Description

Wazuh version	Install type	Action performed	Platform
5.0.0	All components	Install	Any

Context

Currently, the Wazuh installation assistant installs two types of dependencies:

Dependencies used by the Installation assistant itself, which are removed after the installation.
Dependencies used by the Wazuh central components, which can not be removed because it would break the Wazuh installation.

Feature request

It is necessary to implement a new logic that avoids installing dependencies without permission. This new logic is divided in:

Asking the user if the dependencies can be installed, with a prompt like [Y/n], making the script interactive
Adding a new option to the script that assumes yes to the dependency installation question, like --asume-yes, -y, --install-dependencies, etc

Steps before development

[x] Decide if the Installation assistant dependencies should be asked. Yes, but not the Wazuh dependencies.
[x] Decide the name of the new parameter. --install-dependencies
[x] Decide if the script should ask for every dependency or perform a scan and ask for a dependency list. List

Steps after development

[x] Validate interactive behavior
[x] Validate non-interactive behavior
[ ] Research the impact of this in OVA, AMI, and Jenkins pipeline tests and open issues if necessary.
- AMI and OVA will be migrated in 5.0.0 to: https://github.com/wazuh/wazuh-virtual-machines
- https://github.com/wazuh/wazuh-jenkins/pull/6601
- https://github.com/wazuh/wazuh-packages/pull/3003
- Jenkins pipelines Test_unattended_tier, Test_unattended, Test_unattended_distributed and Test_unattended_distributed_cases will be deprecated: https://github.com/wazuh/wazuh-jenkins/pull/6602
- These changes impact to DTT1, in the testing and provision modules. https://github.com/wazuh/wazuh-qa/issues/5497
- Wazuh documentation.

Update Report

Approach

After talking this issue with the team, we decided not to make the script interactive. The proposed approach is to inform the user about the dependencies that need to be installed and stop the execution of the script (if the --install-dependencies parameter is not specified).

With this, we avoid making the script interactive (that can be bothersome to the user), but the Installation assistant will require a confirmation to install the dependencies by specifying the new parameter).

Update Report

New approach

As the dependencies installation is done, the previous approach had conflicts with the openssl and lsof packages, which are treated as "special dependencies" and are installed separately. These dependencies would make not inform the user about the rest of the dependencies that are going to be installed.

After talking with @c-bordon, we reached the conclusion to rework the way the Installation assistant installs the dependencies and solve this problem as effectively as possible.

The approach is:

Scan dependencies
Inform about all the dependencies that are going to be installed, and also the ones which are going to be removed. At this point, the Assistant exists if the new parameter is specified.
If the parameter is specified, install the Assistant dependencies
Install the rest of the dependencies, depending on the chosen installation type.
Remove the Assistant dependencies when finishing the installation.

Update Report

Currently working on the dependencies installation workflow.

The function that scans the dependencies is finished.
The function that installs dependency lists is now unified. installCommon_aptInstallList and installCommon_yumInstallList is unified in installCommon_installList
The CentOS repositories import and removal is improved.

It is necessary to develop a function that installs the scanned dependencies, depending on which are going to be installed: assistant or wazuh dependencies.

Update Report

Validating behavior with new parameter

The following tests aim to check if the new parameter is working correctly. It is checked that the needed dependencies are correctly informed, with a proper format, and that the script exits.

Using the script without the new option, needing Wazuh and Assistant dependencies

root@ubuntu22:/home/vagrant# bash wazuh-install.sh -a -i -v
03/06/2024 16:27:03 DEBUG: Checking root permissions.
03/06/2024 16:27:03 DEBUG: Checking sudo package.
03/06/2024 16:27:03 INFO: Starting Wazuh Using the script assistant. Wazuh version: 5.0.0
03/06/2024 16:27:03 INFO: Verbose logging redirected to /var/log/wazuh-install.log
03/06/2024 16:27:03 DEBUG: APT package manager will be used.
03/06/2024 16:27:03 DEBUG: Checking system distribution.
03/06/2024 16:27:03 DEBUG: Detected distribution name: ubuntu
03/06/2024 16:27:03 DEBUG: Detected distribution version: 22
03/06/2024 16:27:03 DEBUG: Checking Wazuh Using the script.
03/06/2024 16:27:04 DEBUG: Checking system architecture.
03/06/2024 16:27:06 WARNING: To perform the installation, the following package/s must be installed: apt-transport-https, debhelper, lsof, openssl, software-properties-common. The following package/s will be removed after the Using the script: lsof, openssl. Add the -id|--install-dependencies parameter to install them automatically or install them manually.

Using the script without the new option, needing Assistant dependencies

root@ubuntu22:/home/vagrant# bash wazuh-install.sh -g -i -v
03/06/2024 16:27:35 DEBUG: Checking root permissions.
03/06/2024 16:27:35 DEBUG: Checking sudo package.
03/06/2024 16:27:35 INFO: Starting Wazuh Using the script assistant. Wazuh version: 5.0.0
03/06/2024 16:27:35 INFO: Verbose logging redirected to /var/log/wazuh-install.log
03/06/2024 16:27:35 DEBUG: APT package manager will be used.
03/06/2024 16:27:35 DEBUG: Checking system distribution.
03/06/2024 16:27:36 DEBUG: Detected distribution name: ubuntu
03/06/2024 16:27:36 DEBUG: Detected distribution version: 22
03/06/2024 16:27:36 DEBUG: Checking Wazuh Using the script.
03/06/2024 16:27:36 DEBUG: Checking system architecture.
03/06/2024 16:27:37 WARNING: To perform the installation, the following package/s must be installed: openssl. The following package/s will be removed after the Using the script: openssl. Add the -id|--install-dependencies parameter to install them automatically or install them manually.
root@ubuntu22:/home/vagrant#

Using the script without the new option, needing Wazuh dependencies

root@ubuntu22:/home/vagrant# bash wazuh-install.sh -a -i -v
03/06/2024 16:32:28 DEBUG: Checking root permissions.
03/06/2024 16:32:28 DEBUG: Checking sudo package.
03/06/2024 16:32:28 INFO: Starting Wazuh Using the script assistant. Wazuh version: 5.0.0
03/06/2024 16:32:28 INFO: Verbose logging redirected to /var/log/wazuh-install.log
03/06/2024 16:32:28 DEBUG: APT package manager will be used.
03/06/2024 16:32:28 DEBUG: Checking system distribution.
03/06/2024 16:32:28 DEBUG: Detected distribution name: ubuntu
03/06/2024 16:32:28 DEBUG: Detected distribution version: 22
03/06/2024 16:32:28 DEBUG: Checking Wazuh Using the script.
03/06/2024 16:32:30 DEBUG: Checking system architecture.
03/06/2024 16:32:36 WARNING: To perform the installation, the following package/s must be installed: apt-transport-https, debhelper, software-properties-common. Add the -id|--install-dependencies parameter to install them automatically or install them manually.

Using the script without the new option, no dependencies needed

root@ubuntu22:/home/vagrant# bash wazuh-install.sh -g -i -v
03/06/2024 16:33:19 DEBUG: Checking root permissions.
03/06/2024 16:33:19 DEBUG: Checking sudo package.
03/06/2024 16:33:19 INFO: Starting Wazuh Using the script assistant. Wazuh version: 5.0.0
03/06/2024 16:33:19 INFO: Verbose logging redirected to /var/log/wazuh-install.log
03/06/2024 16:33:19 DEBUG: APT package manager will be used.
03/06/2024 16:33:19 DEBUG: Checking system distribution.
03/06/2024 16:33:19 DEBUG: Detected distribution name: ubuntu
03/06/2024 16:33:19 DEBUG: Detected distribution version: 22
03/06/2024 16:33:19 DEBUG: Checking Wazuh Using the script.
03/06/2024 16:33:21 DEBUG: Checking system architecture.
03/06/2024 16:33:24 WARNING: Hardware and system checks ignored.
03/06/2024 16:33:24 INFO: --- Configuration files ---
03/06/2024 16:33:24 INFO: Generating configuration files.
03/06/2024 16:33:24 DEBUG: Checking if OpenSSL is installed.
03/06/2024 16:33:24 DEBUG: Creating Wazuh certificates.
03/06/2024 16:33:24 DEBUG: Reading configuration file.
03/06/2024 16:33:24 DEBUG: Checking if 127.0.0.1 is private.
03/06/2024 16:33:24 DEBUG: Checking if 127.0.0.1 is private.
03/06/2024 16:33:24 DEBUG: Checking if 127.0.0.1 is private.
03/06/2024 16:33:24 INFO: Generating the root certificate.
03/06/2024 16:33:24 INFO: Generating Admin certificates.
03/06/2024 16:33:24 DEBUG: Generating Admin private key.
03/06/2024 16:33:25 DEBUG: Converting Admin private key to PKCS8 format.
03/06/2024 16:33:25 DEBUG: Generating Admin CSR.
03/06/2024 16:33:25 DEBUG: Creating Admin certificate.
03/06/2024 16:33:25 INFO: Generating Wazuh indexer certificates.
03/06/2024 16:33:25 DEBUG: Creating the certificates for wazuh-indexer indexer node.
03/06/2024 16:33:25 DEBUG: Generating certificate configuration.
03/06/2024 16:33:25 DEBUG: Creating the Wazuh indexer tmp key pair.
03/06/2024 16:33:25 DEBUG: Creating the Wazuh indexer certificates.
03/06/2024 16:33:25 INFO: Generating Filebeat certificates.
03/06/2024 16:33:25 DEBUG: Generating the certificates for wazuh-server server node.
03/06/2024 16:33:25 DEBUG: Generating certificate configuration.
03/06/2024 16:33:25 DEBUG: Creating the Wazuh server tmp key pair.
03/06/2024 16:33:25 DEBUG: Creating the Wazuh server certificates.
03/06/2024 16:33:25 INFO: Generating Wazuh dashboard certificates.
03/06/2024 16:33:25 DEBUG: Generating certificate configuration.
03/06/2024 16:33:25 DEBUG: Creating the Wazuh dashboard tmp key pair.
03/06/2024 16:33:26 DEBUG: Creating the Wazuh dashboard certificates.
03/06/2024 16:33:26 DEBUG: Cleaning certificate files.
03/06/2024 16:33:26 DEBUG: Generating password file.
03/06/2024 16:33:26 DEBUG: Generating random passwords.
03/06/2024 16:33:26 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for Using the script.
root@ubuntu22:/home/vagrant#

Checking port usage is working

The installation is interrupted because a port is being used.

root@ip-172-31-71-48:/home/ubuntu# lsof -sTCP:LISTEN -i:443
COMMAND    PID USER   FD   TYPE  DEVICE SIZE/OFF NODE NAME
python3 184635 root    3u  IPv4 2075684      0t0  TCP *:https (LISTEN)
root@ip-172-31-71-48:/home/ubuntu# bash wazuh-install.sh -a -i -v -id
05/06/2024 10:18:11 DEBUG: Checking root permissions.
05/06/2024 10:18:11 DEBUG: Checking sudo package.
05/06/2024 10:18:11 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0
05/06/2024 10:18:11 INFO: Verbose logging redirected to /var/log/wazuh-install.log
05/06/2024 10:18:11 DEBUG: APT package manager will be used.
05/06/2024 10:18:11 DEBUG: Checking system distribution.
05/06/2024 10:18:11 DEBUG: Detected distribution name: ubuntu
05/06/2024 10:18:11 DEBUG: Detected distribution version: 22
05/06/2024 10:18:11 DEBUG: Checking Wazuh installation.
05/06/2024 10:18:13 DEBUG: Checking system architecture.
05/06/2024 10:18:21 WARNING: Hardware and system checks ignored.
05/06/2024 10:18:21 INFO: Wazuh web interface port will be 443.
05/06/2024 10:18:22 DEBUG: Checking ports availability.
05/06/2024 10:18:23 ERROR: Port 443 is being used by another process. Please, check it before installing Wazuh.
05/06/2024 10:18:23 INFO: The installation can not continue due to port usage by other processes.
05/06/2024 10:18:23 INFO: --- Removing existing Wazuh installation ---
05/06/2024 10:18:23 DEBUG: Removing GPG key from system.
05/06/2024 10:18:23 INFO: Wazuh GPG key not found in the system
05/06/2024 10:18:23 INFO: Installation cleaned. Check the /var/log/wazuh-install.log file to learn more about the issue.
root@ip-172-31-71-48:/home/ubuntu#

Update Report

Wazuh indexer

Generting certificates - APT

Here I fixed a bug that the `openssl` dependency could not be installed because the APT source list were not updated. Adding a `apt-get update -q` command to the install depdencies function solved the problem. ```console root@ip-172-31-90-42:/home/ubuntu# bash wazuh-install.sh -g -i -v 04/06/2024 13:59:20 DEBUG: Checking root permissions. 04/06/2024 13:59:20 DEBUG: Checking sudo package. 04/06/2024 13:59:20 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0 04/06/2024 13:59:20 INFO: Verbose logging redirected to /var/log/wazuh-install.log 04/06/2024 13:59:20 DEBUG: APT package manager will be used. 04/06/2024 13:59:20 DEBUG: Checking system distribution. 04/06/2024 13:59:20 DEBUG: Detected distribution name: ubuntu 04/06/2024 13:59:20 DEBUG: Detected distribution version: 22 04/06/2024 13:59:20 DEBUG: Checking Wazuh installation. 04/06/2024 13:59:20 DEBUG: Checking system architecture. 04/06/2024 13:59:22 WARNING: To perform the installation, the following package/s must be installed: openssl. The following package/s will be removed after the installation: openssl. Add the -id|--install-dependencies parameter to install them automatically or install them manually. root@ip-172-31-90-42:/home/ubuntu# bash wazuh-install.sh -g -i -v -id 04/06/2024 14:08:40 DEBUG: Checking root permissions. 04/06/2024 14:08:40 DEBUG: Checking sudo package. 04/06/2024 14:08:40 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0 04/06/2024 14:08:40 INFO: Verbose logging redirected to /var/log/wazuh-install.log 04/06/2024 14:08:41 DEBUG: APT package manager will be used. 04/06/2024 14:08:41 DEBUG: Checking system distribution. 04/06/2024 14:08:41 DEBUG: Detected distribution name: ubuntu 04/06/2024 14:08:41 DEBUG: Detected distribution version: 22 04/06/2024 14:08:41 DEBUG: Checking Wazuh installation. 04/06/2024 14:08:41 DEBUG: Checking system architecture. Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease Get:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease [128 kB] Get:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease [127 kB] Get:4 http://security.ubuntu.com/ubuntu jammy-security InRelease [129 kB] Get:5 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/universe amd64 Packages [14.1 MB] Get:6 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/universe Translation-en [5652 kB] Get:7 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/universe amd64 c-n-f Metadata [286 kB] Get:8 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/multiverse amd64 Packages [217 kB] Get:9 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/multiverse Translation-en [112 kB] Get:10 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/multiverse amd64 c-n-f Metadata [8372 B] Get:11 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 Packages [1686 kB] Get:12 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main Translation-en [313 kB] Get:13 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 c-n-f Metadata [16.1 kB] Get:14 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/restricted amd64 Packages [1933 kB] Get:15 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/restricted Translation-en [328 kB] Get:16 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/restricted amd64 c-n-f Metadata [520 B] Get:17 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/universe amd64 Packages [1076 kB] Get:18 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/universe Translation-en [247 kB] Get:19 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/universe amd64 c-n-f Metadata [22.1 kB] Get:20 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/multiverse amd64 Packages [42.7 kB] Get:21 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/multiverse Translation-en [10.4 kB] Get:22 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/multiverse amd64 c-n-f Metadata [472 B] Get:23 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports/main amd64 Packages [67.1 kB] Get:24 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports/main Translation-en [11.0 kB] Get:25 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports/main amd64 c-n-f Metadata [388 B] Get:26 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports/restricted amd64 c-n-f Metadata [116 B] Get:27 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports/universe amd64 Packages [27.2 kB] Get:28 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports/universe Translation-en [16.2 kB] Get:29 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports/universe amd64 c-n-f Metadata [644 B] Get:30 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports/multiverse amd64 c-n-f Metadata [116 B] Get:31 http://security.ubuntu.com/ubuntu jammy-security/main amd64 Packages [1475 kB] Get:32 http://security.ubuntu.com/ubuntu jammy-security/main Translation-en [254 kB] Get:33 http://security.ubuntu.com/ubuntu jammy-security/main amd64 c-n-f Metadata [11.4 kB] Get:34 http://security.ubuntu.com/ubuntu jammy-security/restricted amd64 Packages [1876 kB] Get:35 http://security.ubuntu.com/ubuntu jammy-security/restricted Translation-en [318 kB] Get:36 http://security.ubuntu.com/ubuntu jammy-security/restricted amd64 c-n-f Metadata [520 B] Get:37 http://security.ubuntu.com/ubuntu jammy-security/universe amd64 Packages [854 kB] Get:38 http://security.ubuntu.com/ubuntu jammy-security/universe Translation-en [165 kB] Get:39 http://security.ubuntu.com/ubuntu jammy-security/universe amd64 c-n-f Metadata [16.8 kB] Get:40 http://security.ubuntu.com/ubuntu jammy-security/multiverse amd64 Packages [37.2 kB] Get:41 http://security.ubuntu.com/ubuntu jammy-security/multiverse Translation-en [7588 B] Get:42 http://security.ubuntu.com/ubuntu jammy-security/multiverse amd64 c-n-f Metadata [260 B] Fetched 31.6 MB in 8s (3859 kB/s) Reading package lists... 04/06/2024 14:08:57 INFO: --- Dependencies ---- 04/06/2024 14:08:57 INFO: Installing openssl. Reading package lists... Building dependency tree... Reading state information... The following packages were automatically installed and are no longer required: apport-symptoms bc gir1.2-packagekitglib-1.0 libappstream4 libdw1 libglib2.0-bin libgstreamer1.0-0 libpackagekit-glib2-18 libstemmer0d packagekit packagekit-tools python3-automat python3-bcrypt python3-blinker python3-chardet python3-click python3-colorama python3-configobj python3-constantly python3-debconf python3-debian python3-distupgrade python3-hamcrest python3-hyperlink python3-incremental python3-jeepney python3-jwt python3-keyring python3-lazr.uri python3-oauthlib python3-problem-report python3-pyasn1 python3-pyasn1-modules python3-pyparsing python3-secretstorage python3-service-identity python3-systemd python3-twisted python3-update-manager python3-wadllib python3-zope.interface squashfs-tools Use 'sudo apt autoremove' to remove them. Suggested packages: ca-certificates The following NEW packages will be installed: openssl 0 upgraded, 1 newly installed, 0 to remove and 187 not upgraded. Need to get 1186 kB of archives. After this operation, 2102 kB of additional disk space will be used. Get:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 openssl amd64 3.0.2-0ubuntu1.15 [11 NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.19.0-1025-aws NEEDRESTART-KEXP: 5.19.0-1025-aws NEEDRESTART-KSTA: 1 04/06/2024 14:09:04 WARNING: Hardware and system checks ignored. 04/06/2024 14:09:04 INFO: --- Configuration files --- 04/06/2024 14:09:04 INFO: Generating configuration files. 04/06/2024 14:09:04 DEBUG: Checking if OpenSSL is installed. 04/06/2024 14:09:04 DEBUG: Creating Wazuh certificates. 04/06/2024 14:09:04 DEBUG: Reading configuration file. 04/06/2024 14:09:04 DEBUG: Checking if 127.0.0.1 is private. 04/06/2024 14:09:04 DEBUG: Checking if 127.0.0.1 is private. 04/06/2024 14:09:04 DEBUG: Checking if 127.0.0.1 is private. 04/06/2024 14:09:04 INFO: Generating the root certificate. 04/06/2024 14:09:05 INFO: Generating Admin certificates. 04/06/2024 14:09:05 DEBUG: Generating Admin private key. 04/06/2024 14:09:05 DEBUG: Converting Admin private key to PKCS8 format. 04/06/2024 14:09:05 DEBUG: Generating Admin CSR. 04/06/2024 14:09:05 DEBUG: Creating Admin certificate. 04/06/2024 14:09:05 INFO: Generating Wazuh indexer certificates. 04/06/2024 14:09:05 DEBUG: Creating the certificates for wazuh-indexer indexer node. 04/06/2024 14:09:06 DEBUG: Generating certificate configuration. 04/06/2024 14:09:06 DEBUG: Creating the Wazuh indexer tmp key pair. 04/06/2024 14:09:07 DEBUG: Creating the Wazuh indexer certificates. 04/06/2024 14:09:07 INFO: Generating Filebeat certificates. 04/06/2024 14:09:07 DEBUG: Generating the certificates for wazuh-server server node. 04/06/2024 14:09:07 DEBUG: Generating certificate configuration. 04/06/2024 14:09:07 DEBUG: Creating the Wazuh server tmp key pair. 04/06/2024 14:09:08 DEBUG: Creating the Wazuh server certificates. 04/06/2024 14:09:08 INFO: Generating Wazuh dashboard certificates. 04/06/2024 14:09:08 DEBUG: Generating certificate configuration. 04/06/2024 14:09:08 DEBUG: Creating the Wazuh dashboard tmp key pair. 04/06/2024 14:09:09 DEBUG: Creating the Wazuh dashboard certificates. 04/06/2024 14:09:09 DEBUG: Cleaning certificate files. 04/06/2024 14:09:09 DEBUG: Generating password file. 04/06/2024 14:09:09 DEBUG: Generating random passwords. 04/06/2024 14:09:09 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation. 04/06/2024 14:09:09 INFO: --- Dependencies --- 04/06/2024 14:09:09 INFO: Removing openssl. Reading package lists... Building dependency tree... Reading state information... The following packages were automatically installed and are no longer required: apport-symptoms bc gir1.2-packagekitglib-1.0 libappstream4 libdw1 libglib2.0-bin libgstreamer1.0-0 libpackagekit-glib2-18 libstemmer0d packagekit packagekit-tools python3-automat python3-bcrypt python3-blinker python3-chardet python3-click python3-colorama python3-configobj python3-constantly python3-debconf python3-debian python3-distupgrade python3-hamcrest python3-hyperlink python3-incremental python3-jeepney python3-jwt python3-keyring python3-lazr.uri python3-oauthlib python3-problem-report python3-pyasn1 python3-pyasn1-modules python3-pyparsing python3-secretstorage python3-service-identity python3-systemd python3-twisted python3-update-manager python3-wadllib python3-zope.interface squashfs-tools Use 'sudo apt autoremove' to remove them. The following packages will be REMOVED: openssl* 0 upgraded, 0 newly installed, 1 to remove and 187 not upgraded. After this operation, dpkg: warning: while removing openssl, directory '/etc/ssl/certs' not empty so not removed root@ip-172-31-90-42:/home/ubuntu# ```

Generting certificates - YUM

Here I solved a bug in which the CentOS repositories were added and no used. I changed the call of the functions. ```console [root@ip-172-31-80-24 ec2-user]# bash wazuh-install.sh -g -i -v 04/06/2024 14:06:14 DEBUG: Checking root permissions. 04/06/2024 14:06:14 DEBUG: Checking sudo package. 04/06/2024 14:06:14 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0 04/06/2024 14:06:14 INFO: Verbose logging redirected to /var/log/wazuh-install.log 04/06/2024 14:06:14 DEBUG: YUM package manager will be used. 04/06/2024 14:06:14 DEBUG: Checking system distribution. 04/06/2024 14:06:14 DEBUG: Detected distribution name: rhel 04/06/2024 14:06:14 DEBUG: Detected distribution version: 9 04/06/2024 14:06:14 DEBUG: Checking Wazuh installation. 04/06/2024 14:06:14 DEBUG: Checking system architecture. 04/06/2024 14:06:14 WARNING: Hardware and system checks ignored. 04/06/2024 14:06:14 INFO: --- Configuration files --- 04/06/2024 14:06:14 INFO: Generating configuration files. 04/06/2024 14:06:14 DEBUG: Checking if OpenSSL is installed. 04/06/2024 14:06:14 DEBUG: Creating Wazuh certificates. 04/06/2024 14:06:14 DEBUG: Reading configuration file. 04/06/2024 14:06:14 DEBUG: Checking if 127.0.0.1 is private. 04/06/2024 14:06:14 DEBUG: Checking if 127.0.0.1 is private. 04/06/2024 14:06:14 DEBUG: Checking if 127.0.0.1 is private. 04/06/2024 14:06:14 INFO: Generating the root certificate. 04/06/2024 14:06:15 INFO: Generating Admin certificates. 04/06/2024 14:06:15 DEBUG: Generating Admin private key. 04/06/2024 14:06:16 DEBUG: Converting Admin private key to PKCS8 format. 04/06/2024 14:06:16 DEBUG: Generating Admin CSR. 04/06/2024 14:06:16 DEBUG: Creating Admin certificate. 04/06/2024 14:06:16 INFO: Generating Wazuh indexer certificates. 04/06/2024 14:06:16 DEBUG: Creating the certificates for wazuh-indexer indexer node. 04/06/2024 14:06:16 DEBUG: Generating certificate configuration. 04/06/2024 14:06:16 DEBUG: Creating the Wazuh indexer tmp key pair. 04/06/2024 14:06:16 DEBUG: Creating the Wazuh indexer certificates. 04/06/2024 14:06:16 INFO: Generating Filebeat certificates. 04/06/2024 14:06:16 DEBUG: Generating the certificates for wazuh-server server node. 04/06/2024 14:06:16 DEBUG: Generating certificate configuration. 04/06/2024 14:06:17 DEBUG: Creating the Wazuh server tmp key pair. 04/06/2024 14:06:17 DEBUG: Creating the Wazuh server certificates. 04/06/2024 14:06:17 INFO: Generating Wazuh dashboard certificates. 04/06/2024 14:06:17 DEBUG: Generating certificate configuration. 04/06/2024 14:06:17 DEBUG: Creating the Wazuh dashboard tmp key pair. 04/06/2024 14:06:17 DEBUG: Creating the Wazuh dashboard certificates. 04/06/2024 14:06:17 DEBUG: Cleaning certificate files. 04/06/2024 14:06:17 DEBUG: Generating password file. 04/06/2024 14:06:17 DEBUG: Generating random passwords. 04/06/2024 14:06:17 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation. [root@ip-172-31-80-24 ec2-user]# ```

Installig Wazuh indexer - APT

```console root@ip-172-31-71-48:/home/ubuntu# bash wazuh-install.sh -wi wazuh-indexer -i -v -id 04/06/2024 16:29:57 DEBUG: Checking root permissions. 04/06/2024 16:29:57 DEBUG: Checking sudo package. 04/06/2024 16:29:57 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0 04/06/2024 16:29:57 INFO: Verbose logging redirected to /var/log/wazuh-install.log 04/06/2024 16:29:57 DEBUG: APT package manager will be used. 04/06/2024 16:29:57 DEBUG: Checking system distribution. 04/06/2024 16:29:57 DEBUG: Detected distribution name: ubuntu 04/06/2024 16:29:57 DEBUG: Detected distribution version: 22 04/06/2024 16:29:57 DEBUG: Checking Wazuh installation. 04/06/2024 16:29:57 DEBUG: Checking system architecture. Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease Get:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease [128 kB] Get:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease [127 kB] Get:4 http://security.ubuntu.com/ubuntu jammy-security InRelease [129 kB] Get:5 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/universe amd64 Packages [14.1 MB] Get:6 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/universe Translation-en [5652 kB] Get:7 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/universe amd64 c-n-f Metadata [286 kB] Get:8 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/multiverse amd64 Packages [217 kB] Get:9 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/multiverse Translation-en [112 kB] Get:10 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/multiverse amd64 c-n-f Metadata [8372 B] Get:11 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 Packages [1686 kB] Get:12 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main Translation-en [313 kB] Get:13 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 c-n-f Metadata [16.1 kB] Get:14 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/restricted amd64 Packages [1933 kB] Get:15 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/restricted Translation-en [328 kB] Get:16 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/restricted amd64 c-n-f Metadata [520 B] Get:17 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/universe amd64 Packages [1076 kB] Get:18 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/universe Translation-en [247 kB] Get:19 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/universe amd64 c-n-f Metadata [22.1 kB] Get:20 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/multiverse amd64 Packages [42.7 kB] Get:21 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/multiverse Translation-en [10.4 kB] Get:22 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/multiverse amd64 c-n-f Metadata [472 B] Get:23 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports/main amd64 Packages [67.1 kB] Get:24 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports/main Translation-en [11.0 kB] Get:25 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports/main amd64 c-n-f Metadata [388 B] Get:26 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports/restricted amd64 c-n-f Metadata [116 B] Get:27 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports/universe amd64 Packages [27.2 kB] Get:28 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports/universe Translation-en [16.2 kB] Get:29 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports/universe amd64 c-n-f Metadata [644 B] Get:30 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports/multiverse amd64 c-n-f Metadata [116 B] Get:31 http://security.ubuntu.com/ubuntu jammy-security/main amd64 Packages [1476 kB] Get:32 http://security.ubuntu.com/ubuntu jammy-security/main Translation-en [254 kB] Get:33 http://security.ubuntu.com/ubuntu jammy-security/main amd64 c-n-f Metadata [11.4 kB] Get:34 http://security.ubuntu.com/ubuntu jammy-security/restricted amd64 Packages [1876 kB] Get:35 http://security.ubuntu.com/ubuntu jammy-security/restricted Translation-en [318 kB] Get:36 http://security.ubuntu.com/ubuntu jammy-security/restricted amd64 c-n-f Metadata [520 B] Get:37 http://security.ubuntu.com/ubuntu jammy-security/universe amd64 Packages [854 kB] Get:38 http://security.ubuntu.com/ubuntu jammy-security/universe Translation-en [165 kB] Get:39 http://security.ubuntu.com/ubuntu jammy-security/universe amd64 c-n-f Metadata [16.8 kB] Get:40 http://security.ubuntu.com/ubuntu jammy-security/multiverse amd64 Packages [37.2 kB] Get:41 http://security.ubuntu.com/ubuntu jammy-security/multiverse Translation-en [7588 B] Get:42 http://security.ubuntu.com/ubuntu jammy-security/multiverse amd64 c-n-f Metadata [260 B] Fetched 31.6 MB in 7s (4812 kB/s) Reading package lists... 04/06/2024 16:30:10 INFO: --- Dependencies ---- 04/06/2024 16:30:10 INFO: Installing lsof. Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: lsof 0 upgraded, 1 newly installed, 0 to remove and 202 not upgraded. Need to get 253 kB of archives. After this operation, 458 kB of additional disk space will be used. Get:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 lsof amd64 4.93.2+dfsg-1.1build2 [253 kB] Fetched 253 kB in 0s (10.7 MB/s) Selecting previously unse NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.19.0-1025-aws NEEDRESTART-KEXP: 5.19.0-1025-aws NEEDRESTART-KSTA: 1 04/06/2024 16:30:20 WARNING: Hardware and system checks ignored. 04/06/2024 16:30:20 DEBUG: Checking previous certificate existence. 04/06/2024 16:30:20 DEBUG: Checking ports availability. Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease Hit:4 http://security.ubuntu.com/ubuntu jammy-security InRelease Reading package lists... 04/06/2024 16:30:24 INFO: --- Dependencies ---- 04/06/2024 16:30:24 INFO: Installing apt-transport-https. Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: apt-transport-https 0 upgraded, 1 newly installed, 0 to remove and 202 not upgraded. Need to get 1510 B of archives. After this operation, 170 kB of additional disk space will be used. Get:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/universe amd64 apt-transport-https all 2.4.12 [1510 B] Fetched 1510 B in 0s (80.6 kB/s) NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.19.0-1025-aws NEEDRESTART-KEXP: 5.19.0-1025-aws NEEDRESTART-KSTA: 1 04/06/2024 16:30:34 DEBUG: Checking curl tool version. 04/06/2024 16:30:34 DEBUG: Adding the Wazuh repository. gpg: keyring '/usr/share/keyrings/wazuh.gpg' created gpg: directory '/root/.gnupg' created gpg: /root/.gnupg/trustdb.gpg: trustdb created gpg: key 96B3EE5F29111145: public key "Wazuh.com (Wazuh Signing Key) " imported gpg: Total number processed: 1 gpg: imported: 1 deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages-dev.wazuh.com/pre-release/apt/ unstable main Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease Hit:4 http://security.ubuntu.com/ubuntu jammy-security InRelease Get:5 https://packages-dev.wazuh.com/pre-release/apt unstable InRelease [17.3 kB] Get:6 https://packages-dev.wazuh.com/pre-release/apt unstable/main amd64 Packages [38.5 kB] Fetched 55.7 kB in 1s (51.4 kB/s) Reading package lists... 04/06/2024 16:30:38 INFO: Wazuh development repository added. 04/06/2024 16:30:38 DEBUG: Extracting Wazuh configuration. 04/06/2024 16:30:38 DEBUG: Reading configuration file. 04/06/2024 16:30:38 DEBUG: Checking if 127.0.0.1 is private. 04/06/2024 16:30:38 DEBUG: Checking if 127.0.0.1 is private. 04/06/2024 16:30:38 DEBUG: Checking if 127.0.0.1 is private. 04/06/2024 16:30:38 DEBUG: Checking node names in the configuration file. 04/06/2024 16:30:38 INFO: --- Wazuh indexer --- 04/06/2024 16:30:38 INFO: Starting Wazuh indexer installation. Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: wazuh-indexer 0 upgraded, 1 newly installed, 0 to remove and 202 not upgraded. Need to get 759 MB of archives. After this operation, 1050 MB of additional disk space will be used. Get:1 https://packages-dev.wazuh.com/pre-release/apt unstable/main amd64 wazuh-indexer amd64 4.8.0-1 [759 MB] Fetched 759 MB in 12s (64.2 MB/s) Selecting previo NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.19.0-1025-aws NEEDRESTART-KEXP: 5.19.0-1025-aws NEEDRESTART-KSTA: 1 04/06/2024 16:32:21 DEBUG: Checking Wazuh installation. 04/06/2024 16:32:22 DEBUG: There are Wazuh indexer remaining files. 04/06/2024 16:32:23 INFO: Wazuh indexer installation finished. 04/06/2024 16:32:23 DEBUG: Configuring Wazuh indexer. 04/06/2024 16:32:23 DEBUG: Copying Wazuh indexer certificates. 04/06/2024 16:32:23 INFO: Wazuh indexer post-install configuration finished. 04/06/2024 16:32:23 INFO: Starting service wazuh-indexer. Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service → /lib/systemd/system/wazuh-indexer.service. 04/06/2024 16:32:47 INFO: wazuh-indexer service started. 04/06/2024 16:32:47 INFO: Initializing Wazuh indexer cluster security settings. 04/06/2024 16:32:48 DEBUG: Setting Wazuh indexer cluster passwords. 04/06/2024 16:32:48 DEBUG: Checking Wazuh installation. 04/06/2024 16:32:49 DEBUG: There are Wazuh indexer remaining files. 04/06/2024 16:32:51 INFO: Wazuh indexer cluster initialized. 04/06/2024 16:32:51 INFO: --- Dependencies --- 04/06/2024 16:32:51 INFO: Removing lsof. Reading package lists... Building dependency tree... Reading state information... The following packages will be REMOVED: lsof* 0 upgraded, 0 newly installed, 1 to remove and 202 not upgraded. After this operation, 458 kB disk space w Processing triggers for man-db (2.10.2-1) ...ies currently installed.) 04/06/2024 16:33:00 DEBUG: Restoring Wazuh repository. 04/06/2024 16:33:00 INFO: Installation finished. root@ip-172-31-71-48:/home/ubuntu# root@ip-172-31-71-48:/home/ubuntu# bash wazuh-install.sh -s -v 04/06/2024 16:34:37 DEBUG: Checking root permissions. 04/06/2024 16:34:37 DEBUG: Checking sudo package. 04/06/2024 16:34:37 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0 04/06/2024 16:34:37 INFO: Verbose logging redirected to /var/log/wazuh-install.log 04/06/2024 16:34:37 DEBUG: APT package manager will be used. 04/06/2024 16:34:37 DEBUG: Checking system distribution. 04/06/2024 16:34:37 DEBUG: Detected distribution name: ubuntu 04/06/2024 16:34:37 DEBUG: Detected distribution version: 22 04/06/2024 16:34:37 DEBUG: Checking Wazuh installation. 04/06/2024 16:34:40 DEBUG: There are Wazuh indexer remaining files. 04/06/2024 16:34:41 DEBUG: Checking system architecture. 04/06/2024 16:34:46 INFO: Verifying that your system meets the recommended minimum hardware requirements. 04/06/2024 16:34:46 DEBUG: CPU cores detected: 2 04/06/2024 16:34:46 DEBUG: Free RAM memory detected: 3875 04/06/2024 16:34:46 DEBUG: Checking previous certificate existence. 04/06/2024 16:34:46 DEBUG: Extracting Wazuh configuration. 04/06/2024 16:34:46 DEBUG: Reading configuration file. 04/06/2024 16:34:46 DEBUG: Checking if 127.0.0.1 is private. 04/06/2024 16:34:46 DEBUG: Checking if 127.0.0.1 is private. 04/06/2024 16:34:46 DEBUG: Checking if 127.0.0.1 is private. 04/06/2024 16:34:46 DEBUG: Starting Wazuh indexer cluster. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to 127.0.0.1:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.10.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-indexer-cluster Clusterstate: GREEN Number of nodes: 1 Number of data nodes: 1 .opendistro_security index does not exists, attempt to create it ... done (0-all replicas) Populate config from /etc/wazuh-indexer/opensearch-security/ Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml SUCC: Configuration for 'config' created or updated Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml SUCC: Configuration for 'roles' created or updated Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml SUCC: Configuration for 'rolesmapping' created or updated Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml SUCC: Configuration for 'internalusers' created or updated Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml SUCC: Configuration for 'actiongroups' created or updated Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml SUCC: Configuration for 'tenants' created or updated Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml SUCC: Configuration for 'nodesdn' created or updated Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml SUCC: Configuration for 'whitelist' created or updated Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml SUCC: Configuration for 'audit' created or updated Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml SUCC: Configuration for 'allowlist' created or updated SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null Done with success 04/06/2024 16:34:55 INFO: Wazuh indexer cluster security configuration initialized. {"error":"Content-Type header [] is not supported","status":406}04/06/2024 16:35:20 DEBUG: Inserted wazuh-alerts template into the Wazuh indexer cluster. 04/06/2024 16:35:20 DEBUG: Setting Wazuh indexer cluster passwords. 04/06/2024 16:35:20 DEBUG: Checking Wazuh installation. 04/06/2024 16:35:22 DEBUG: There are Wazuh indexer remaining files. 04/06/2024 16:35:23 INFO: Updating the internal users. 04/06/2024 16:35:23 DEBUG: Creating password backup. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to 127.0.0.1:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.10.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-indexer-cluster Clusterstate: GREEN Number of nodes: 1 Number of data nodes: 1 .opendistro_security index already exists, so we do not need to create one. Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml 04/06/2024 16:35:27 DEBUG: Password backup created in /etc/wazuh-indexer/backup. 04/06/2024 16:35:27 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder. 04/06/2024 16:35:27 DEBUG: The internal users have been updated before changing the passwords. 04/06/2024 16:35:27 DEBUG: Generating password hashes. 04/06/2024 16:35:34 DEBUG: Password hashes generated. 04/06/2024 16:35:34 DEBUG: Creating password backup. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to 127.0.0.1:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.10.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-indexer-cluster Clusterstate: GREEN Number of nodes: 1 Number of data nodes: 1 .opendistro_security index already exists, so we do not need to create one. Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml 04/06/2024 16:35:39 DEBUG: Password backup created in /etc/wazuh-indexer/backup. 04/06/2024 16:35:39 DEBUG: Running security admin tool. 04/06/2024 16:35:39 DEBUG: Loading new passwords changes. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to 127.0.0.1:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.10.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-indexer-cluster Clusterstate: GREEN Number of nodes: 1 Number of data nodes: 1 .opendistro_security index already exists, so we do not need to create one. Populate config from /home/ubuntu Force type: internalusers Will update '/internalusers' with /etc/wazuh-indexer/backup/internal_users.yml SUCC: Configuration for 'internalusers' created or updated SUCC: Expected 1 config types for node {"updated_config_types":["internalusers"],"updated_config_size":1,"message":null} is 1 (["internalusers"]) due to: null Done with success 04/06/2024 16:35:43 DEBUG: Passwords changed. 04/06/2024 16:35:43 DEBUG: Restoring Wazuh repository. 04/06/2024 16:35:43 INFO: Wazuh indexer cluster started. root@ip-172-31-71-48:/home/ubuntu# ```

Installing Wazuh indexer - YUM

