search

wazuh / wazuh-packages

Wazuh - Tools for packages creation
https://wazuh.com
GNU General Public License v2.0
100 stars 90 forks source link

Adapt WIA and WPT to Wazuh Keystore for Indexer configuration #2794

Closed davidcr01 closed 5 months ago

davidcr01 commented 6 months ago

Description

Related: https://github.com/wazuh/internal-devel-requests/issues/707

Due to the refactoring of the Vulnerability Detector module, the configuration of the indexer has changed. These changes in the WIA and WPT were done here: https://github.com/wazuh/wazuh-packages/pull/2777. Now, these changes must be modified again.

We can assume that the username and the password tag will be removed from the ossec.conf file in this issue, so it is not necessary to remove them explicitly in the mentioned tool.

Changes

The following code should be removed: https://github.com/wazuh/wazuh-packages/blob/e2ff0288f6a734a93446e590fddbc52d97511da1/unattended_installer/passwords_tool/passwordsFunctions.sh#L60

It should be replaced to a call to the wazuh-keystore tool in order to change the password of the indexer user.

As the WPT is inserted in the WIA, the only change must be done in the WPT and it will be propagated to the WIA.

With further details of the new tool, the chages may change and be more precise.

davidcr01 commented 5 months ago

Update Report

Testing - AIO

With the new Wazuh manager package created, the following test has been performed:

