificates. 29/01/2024 15:09:49 DEBUG: Generating the certificates for wazuh-server server node. 29/01/2024 15:09:49 DEBUG: Generating certificate configuration. 29/01/2024 15:09:49 DEBUG: Creating the Wazuh server tmp key pair. 29/01/2024 15:09:49 DEBUG: Creating the Wazuh server certificates. 29/01/2024 15:09:49 INFO: Generating Wazuh dashboard certificates. 29/01/2024 15:09:49 DEBUG: Generating certificate configuration. 29/01/2024 15:09:50 DEBUG: Creating the Wazuh dashboard tmp key pair. 29/01/2024 15:09:50 DEBUG: Creating the Wazuh dashboard certificates. 29/01/2024 15:09:50 DEBUG: Cleaning certificate files. 29/01/2024 15:09:50 DEBUG: Generating password file. 29/01/2024 15:09:50 DEBUG: Generating random passwords. 29/01/2024 15:09:50 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation. 29/01/2024 15:09:50 DEBUG: Extracting Wazuh configuration. 29/01/2024 15:09:50 DEBUG: Reading configuration file. 29/01/2024 15:09:51 INFO: --- Wazuh indexer --- 29/01/2024 15:09:51 INFO: Starting Wazuh indexer installation. Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: wazuh-indexer 0 upgraded, 1 newly installed, 0 to remove and 174 not upgraded. Need to get 0 B/759 MB of archives. After this operation, 1,050 MB of additional disk space will be used. Selecting previously unselected packag NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.15.0-69-generic NEEDRESTART-KEXP: 5.15.0-69-generic NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: filebeat.service 29/01/2024 15:10:51 DEBUG: Checking Wazuh installation. 29/01/2024 15:10:52 DEBUG: There are Wazuh indexer remaining files. 29/01/2024 15:10:54 INFO: Wazuh indexer installation finished. 29/01/2024 15:10:54 DEBUG: Configuring Wazuh indexer. 29/01/2024 15:10:54 DEBUG: Copying Wazuh indexer certificates. 29/01/2024 15:10:54 INFO: Wazuh indexer post-install configuration finished. 29/01/2024 15:10:54 INFO: Starting service wazuh-indexer. Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service → /lib/systemd/system/wazuh-indexer.service. 29/01/2024 15:11:23 INFO: wazuh-indexer service started. 29/01/2024 15:11:23 INFO: Initializing Wazuh indexer cluster security settings. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to 127.0.0.1:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.10.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: GREEN Number of nodes: 1 Number of data nodes: 1 .opendistro_security index does not exists, attempt to create it ... done (0-all replicas) Populate config from /etc/wazuh-indexer/opensearch-security/ Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml SUCC: Configuration for 'config' created or updated Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml SUCC: Configuration for 'roles' created or updated Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml SUCC: Configuration for 'rolesmapping' created or updated Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml SUCC: Configuration for 'internalusers' created or updated Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml SUCC: Configuration for 'actiongroups' created or updated Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml SUCC: Configuration for 'tenants' created or updated Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml SUCC: Configuration for 'nodesdn' created or updated Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml SUCC: Configuration for 'whitelist' created or updated Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml SUCC: Configuration for 'audit' created or updated Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml SUCC: Configuration for 'allowlist' created or updated SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null Done with success 29/01/2024 15:11:36 INFO: Wazuh indexer cluster security configuration initialized. Will create 'wazuh' index template SUCC: 'wazuh' template created or updated Will create 'ism_history_indices' index template SUCC: 'ism_history_indices' template created or updated Will disable replicas for 'plugins.index_state_management.history' indices SUCC: cluster's settings saved Will create index templates to configure the alias SUCC: 'wazuh-alerts' template created or updated SUCC: 'wazuh-archives' template created or updated Will create the 'rollover_policy' policy SUCC: 'rollover_policy' policy created Will create initial indices for the aliases SUCC: 'wazuh-alerts' write index created SUCC: 'wazuh-archives' write index created SUCC: Indexer ISM initialization finished successfully. 