```console [root@ip-172-31-71-82 ec2-user]# bash wazuh-install.sh -wi wazuh-indexer -i -v 04/06/2024 16:23:23 DEBUG: Checking root permissions. 04/06/2024 16:23:23 DEBUG: Checking sudo package. 04/06/2024 16:23:23 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0 04/06/2024 16:23:23 INFO: Verbose logging redirected to /var/log/wazuh-install.log 04/06/2024 16:23:23 DEBUG: YUM package manager will be used. 04/06/2024 16:23:23 DEBUG: Checking system distribution. 04/06/2024 16:23:23 DEBUG: Detected distribution name: rhel 04/06/2024 16:23:23 DEBUG: Detected distribution version: 9 04/06/2024 16:23:23 DEBUG: Checking Wazuh installation. 04/06/2024 16:23:23 DEBUG: Checking system architecture. 04/06/2024 16:23:24 WARNING: To perform the installation, the following package/s must be installed: lsof. The following package/s will be removed after the installation: lsof. Add the -id|--install-dependencies parameter to install them automatically or install them manually. [root@ip-172-31-71-82 ec2-user]# [root@ip-172-31-71-82 ec2-user]# bash wazuh-install.sh -wi wazuh-indexer -i -v -id 04/06/2024 16:29:57 DEBUG: Checking root permissions. 04/06/2024 16:29:57 DEBUG: Checking sudo package. 04/06/2024 16:29:57 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0 04/06/2024 16:29:57 INFO: Verbose logging redirected to /var/log/wazuh-install.log 04/06/2024 16:29:57 DEBUG: YUM package manager will be used. 04/06/2024 16:29:57 DEBUG: Checking system distribution. 04/06/2024 16:29:57 DEBUG: Detected distribution name: rhel 04/06/2024 16:29:57 DEBUG: Detected distribution version: 9 04/06/2024 16:29:57 DEBUG: Checking Wazuh installation. 04/06/2024 16:29:57 DEBUG: Checking system architecture. 04/06/2024 16:29:57 DEBUG: CentOS repository file created. 04/06/2024 16:29:57 DEBUG: CentOS repositories added. 04/06/2024 16:29:57 INFO: --- Dependencies ---- 04/06/2024 16:29:57 INFO: Installing lsof. Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. CentOS Stream 9 - AppStream 58 MB/s | 19 MB 00:00 CentOS Stream 9 - BaseOS 28 MB/s | 8.1 MB 00:00 Red Hat Enterprise Linux 9 for x86_64 - AppStre 73 kB/s | 4.5 kB 00:00 Red Hat Enterprise Linux 9 for x86_64 - BaseOS 70 kB/s | 4.1 kB 00:00 Red Hat Enterprise Linux 9 Client Configuration 30 kB/s | 1.5 kB 00:00 Dependencies resolved. ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: lsof x86_64 4.94.0-3.el9 baseos 239 k Installing dependencies: libtirpc x86_64 1.3.3-8.el9_4 rhel-9-baseos-rhui-rpms 96 k Transaction Summary ================================================================================ Install 2 Packages Total download size: 336 k Installed size: 826 k Downloading Packages: (1/2): libtirpc-1.3.3-8.el9_4.x86_64.rpm 1.4 MB/s | 96 kB 00:00 (2/2): lsof-4.94.0-3.el9.x86_64.rpm 2.1 MB/s | 239 kB 00:00 -------------------------------------------------------------------------------- Total 2.4 MB/s | 336 kB 00:00 CentOS Stream 9 - BaseOS 1.6 MB/s | 1.6 kB 00:00 Importing GPG key 0x8483C65D: Userid : "CentOS (CentOS Official Signing Key) " Fingerprint: 99DB 70FA E1D7 CE22 7FB6 4882 05B5 55B3 8483 C65D From : /etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial Key imported successfully Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Installing : libtirpc-1.3.3-8.el9_4.x86_64 1/2 Installing : lsof-4.94.0-3.el9.x86_64 2/2 Running scriptlet: lsof-4.94.0-3.el9.x86_64 2/2 Verifying : lsof-4.94.0-3.el9.x86_64 1/2 Verifying : libtirpc-1.3.3-8.el9_4.x86_64 2/2 Installed products updated. Installed: libtirpc-1.3.3-8.el9_4.x86_64 lsof-4.94.0-3.el9.x86_64 Complete! Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. 38 files removed 04/06/2024 16:30:12 DEBUG: CentOS repositories and key deleted. 04/06/2024 16:30:12 WARNING: Hardware and system checks ignored. 04/06/2024 16:30:12 DEBUG: Checking previous certificate existence. 04/06/2024 16:30:12 DEBUG: Checking ports availability. 04/06/2024 16:30:12 DEBUG: Checking curl tool version. 04/06/2024 16:30:12 DEBUG: Adding the Wazuh repository. [wazuh] gpgcheck=1 gpgkey=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH enabled=1 name=EL-${releasever} - Wazuh baseurl=https://packages-dev.wazuh.com/pre-release/yum/ protect=1 04/06/2024 16:30:13 INFO: Wazuh development repository added. 04/06/2024 16:30:13 DEBUG: Extracting Wazuh configuration. 04/06/2024 16:30:13 DEBUG: Reading configuration file. 04/06/2024 16:30:13 DEBUG: Checking if 127.0.0.1 is private. 04/06/2024 16:30:13 DEBUG: Checking if 127.0.0.1 is private. 04/06/2024 16:30:13 DEBUG: Checking if 127.0.0.1 is private. 04/06/2024 16:30:13 DEBUG: Checking node names in the configuration file. 04/06/2024 16:30:13 INFO: --- Wazuh indexer --- 04/06/2024 16:30:13 INFO: Starting Wazuh indexer installation. Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. Red Hat Enterprise Linux 9 for x86_64 - AppStre 75 MB/s | 35 MB 00:00 Red Hat Enterprise Linux 9 for x86_64 - BaseOS 73 MB/s | 22 MB 00:00 Red Hat Enterprise Linux 9 Client Configuration 33 kB/s | 2.9 kB 00:00 EL-9 - Wazuh 21 MB/s | 26 MB 00:01 Dependencies resolved. ================================================================================ Package Architecture Version Repository Size ================================================================================ Installing: wazuh-indexer x86_64 4.8.0-1 wazuh 743 M Transaction Summary ================================================================================ Install 1 Package Total download size: 743 M Installed size: 1.0 G Downloading Packages: wazuh-indexer-4.8.0-1.x86_64.rpm 59 MB/s | 743 MB 00:12 -------------------------------------------------------------------------------- Total 59 MB/s | 743 MB 00:12 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Running scriptlet: wazuh-indexer-4.8.0-1.x86_64 1/1 Installing : wazuh-indexer-4.8.0-1.x86_64 1/1 Running scriptlet: wazuh-indexer-4.8.0-1.x86_64 1/1 Created opensearch keystore in /etc/wazuh-indexer/opensearch.keystore Verifying : wazuh-indexer-4.8.0-1.x86_64 1/1 Installed products updated. Installed: wazuh-indexer-4.8.0-1.x86_64 Complete! 04/06/2024 16:32:10 DEBUG: Checking Wazuh installation. 04/06/2024 16:32:10 DEBUG: There are Wazuh indexer remaining files. 04/06/2024 16:32:10 INFO: Wazuh indexer installation finished. 04/06/2024 16:32:10 DEBUG: Configuring Wazuh indexer. 04/06/2024 16:32:10 DEBUG: Copying Wazuh indexer certificates. 04/06/2024 16:32:11 INFO: Wazuh indexer post-install configuration finished. 04/06/2024 16:32:11 INFO: Starting service wazuh-indexer. Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service → /usr/lib/systemd/system/wazuh-indexer.service. 04/06/2024 16:32:32 INFO: wazuh-indexer service started. 04/06/2024 16:32:32 INFO: Initializing Wazuh indexer cluster security settings. 04/06/2024 16:32:33 DEBUG: Setting Wazuh indexer cluster passwords. 04/06/2024 16:32:33 DEBUG: Checking Wazuh installation. 04/06/2024 16:32:33 DEBUG: There are Wazuh indexer remaining files. 04/06/2024 16:32:33 INFO: Wazuh indexer cluster initialized. 04/06/2024 16:32:33 INFO: --- Dependencies --- 04/06/2024 16:32:33 INFO: Removing lsof. Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. Dependencies resolved. ================================================================================ Package Arch Version Repository Size ================================================================================ Removing: lsof x86_64 4.94.0-3.el9 @baseos 624 k Removing unused dependencies: libtirpc x86_64 1.3.3-8.el9_4 @rhel-9-baseos-rhui-rpms 202 k Transaction Summary ================================================================================ Remove 2 Packages Freed space: 826 k Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Erasing : lsof-4.94.0-3.el9.x86_64 1/2 Erasing : libtirpc-1.3.3-8.el9_4.x86_64 2/2 Running scriptlet: libtirpc-1.3.3-8.el9_4.x86_64 2/2 Verifying : libtirpc-1.3.3-8.el9_4.x86_64 1/2 Verifying : lsof-4.94.0-3.el9.x86_64 2/2 Installed products updated. Removed: libtirpc-1.3.3-8.el9_4.x86_64 lsof-4.94.0-3.el9.x86_64 Complete! 04/06/2024 16:32:34 DEBUG: Restoring Wazuh repository. 04/06/2024 16:32:34 INFO: Installation finished. [root@ip-172-31-71-82 ec2-user]# [root@ip-172-31-71-82 ec2-user]# bash wazuh-install.sh -s -v 04/06/2024 16:34:37 DEBUG: Checking root permissions. 04/06/2024 16:34:37 DEBUG: Checking sudo package. 04/06/2024 16:34:37 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0 04/06/2024 16:34:37 INFO: Verbose logging redirected to /var/log/wazuh-install.log 04/06/2024 16:34:37 DEBUG: YUM package manager will be used. 04/06/2024 16:34:37 DEBUG: Checking system distribution. 04/06/2024 16:34:37 DEBUG: Detected distribution name: rhel 04/06/2024 16:34:37 DEBUG: Detected distribution version: 9 04/06/2024 16:34:37 DEBUG: Checking Wazuh installation. 04/06/2024 16:34:37 DEBUG: There are Wazuh indexer remaining files. 04/06/2024 16:34:37 DEBUG: Checking system architecture. 04/06/2024 16:34:37 INFO: Verifying that your system meets the recommended minimum hardware requirements. 04/06/2024 16:34:37 DEBUG: CPU cores detected: 2 04/06/2024 16:34:37 DEBUG: Free RAM memory detected: 3614 04/06/2024 16:34:37 DEBUG: Checking previous certificate existence. 04/06/2024 16:34:37 DEBUG: Extracting Wazuh configuration. 04/06/2024 16:34:37 DEBUG: Reading configuration file. 04/06/2024 16:34:37 DEBUG: Checking if 127.0.0.1 is private. 04/06/2024 16:34:37 DEBUG: Checking if 127.0.0.1 is private. 04/06/2024 16:34:37 DEBUG: Checking if 127.0.0.1 is private. 04/06/2024 16:34:37 DEBUG: Starting Wazuh indexer cluster. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to 127.0.0.1:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.10.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-indexer-cluster Clusterstate: GREEN Number of nodes: 1 Number of data nodes: 1 .opendistro_security index does not exists, attempt to create it ... done (0-all replicas) Populate config from /etc/wazuh-indexer/opensearch-security/ Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml SUCC: Configuration for 'config' created or updated Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml SUCC: Configuration for 'roles' created or updated Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml SUCC: Configuration for 'rolesmapping' created or updated Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml SUCC: Configuration for 'internalusers' created or updated Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml SUCC: Configuration for 'actiongroups' created or updated Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml SUCC: Configuration for 'tenants' created or updated Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml SUCC: Configuration for 'nodesdn' created or updated Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml SUCC: Configuration for 'whitelist' created or updated Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml SUCC: Configuration for 'audit' created or updated Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml SUCC: Configuration for 'allowlist' created or updated SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null Done with success 04/06/2024 16:34:42 INFO: Wazuh indexer cluster security configuration initialized. {"error":"Content-Type header [] is not supported","status":406}04/06/2024 16:35:08 DEBUG: Inserted wazuh-alerts template into the Wazuh indexer cluster. 04/06/2024 16:35:08 DEBUG: Setting Wazuh indexer cluster passwords. 04/06/2024 16:35:08 DEBUG: Checking Wazuh installation. 04/06/2024 16:35:08 DEBUG: There are Wazuh indexer remaining files. 04/06/2024 16:35:08 INFO: Updating the internal users. 04/06/2024 16:35:08 DEBUG: Creating password backup. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to 127.0.0.1:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.10.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-indexer-cluster Clusterstate: GREEN Number of nodes: 1 Number of data nodes: 1 .opendistro_security index already exists, so we do not need to create one. Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml 04/06/2024 16:35:12 DEBUG: Password backup created in /etc/wazuh-indexer/backup. 04/06/2024 16:35:12 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder. 04/06/2024 16:35:12 DEBUG: The internal users have been updated before changing the passwords. 04/06/2024 16:35:12 DEBUG: Generating password hashes. 04/06/2024 16:35:18 DEBUG: Password hashes generated. 04/06/2024 16:35:18 DEBUG: Creating password backup. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to 127.0.0.1:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.10.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-indexer-cluster Clusterstate: GREEN Number of nodes: 1 Number of data nodes: 1 .opendistro_security index already exists, so we do not need to create one. Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml 04/06/2024 16:35:22 DEBUG: Password backup created in /etc/wazuh-indexer/backup. 04/06/2024 16:35:22 DEBUG: Running security admin tool. 04/06/2024 16:35:22 DEBUG: Loading new passwords changes. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to 127.0.0.1:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.10.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-indexer-cluster Clusterstate: GREEN Number of nodes: 1 Number of data nodes: 1 .opendistro_security index already exists, so we do not need to create one. Populate config from /home/ec2-user Force type: internalusers Will update '/internalusers' with /etc/wazuh-indexer/backup/internal_users.yml SUCC: Configuration for 'internalusers' created or updated SUCC: Expected 1 config types for node {"updated_config_types":["internalusers"],"updated_config_size":1,"message":null} is 1 (["internalusers"]) due to: null Done with success 04/06/2024 16:35:26 DEBUG: Passwords changed. 04/06/2024 16:35:26 DEBUG: Restoring Wazuh repository. 04/06/2024 16:35:26 INFO: Wazuh indexer cluster started. [root@ip-172-31-71-82 ec2-user]# ```

Update Report

Wazuh manager

Here, I fixed a bug. It consisted in specifying the wrong used ports when installing the Wazuh manager. I specified the indexer ones instead of the manager ones.

Installing Wazuh server - APT

```console root@ip-172-31-71-48:/home/ubuntu# bash wazuh-install.sh -ws wazuh-server -v 04/06/2024 16:52:30 DEBUG: Checking root permissions. 04/06/2024 16:52:30 DEBUG: Checking sudo package. 04/06/2024 16:52:30 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0 04/06/2024 16:52:30 INFO: Verbose logging redirected to /var/log/wazuh-install.log 04/06/2024 16:52:30 DEBUG: APT package manager will be used. 04/06/2024 16:52:30 DEBUG: Checking system distribution. 04/06/2024 16:52:30 DEBUG: Detected distribution name: ubuntu 04/06/2024 16:52:30 DEBUG: Detected distribution version: 22 04/06/2024 16:52:30 DEBUG: Checking Wazuh installation. 04/06/2024 16:52:31 DEBUG: There are Wazuh indexer remaining files. 04/06/2024 16:52:33 DEBUG: Checking system architecture. 04/06/2024 16:52:41 WARNING: To perform the installation, the following package/s must be installed: lsof. The following package/s will be removed after the installation: lsof. Add the -id|--install-dependencies parameter to install them automatically or install them manually. root@ip-172-31-71-48:/home/ubuntu# bash wazuh-install.sh -ws wazuh-server -v -id 04/06/2024 16:52:49 DEBUG: Checking root permissions. 04/06/2024 16:52:49 DEBUG: Checking sudo package. 04/06/2024 16:52:49 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0 04/06/2024 16:52:49 INFO: Verbose logging redirected to /var/log/wazuh-install.log 04/06/2024 16:52:49 DEBUG: APT package manager will be used. 04/06/2024 16:52:49 DEBUG: Checking system distribution. 04/06/2024 16:52:49 DEBUG: Detected distribution name: ubuntu 04/06/2024 16:52:49 DEBUG: Detected distribution version: 22 04/06/2024 16:52:49 DEBUG: Checking Wazuh installation. 04/06/2024 16:52:51 DEBUG: There are Wazuh indexer remaining files. 04/06/2024 16:52:52 DEBUG: Checking system architecture. Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease Hit:4 http://security.ubuntu.com/ubuntu jammy-security InRelease Reading package lists... 04/06/2024 16:53:03 INFO: --- Dependencies ---- 04/06/2024 16:53:03 INFO: Installing lsof. Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: lsof 0 upgraded, 1 newly installed, 0 to remove and 202 not upgraded. Need to get 0 B/253 kB of archives. NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.19.0-1025-aws NEEDRESTART-KEXP: 5.19.0-1025-aws NEEDRESTART-KSTA: 1sof. 04/06/2024 16:53:13 INFO: Verifying that your system meets the recommended minimum hardware requirements. 04/06/2024 16:53:13 DEBUG: CPU cores detected: 2 04/06/2024 16:53:13 DEBUG: Free RAM memory detected: 3875 04/06/2024 16:53:13 DEBUG: Checking previous certificate existence. 04/06/2024 16:53:13 DEBUG: 55000 ports. 04/06/2024 16:53:13 DEBUG: Checking ports availability. 04/06/2024 16:53:15 DEBUG: Checking curl tool version. 04/06/2024 16:53:15 DEBUG: Adding the Wazuh repository. gpg: keyring '/usr/share/keyrings/wazuh.gpg' created gpg: key 96B3EE5F29111145: public key "Wazuh.com (Wazuh Signing Key) " imported gpg: Total number processed: 1 gpg: imported: 1 deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages-dev.wazuh.com/pre-release/apt/ unstable main Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease Hit:4 http://security.ubuntu.com/ubuntu jammy-security InRelease Get:5 https://packages-dev.wazuh.com/pre-release/apt unstable InRelease [17.3 kB] Get:6 https://packages-dev.wazuh.com/pre-release/apt unstable/main amd64 Packages [38.5 kB] Fetched 55.7 kB in 1s (52.4 kB/s) Reading package lists... 04/06/2024 16:53:19 INFO: Wazuh development repository added. 04/06/2024 16:53:19 DEBUG: Extracting Wazuh configuration. 04/06/2024 16:53:19 DEBUG: Reading configuration file. 04/06/2024 16:53:19 DEBUG: Checking if 127.0.0.1 is private. 04/06/2024 16:53:19 DEBUG: Checking if 127.0.0.1 is private. 04/06/2024 16:53:19 DEBUG: Checking if 127.0.0.1 is private. 04/06/2024 16:53:19 DEBUG: Checking node names in the configuration file. 04/06/2024 16:53:19 INFO: --- Wazuh server --- 04/06/2024 16:53:19 INFO: Starting the Wazuh manager installation. Reading package lists... Building dependency tree... Reading state information... Suggested packages: expect The following NEW packages will be installed: wazuh-manager 0 upgraded, 1 newly installed, 0 to remove and 202 not upgraded. Need to get 317 MB of archives. After this operation, 918 MB of additional disk space will be used. Get:1 https://packages-dev.wazuh.com/pre-release/apt unstable/main amd64 wazuh-manager amd64 4.8.0-1 [317 MB] Fetched 317 MB in 7s (45 NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.19.0-1025-aws NEEDRESTART-KEXP: 5.19.0-1025-aws NEEDRESTART-KSTA: 1 04/06/2024 16:55:01 DEBUG: Checking Wazuh installation. 04/06/2024 16:55:02 DEBUG: There are Wazuh remaining files. 04/06/2024 16:55:03 DEBUG: There are Wazuh indexer remaining files. 04/06/2024 16:55:04 INFO: Wazuh manager installation finished. 04/06/2024 16:55:04 DEBUG: Configuring Wazuh manager. 04/06/2024 16:55:04 DEBUG: Setting provisional Wazuh indexer password. 04/06/2024 16:55:04 INFO: Wazuh manager vulnerability detection configuration finished. 04/06/2024 16:55:04 INFO: Starting service wazuh-manager. Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-manager.service → /lib/systemd/system/wazuh-manager.service. 04/06/2024 16:55:30 INFO: wazuh-manager service started. 04/06/2024 16:55:30 INFO: Starting Filebeat installation. Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: filebeat 0 upgraded, 1 newly installed, 0 to remove and 202 not upgraded. Need to get 22.1 MB of archives. After this operation, 73.6 MB of additional disk space will be used. Get:1 https://packages-dev.wazuh.com/pre-release/apt unstable/main amd64 filebeat amd64 7.10.2 [22.1 MB] Fetched 22.1 MB in 1s (29.1 MB/s) Selecting previously unse NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.19.0-1025-aws NEEDRESTART-KEXP: 5.19.0-1025-aws NEEDRESTART-KSTA: 1 04/06/2024 16:55:46 DEBUG: Checking Wazuh installation. 04/06/2024 16:55:47 DEBUG: There are Wazuh remaining files. 04/06/2024 16:55:47 DEBUG: There are Wazuh indexer remaining files. 04/06/2024 16:55:48 DEBUG: There are Filebeat remaining files. 04/06/2024 16:55:49 INFO: Filebeat installation finished. 04/06/2024 16:55:49 DEBUG: Configuring Filebeat. 04/06/2024 16:55:49 DEBUG: Filebeat template was download successfully. wazuh/ wazuh/_meta/ wazuh/_meta/docs.asciidoc wazuh/_meta/fields.yml wazuh/_meta/config.yml wazuh/alerts/ wazuh/alerts/config/ wazuh/alerts/config/alerts.yml wazuh/alerts/manifest.yml wazuh/alerts/ingest/ wazuh/alerts/ingest/pipeline.json wazuh/module.yml wazuh/archives/ wazuh/archives/config/ wazuh/archives/config/archives.yml wazuh/archives/manifest.yml wazuh/archives/ingest/ wazuh/archives/ingest/pipeline.json 04/06/2024 16:55:49 DEBUG: Filebeat module was downloaded successfully. 04/06/2024 16:55:49 DEBUG: Copying Filebeat certificates. Created filebeat keystore Successfully updated the keystore Successfully updated the keystore 04/06/2024 16:55:50 INFO: Filebeat post-install configuration finished. 04/06/2024 16:55:50 DEBUG: Setting Wazuh indexer cluster passwords. 04/06/2024 16:55:50 DEBUG: Checking Wazuh installation. 04/06/2024 16:55:51 DEBUG: There are Wazuh remaining files. 04/06/2024 16:55:52 DEBUG: There are Wazuh indexer remaining files. 04/06/2024 16:55:52 DEBUG: There are Filebeat remaining files. Successfully updated the keystore 04/06/2024 16:55:55 DEBUG: Restarting filebeat service... 04/06/2024 16:55:55 DEBUG: filebeat started. 04/06/2024 16:55:56 DEBUG: Restarting wazuh-manager service... 04/06/2024 16:56:19 DEBUG: wazuh-manager started. 04/06/2024 16:56:19 DEBUG: Changing API passwords. 04/06/2024 16:56:23 INFO: Starting service filebeat. Synchronizing state of filebeat.service with SysV service script with /lib/systemd/systemd-sysv-install. Executing: /lib/systemd/systemd-sysv-install enable filebeat Created symlink /etc/systemd/system/multi-user.target.wants/filebeat.service → /lib/systemd/system/filebeat.service. 04/06/2024 16:56:25 INFO: filebeat service started. 04/06/2024 16:56:25 INFO: --- Dependencies --- 04/06/2024 16:56:25 INFO: Removing lsof. Reading package lists... Building dependency tree... Reading state information... The following packages will be REMOVED: lsof* 0 upgraded, 0 newly installed, 1 to remove and 202 not upgraded. After this operation, 458 kB disk space w Processing triggers for man-db (2.10.2-1) ...ies currently installed.) 04/06/2024 16:56:36 DEBUG: Restoring Wazuh repository. 04/06/2024 16:56:36 INFO: Installation finished. root@ip-172-31-71-48:/home/ubuntu# ```

Installing Wazuh server - YUM