Show installation log ```console root@ubuntu22:/home/vagrant# bash wazuh-install.sh -a -i -v 01/02/2024 10:40:44 DEBUG: Checking root permissions. 01/02/2024 10:40:44 DEBUG: Checking sudo package. /usr/bin/sudo 01/02/2024 10:40:44 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0 01/02/2024 10:40:44 INFO: Verbose logging redirected to /var/log/wazuh-install.log 01/02/2024 10:40:44 DEBUG: APT package manager will be used. 01/02/2024 10:40:44 DEBUG: Checking system distribution. 01/02/2024 10:40:44 DEBUG: Detected distribution name: ubuntu 01/02/2024 10:40:44 DEBUG: Detected distribution version: 22 01/02/2024 10:40:44 DEBUG: Checking Wazuh installation. 01/02/2024 10:40:46 DEBUG: Installing check dependencies. Hit:1 https://mirrors.edge.kernel.org/ubuntu jammy InRelease Hit:2 https://mirrors.edge.kernel.org/ubuntu jammy-updates InRelease Hit:3 https://mirrors.edge.kernel.org/ubuntu jammy-backports InRelease Hit:4 https://mirrors.edge.kernel.org/ubuntu jammy-security InRelease Reading package lists... 01/02/2024 10:40:52 DEBUG: Checking system architecture. 01/02/2024 10:40:52 WARNING: Hardware and system checks ignored. 01/02/2024 10:40:52 INFO: Wazuh web interface port will be 443. 01/02/2024 10:40:52 DEBUG: Checking ports availability. 01/02/2024 10:40:54 DEBUG: Installing prerequisites dependencies. Hit:1 https://mirrors.edge.kernel.org/ubuntu jammy InRelease Hit:2 https://mirrors.edge.kernel.org/ubuntu jammy-updates InRelease Hit:3 https://mirrors.edge.kernel.org/ubuntu jammy-backports InRelease Hit:4 https://mirrors.edge.kernel.org/ubuntu jammy-security InRelease Reading package lists... 01/02/2024 10:40:58 DEBUG: Checking curl tool version. 01/02/2024 10:40:58 DEBUG: Adding the Wazuh repository. gpg: keyring '/usr/share/keyrings/wazuh.gpg' created gpg: key 96B3EE5F29111145: public key "Wazuh.com (Wazuh Signing Key) " imported gpg: Total number processed: 1 gpg: imported: 1 deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages-dev.wazuh.com/staging/apt/ unstable main Hit:1 https://mirrors.edge.kernel.org/ubuntu jammy InRelease Hit:2 https://mirrors.edge.kernel.org/ubuntu jammy-updates InRelease Hit:3 https://mirrors.edge.kernel.org/ubuntu jammy-backports InRelease Hit:4 https://mirrors.edge.kernel.org/ubuntu jammy-security InRelease Get:5 https://packages-dev.wazuh.com/staging/apt unstable InRelease [17.3 kB] Get:6 https://packages-dev.wazuh.com/staging/apt unstable/main amd64 Packages [4,775 B] Fetched 22.0 kB in 2s (12.2 kB/s) Reading package lists... 01/02/2024 10:41:03 INFO: Wazuh development repository added. 01/02/2024 10:41:03 INFO: --- Configuration files --- 01/02/2024 10:41:03 INFO: Generating configuration files. 01/02/2024 10:41:03 DEBUG: Creating Wazuh certificates. 01/02/2024 10:41:03 DEBUG: Reading configuration file. 01/02/2024 10:41:03 DEBUG: Checking if 127.0.0.1 is private. 01/02/2024 10:41:03 DEBUG: Checking if 127.0.0.1 is private. 01/02/2024 10:41:03 DEBUG: Checking if 127.0.0.1 is private. 01/02/2024 10:41:03 INFO: Generating the root certificate. 01/02/2024 10:41:03 INFO: Generating Admin certificates. 01/02/2024 10:41:03 DEBUG: Generating Admin private key. 01/02/2024 10:41:03 DEBUG: Converting Admin private key to PKCS8 format. 01/02/2024 10:41:03 DEBUG: Generating Admin CSR. 01/02/2024 10:41:03 DEBUG: Creating Admin certificate. 01/02/2024 10:41:03 INFO: Generating Wazuh indexer certificates. 01/02/2024 10:41:03 DEBUG: Creating the certificates for wazuh-indexer indexer node. 01/02/2024 10:41:03 DEBUG: Generating certificate configuration. 01/02/2024 10:41:04 DEBUG: Creating the Wazuh indexer tmp key pair. 01/02/2024 10:41:04 DEBUG: Creating the Wazuh indexer certificates. 01/02/2024 10:41:04 INFO: Generating Filebeat certificates. 01/02/2024 10:41:04 DEBUG: Generating the certificates for wazuh-server server node. 01/02/2024 10:41:04 DEBUG: Generating certificate configuration. 01/02/2024 10:41:04 DEBUG: Creating the Wazuh server tmp key pair. 01/02/2024 10:41:05 DEBUG: Creating the Wazuh server certificates. 01/02/2024 10:41:05 INFO: Generating Wazuh dashboard certificates. 01/02/2024 10:41:05 DEBUG: Generating certificate configuration. 01/02/2024 10:41:05 DEBUG: Creating the Wazuh dashboard tmp key pair. 01/02/2024 10:41:05 DEBUG: Creating the Wazuh dashboard certificates. 01/02/2024 10:41:05 DEBUG: Cleaning certificate files. 01/02/2024 10:41:05 DEBUG: Generating password file. 01/02/2024 10:41:05 DEBUG: Generating random passwords. 01/02/2024 10:41:06 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation. 01/02/2024 10:41:06 DEBUG: Extracting Wazuh configuration. 01/02/2024 10:41:06 DEBUG: Reading configuration file. 01/02/2024 10:41:06 DEBUG: Checking if 127.0.0.1 is private. 01/02/2024 10:41:06 DEBUG: Checking if 127.0.0.1 is private. 01/02/2024 10:41:06 DEBUG: Checking if 127.0.0.1 is private. 01/02/2024 10:41:06 INFO: --- Wazuh indexer --- 01/02/2024 10:41:06 INFO: Starting Wazuh indexer installation. Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: wazuh-indexer 0 upgraded, 1 newly installed, 0 to remove and 174 not upgraded. Need to get 0 B/759 MB of archives. After this operation, 1,050 MB of additional disk space will be used. Selecting previously unselected packag NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.15.0-69-generic NEEDRESTART-KEXP: 5.15.0-69-generic NEEDRESTART-KSTA: 1 01/02/2024 10:42:06 DEBUG: Checking Wazuh installation. 01/02/2024 10:42:07 DEBUG: There are Wazuh indexer remaining files. 01/02/2024 10:42:08 INFO: Wazuh indexer installation finished. 01/02/2024 10:42:08 DEBUG: Configuring Wazuh indexer. 01/02/2024 10:42:08 DEBUG: Copying Wazuh indexer certificates. 01/02/2024 10:42:08 INFO: Wazuh indexer post-install configuration finished. 01/02/2024 10:42:08 INFO: Starting service wazuh-indexer. Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service → /lib/systemd/system/wazuh-indexer.service. 01/02/2024 10:42:29 INFO: wazuh-indexer service started. 01/02/2024 10:42:29 INFO: Initializing Wazuh indexer cluster security settings. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to 127.0.0.1:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.10.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: GREEN Number of nodes: 1 Number of data nodes: 1 .opendistro_security index does not exists, attempt to create it ... done (0-all replicas) Populate config from /etc/wazuh-indexer/opensearch-security/ Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml SUCC: Configuration for 'config' created or updated Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml SUCC: Configuration for 'roles' created or updated Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml SUCC: Configuration for 'rolesmapping' created or updated Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml SUCC: Configuration for 'internalusers' created or updated Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml SUCC: Configuration for 'actiongroups' created or updated Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml SUCC: Configuration for 'tenants' created or updated Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml SUCC: Configuration for 'nodesdn' created or updated Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml SUCC: Configuration for 'whitelist' created or updated Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml SUCC: Configuration for 'audit' created or updated Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml SUCC: Configuration for 'allowlist' created or updated SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null Done with success 01/02/2024 10:42:41 INFO: Wazuh indexer cluster security configuration initialized. Will create 'wazuh' index template ERROR: /etc/wazuh-indexer/wazuh-template.json not found Will create index templates to configure the alias SUCC: 'wazuh-alerts' template created or updated SUCC: 'wazuh-archives' template created or updated Will create the 'rollover_policy' policy SUCC: 'rollover_policy' policy created Will create initial indices for the aliases SUCC: 'wazuh-alerts' write index created SUCC: 'wazuh-archives' write index created SUCC: Indexer ISM initialization finished successfully. 01/02/2024 10:42:42 INFO: The Wazuh indexer cluster ISM initialized. 