search

wazuh / wazuh-packages

Wazuh - Tools for packages creation
https://wazuh.com
GNU General Public License v2.0
100 stars 90 forks source link

Improved certificates generation output when using WIA/WCT #2792

Closed davidcr01 closed 5 months ago

davidcr01 commented 6 months ago
Related issue
https://github.com/wazuh/wazuh-packages/issues/2787

Description

The aim of this PR is to add more debug messages and information to the certificate creation process. We decided to silence the output of the commands because they produced so much noise. As compensation for this, more information has been added to the log in order to understand and follow the script execution, and also if an error is generated it will be displayed in the output.

Logs example

Success case

Without verbose option:

> bash wazuh-certs-tool.sh -A
23/01/2024 18:13:41 INFO: Generating the root certificate.
23/01/2024 18:13:41 INFO: Generating Admin certificates.
23/01/2024 18:13:42 INFO: Admin certificates created.
23/01/2024 18:13:42 INFO: Generating Wazuh indexer certificates.
23/01/2024 18:13:43 INFO: Wazuh indexer certificates created.
23/01/2024 18:13:43 INFO: Generating Filebeat certificates.
23/01/2024 18:13:43 INFO: Wazuh server certificates created.
23/01/2024 18:13:43 INFO: Generating Wazuh dashboard certificates.
23/01/2024 18:13:43 INFO: Wazuh dashboard certificates created.

With verbose option:

> bash wazuh-certs-tool.sh -A -v
29/01/2024 14:17:32 DEBUG: Reading configuration file.
29/01/2024 14:17:32 DEBUG: Checking if 127.0.0.1 is private.
29/01/2024 14:17:32 DEBUG: Checking if 127.0.0.1 is private.
29/01/2024 14:17:32 DEBUG: Checking if 127.0.0.1 is private.
29/01/2024 14:17:32 DEBUG: Checking if the root CA exists.
29/01/2024 14:17:32 INFO: Generating the root certificate.
29/01/2024 14:17:32 DEBUG: Creating the root certificate.
29/01/2024 14:17:33 INFO: Generating Admin certificates.
29/01/2024 14:17:33 DEBUG: Generating Admin private key.
29/01/2024 14:17:33 DEBUG: Converting Admin private key to PKCS8 format.
29/01/2024 14:17:33 DEBUG: Generating Admin CSR.
29/01/2024 14:17:33 DEBUG: Creating Admin certificate.
29/01/2024 14:17:33 INFO: Admin certificates created.
29/01/2024 14:17:33 INFO: Generating Wazuh indexer certificates.
29/01/2024 14:17:33 DEBUG: Creating the certificates for node-1 indexer node.
29/01/2024 14:17:33 DEBUG: Generating certificate configuration.
29/01/2024 14:17:33 DEBUG: Creating the Wazuh indexer tmp key pair.
29/01/2024 14:17:33 DEBUG: Creating the Wazuh indexer certificates.
29/01/2024 14:17:33 INFO: Wazuh indexer certificates created.
29/01/2024 14:17:33 INFO: Generating Filebeat certificates.
29/01/2024 14:17:33 DEBUG: Generating the certificates for wazuh-1 server node.
29/01/2024 14:17:33 DEBUG: Generating certificate configuration.
29/01/2024 14:17:33 DEBUG: Creating the Wazuh server tmp key pair.
29/01/2024 14:17:34 DEBUG: Creating the Wazuh server certificates.
29/01/2024 14:17:34 INFO: Wazuh server certificates created.
29/01/2024 14:17:34 INFO: Generating Wazuh dashboard certificates.
29/01/2024 14:17:34 DEBUG: Generating certificate configuration.
29/01/2024 14:17:34 DEBUG: Creating the Wazuh dashboard tmp key pair.
29/01/2024 14:17:34 DEBUG: Creating the Wazuh dashboard certificates.
29/01/2024 14:17:34 INFO: Wazuh dashboard certificates created.
29/01/2024 14:17:34 DEBUG: Cleaning certificate files.

Error case

In case of an error, its information is displayed depending on the verbose option:

Error case - With verbose

root@ubuntu22:/home/vagrant# bash wazuh-certs-tool.sh -A -v
29/01/2024 13:55:48 DEBUG: Reading configuration file.
29/01/2024 13:55:48 DEBUG: Checking if 127.0.0.1 is private.
29/01/2024 13:55:48 DEBUG: Checking if 127.0.0.1 is private.
29/01/2024 13:55:48 DEBUG: Checking if 127.0.0.1 is private.
29/01/2024 13:55:48 DEBUG: Checking if the root CA exists.
29/01/2024 13:55:48 INFO: Generating the root certificate.
29/01/2024 13:55:48 DEBUG: Creating the root certificate.
29/01/2024 13:55:48 ERROR: Error generating the certificates.
29/01/2024 13:55:48 DEBUG: Error executing command: openssl req -x509 -new -nodes rsa:2048 -keyout /tmp/wazuh-certificates/root-ca.key -out /tmp/wazuh-certificates/root-ca.pem -batch -subj '/OU=Wazuh/O=Wazuh/L=California/' -days 3650
29/01/2024 13:55:48 DEBUG: Error output: req: Use -help for summary.
29/01/2024 13:55:48 DEBUG: Cleaning certificate files.

Error case - Without verbose

root@ubuntu22:/home/vagrant# bash wazuh-certs-tool.sh -A
29/01/2024 11:49:11 INFO: Generating the root certificate.
29/01/2024 11:49:11 ERROR: Error generating the certificates.

Automatic testing

The following testing have been performed in Jenkins to ensure the development: :green_circle: CentOS 8: https://ci.wazuh.info/job/Test_unattended/5179/ :green_circle: CentOS 7: https://ci.wazuh.info/job/Test_unattended/5178/ :green_circle: Ubuntu 18: https://ci.wazuh.info/job/Test_unattended/5186/ :green_circle: Ubuntu 16: https://ci.wazuh.info/job/Test_unattended/5181/ :green_circle: Ubuntu 20: https://ci.wazuh.info/job/Test_unattended/5182/ :green_circle: AL2: https://ci.wazuh.info/job/Test_unattended/5183/ :green_circle: RHEL7: https://ci.wazuh.info/job/Test_unattended/5187/ :green_circle: RHEL8: https://ci.wazuh.info/job/Test_unattended/5185/

teddytpc1 commented 6 months ago

We will wait for @santiago-bassett approval.