```console [root@ip-172-31-71-82 ec2-user]# bash wazuh-install.sh -ws wazuh-server -v 04/06/2024 16:52:30 DEBUG: Checking root permissions. 04/06/2024 16:52:30 DEBUG: Checking sudo package. 04/06/2024 16:52:30 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0 04/06/2024 16:52:30 INFO: Verbose logging redirected to /var/log/wazuh-install.log 04/06/2024 16:52:30 DEBUG: YUM package manager will be used. 04/06/2024 16:52:30 DEBUG: Checking system distribution. 04/06/2024 16:52:30 DEBUG: Detected distribution name: rhel 04/06/2024 16:52:30 DEBUG: Detected distribution version: 9 04/06/2024 16:52:30 DEBUG: Checking Wazuh installation. 04/06/2024 16:52:30 DEBUG: There are Wazuh indexer remaining files. 04/06/2024 16:52:30 DEBUG: Checking system architecture. 04/06/2024 16:52:30 WARNING: To perform the installation, the following package/s must be installed: lsof. The following package/s will be removed after the installation: lsof. Add the -id|--install-dependencies parameter to install them automatically or install them manually. [root@ip-172-31-71-82 ec2-user]# bash wazuh-install.sh -ws wazuh-server -v -id 04/06/2024 16:52:49 DEBUG: Checking root permissions. 04/06/2024 16:52:49 DEBUG: Checking sudo package. 04/06/2024 16:52:49 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0 04/06/2024 16:52:49 INFO: Verbose logging redirected to /var/log/wazuh-install.log 04/06/2024 16:52:49 DEBUG: YUM package manager will be used. 04/06/2024 16:52:49 DEBUG: Checking system distribution. 04/06/2024 16:52:49 DEBUG: Detected distribution name: rhel 04/06/2024 16:52:49 DEBUG: Detected distribution version: 9 04/06/2024 16:52:49 DEBUG: Checking Wazuh installation. 04/06/2024 16:52:49 DEBUG: There are Wazuh indexer remaining files. 04/06/2024 16:52:49 DEBUG: Checking system architecture. 04/06/2024 16:52:50 DEBUG: CentOS repository file created. 04/06/2024 16:52:50 DEBUG: CentOS repositories added. 04/06/2024 16:52:50 INFO: --- Dependencies ---- 04/06/2024 16:52:50 INFO: Installing lsof. Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. CentOS Stream 9 - AppStream 34 MB/s | 19 MB 00:00 CentOS Stream 9 - BaseOS 29 MB/s | 8.1 MB 00:00 Red Hat Enterprise Linux 9 for x86_64 - AppStre 84 MB/s | 35 MB 00:00 Red Hat Enterprise Linux 9 for x86_64 - BaseOS 71 MB/s | 22 MB 00:00 Red Hat Enterprise Linux 9 Client Configuration 34 kB/s | 2.9 kB 00:00 Dependencies resolved. ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: lsof x86_64 4.94.0-3.el9 baseos 239 k Installing dependencies: libtirpc x86_64 1.3.3-8.el9_4 rhel-9-baseos-rhui-rpms 96 k Transaction Summary ================================================================================ Install 2 Packages Total download size: 336 k Installed size: 826 k Downloading Packages: (1/2): libtirpc-1.3.3-8.el9_4.x86_64.rpm 1.3 MB/s | 96 kB 00:00 (2/2): lsof-4.94.0-3.el9.x86_64.rpm 2.4 MB/s | 239 kB 00:00 -------------------------------------------------------------------------------- Total 2.6 MB/s | 336 kB 00:00 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Installing : libtirpc-1.3.3-8.el9_4.x86_64 1/2 Installing : lsof-4.94.0-3.el9.x86_64 2/2 Running scriptlet: lsof-4.94.0-3.el9.x86_64 2/2 Verifying : lsof-4.94.0-3.el9.x86_64 1/2 Verifying : libtirpc-1.3.3-8.el9_4.x86_64 2/2 Installed products updated. Installed: libtirpc-1.3.3-8.el9_4.x86_64 lsof-4.94.0-3.el9.x86_64 Complete! Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. 38 files removed 04/06/2024 16:53:21 DEBUG: CentOS repositories and key deleted. 04/06/2024 16:53:21 INFO: Verifying that your system meets the recommended minimum hardware requirements. 04/06/2024 16:53:21 DEBUG: CPU cores detected: 2 04/06/2024 16:53:21 DEBUG: Free RAM memory detected: 3614 04/06/2024 16:53:21 DEBUG: Checking previous certificate existence. 04/06/2024 16:53:21 DEBUG: 55000 ports. 04/06/2024 16:53:21 DEBUG: Checking ports availability. 04/06/2024 16:53:21 DEBUG: Checking curl tool version. 04/06/2024 16:53:21 DEBUG: Adding the Wazuh repository. [wazuh] gpgcheck=1 gpgkey=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH enabled=1 name=EL-${releasever} - Wazuh baseurl=https://packages-dev.wazuh.com/pre-release/yum/ protect=1 04/06/2024 16:53:22 INFO: Wazuh development repository added. 04/06/2024 16:53:22 DEBUG: Extracting Wazuh configuration. 04/06/2024 16:53:22 DEBUG: Reading configuration file. 04/06/2024 16:53:22 DEBUG: Checking if 127.0.0.1 is private. 04/06/2024 16:53:22 DEBUG: Checking if 127.0.0.1 is private. 04/06/2024 16:53:22 DEBUG: Checking if 127.0.0.1 is private. 04/06/2024 16:53:22 DEBUG: Checking node names in the configuration file. 04/06/2024 16:53:22 INFO: --- Wazuh server --- 04/06/2024 16:53:22 INFO: Starting the Wazuh manager installation. Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. Red Hat Enterprise Linux 9 for x86_64 - AppStre 82 MB/s | 35 MB 00:00 Red Hat Enterprise Linux 9 for x86_64 - BaseOS 64 MB/s | 22 MB 00:00 Red Hat Enterprise Linux 9 Client Configuration 31 kB/s | 2.9 kB 00:00 EL-9 - Wazuh 21 MB/s | 26 MB 00:01 Last metadata expiration check: 0:00:01 ago on Tue 04 Jun 2024 04:53:39 PM UTC. Dependencies resolved. ================================================================================ Package Architecture Version Repository Size ================================================================================ Installing: wazuh-manager x86_64 4.8.0-1 wazuh 298 M Transaction Summary ================================================================================ Install 1 Package Total download size: 298 M Installed size: 887 M Downloading Packages: wazuh-manager-4.8.0-1.x86_64.rpm 52 MB/s | 298 MB 00:05 -------------------------------------------------------------------------------- Total 52 MB/s | 298 MB 00:05 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Running scriptlet: wazuh-manager-4.8.0-1.x86_64 1/1 Installing : wazuh-manager-4.8.0-1.x86_64 1/1 Running scriptlet: wazuh-manager-4.8.0-1.x86_64 1/1 Verifying : wazuh-manager-4.8.0-1.x86_64 1/1 Installed products updated. Installed: wazuh-manager-4.8.0-1.x86_64 Complete! 04/06/2024 16:54:57 DEBUG: Checking Wazuh installation. 04/06/2024 16:54:57 DEBUG: There are Wazuh remaining files. 04/06/2024 16:54:58 DEBUG: There are Wazuh indexer remaining files. 04/06/2024 16:54:58 INFO: Wazuh manager installation finished. 04/06/2024 16:54:58 DEBUG: Configuring Wazuh manager. 04/06/2024 16:54:58 DEBUG: Setting provisional Wazuh indexer password. 04/06/2024 16:54:58 INFO: Wazuh manager vulnerability detection configuration finished. 04/06/2024 16:54:58 INFO: Starting service wazuh-manager. Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-manager.service → /usr/lib/systemd/system/wazuh-manager.service. 04/06/2024 16:55:14 INFO: wazuh-manager service started. 04/06/2024 16:55:14 INFO: Starting Filebeat installation. Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. Last metadata expiration check: 0:01:36 ago on Tue 04 Jun 2024 04:53:39 PM UTC. Dependencies resolved. ================================================================================ Package Architecture Version Repository Size ================================================================================ Installing: filebeat x86_64 7.10.2-1 wazuh 21 M Transaction Summary ================================================================================ Install 1 Package Total download size: 21 M Installed size: 70 M Downloading Packages: filebeat-oss-7.10.2-x86_64.rpm 29 MB/s | 21 MB 00:00 -------------------------------------------------------------------------------- Total 27 MB/s | 21 MB 00:00 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Installing : filebeat-7.10.2-1.x86_64 1/1 Running scriptlet: filebeat-7.10.2-1.x86_64 1/1 Verifying : filebeat-7.10.2-1.x86_64 1/1 Installed products updated. Installed: filebeat-7.10.2-1.x86_64 Complete! 04/06/2024 16:56:01 DEBUG: Checking Wazuh installation. 04/06/2024 16:56:02 DEBUG: There are Wazuh remaining files. 04/06/2024 16:56:02 DEBUG: There are Wazuh indexer remaining files. 04/06/2024 16:56:02 DEBUG: There are Filebeat remaining files. 04/06/2024 16:56:02 INFO: Filebeat installation finished. 04/06/2024 16:56:02 DEBUG: Configuring Filebeat. 04/06/2024 16:56:02 DEBUG: Filebeat template was download successfully. wazuh/ wazuh/_meta/ wazuh/_meta/docs.asciidoc wazuh/_meta/fields.yml wazuh/_meta/config.yml wazuh/alerts/ wazuh/alerts/config/ wazuh/alerts/config/alerts.yml wazuh/alerts/manifest.yml wazuh/alerts/ingest/ wazuh/alerts/ingest/pipeline.json wazuh/module.yml wazuh/archives/ wazuh/archives/config/ wazuh/archives/config/archives.yml wazuh/archives/manifest.yml wazuh/archives/ingest/ wazuh/archives/ingest/pipeline.json 04/06/2024 16:56:02 DEBUG: Filebeat module was downloaded successfully. 04/06/2024 16:56:02 DEBUG: Copying Filebeat certificates. Created filebeat keystore Successfully updated the keystore Successfully updated the keystore 04/06/2024 16:56:04 INFO: Filebeat post-install configuration finished. 04/06/2024 16:56:04 DEBUG: Setting Wazuh indexer cluster passwords. 04/06/2024 16:56:04 DEBUG: Checking Wazuh installation. 04/06/2024 16:56:04 DEBUG: There are Wazuh remaining files. 04/06/2024 16:56:04 DEBUG: There are Wazuh indexer remaining files. 04/06/2024 16:56:04 DEBUG: There are Filebeat remaining files. Successfully updated the keystore 04/06/2024 16:56:05 DEBUG: Restarting filebeat service... 04/06/2024 16:56:07 DEBUG: filebeat started. 04/06/2024 16:56:07 DEBUG: Restarting wazuh-manager service... 04/06/2024 16:56:29 DEBUG: wazuh-manager started. 04/06/2024 16:56:29 DEBUG: Changing API passwords. 04/06/2024 16:56:32 INFO: Starting service filebeat. Synchronizing state of filebeat.service with SysV service script with /usr/lib/systemd/systemd-sysv-install. Executing: /usr/lib/systemd/systemd-sysv-install enable filebeat Created symlink /etc/systemd/system/multi-user.target.wants/filebeat.service → /usr/lib/systemd/system/filebeat.service. 04/06/2024 16:56:34 INFO: filebeat service started. 04/06/2024 16:56:34 INFO: --- Dependencies --- 04/06/2024 16:56:34 INFO: Removing lsof. Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. Dependencies resolved. ================================================================================ Package Arch Version Repository Size ================================================================================ Removing: lsof x86_64 4.94.0-3.el9 @baseos 624 k Removing unused dependencies: libtirpc x86_64 1.3.3-8.el9_4 @rhel-9-baseos-rhui-rpms 202 k Transaction Summary ================================================================================ Remove 2 Packages Freed space: 826 k Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Erasing : lsof-4.94.0-3.el9.x86_64 1/2 Erasing : libtirpc-1.3.3-8.el9_4.x86_64 2/2 Running scriptlet: libtirpc-1.3.3-8.el9_4.x86_64 2/2 Verifying : libtirpc-1.3.3-8.el9_4.x86_64 1/2 Verifying : lsof-4.94.0-3.el9.x86_64 2/2 Installed products updated. Removed: libtirpc-1.3.3-8.el9_4.x86_64 lsof-4.94.0-3.el9.x86_64 Complete! 04/06/2024 16:57:15 DEBUG: Restoring Wazuh repository. 04/06/2024 16:57:15 INFO: Installation finished. [root@ip-172-31-71-82 ec2-user]# ```

Update Report

Wazuh dashboard

Here, I fixed a bug. It consisted in specifying the wrong used ports when installing the Wazuh manager. I specified the indexer ones instead of the manager ones.

Installing Wazuh dashboard - APT

![image](https://github.com/wazuh/wazuh-packages/assets/72193239/7883da42-ccb3-4f0c-9a90-ef6f5c56c9c6) ```console root@ip-172-31-71-48:/home/ubuntu# bash wazuh-install.sh -wd wazuh-dashboard -i -v 04/06/2024 17:01:05 DEBUG: Checking root permissions. 04/06/2024 17:01:05 DEBUG: Checking sudo package. 04/06/2024 17:01:05 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0 04/06/2024 17:01:05 INFO: Verbose logging redirected to /var/log/wazuh-install.log 04/06/2024 17:01:05 DEBUG: APT package manager will be used. 04/06/2024 17:01:05 DEBUG: Checking system distribution. 04/06/2024 17:01:05 DEBUG: Detected distribution name: ubuntu 04/06/2024 17:01:05 DEBUG: Detected distribution version: 22 04/06/2024 17:01:05 DEBUG: Checking Wazuh installation. 04/06/2024 17:01:08 DEBUG: There are Wazuh remaining files. 04/06/2024 17:01:09 DEBUG: There are Wazuh indexer remaining files. 04/06/2024 17:01:10 DEBUG: There are Filebeat remaining files. 04/06/2024 17:01:10 DEBUG: Checking system architecture. 04/06/2024 17:01:19 WARNING: To perform the installation, the following package/s must be installed: debhelper, lsof. The following package/s will be removed after the installation: lsof. Add the -id|--install-dependencies parameter to install them automatically or install them manually. root@ip-172-31-71-48:/home/ubuntu# bash wazuh-install.sh -wd wazuh-dashboard -i -v -id 04/06/2024 17:01:31 DEBUG: Checking root permissions. 04/06/2024 17:01:31 DEBUG: Checking sudo package. 04/06/2024 17:01:31 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0 04/06/2024 17:01:31 INFO: Verbose logging redirected to /var/log/wazuh-install.log 04/06/2024 17:01:31 DEBUG: APT package manager will be used. 04/06/2024 17:01:31 DEBUG: Checking system distribution. 04/06/2024 17:01:31 DEBUG: Detected distribution name: ubuntu 04/06/2024 17:01:31 DEBUG: Detected distribution version: 22 04/06/2024 17:01:31 DEBUG: Checking Wazuh installation. 04/06/2024 17:01:32 DEBUG: There are Wazuh remaining files. 04/06/2024 17:01:32 DEBUG: There are Wazuh indexer remaining files. 04/06/2024 17:01:33 DEBUG: There are Filebeat remaining files. 04/06/2024 17:01:34 DEBUG: Checking system architecture. Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease Get:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease [128 kB] Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease Hit:4 http://security.ubuntu.com/ubuntu jammy-security InRelease Get:5 https://packages.wazuh.com/4.x/apt stable InRelease [17.3 kB] Get:6 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 Packages [1687 kB] Get:7 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main Translation-en [313 kB] Get:8 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/universe amd64 Packages [1077 kB] Get:9 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/universe Translation-en [247 kB] Get:10 https://packages.wazuh.com/4.x/apt stable/main amd64 Packages [40.8 kB] Fetched 3510 kB in 1s (2358 kB/s) Reading package lists... 04/06/2024 17:01:46 INFO: --- Dependencies ---- 04/06/2024 17:01:46 INFO: Installing lsof. Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: lsof 0 upgraded, 1 newly installed, 0 to remove and 202 not upgraded. Need to get 0 B/253 kB of archives. NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.19.0-1025-aws NEEDRESTART-KEXP: 5.19.0-1025-aws NEEDRESTART-KSTA: 1sof. 04/06/2024 17:01:56 WARNING: Hardware and system checks ignored. 04/06/2024 17:01:56 DEBUG: Checking previous certificate existence. 04/06/2024 17:01:56 INFO: Wazuh web interface port will be 443. 04/06/2024 17:01:56 DEBUG: Checking 443 ports. 04/06/2024 17:01:56 DEBUG: Checking ports availability. Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease Hit:4 http://security.ubuntu.com/ubuntu jammy-security InRelease Hit:5 https://packages.wazuh.com/4.x/apt stable InRelease Reading package lists... 04/06/2024 17:02:01 INFO: --- Dependencies ---- 04/06/2024 17:02:01 INFO: Installing debhelper. Reading package lists... Building dependency tree... Reading state information... The following additional packages will be installed: autoconf automake autopoint autotools-dev build-essential bzip2 cpp cpp-11 debugedit dh-autoreconf dh-strip-nondeterminism dpkg-dev dwz fakeroot fontconfig-config fonts-dejavu-core g++ g++-11 gcc gcc-11 gcc-11-base gcc-12-base gettext intltool-debian libalgorithm-diff-perl libalgorithm-diff-xs-perl libalgorithm-merge-perl libarchive-cpio-perl libarchive-zip-perl libasan6 libatomic1 libc-dev-bin libc-devtools libc6 libc6-dev libcc1-0 libcrypt-dev libdebhelper-perl libdeflate0 libdpkg-perl libfakeroot libfile-fcntllock-perl libfile-stripnondeterminism-perl libfontconfig1 libgcc-11-dev libgcc-s1 libgd3 libgomp1 libisl23 libitm1 libjbig0 libjpeg-turbo8 libjpeg8 liblsan0 libltdl-dev libltdl7 libmail-sendmail-perl libmpc3 libnsl-dev libquadmath0 libstdc++-11-dev libstdc++6 libsub-override-perl libsys-hostname-long-perl libtiff5 libtirpc-dev libtool libtsan0 libubsan1 libwebp7 libxpm4 linux-libc-dev lto-disabled-list m4 make manpages-dev po-debconf rpcsvc-proto Suggested packages: autoconf-archive gnu-standards autoconf-doc bzip2-doc cpp-doc gcc-11-locales dh-make debian-keyring g++-multilib g++-11-multilib gcc-11-doc gcc-multilib flex bison gdb gcc-doc gcc-11-multilib gettext-doc libasprintf-dev libgettextpo-dev glibc-doc bzr libgd-tools libtool-doc libstdc++-11-doc gfortran | fortran95-compiler gcj-jdk m4-doc make-doc libmail-box-perl Recommended packages: libnss-nis libnss-nisplus The following NEW packages will be installed: autoconf automake autopoint autotools-dev build-essential bzip2 cpp cpp-11 debhelper debugedit dh-autoreconf dh-strip-nondeterminism dpkg-dev dwz fakeroot fontconfig-config fonts-dejavu-core g++ g++-11 gcc gcc-11 gcc-11-base gettext intltool-debian libalgorithm-diff-perl libalgorithm-diff-xs-perl libalgorithm-merge-perl libarchive-cpio-perl libarchive-zip-perl libasan6 libatomic1 libc-dev-bin libc-devtools libc6-dev libcc1-0 libcrypt-dev libdebhelper-perl libdeflate0 libdpkg-perl libfakeroot libfile-fcntllock-perl libfile-stripnondeterminism-perl libfontconfig1 libgcc-11-dev libgd3 libgomp1 libisl23 libitm1 libjbig0 libjpeg-turbo8 libjpeg8 liblsan0 libltdl-dev libltdl7 libmail-sendmail-perl libmpc3 libnsl-dev libquadmath0 libstdc++-11-dev libsub-override-perl libsys-hostname-long-perl libtiff5 libtirpc-dev libtool libtsan0 libubsan1 libwebp7 libxpm4 linux-libc-dev lto-disabled-list m4 make manpages-dev po-debconf rpcsvc-proto The following packages will be upgraded: gcc-12-base libc6 libgcc-s1 libstdc++6 4 upgraded, 75 newly installed, 0 to remove and 198 not upgraded. Need to get 72.2 MB of archives. After this operation, 221 MB of additional disk space will be used. Get:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libc6 amd64 2.35-0ubuntu3.8 [3235 kB] Get:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 gcc-12-base amd64 12.3.0-1ubuntu1~22.04 [20.1 kB] Get:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libstdc++6 amd64 12.3.0-1ubuntu1~22.04 [699 kB] Get:4 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libgcc-s1 amd64 12.3.0-1ubuntu1~22.04 [53.9 kB] Get:5 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 m4 amd64 1.4.18-5ubuntu2 [199 kB] Get:6 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 autoconf all 2.71-2 [338 kB] Get:7 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 autotools-dev all 20220109.1 [44.9 kB] Get:8 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 automake all 1:1.16.5-1.3 [558 kB] Get:9 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 autopoint all 0.21-4ubuntu4 [422 kB] Get:10 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libc-dev-bin amd64 2.35-0ubuntu3.8 [20.3 kB] Get:11 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 linux-libc-dev amd64 5.15.0-107.117 [1333 kB] Get:12 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libcrypt-dev amd64 1:4.4.27-1 [112 kB] Get:13 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 rpcsvc-proto amd64 1.4.2-0ubuntu6 [68.5 kB] Get:14 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libtirpc-dev amd64 1.3.2-2ubuntu0.1 [192 kB] Get:15 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libnsl-dev amd64 1.3.0-2build2 [71.3 kB] Get:16 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libc6-dev amd64 2.35-0ubuntu3.8 [2100 kB] Get:17 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 gcc-11-base amd64 11.4.0-1ubuntu1~22.04 [20.2 kB] Get:18 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libisl23 amd64 0.24-2build1 [727 kB] Get:19 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libmpc3 amd64 1.2.1-2build1 [46.9 kB] Get:20 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 cpp-11 amd64 11.4.0-1ubuntu1~22.04 [10.0 MB] Get:21 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 cpp amd64 4:11.2.0-1ubuntu1 [27.7 kB] Get:22 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libcc1-0 amd64 12.3.0-1ubuntu1~22.04 [48.3 kB] Get:23 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libgomp1 amd64 12.3.0-1ubuntu1~22.04 [126 kB] Get:24 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libitm1 amd64 12.3.0-1ubuntu1~22.04 [30.2 kB] Get:25 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libatomic1 amd64 12.3.0-1ubuntu1~22.04 [10.4 kB] Get:26 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libasan6 amd64 11.4.0-1ubuntu1~22.04 [2282 kB] Get:27 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 liblsan0 amd64 12.3.0-1ubuntu1~22.04 [1069 kB] Get:28 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libtsan0 amd64 11.4.0-1ubuntu1~22.04 [2260 kB] Get:29 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libubsan1 amd64 12.3.0-1ubuntu1~22.04 [976 kB] Get:30 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libquadmath0 amd64 12.3.0-1ubuntu1~22.04 [154 kB] Get:31 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libgcc-11-dev amd64 11.4.0-1ubuntu1~22.04 [2517 kB] Get:32 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 gcc-11 amd64 11.4.0-1ubuntu1~22.04 [20.1 MB] Get:33 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 gcc amd64 4:11.2.0-1ubuntu1 [5112 B] Get:34 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libstdc++-11-dev amd64 11.4.0-1ubuntu1~22.04 [2101 kB] Get:35 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 g++-11 amd64 11.4.0-1ubuntu1~22.04 [11.4 MB] Get:36 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 g++ amd64 4:11.2.0-1ubuntu1 [1412 B] Get:37 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 make amd64 4.3-4.1build1 [180 kB] Get:38 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libdpkg-perl all 1.21.1ubuntu2.3 [237 kB] Get:39 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 bzip2 amd64 1.0.8-5build1 [34.8 kB] Get:40 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 lto-disabled-list all 24 [12.5 kB] Get:41 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 dpkg-dev all 1.21.1ubuntu2.3 [922 kB] Get:42 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 build-essential amd64 12.9ubuntu3 [4744 B] Get:43 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libdebhelper-perl all 13.6ubuntu1 [67.2 kB] Get:44 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libtool all 2.4.6-15build2 [164 kB] Get:45 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 dh-autoreconf all 20 [16.1 kB] Get:46 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libarchive-zip-perl all 1.68-1 [90.2 kB] Get:47 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libsub-override-perl all 0.09-2 [9532 B] Get:48 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libfile-stripnondeterminism-perl all 1.13.0-1 [18.1 kB] Get:49 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 dh-strip-nondeterminism all 1.13.0-1 [5344 B] Get:50 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 debugedit amd64 1:5.0-4build1 [47.2 kB] Get:51 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 dwz amd64 0.14-1build2 [105 kB] Get:52 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 gettext amd64 0.21-4ubuntu4 [868 kB] Get:53 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 intltool-debian all 0.35.0+20060710.5 [24.9 kB] Get:54 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 po-debconf all 1.0.21+nmu1 [233 kB] Get:55 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 debhelper all 13.6ubuntu1 [923 kB] Get:56 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libfakeroot amd64 1.28-1ubuntu1 [31.5 kB] Get:57 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 fakeroot amd64 1.28-1ubuntu1 [60.4 kB] Get:58 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 fonts-dejavu-core all 2.37-2build1 [1041 kB] Get:59 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 fontconfig-config all 2.13.1-4.2ubuntu5 [29.1 kB] Get:60 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libalgorithm-diff-perl all 1.201-1 [41.8 kB] Get:61 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libalgorithm-diff-xs-perl amd64 0.04-6build3 [11.9 kB] Get:62 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libalgorithm-merge-perl all 0.08-3 [12.0 kB] Get:63 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libarchive-cpio-perl all 0.10-1.1 [9928 B] Get:64 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libfontconfig1 amd64 2.13.1-4.2ubuntu5 [131 kB] Get:65 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libjpeg-turbo8 amd64 2.1.2-0ubuntu1 [134 kB] Get:66 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libjpeg8 amd64 8c-2ubuntu10 [2264 B] Get:67 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libdeflate0 amd64 1.10-2 [70.9 kB] Get:68 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libjbig0 amd64 2.1-3.1ubuntu0.22.04.1 [29.2 kB] Get:69 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libwebp7 amd64 1.2.2-2ubuntu0.22.04.2 [206 kB] Get:70 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libtiff5 amd64 4.3.0-6ubuntu0.8 [185 kB] Get:71 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libxpm4 amd64 1:3.5.12-1ubuntu0.22.04.2 [36.7 kB] Get:72 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libgd3 amd64 2.3.0-2ubuntu2 [129 kB] Get:73 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libc-devtools amd64 2.35-0ubuntu3.8 [28.9 kB] Get:74 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libfile-fcntllock-perl amd64 0.22-3build7 [33.9 kB] Get:75 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libltdl7 amd64 2.4.6-15build2 [39.6 kB] Get:76 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libltdl-dev amd64 2.4.6-15build2 [169 kB] Get:77 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libsys-hostname-long-perl all 1.5-2 [11.5 kB] Get:78 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libmail-sendmail-perl all 0.80-1.1 [22.7 kB] Get:79 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 manpages-dev all 5.10-1ubuntu1 [2309 kB] Preconfiguring packages ... Fetched 72.2 MB in 1s (61.3 MB/s) ( NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.19.0-1025-aws NEEDRESTART-KEXP: 5.19.0-1025-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: acpid.service NEEDRESTART-SVC: chrony.service NEEDRESTART-SVC: cron.service NEEDRESTART-SVC: dbus.service NEEDRESTART-SVC: filebeat.service NEEDRESTART-SVC: getty@tty1.service NEEDRESTART-SVC: irqbalance.service NEEDRESTART-SVC: multipathd.service NEEDRESTART-SVC: networkd-dispatcher.service NEEDRESTART-SVC: packagekit.service NEEDRESTART-SVC: polkit.service NEEDRESTART-SVC: rsyslog.service NEEDRESTART-SVC: serial-getty@ttyS0.service NEEDRESTART-SVC: snapd.service NEEDRESTART-SVC: ssh.service NEEDRESTART-SVC: systemd-journald.service NEEDRESTART-SVC: systemd-logind.service NEEDRESTART-SVC: systemd-networkd.service NEEDRESTART-SVC: systemd-resolved.service NEEDRESTART-SVC: systemd-udevd.service NEEDRESTART-SVC: unattended-upgrades.service NEEDRESTART-SVC: user@1000.service NEEDRESTART-SVC: wazuh-indexer.service NEEDRESTART-SVC: wazuh-manager.service 04/06/2024 17:02:29 DEBUG: Checking curl tool version. 04/06/2024 17:02:29 DEBUG: Adding the Wazuh repository. gpg: key 96B3EE5F29111145: "Wazuh.com (Wazuh Signing Key) " not changed gpg: Total number processed: 1 gpg: unchanged: 1 deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages-dev.wazuh.com/pre-release/apt/ unstable main Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease Hit:4 http://security.ubuntu.com/ubuntu jammy-security InRelease Get:5 https://packages-dev.wazuh.com/pre-release/apt unstable InRelease [17.3 kB] Get:6 https://packages-dev.wazuh.com/pre-release/apt unstable/main amd64 Packages [38.5 kB] Fetched 55.7 kB in 1s (53.3 kB/s) Reading package lists... 04/06/2024 17:02:33 INFO: Wazuh development repository added. 04/06/2024 17:02:33 DEBUG: Extracting Wazuh configuration. 04/06/2024 17:02:33 DEBUG: Reading configuration file. 04/06/2024 17:02:34 DEBUG: Checking if 127.0.0.1 is private. 04/06/2024 17:02:34 DEBUG: Checking if 127.0.0.1 is private. 04/06/2024 17:02:34 DEBUG: Checking if 127.0.0.1 is private. 04/06/2024 17:02:34 DEBUG: Checking node names in the configuration file. 04/06/2024 17:02:34 INFO: --- Wazuh dashboard ---- 04/06/2024 17:02:34 INFO: Starting Wazuh dashboard installation. Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: wazuh-dashboard 0 upgraded, 1 newly installed, 0 to remove and 198 not upgraded. Need to get 186 MB of archives. After this operation, 998 MB of additional disk space will be used. Get:1 https://packages-dev.wazuh.com/pre-release/apt unstable/main amd64 wazuh-dashboard amd64 4.8.0-1 [186 MB] Fetched 186 MB in 3s (56.7 MB/s) Selecting prev NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.19.0-1025-aws NEEDRESTART-KEXP: 5.19.0-1025-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: acpid.service NEEDRESTART-SVC: chrony.service NEEDRESTART-SVC: cron.service NEEDRESTART-SVC: dbus.service NEEDRESTART-SVC: filebeat.service NEEDRESTART-SVC: getty@tty1.service NEEDRESTART-SVC: irqbalance.service NEEDRESTART-SVC: multipathd.service NEEDRESTART-SVC: networkd-dispatcher.service NEEDRESTART-SVC: packagekit.service NEEDRESTART-SVC: polkit.service NEEDRESTART-SVC: rsyslog.service NEEDRESTART-SVC: serial-getty@ttyS0.service NEEDRESTART-SVC: snapd.service NEEDRESTART-SVC: ssh.service NEEDRESTART-SVC: systemd-journald.service NEEDRESTART-SVC: systemd-logind.service NEEDRESTART-SVC: systemd-networkd.service NEEDRESTART-SVC: systemd-resolved.service NEEDRESTART-SVC: systemd-udevd.service NEEDRESTART-SVC: unattended-upgrades.service NEEDRESTART-SVC: user@1000.service NEEDRESTART-SVC: wazuh-indexer.service NEEDRESTART-SVC: wazuh-manager.service 04/06/2024 17:03:45 DEBUG: Checking Wazuh installation. 04/06/2024 17:03:45 DEBUG: There are Wazuh remaining files. 04/06/2024 17:03:46 DEBUG: There are Wazuh indexer remaining files. 04/06/2024 17:03:47 DEBUG: There are Filebeat remaining files. 04/06/2024 17:03:47 DEBUG: There are Wazuh dashboard remaining files. 04/06/2024 17:03:47 INFO: Wazuh dashboard installation finished. 04/06/2024 17:03:47 DEBUG: Configuring Wazuh dashboard. 04/06/2024 17:03:47 DEBUG: Copying Wazuh dashboard certificates. 04/06/2024 17:03:47 DEBUG: Wazuh dashboard certificate setup finished. 04/06/2024 17:03:47 INFO: Wazuh dashboard post-install configuration finished. 04/06/2024 17:03:47 INFO: Starting service wazuh-dashboard. Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service → /etc/systemd/system/wazuh-dashboard.service. 04/06/2024 17:03:48 INFO: wazuh-dashboard service started. 04/06/2024 17:03:48 DEBUG: Setting Wazuh indexer cluster passwords. 04/06/2024 17:03:48 DEBUG: Checking Wazuh installation. 04/06/2024 17:03:49 DEBUG: There are Wazuh remaining files. 04/06/2024 17:03:50 DEBUG: There are Wazuh indexer remaining files. 04/06/2024 17:03:51 DEBUG: There are Filebeat remaining files. 04/06/2024 17:03:51 DEBUG: There are Wazuh dashboard remaining files. Successfully updated the keystore 04/06/2024 17:03:52 DEBUG: Restarting filebeat service... 04/06/2024 17:03:52 DEBUG: filebeat started. 04/06/2024 17:03:53 DEBUG: Restarting wazuh-manager service... 04/06/2024 17:04:32 DEBUG: wazuh-manager started. 04/06/2024 17:04:34 DEBUG: Restarting wazuh-dashboard service... 04/06/2024 17:04:35 DEBUG: wazuh-dashboard started. 04/06/2024 17:04:35 DEBUG: Changing API passwords. 04/06/2024 17:05:05 INFO: Initializing Wazuh dashboard web application. 04/06/2024 17:05:06 DEBUG: Wazuh dashboard connection was successful. 04/06/2024 17:05:06 INFO: Wazuh dashboard web application initialized. 04/06/2024 17:05:06 INFO: --- Summary --- 04/06/2024 17:05:06 INFO: You can access the web interface https://:443 User: admin Password: +3XJGXbt.XS?IxCBYHe?nWoci9u*y*sq 04/06/2024 17:05:06 INFO: --- Dependencies --- 04/06/2024 17:05:06 INFO: Removing lsof. Reading package lists... Building dependency tree... Reading state information... The following packages will be REMOVED: lsof* 0 upgraded, 0 newly installed, 1 to remove and 198 not upgraded. After this operation, 458 kB disk space w Processing triggers for man-db (2.10.2-1) ...ries currently installed.) 04/06/2024 17:05:19 DEBUG: Restoring Wazuh repository. 04/06/2024 17:05:19 INFO: Installation finished. root@ip-172-31-71-48:/home/ubuntu# ```