01/02/2024 10:42:42 INFO: Wazuh indexer cluster initialized. 01/02/2024 10:42:42 INFO: --- Wazuh server --- 01/02/2024 10:42:42 INFO: Starting the Wazuh manager installation. Reading package lists... Building dependency tree... Reading state information... Suggested packages: expect The following NEW packages will be installed: wazuh-manager 0 upgraded, 1 newly installed, 0 to remove and 175 not upgraded. Need to get 0 B/288 MB of archives. After this operation, 888 MB of additional disk space will be used. Selecting pre NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.15.0-69-generic NEEDRESTART-KEXP: 5.15.0-69-generic NEEDRESTART-KSTA: 1 01/02/2024 10:44:32 DEBUG: Checking Wazuh installation. 01/02/2024 10:44:33 DEBUG: There are Wazuh remaining files. 01/02/2024 10:44:33 DEBUG: There are Wazuh indexer remaining files. 01/02/2024 10:44:34 INFO: Wazuh manager installation finished. 01/02/2024 10:44:34 DEBUG: Configuring Wazuh manager. 01/02/2024 10:44:34 INFO: Wazuh manager vulnerability detection configuration finished. 01/02/2024 10:44:34 INFO: Starting service wazuh-manager. Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-manager.service → /lib/systemd/system/wazuh-manager.service. 01/02/2024 10:44:58 INFO: wazuh-manager service started. 01/02/2024 10:44:58 INFO: Starting Filebeat installation. Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: filebeat 0 upgraded, 1 newly installed, 0 to remove and 176 not upgraded. Need to get 22.1 MB of archives. After this operation, 73.6 MB of additional disk space will be used. Get:1 https://packages-dev.wazuh.com/staging/apt unstable/main amd64 filebeat amd64 7.10.2 [22.1 MB] Fetched 22.1 MB in 8s (2,939 kB/s) Selecting previously unselec NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.15.0-69-generic NEEDRESTART-KEXP: 5.15.0-69-generic NEEDRESTART-KSTA: 1 01/02/2024 10:45:11 DEBUG: Checking Wazuh installation. 01/02/2024 10:45:11 DEBUG: There are Wazuh remaining files. 01/02/2024 10:45:12 DEBUG: There are Wazuh indexer remaining files. 01/02/2024 10:45:12 DEBUG: There are Filebeat remaining files. 01/02/2024 10:45:13 INFO: Filebeat installation finished. 01/02/2024 10:45:13 DEBUG: Configuring Filebeat. 01/02/2024 10:45:13 DEBUG: Filebeat template was download successfully. wazuh/ wazuh/archives/ wazuh/archives/ingest/ wazuh/archives/ingest/pipeline.json wazuh/archives/config/ wazuh/archives/config/archives.yml wazuh/archives/manifest.yml wazuh/_meta/ wazuh/_meta/config.yml wazuh/_meta/docs.asciidoc wazuh/_meta/fields.yml wazuh/alerts/ wazuh/alerts/ingest/ wazuh/alerts/ingest/pipeline.json wazuh/alerts/config/ wazuh/alerts/config/alerts.yml wazuh/alerts/manifest.yml wazuh/module.yml 01/02/2024 10:45:15 DEBUG: Filebeat module was downloaded successfully. 01/02/2024 10:45:15 DEBUG: Copying Filebeat certificates. Created filebeat keystore Successfully updated the keystore Successfully updated the keystore 01/02/2024 10:45:15 INFO: Filebeat post-install configuration finished. 01/02/2024 10:45:15 INFO: Starting service filebeat. Synchronizing state of filebeat.service with SysV service script with /lib/systemd/systemd-sysv-install. Executing: /lib/systemd/systemd-sysv-install enable filebeat Created symlink /etc/systemd/system/multi-user.target.wants/filebeat.service → /lib/systemd/system/filebeat.service. 01/02/2024 10:45:17 INFO: filebeat service started. 01/02/2024 10:45:17 INFO: --- Wazuh dashboard --- 01/02/2024 10:45:17 INFO: Starting Wazuh dashboard installation. Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: wazuh-dashboard 0 upgraded, 1 newly installed, 0 to remove and 176 not upgraded. Need to get 186 MB of archives. After this operation, 987 MB of additional disk space will be used. Get:1 https://packages-dev.wazuh.com/staging/apt unstable/main amd64 wazuh-dashboard amd64 4.8.0-1 [186 MB] Fetched 186 MB in 46s (4,035 kB/s) Selecting previo NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.15.0-69-generic NEEDRESTART-KEXP: 5.15.0-69-generic NEEDRESTART-KSTA: 1 01/02/2024 10:47:04 DEBUG: Checking Wazuh installation. 01/02/2024 10:47:04 DEBUG: There are Wazuh remaining files. 01/02/2024 10:47:05 DEBUG: There are Wazuh indexer remaining files. 01/02/2024 10:47:05 DEBUG: There are Filebeat remaining files. 01/02/2024 10:47:06 DEBUG: There are Wazuh dashboard remaining files. 01/02/2024 10:47:06 INFO: Wazuh dashboard installation finished. 01/02/2024 10:47:06 DEBUG: Configuring Wazuh dashboard. 01/02/2024 10:47:06 DEBUG: Copying Wazuh dashboard certificates. 01/02/2024 10:47:06 DEBUG: Wazuh dashboard certificate setup finished. 01/02/2024 10:47:06 INFO: Wazuh dashboard post-install configuration finished. 01/02/2024 10:47:06 INFO: Starting service wazuh-dashboard. Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service → /etc/systemd/system/wazuh-dashboard.service. 01/02/2024 10:47:07 INFO: wazuh-dashboard service started. 01/02/2024 10:47:07 DEBUG: Setting Wazuh indexer cluster passwords. 01/02/2024 10:47:07 DEBUG: Checking Wazuh installation. 01/02/2024 10:47:07 DEBUG: There are Wazuh remaining files. 01/02/2024 10:47:08 DEBUG: There are Wazuh indexer remaining files. 01/02/2024 10:47:08 DEBUG: There are Filebeat remaining files. 01/02/2024 10:47:09 DEBUG: There are Wazuh dashboard remaining files. 01/02/2024 10:47:09 INFO: Updating the internal users. 01/02/2024 10:47:09 DEBUG: Creating password backup. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to 127.0.0.1:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.10.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: YELLOW Number of nodes: 1 Number of data nodes: 1 .opendistro_security index already exists, so we do not need to create one. Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml 01/02/2024 10:47:17 DEBUG: Password backup created in /etc/wazuh-indexer/backup. 01/02/2024 10:47:17 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder. 01/02/2024 10:47:17 DEBUG: The internal users have been updated before changing the passwords. 01/02/2024 10:47:23 DEBUG: Generating password hashes. 01/02/2024 10:47:29 DEBUG: Password hashes generated. 01/02/2024 10:47:29 DEBUG: Creating password backup. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to 127.0.0.1:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.10.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: YELLOW Number of nodes: 1 Number of data nodes: 1 .opendistro_security index already exists, so we do not need to create one. Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml 01/02/2024 10:47:33 DEBUG: Password backup created in /etc/wazuh-indexer/backup. Successfully updated the keystore 01/02/2024 10:47:33 DEBUG: Restarting filebeat service... 01/02/2024 10:47:33 DEBUG: filebeat started. 01/02/2024 10:47:34 DEBUG: Restarting wazuh-manager service... 01/02/2024 10:47:56 DEBUG: wazuh-manager started. 01/02/2024 10:47:58 DEBUG: Restarting wazuh-dashboard service... 01/02/2024 10:47:59 DEBUG: wazuh-dashboard started. 01/02/2024 10:47:59 DEBUG: Running security admin tool. 01/02/2024 10:47:59 DEBUG: Loading new passwords changes. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to 127.0.0.1:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.10.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: YELLOW Number of nodes: 1 Number of data nodes: 1 .opendistro_security index already exists, so we do not need to create one. Populate config from /home/vagrant Force type: internalusers Will update '/internalusers' with /etc/wazuh-indexer/backup/internal_users.yml SUCC: Configuration for 'internalusers' created or updated SUCC: Expected 1 config types for node {"updated_config_types":["internalusers"],"updated_config_size":1,"message":null} is 1 (["internalusers"]) due to: null Done with success 01/02/2024 10:48:05 DEBUG: Passwords changed. 01/02/2024 10:48:05 DEBUG: Changing API passwords. 01/02/2024 10:48:16 INFO: Initializing Wazuh dashboard web application. 01/02/2024 10:48:17 INFO: Wazuh dashboard web application initialized. 01/02/2024 10:48:17 INFO: --- Summary --- 01/02/2024 10:48:17 INFO: You can access the web interface https://:443 User: admin Password: BmiO8d.Cwh4?zOb0R6SGAgkklSQTGW2W 01/02/2024 10:48:17 DEBUG: Restoring Wazuh repository. 01/02/2024 10:48:17 INFO: Installation finished. ```