29/01/2024 15:11:39 INFO: The Wazuh indexer cluster ISM initialized. 29/01/2024 15:11:39 INFO: Wazuh indexer cluster initialized. 29/01/2024 15:11:39 INFO: --- Wazuh server --- 29/01/2024 15:11:39 INFO: Starting the Wazuh manager installation. Reading package lists... Building dependency tree... Reading state information... Suggested packages: expect The following NEW packages will be installed: wazuh-manager 0 upgraded, 1 newly installed, 0 to remove and 174 not upgraded. Need to get 0 B/288 MB of archives. After this operation, 888 MB of additional disk space will be used. Selecting pre NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.15.0-69-generic NEEDRESTART-KEXP: 5.15.0-69-generic NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: filebeat.service 29/01/2024 15:13:24 DEBUG: Checking Wazuh installation. 29/01/2024 15:13:24 DEBUG: There are Wazuh remaining files. 29/01/2024 15:13:25 DEBUG: There are Wazuh indexer remaining files. 29/01/2024 15:13:25 INFO: Wazuh manager installation finished. 29/01/2024 15:13:25 DEBUG: Configuring Wazuh manager. 29/01/2024 15:13:25 INFO: Wazuh manager vulnerability detection configuration finished. 29/01/2024 15:13:25 INFO: Starting service wazuh-manager. Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-manager.service → /lib/systemd/system/wazuh-manager.service. 29/01/2024 15:13:52 INFO: wazuh-manager service started. 29/01/2024 15:13:52 INFO: Starting Filebeat installation. Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: filebeat 0 upgraded, 1 newly installed, 0 to remove and 174 not upgraded. Need to get 0 B/22.1 MB of archives. After this operation, 73.6 MB of additional disk space will be used. Selecting previously unselected package fil NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.15.0-69-generic NEEDRESTART-KEXP: 5.15.0-69-generic NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: filebeat.service 29/01/2024 15:14:01 DEBUG: Checking Wazuh installation. 29/01/2024 15:14:01 DEBUG: There are Wazuh remaining files. 29/01/2024 15:14:02 DEBUG: There are Wazuh indexer remaining files. 29/01/2024 15:14:03 DEBUG: There are Filebeat remaining files. 29/01/2024 15:14:04 INFO: Filebeat installation finished. 29/01/2024 15:14:04 DEBUG: Configuring Filebeat. 29/01/2024 15:14:05 DEBUG: Filebeat template was download successfully. wazuh/ wazuh/archives/ wazuh/archives/ingest/ wazuh/archives/ingest/pipeline.json wazuh/archives/config/ wazuh/archives/config/archives.yml wazuh/archives/manifest.yml wazuh/_meta/ wazuh/_meta/config.yml wazuh/_meta/docs.asciidoc wazuh/_meta/fields.yml wazuh/alerts/ wazuh/alerts/ingest/ wazuh/alerts/ingest/pipeline.json wazuh/alerts/config/ wazuh/alerts/config/alerts.yml wazuh/alerts/manifest.yml wazuh/module.yml 29/01/2024 15:14:06 DEBUG: Filebeat module was downloaded successfully. 29/01/2024 15:14:06 DEBUG: Copying Filebeat certificates. Created filebeat keystore Successfully updated the keystore Successfully updated the keystore 29/01/2024 15:14:06 INFO: Filebeat post-install configuration finished. 29/01/2024 15:14:06 INFO: Starting service filebeat. Synchronizing state of filebeat.service with SysV service script with /lib/systemd/systemd-sysv-install. Executing: /lib/systemd/systemd-sysv-install enable filebeat Created symlink /etc/systemd/system/multi-user.target.wants/filebeat.service → /lib/systemd/system/filebeat.service. 29/01/2024 15:14:09 INFO: filebeat service started. 29/01/2024 15:14:09 INFO: --- Wazuh dashboard --- 29/01/2024 15:14:09 INFO: Starting Wazuh dashboard installation. Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: wazuh-dashboard 0 upgraded, 1 newly installed, 0 to remove and 174 not upgraded. Need to get 0 B/186 MB of archives. After this operation, 987 MB of additional disk space will be used. Selecting previously unselected packag NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.15.0-69-generic NEEDRESTART-KEXP: 5.15.0-69-generic NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: filebeat.service 29/01/2024 15:15:26 DEBUG: Checking Wazuh installation. 29/01/2024 15:15:26 DEBUG: There are Wazuh remaining files. 29/01/2024 15:15:27 DEBUG: There are Wazuh indexer remaining files. 