Installing Wazuh dashboard - YUM

![image](https://github.com/wazuh/wazuh-packages/assets/72193239/fca8c28f-e438-4830-89f2-d078c2a8ae31) ```console [root@ip-172-31-71-82 ec2-user]# bash wazuh-install.sh -wd wazuh-dashboard -i -v 04/06/2024 17:01:05 DEBUG: Checking root permissions. 04/06/2024 17:01:05 DEBUG: Checking sudo package. 04/06/2024 17:01:05 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0 04/06/2024 17:01:05 INFO: Verbose logging redirected to /var/log/wazuh-install.log 04/06/2024 17:01:05 DEBUG: YUM package manager will be used. 04/06/2024 17:01:05 DEBUG: Checking system distribution. 04/06/2024 17:01:05 DEBUG: Detected distribution name: rhel 04/06/2024 17:01:05 DEBUG: Detected distribution version: 9 04/06/2024 17:01:05 DEBUG: Checking Wazuh installation. 04/06/2024 17:01:05 DEBUG: There are Wazuh remaining files. 04/06/2024 17:01:05 DEBUG: There are Wazuh indexer remaining files. 04/06/2024 17:01:05 DEBUG: There are Filebeat remaining files. 04/06/2024 17:01:05 DEBUG: Checking system architecture. 04/06/2024 17:01:06 WARNING: To perform the installation, the following package/s must be installed: lsof. The following package/s will be removed after the installation: lsof. Add the -id|--install-dependencies parameter to install them automatically or install them manually. [root@ip-172-31-71-82 ec2-user]# bash wazuh-install.sh -wd wazuh-dashboard -i -v -id 04/06/2024 17:01:31 DEBUG: Checking root permissions. 04/06/2024 17:01:31 DEBUG: Checking sudo package. 04/06/2024 17:01:31 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0 04/06/2024 17:01:31 INFO: Verbose logging redirected to /var/log/wazuh-install.log 04/06/2024 17:01:31 DEBUG: YUM package manager will be used. 04/06/2024 17:01:31 DEBUG: Checking system distribution. 04/06/2024 17:01:31 DEBUG: Detected distribution name: rhel 04/06/2024 17:01:31 DEBUG: Detected distribution version: 9 04/06/2024 17:01:31 DEBUG: Checking Wazuh installation. 04/06/2024 17:01:31 DEBUG: There are Wazuh remaining files. 04/06/2024 17:01:31 DEBUG: There are Wazuh indexer remaining files. 04/06/2024 17:01:31 DEBUG: There are Filebeat remaining files. 04/06/2024 17:01:31 DEBUG: Checking system architecture. 04/06/2024 17:01:31 DEBUG: CentOS repository file created. 04/06/2024 17:01:31 DEBUG: CentOS repositories added. 04/06/2024 17:01:32 INFO: --- Dependencies ---- 04/06/2024 17:01:32 INFO: Installing lsof. Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. CentOS Stream 9 - AppStream 49 MB/s | 19 MB 00:00 CentOS Stream 9 - BaseOS 29 MB/s | 8.1 MB 00:00 EL-9 - Wazuh 53 MB/s | 28 MB 00:00 Last metadata expiration check: 0:00:03 ago on Tue 04 Jun 2024 05:01:44 PM UTC. Dependencies resolved. ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: lsof x86_64 4.94.0-3.el9 baseos 239 k Installing dependencies: libtirpc x86_64 1.3.3-8.el9_4 rhel-9-baseos-rhui-rpms 96 k Transaction Summary ================================================================================ Install 2 Packages Total download size: 336 k Installed size: 826 k Downloading Packages: (1/2): lsof-4.94.0-3.el9.x86_64.rpm 2.8 MB/s | 239 kB 00:00 (2/2): libtirpc-1.3.3-8.el9_4.x86_64.rpm 1.1 MB/s | 96 kB 00:00 -------------------------------------------------------------------------------- Total 2.7 MB/s | 336 kB 00:00 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Installing : libtirpc-1.3.3-8.el9_4.x86_64 1/2 Installing : lsof-4.94.0-3.el9.x86_64 2/2 Running scriptlet: lsof-4.94.0-3.el9.x86_64 2/2 Verifying : lsof-4.94.0-3.el9.x86_64 1/2 Verifying : libtirpc-1.3.3-8.el9_4.x86_64 2/2 Installed products updated. Installed: libtirpc-1.3.3-8.el9_4.x86_64 lsof-4.94.0-3.el9.x86_64 Complete! Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. 49 files removed 04/06/2024 17:02:04 DEBUG: CentOS repositories and key deleted. 04/06/2024 17:02:04 WARNING: Hardware and system checks ignored. 04/06/2024 17:02:04 DEBUG: Checking previous certificate existence. 04/06/2024 17:02:04 INFO: Wazuh web interface port will be 443. 04/06/2024 17:02:04 DEBUG: Checking 443 ports. 04/06/2024 17:02:04 DEBUG: Checking ports availability. 04/06/2024 17:02:04 DEBUG: Checking curl tool version. 04/06/2024 17:02:04 DEBUG: Adding the Wazuh repository. [wazuh] gpgcheck=1 gpgkey=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH enabled=1 name=EL-${releasever} - Wazuh baseurl=https://packages-dev.wazuh.com/pre-release/yum/ protect=1 04/06/2024 17:02:05 INFO: Wazuh development repository added. 04/06/2024 17:02:05 DEBUG: Extracting Wazuh configuration. 04/06/2024 17:02:05 DEBUG: Reading configuration file. 04/06/2024 17:02:05 DEBUG: Checking if 127.0.0.1 is private. 04/06/2024 17:02:05 DEBUG: Checking if 127.0.0.1 is private. 04/06/2024 17:02:05 DEBUG: Checking if 127.0.0.1 is private. 04/06/2024 17:02:05 DEBUG: Checking node names in the configuration file. 04/06/2024 17:02:05 INFO: --- Wazuh dashboard ---- 04/06/2024 17:02:05 INFO: Starting Wazuh dashboard installation. Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. Red Hat Enterprise Linux 9 for x86_64 - AppStre 71 MB/s | 35 MB 00:00 Red Hat Enterprise Linux 9 for x86_64 - BaseOS 68 MB/s | 22 MB 00:00 Red Hat Enterprise Linux 9 Client Configuration 27 kB/s | 2.9 kB 00:00 EL-9 - Wazuh 23 MB/s | 26 MB 00:01 Dependencies resolved. ================================================================================ Package Architecture Version Repository Size ================================================================================ Installing: wazuh-dashboard x86_64 4.8.0-1 wazuh 275 M Transaction Summary ================================================================================ Install 1 Package Total download size: 275 M Installed size: 911 M Downloading Packages: wazuh-dashboard-4.8.0-1.x86_64.rpm 34 MB/s | 275 MB 00:08 -------------------------------------------------------------------------------- Total 34 MB/s | 275 MB 00:08 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Running scriptlet: wazuh-dashboard-4.8.0-1.x86_64 1/1 Installing : wazuh-dashboard-4.8.0-1.x86_64 1/1 Running scriptlet: wazuh-dashboard-4.8.0-1.x86_64 1/1 Verifying : wazuh-dashboard-4.8.0-1.x86_64 1/1 Installed products updated. Installed: wazuh-dashboard-4.8.0-1.x86_64 Complete! 04/06/2024 17:04:54 DEBUG: Checking Wazuh installation. 04/06/2024 17:04:54 DEBUG: There are Wazuh remaining files. 04/06/2024 17:04:54 DEBUG: There are Wazuh indexer remaining files. 04/06/2024 17:04:54 DEBUG: There are Filebeat remaining files. 04/06/2024 17:04:54 DEBUG: There are Wazuh dashboard remaining files. 04/06/2024 17:04:54 INFO: Wazuh dashboard installation finished. 04/06/2024 17:04:54 DEBUG: Configuring Wazuh dashboard. 04/06/2024 17:04:54 DEBUG: Copying Wazuh dashboard certificates. 04/06/2024 17:04:54 DEBUG: Wazuh dashboard certificate setup finished. 04/06/2024 17:04:54 INFO: Wazuh dashboard post-install configuration finished. 04/06/2024 17:04:54 INFO: Starting service wazuh-dashboard. Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service → /etc/systemd/system/wazuh-dashboard.service. 04/06/2024 17:04:55 INFO: wazuh-dashboard service started. 04/06/2024 17:04:55 DEBUG: Setting Wazuh indexer cluster passwords. 04/06/2024 17:04:55 DEBUG: Checking Wazuh installation. 04/06/2024 17:04:55 DEBUG: There are Wazuh remaining files. 04/06/2024 17:04:55 DEBUG: There are Wazuh indexer remaining files. 04/06/2024 17:04:55 DEBUG: There are Filebeat remaining files. 04/06/2024 17:04:55 DEBUG: There are Wazuh dashboard remaining files. Successfully updated the keystore 04/06/2024 17:04:56 DEBUG: Restarting filebeat service... 04/06/2024 17:04:56 DEBUG: filebeat started. 04/06/2024 17:04:56 DEBUG: Restarting wazuh-manager service... 04/06/2024 17:05:18 DEBUG: wazuh-manager started. 04/06/2024 17:05:20 DEBUG: Restarting wazuh-dashboard service... 04/06/2024 17:05:21 DEBUG: wazuh-dashboard started. 04/06/2024 17:05:21 DEBUG: Changing API passwords. 04/06/2024 17:05:46 INFO: Initializing Wazuh dashboard web application. 04/06/2024 17:05:47 DEBUG: Wazuh dashboard connection was successful. 04/06/2024 17:05:47 INFO: Wazuh dashboard web application initialized. 04/06/2024 17:05:47 INFO: --- Summary --- 04/06/2024 17:05:47 INFO: You can access the web interface https://:443 User: admin Password: wIXPTykd9PGitXRjUcNu9B6m7S6H?CcQ 04/06/2024 17:05:47 INFO: --- Dependencies --- 04/06/2024 17:05:47 INFO: Removing lsof. Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. Dependencies resolved. ================================================================================ Package Arch Version Repository Size ================================================================================ Removing: lsof x86_64 4.94.0-3.el9 @baseos 624 k Removing unused dependencies: libtirpc x86_64 1.3.3-8.el9_4 @rhel-9-baseos-rhui-rpms 202 k Transaction Summary ================================================================================ Remove 2 Packages Freed space: 826 k Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Erasing : lsof-4.94.0-3.el9.x86_64 1/2 Erasing : libtirpc-1.3.3-8.el9_4.x86_64 2/2 Running scriptlet: libtirpc-1.3.3-8.el9_4.x86_64 2/2 Verifying : libtirpc-1.3.3-8.el9_4.x86_64 1/2 Verifying : lsof-4.94.0-3.el9.x86_64 2/2 Installed products updated. Removed: libtirpc-1.3.3-8.el9_4.x86_64 lsof-4.94.0-3.el9.x86_64 Complete! 04/06/2024 17:05:50 DEBUG: Restoring Wazuh repository. 04/06/2024 17:05:50 INFO: Installation finished. [root@ip-172-31-71-82 ec2-user]# ```

Update Report

AIO installation

Installing all components without verbose - APT

```console root@ip-172-31-71-48:/home/ubuntu# bash wazuh-install.sh -a -i -v 05/06/2024 09:42:25 DEBUG: Checking root permissions. 05/06/2024 09:42:25 DEBUG: Checking sudo package. 05/06/2024 09:42:25 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0 05/06/2024 09:42:25 INFO: Verbose logging redirected to /var/log/wazuh-install.log 05/06/2024 09:42:25 DEBUG: APT package manager will be used. 05/06/2024 09:42:25 DEBUG: Checking system distribution. 05/06/2024 09:42:25 DEBUG: Detected distribution name: ubuntu 05/06/2024 09:42:25 DEBUG: Detected distribution version: 22 05/06/2024 09:42:25 DEBUG: Checking Wazuh installation. 05/06/2024 09:42:27 DEBUG: Checking system architecture. 05/06/2024 09:42:36 WARNING: To perform the installation, the following package/s must be installed: apt-transport-https, lsof, openssl, software-properties-common. The following package/s will be removed after the installation: lsof, openssl. Add the -id|--install-dependencies parameter to install them automatically or install them manually. root@ip-172-31-71-48:/home/ubuntu# bash wazuh-install.sh -a -i -id 05/06/2024 09:47:10 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0 05/06/2024 09:47:10 INFO: Verbose logging redirected to /var/log/wazuh-install.log 05/06/2024 09:47:24 INFO: --- Dependencies ---- 05/06/2024 09:47:24 INFO: Installing lsof. 05/06/2024 09:47:26 INFO: Installing openssl. 05/06/2024 09:47:29 WARNING: Hardware and system checks ignored. 05/06/2024 09:47:29 INFO: Wazuh web interface port will be 443. 05/06/2024 09:47:32 INFO: --- Dependencies ---- 05/06/2024 09:47:32 INFO: Installing apt-transport-https. 05/06/2024 09:47:35 INFO: Installing software-properties-common. 05/06/2024 09:47:45 INFO: Wazuh development repository added. 05/06/2024 09:47:45 INFO: --- Configuration files --- 05/06/2024 09:47:45 INFO: Generating configuration files. 05/06/2024 09:47:46 INFO: Generating the root certificate. 05/06/2024 09:47:46 INFO: Generating Admin certificates. 05/06/2024 09:47:47 INFO: Generating Wazuh indexer certificates. 05/06/2024 09:47:48 INFO: Generating Filebeat certificates. 05/06/2024 09:47:48 INFO: Generating Wazuh dashboard certificates. 05/06/2024 09:47:49 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation. 05/06/2024 09:47:49 INFO: --- Wazuh indexer --- 05/06/2024 09:47:49 INFO: Starting Wazuh indexer installation. 05/06/2024 09:49:07 INFO: Wazuh indexer installation finished. 05/06/2024 09:49:08 INFO: Wazuh indexer post-install configuration finished. 05/06/2024 09:49:08 INFO: Starting service wazuh-indexer. 05/06/2024 09:49:31 INFO: wazuh-indexer service started. 05/06/2024 09:49:31 INFO: Initializing Wazuh indexer cluster security settings. 05/06/2024 09:49:42 INFO: Wazuh indexer cluster security configuration initialized. 05/06/2024 09:49:42 INFO: Wazuh indexer cluster initialized. 05/06/2024 09:49:42 INFO: --- Wazuh server --- 05/06/2024 09:49:42 INFO: Starting the Wazuh manager installation. 05/06/2024 09:50:54 INFO: Wazuh manager installation finished. 05/06/2024 09:50:54 INFO: Wazuh manager vulnerability detection configuration finished. 05/06/2024 09:50:54 INFO: Starting service wazuh-manager. 05/06/2024 09:51:16 INFO: wazuh-manager service started. 05/06/2024 09:51:16 INFO: Starting Filebeat installation. 05/06/2024 09:51:26 INFO: Filebeat installation finished. 05/06/2024 09:51:28 INFO: Filebeat post-install configuration finished. 05/06/2024 09:51:28 INFO: Starting service filebeat. 05/06/2024 09:51:30 INFO: filebeat service started. 05/06/2024 09:51:30 INFO: --- Wazuh dashboard --- 05/06/2024 09:51:30 INFO: Starting Wazuh dashboard installation. 05/06/2024 09:54:01 INFO: Wazuh dashboard installation finished. 05/06/2024 09:54:01 INFO: Wazuh dashboard post-install configuration finished. 05/06/2024 09:54:01 INFO: Starting service wazuh-dashboard. 05/06/2024 09:54:02 INFO: wazuh-dashboard service started. 05/06/2024 09:54:05 INFO: Updating the internal users. 05/06/2024 09:54:14 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder. 05/06/2024 09:55:28 INFO: Initializing Wazuh dashboard web application. 05/06/2024 09:55:29 INFO: Wazuh dashboard web application initialized. 05/06/2024 09:55:29 INFO: --- Summary --- 05/06/2024 09:55:29 INFO: You can access the web interface https://:443 User: admin Password: WPcM94o7OGMxcYYzwR8AqOrjQL3LK*aW 05/06/2024 09:55:29 INFO: --- Dependencies --- 05/06/2024 09:55:29 INFO: Removing lsof. 05/06/2024 09:55:32 INFO: Removing openssl. 05/06/2024 09:55:37 INFO: Installation finished. root@ip-172-31-71-48:/home/ubuntu# ```

Installing all components without verbose - YUM

```console [root@ip-172-31-71-82 ec2-user]# bash wazuh-install.sh -a -i -v 05/06/2024 09:42:25 DEBUG: Checking root permissions. 05/06/2024 09:42:25 DEBUG: Checking sudo package. 05/06/2024 09:42:25 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0 05/06/2024 09:42:25 INFO: Verbose logging redirected to /var/log/wazuh-install.log 05/06/2024 09:42:25 DEBUG: YUM package manager will be used. 05/06/2024 09:42:25 DEBUG: Checking system distribution. 05/06/2024 09:42:25 DEBUG: Detected distribution name: rhel 05/06/2024 09:42:25 DEBUG: Detected distribution version: 9 05/06/2024 09:42:25 DEBUG: Checking Wazuh installation. 05/06/2024 09:42:25 DEBUG: Checking system architecture. 05/06/2024 09:42:25 WARNING: To perform the installation, the following package/s must be installed: lsof, tar. The following package/s will be removed after the installation: lsof, tar. Add the -id|--install-dependencies parameter to install them automatically or install them manually. [root@ip-172-31-71-82 ec2-user]# bash wazuh-install.sh -a -i -id 05/06/2024 09:47:10 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0 05/06/2024 09:47:10 INFO: Verbose logging redirected to /var/log/wazuh-install.log 05/06/2024 09:47:11 INFO: --- Dependencies ---- 05/06/2024 09:47:11 INFO: Installing lsof. 05/06/2024 09:47:33 INFO: Installing tar. 05/06/2024 09:47:37 WARNING: Hardware and system checks ignored. 05/06/2024 09:47:37 INFO: Wazuh web interface port will be 443. 05/06/2024 09:47:38 INFO: Wazuh development repository added. 05/06/2024 09:47:38 INFO: --- Configuration files --- 05/06/2024 09:47:38 INFO: Generating configuration files. 05/06/2024 09:47:38 INFO: Generating the root certificate. 05/06/2024 09:47:39 INFO: Generating Admin certificates. 05/06/2024 09:47:39 INFO: Generating Wazuh indexer certificates. 05/06/2024 09:47:40 INFO: Generating Filebeat certificates. 05/06/2024 09:47:40 INFO: Generating Wazuh dashboard certificates. 05/06/2024 09:47:41 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation. 05/06/2024 09:47:42 INFO: --- Wazuh indexer --- 05/06/2024 09:47:42 INFO: Starting Wazuh indexer installation. 05/06/2024 09:50:42 INFO: Wazuh indexer installation finished. 05/06/2024 09:50:42 INFO: Wazuh indexer post-install configuration finished. 05/06/2024 09:50:42 INFO: Starting service wazuh-indexer. 05/06/2024 09:51:10 INFO: wazuh-indexer service started. 05/06/2024 09:51:10 INFO: Initializing Wazuh indexer cluster security settings. 05/06/2024 09:51:22 INFO: Wazuh indexer cluster security configuration initialized. 05/06/2024 09:51:22 INFO: Wazuh indexer cluster initialized. 05/06/2024 09:51:22 INFO: --- Wazuh server --- 05/06/2024 09:51:22 INFO: Starting the Wazuh manager installation. 05/06/2024 09:53:00 INFO: Wazuh manager installation finished. 05/06/2024 09:53:00 INFO: Wazuh manager vulnerability detection configuration finished. 05/06/2024 09:53:00 INFO: Starting service wazuh-manager. 05/06/2024 09:53:15 INFO: wazuh-manager service started. 05/06/2024 09:53:15 INFO: Starting Filebeat installation. 05/06/2024 09:53:27 INFO: Filebeat installation finished. 05/06/2024 09:53:29 INFO: Filebeat post-install configuration finished. 05/06/2024 09:53:29 INFO: Starting service filebeat. 05/06/2024 09:53:31 INFO: filebeat service started. 05/06/2024 09:53:31 INFO: --- Wazuh dashboard --- 05/06/2024 09:53:31 INFO: Starting Wazuh dashboard installation. 05/06/2024 09:56:18 INFO: Wazuh dashboard installation finished. 05/06/2024 09:56:18 INFO: Wazuh dashboard post-install configuration finished. 05/06/2024 09:56:18 INFO: Starting service wazuh-dashboard. 05/06/2024 09:56:19 INFO: wazuh-dashboard service started. 05/06/2024 09:56:19 INFO: Updating the internal users. 05/06/2024 09:56:33 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder. 05/06/2024 09:57:44 INFO: Initializing Wazuh dashboard web application. 05/06/2024 09:57:44 INFO: Wazuh dashboard web application not yet initialized. Waiting... 05/06/2024 09:58:00 INFO: Wazuh dashboard web application not yet initialized. Waiting... 05/06/2024 09:58:15 INFO: Wazuh dashboard web application initialized. 05/06/2024 09:58:15 INFO: --- Summary --- 05/06/2024 09:58:15 INFO: You can access the web interface https://:443 User: admin Password: 6uur9?XafoYG5REcg4+kUaAm?q51lDOf 05/06/2024 09:58:15 INFO: --- Dependencies --- 05/06/2024 09:58:15 INFO: Removing lsof. 05/06/2024 09:58:21 INFO: Removing tar. 05/06/2024 09:58:26 INFO: Installation finished. [root@ip-172-31-71-82 ec2-user]# ```

Installing all components with verbose - APT

```console root@ip-172-31-71-48:/home/ubuntu# bash wazuh-install.sh -a -i -v 05/06/2024 11:35:50 DEBUG: Checking root permissions. 05/06/2024 11:35:50 DEBUG: Checking sudo package. 05/06/2024 11:35:50 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0 05/06/2024 11:35:50 INFO: Verbose logging redirected to /var/log/wazuh-install.log 05/06/2024 11:35:50 DEBUG: APT package manager will be used. 05/06/2024 11:35:50 DEBUG: Checking system distribution. 05/06/2024 11:35:50 DEBUG: Detected distribution name: ubuntu 05/06/2024 11:35:50 DEBUG: Detected distribution version: 22 05/06/2024 11:35:50 DEBUG: Checking Wazuh installation. 05/06/2024 11:35:52 DEBUG: Checking system architecture. 05/06/2024 11:36:01 WARNING: To perform the installation, the following package/s must be installed: software-properties-common. Add the -id|--install-dependencies parameter to install them automatically or install them manually. root@ip-172-31-71-48:/home/ubuntu# bash wazuh-install.sh -a -i -v -id 05/06/2024 11:36:04 DEBUG: Checking root permissions. 05/06/2024 11:36:04 DEBUG: Checking sudo package. 05/06/2024 11:36:04 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0 05/06/2024 11:36:04 INFO: Verbose logging redirected to /var/log/wazuh-install.log 05/06/2024 11:36:04 DEBUG: APT package manager will be used. 05/06/2024 11:36:04 DEBUG: Checking system distribution. 05/06/2024 11:36:04 DEBUG: Detected distribution name: ubuntu 05/06/2024 11:36:04 DEBUG: Detected distribution version: 22 05/06/2024 11:36:04 DEBUG: Checking Wazuh installation. 05/06/2024 11:36:07 DEBUG: Checking system architecture. 05/06/2024 11:36:18 WARNING: Hardware and system checks ignored. 05/06/2024 11:36:18 INFO: Wazuh web interface port will be 443. 05/06/2024 11:36:18 DEBUG: 443 ports. 05/06/2024 11:36:18 DEBUG: Checking ports availability. Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease Get:4 http://security.ubuntu.com/ubuntu jammy-security InRelease [129 kB] Fetched 129 kB in 1s (177 kB/s) Reading package lists... 05/06/2024 11:36:23 INFO: --- Dependencies ---- 05/06/2024 11:36:23 INFO: Installing software-properties-common. Reading package lists... Building dependency tree... Reading state information... The following packages were automatically installed and are no longer required: apport-symptoms bc python3-automat python3-bcrypt python3-chardet python3-click python3-colorama python3-configobj python3-constantly python3-debconf python3-debian python3-distupgrade python3-hamcrest python3-hyperlink python3-incremental python3-problem-report python3-pyasn1 python3-pyasn1-modules python3-service-identity python3-systemd python3-twisted python3-update-manager python3-zope.interface squashfs-tools Use 'sudo apt autoremove' to remove them. The following additional packages will be installed: ca-certificates python3-httplib2 python3-launchpadlib python3-lazr.restfulclient python3-software-properties Suggested packages: python3-testresources The following NEW packages will be installed: ca-certificates python3-httplib2 python3-launchpadlib python3-lazr.restfulclient python3-software-properties software-properties-common Preconfiguring packages ... 0 upgraded, 6 newly installed, 0 to remove and 74 not upgraded. Need to get 0 B/405 kB of archives. After this operation, 2930 kB of NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.19.0-1025-aws NEEDRESTART-KEXP: 6.5.0-1020-aws NEEDRESTART-KSTA: 3 NEEDRESTART-SVC: dbus.service NEEDRESTART-SVC: filebeat.service NEEDRESTART-SVC: getty@tty1.service NEEDRESTART-SVC: networkd-dispatcher.service NEEDRESTART-SVC: systemd-logind.service NEEDRESTART-SVC: unattended-upgrades.service NEEDRESTART-SVC: user@1000.service 05/06/2024 11:36:30 DEBUG: Checking curl tool version. 05/06/2024 11:36:30 DEBUG: Adding the Wazuh repository. gpg: keyring '/usr/share/keyrings/wazuh.gpg' created gpg: key 96B3EE5F29111145: public key "Wazuh.com (Wazuh Signing Key) " imported gpg: Total number processed: 1 gpg: imported: 1 deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages-dev.wazuh.com/pre-release/apt/ unstable main Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease Hit:4 http://security.ubuntu.com/ubuntu jammy-security InRelease Get:5 https://packages-dev.wazuh.com/pre-release/apt unstable InRelease [17.3 kB] Get:6 https://packages-dev.wazuh.com/pre-release/apt unstable/main amd64 Packages [38.5 kB] Fetched 55.7 kB in 1s (49.6 kB/s) Reading package lists... 05/06/2024 11:36:34 INFO: Wazuh development repository added. 05/06/2024 11:36:34 INFO: --- Configuration files --- 05/06/2024 11:36:34 INFO: Generating configuration files. 05/06/2024 11:36:34 DEBUG: Creating Wazuh certificates. 05/06/2024 11:36:34 DEBUG: Reading configuration file. 05/06/2024 11:36:34 DEBUG: Checking if 127.0.0.1 is private. 05/06/2024 11:36:34 DEBUG: Checking if 127.0.0.1 is private. 05/06/2024 11:36:34 DEBUG: Checking if 127.0.0.1 is private. 05/06/2024 11:36:34 INFO: Generating the root certificate. 05/06/2024 11:36:35 INFO: Generating Admin certificates. 05/06/2024 11:36:35 DEBUG: Generating Admin private key. 05/06/2024 11:36:35 DEBUG: Converting Admin private key to PKCS8 format. 05/06/2024 11:36:35 DEBUG: Generating Admin CSR. 05/06/2024 11:36:35 DEBUG: Creating Admin certificate. 05/06/2024 11:36:35 INFO: Generating Wazuh indexer certificates. 05/06/2024 11:36:35 DEBUG: Creating the certificates for wazuh-indexer indexer node. 05/06/2024 11:36:35 DEBUG: Generating certificate configuration. 05/06/2024 11:36:35 DEBUG: Creating the Wazuh indexer tmp key pair. 05/06/2024 11:36:36 DEBUG: Creating the Wazuh indexer certificates. 05/06/2024 11:36:36 INFO: Generating Filebeat certificates. 05/06/2024 11:36:36 DEBUG: Generating the certificates for wazuh-server server node. 05/06/2024 11:36:36 DEBUG: Generating certificate configuration. 05/06/2024 11:36:36 DEBUG: Creating the Wazuh server tmp key pair. 05/06/2024 11:36:36 DEBUG: Creating the Wazuh server certificates. 05/06/2024 11:36:37 INFO: Generating Wazuh dashboard certificates. 05/06/2024 11:36:37 DEBUG: Generating certificate configuration. 05/06/2024 11:36:37 DEBUG: Creating the Wazuh dashboard tmp key pair. 05/06/2024 11:36:37 DEBUG: Creating the Wazuh dashboard certificates. 05/06/2024 11:36:37 DEBUG: Cleaning certificate files. 05/06/2024 11:36:37 DEBUG: Generating password file. 05/06/2024 11:36:37 DEBUG: Generating random passwords. 05/06/2024 11:36:37 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation. 05/06/2024 11:36:37 DEBUG: Extracting Wazuh configuration. 05/06/2024 11:36:37 DEBUG: Reading configuration file. 05/06/2024 11:36:38 DEBUG: Checking if 127.0.0.1 is private. 05/06/2024 11:36:38 DEBUG: Checking if 127.0.0.1 is private. 05/06/2024 11:36:38 DEBUG: Checking if 127.0.0.1 is private. 05/06/2024 11:36:38 INFO: --- Wazuh indexer --- 05/06/2024 11:36:38 INFO: Starting Wazuh indexer installation. Reading package lists... Building dependency tree... Reading state information... The following packages were automatically installed and are no longer required: apport-symptoms bc python3-automat python3-bcrypt python3-chardet python3-click python3-colorama python3-configobj python3-constantly python3-debconf python3-debian python3-distupgrade python3-hamcrest python3-hyperlink python3-incremental python3-problem-report python3-pyasn1 python3-pyasn1-modules python3-service-identity python3-systemd python3-twisted python3-update-manager python3-zope.interface squashfs-tools Use 'sudo apt autoremove' to remove them. The following NEW packages will be installed: wazuh-indexer 0 upgraded, 1 newly installed, 0 to remove and 74 not upgraded. Need to get 0 B/759 MB of archives. After this operation, 1050 MB of add NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.19.0-1025-aws NEEDRESTART-KEXP: 6.5.0-1020-aws NEEDRESTART-KSTA: 3 NEEDRESTART-SVC: dbus.service NEEDRESTART-SVC: filebeat.service NEEDRESTART-SVC: getty@tty1.service NEEDRESTART-SVC: networkd-dispatcher.service NEEDRESTART-SVC: systemd-logind.service NEEDRESTART-SVC: unattended-upgrades.service NEEDRESTART-SVC: user@1000.service 05/06/2024 11:37:58 DEBUG: Checking Wazuh installation. 05/06/2024 11:37:59 DEBUG: There are Wazuh indexer remaining files. 05/06/2024 11:38:00 INFO: Wazuh indexer installation finished. 05/06/2024 11:38:00 DEBUG: Configuring Wazuh indexer. 05/06/2024 11:38:00 DEBUG: Copying Wazuh indexer certificates. 05/06/2024 11:38:01 INFO: Wazuh indexer post-install configuration finished. 05/06/2024 11:38:01 INFO: Starting service wazuh-indexer. Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service → /lib/systemd/system/wazuh-indexer.service. 05/06/2024 11:38:23 INFO: wazuh-indexer service started. 05/06/2024 11:38:23 INFO: Initializing Wazuh indexer cluster security settings. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to 127.0.0.1:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.10.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: GREEN Number of nodes: 1 Number of data nodes: 1 .opendistro_security index does not exists, attempt to create it ... done (0-all replicas) Populate config from /etc/wazuh-indexer/opensearch-security/ Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml SUCC: Configuration for 'config' created or updated Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml SUCC: Configuration for 'roles' created or updated Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml SUCC: Configuration for 'rolesmapping' created or updated Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml SUCC: Configuration for 'internalusers' created or updated Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml SUCC: Configuration for 'actiongroups' created or updated Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml SUCC: Configuration for 'tenants' created or updated Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml SUCC: Configuration for 'nodesdn' created or updated Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml SUCC: Configuration for 'whitelist' created or updated Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml SUCC: Configuration for 'audit' created or updated Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml SUCC: Configuration for 'allowlist' created or updated SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null Done with success 05/06/2024 11:38:35 INFO: Wazuh indexer cluster security configuration initialized. 05/06/2024 11:38:35 INFO: Wazuh indexer cluster initialized. 05/06/2024 11:38:35 INFO: --- Wazuh server --- 05/06/2024 11:38:35 INFO: Starting the Wazuh manager installation. Reading package lists... Building dependency tree... Reading state information... The following packages were automatically installed and are no longer required: apport-symptoms bc python3-automat python3-bcrypt python3-chardet python3-click python3-colorama python3-configobj python3-constantly python3-debconf python3-debian python3-distupgrade python3-hamcrest python3-hyperlink python3-incremental python3-problem-report python3-pyasn1 python3-pyasn1-modules python3-service-identity python3-systemd python3-twisted python3-update-manager python3-zope.interface squashfs-tools Use 'sudo apt autoremove' to remove them. Suggested packages: expect The following NEW packages will be installed: wazuh-manager 0 upgraded, 1 newly installed, 0 to remove and 74 not upgraded. Need to get 0 B/317 MB of archives. After thi NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.19.0-1025-aws NEEDRESTART-KEXP: 6.5.0-1020-aws NEEDRESTART-KSTA: 3 NEEDRESTART-SVC: dbus.service NEEDRESTART-SVC: filebeat.service NEEDRESTART-SVC: getty@tty1.service NEEDRESTART-SVC: networkd-dispatcher.service NEEDRESTART-SVC: systemd-logind.service NEEDRESTART-SVC: unattended-upgrades.service NEEDRESTART-SVC: user@1000.service 05/06/2024 11:39:50 DEBUG: Checking Wazuh installation. 05/06/2024 11:39:51 DEBUG: There are Wazuh remaining files. 05/06/2024 11:39:51 DEBUG: There are Wazuh indexer remaining files. 05/06/2024 11:39:52 INFO: Wazuh manager installation finished. 05/06/2024 11:39:52 DEBUG: Configuring Wazuh manager. 05/06/2024 11:39:52 DEBUG: Setting provisional Wazuh indexer password. 05/06/2024 11:39:52 INFO: Wazuh manager vulnerability detection configuration finished. 05/06/2024 11:39:52 INFO: Starting service wazuh-manager. Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-manager.service → /lib/systemd/system/wazuh-manager.service. 05/06/2024 11:40:15 INFO: wazuh-manager service started. 05/06/2024 11:40:15 INFO: Starting Filebeat installation. Reading package lists... Building dependency tree... Reading state information... The following packages were automatically installed and are no longer required: apport-symptoms bc python3-automat python3-bcrypt python3-chardet python3-click python3-colorama python3-configobj python3-constantly python3-debconf python3-debian python3-distupgrade python3-hamcrest python3-hyperlink python3-incremental python3-problem-report python3-pyasn1 python3-pyasn1-modules python3-service-identity python3-systemd python3-twisted python3-update-manager python3-zope.interface squashfs-tools Use 'sudo apt autoremove' to remove them. The following NEW packages will be installed: filebeat 0 upgraded, 1 newly installed, 0 to remove and 74 not upgraded. Need to get 0 B/22.1 MB of archives. After this operation, 73.6 MB of additio NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.19.0-1025-aws NEEDRESTART-KEXP: 6.5.0-1020-aws NEEDRESTART-KSTA: 3 NEEDRESTART-SVC: dbus.service NEEDRESTART-SVC: filebeat.service NEEDRESTART-SVC: getty@tty1.service NEEDRESTART-SVC: networkd-dispatcher.service NEEDRESTART-SVC: systemd-logind.service NEEDRESTART-SVC: unattended-upgrades.service NEEDRESTART-SVC: user@1000.service 05/06/2024 11:40:21 DEBUG: Checking Wazuh installation. 05/06/2024 11:40:21 DEBUG: There are Wazuh remaining files. 05/06/2024 11:40:22 DEBUG: There are Wazuh indexer remaining files. 05/06/2024 11:40:23 DEBUG: There are Filebeat remaining files. 05/06/2024 11:40:23 INFO: Filebeat installation finished. 05/06/2024 11:40:23 DEBUG: Configuring Filebeat. 05/06/2024 11:40:24 DEBUG: Filebeat template was download successfully. wazuh/ wazuh/_meta/ wazuh/_meta/docs.asciidoc wazuh/_meta/fields.yml wazuh/_meta/config.yml wazuh/alerts/ wazuh/alerts/config/ wazuh/alerts/config/alerts.yml wazuh/alerts/manifest.yml wazuh/alerts/ingest/ wazuh/alerts/ingest/pipeline.json wazuh/module.yml wazuh/archives/ wazuh/archives/config/ wazuh/archives/config/archives.yml wazuh/archives/manifest.yml wazuh/archives/ingest/ wazuh/archives/ingest/pipeline.json 05/06/2024 11:40:24 DEBUG: Filebeat module was downloaded successfully. 05/06/2024 11:40:24 DEBUG: Copying Filebeat certificates. Created filebeat keystore Successfully updated the keystore Successfully updated the keystore 05/06/2024 11:40:25 INFO: Filebeat post-install configuration finished. 05/06/2024 11:40:25 INFO: Starting service filebeat. Synchronizing state of filebeat.service with SysV service script with /lib/systemd/systemd-sysv-install. Executing: /lib/systemd/systemd-sysv-install enable filebeat Created symlink /etc/systemd/system/multi-user.target.wants/filebeat.service → /lib/systemd/system/filebeat.service. 05/06/2024 11:40:28 INFO: filebeat service started. 05/06/2024 11:40:28 INFO: --- Wazuh dashboard --- 05/06/2024 11:40:28 INFO: Starting Wazuh dashboard installation. Reading package lists... Building dependency tree... Reading state information... The following packages were automatically installed and are no longer required: apport-symptoms bc python3-automat python3-bcrypt python3-chardet python3-click python3-colorama python3-configobj python3-constantly python3-debconf python3-debian python3-distupgrade python3-hamcrest python3-hyperlink python3-incremental python3-problem-report python3-pyasn1 python3-pyasn1-modules python3-service-identity python3-systemd python3-twisted python3-update-manager python3-zope.interface squashfs-tools Use 'sudo apt autoremove' to remove them. The following NEW packages will be installed: wazuh-dashboard 0 upgraded, 1 newly installed, 0 to remove and 74 not upgraded. Need to get 0 B/186 MB of archives. After this operation, 998 MB of ad NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.19.0-1025-aws NEEDRESTART-KEXP: 6.5.0-1020-aws NEEDRESTART-KSTA: 3 NEEDRESTART-SVC: dbus.service NEEDRESTART-SVC: filebeat.service NEEDRESTART-SVC: getty@tty1.service NEEDRESTART-SVC: networkd-dispatcher.service NEEDRESTART-SVC: systemd-logind.service NEEDRESTART-SVC: unattended-upgrades.service NEEDRESTART-SVC: user@1000.service 05/06/2024 11:42:58 DEBUG: Checking Wazuh installation. 05/06/2024 11:42:58 DEBUG: There are Wazuh remaining files. 05/06/2024 11:42:59 DEBUG: There are Wazuh indexer remaining files. 05/06/2024 11:43:00 DEBUG: There are Filebeat remaining files. 05/06/2024 11:43:00 DEBUG: There are Wazuh dashboard remaining files. 05/06/2024 11:43:00 INFO: Wazuh dashboard installation finished. 05/06/2024 11:43:00 DEBUG: Configuring Wazuh dashboard. 05/06/2024 11:43:00 DEBUG: Copying Wazuh dashboard certificates. 05/06/2024 11:43:00 DEBUG: Wazuh dashboard certificate setup finished. 05/06/2024 11:43:00 INFO: Wazuh dashboard post-install configuration finished. 05/06/2024 11:43:00 INFO: Starting service wazuh-dashboard. Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service → /etc/systemd/system/wazuh-dashboard.service. 05/06/2024 11:43:01 INFO: wazuh-dashboard service started. 05/06/2024 11:43:01 DEBUG: Setting Wazuh indexer cluster passwords. 05/06/2024 11:43:01 DEBUG: Checking Wazuh installation. 05/06/2024 11:43:02 DEBUG: There are Wazuh remaining files. 05/06/2024 11:43:03 DEBUG: There are Wazuh indexer remaining files. 05/06/2024 11:43:03 DEBUG: There are Filebeat remaining files. 05/06/2024 11:43:04 DEBUG: There are Wazuh dashboard remaining files. 05/06/2024 11:43:04 INFO: Updating the internal users. 05/06/2024 11:43:04 DEBUG: Creating password backup. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to 127.0.0.1:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.10.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: GREEN Number of nodes: 1 Number of data nodes: 1 .opendistro_security index already exists, so we do not need to create one. Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml 05/06/2024 11:43:13 DEBUG: Password backup created in /etc/wazuh-indexer/backup. 05/06/2024 11:43:13 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder. 05/06/2024 11:43:13 DEBUG: The internal users have been updated before changing the passwords. 05/06/2024 11:43:16 DEBUG: Generating password hashes. 05/06/2024 11:43:28 DEBUG: Password hashes generated. 05/06/2024 11:43:28 DEBUG: Creating password backup. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to 127.0.0.1:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.10.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: GREEN Number of nodes: 1 Number of data nodes: 1 .opendistro_security index already exists, so we do not need to create one. Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml 05/06/2024 11:43:35 DEBUG: Password backup created in /etc/wazuh-indexer/backup. Successfully updated the keystore 05/06/2024 11:43:35 DEBUG: Restarting filebeat service... 05/06/2024 11:43:36 DEBUG: filebeat started. 05/06/2024 11:43:36 DEBUG: Restarting wazuh-manager service... 05/06/2024 11:43:58 DEBUG: wazuh-manager started. 05/06/2024 11:44:00 DEBUG: Restarting wazuh-dashboard service... 05/06/2024 11:44:01 DEBUG: wazuh-dashboard started. 05/06/2024 11:44:01 DEBUG: Running security admin tool. 05/06/2024 11:44:01 DEBUG: Loading new passwords changes. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to 127.0.0.1:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.10.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: GREEN Number of nodes: 1 Number of data nodes: 1 .opendistro_security index already exists, so we do not need to create one. Populate config from /home/ubuntu Force type: internalusers Will update '/internalusers' with /etc/wazuh-indexer/backup/internal_users.yml SUCC: Configuration for 'internalusers' created or updated SUCC: Expected 1 config types for node {"updated_config_types":["internalusers"],"updated_config_size":1,"message":null} is 1 (["internalusers"]) due to: null Done with success 05/06/2024 11:44:07 DEBUG: Passwords changed. 05/06/2024 11:44:07 DEBUG: Changing API passwords. 05/06/2024 11:44:16 INFO: Initializing Wazuh dashboard web application. 05/06/2024 11:44:17 INFO: Wazuh dashboard web application not yet initialized. Waiting... 05/06/2024 11:44:34 INFO: Wazuh dashboard web application not yet initialized. Waiting... 05/06/2024 11:44:49 INFO: Wazuh dashboard web application initialized. 05/06/2024 11:44:49 INFO: --- Summary --- 05/06/2024 11:44:49 INFO: You can access the web interface https://:443 User: admin Password: a1h2NExAfNtmFLIY3F0BYlneu.n?NCAo 05/06/2024 11:44:49 DEBUG: Restoring Wazuh repository. 05/06/2024 11:44:49 INFO: Installation finished. root@ip-172-31-71-48:/home/ubuntu# ```

Installing all components with verbose - YUM