It has been observed the following error:

Will create 'wazuh' index template
  ERROR: /etc/wazuh-indexer/wazuh-template.json not found
Will create index templates to configure the alias
 SUCC: 'wazuh-alerts' template created or updated
 SUCC: 'wazuh-archives' template created or updated
Will create the 'rollover_policy' policy
  SUCC: 'rollover_policy' policy created
Will create initial indices for the aliases
  SUCC: 'wazuh-alerts' write index created
  SUCC: 'wazuh-archives' write index created
SUCC: Indexer ISM initialization finished successfully.

This error is related to the ISM script execution. It seems that the wazuh-template.json is not included in the Wazuh indexer package. This is reproduced because the deployment is using an old Wazuh indexer package

The health-check was completely successfully: image

Errors

I noticed the following errors in the ossec.log file:

2024/02/01 10:44:56 keystore: ERROR: Could not find key 'password at column 'indexer'.
2024/02/01 10:44:56 keystore: ERROR: Could not find key 'password at column 'indexer'.
2024/02/01 10:44:56 wazuh-modulesd:vulnerability-scanner: ERROR: VulnerabilityScannerFacade::start: Could not find key 'password at column 'indexer'.

This error is generated because the indexer password is inserted after the Wazuh dashboard installation when the passwords change. To avoid this, the password will be inserted when the Wazuh manager is installed, but this password will be overwritten when changing the passwords.

After a new test, this error is not generated anymore:

root@ubuntu22:/home/vagrant# cat /var/ossec/logs/ossec.log | grep ERROR
root@ubuntu22:/home/vagrant# nano wazuh-install

Commit: https://github.com/wazuh/wazuh-packages/pull/2802/commits/a1386cc9f776217fe0efa9343a0e56a3fc85aab8

davidcr01 commented 5 months ago

Update Report

Testing - distribuited installation

:green_circle: The complete distributed installation was performed correctly.