29/01/2024 15:15:27 DEBUG: There are Filebeat remaining files. 29/01/2024 15:15:28 DEBUG: There are Wazuh dashboard remaining files. 29/01/2024 15:15:28 INFO: Wazuh dashboard installation finished. 29/01/2024 15:15:28 DEBUG: Configuring Wazuh dashboard. 29/01/2024 15:15:28 DEBUG: Copying Wazuh dashboard certificates. 29/01/2024 15:15:28 DEBUG: Wazuh dashboard certificate setup finished. 29/01/2024 15:15:28 INFO: Wazuh dashboard post-install configuration finished. 29/01/2024 15:15:28 INFO: Starting service wazuh-dashboard. Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service → /etc/systemd/system/wazuh-dashboard.service. 29/01/2024 15:15:29 INFO: wazuh-dashboard service started. 29/01/2024 15:15:29 DEBUG: Setting Wazuh indexer cluster passwords. 29/01/2024 15:15:29 DEBUG: Checking Wazuh installation. 29/01/2024 15:15:30 DEBUG: There are Wazuh remaining files. 29/01/2024 15:15:31 DEBUG: There are Wazuh indexer remaining files. 29/01/2024 15:15:31 DEBUG: There are Filebeat remaining files. 29/01/2024 15:15:32 DEBUG: There are Wazuh dashboard remaining files. 29/01/2024 15:15:32 INFO: Updating the internal users. 29/01/2024 15:15:32 DEBUG: Creating password backup. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to localhost:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.10.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: GREEN Number of nodes: 1 Number of data nodes: 1 .opendistro_security index already exists, so we do not need to create one. Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml 29/01/2024 15:15:42 DEBUG: Password backup created in /etc/wazuh-indexer/backup. 29/01/2024 15:15:42 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder. 29/01/2024 15:15:42 DEBUG: The internal users have been updated before changing the passwords. 29/01/2024 15:15:48 DEBUG: Generating password hashes. 29/01/2024 15:15:56 DEBUG: Password hashes generated. 29/01/2024 15:15:56 DEBUG: Creating password backup. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to localhost:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.10.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: GREEN Number of nodes: 1 Number of data nodes: 1 .opendistro_security index already exists, so we do not need to create one. Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml 29/01/2024 15:16:01 DEBUG: Password backup created in /etc/wazuh-indexer/backup. Successfully updated the keystore 29/01/2024 15:16:02 DEBUG: Restarting filebeat service... 29/01/2024 15:16:03 DEBUG: filebeat started. 29/01/2024 15:16:03 DEBUG: Restarting wazuh-manager service... 29/01/2024 15:16:28 DEBUG: wazuh-manager started. 29/01/2024 15:16:30 DEBUG: Restarting wazuh-dashboard service... 29/01/2024 15:16:31 DEBUG: wazuh-dashboard started. 29/01/2024 15:16:31 DEBUG: Running security admin tool. 29/01/2024 15:16:31 DEBUG: Loading new passwords changes. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to localhost:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.10.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: GREEN Number of nodes: 1 Number of data nodes: 1 .opendistro_security index already exists, so we do not need to create one. Populate config from /home/vagrant Force type: internalusers Will update '/internalusers' with /etc/wazuh-indexer/backup/internal_users.yml SUCC: Configuration for 'internalusers' created or updated SUCC: Expected 1 config types for node {"updated_config_types":["internalusers"],"updated_config_size":1,"message":null} is 1 (["internalusers"]) due to: null Done with success 29/01/2024 15:16:40 DEBUG: Passwords changed. 29/01/2024 15:16:40 DEBUG: Changing API passwords. 29/01/2024 15:16:52 INFO: Initializing Wazuh dashboard web application. 29/01/2024 15:16:53 INFO: Wazuh dashboard web application initialized. 29/01/2024 15:16:53 INFO: --- Summary --- 29/01/2024 15:16:53 INFO: You can access the web interface https://:443 User: admin Password: CP?BkPBYNY*4lMfQ+F7j7HX07VjWrHoo 29/01/2024 15:16:53 DEBUG: Restoring Wazuh repository. 29/01/2024 15:16:53 INFO: Installation finished. ```

wazuh / wazuh-packages

Avoid showing the output of the creation of the Keys in the WIA verbose mode #2787

Description

Update report

Update Report

Next workaround

Update Report

Testing

Generating certificates

Installation