```console [root@ip-172-31-71-82 ec2-user]# bash wazuh-install.sh -a -i -v 05/06/2024 11:33:47 DEBUG: Checking root permissions. 05/06/2024 11:33:47 DEBUG: Checking sudo package. 05/06/2024 11:33:47 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0 05/06/2024 11:33:47 INFO: Verbose logging redirected to /var/log/wazuh-install.log 05/06/2024 11:33:47 DEBUG: YUM package manager will be used. 05/06/2024 11:33:47 DEBUG: Checking system distribution. 05/06/2024 11:33:47 DEBUG: Detected distribution name: rhel 05/06/2024 11:33:47 DEBUG: Detected distribution version: 9 05/06/2024 11:33:47 DEBUG: Checking Wazuh installation. 05/06/2024 11:33:47 DEBUG: Checking system architecture. 05/06/2024 11:33:47 WARNING: To perform the installation, the following package/s must be installed: lsof, tar. The following package/s will be removed after the installation: lsof, tar. Add the -id|--install-dependencies parameter to install them automatically or install them manually. [root@ip-172-31-71-82 ec2-user]# bash wazuh-install.sh -a -i -v -id 05/06/2024 11:34:09 DEBUG: Checking root permissions. 05/06/2024 11:34:09 DEBUG: Checking sudo package. 05/06/2024 11:34:09 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0 05/06/2024 11:34:09 INFO: Verbose logging redirected to /var/log/wazuh-install.log 05/06/2024 11:34:09 DEBUG: YUM package manager will be used. 05/06/2024 11:34:09 DEBUG: Checking system distribution. 05/06/2024 11:34:09 DEBUG: Detected distribution name: rhel 05/06/2024 11:34:09 DEBUG: Detected distribution version: 9 05/06/2024 11:34:09 DEBUG: Checking Wazuh installation. 05/06/2024 11:34:09 DEBUG: Checking system architecture. 05/06/2024 11:34:10 DEBUG: CentOS repository file created. 05/06/2024 11:34:10 DEBUG: CentOS repositories added. 05/06/2024 11:34:10 INFO: --- Dependencies ---- 05/06/2024 11:34:10 INFO: Installing lsof. Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. CentOS Stream 9 - AppStream 30 MB/s | 19 MB 00:00 CentOS Stream 9 - BaseOS 25 MB/s | 8.1 MB 00:00 Red Hat Enterprise Linux 9 for x86_64 - AppStre 58 MB/s | 35 MB 00:00 Red Hat Enterprise Linux 9 for x86_64 - BaseOS 57 MB/s | 23 MB 00:00 Red Hat Enterprise Linux 9 Client Configuration 21 kB/s | 2.9 kB 00:00 Dependencies resolved. ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: lsof x86_64 4.94.0-3.el9 baseos 239 k Installing dependencies: libtirpc x86_64 1.3.3-8.el9_4 rhel-9-baseos-rhui-rpms 96 k Transaction Summary ================================================================================ Install 2 Packages Total download size: 336 k Installed size: 826 k Downloading Packages: (1/2): libtirpc-1.3.3-8.el9_4.x86_64.rpm 1.1 MB/s | 96 kB 00:00 (2/2): lsof-4.94.0-3.el9.x86_64.rpm 1.2 MB/s | 239 kB 00:00 -------------------------------------------------------------------------------- Total 1.4 MB/s | 336 kB 00:00 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Installing : libtirpc-1.3.3-8.el9_4.x86_64 1/2 Installing : lsof-4.94.0-3.el9.x86_64 2/2 Running scriptlet: lsof-4.94.0-3.el9.x86_64 2/2 Verifying : lsof-4.94.0-3.el9.x86_64 1/2 Verifying : libtirpc-1.3.3-8.el9_4.x86_64 2/2 Installed products updated. Installed: libtirpc-1.3.3-8.el9_4.x86_64 lsof-4.94.0-3.el9.x86_64 Complete! 05/06/2024 11:34:59 INFO: Installing tar. Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. Last metadata expiration check: 0:00:10 ago on Wed 05 Jun 2024 11:34:51 AM UTC. Dependencies resolved. ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: tar x86_64 2:1.34-6.el9_1 rhel-9-baseos-rhui-rpms 889 k Transaction Summary ================================================================================ Install 1 Package Total download size: 889 k Installed size: 3.0 M Downloading Packages: tar-1.34-6.el9_1.x86_64.rpm 16 MB/s | 889 kB 00:00 -------------------------------------------------------------------------------- Total 8.6 MB/s | 889 kB 00:00 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Installing : tar-2:1.34-6.el9_1.x86_64 1/1 Running scriptlet: tar-2:1.34-6.el9_1.x86_64 1/1 Verifying : tar-2:1.34-6.el9_1.x86_64 1/1 Installed products updated. Installed: tar-2:1.34-6.el9_1.x86_64 Complete! Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. 38 files removed 05/06/2024 11:35:04 DEBUG: CentOS repositories and key deleted. 05/06/2024 11:35:04 WARNING: Hardware and system checks ignored. 05/06/2024 11:35:04 INFO: Wazuh web interface port will be 443. 05/06/2024 11:35:04 DEBUG: 443 ports. 05/06/2024 11:35:04 DEBUG: Checking ports availability. 05/06/2024 11:35:05 DEBUG: Checking curl tool version. 05/06/2024 11:35:05 DEBUG: Adding the Wazuh repository. [wazuh] gpgcheck=1 gpgkey=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH enabled=1 name=EL-${releasever} - Wazuh baseurl=https://packages-dev.wazuh.com/pre-release/yum/ protect=1 05/06/2024 11:35:05 INFO: Wazuh development repository added. 05/06/2024 11:35:05 INFO: --- Configuration files --- 05/06/2024 11:35:05 INFO: Generating configuration files. 05/06/2024 11:35:05 DEBUG: Creating Wazuh certificates. 05/06/2024 11:35:05 DEBUG: Reading configuration file. 05/06/2024 11:35:06 DEBUG: Checking if 127.0.0.1 is private. 05/06/2024 11:35:06 DEBUG: Checking if 127.0.0.1 is private. 05/06/2024 11:35:06 DEBUG: Checking if 127.0.0.1 is private. 05/06/2024 11:35:06 INFO: Generating the root certificate. 05/06/2024 11:35:07 INFO: Generating Admin certificates. 05/06/2024 11:35:07 DEBUG: Generating Admin private key. 05/06/2024 11:35:07 DEBUG: Converting Admin private key to PKCS8 format. 05/06/2024 11:35:07 DEBUG: Generating Admin CSR. 05/06/2024 11:35:07 DEBUG: Creating Admin certificate. 05/06/2024 11:35:07 INFO: Generating Wazuh indexer certificates. 05/06/2024 11:35:07 DEBUG: Creating the certificates for wazuh-indexer indexer node. 05/06/2024 11:35:07 DEBUG: Generating certificate configuration. 05/06/2024 11:35:07 DEBUG: Creating the Wazuh indexer tmp key pair. 05/06/2024 11:35:08 DEBUG: Creating the Wazuh indexer certificates. 05/06/2024 11:35:08 INFO: Generating Filebeat certificates. 05/06/2024 11:35:08 DEBUG: Generating the certificates for wazuh-server server node. 05/06/2024 11:35:08 DEBUG: Generating certificate configuration. 05/06/2024 11:35:08 DEBUG: Creating the Wazuh server tmp key pair. 05/06/2024 11:35:08 DEBUG: Creating the Wazuh server certificates. 05/06/2024 11:35:08 INFO: Generating Wazuh dashboard certificates. 05/06/2024 11:35:08 DEBUG: Generating certificate configuration. 05/06/2024 11:35:08 DEBUG: Creating the Wazuh dashboard tmp key pair. 05/06/2024 11:35:09 DEBUG: Creating the Wazuh dashboard certificates. 05/06/2024 11:35:09 DEBUG: Cleaning certificate files. 05/06/2024 11:35:09 DEBUG: Generating password file. 05/06/2024 11:35:09 DEBUG: Generating random passwords. 05/06/2024 11:35:09 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation. 05/06/2024 11:35:09 DEBUG: Extracting Wazuh configuration. 05/06/2024 11:35:09 DEBUG: Reading configuration file. 05/06/2024 11:35:10 DEBUG: Checking if 127.0.0.1 is private. 05/06/2024 11:35:10 DEBUG: Checking if 127.0.0.1 is private. 05/06/2024 11:35:10 DEBUG: Checking if 127.0.0.1 is private. 05/06/2024 11:35:10 INFO: --- Wazuh indexer --- 05/06/2024 11:35:10 INFO: Starting Wazuh indexer installation. Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. Red Hat Enterprise Linux 9 for x86_64 - AppStre 56 MB/s | 35 MB 00:00 Red Hat Enterprise Linux 9 for x86_64 - BaseOS 58 MB/s | 23 MB 00:00 Red Hat Enterprise Linux 9 Client Configuration 20 kB/s | 2.9 kB 00:00 EL-9 - Wazuh 14 MB/s | 26 MB 00:01 Dependencies resolved. ================================================================================ Package Architecture Version Repository Size ================================================================================ Installing: wazuh-indexer x86_64 4.8.0-1 wazuh 743 M Transaction Summary ================================================================================ Install 1 Package Total download size: 743 M Installed size: 1.0 G Downloading Packages: wazuh-indexer-4.8.0-1.x86_64.rpm 36 MB/s | 743 MB 00:20 -------------------------------------------------------------------------------- Total 36 MB/s | 743 MB 00:20 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Running scriptlet: wazuh-indexer-4.8.0-1.x86_64 1/1 Installing : wazuh-indexer-4.8.0-1.x86_64 1/1 Running scriptlet: wazuh-indexer-4.8.0-1.x86_64 1/1 Created opensearch keystore in /etc/wazuh-indexer/opensearch.keystore Verifying : wazuh-indexer-4.8.0-1.x86_64 1/1 Installed products updated. Installed: wazuh-indexer-4.8.0-1.x86_64 Complete! 05/06/2024 11:37:58 DEBUG: Checking Wazuh installation. 05/06/2024 11:37:58 DEBUG: There are Wazuh indexer remaining files. 05/06/2024 11:37:58 INFO: Wazuh indexer installation finished. 05/06/2024 11:37:58 DEBUG: Configuring Wazuh indexer. 05/06/2024 11:37:58 DEBUG: Copying Wazuh indexer certificates. 05/06/2024 11:37:58 INFO: Wazuh indexer post-install configuration finished. 05/06/2024 11:37:58 INFO: Starting service wazuh-indexer. Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service → /usr/lib/systemd/system/wazuh-indexer.service. 05/06/2024 11:38:24 INFO: wazuh-indexer service started. 05/06/2024 11:38:24 INFO: Initializing Wazuh indexer cluster security settings. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to 127.0.0.1:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.10.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: GREEN Number of nodes: 1 Number of data nodes: 1 .opendistro_security index does not exists, attempt to create it ... done (0-all replicas) Populate config from /etc/wazuh-indexer/opensearch-security/ Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml SUCC: Configuration for 'config' created or updated Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml SUCC: Configuration for 'roles' created or updated Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml SUCC: Configuration for 'rolesmapping' created or updated Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml SUCC: Configuration for 'internalusers' created or updated Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml SUCC: Configuration for 'actiongroups' created or updated Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml SUCC: Configuration for 'tenants' created or updated Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml SUCC: Configuration for 'nodesdn' created or updated Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml SUCC: Configuration for 'whitelist' created or updated Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml SUCC: Configuration for 'audit' created or updated Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml SUCC: Configuration for 'allowlist' created or updated SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null Done with success 05/06/2024 11:38:35 INFO: Wazuh indexer cluster security configuration initialized. 05/06/2024 11:38:35 INFO: Wazuh indexer cluster initialized. 05/06/2024 11:38:35 INFO: --- Wazuh server --- 05/06/2024 11:38:35 INFO: Starting the Wazuh manager installation. Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. Last metadata expiration check: 0:02:57 ago on Wed 05 Jun 2024 11:35:39 AM UTC. Dependencies resolved. ================================================================================ Package Architecture Version Repository Size ================================================================================ Installing: wazuh-manager x86_64 4.8.0-1 wazuh 298 M Transaction Summary ================================================================================ Install 1 Package Total download size: 298 M Installed size: 887 M Downloading Packages: wazuh-manager-4.8.0-1.x86_64.rpm 40 MB/s | 298 MB 00:07 -------------------------------------------------------------------------------- Total 40 MB/s | 298 MB 00:07 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Running scriptlet: wazuh-manager-4.8.0-1.x86_64 1/1 Installing : wazuh-manager-4.8.0-1.x86_64 1/1 Running scriptlet: wazuh-manager-4.8.0-1.x86_64 1/1 Verifying : wazuh-manager-4.8.0-1.x86_64 1/1 Installed products updated. Installed: wazuh-manager-4.8.0-1.x86_64 Complete! 05/06/2024 11:40:23 DEBUG: Checking Wazuh installation. 05/06/2024 11:40:23 DEBUG: There are Wazuh remaining files. 05/06/2024 11:40:23 DEBUG: There are Wazuh indexer remaining files. 05/06/2024 11:40:23 INFO: Wazuh manager installation finished. 05/06/2024 11:40:23 DEBUG: Configuring Wazuh manager. 05/06/2024 11:40:23 DEBUG: Setting provisional Wazuh indexer password. 05/06/2024 11:40:24 INFO: Wazuh manager vulnerability detection configuration finished. 05/06/2024 11:40:24 INFO: Starting service wazuh-manager. Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-manager.service → /usr/lib/systemd/system/wazuh-manager.service. 05/06/2024 11:40:36 INFO: wazuh-manager service started. 05/06/2024 11:40:36 INFO: Starting Filebeat installation. Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. Waiting for process with pid 45619 to finish. Last metadata expiration check: 0:05:03 ago on Wed 05 Jun 2024 11:35:39 AM UTC. Dependencies resolved. ================================================================================ Package Architecture Version Repository Size ================================================================================ Installing: filebeat x86_64 7.10.2-1 wazuh 21 M Transaction Summary ================================================================================ Install 1 Package Total download size: 21 M Installed size: 70 M Downloading Packages: filebeat-oss-7.10.2-x86_64.rpm 15 MB/s | 21 MB 00:01 -------------------------------------------------------------------------------- Total 15 MB/s | 21 MB 00:01 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Installing : filebeat-7.10.2-1.x86_64 1/1 Running scriptlet: filebeat-7.10.2-1.x86_64 1/1 Verifying : filebeat-7.10.2-1.x86_64 1/1 Installed products updated. Installed: filebeat-7.10.2-1.x86_64 Complete! 05/06/2024 11:40:50 DEBUG: Checking Wazuh installation. 05/06/2024 11:40:50 DEBUG: There are Wazuh remaining files. 05/06/2024 11:40:50 DEBUG: There are Wazuh indexer remaining files. 05/06/2024 11:40:50 DEBUG: There are Filebeat remaining files. 05/06/2024 11:40:50 INFO: Filebeat installation finished. 05/06/2024 11:40:50 DEBUG: Configuring Filebeat. 05/06/2024 11:40:51 DEBUG: Filebeat template was download successfully. wazuh/ wazuh/_meta/ wazuh/_meta/docs.asciidoc wazuh/_meta/fields.yml wazuh/_meta/config.yml wazuh/alerts/ wazuh/alerts/config/ wazuh/alerts/config/alerts.yml wazuh/alerts/manifest.yml wazuh/alerts/ingest/ wazuh/alerts/ingest/pipeline.json wazuh/module.yml wazuh/archives/ wazuh/archives/config/ wazuh/archives/config/archives.yml wazuh/archives/manifest.yml wazuh/archives/ingest/ wazuh/archives/ingest/pipeline.json 05/06/2024 11:40:51 DEBUG: Filebeat module was downloaded successfully. 05/06/2024 11:40:51 DEBUG: Copying Filebeat certificates. Created filebeat keystore Successfully updated the keystore Successfully updated the keystore 05/06/2024 11:40:52 INFO: Filebeat post-install configuration finished. 05/06/2024 11:40:52 INFO: Starting service filebeat. Synchronizing state of filebeat.service with SysV service script with /usr/lib/systemd/systemd-sysv-install. Executing: /usr/lib/systemd/systemd-sysv-install enable filebeat Created symlink /etc/systemd/system/multi-user.target.wants/filebeat.service → /usr/lib/systemd/system/filebeat.service. 05/06/2024 11:40:54 INFO: filebeat service started. 05/06/2024 11:40:54 INFO: --- Wazuh dashboard --- 05/06/2024 11:40:54 INFO: Starting Wazuh dashboard installation. Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. Last metadata expiration check: 0:05:18 ago on Wed 05 Jun 2024 11:35:39 AM UTC. Dependencies resolved. ================================================================================ Package Architecture Version Repository Size ================================================================================ Installing: wazuh-dashboard x86_64 4.8.0-1 wazuh 275 M Transaction Summary ================================================================================ Install 1 Package Total download size: 275 M Installed size: 911 M Downloading Packages: wazuh-dashboard-4.8.0-1.x86_64.rpm 34 MB/s | 275 MB 00:08 -------------------------------------------------------------------------------- Total 34 MB/s | 275 MB 00:08 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Running scriptlet: wazuh-dashboard-4.8.0-1.x86_64 1/1 Installing : wazuh-dashboard-4.8.0-1.x86_64 1/1 Running scriptlet: wazuh-dashboard-4.8.0-1.x86_64 1/1 Verifying : wazuh-dashboard-4.8.0-1.x86_64 1/1 Installed products updated. Installed: wazuh-dashboard-4.8.0-1.x86_64 Complete! 05/06/2024 11:44:06 DEBUG: Checking Wazuh installation. 05/06/2024 11:44:06 DEBUG: There are Wazuh remaining files. 05/06/2024 11:44:06 DEBUG: There are Wazuh indexer remaining files. 05/06/2024 11:44:06 DEBUG: There are Filebeat remaining files. 05/06/2024 11:44:06 DEBUG: There are Wazuh dashboard remaining files. 05/06/2024 11:44:06 INFO: Wazuh dashboard installation finished. 05/06/2024 11:44:06 DEBUG: Configuring Wazuh dashboard. 05/06/2024 11:44:06 DEBUG: Copying Wazuh dashboard certificates. 05/06/2024 11:44:06 DEBUG: Wazuh dashboard certificate setup finished. 05/06/2024 11:44:06 INFO: Wazuh dashboard post-install configuration finished. 05/06/2024 11:44:06 INFO: Starting service wazuh-dashboard. Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service → /etc/systemd/system/wazuh-dashboard.service. 05/06/2024 11:44:07 INFO: wazuh-dashboard service started. 05/06/2024 11:44:07 DEBUG: Setting Wazuh indexer cluster passwords. 05/06/2024 11:44:07 DEBUG: Checking Wazuh installation. 05/06/2024 11:44:07 DEBUG: There are Wazuh remaining files. 05/06/2024 11:44:07 DEBUG: There are Wazuh indexer remaining files. 05/06/2024 11:44:07 DEBUG: There are Filebeat remaining files. 05/06/2024 11:44:07 DEBUG: There are Wazuh dashboard remaining files. 05/06/2024 11:44:07 INFO: Updating the internal users. 05/06/2024 11:44:07 DEBUG: Creating password backup. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to 127.0.0.1:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.10.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: GREEN Number of nodes: 1 Number of data nodes: 1 .opendistro_security index already exists, so we do not need to create one. Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml 05/06/2024 11:44:23 DEBUG: Password backup created in /etc/wazuh-indexer/backup. 05/06/2024 11:44:23 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder. 05/06/2024 11:44:23 DEBUG: The internal users have been updated before changing the passwords. 05/06/2024 11:44:25 DEBUG: Generating password hashes. 05/06/2024 11:44:42 DEBUG: Password hashes generated. 05/06/2024 11:44:42 DEBUG: Creating password backup. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to 127.0.0.1:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.10.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: GREEN Number of nodes: 1 Number of data nodes: 1 .opendistro_security index already exists, so we do not need to create one. Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml 05/06/2024 11:44:50 DEBUG: Password backup created in /etc/wazuh-indexer/backup. Successfully updated the keystore 05/06/2024 11:44:50 DEBUG: Restarting filebeat service... 05/06/2024 11:44:51 DEBUG: filebeat started. 05/06/2024 11:44:51 DEBUG: Restarting wazuh-manager service... 05/06/2024 11:45:14 DEBUG: wazuh-manager started. 05/06/2024 11:45:20 DEBUG: Restarting wazuh-dashboard service... 05/06/2024 11:45:22 DEBUG: wazuh-dashboard started. 05/06/2024 11:45:22 DEBUG: Running security admin tool. 05/06/2024 11:45:22 DEBUG: Loading new passwords changes. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to 127.0.0.1:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.10.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: GREEN Number of nodes: 1 Number of data nodes: 1 .opendistro_security index already exists, so we do not need to create one. Populate config from /home/ec2-user Force type: internalusers Will update '/internalusers' with /etc/wazuh-indexer/backup/internal_users.yml SUCC: Configuration for 'internalusers' created or updated SUCC: Expected 1 config types for node {"updated_config_types":["internalusers"],"updated_config_size":1,"message":null} is 1 (["internalusers"]) due to: null Done with success 05/06/2024 11:45:38 DEBUG: Passwords changed. 05/06/2024 11:45:38 DEBUG: Changing API passwords. 05/06/2024 11:45:48 INFO: Initializing Wazuh dashboard web application. 05/06/2024 11:45:48 INFO: Wazuh dashboard web application not yet initialized. Waiting... 05/06/2024 11:46:05 INFO: Wazuh dashboard web application not yet initialized. Waiting... 05/06/2024 11:46:20 INFO: Wazuh dashboard web application initialized. 05/06/2024 11:46:20 INFO: --- Summary --- 05/06/2024 11:46:20 INFO: You can access the web interface https://:443 User: admin Password: A5+vHVmAdBvkrKYCxS+0a0k3oRoGlreH 05/06/2024 11:46:20 INFO: --- Dependencies --- 05/06/2024 11:46:20 INFO: Removing lsof. Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. Dependencies resolved. ================================================================================ Package Arch Version Repository Size ================================================================================ Removing: lsof x86_64 4.94.0-3.el9 @baseos 624 k Removing unused dependencies: libtirpc x86_64 1.3.3-8.el9_4 @rhel-9-baseos-rhui-rpms 202 k Transaction Summary ================================================================================ Remove 2 Packages Freed space: 826 k Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Erasing : lsof-4.94.0-3.el9.x86_64 1/2 Erasing : libtirpc-1.3.3-8.el9_4.x86_64 2/2 Running scriptlet: libtirpc-1.3.3-8.el9_4.x86_64 2/2 Verifying : libtirpc-1.3.3-8.el9_4.x86_64 1/2 Verifying : lsof-4.94.0-3.el9.x86_64 2/2 Installed products updated. Removed: libtirpc-1.3.3-8.el9_4.x86_64 lsof-4.94.0-3.el9.x86_64 Complete! 05/06/2024 11:46:25 INFO: Removing tar. Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. Dependencies resolved. ================================================================================ Package Arch Version Repository Size ================================================================================ Removing: tar x86_64 2:1.34-6.el9_1 @rhel-9-baseos-rhui-rpms 3.0 M Transaction Summary ================================================================================ Remove 1 Package Freed space: 3.0 M Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Erasing : tar-2:1.34-6.el9_1.x86_64 1/1 Running scriptlet: tar-2:1.34-6.el9_1.x86_64 1/1 Verifying : tar-2:1.34-6.el9_1.x86_64 1/1 Installed products updated. Removed: tar-2:1.34-6.el9_1.x86_64 Complete! 05/06/2024 11:46:28 DEBUG: Restoring Wazuh repository. 05/06/2024 11:46:28 INFO: Installation finished. [root@ip-172-31-71-82 ec2-user]# ```

Update Report

Fixing bugs

I detected a bug that consisted in uninstalling a dependency when it is not installed. This case happens when the assistant tries to install a dependency, it fails and then, in the rollback, it tries to uninstalling it, failing again because it wasn't installed previously.