Certificates generation ```console root@ubuntu22:/home/vagrant# bash wazuh-install.sh -g -v 01/02/2024 12:07:58 DEBUG: Checking root permissions. 01/02/2024 12:07:58 DEBUG: Checking sudo package. /usr/bin/sudo 01/02/2024 12:07:58 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0 01/02/2024 12:07:58 INFO: Verbose logging redirected to /var/log/wazuh-install.log 01/02/2024 12:07:58 DEBUG: APT package manager will be used. 01/02/2024 12:07:58 DEBUG: Checking system distribution. 01/02/2024 12:07:58 DEBUG: Detected distribution name: ubuntu 01/02/2024 12:07:58 DEBUG: Detected distribution version: 22 01/02/2024 12:07:58 DEBUG: Checking Wazuh installation. 01/02/2024 12:07:59 DEBUG: Installing check dependencies. Hit:1 https://mirrors.edge.kernel.org/ubuntu jammy InRelease Hit:2 https://mirrors.edge.kernel.org/ubuntu jammy-updates InRelease Hit:3 https://mirrors.edge.kernel.org/ubuntu jammy-backports InRelease Hit:4 https://mirrors.edge.kernel.org/ubuntu jammy-security InRelease Reading package lists... 01/02/2024 12:08:06 DEBUG: Checking system architecture. 01/02/2024 12:08:06 INFO: Verifying that your system meets the recommended minimum hardware requirements. 01/02/2024 12:08:06 DEBUG: CPU cores detected: 2 01/02/2024 12:08:06 DEBUG: Free RAM memory detected: 2980 01/02/2024 12:08:06 INFO: --- Configuration files --- 01/02/2024 12:08:06 INFO: Generating configuration files. 01/02/2024 12:08:06 DEBUG: Checking if OpenSSL is installed. 01/02/2024 12:08:06 DEBUG: Creating Wazuh certificates. 01/02/2024 12:08:06 DEBUG: Reading configuration file. 01/02/2024 12:08:06 DEBUG: Checking if 127.0.0.1 is private. 01/02/2024 12:08:06 DEBUG: Checking if 127.0.0.1 is private. 01/02/2024 12:08:06 DEBUG: Checking if 127.0.0.1 is private. 01/02/2024 12:08:06 INFO: Generating the root certificate. 01/02/2024 12:08:06 INFO: Generating Admin certificates. 01/02/2024 12:08:06 DEBUG: Generating Admin private key. 01/02/2024 12:08:06 DEBUG: Converting Admin private key to PKCS8 format. 01/02/2024 12:08:06 DEBUG: Generating Admin CSR. 01/02/2024 12:08:06 DEBUG: Creating Admin certificate. 01/02/2024 12:08:06 INFO: Generating Wazuh indexer certificates. 01/02/2024 12:08:06 DEBUG: Creating the certificates for node-1 indexer node. 01/02/2024 12:08:06 DEBUG: Generating certificate configuration. 01/02/2024 12:08:06 DEBUG: Creating the Wazuh indexer tmp key pair. 01/02/2024 12:08:07 DEBUG: Creating the Wazuh indexer certificates. 01/02/2024 12:08:07 INFO: Generating Filebeat certificates. 01/02/2024 12:08:07 DEBUG: Generating the certificates for wazuh-1 server node. 01/02/2024 12:08:07 DEBUG: Generating certificate configuration. 01/02/2024 12:08:07 DEBUG: Creating the Wazuh server tmp key pair. 01/02/2024 12:08:07 DEBUG: Creating the Wazuh server certificates. 01/02/2024 12:08:07 INFO: Generating Wazuh dashboard certificates. 01/02/2024 12:08:07 DEBUG: Generating certificate configuration. 01/02/2024 12:08:07 DEBUG: Creating the Wazuh dashboard tmp key pair. 01/02/2024 12:08:07 DEBUG: Creating the Wazuh dashboard certificates. 01/02/2024 12:08:07 DEBUG: Cleaning certificate files. 01/02/2024 12:08:07 DEBUG: Generating password file. 01/02/2024 12:08:07 DEBUG: Generating random passwords. 01/02/2024 12:08:08 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation. ```
Wazuh indexer installation ```console root@ubuntu22:/home/vagrant# bash wazuh-install.sh -wi wazuh-indexer -i -v 01/02/2024 13:39:48 DEBUG: Checking root permissions. 01/02/2024 13:39:48 DEBUG: Checking sudo package. /usr/bin/sudo 01/02/2024 13:39:48 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0 01/02/2024 13:39:48 INFO: Verbose logging redirected to /var/log/wazuh-install.log 01/02/2024 13:39:48 DEBUG: APT package manager will be used. 01/02/2024 13:39:48 DEBUG: Checking system distribution. 01/02/2024 13:39:48 DEBUG: Detected distribution name: ubuntu 01/02/2024 13:39:48 DEBUG: Detected distribution version: 22 01/02/2024 13:39:48 DEBUG: Checking Wazuh installation. 01/02/2024 13:39:49 DEBUG: Installing check dependencies. Hit:1 https://mirrors.edge.kernel.org/ubuntu jammy InRelease Hit:2 https://mirrors.edge.kernel.org/ubuntu jammy-updates InRelease Hit:3 https://mirrors.edge.kernel.org/ubuntu jammy-backports InRelease Hit:4 https://mirrors.edge.kernel.org/ubuntu jammy-security InRelease Reading package lists... 01/02/2024 13:39:56 DEBUG: Checking previous certificate existence. 01/02/2024 13:39:56 DEBUG: Checking system architecture. 01/02/2024 13:39:56 WARNING: Hardware and system checks ignored. 01/02/2024 13:39:56 DEBUG: Checking ports availability. 01/02/2024 13:39:57 DEBUG: Installing prerequisites dependencies. Hit:1 https://mirrors.edge.kernel.org/ubuntu jammy InRelease Hit:2 https://mirrors.edge.kernel.org/ubuntu jammy-updates InRelease Hit:3 https://mirrors.edge.kernel.org/ubuntu jammy-backports InRelease Hit:4 https://mirrors.edge.kernel.org/ubuntu jammy-security InRelease Reading package lists... 01/02/2024 13:40:01 DEBUG: Checking curl tool version. 01/02/2024 13:40:01 DEBUG: Adding the Wazuh repository. gpg: keyring '/usr/share/keyrings/wazuh.gpg' created gpg: key 96B3EE5F29111145: public key "Wazuh.com (Wazuh Signing Key) " imported gpg: Total number processed: 1 gpg: imported: 1 deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages-dev.wazuh.com/staging/apt/ unstable main Hit:1 https://mirrors.edge.kernel.org/ubuntu jammy InRelease Hit:2 https://mirrors.edge.kernel.org/ubuntu jammy-updates InRelease Hit:3 https://mirrors.edge.kernel.org/ubuntu jammy-backports InRelease Hit:4 https://mirrors.edge.kernel.org/ubuntu jammy-security InRelease Get:5 https://packages-dev.wazuh.com/staging/apt unstable InRelease [17.3 kB] Get:6 https://packages-dev.wazuh.com/staging/apt unstable/main amd64 Packages [4,775 B] Fetched 22.0 kB in 2s (12.2 kB/s) Reading package lists... 01/02/2024 13:40:05 INFO: Wazuh development repository added. 01/02/2024 13:40:05 DEBUG: Extracting Wazuh configuration. 01/02/2024 13:40:05 DEBUG: Reading configuration file. 01/02/2024 13:40:05 DEBUG: Checking if 127.0.0.1 is private. 01/02/2024 13:40:05 DEBUG: Checking if 127.0.0.1 is private. 01/02/2024 13:40:05 DEBUG: Checking if 127.0.0.1 is private. 01/02/2024 13:40:06 DEBUG: Checking node names in the configuration file. 01/02/2024 13:40:06 INFO: --- Wazuh indexer --- 01/02/2024 13:40:06 INFO: Starting Wazuh indexer installation. Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: wazuh-indexer 0 upgraded, 1 newly installed, 0 to remove and 174 not upgraded. Need to get 0 B/759 MB of archives. After this operation, 1,050 MB of additional disk space will be used. Selecting previously unselected packag NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.15.0-69-generic NEEDRESTART-KEXP: 5.15.0-69-generic NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: filebeat.service 01/02/2024 13:41:02 DEBUG: Checking Wazuh installation. 01/02/2024 13:41:02 DEBUG: There are Wazuh indexer remaining files. 01/02/2024 13:41:03 INFO: Wazuh indexer installation finished. 01/02/2024 13:41:03 DEBUG: Configuring Wazuh indexer. 01/02/2024 13:41:03 DEBUG: Copying Wazuh indexer certificates. 01/02/2024 13:41:03 INFO: Wazuh indexer post-install configuration finished. 01/02/2024 13:41:03 INFO: Starting service wazuh-indexer. Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service → /lib/systemd/system/wazuh-indexer.service. 01/02/2024 13:41:24 INFO: wazuh-indexer service started. 01/02/2024 13:41:24 INFO: Initializing Wazuh indexer cluster security settings. 01/02/2024 13:41:25 DEBUG: Setting Wazuh indexer cluster passwords. 01/02/2024 13:41:25 DEBUG: Checking Wazuh installation. 01/02/2024 13:41:26 DEBUG: There are Wazuh indexer remaining files. 01/02/2024 13:41:27 INFO: Wazuh indexer cluster initialized. 01/02/2024 13:41:27 DEBUG: Restoring Wazuh repository. 01/02/2024 13:41:27 INFO: Installation finished. ```
Wazuh indexer cluster initialization ```console root@ubuntu22:/home/vagrant# bash wazuh-install.sh -s /usr/bin/sudo 01/02/2024 13:57:31 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0 01/02/2024 13:57:31 INFO: Verbose logging redirected to /var/log/wazuh-install.log 01/02/2024 13:57:42 INFO: Verifying that your system meets the recommended minimum hardware requirements. 01/02/2024 13:57:50 INFO: Wazuh indexer cluster security configuration initialized. 01/02/2024 13:57:51 INFO: The Wazuh indexer cluster ISM initialized. 01/02/2024 13:57:53 INFO: Updating the internal users. 01/02/2024 13:57:56 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder. 01/02/2024 13:58:09 INFO: Wazuh indexer cluster started. ```
Wazuh server installation ```console root@ubuntu22:/home/vagrant# bash wazuh-install.sh -ws wazuh-server -i -v 01/02/2024 13:58:29 DEBUG: Checking root permissions. 01/02/2024 13:58:29 DEBUG: Checking sudo package. /usr/bin/sudo 01/02/2024 13:58:29 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0 01/02/2024 13:58:29 INFO: Verbose logging redirected to /var/log/wazuh-install.log 01/02/2024 13:58:29 DEBUG: APT package manager will be used. 01/02/2024 13:58:29 DEBUG: Checking system distribution. 01/02/2024 13:58:29 DEBUG: Detected distribution name: ubuntu 01/02/2024 13:58:29 DEBUG: Detected distribution version: 22 01/02/2024 13:58:29 DEBUG: Checking Wazuh installation. 01/02/2024 13:58:31 DEBUG: There are Wazuh indexer remaining files. 01/02/2024 13:58:32 DEBUG: Installing check dependencies. Hit:1 https://mirrors.edge.kernel.org/ubuntu jammy InRelease Hit:2 https://mirrors.edge.kernel.org/ubuntu jammy-updates InRelease Hit:3 https://mirrors.edge.kernel.org/ubuntu jammy-backports InRelease Hit:4 https://mirrors.edge.kernel.org/ubuntu jammy-security InRelease Ign:5 https://packages.wazuh.com/staging/apt stable InRelease Err:6 https://packages.wazuh.com/staging/apt stable Release 404 Not Found [IP: 18.154.48.50 443] Reading package lists... E: The repository 'https://packages.wazuh.com/staging/apt stable Release' does not have a Release file. 01/02/2024 13:58:39 DEBUG: Checking previous certificate existence. 01/02/2024 13:58:39 DEBUG: Checking system architecture. 01/02/2024 13:58:39 WARNING: Hardware and system checks ignored. 01/02/2024 13:58:39 DEBUG: Checking ports availability. 01/02/2024 13:58:40 DEBUG: Installing prerequisites dependencies. Ign:1 https://packages.wazuh.com/staging/apt stable InRelease Err:2 https://packages.wazuh.com/staging/apt stable Release 404 Not Found [IP: 18.154.48.93 443] Hit:3 https://mirrors.edge.kernel.org/ubuntu jammy InRelease Hit:4 https://mirrors.edge.kernel.org/ubuntu jammy-updates InRelease Hit:5 https://mirrors.edge.kernel.org/ubuntu jammy-backports InRelease Hit:6 https://mirrors.edge.kernel.org/ubuntu jammy-security InRelease Reading package lists... E: The repository 'https://packages.wazuh.com/staging/apt stable Release' does not have a Release file. 01/02/2024 13:58:46 DEBUG: Checking curl tool version. 01/02/2024 13:58:46 DEBUG: Adding the Wazuh repository. gpg: key 96B3EE5F29111145: "Wazuh.com (Wazuh Signing Key) " not changed gpg: Total number processed: 1 gpg: unchanged: 1 deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages-dev.wazuh.com/staging/apt/ unstable main Hit:1 https://mirrors.edge.kernel.org/ubuntu jammy InRelease Hit:2 https://mirrors.edge.kernel.org/ubuntu jammy-updates InRelease Hit:3 https://mirrors.edge.kernel.org/ubuntu jammy-backports InRelease Hit:4 https://mirrors.edge.kernel.org/ubuntu jammy-security InRelease Hit:5 https://packages-dev.wazuh.com/staging/apt unstable InRelease Reading package lists... 