A fix was added and the following testing was performed. Check that in the APT test, the software-properties-common was installed as a Wazuh dependency, so then it was not uninstalled after, but the Assistant dependencies were uninstalled as expected:

Installing all components - APT

```console root@ip-172-31-71-48:/home/ubuntu# bash wazuh-install.sh -a -i 05/06/2024 14:37:11 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0 05/06/2024 14:37:11 INFO: Verbose logging redirected to /var/log/wazuh-install.log 05/06/2024 14:37:24 WARNING: To perform the installation, the following package/s must be installed: lsof, openssl, software-properties-common. The following package/s will be removed after the installation: lsof, openssl. Add the -id|--install-dependencies parameter to install them automatically or install them manually. root@ip-172-31-71-48:/home/ubuntu# bash wazuh-install.sh -a -i -id 05/06/2024 14:38:18 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0 05/06/2024 14:38:18 INFO: Verbose logging redirected to /var/log/wazuh-install.log 05/06/2024 14:38:32 INFO: --- Dependencies ---- 05/06/2024 14:38:34 INFO: Installing software-properties-common. 05/06/2024 14:38:32 INFO: Installing lsof. 05/06/2024 14:38:34 INFO: Installing openssl. 05/06/2024 14:38:37 WARNING: Hardware and system checks ignored. 05/06/2024 14:38:37 INFO: Wazuh web interface port will be 443. 05/06/2024 14:38:41 INFO: --- Dependencies ---- 05/06/2024 14:38:41 INFO: Installing software-properties-common. 05/06/2024 14:38:52 INFO: Wazuh development repository added. 05/06/2024 14:38:52 INFO: --- Configuration files --- 05/06/2024 14:38:52 INFO: Generating configuration files. 05/06/2024 14:38:52 INFO: Generating the root certificate. 05/06/2024 14:38:52 INFO: Generating Admin certificates. 05/06/2024 14:38:53 INFO: Generating Wazuh indexer certificates. 05/06/2024 14:38:54 INFO: Generating Filebeat certificates. 05/06/2024 14:38:54 INFO: Generating Wazuh dashboard certificates. 05/06/2024 14:38:55 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation. 05/06/2024 14:38:55 INFO: --- Wazuh indexer --- 05/06/2024 14:38:55 INFO: Starting Wazuh indexer installation. 05/06/2024 14:40:17 INFO: Wazuh indexer installation finished. 05/06/2024 14:40:17 INFO: Wazuh indexer post-install configuration finished. 05/06/2024 14:40:17 INFO: Starting service wazuh-indexer. 05/06/2024 14:40:40 INFO: wazuh-indexer service started. 05/06/2024 14:40:40 INFO: Initializing Wazuh indexer cluster security settings. 05/06/2024 14:40:52 INFO: Wazuh indexer cluster security configuration initialized. 05/06/2024 14:40:52 INFO: Wazuh indexer cluster initialized. 05/06/2024 14:40:52 INFO: --- Wazuh server --- 05/06/2024 14:40:52 INFO: Starting the Wazuh manager installation. 05/06/2024 14:42:08 INFO: Wazuh manager installation finished. 05/06/2024 14:42:08 INFO: Wazuh manager vulnerability detection configuration finished. 05/06/2024 14:42:08 INFO: Starting service wazuh-manager. 05/06/2024 14:42:30 INFO: wazuh-manager service started. 05/06/2024 14:42:30 INFO: Starting Filebeat installation. 05/06/2024 14:42:40 INFO: Filebeat installation finished. 05/06/2024 14:42:41 INFO: Filebeat post-install configuration finished. 05/06/2024 14:42:41 INFO: Starting service filebeat. 05/06/2024 14:42:43 INFO: filebeat service started. 05/06/2024 14:42:43 INFO: --- Wazuh dashboard --- 05/06/2024 14:42:43 INFO: Starting Wazuh dashboard installation. 05/06/2024 14:45:17 INFO: Wazuh dashboard installation finished. 05/06/2024 14:45:17 INFO: Wazuh dashboard post-install configuration finished. 05/06/2024 14:45:17 INFO: Starting service wazuh-dashboard. 05/06/2024 14:45:18 INFO: wazuh-dashboard service started. 05/06/2024 14:45:20 INFO: Updating the internal users. 05/06/2024 14:45:30 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder. 05/06/2024 14:46:34 INFO: Initializing Wazuh dashboard web application. 05/06/2024 14:46:34 INFO: Wazuh dashboard web application not yet initialized. Waiting... 05/06/2024 14:46:51 INFO: Wazuh dashboard web application not yet initialized. Waiting... 05/06/2024 14:47:06 INFO: Wazuh dashboard web application initialized. 05/06/2024 14:47:06 INFO: --- Summary --- 05/06/2024 14:47:06 INFO: You can access the web interface https://:443 User: admin Password: +vpwZ2OGk+2AOSYiJySScQTvwKV5Lez7 05/06/2024 14:47:06 INFO: --- Dependencies --- 05/06/2024 14:47:06 INFO: Removing lsof. 05/06/2024 14:47:09 INFO: Removing openssl. 05/06/2024 14:47:13 INFO: Installation finished. root@ip-172-31-71-48:/home/ubuntu# ```

Installing all components - YUM

```console [root@ip-172-31-71-82 ec2-user]# bash wazuh-install.sh -a -i 05/06/2024 14:37:11 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0 05/06/2024 14:37:11 INFO: Verbose logging redirected to /var/log/wazuh-install.log 05/06/2024 14:37:12 WARNING: To perform the installation, the following package/s must be installed: lsof, tar. The following package/s will be removed after the installation: lsof, tar. Add the -id|--install-dependencies parameter to install them automatically or install them manually. [root@ip-172-31-71-82 ec2-user]# bash wazuh-install.sh -a -i -id 05/06/2024 14:38:14 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0 05/06/2024 14:38:14 INFO: Verbose logging redirected to /var/log/wazuh-install.log 05/06/2024 14:38:15 INFO: --- Dependencies ---- 05/06/2024 14:38:15 INFO: Installing lsof. 05/06/2024 14:38:56 INFO: Installing tar. 05/06/2024 14:39:00 WARNING: Hardware and system checks ignored. 05/06/2024 14:39:00 INFO: Wazuh web interface port will be 443. 05/06/2024 14:39:01 INFO: Wazuh development repository added. 05/06/2024 14:39:01 INFO: --- Configuration files --- 05/06/2024 14:39:01 INFO: Generating configuration files. 05/06/2024 14:39:01 INFO: Generating the root certificate. 05/06/2024 14:39:02 INFO: Generating Admin certificates. 05/06/2024 14:39:03 INFO: Generating Wazuh indexer certificates. 05/06/2024 14:39:04 INFO: Generating Filebeat certificates. 05/06/2024 14:39:04 INFO: Generating Wazuh dashboard certificates. 05/06/2024 14:39:05 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation. 05/06/2024 14:39:06 INFO: --- Wazuh indexer --- 05/06/2024 14:39:06 INFO: Starting Wazuh indexer installation. 05/06/2024 14:41:39 INFO: Wazuh indexer installation finished. 05/06/2024 14:41:39 INFO: Wazuh indexer post-install configuration finished. 05/06/2024 14:41:39 INFO: Starting service wazuh-indexer. 05/06/2024 14:42:03 INFO: wazuh-indexer service started. 05/06/2024 14:42:03 INFO: Initializing Wazuh indexer cluster security settings. 05/06/2024 14:42:15 INFO: Wazuh indexer cluster security configuration initialized. 05/06/2024 14:42:15 INFO: Wazuh indexer cluster initialized. 05/06/2024 14:42:15 INFO: --- Wazuh server --- 05/06/2024 14:42:15 INFO: Starting the Wazuh manager installation. 05/06/2024 14:43:45 INFO: Wazuh manager installation finished. 05/06/2024 14:43:45 INFO: Wazuh manager vulnerability detection configuration finished. 05/06/2024 14:43:45 INFO: Starting service wazuh-manager. 05/06/2024 14:43:57 INFO: wazuh-manager service started. 05/06/2024 14:43:57 INFO: Starting Filebeat installation. 05/06/2024 14:44:10 INFO: Filebeat installation finished. 05/06/2024 14:44:11 INFO: Filebeat post-install configuration finished. 05/06/2024 14:44:11 INFO: Starting service filebeat. 05/06/2024 14:44:14 INFO: filebeat service started. 05/06/2024 14:44:14 INFO: --- Wazuh dashboard --- 05/06/2024 14:44:14 INFO: Starting Wazuh dashboard installation. 05/06/2024 14:47:11 INFO: Wazuh dashboard installation finished. 05/06/2024 14:47:11 INFO: Wazuh dashboard post-install configuration finished. 05/06/2024 14:47:12 INFO: Starting service wazuh-dashboard. 05/06/2024 14:47:13 INFO: wazuh-dashboard service started. 05/06/2024 14:47:13 INFO: Updating the internal users. 05/06/2024 14:47:27 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder. 05/06/2024 14:48:45 INFO: Initializing Wazuh dashboard web application. 05/06/2024 14:48:46 INFO: Wazuh dashboard web application not yet initialized. Waiting... 05/06/2024 14:49:02 INFO: Wazuh dashboard web application not yet initialized. Waiting... 05/06/2024 14:49:17 INFO: Wazuh dashboard web application initialized. 05/06/2024 14:49:17 INFO: --- Summary --- 05/06/2024 14:49:17 INFO: You can access the web interface https://:443 User: admin Password: rmS6P0ljEOEcFt55LKj75i.KBB6rXlf6 05/06/2024 14:49:17 INFO: --- Dependencies --- 05/06/2024 14:49:17 INFO: Removing lsof. 05/06/2024 14:49:21 INFO: Removing tar. 05/06/2024 14:49:23 INFO: Installation finished. [root@ip-172-31-71-82 ec2-user]# ```

Update Report

Dashboard port change

New tests have been performed in order to check that the change port is done successfully.

AIO installation - without port change - APT

```console root@ip-172-31-71-48:/home/ubuntu# bash wazuh-install.sh -a -i -v 12/06/2024 11:27:13 DEBUG: Checking root permissions. 12/06/2024 11:27:13 DEBUG: Checking sudo package. 12/06/2024 11:27:13 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0 12/06/2024 11:27:13 INFO: Verbose logging redirected to /var/log/wazuh-install.log 12/06/2024 11:27:13 DEBUG: APT package manager will be used. 12/06/2024 11:27:13 DEBUG: Checking system distribution. 12/06/2024 11:27:13 DEBUG: Detected distribution name: ubuntu 12/06/2024 11:27:13 DEBUG: Detected distribution version: 22 12/06/2024 11:27:13 DEBUG: Checking Wazuh installation. 12/06/2024 11:27:16 DEBUG: Checking system architecture. 12/06/2024 11:27:16 INFO: Wazuh web interface port will be 443. 12/06/2024 11:27:27 WARNING: To perform the installation, the following package/s must be installed: lsof, openssl, software-properties-common. The following package/s will be removed after the installation: lsof, openssl. Add the -id|--install-dependencies parameter to install them automatically or install them manually. root@ip-172-31-71-48:/home/ubuntu# bash wazuh-install.sh -a -i -v -id 12/06/2024 11:28:21 DEBUG: Checking root permissions. 12/06/2024 11:28:21 DEBUG: Checking sudo package. 12/06/2024 11:28:21 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0 12/06/2024 11:28:21 INFO: Verbose logging redirected to /var/log/wazuh-install.log 12/06/2024 11:28:21 DEBUG: APT package manager will be used. 12/06/2024 11:28:21 DEBUG: Checking system distribution. 12/06/2024 11:28:21 DEBUG: Detected distribution name: ubuntu 12/06/2024 11:28:21 DEBUG: Detected distribution version: 22 12/06/2024 11:28:21 DEBUG: Checking Wazuh installation. 12/06/2024 11:28:24 DEBUG: Checking system architecture. 12/06/2024 11:28:24 INFO: Wazuh web interface port will be 443. Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease Get:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease [128 kB] Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease Get:4 http://security.ubuntu.com/ubuntu jammy-security InRelease [129 kB] Get:5 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 Packages [1722 kB] Get:6 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main Translation-en [317 kB] Get:7 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/restricted amd64 Packages [1977 kB] Get:8 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/restricted Translation-en [336 kB] Get:9 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/universe amd64 Packages [1086 kB] Get:10 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/universe Translation-en [251 kB] Get:11 http://security.ubuntu.com/ubuntu jammy-security/main amd64 Packages [1506 kB] Get:12 http://security.ubuntu.com/ubuntu jammy-security/main Translation-en [257 kB] Get:13 http://security.ubuntu.com/ubuntu jammy-security/restricted amd64 Packages [1919 kB] Get:14 http://security.ubuntu.com/ubuntu jammy-security/restricted Translation-en [326 kB] Get:15 http://security.ubuntu.com/ubuntu jammy-security/universe amd64 Packages [857 kB] Get:16 http://security.ubuntu.com/ubuntu jammy-security/universe Translation-en [166 kB] Fetched 11.0 MB in 3s (4148 kB/s) Reading package lists... 12/06/2024 11:28:41 INFO: --- Dependencies ---- 12/06/2024 11:28:41 INFO: Installing lsof. Reading package lists... Building dependency tree... Reading state information... The following packages were automatically installed and are no longer required: apport-symptoms bc gir1.2-packagekitglib-1.0 libappstream4 libglib2.0-bin libgstreamer1.0-0 libpackagekit-glib2-18 libstemmer0d packagekit packagekit-tools python3-automat python3-bcrypt python3-blinker python3-chardet python3-click python3-colorama python3-configobj python3-constantly python3-debconf python3-debian python3-distupgrade python3-hamcrest python3-hyperlink python3-incremental python3-jeepney python3-jwt python3-keyring python3-lazr.uri python3-oauthlib python3-problem-report python3-pyasn1 python3-pyasn1-modules python3-pyparsing python3-secretstorage python3-service-identity python3-systemd python3-twisted python3-update-manager python3-wadllib python3-zope.interface squashfs-tools Use 'sudo apt autoremove' to remove them. The following NEW packages will be installed: lsof 0 upgraded, 1 newly installed, 0 to remove and 75 not upgraded. Need to get 253 kB of archives. After this operation, 458 kB of additional disk space will be used. Get:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 lsof amd64 4.93.2+dfsg-1.1build2 [253 kB] Fetched 253 kB in 0s (10.3 MB/s) Selecting previou NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 6.5.0-1020-aws NEEDRESTART-KEXP: 6.5.0-1020-aws NEEDRESTART-KSTA: 1 12/06/2024 11:28:46 INFO: Installing openssl. Reading package lists... Building dependency tree... Reading state information... The following packages were automatically installed and are no longer required: apport-symptoms bc gir1.2-packagekitglib-1.0 libappstream4 libglib2.0-bin libgstreamer1.0-0 libpackagekit-glib2-18 libstemmer0d packagekit packagekit-tools python3-automat python3-bcrypt python3-blinker python3-chardet python3-click python3-colorama python3-configobj python3-constantly python3-debconf python3-debian python3-distupgrade python3-hamcrest python3-hyperlink python3-incremental python3-jeepney python3-jwt python3-keyring python3-lazr.uri python3-oauthlib python3-problem-report python3-pyasn1 python3-pyasn1-modules python3-pyparsing python3-secretstorage python3-service-identity python3-systemd python3-twisted python3-update-manager python3-wadllib python3-zope.interface squashfs-tools Use 'sudo apt autoremove' to remove them. Suggested packages: ca-certificates The following NEW packages will be installed: openssl 0 upgraded, 1 newly installed, 0 to remove and 75 not upgraded. Need to get 1186 kB of archives. After this operation, 2102 kB of additional disk space will be used. Get:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 openssl amd64 3.0.2-0ubuntu1.15 [1186 kB] F NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 6.5.0-1020-aws NEEDRESTART-KEXP: 6.5.0-1020-aws NEEDRESTART-KSTA: 1 12/06/2024 11:28:49 WARNING: Hardware and system checks ignored. 12/06/2024 11:28:49 DEBUG: Checking ports availability. Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease Hit:4 http://security.ubuntu.com/ubuntu jammy-security InRelease Reading package lists... 12/06/2024 11:28:54 INFO: --- Dependencies ---- 12/06/2024 11:28:54 INFO: Installing software-properties-common. Reading package lists... Building dependency tree... Reading state information... The following packages were automatically installed and are no longer required: apport-symptoms bc python3-automat python3-bcrypt python3-chardet python3-click python3-colorama python3-configobj python3-constantly python3-debconf python3-debian python3-distupgrade python3-hamcrest python3-hyperlink python3-incremental python3-problem-report python3-pyasn1 python3-pyasn1-modules python3-service-identity python3-systemd python3-twisted python3-update-manager python3-zope.interface squashfs-tools Use 'sudo apt autoremove' to remove them. The following additional packages will be installed: ca-certificates python3-httplib2 python3-launchpadlib python3-lazr.restfulclient python3-software-properties Suggested packages: python3-testresources The following NEW packages will be installed: ca-certificates python3-httplib2 python3-launchpadlib python3-lazr.restfulclient python3-software-properties software-properties-common 0 upgraded, 6 newly installed, 0 to remove and 75 not upgraded. Need to get 405 kB of archives. After this operation, 2930 kB of additional disk space will be used. Get:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 ca-certificates all 20230311ubuntu0.22.04.1 [155 kB] Get:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 python3-httplib2 all 0.20.2-2 [30.4 kB] Get:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 python3-lazr.restfulclient all 0.14.4-1 [51.2 kB] Get:4 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 python3-launchpadlib all 1.10.16-1 [125 kB] Get:5 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 python3-software-properties all 0.99.22.9 [28.8 kB] Get:6 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 software-properties-common all 0.99.22.9 [14.1 kB] Preconfiguring packages ... Fetched 405 kB in 0s (6141 kB/s) Selecting previously NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 6.5.0-1020-aws NEEDRESTART-KEXP: 6.5.0-1020-aws NEEDRESTART-KSTA: 1 12/06/2024 11:29:04 DEBUG: Checking curl tool version. 12/06/2024 11:29:04 DEBUG: Adding the Wazuh repository. gpg: keyring '/usr/share/keyrings/wazuh.gpg' created gpg: key 96B3EE5F29111145: public key "Wazuh.com (Wazuh Signing Key) " imported gpg: Total number processed: 1 gpg: imported: 1 deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages-dev.wazuh.com/pre-release/apt/ unstable main Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease Hit:4 http://security.ubuntu.com/ubuntu jammy-security InRelease Get:5 https://packages-dev.wazuh.com/pre-release/apt unstable InRelease [17.3 kB] Get:6 https://packages-dev.wazuh.com/pre-release/apt unstable/main amd64 Packages [38.5 kB] Fetched 55.8 kB in 1s (44.4 kB/s) Reading package lists... 12/06/2024 11:29:08 INFO: Wazuh development repository added. 12/06/2024 11:29:08 INFO: --- Configuration files --- 12/06/2024 11:29:08 INFO: Generating configuration files. 12/06/2024 11:29:08 DEBUG: Creating Wazuh certificates. 12/06/2024 11:29:08 DEBUG: Reading configuration file. 12/06/2024 11:29:08 DEBUG: Checking if 127.0.0.1 is private. 12/06/2024 11:29:08 DEBUG: Checking if 127.0.0.1 is private. 12/06/2024 11:29:08 DEBUG: Checking if 127.0.0.1 is private. 12/06/2024 11:29:08 INFO: Generating the root certificate. 12/06/2024 11:29:09 INFO: Generating Admin certificates. 12/06/2024 11:29:09 DEBUG: Generating Admin private key. 12/06/2024 11:29:09 DEBUG: Converting Admin private key to PKCS8 format. 12/06/2024 11:29:09 DEBUG: Generating Admin CSR. 12/06/2024 11:29:09 DEBUG: Creating Admin certificate. 12/06/2024 11:29:09 INFO: Generating Wazuh indexer certificates. 12/06/2024 11:29:09 DEBUG: Creating the certificates for wazuh-indexer indexer node. 12/06/2024 11:29:09 DEBUG: Generating certificate configuration. 12/06/2024 11:29:09 DEBUG: Creating the Wazuh indexer tmp key pair. 12/06/2024 11:29:10 DEBUG: Creating the Wazuh indexer certificates. 12/06/2024 11:29:10 INFO: Generating Filebeat certificates. 12/06/2024 11:29:10 DEBUG: Generating the certificates for wazuh-server server node. 12/06/2024 11:29:10 DEBUG: Generating certificate configuration. 12/06/2024 11:29:10 DEBUG: Creating the Wazuh server tmp key pair. 12/06/2024 11:29:10 DEBUG: Creating the Wazuh server certificates. 12/06/2024 11:29:10 INFO: Generating Wazuh dashboard certificates. 12/06/2024 11:29:10 DEBUG: Generating certificate configuration. 12/06/2024 11:29:10 DEBUG: Creating the Wazuh dashboard tmp key pair. 12/06/2024 11:29:10 DEBUG: Creating the Wazuh dashboard certificates. 12/06/2024 11:29:10 DEBUG: Cleaning certificate files. 12/06/2024 11:29:10 DEBUG: Generating password file. 12/06/2024 11:29:10 DEBUG: Generating random passwords. 12/06/2024 11:29:11 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation. 12/06/2024 11:29:11 DEBUG: Extracting Wazuh configuration. 12/06/2024 11:29:11 DEBUG: Reading configuration file. 12/06/2024 11:29:11 DEBUG: Checking if 127.0.0.1 is private. 12/06/2024 11:29:11 DEBUG: Checking if 127.0.0.1 is private. 12/06/2024 11:29:11 DEBUG: Checking if 127.0.0.1 is private. 12/06/2024 11:29:11 INFO: --- Wazuh indexer --- 12/06/2024 11:29:11 INFO: Starting Wazuh indexer installation. Reading package lists... Building dependency tree... Reading state information... The following packages were automatically installed and are no longer required: apport-symptoms bc python3-automat python3-bcrypt python3-chardet python3-click python3-colorama python3-configobj python3-constantly python3-debconf python3-debian python3-distupgrade python3-hamcrest python3-hyperlink python3-incremental python3-problem-report python3-pyasn1 python3-pyasn1-modules python3-service-identity python3-systemd python3-twisted python3-update-manager python3-zope.interface squashfs-tools Use 'sudo apt autoremove' to remove them. The following NEW packages will be installed: wazuh-indexer 0 upgraded, 1 newly installed, 0 to remove and 75 not upgraded. Need to get 759 MB of archives. After this operation, 1050 MB of additional disk space will be used. Get:1 https://packages-dev.wazuh.com/pre-release/apt unstable/main amd64 wazuh-indexer a NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 6.5.0-1020-aws NEEDRESTART-KEXP: 6.5.0-1020-aws NEEDRESTART-KSTA: 1er. 12/06/2024 11:30:48 DEBUG: Checking Wazuh installation. 12/06/2024 11:30:50 DEBUG: There are Wazuh indexer remaining files. 12/06/2024 11:30:51 INFO: Wazuh indexer installation finished. 12/06/2024 11:30:51 DEBUG: Configuring Wazuh indexer. 12/06/2024 11:30:51 DEBUG: Copying Wazuh indexer certificates. 12/06/2024 11:30:51 INFO: Wazuh indexer post-install configuration finished. 12/06/2024 11:30:51 INFO: Starting service wazuh-indexer. Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service → /lib/systemd/system/wazuh-indexer.service. 12/06/2024 11:31:22 INFO: wazuh-indexer service started. 12/06/2024 11:31:23 INFO: Initializing Wazuh indexer cluster security settings. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to 127.0.0.1:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.10.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: GREEN Number of nodes: 1 Number of data nodes: 1 .opendistro_security index does not exists, attempt to create it ... done (0-all replicas) Populate config from /etc/wazuh-indexer/opensearch-security/ Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml SUCC: Configuration for 'config' created or updated Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml SUCC: Configuration for 'roles' created or updated Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml SUCC: Configuration for 'rolesmapping' created or updated Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml SUCC: Configuration for 'internalusers' created or updated Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml SUCC: Configuration for 'actiongroups' created or updated Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml SUCC: Configuration for 'tenants' created or updated Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml SUCC: Configuration for 'nodesdn' created or updated Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml SUCC: Configuration for 'whitelist' created or updated Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml SUCC: Configuration for 'audit' created or updated Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml SUCC: Configuration for 'allowlist' created or updated SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null Done with success 12/06/2024 11:31:33 INFO: Wazuh indexer cluster security configuration initialized. 12/06/2024 11:31:33 INFO: Wazuh indexer cluster initialized. 12/06/2024 11:31:33 INFO: --- Wazuh server --- 12/06/2024 11:31:33 INFO: Starting the Wazuh manager installation. Reading package lists... Building dependency tree... Reading state information... The following packages were automatically installed and are no longer required: apport-symptoms bc python3-automat python3-bcrypt python3-chardet python3-click python3-colorama python3-configobj python3-constantly python3-debconf python3-debian python3-distupgrade python3-hamcrest python3-hyperlink python3-incremental python3-problem-report python3-pyasn1 python3-pyasn1-modules python3-service-identity python3-systemd python3-twisted python3-update-manager python3-zope.interface squashfs-tools Use 'sudo apt autoremove' to remove them. Suggested packages: expect The following NEW packages will be installed: wazuh-manager 0 upgraded, 1 newly installed, 0 to remove and 74 not upgraded. Need to get 317 MB of archives. After this operation, 918 MB of additional disk space will be used. Get:1 https://packages-dev.wazuh.com/pre-release/apt unstable/main amd64 wazuh-manager amd64 4.8.0-1 [317 MB] Fetched 317 MB in 5s (65.1 MB/s) Selecting previously unselected pack NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 6.5.0-1020-aws NEEDRESTART-KEXP: 6.5.0-1020-aws NEEDRESTART-KSTA: 1 12/06/2024 11:33:37 DEBUG: Checking Wazuh installation. 12/06/2024 11:33:38 DEBUG: There are Wazuh remaining files. 12/06/2024 11:33:39 DEBUG: There are Wazuh indexer remaining files. 12/06/2024 11:33:40 INFO: Wazuh manager installation finished. 12/06/2024 11:33:40 DEBUG: Configuring Wazuh manager. 12/06/2024 11:33:40 DEBUG: Setting provisional Wazuh indexer password. 12/06/2024 11:33:40 INFO: Wazuh manager vulnerability detection configuration finished. 12/06/2024 11:33:40 INFO: Starting service wazuh-manager. Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-manager.service → /lib/systemd/system/wazuh-manager.service. 12/06/2024 11:34:07 INFO: wazuh-manager service started. 12/06/2024 11:34:07 INFO: Starting Filebeat installation. Reading package lists... Building dependency tree... Reading state information... The following packages were automatically installed and are no longer required: apport-symptoms bc python3-automat python3-bcrypt python3-chardet python3-click python3-colorama python3-configobj python3-constantly python3-debconf python3-debian python3-distupgrade python3-hamcrest python3-hyperlink python3-incremental python3-problem-report python3-pyasn1 python3-pyasn1-modules python3-service-identity python3-systemd python3-twisted python3-update-manager python3-zope.interface squashfs-tools Use 'sudo apt autoremove' to remove them. The following NEW packages will be installed: filebeat 0 upgraded, 1 newly installed, 0 to remove and 74 not upgraded. Need to get 22.1 MB of archives. After this operation, 73.6 MB of additional disk space will be used. Get:1 https://packages-dev.wazuh.com/pre-release/apt unstable/main amd64 filebeat amd64 7.10 NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 6.5.0-1020-aws NEEDRESTART-KEXP: 6.5.0-1020-aws NEEDRESTART-KSTA: 1 12/06/2024 11:34:16 DEBUG: Checking Wazuh installation. 12/06/2024 11:34:17 DEBUG: There are Wazuh remaining files. 12/06/2024 11:34:18 DEBUG: There are Wazuh indexer remaining files. 12/06/2024 11:34:18 DEBUG: There are Filebeat remaining files. 12/06/2024 11:34:19 INFO: Filebeat installation finished. 12/06/2024 11:34:19 DEBUG: Configuring Filebeat. 12/06/2024 11:34:19 DEBUG: Filebeat template was download successfully. wazuh/ wazuh/_meta/ wazuh/_meta/docs.asciidoc wazuh/_meta/fields.yml wazuh/_meta/config.yml wazuh/alerts/ wazuh/alerts/config/ wazuh/alerts/config/alerts.yml wazuh/alerts/manifest.yml wazuh/alerts/ingest/ wazuh/alerts/ingest/pipeline.json wazuh/module.yml wazuh/archives/ wazuh/archives/config/ wazuh/archives/config/archives.yml wazuh/archives/manifest.yml wazuh/archives/ingest/ wazuh/archives/ingest/pipeline.json 12/06/2024 11:34:20 DEBUG: Filebeat module was downloaded successfully. 12/06/2024 11:34:20 DEBUG: Copying Filebeat certificates. Created filebeat keystore Successfully updated the keystore Successfully updated the keystore 12/06/2024 11:34:21 INFO: Filebeat post-install configuration finished. 12/06/2024 11:34:21 INFO: Starting service filebeat. Synchronizing state of filebeat.service with SysV service script with /lib/systemd/systemd-sysv-install. Executing: /lib/systemd/systemd-sysv-install enable filebeat Created symlink /etc/systemd/system/multi-user.target.wants/filebeat.service → /lib/systemd/system/filebeat.service. 12/06/2024 11:34:23 INFO: filebeat service started. 12/06/2024 11:34:23 INFO: --- Wazuh dashboard --- 12/06/2024 11:34:23 INFO: Starting Wazuh dashboard installation. Reading package lists... Building dependency tree... Reading state information... The following packages were automatically installed and are no longer required: apport-symptoms bc python3-automat python3-bcrypt python3-chardet python3-click python3-colorama python3-configobj python3-constantly python3-debconf python3-debian python3-distupgrade python3-hamcrest python3-hyperlink python3-incremental python3-problem-report python3-pyasn1 python3-pyasn1-modules python3-service-identity python3-systemd python3-twisted python3-update-manager python3-zope.interface squashfs-tools Use 'sudo apt autoremove' to remove them. The following NEW packages will be installed: wazuh-dashboard 0 upgraded, 1 newly installed, 0 to remove and 74 not upgraded. Need to get 186 MB of archives. After this operation, 998 MB of additional disk space will be used. Get:1 https://packages-dev.wazuh.com/pre-release/apt unstable/main amd64 wazuh-dashboar NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 6.5.0-1020-aws NEEDRESTART-KEXP: 6.5.0-1020-aws NEEDRESTART-KSTA: 1hboard. 12/06/2024 11:36:56 DEBUG: Checking Wazuh installation. 12/06/2024 11:36:56 DEBUG: There are Wazuh remaining files. 12/06/2024 11:36:57 DEBUG: There are Wazuh indexer remaining files. 12/06/2024 11:36:58 DEBUG: There are Filebeat remaining files. 12/06/2024 11:36:58 DEBUG: There are Wazuh dashboard remaining files. 12/06/2024 11:36:58 INFO: Wazuh dashboard installation finished. 12/06/2024 11:36:58 DEBUG: Configuring Wazuh dashboard. 12/06/2024 11:36:59 DEBUG: Copying Wazuh dashboard certificates. 12/06/2024 11:36:59 DEBUG: Wazuh dashboard certificate setup finished. 12/06/2024 11:36:59 INFO: Wazuh dashboard post-install configuration finished. 12/06/2024 11:36:59 INFO: Starting service wazuh-dashboard. Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service → /etc/systemd/system/wazuh-dashboard.service. 12/06/2024 11:37:00 INFO: wazuh-dashboard service started. 12/06/2024 11:37:00 DEBUG: Setting Wazuh indexer cluster passwords. 12/06/2024 11:37:00 DEBUG: Checking Wazuh installation. 12/06/2024 11:37:01 DEBUG: There are Wazuh remaining files. 12/06/2024 11:37:01 DEBUG: There are Wazuh indexer remaining files. 12/06/2024 11:37:02 DEBUG: There are Filebeat remaining files. 12/06/2024 11:37:03 DEBUG: There are Wazuh dashboard remaining files. 12/06/2024 11:37:03 INFO: Updating the internal users. 12/06/2024 11:37:03 DEBUG: Creating password backup. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to 127.0.0.1:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.10.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: GREEN Number of nodes: 1 Number of data nodes: 1 .opendistro_security index already exists, so we do not need to create one. Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml 12/06/2024 11:37:14 DEBUG: Password backup created in /etc/wazuh-indexer/backup. 12/06/2024 11:37:14 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder. 12/06/2024 11:37:14 DEBUG: The internal users have been updated before changing the passwords. 12/06/2024 11:37:17 DEBUG: Generating password hashes. 12/06/2024 11:37:30 DEBUG: Password hashes generated. 12/06/2024 11:37:30 DEBUG: Creating password backup. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to 127.0.0.1:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.10.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: GREEN Number of nodes: 1 Number of data nodes: 1 .opendistro_security index already exists, so we do not need to create one. Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml 12/06/2024 11:37:38 DEBUG: Password backup created in /etc/wazuh-indexer/backup. Successfully updated the keystore 12/06/2024 11:37:39 DEBUG: Restarting filebeat service... 12/06/2024 11:37:39 DEBUG: filebeat started. 12/06/2024 11:37:39 DEBUG: Restarting wazuh-manager service... 12/06/2024 11:38:09 DEBUG: wazuh-manager started. 12/06/2024 11:38:11 DEBUG: Restarting wazuh-dashboard service... 12/06/2024 11:38:12 DEBUG: wazuh-dashboard started. 12/06/2024 11:38:12 DEBUG: Running security admin tool. 12/06/2024 11:38:12 DEBUG: Loading new passwords changes. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to 127.0.0.1:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.10.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: GREEN Number of nodes: 1 Number of data nodes: 1 .opendistro_security index already exists, so we do not need to create one. Populate config from /home/ubuntu Force type: internalusers Will update '/internalusers' with /etc/wazuh-indexer/backup/internal_users.yml SUCC: Configuration for 'internalusers' created or updated SUCC: Expected 1 config types for node {"updated_config_types":["internalusers"],"updated_config_size":1,"message":null} is 1 (["internalusers"]) due to: null Done with success 12/06/2024 11:38:21 DEBUG: Passwords changed. 12/06/2024 11:38:21 DEBUG: Changing API passwords. 12/06/2024 11:38:39 INFO: Initializing Wazuh dashboard web application. 12/06/2024 11:38:40 INFO: Wazuh dashboard web application not yet initialized. Waiting... 12/06/2024 11:38:56 INFO: Wazuh dashboard web application not yet initialized. Waiting... 12/06/2024 11:39:11 INFO: Wazuh dashboard web application initialized. 12/06/2024 11:39:11 INFO: --- Summary --- 12/06/2024 11:39:11 INFO: You can access the web interface https://:443 User: admin Password: LcXxSXzon.l7ee3106eP2I+AHQjR8Xj3 12/06/2024 11:39:11 INFO: --- Dependencies --- 12/06/2024 11:39:11 INFO: Removing lsof. Reading package lists... Building dependency tree... Reading state information... The following packages were automatically installed and are no longer required: apport-symptoms bc python3-automat python3-bcrypt python3-chardet python3-click python3-colorama python3-configobj python3-constantly python3-debconf python3-debian python3-distupgrade python3-hamcrest python3-hyperlink python3-incremental python3-problem-report python3-pyasn1 python3-pyasn1-modules python3-service-identity python3-systemd python3-twisted python3-update-manager python3-zope.interface squashfs-tools Use 'sudo apt autoremove' to remove them. The following packages will be REMOVED: lsof* 0 upgraded, 0 newly installed, 1 Processing triggers for man-db (2.10.2-1) ...ries currently installed.)ill be freed. (Reading database ... 12/06/2024 11:39:15 INFO: Removing openssl. Reading package lists... Building dependency tree... Reading state information... The following packages were automatically installed and are no longer required: apport-symptoms bc gir1.2-packagekitglib-1.0 libappstream4 libglib2.0-bin libgstreamer1.0-0 libpackagekit-glib2-18 libstemmer0d packagekit packagekit-tools python3-automat python3-bcrypt python3-blinker python3-chardet python3-click python3-colorama python3-configobj python3-constantly python3-debconf python3-debian python3-distupgrade python3-hamcrest python3-hyperlink python3-incremental python3-jeepney python3-jwt python3-keyring python3-lazr.uri python3-oauthlib python3-problem-report python3-pyasn1 python3-pyasn1-modules python3-pyparsing python3-secretstorage python3-service-identity python3-systemd python3-twisted python3-update-manager python3-wadllib python3-zope.interface squashfs-tools Use 'sudo apt autoremove' to remove them. The following packages will be REMOVED: ca-certificates* openssl* python3-httplib2* python3-launchpadlib* python3-lazr.restfulclient* python3-software-properties* software-properties-common* 0 upgraded, 0 newly installed, 7 to remove and 74 not upgraded. After Processing triggers for dbus (1.12.20-2ubuntu4.1) ...u1.15) ...0.22.04.1) ... 12/06/2024 11:39:20 DEBUG: Restoring Wazuh repository. 12/06/2024 11:39:20 INFO: Installation finished. root@ip-172-31-71-48:/home/ubuntu# ```

AIO installation - without port change - YUM