01/02/2024 13:58:50 INFO: Wazuh development repository added. 01/02/2024 13:58:50 DEBUG: Extracting Wazuh configuration. 01/02/2024 13:58:50 DEBUG: Reading configuration file. 01/02/2024 13:58:51 DEBUG: Checking if 127.0.0.1 is private. 01/02/2024 13:58:51 DEBUG: Checking if 127.0.0.1 is private. 01/02/2024 13:58:51 DEBUG: Checking if 127.0.0.1 is private. 01/02/2024 13:58:51 DEBUG: Checking node names in the configuration file. 01/02/2024 13:58:51 INFO: --- Wazuh server --- 01/02/2024 13:58:51 INFO: Starting the Wazuh manager installation. Reading package lists... Building dependency tree... Reading state information... Suggested packages: expect The following NEW packages will be installed: wazuh-manager 0 upgraded, 1 newly installed, 0 to remove and 175 not upgraded. Need to get 0 B/288 MB of archives. After this operation, 888 MB of additional disk space will be used. Selecting pre NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.15.0-69-generic NEEDRESTART-KEXP: 5.15.0-69-generic NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: filebeat.service 01/02/2024 14:00:42 DEBUG: Checking Wazuh installation. 01/02/2024 14:00:43 DEBUG: There are Wazuh remaining files. 01/02/2024 14:00:43 DEBUG: There are Wazuh indexer remaining files. 01/02/2024 14:00:44 INFO: Wazuh manager installation finished. 01/02/2024 14:00:44 DEBUG: Configuring Wazuh manager. 01/02/2024 14:00:44 DEBUG: Setting provisional Wazuh indexer password 01/02/2024 14:00:44 INFO: Wazuh manager vulnerability detection configuration finished. 01/02/2024 14:00:44 INFO: Starting service wazuh-manager. Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-manager.service → /lib/systemd/system/wazuh-manager.service. 01/02/2024 14:01:08 INFO: wazuh-manager service started. 01/02/2024 14:01:09 INFO: Starting Filebeat installation. Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: filebeat 0 upgraded, 1 newly installed, 0 to remove and 176 not upgraded. Need to get 0 B/22.1 MB of archives. After this operation, 73.6 MB of additional disk space will be used. Selecting previously unselected package fil NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.15.0-69-generic NEEDRESTART-KEXP: 5.15.0-69-generic NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: filebeat.service 01/02/2024 14:01:14 DEBUG: Checking Wazuh installation. 01/02/2024 14:01:15 DEBUG: There are Wazuh remaining files. 01/02/2024 14:01:16 DEBUG: There are Wazuh indexer remaining files. 01/02/2024 14:01:16 DEBUG: There are Filebeat remaining files. 01/02/2024 14:01:17 INFO: Filebeat installation finished. 01/02/2024 14:01:17 DEBUG: Configuring Filebeat. 01/02/2024 14:01:17 DEBUG: Filebeat template was download successfully. wazuh/ wazuh/archives/ wazuh/archives/ingest/ wazuh/archives/ingest/pipeline.json wazuh/archives/config/ wazuh/archives/config/archives.yml wazuh/archives/manifest.yml wazuh/_meta/ wazuh/_meta/config.yml wazuh/_meta/docs.asciidoc wazuh/_meta/fields.yml wazuh/alerts/ wazuh/alerts/ingest/ wazuh/alerts/ingest/pipeline.json wazuh/alerts/config/ wazuh/alerts/config/alerts.yml wazuh/alerts/manifest.yml wazuh/module.yml 01/02/2024 14:01:18 DEBUG: Filebeat module was downloaded successfully. 01/02/2024 14:01:18 DEBUG: Copying Filebeat certificates. Created filebeat keystore Successfully updated the keystore Successfully updated the keystore 01/02/2024 14:01:19 INFO: Filebeat post-install configuration finished. 01/02/2024 14:01:19 DEBUG: Setting Wazuh indexer cluster passwords. 01/02/2024 14:01:19 DEBUG: Checking Wazuh installation. 01/02/2024 14:01:19 DEBUG: There are Wazuh remaining files. 01/02/2024 14:01:20 DEBUG: There are Wazuh indexer remaining files. 01/02/2024 14:01:20 DEBUG: There are Filebeat remaining files. Successfully updated the keystore 01/02/2024 14:01:24 DEBUG: Restarting filebeat service... 01/02/2024 14:01:25 DEBUG: filebeat started. 01/02/2024 14:01:25 DEBUG: EXECUTING KEYSTORE + eval '/var/ossec/bin/wazuh-keystore -f indexer -k password -v DYob?sgzOlx+2HFZt8HzgcWT456cn0Tg' ++ /var/ossec/bin/wazuh-keystore -f indexer -k password -v 'DYob?sgzOlx+2HFZt8HzgcWT456cn0Tg' + set +x 01/02/2024 14:01:25 DEBUG: Restarting wazuh-manager service... 01/02/2024 14:01:47 DEBUG: wazuh-manager started. 01/02/2024 14:01:47 DEBUG: Changing API passwords. 01/02/2024 14:01:51 INFO: Starting service filebeat. Synchronizing state of filebeat.service with SysV service script with /lib/systemd/systemd-sysv-install. Executing: /lib/systemd/systemd-sysv-install enable filebeat Created symlink /etc/systemd/system/multi-user.target.wants/filebeat.service → /lib/systemd/system/filebeat.service. 01/02/2024 14:01:53 INFO: filebeat service started. 01/02/2024 14:01:53 DEBUG: Restoring Wazuh repository. 01/02/2024 14:01:53 INFO: Installation finished. root@ubuntu22:/home/vagrant# cat /var/ossec/logs/ossec.log | grep ERROR root@ubuntu22:/home/vagrant# ```