```console [root@ip-172-31-71-82 ec2-user]# bash wazuh-install.sh -a -i -v 12/06/2024 11:27:13 DEBUG: Checking root permissions. 12/06/2024 11:27:13 DEBUG: Checking sudo package. 12/06/2024 11:27:13 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0 12/06/2024 11:27:13 INFO: Verbose logging redirected to /var/log/wazuh-install.log 12/06/2024 11:27:13 DEBUG: YUM package manager will be used. 12/06/2024 11:27:13 DEBUG: Checking system distribution. 12/06/2024 11:27:13 DEBUG: Detected distribution name: rhel 12/06/2024 11:27:13 DEBUG: Detected distribution version: 9 12/06/2024 11:27:13 DEBUG: Checking Wazuh installation. 12/06/2024 11:27:13 DEBUG: Checking system architecture. 12/06/2024 11:27:13 INFO: Wazuh web interface port will be 443. 12/06/2024 11:27:13 WARNING: To perform the installation, the following package/s must be installed: lsof, tar. The following package/s will be removed after the installation: lsof, tar. Add the -id|--install-dependencies parameter to install them automatically or install them manually. [root@ip-172-31-71-82 ec2-user]# bash wazuh-install.sh -a -i -v -id 12/06/2024 11:28:21 DEBUG: Checking root permissions. 12/06/2024 11:28:21 DEBUG: Checking sudo package. 12/06/2024 11:28:21 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0 12/06/2024 11:28:21 INFO: Verbose logging redirected to /var/log/wazuh-install.log 12/06/2024 11:28:21 DEBUG: YUM package manager will be used. 12/06/2024 11:28:21 DEBUG: Checking system distribution. 12/06/2024 11:28:21 DEBUG: Detected distribution name: rhel 12/06/2024 11:28:21 DEBUG: Detected distribution version: 9 12/06/2024 11:28:21 DEBUG: Checking Wazuh installation. 12/06/2024 11:28:21 DEBUG: Checking system architecture. 12/06/2024 11:28:21 INFO: Wazuh web interface port will be 443. 12/06/2024 11:28:22 DEBUG: CentOS repository file created. 12/06/2024 11:28:22 DEBUG: CentOS repositories added. 12/06/2024 11:28:22 INFO: --- Dependencies ---- 12/06/2024 11:28:22 INFO: Installing lsof. Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. CentOS Stream 9 - AppStream 39 MB/s | 20 MB 00:00 CentOS Stream 9 - BaseOS 30 MB/s | 8.1 MB 00:00 Last metadata expiration check: 0:00:03 ago on Wed 12 Jun 2024 11:28:32 AM UTC. Dependencies resolved. ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: lsof x86_64 4.94.0-3.el9 baseos 239 k Installing dependencies: libtirpc x86_64 1.3.3-8.el9_4 rhel-9-baseos-rhui-rpms 96 k Transaction Summary ================================================================================ Install 2 Packages Total download size: 336 k Installed size: 826 k Downloading Packages: (1/2): libtirpc-1.3.3-8.el9_4.x86_64.rpm 1.1 MB/s | 96 kB 00:00 (2/2): lsof-4.94.0-3.el9.x86_64.rpm 2.1 MB/s | 239 kB 00:00 -------------------------------------------------------------------------------- Total 2.0 MB/s | 336 kB 00:00 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Installing : libtirpc-1.3.3-8.el9_4.x86_64 1/2 Installing : lsof-4.94.0-3.el9.x86_64 2/2 Running scriptlet: lsof-4.94.0-3.el9.x86_64 2/2 Verifying : lsof-4.94.0-3.el9.x86_64 1/2 Verifying : libtirpc-1.3.3-8.el9_4.x86_64 2/2 Installed products updated. Installed: libtirpc-1.3.3-8.el9_4.x86_64 lsof-4.94.0-3.el9.x86_64 Complete! 12/06/2024 11:28:41 INFO: Installing tar. Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. Last metadata expiration check: 0:00:10 ago on Wed 12 Jun 2024 11:28:32 AM UTC. Dependencies resolved. ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: tar x86_64 2:1.34-6.el9_1 rhel-9-baseos-rhui-rpms 889 k Transaction Summary ================================================================================ Install 1 Package Total download size: 889 k Installed size: 3.0 M Downloading Packages: tar-1.34-6.el9_1.x86_64.rpm 16 MB/s | 889 kB 00:00 -------------------------------------------------------------------------------- Total 9.3 MB/s | 889 kB 00:00 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Installing : tar-2:1.34-6.el9_1.x86_64 1/1 Running scriptlet: tar-2:1.34-6.el9_1.x86_64 1/1 Verifying : tar-2:1.34-6.el9_1.x86_64 1/1 Installed products updated. Installed: tar-2:1.34-6.el9_1.x86_64 Complete! Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. 38 files removed 12/06/2024 11:28:46 DEBUG: CentOS repositories and key deleted. 12/06/2024 11:28:46 WARNING: Hardware and system checks ignored. 12/06/2024 11:28:46 DEBUG: Checking ports availability. 12/06/2024 11:28:46 DEBUG: Checking curl tool version. 12/06/2024 11:28:46 DEBUG: Adding the Wazuh repository. [wazuh] gpgcheck=1 gpgkey=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH enabled=1 name=EL-${releasever} - Wazuh baseurl=https://packages-dev.wazuh.com/pre-release/yum/ protect=1 12/06/2024 11:28:47 INFO: Wazuh development repository added. 12/06/2024 11:28:47 INFO: --- Configuration files --- 12/06/2024 11:28:47 INFO: Generating configuration files. 12/06/2024 11:28:47 DEBUG: Creating Wazuh certificates. 12/06/2024 11:28:47 DEBUG: Reading configuration file. 12/06/2024 11:28:47 DEBUG: Checking if 127.0.0.1 is private. 12/06/2024 11:28:47 DEBUG: Checking if 127.0.0.1 is private. 12/06/2024 11:28:47 DEBUG: Checking if 127.0.0.1 is private. 12/06/2024 11:28:47 INFO: Generating the root certificate. 12/06/2024 11:28:47 INFO: Generating Admin certificates. 12/06/2024 11:28:47 DEBUG: Generating Admin private key. 12/06/2024 11:28:48 DEBUG: Converting Admin private key to PKCS8 format. 12/06/2024 11:28:48 DEBUG: Generating Admin CSR. 12/06/2024 11:28:48 DEBUG: Creating Admin certificate. 12/06/2024 11:28:48 INFO: Generating Wazuh indexer certificates. 12/06/2024 11:28:48 DEBUG: Creating the certificates for wazuh-indexer indexer node. 12/06/2024 11:28:48 DEBUG: Generating certificate configuration. 12/06/2024 11:28:48 DEBUG: Creating the Wazuh indexer tmp key pair. 12/06/2024 11:28:49 DEBUG: Creating the Wazuh indexer certificates. 12/06/2024 11:28:49 INFO: Generating Filebeat certificates. 12/06/2024 11:28:49 DEBUG: Generating the certificates for wazuh-server server node. 12/06/2024 11:28:49 DEBUG: Generating certificate configuration. 12/06/2024 11:28:49 DEBUG: Creating the Wazuh server tmp key pair. 12/06/2024 11:28:49 DEBUG: Creating the Wazuh server certificates. 12/06/2024 11:28:49 INFO: Generating Wazuh dashboard certificates. 12/06/2024 11:28:49 DEBUG: Generating certificate configuration. 12/06/2024 11:28:49 DEBUG: Creating the Wazuh dashboard tmp key pair. 12/06/2024 11:28:50 DEBUG: Creating the Wazuh dashboard certificates. 12/06/2024 11:28:50 DEBUG: Cleaning certificate files. 12/06/2024 11:28:50 DEBUG: Generating password file. 12/06/2024 11:28:50 DEBUG: Generating random passwords. 12/06/2024 11:28:50 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation. 12/06/2024 11:28:50 DEBUG: Extracting Wazuh configuration. 12/06/2024 11:28:50 DEBUG: Reading configuration file. 12/06/2024 11:28:51 DEBUG: Checking if 127.0.0.1 is private. 12/06/2024 11:28:51 DEBUG: Checking if 127.0.0.1 is private. 12/06/2024 11:28:51 DEBUG: Checking if 127.0.0.1 is private. 12/06/2024 11:28:51 INFO: --- Wazuh indexer --- 12/06/2024 11:28:51 INFO: Starting Wazuh indexer installation. Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. Red Hat Enterprise Linux 9 for x86_64 - AppStre 58 MB/s | 36 MB 00:00 Red Hat Enterprise Linux 9 for x86_64 - BaseOS 63 MB/s | 23 MB 00:00 Red Hat Enterprise Linux 9 Client Configuration 22 kB/s | 3.2 kB 00:00 EL-9 - Wazuh 14 MB/s | 26 MB 00:01 Last metadata expiration check: 0:00:01 ago on Wed 12 Jun 2024 11:29:14 AM UTC. Dependencies resolved. ================================================================================ Package Architecture Version Repository Size ================================================================================ Installing: wazuh-indexer x86_64 4.8.0-1 wazuh 743 M Transaction Summary ================================================================================ Install 1 Package Total download size: 743 M Installed size: 1.0 G Downloading Packages: wazuh-indexer-4.8.0-1.x86_64.rpm 50 MB/s | 743 MB 00:14 -------------------------------------------------------------------------------- Total 50 MB/s | 743 MB 00:14 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Running scriptlet: wazuh-indexer-4.8.0-1.x86_64 1/1 Installing : wazuh-indexer-4.8.0-1.x86_64 1/1 Running scriptlet: wazuh-indexer-4.8.0-1.x86_64 1/1 Created opensearch keystore in /etc/wazuh-indexer/opensearch.keystore Verifying : wazuh-indexer-4.8.0-1.x86_64 1/1 Installed products updated. Installed: wazuh-indexer-4.8.0-1.x86_64 Complete! 12/06/2024 11:31:24 DEBUG: Checking Wazuh installation. 12/06/2024 11:31:24 DEBUG: There are Wazuh indexer remaining files. 12/06/2024 11:31:24 INFO: Wazuh indexer installation finished. 12/06/2024 11:31:24 DEBUG: Configuring Wazuh indexer. 12/06/2024 11:31:24 DEBUG: Copying Wazuh indexer certificates. 12/06/2024 11:31:24 INFO: Wazuh indexer post-install configuration finished. 12/06/2024 11:31:24 INFO: Starting service wazuh-indexer. Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service → /usr/lib/systemd/system/wazuh-indexer.service. 12/06/2024 11:31:48 INFO: wazuh-indexer service started. 12/06/2024 11:31:48 INFO: Initializing Wazuh indexer cluster security settings. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to 127.0.0.1:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.10.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: GREEN Number of nodes: 1 Number of data nodes: 1 .opendistro_security index does not exists, attempt to create it ... done (0-all replicas) Populate config from /etc/wazuh-indexer/opensearch-security/ Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml SUCC: Configuration for 'config' created or updated Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml SUCC: Configuration for 'roles' created or updated Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml SUCC: Configuration for 'rolesmapping' created or updated Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml SUCC: Configuration for 'internalusers' created or updated Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml SUCC: Configuration for 'actiongroups' created or updated Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml SUCC: Configuration for 'tenants' created or updated Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml SUCC: Configuration for 'nodesdn' created or updated Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml SUCC: Configuration for 'whitelist' created or updated Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml SUCC: Configuration for 'audit' created or updated Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml SUCC: Configuration for 'allowlist' created or updated SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null Done with success 12/06/2024 11:31:59 INFO: Wazuh indexer cluster security configuration initialized. 12/06/2024 11:31:59 INFO: Wazuh indexer cluster initialized. 12/06/2024 11:31:59 INFO: --- Wazuh server --- 12/06/2024 11:31:59 INFO: Starting the Wazuh manager installation. Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. Last metadata expiration check: 0:02:46 ago on Wed 12 Jun 2024 11:29:14 AM UTC. Dependencies resolved. ================================================================================ Package Architecture Version Repository Size ================================================================================ Installing: wazuh-manager x86_64 4.8.0-1 wazuh 298 M Transaction Summary ================================================================================ Install 1 Package Total download size: 298 M Installed size: 887 M Downloading Packages: wazuh-manager-4.8.0-1.x86_64.rpm 42 MB/s | 298 MB 00:07 -------------------------------------------------------------------------------- Total 42 MB/s | 298 MB 00:07 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Running scriptlet: wazuh-manager-4.8.0-1.x86_64 1/1 Installing : wazuh-manager-4.8.0-1.x86_64 1/1 Running scriptlet: wazuh-manager-4.8.0-1.x86_64 1/1 Verifying : wazuh-manager-4.8.0-1.x86_64 1/1 Installed products updated. Installed: wazuh-manager-4.8.0-1.x86_64 Complete! 12/06/2024 11:33:32 DEBUG: Checking Wazuh installation. 12/06/2024 11:33:32 DEBUG: There are Wazuh remaining files. 12/06/2024 11:33:32 DEBUG: There are Wazuh indexer remaining files. 12/06/2024 11:33:32 INFO: Wazuh manager installation finished. 12/06/2024 11:33:32 DEBUG: Configuring Wazuh manager. 12/06/2024 11:33:32 DEBUG: Setting provisional Wazuh indexer password. 12/06/2024 11:33:32 INFO: Wazuh manager vulnerability detection configuration finished. 12/06/2024 11:33:32 INFO: Starting service wazuh-manager. Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-manager.service → /usr/lib/systemd/system/wazuh-manager.service. 12/06/2024 11:33:48 INFO: wazuh-manager service started. 12/06/2024 11:33:48 INFO: Starting Filebeat installation. Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. Waiting for process with pid 4920 to finish. Last metadata expiration check: 0:04:38 ago on Wed 12 Jun 2024 11:29:14 AM UTC. Dependencies resolved. ================================================================================ Package Architecture Version Repository Size ================================================================================ Installing: filebeat x86_64 7.10.2-1 wazuh 21 M Transaction Summary ================================================================================ Install 1 Package Total download size: 21 M Installed size: 70 M Downloading Packages: filebeat-oss-7.10.2-x86_64.rpm 15 MB/s | 21 MB 00:01 -------------------------------------------------------------------------------- Total 15 MB/s | 21 MB 00:01 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Installing : filebeat-7.10.2-1.x86_64 1/1 Running scriptlet: filebeat-7.10.2-1.x86_64 1/1 Verifying : filebeat-7.10.2-1.x86_64 1/1 Installed products updated. Installed: filebeat-7.10.2-1.x86_64 Complete! 12/06/2024 11:34:01 DEBUG: Checking Wazuh installation. 12/06/2024 11:34:01 DEBUG: There are Wazuh remaining files. 12/06/2024 11:34:01 DEBUG: There are Wazuh indexer remaining files. 12/06/2024 11:34:01 DEBUG: There are Filebeat remaining files. 12/06/2024 11:34:01 INFO: Filebeat installation finished. 12/06/2024 11:34:01 DEBUG: Configuring Filebeat. 12/06/2024 11:34:01 DEBUG: Filebeat template was download successfully. wazuh/ wazuh/_meta/ wazuh/_meta/docs.asciidoc wazuh/_meta/fields.yml wazuh/_meta/config.yml wazuh/alerts/ wazuh/alerts/config/ wazuh/alerts/config/alerts.yml wazuh/alerts/manifest.yml wazuh/alerts/ingest/ wazuh/alerts/ingest/pipeline.json wazuh/module.yml wazuh/archives/ wazuh/archives/config/ wazuh/archives/config/archives.yml wazuh/archives/manifest.yml wazuh/archives/ingest/ wazuh/archives/ingest/pipeline.json 12/06/2024 11:34:02 DEBUG: Filebeat module was downloaded successfully. 12/06/2024 11:34:02 DEBUG: Copying Filebeat certificates. Created filebeat keystore Successfully updated the keystore Successfully updated the keystore 12/06/2024 11:34:02 INFO: Filebeat post-install configuration finished. 12/06/2024 11:34:02 INFO: Starting service filebeat. Synchronizing state of filebeat.service with SysV service script with /usr/lib/systemd/systemd-sysv-install. Executing: /usr/lib/systemd/systemd-sysv-install enable filebeat Created symlink /etc/systemd/system/multi-user.target.wants/filebeat.service → /usr/lib/systemd/system/filebeat.service. 12/06/2024 11:34:04 INFO: filebeat service started. 12/06/2024 11:34:04 INFO: --- Wazuh dashboard --- 12/06/2024 11:34:04 INFO: Starting Wazuh dashboard installation. Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. Last metadata expiration check: 0:04:55 ago on Wed 12 Jun 2024 11:29:14 AM UTC. Dependencies resolved. ================================================================================ Package Architecture Version Repository Size ================================================================================ Installing: wazuh-dashboard x86_64 4.8.0-1 wazuh 275 M Transaction Summary ================================================================================ Install 1 Package Total download size: 275 M Installed size: 911 M Downloading Packages: wazuh-dashboard-4.8.0-1.x86_64.rpm 40 MB/s | 275 MB 00:06 -------------------------------------------------------------------------------- Total 40 MB/s | 275 MB 00:06 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Running scriptlet: wazuh-dashboard-4.8.0-1.x86_64 1/1 Installing : wazuh-dashboard-4.8.0-1.x86_64 1/1 Running scriptlet: wazuh-dashboard-4.8.0-1.x86_64 1/1 Verifying : wazuh-dashboard-4.8.0-1.x86_64 1/1 Installed products updated. Installed: wazuh-dashboard-4.8.0-1.x86_64 Complete! 12/06/2024 11:36:51 DEBUG: Checking Wazuh installation. 12/06/2024 11:36:51 DEBUG: There are Wazuh remaining files. 12/06/2024 11:36:51 DEBUG: There are Wazuh indexer remaining files. 12/06/2024 11:36:51 DEBUG: There are Filebeat remaining files. 12/06/2024 11:36:51 DEBUG: There are Wazuh dashboard remaining files. 12/06/2024 11:36:51 INFO: Wazuh dashboard installation finished. 12/06/2024 11:36:51 DEBUG: Configuring Wazuh dashboard. 12/06/2024 11:36:51 DEBUG: Copying Wazuh dashboard certificates. 12/06/2024 11:36:51 DEBUG: Wazuh dashboard certificate setup finished. 12/06/2024 11:36:51 INFO: Wazuh dashboard post-install configuration finished. 12/06/2024 11:36:51 INFO: Starting service wazuh-dashboard. Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service → /etc/systemd/system/wazuh-dashboard.service. 12/06/2024 11:36:52 INFO: wazuh-dashboard service started. 12/06/2024 11:36:52 DEBUG: Setting Wazuh indexer cluster passwords. 12/06/2024 11:36:52 DEBUG: Checking Wazuh installation. 12/06/2024 11:36:52 DEBUG: There are Wazuh remaining files. 12/06/2024 11:36:52 DEBUG: There are Wazuh indexer remaining files. 12/06/2024 11:36:52 DEBUG: There are Filebeat remaining files. 12/06/2024 11:36:52 DEBUG: There are Wazuh dashboard remaining files. 12/06/2024 11:36:52 INFO: Updating the internal users. 12/06/2024 11:36:52 DEBUG: Creating password backup. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to 127.0.0.1:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.10.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: GREEN Number of nodes: 1 Number of data nodes: 1 .opendistro_security index already exists, so we do not need to create one. Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml 12/06/2024 11:37:06 DEBUG: Password backup created in /etc/wazuh-indexer/backup. 12/06/2024 11:37:06 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder. 12/06/2024 11:37:06 DEBUG: The internal users have been updated before changing the passwords. 12/06/2024 11:37:08 DEBUG: Generating password hashes. 12/06/2024 11:37:24 DEBUG: Password hashes generated. 12/06/2024 11:37:24 DEBUG: Creating password backup. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to 127.0.0.1:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.10.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: GREEN Number of nodes: 1 Number of data nodes: 1 .opendistro_security index already exists, so we do not need to create one. Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml 12/06/2024 11:37:31 DEBUG: Password backup created in /etc/wazuh-indexer/backup. Successfully updated the keystore 12/06/2024 11:37:31 DEBUG: Restarting filebeat service... 12/06/2024 11:37:32 DEBUG: filebeat started. 12/06/2024 11:37:32 DEBUG: Restarting wazuh-manager service... 12/06/2024 11:37:54 DEBUG: wazuh-manager started. 12/06/2024 11:37:59 DEBUG: Restarting wazuh-dashboard service... 12/06/2024 11:38:01 DEBUG: wazuh-dashboard started. 12/06/2024 11:38:01 DEBUG: Running security admin tool. 12/06/2024 11:38:01 DEBUG: Loading new passwords changes. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to 127.0.0.1:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.10.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: GREEN Number of nodes: 1 Number of data nodes: 1 .opendistro_security index already exists, so we do not need to create one. Populate config from /home/ec2-user Force type: internalusers Will update '/internalusers' with /etc/wazuh-indexer/backup/internal_users.yml SUCC: Configuration for 'internalusers' created or updated SUCC: Expected 1 config types for node {"updated_config_types":["internalusers"],"updated_config_size":1,"message":null} is 1 (["internalusers"]) due to: null Done with success 12/06/2024 11:38:17 DEBUG: Passwords changed. 12/06/2024 11:38:17 DEBUG: Changing API passwords. 12/06/2024 11:38:27 INFO: Initializing Wazuh dashboard web application. 12/06/2024 11:38:28 INFO: Wazuh dashboard web application not yet initialized. Waiting... 12/06/2024 11:38:44 INFO: Wazuh dashboard web application not yet initialized. Waiting... 12/06/2024 11:38:59 INFO: Wazuh dashboard web application initialized. 12/06/2024 11:38:59 INFO: --- Summary --- 12/06/2024 11:38:59 INFO: You can access the web interface https://:443 User: admin Password: Chc*NWjMusl?.+RtbLJ4pt3tvdoZn8h* 12/06/2024 11:38:59 INFO: --- Dependencies --- 12/06/2024 11:38:59 INFO: Removing lsof. Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. Dependencies resolved. ================================================================================ Package Arch Version Repository Size ================================================================================ Removing: lsof x86_64 4.94.0-3.el9 @baseos 624 k Removing unused dependencies: libtirpc x86_64 1.3.3-8.el9_4 @rhel-9-baseos-rhui-rpms 202 k Transaction Summary ================================================================================ Remove 2 Packages Freed space: 826 k Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Erasing : lsof-4.94.0-3.el9.x86_64 1/2 Erasing : libtirpc-1.3.3-8.el9_4.x86_64 2/2 Running scriptlet: libtirpc-1.3.3-8.el9_4.x86_64 2/2 Verifying : libtirpc-1.3.3-8.el9_4.x86_64 1/2 Verifying : lsof-4.94.0-3.el9.x86_64 2/2 Installed products updated. Removed: libtirpc-1.3.3-8.el9_4.x86_64 lsof-4.94.0-3.el9.x86_64 Complete! 12/06/2024 11:39:01 INFO: Removing tar. Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. Dependencies resolved. ================================================================================ Package Arch Version Repository Size ================================================================================ Removing: tar x86_64 2:1.34-6.el9_1 @rhel-9-baseos-rhui-rpms 3.0 M Transaction Summary ================================================================================ Remove 1 Package Freed space: 3.0 M Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Erasing : tar-2:1.34-6.el9_1.x86_64 1/1 Running scriptlet: tar-2:1.34-6.el9_1.x86_64 1/1 Verifying : tar-2:1.34-6.el9_1.x86_64 1/1 Installed products updated. Removed: tar-2:1.34-6.el9_1.x86_64 Complete! 12/06/2024 11:39:04 DEBUG: Restoring Wazuh repository. 12/06/2024 11:39:04 INFO: Installation finished. [root@ip-172-31-71-82 ec2-user]# ```