Wazuh dashboard installation ```console root@ubuntu22:/home/vagrant# bash wazuh-install.sh -wd wazuh-dashboard -i -v 01/02/2024 14:02:11 DEBUG: Checking root permissions. 01/02/2024 14:02:11 DEBUG: Checking sudo package. /usr/bin/sudo 01/02/2024 14:02:11 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0 01/02/2024 14:02:11 INFO: Verbose logging redirected to /var/log/wazuh-install.log 01/02/2024 14:02:11 DEBUG: APT package manager will be used. 01/02/2024 14:02:11 DEBUG: Checking system distribution. 01/02/2024 14:02:11 DEBUG: Detected distribution name: ubuntu 01/02/2024 14:02:11 DEBUG: Detected distribution version: 22 01/02/2024 14:02:11 DEBUG: Checking Wazuh installation. 01/02/2024 14:02:14 DEBUG: There are Wazuh remaining files. 01/02/2024 14:02:15 DEBUG: There are Wazuh indexer remaining files. 01/02/2024 14:02:15 DEBUG: There are Filebeat remaining files. 01/02/2024 14:02:16 DEBUG: Installing check dependencies. Ign:1 https://packages.wazuh.com/staging/apt stable InRelease Err:2 https://packages.wazuh.com/staging/apt stable Release 404 Not Found [IP: 18.154.48.117 443] Hit:3 https://mirrors.edge.kernel.org/ubuntu jammy InRelease Get:4 https://mirrors.edge.kernel.org/ubuntu jammy-updates InRelease [119 kB] Hit:5 https://mirrors.edge.kernel.org/ubuntu jammy-backports InRelease Get:6 https://mirrors.edge.kernel.org/ubuntu jammy-security InRelease [110 kB] Reading package lists... E: The repository 'https://packages.wazuh.com/staging/apt stable Release' does not have a Release file. 01/02/2024 14:02:31 DEBUG: Checking previous certificate existence. 01/02/2024 14:02:31 DEBUG: Checking system architecture. 01/02/2024 14:02:31 WARNING: Hardware and system checks ignored. 01/02/2024 14:02:31 INFO: Wazuh web interface port will be 443. 01/02/2024 14:02:31 DEBUG: Checking ports availability. 01/02/2024 14:02:32 DEBUG: Installing prerequisites dependencies. Hit:1 https://mirrors.edge.kernel.org/ubuntu jammy InRelease Hit:2 https://mirrors.edge.kernel.org/ubuntu jammy-updates InRelease Hit:3 https://mirrors.edge.kernel.org/ubuntu jammy-backports InRelease Hit:4 https://mirrors.edge.kernel.org/ubuntu jammy-security InRelease Ign:5 https://packages.wazuh.com/staging/apt stable InRelease Err:6 https://packages.wazuh.com/staging/apt stable Release 404 Not Found [IP: 18.154.48.95 443] Reading package lists... E: The repository 'https://packages.wazuh.com/staging/apt stable Release' does not have a Release file. 01/02/2024 14:02:37 DEBUG: Checking curl tool version. 01/02/2024 14:02:37 DEBUG: Adding the Wazuh repository. gpg: key 96B3EE5F29111145: "Wazuh.com (Wazuh Signing Key) " not changed gpg: Total number processed: 1 gpg: unchanged: 1 deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages-dev.wazuh.com/staging/apt/ unstable main Hit:1 https://mirrors.edge.kernel.org/ubuntu jammy InRelease Hit:2 https://mirrors.edge.kernel.org/ubuntu jammy-updates InRelease Hit:3 https://mirrors.edge.kernel.org/ubuntu jammy-backports InRelease Hit:4 https://mirrors.edge.kernel.org/ubuntu jammy-security InRelease Hit:5 https://packages-dev.wazuh.com/staging/apt unstable InRelease Reading package lists... 01/02/2024 14:02:41 INFO: Wazuh development repository added. 01/02/2024 14:02:41 DEBUG: Extracting Wazuh configuration. 01/02/2024 14:02:41 DEBUG: Reading configuration file. 01/02/2024 14:02:41 DEBUG: Checking if 127.0.0.1 is private. 01/02/2024 14:02:41 DEBUG: Checking if 127.0.0.1 is private. 01/02/2024 14:02:41 DEBUG: Checking if 127.0.0.1 is private. 01/02/2024 14:02:41 DEBUG: Checking node names in the configuration file. 01/02/2024 14:02:41 INFO: --- Wazuh dashboard ---- 01/02/2024 14:02:41 INFO: Starting Wazuh dashboard installation. Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: wazuh-dashboard 0 upgraded, 1 newly installed, 0 to remove and 176 not upgraded. Need to get 0 B/186 MB of archives. After this operation, 987 MB of additional disk space will be used. Selecting previously unselected packag NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.15.0-69-generic NEEDRESTART-KEXP: 5.15.0-69-generic NEEDRESTART-KSTA: 1 01/02/2024 14:03:38 DEBUG: Checking Wazuh installation. 01/02/2024 14:03:38 DEBUG: There are Wazuh remaining files. 01/02/2024 14:03:38 DEBUG: There are Wazuh indexer remaining files. 01/02/2024 14:03:39 DEBUG: There are Filebeat remaining files. 01/02/2024 14:03:39 DEBUG: There are Wazuh dashboard remaining files. 01/02/2024 14:03:39 INFO: Wazuh dashboard installation finished. 01/02/2024 14:03:39 DEBUG: Configuring Wazuh dashboard. 01/02/2024 14:03:39 DEBUG: Copying Wazuh dashboard certificates. 01/02/2024 14:03:39 DEBUG: Wazuh dashboard certificate setup finished. 01/02/2024 14:03:39 INFO: Wazuh dashboard post-install configuration finished. 01/02/2024 14:03:39 INFO: Starting service wazuh-dashboard. Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service → /etc/systemd/system/wazuh-dashboard.service. 01/02/2024 14:03:40 INFO: wazuh-dashboard service started. 01/02/2024 14:03:40 DEBUG: Setting Wazuh indexer cluster passwords. 01/02/2024 14:03:40 DEBUG: Checking Wazuh installation. 01/02/2024 14:03:41 DEBUG: There are Wazuh remaining files. 01/02/2024 14:03:41 DEBUG: There are Wazuh indexer remaining files. 01/02/2024 14:03:42 DEBUG: There are Filebeat remaining files. 01/02/2024 14:03:43 DEBUG: There are Wazuh dashboard remaining files. Successfully updated the keystore 01/02/2024 14:03:43 DEBUG: Restarting filebeat service... 01/02/2024 14:03:44 DEBUG: filebeat started. 01/02/2024 14:03:44 DEBUG: EXECUTING KEYSTORE + eval '/var/ossec/bin/wazuh-keystore -f indexer -k password -v DYob?sgzOlx+2HFZt8HzgcWT456cn0Tg' ++ /var/ossec/bin/wazuh-keystore -f indexer -k password -v 'DYob?sgzOlx+2HFZt8HzgcWT456cn0Tg' + set +x 01/02/2024 14:03:44 DEBUG: Restarting wazuh-manager service... 01/02/2024 14:04:06 DEBUG: wazuh-manager started. 01/02/2024 14:04:08 DEBUG: Restarting wazuh-dashboard service... 01/02/2024 14:04:09 DEBUG: wazuh-dashboard started. 01/02/2024 14:04:09 DEBUG: Changing API passwords. 01/02/2024 14:04:24 INFO: Initializing Wazuh dashboard web application. 01/02/2024 14:04:25 DEBUG: Wazuh dashboard connection was successful. 01/02/2024 14:04:25 INFO: Wazuh dashboard web application initialized. 01/02/2024 14:04:25 INFO: --- Summary --- 01/02/2024 14:04:25 INFO: You can access the web interface https://:443 User: admin Password: DYob?sgzOlx+2HFZt8HzgcWT456cn0Tg 01/02/2024 14:04:25 DEBUG: Restoring Wazuh repository. 01/02/2024 14:04:25 INFO: Installation finished. ```