AIO installation - with port change - APT

```console root@ip-172-31-71-48:/home/ubuntu# bash wazuh-install.sh -a -i -v -p 1443 12/06/2024 14:23:33 DEBUG: Checking root permissions. 12/06/2024 14:23:33 DEBUG: Checking sudo package. 12/06/2024 14:23:33 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0 12/06/2024 14:23:33 INFO: Verbose logging redirected to /var/log/wazuh-install.log 12/06/2024 14:23:33 DEBUG: APT package manager will be used. 12/06/2024 14:23:33 DEBUG: Checking system distribution. 12/06/2024 14:23:33 DEBUG: Detected distribution name: ubuntu 12/06/2024 14:23:33 DEBUG: Detected distribution version: 22 12/06/2024 14:23:33 DEBUG: Checking Wazuh installation. 12/06/2024 14:23:35 DEBUG: Checking system architecture. 12/06/2024 14:23:35 INFO: Wazuh web interface port will be 1443. 12/06/2024 14:23:45 WARNING: To perform the installation, the following package/s must be installed: lsof, openssl, software-properties-common. The following package/s will be removed after the installation: lsof, openssl. Add the -id|--install-dependencies parameter to install them automatically or install them manually. root@ip-172-31-71-48:/home/ubuntu# bash wazuh-install.sh -a -i -v -p 1443 -id 12/06/2024 14:24:08 DEBUG: Checking root permissions. 12/06/2024 14:24:08 DEBUG: Checking sudo package. 12/06/2024 14:24:08 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0 12/06/2024 14:24:08 INFO: Verbose logging redirected to /var/log/wazuh-install.log 12/06/2024 14:24:08 DEBUG: APT package manager will be used. 12/06/2024 14:24:08 DEBUG: Checking system distribution. 12/06/2024 14:24:08 DEBUG: Detected distribution name: ubuntu 12/06/2024 14:24:08 DEBUG: Detected distribution version: 22 12/06/2024 14:24:08 DEBUG: Checking Wazuh installation. 12/06/2024 14:24:11 DEBUG: Checking system architecture. 12/06/2024 14:24:11 INFO: Wazuh web interface port will be 1443. Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease Get:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease [128 kB] Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease Get:4 http://security.ubuntu.com/ubuntu jammy-security InRelease [129 kB] Get:5 http://security.ubuntu.com/ubuntu jammy-security/main amd64 Packages [1509 kB] Get:6 http://security.ubuntu.com/ubuntu jammy-security/main Translation-en [258 kB] Get:7 http://security.ubuntu.com/ubuntu jammy-security/restricted amd64 Packages [1920 kB] Get:8 http://security.ubuntu.com/ubuntu jammy-security/restricted Translation-en [326 kB] Get:9 http://security.ubuntu.com/ubuntu jammy-security/universe amd64 Packages [858 kB] Get:10 http://security.ubuntu.com/ubuntu jammy-security/universe Translation-en [166 kB] Fetched 5294 kB in 6s (849 kB/s) Reading package lists... 12/06/2024 14:24:29 INFO: --- Dependencies ---- 12/06/2024 14:24:29 INFO: Installing lsof. Reading package lists... Building dependency tree... Reading state information... The following packages were automatically installed and are no longer required: apport-symptoms bc gir1.2-packagekitglib-1.0 libappstream4 libglib2.0-bin libgstreamer1.0-0 libpackagekit-glib2-18 libstemmer0d packagekit packagekit-tools python3-automat python3-bcrypt python3-blinker python3-chardet python3-click python3-colorama python3-configobj python3-constantly python3-debconf python3-debian python3-distupgrade python3-hamcrest python3-hyperlink python3-incremental python3-jeepney python3-jwt python3-keyring python3-lazr.uri python3-oauthlib python3-problem-report python3-pyasn1 python3-pyasn1-modules python3-pyparsing python3-secretstorage python3-service-identity python3-systemd python3-twisted python3-update-manager python3-wadllib python3-zope.interface squashfs-tools Use 'sudo apt autoremove' to remove them. The following NEW packages will be installed: lsof 0 upgraded, 1 newly installed, 0 to remove and 74 not upgraded. Need to get 0 B/253 kB of archives. After this operation, 458 kB of additional disk space will be used. Selecting previously unselected package l NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 6.5.0-1020-aws NEEDRESTART-KEXP: 6.5.0-1020-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: filebeat.service 12/06/2024 14:24:32 INFO: Installing openssl. Reading package lists... Building dependency tree... Reading state information... The following packages were automatically installed and are no longer required: apport-symptoms bc gir1.2-packagekitglib-1.0 libappstream4 libglib2.0-bin libgstreamer1.0-0 libpackagekit-glib2-18 libstemmer0d packagekit packagekit-tools python3-automat python3-bcrypt python3-blinker python3-chardet python3-click python3-colorama python3-configobj python3-constantly python3-debconf python3-debian python3-distupgrade python3-hamcrest python3-hyperlink python3-incremental python3-jeepney python3-jwt python3-keyring python3-lazr.uri python3-oauthlib python3-problem-report python3-pyasn1 python3-pyasn1-modules python3-pyparsing python3-secretstorage python3-service-identity python3-systemd python3-twisted python3-update-manager python3-wadllib python3-zope.interface squashfs-tools Use 'sudo apt autoremove' to remove them. Suggested packages: ca-certificates The following NEW packages will be installed: openssl 0 upgraded, 1 newly installed, 0 to remove and 74 not upgraded. Need to get 0 B/1186 kB of archives. After this operation, 2102 kB of additional disk space will be used. NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 6.5.0-1020-aws NEEDRESTART-KEXP: 6.5.0-1020-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: filebeat.service 9200 9300 1514 1515 1516 55000 1443 12/06/2024 14:24:35 WARNING: Hardware and system checks ignored. 12/06/2024 14:24:35 DEBUG: Checking ports availability. Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease Hit:4 http://security.ubuntu.com/ubuntu jammy-security InRelease Reading package lists... 12/06/2024 14:24:46 INFO: --- Dependencies ---- 12/06/2024 14:24:46 INFO: Installing software-properties-common. Reading package lists... Building dependency tree... Reading state information... The following packages were automatically installed and are no longer required: apport-symptoms bc python3-automat python3-bcrypt python3-chardet python3-click python3-colorama python3-configobj python3-constantly python3-debconf python3-debian python3-distupgrade python3-hamcrest python3-hyperlink python3-incremental python3-problem-report python3-pyasn1 python3-pyasn1-modules python3-service-identity python3-systemd python3-twisted python3-update-manager python3-zope.interface squashfs-tools Use 'sudo apt autoremove' to remove them. The following additional packages will be installed: ca-certificates python3-httplib2 python3-launchpadlib python3-lazr.restfulclient python3-software-properties Suggested packages: python3-testresources The following NEW packages will be installed: ca-certificates python3-httplib2 python3-launchpadlib python3-lazr.restfulclient python3-software-properties software-properties-common Preconfiguring packages ... 0 upgraded, 6 newly installed, 0 to remove and 74 not upgraded. Need to get 0 B/405 kB of archives. After this operation, 2930 kB of NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 6.5.0-1020-aws NEEDRESTART-KEXP: 6.5.0-1020-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: filebeat.service 12/06/2024 14:24:55 DEBUG: Checking curl tool version. 12/06/2024 14:24:55 DEBUG: Adding the Wazuh repository. gpg: keyring '/usr/share/keyrings/wazuh.gpg' created gpg: key 96B3EE5F29111145: public key "Wazuh.com (Wazuh Signing Key) " imported gpg: Total number processed: 1 gpg: imported: 1 deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages-dev.wazuh.com/pre-release/apt/ unstable main Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease Get:4 https://packages-dev.wazuh.com/pre-release/apt unstable InRelease [17.3 kB] Get:5 https://packages-dev.wazuh.com/pre-release/apt unstable/main amd64 Packages [38.5 kB] Hit:6 http://security.ubuntu.com/ubuntu jammy-security InRelease Fetched 55.8 kB in 10s (5482 B/s) Reading package lists... 12/06/2024 14:25:07 INFO: Wazuh development repository added. 12/06/2024 14:25:07 INFO: --- Configuration files --- 12/06/2024 14:25:07 INFO: Generating configuration files. 12/06/2024 14:25:07 DEBUG: Creating Wazuh certificates. 12/06/2024 14:25:07 DEBUG: Reading configuration file. 12/06/2024 14:25:08 DEBUG: Checking if 127.0.0.1 is private. 12/06/2024 14:25:08 DEBUG: Checking if 127.0.0.1 is private. 12/06/2024 14:25:08 DEBUG: Checking if 127.0.0.1 is private. 12/06/2024 14:25:08 INFO: Generating the root certificate. 12/06/2024 14:25:08 INFO: Generating Admin certificates. 12/06/2024 14:25:08 DEBUG: Generating Admin private key. 12/06/2024 14:25:08 DEBUG: Converting Admin private key to PKCS8 format. 12/06/2024 14:25:08 DEBUG: Generating Admin CSR. 12/06/2024 14:25:08 DEBUG: Creating Admin certificate. 12/06/2024 14:25:08 INFO: Generating Wazuh indexer certificates. 12/06/2024 14:25:08 DEBUG: Creating the certificates for wazuh-indexer indexer node. 12/06/2024 14:25:08 DEBUG: Generating certificate configuration. 12/06/2024 14:25:08 DEBUG: Creating the Wazuh indexer tmp key pair. 12/06/2024 14:25:09 DEBUG: Creating the Wazuh indexer certificates. 12/06/2024 14:25:09 INFO: Generating Filebeat certificates. 12/06/2024 14:25:09 DEBUG: Generating the certificates for wazuh-server server node. 12/06/2024 14:25:09 DEBUG: Generating certificate configuration. 12/06/2024 14:25:09 DEBUG: Creating the Wazuh server tmp key pair. 12/06/2024 14:25:09 DEBUG: Creating the Wazuh server certificates. 12/06/2024 14:25:09 INFO: Generating Wazuh dashboard certificates. 12/06/2024 14:25:09 DEBUG: Generating certificate configuration. 12/06/2024 14:25:09 DEBUG: Creating the Wazuh dashboard tmp key pair. 12/06/2024 14:25:09 DEBUG: Creating the Wazuh dashboard certificates. 12/06/2024 14:25:09 DEBUG: Cleaning certificate files. 12/06/2024 14:25:09 DEBUG: Generating password file. 12/06/2024 14:25:09 DEBUG: Generating random passwords. 12/06/2024 14:25:10 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation. 12/06/2024 14:25:10 DEBUG: Extracting Wazuh configuration. 12/06/2024 14:25:10 DEBUG: Reading configuration file. 12/06/2024 14:25:10 DEBUG: Checking if 127.0.0.1 is private. 12/06/2024 14:25:10 DEBUG: Checking if 127.0.0.1 is private. 12/06/2024 14:25:10 DEBUG: Checking if 127.0.0.1 is private. 12/06/2024 14:25:10 INFO: --- Wazuh indexer --- 12/06/2024 14:25:10 INFO: Starting Wazuh indexer installation. Reading package lists... Building dependency tree... Reading state information... The following packages were automatically installed and are no longer required: apport-symptoms bc python3-automat python3-bcrypt python3-chardet python3-click python3-colorama python3-configobj python3-constantly python3-debconf python3-debian python3-distupgrade python3-hamcrest python3-hyperlink python3-incremental python3-problem-report python3-pyasn1 python3-pyasn1-modules python3-service-identity python3-systemd python3-twisted python3-update-manager python3-zope.interface squashfs-tools Use 'sudo apt autoremove' to remove them. The following NEW packages will be installed: wazuh-indexer 0 upgraded, 1 newly installed, 0 to remove and 74 not upgraded. Need to get 0 B/759 MB of archives. After this operation, 1050 MB of add NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 6.5.0-1020-aws NEEDRESTART-KEXP: 6.5.0-1020-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: filebeat.service 12/06/2024 14:26:31 DEBUG: Checking Wazuh installation. 12/06/2024 14:26:32 DEBUG: There are Wazuh indexer remaining files. 12/06/2024 14:26:34 INFO: Wazuh indexer installation finished. 12/06/2024 14:26:34 DEBUG: Configuring Wazuh indexer. 12/06/2024 14:26:34 DEBUG: Copying Wazuh indexer certificates. 12/06/2024 14:26:34 INFO: Wazuh indexer post-install configuration finished. 12/06/2024 14:26:34 INFO: Starting service wazuh-indexer. Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service → /lib/systemd/system/wazuh-indexer.service. 12/06/2024 14:26:59 INFO: wazuh-indexer service started. 12/06/2024 14:26:59 INFO: Initializing Wazuh indexer cluster security settings. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to 127.0.0.1:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.10.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: GREEN Number of nodes: 1 Number of data nodes: 1 .opendistro_security index does not exists, attempt to create it ... done (0-all replicas) Populate config from /etc/wazuh-indexer/opensearch-security/ Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml SUCC: Configuration for 'config' created or updated Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml SUCC: Configuration for 'roles' created or updated Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml SUCC: Configuration for 'rolesmapping' created or updated Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml SUCC: Configuration for 'internalusers' created or updated Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml SUCC: Configuration for 'actiongroups' created or updated Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml SUCC: Configuration for 'tenants' created or updated Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml SUCC: Configuration for 'nodesdn' created or updated Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml SUCC: Configuration for 'whitelist' created or updated Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml SUCC: Configuration for 'audit' created or updated Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml SUCC: Configuration for 'allowlist' created or updated SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null Done with success 12/06/2024 14:27:09 INFO: Wazuh indexer cluster security configuration initialized. 12/06/2024 14:27:09 INFO: Wazuh indexer cluster initialized. 12/06/2024 14:27:09 INFO: --- Wazuh server --- 12/06/2024 14:27:09 INFO: Starting the Wazuh manager installation. Reading package lists... Building dependency tree... Reading state information... The following packages were automatically installed and are no longer required: apport-symptoms bc python3-automat python3-bcrypt python3-chardet python3-click python3-colorama python3-configobj python3-constantly python3-debconf python3-debian python3-distupgrade python3-hamcrest python3-hyperlink python3-incremental python3-problem-report python3-pyasn1 python3-pyasn1-modules python3-service-identity python3-systemd python3-twisted python3-update-manager python3-zope.interface squashfs-tools Use 'sudo apt autoremove' to remove them. Suggested packages: expect The following NEW packages will be installed: wazuh-manager 0 upgraded, 1 newly installed, 0 to remove and 74 not upgraded. Need to get 0 B/317 MB of archives. After thi NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 6.5.0-1020-aws NEEDRESTART-KEXP: 6.5.0-1020-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: filebeat.service 12/06/2024 14:28:59 DEBUG: Checking Wazuh installation. 12/06/2024 14:29:00 DEBUG: There are Wazuh remaining files. 12/06/2024 14:29:01 DEBUG: There are Wazuh indexer remaining files. 12/06/2024 14:29:02 INFO: Wazuh manager installation finished. 12/06/2024 14:29:02 DEBUG: Configuring Wazuh manager. 12/06/2024 14:29:02 DEBUG: Setting provisional Wazuh indexer password. 12/06/2024 14:29:02 INFO: Wazuh manager vulnerability detection configuration finished. 12/06/2024 14:29:02 INFO: Starting service wazuh-manager. Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-manager.service → /lib/systemd/system/wazuh-manager.service. 12/06/2024 14:29:28 INFO: wazuh-manager service started. 12/06/2024 14:29:28 INFO: Starting Filebeat installation. Reading package lists... Building dependency tree... Reading state information... The following packages were automatically installed and are no longer required: apport-symptoms bc python3-automat python3-bcrypt python3-chardet python3-click python3-colorama python3-configobj python3-constantly python3-debconf python3-debian python3-distupgrade python3-hamcrest python3-hyperlink python3-incremental python3-problem-report python3-pyasn1 python3-pyasn1-modules python3-service-identity python3-systemd python3-twisted python3-update-manager python3-zope.interface squashfs-tools Use 'sudo apt autoremove' to remove them. The following NEW packages will be installed: filebeat 0 upgraded, 1 newly installed, 0 to remove and 74 not upgraded. Need to get 0 B/22.1 MB of archives. After this operation, 73.6 MB of additio NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 6.5.0-1020-aws NEEDRESTART-KEXP: 6.5.0-1020-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: filebeat.service 12/06/2024 14:29:35 DEBUG: Checking Wazuh installation. 12/06/2024 14:29:36 DEBUG: There are Wazuh remaining files. 12/06/2024 14:29:36 DEBUG: There are Wazuh indexer remaining files. 12/06/2024 14:29:37 DEBUG: There are Filebeat remaining files. 12/06/2024 14:29:38 INFO: Filebeat installation finished. 12/06/2024 14:29:38 DEBUG: Configuring Filebeat. 12/06/2024 14:29:38 DEBUG: Filebeat template was download successfully. wazuh/ wazuh/_meta/ wazuh/_meta/docs.asciidoc wazuh/_meta/fields.yml wazuh/_meta/config.yml wazuh/alerts/ wazuh/alerts/config/ wazuh/alerts/config/alerts.yml wazuh/alerts/manifest.yml wazuh/alerts/ingest/ wazuh/alerts/ingest/pipeline.json wazuh/module.yml wazuh/archives/ wazuh/archives/config/ wazuh/archives/config/archives.yml wazuh/archives/manifest.yml wazuh/archives/ingest/ wazuh/archives/ingest/pipeline.json 12/06/2024 14:29:38 DEBUG: Filebeat module was downloaded successfully. 12/06/2024 14:29:38 DEBUG: Copying Filebeat certificates. Created filebeat keystore Successfully updated the keystore Successfully updated the keystore 12/06/2024 14:29:39 INFO: Filebeat post-install configuration finished. 12/06/2024 14:29:39 INFO: Starting service filebeat. Synchronizing state of filebeat.service with SysV service script with /lib/systemd/systemd-sysv-install. Executing: /lib/systemd/systemd-sysv-install enable filebeat Created symlink /etc/systemd/system/multi-user.target.wants/filebeat.service → /lib/systemd/system/filebeat.service. 12/06/2024 14:29:42 INFO: filebeat service started. 12/06/2024 14:29:42 INFO: --- Wazuh dashboard --- 12/06/2024 14:29:42 INFO: Starting Wazuh dashboard installation. Reading package lists... Building dependency tree... Reading state information... The following packages were automatically installed and are no longer required: apport-symptoms bc python3-automat python3-bcrypt python3-chardet python3-click python3-colorama python3-configobj python3-constantly python3-debconf python3-debian python3-distupgrade python3-hamcrest python3-hyperlink python3-incremental python3-problem-report python3-pyasn1 python3-pyasn1-modules python3-service-identity python3-systemd python3-twisted python3-update-manager python3-zope.interface squashfs-tools Use 'sudo apt autoremove' to remove them. The following NEW packages will be installed: wazuh-dashboard 0 upgraded, 1 newly installed, 0 to remove and 74 not upgraded. Need to get 0 B/186 MB of archives. After this operation, 998 MB of ad NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 6.5.0-1020-aws NEEDRESTART-KEXP: 6.5.0-1020-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: filebeat.service 12/06/2024 14:32:10 DEBUG: Checking Wazuh installation. 12/06/2024 14:32:11 DEBUG: There are Wazuh remaining files. 12/06/2024 14:32:11 DEBUG: There are Wazuh indexer remaining files. 12/06/2024 14:32:12 DEBUG: There are Filebeat remaining files. 12/06/2024 14:32:13 DEBUG: There are Wazuh dashboard remaining files. 12/06/2024 14:32:13 INFO: Wazuh dashboard installation finished. 12/06/2024 14:32:13 DEBUG: Configuring Wazuh dashboard. 12/06/2024 14:32:13 DEBUG: Copying Wazuh dashboard certificates. 12/06/2024 14:32:13 DEBUG: Wazuh dashboard certificate setup finished. 12/06/2024 14:32:13 INFO: Wazuh dashboard post-install configuration finished. 12/06/2024 14:32:13 INFO: Starting service wazuh-dashboard. Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service → /etc/systemd/system/wazuh-dashboard.service. 12/06/2024 14:32:14 INFO: wazuh-dashboard service started. 12/06/2024 14:32:14 DEBUG: Setting Wazuh indexer cluster passwords. 12/06/2024 14:32:14 DEBUG: Checking Wazuh installation. 12/06/2024 14:32:15 DEBUG: There are Wazuh remaining files. 12/06/2024 14:32:16 DEBUG: There are Wazuh indexer remaining files. 12/06/2024 14:32:16 DEBUG: There are Filebeat remaining files. 12/06/2024 14:32:17 DEBUG: There are Wazuh dashboard remaining files. 12/06/2024 14:32:17 INFO: Updating the internal users. 12/06/2024 14:32:17 DEBUG: Creating password backup. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to 127.0.0.1:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.10.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: GREEN Number of nodes: 1 Number of data nodes: 1 .opendistro_security index already exists, so we do not need to create one. Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml 12/06/2024 14:32:27 DEBUG: Password backup created in /etc/wazuh-indexer/backup. 12/06/2024 14:32:27 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder. 12/06/2024 14:32:27 DEBUG: The internal users have been updated before changing the passwords. 12/06/2024 14:32:31 DEBUG: Generating password hashes. 12/06/2024 14:32:43 DEBUG: Password hashes generated. 12/06/2024 14:32:43 DEBUG: Creating password backup. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to 127.0.0.1:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.10.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: GREEN Number of nodes: 1 Number of data nodes: 1 .opendistro_security index already exists, so we do not need to create one. Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml 12/06/2024 14:32:49 DEBUG: Password backup created in /etc/wazuh-indexer/backup. Successfully updated the keystore 12/06/2024 14:32:50 DEBUG: Restarting filebeat service... 12/06/2024 14:32:50 DEBUG: filebeat started. 12/06/2024 14:32:50 DEBUG: Restarting wazuh-manager service... 12/06/2024 14:33:18 DEBUG: wazuh-manager started. 12/06/2024 14:33:20 DEBUG: Restarting wazuh-dashboard service... 12/06/2024 14:33:21 DEBUG: wazuh-dashboard started. 12/06/2024 14:33:21 DEBUG: Running security admin tool. 12/06/2024 14:33:21 DEBUG: Loading new passwords changes. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to 127.0.0.1:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.10.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: GREEN Number of nodes: 1 Number of data nodes: 1 .opendistro_security index already exists, so we do not need to create one. Populate config from /home/ubuntu Force type: internalusers Will update '/internalusers' with /etc/wazuh-indexer/backup/internal_users.yml SUCC: Configuration for 'internalusers' created or updated SUCC: Expected 1 config types for node {"updated_config_types":["internalusers"],"updated_config_size":1,"message":null} is 1 (["internalusers"]) due to: null Done with success 12/06/2024 14:33:30 DEBUG: Passwords changed. 12/06/2024 14:33:30 DEBUG: Changing API passwords. 12/06/2024 14:33:54 INFO: Initializing Wazuh dashboard web application. 12/06/2024 14:33:55 INFO: Wazuh dashboard web application initialized. 12/06/2024 14:33:55 INFO: --- Summary --- 12/06/2024 14:33:55 INFO: You can access the web interface https://:1443 User: admin Password: b7ilii?*rGb4PCwQ0miZCzCERqybRpEi 12/06/2024 14:33:55 INFO: --- Dependencies --- 12/06/2024 14:33:55 INFO: Removing lsof. Reading package lists... Building dependency tree... Reading state information... The following packages were automatically installed and are no longer required: apport-symptoms bc python3-automat python3-bcrypt python3-chardet python3-click python3-colorama python3-configobj python3-constantly python3-debconf python3-debian python3-distupgrade python3-hamcrest python3-hyperlink python3-incremental python3-problem-report python3-pyasn1 python3-pyasn1-modules python3-service-identity python3-systemd python3-twisted python3-update-manager python3-zope.interface squashfs-tools Use 'sudo apt autoremove' to remove them. The following packages will be REMOVED: lsof* 0 upgraded, 0 newly installed, 1 Processing triggers for man-db (2.10.2-1) ...ries currently installed.)ill be freed. (Reading database ... 12/06/2024 14:33:58 INFO: Removing openssl. Reading package lists... Building dependency tree... Reading state information... The following packages were automatically installed and are no longer required: apport-symptoms bc gir1.2-packagekitglib-1.0 libappstream4 libglib2.0-bin libgstreamer1.0-0 libpackagekit-glib2-18 libstemmer0d packagekit packagekit-tools python3-automat python3-bcrypt python3-blinker python3-chardet python3-click python3-colorama python3-configobj python3-constantly python3-debconf python3-debian python3-distupgrade python3-hamcrest python3-hyperlink python3-incremental python3-jeepney python3-jwt python3-keyring python3-lazr.uri python3-oauthlib python3-problem-report python3-pyasn1 python3-pyasn1-modules python3-pyparsing python3-secretstorage python3-service-identity python3-systemd python3-twisted python3-update-manager python3-wadllib python3-zope.interface squashfs-tools Use 'sudo apt autoremove' to remove them. The following packages will be REMOVED: ca-certificates* openssl* python3-httplib2* python3-launchpadlib* python3-lazr.restfulclient* python3-software-properties* software-properties-common* 0 upgraded, 0 newly installed, 7 to remove and 74 not upgraded. After Processing triggers for dbus (1.12.20-2ubuntu4.1) ...u1.15) ...0.22.04.1) ... 12/06/2024 14:34:04 DEBUG: Restoring Wazuh repository. 12/06/2024 14:34:04 INFO: Installation finished. ```

AIO installation - with port change - YUM

```console [root@ip-172-31-71-82 ec2-user]# bash wazuh-install.sh -a -i -v -p 1443 12/06/2024 14:23:33 DEBUG: Checking root permissions. 12/06/2024 14:23:33 DEBUG: Checking sudo package. 12/06/2024 14:23:33 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0 12/06/2024 14:23:33 INFO: Verbose logging redirected to /var/log/wazuh-install.log 12/06/2024 14:23:33 DEBUG: YUM package manager will be used. 12/06/2024 14:23:33 DEBUG: Checking system distribution. 12/06/2024 14:23:33 DEBUG: Detected distribution name: rhel 12/06/2024 14:23:33 DEBUG: Detected distribution version: 9 12/06/2024 14:23:33 DEBUG: Checking Wazuh installation. 12/06/2024 14:23:33 DEBUG: Checking system architecture. 12/06/2024 14:23:33 INFO: Wazuh web interface port will be 1443. 12/06/2024 14:23:33 WARNING: To perform the installation, the following package/s must be installed: lsof, tar. The following package/s will be removed after the installation: lsof, tar. Add the -id|--install-dependencies parameter to install them automatically or install them manually. [root@ip-172-31-71-82 ec2-user]# bash wazuh-install.sh -a -i -v -p 1443 -id 12/06/2024 14:24:08 DEBUG: Checking root permissions. 12/06/2024 14:24:08 DEBUG: Checking sudo package. 12/06/2024 14:24:08 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0 12/06/2024 14:24:08 INFO: Verbose logging redirected to /var/log/wazuh-install.log 12/06/2024 14:24:08 DEBUG: YUM package manager will be used. 12/06/2024 14:24:08 DEBUG: Checking system distribution. 12/06/2024 14:24:08 DEBUG: Detected distribution name: rhel 12/06/2024 14:24:08 DEBUG: Detected distribution version: 9 12/06/2024 14:24:08 DEBUG: Checking Wazuh installation. 12/06/2024 14:24:08 DEBUG: Checking system architecture. 12/06/2024 14:24:08 INFO: Wazuh web interface port will be 1443. 12/06/2024 14:24:09 DEBUG: CentOS repository file created. 12/06/2024 14:24:09 DEBUG: CentOS repositories added. 12/06/2024 14:24:09 INFO: --- Dependencies ---- 12/06/2024 14:24:09 INFO: Installing lsof. Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. CentOS Stream 9 - AppStream 47 MB/s | 20 MB 00:00 CentOS Stream 9 - BaseOS 27 MB/s | 8.1 MB 00:00 Red Hat Enterprise Linux 9 for x86_64 - AppStre 73 MB/s | 36 MB 00:00 Red Hat Enterprise Linux 9 for x86_64 - BaseOS 71 MB/s | 23 MB 00:00 Red Hat Enterprise Linux 9 Client Configuration 32 kB/s | 3.2 kB 00:00 Dependencies resolved. ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: lsof x86_64 4.94.0-3.el9 baseos 239 k Installing dependencies: libtirpc x86_64 1.3.3-8.el9_4 rhel-9-baseos-rhui-rpms 96 k Transaction Summary ================================================================================ Install 2 Packages Total download size: 336 k Installed size: 826 k Downloading Packages: (1/2): libtirpc-1.3.3-8.el9_4.x86_64.rpm 1.1 MB/s | 96 kB 00:00 (2/2): lsof-4.94.0-3.el9.x86_64.rpm 2.2 MB/s | 239 kB 00:00 -------------------------------------------------------------------------------- Total 2.5 MB/s | 336 kB 00:00 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Installing : libtirpc-1.3.3-8.el9_4.x86_64 1/2 Installing : lsof-4.94.0-3.el9.x86_64 2/2 Running scriptlet: lsof-4.94.0-3.el9.x86_64 2/2 Verifying : lsof-4.94.0-3.el9.x86_64 1/2 Verifying : libtirpc-1.3.3-8.el9_4.x86_64 2/2 Installed products updated. Installed: libtirpc-1.3.3-8.el9_4.x86_64 lsof-4.94.0-3.el9.x86_64 Complete! 12/06/2024 14:24:42 INFO: Installing tar. Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. Last metadata expiration check: 0:00:06 ago on Wed 12 Jun 2024 02:24:37 PM UTC. Dependencies resolved. ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: tar x86_64 2:1.34-6.el9_1 rhel-9-baseos-rhui-rpms 889 k Transaction Summary ================================================================================ Install 1 Package Total download size: 889 k Installed size: 3.0 M Downloading Packages: tar-1.34-6.el9_1.x86_64.rpm 18 MB/s | 889 kB 00:00 -------------------------------------------------------------------------------- Total 10 MB/s | 889 kB 00:00 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Installing : tar-2:1.34-6.el9_1.x86_64 1/1 Running scriptlet: tar-2:1.34-6.el9_1.x86_64 1/1 Verifying : tar-2:1.34-6.el9_1.x86_64 1/1 Installed products updated. Installed: tar-2:1.34-6.el9_1.x86_64 Complete! Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. 38 files removed 12/06/2024 14:24:46 DEBUG: CentOS repositories and key deleted. 9200 9300 1514 1515 1516 55000 1443 12/06/2024 14:24:46 WARNING: Hardware and system checks ignored. 12/06/2024 14:24:46 DEBUG: Checking ports availability. 12/06/2024 14:24:46 DEBUG: Checking curl tool version. 12/06/2024 14:24:46 DEBUG: Adding the Wazuh repository. [wazuh] gpgcheck=1 gpgkey=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH enabled=1 name=EL-${releasever} - Wazuh baseurl=https://packages-dev.wazuh.com/pre-release/yum/ protect=1 12/06/2024 14:24:46 INFO: Wazuh development repository added. 12/06/2024 14:24:46 INFO: --- Configuration files --- 12/06/2024 14:24:46 INFO: Generating configuration files. 12/06/2024 14:24:46 DEBUG: Creating Wazuh certificates. 12/06/2024 14:24:46 DEBUG: Reading configuration file. 12/06/2024 14:24:46 DEBUG: Checking if 127.0.0.1 is private. 12/06/2024 14:24:46 DEBUG: Checking if 127.0.0.1 is private. 12/06/2024 14:24:46 DEBUG: Checking if 127.0.0.1 is private. 12/06/2024 14:24:46 INFO: Generating the root certificate. 12/06/2024 14:24:47 INFO: Generating Admin certificates. 12/06/2024 14:24:47 DEBUG: Generating Admin private key. 12/06/2024 14:24:47 DEBUG: Converting Admin private key to PKCS8 format. 12/06/2024 14:24:47 DEBUG: Generating Admin CSR. 12/06/2024 14:24:47 DEBUG: Creating Admin certificate. 12/06/2024 14:24:47 INFO: Generating Wazuh indexer certificates. 12/06/2024 14:24:47 DEBUG: Creating the certificates for wazuh-indexer indexer node. 12/06/2024 14:24:47 DEBUG: Generating certificate configuration. 12/06/2024 14:24:47 DEBUG: Creating the Wazuh indexer tmp key pair. 12/06/2024 14:24:48 DEBUG: Creating the Wazuh indexer certificates. 12/06/2024 14:24:48 INFO: Generating Filebeat certificates. 12/06/2024 14:24:48 DEBUG: Generating the certificates for wazuh-server server node. 12/06/2024 14:24:48 DEBUG: Generating certificate configuration. 12/06/2024 14:24:48 DEBUG: Creating the Wazuh server tmp key pair. 12/06/2024 14:24:49 DEBUG: Creating the Wazuh server certificates. 12/06/2024 14:24:49 INFO: Generating Wazuh dashboard certificates. 12/06/2024 14:24:49 DEBUG: Generating certificate configuration. 12/06/2024 14:24:49 DEBUG: Creating the Wazuh dashboard tmp key pair. 12/06/2024 14:24:49 DEBUG: Creating the Wazuh dashboard certificates. 12/06/2024 14:24:49 DEBUG: Cleaning certificate files. 12/06/2024 14:24:49 DEBUG: Generating password file. 12/06/2024 14:24:49 DEBUG: Generating random passwords. 12/06/2024 14:24:49 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation. 12/06/2024 14:24:49 DEBUG: Extracting Wazuh configuration. 12/06/2024 14:24:49 DEBUG: Reading configuration file. 12/06/2024 14:24:49 DEBUG: Checking if 127.0.0.1 is private. 12/06/2024 14:24:49 DEBUG: Checking if 127.0.0.1 is private. 12/06/2024 14:24:49 DEBUG: Checking if 127.0.0.1 is private. 12/06/2024 14:24:49 INFO: --- Wazuh indexer --- 12/06/2024 14:24:49 INFO: Starting Wazuh indexer installation. Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. Red Hat Enterprise Linux 9 for x86_64 - AppStre 74 MB/s | 36 MB 00:00 Red Hat Enterprise Linux 9 for x86_64 - BaseOS 66 MB/s | 23 MB 00:00 Red Hat Enterprise Linux 9 Client Configuration 29 kB/s | 3.2 kB 00:00 EL-9 - Wazuh 22 MB/s | 26 MB 00:01 Last metadata expiration check: 0:00:01 ago on Wed 12 Jun 2024 02:25:09 PM UTC. Dependencies resolved. ================================================================================ Package Architecture Version Repository Size ================================================================================ Installing: wazuh-indexer x86_64 4.8.0-1 wazuh 743 M Transaction Summary ================================================================================ Install 1 Package Total download size: 743 M Installed size: 1.0 G Downloading Packages: wazuh-indexer-4.8.0-1.x86_64.rpm 66 MB/s | 743 MB 00:11 -------------------------------------------------------------------------------- Total 66 MB/s | 743 MB 00:11 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Running scriptlet: wazuh-indexer-4.8.0-1.x86_64 1/1 Installing : wazuh-indexer-4.8.0-1.x86_64 1/1 Running scriptlet: wazuh-indexer-4.8.0-1.x86_64 1/1 Created opensearch keystore in /etc/wazuh-indexer/opensearch.keystore Verifying : wazuh-indexer-4.8.0-1.x86_64 1/1 Installed products updated. Installed: wazuh-indexer-4.8.0-1.x86_64 Complete! 12/06/2024 14:26:54 DEBUG: Checking Wazuh installation. 12/06/2024 14:26:54 DEBUG: There are Wazuh indexer remaining files. 12/06/2024 14:26:54 INFO: Wazuh indexer installation finished. 12/06/2024 14:26:54 DEBUG: Configuring Wazuh indexer. 12/06/2024 14:26:54 DEBUG: Copying Wazuh indexer certificates. 12/06/2024 14:26:54 INFO: Wazuh indexer post-install configuration finished. 12/06/2024 14:26:54 INFO: Starting service wazuh-indexer. Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service → /usr/lib/systemd/system/wazuh-indexer.service. 12/06/2024 14:27:15 INFO: wazuh-indexer service started. 12/06/2024 14:27:15 INFO: Initializing Wazuh indexer cluster security settings. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to 127.0.0.1:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.10.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: GREEN Number of nodes: 1 Number of data nodes: 1 .opendistro_security index does not exists, attempt to create it ... done (0-all replicas) Populate config from /etc/wazuh-indexer/opensearch-security/ Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml SUCC: Configuration for 'config' created or updated Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml SUCC: Configuration for 'roles' created or updated Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml SUCC: Configuration for 'rolesmapping' created or updated Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml SUCC: Configuration for 'internalusers' created or updated Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml SUCC: Configuration for 'actiongroups' created or updated Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml SUCC: Configuration for 'tenants' created or updated Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml SUCC: Configuration for 'nodesdn' created or updated Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml SUCC: Configuration for 'whitelist' created or updated Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml SUCC: Configuration for 'audit' created or updated Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml SUCC: Configuration for 'allowlist' created or updated SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null Done with success 12/06/2024 14:27:26 INFO: Wazuh indexer cluster security configuration initialized. 12/06/2024 14:27:26 INFO: Wazuh indexer cluster initialized. 12/06/2024 14:27:26 INFO: --- Wazuh server --- 12/06/2024 14:27:26 INFO: Starting the Wazuh manager installation. Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. Last metadata expiration check: 0:02:18 ago on Wed 12 Jun 2024 02:25:09 PM UTC. Dependencies resolved. ================================================================================ Package Architecture Version Repository Size ================================================================================ Installing: wazuh-manager x86_64 4.8.0-1 wazuh 298 M Transaction Summary ================================================================================ Install 1 Package Total download size: 298 M Installed size: 887 M Downloading Packages: wazuh-manager-4.8.0-1.x86_64.rpm 44 MB/s | 298 MB 00:06 -------------------------------------------------------------------------------- Total 44 MB/s | 298 MB 00:06 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Running scriptlet: wazuh-manager-4.8.0-1.x86_64 1/1 Installing : wazuh-manager-4.8.0-1.x86_64 1/1 Running scriptlet: wazuh-manager-4.8.0-1.x86_64 1/1 Verifying : wazuh-manager-4.8.0-1.x86_64 1/1 Installed products updated. Installed: wazuh-manager-4.8.0-1.x86_64 Complete! 12/06/2024 14:28:42 DEBUG: Checking Wazuh installation. 12/06/2024 14:28:42 DEBUG: There are Wazuh remaining files. 12/06/2024 14:28:42 DEBUG: There are Wazuh indexer remaining files. 12/06/2024 14:28:42 INFO: Wazuh manager installation finished. 12/06/2024 14:28:42 DEBUG: Configuring Wazuh manager. 12/06/2024 14:28:42 DEBUG: Setting provisional Wazuh indexer password. 12/06/2024 14:28:42 INFO: Wazuh manager vulnerability detection configuration finished. 12/06/2024 14:28:42 INFO: Starting service wazuh-manager. Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-manager.service → /usr/lib/systemd/system/wazuh-manager.service. 12/06/2024 14:28:56 INFO: wazuh-manager service started. 12/06/2024 14:28:56 INFO: Starting Filebeat installation. Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. Waiting for process with pid 23114 to finish. Last metadata expiration check: 0:03:50 ago on Wed 12 Jun 2024 02:25:09 PM UTC. Dependencies resolved. ================================================================================ Package Architecture Version Repository Size ================================================================================ Installing: filebeat x86_64 7.10.2-1 wazuh 21 M Transaction Summary ================================================================================ Install 1 Package Total download size: 21 M Installed size: 70 M Downloading Packages: filebeat-oss-7.10.2-x86_64.rpm 26 MB/s | 21 MB 00:00 -------------------------------------------------------------------------------- Total 26 MB/s | 21 MB 00:00 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Installing : filebeat-7.10.2-1.x86_64 1/1 Running scriptlet: filebeat-7.10.2-1.x86_64 1/1 Verifying : filebeat-7.10.2-1.x86_64 1/1 Installed products updated. Installed: filebeat-7.10.2-1.x86_64 Complete! 12/06/2024 14:29:07 DEBUG: Checking Wazuh installation. 12/06/2024 14:29:07 DEBUG: There are Wazuh remaining files. 12/06/2024 14:29:07 DEBUG: There are Wazuh indexer remaining files. 12/06/2024 14:29:07 DEBUG: There are Filebeat remaining files. 12/06/2024 14:29:07 INFO: Filebeat installation finished. 12/06/2024 14:29:07 DEBUG: Configuring Filebeat. 12/06/2024 14:29:07 DEBUG: Filebeat template was download successfully. wazuh/ wazuh/_meta/ wazuh/_meta/docs.asciidoc wazuh/_meta/fields.yml wazuh/_meta/config.yml wazuh/alerts/ wazuh/alerts/config/ wazuh/alerts/config/alerts.yml wazuh/alerts/manifest.yml wazuh/alerts/ingest/ wazuh/alerts/ingest/pipeline.json wazuh/module.yml wazuh/archives/ wazuh/archives/config/ wazuh/archives/config/archives.yml wazuh/archives/manifest.yml wazuh/archives/ingest/ wazuh/archives/ingest/pipeline.json 12/06/2024 14:29:08 DEBUG: Filebeat module was downloaded successfully. 12/06/2024 14:29:08 DEBUG: Copying Filebeat certificates. Created filebeat keystore Successfully updated the keystore Successfully updated the keystore 12/06/2024 14:29:08 INFO: Filebeat post-install configuration finished. 12/06/2024 14:29:08 INFO: Starting service filebeat. Synchronizing state of filebeat.service with SysV service script with /usr/lib/systemd/systemd-sysv-install. Executing: /usr/lib/systemd/systemd-sysv-install enable filebeat Created symlink /etc/systemd/system/multi-user.target.wants/filebeat.service → /usr/lib/systemd/system/filebeat.service. 12/06/2024 14:29:10 INFO: filebeat service started. 12/06/2024 14:29:10 INFO: --- Wazuh dashboard --- 12/06/2024 14:29:10 INFO: Starting Wazuh dashboard installation. Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. Last metadata expiration check: 0:04:08 ago on Wed 12 Jun 2024 02:25:09 PM UTC. Dependencies resolved. ================================================================================ Package Architecture Version Repository Size ================================================================================ Installing: wazuh-dashboard x86_64 4.8.0-1 wazuh 275 M Transaction Summary ================================================================================ Install 1 Package Total download size: 275 M Installed size: 911 M Downloading Packages: wazuh-dashboard-4.8.0-1.x86_64.rpm 44 MB/s | 275 MB 00:06 -------------------------------------------------------------------------------- Total 44 MB/s | 275 MB 00:06 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Running scriptlet: wazuh-dashboard-4.8.0-1.x86_64 1/1 Installing : wazuh-dashboard-4.8.0-1.x86_64 1/1 Running scriptlet: wazuh-dashboard-4.8.0-1.x86_64 1/1 Verifying : wazuh-dashboard-4.8.0-1.x86_64 1/1 Installed products updated. Installed: wazuh-dashboard-4.8.0-1.x86_64 Complete! 12/06/2024 14:31:41 DEBUG: Checking Wazuh installation. 12/06/2024 14:31:41 DEBUG: There are Wazuh remaining files. 12/06/2024 14:31:41 DEBUG: There are Wazuh indexer remaining files. 12/06/2024 14:31:41 DEBUG: There are Filebeat remaining files. 12/06/2024 14:31:42 DEBUG: There are Wazuh dashboard remaining files. 12/06/2024 14:31:42 INFO: Wazuh dashboard installation finished. 12/06/2024 14:31:42 DEBUG: Configuring Wazuh dashboard. 12/06/2024 14:31:42 DEBUG: Copying Wazuh dashboard certificates. 12/06/2024 14:31:42 DEBUG: Wazuh dashboard certificate setup finished. 12/06/2024 14:31:42 INFO: Wazuh dashboard post-install configuration finished. 12/06/2024 14:31:42 INFO: Starting service wazuh-dashboard. Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service → /etc/systemd/system/wazuh-dashboard.service. 12/06/2024 14:31:43 INFO: wazuh-dashboard service started. 12/06/2024 14:31:43 DEBUG: Setting Wazuh indexer cluster passwords. 12/06/2024 14:31:43 DEBUG: Checking Wazuh installation. 12/06/2024 14:31:43 DEBUG: There are Wazuh remaining files. 12/06/2024 14:31:43 DEBUG: There are Wazuh indexer remaining files. 12/06/2024 14:31:43 DEBUG: There are Filebeat remaining files. 12/06/2024 14:31:43 DEBUG: There are Wazuh dashboard remaining files. 12/06/2024 14:31:43 INFO: Updating the internal users. 12/06/2024 14:31:43 DEBUG: Creating password backup. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to 127.0.0.1:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.10.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: GREEN Number of nodes: 1 Number of data nodes: 1 .opendistro_security index already exists, so we do not need to create one. Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml 12/06/2024 14:31:57 DEBUG: Password backup created in /etc/wazuh-indexer/backup. 12/06/2024 14:31:57 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder. 12/06/2024 14:31:57 DEBUG: The internal users have been updated before changing the passwords. 12/06/2024 14:31:59 DEBUG: Generating password hashes. 12/06/2024 14:32:13 DEBUG: Password hashes generated. 12/06/2024 14:32:13 DEBUG: Creating password backup. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to 127.0.0.1:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.10.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: GREEN Number of nodes: 1 Number of data nodes: 1 .opendistro_security index already exists, so we do not need to create one. Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml 12/06/2024 14:32:20 DEBUG: Password backup created in /etc/wazuh-indexer/backup. Successfully updated the keystore 12/06/2024 14:32:20 DEBUG: Restarting filebeat service... 12/06/2024 14:32:21 DEBUG: filebeat started. 12/06/2024 14:32:21 DEBUG: Restarting wazuh-manager service... 12/06/2024 14:32:43 DEBUG: wazuh-manager started. 12/06/2024 14:32:48 DEBUG: Restarting wazuh-dashboard service... 12/06/2024 14:32:49 DEBUG: wazuh-dashboard started. 12/06/2024 14:32:49 DEBUG: Running security admin tool. 12/06/2024 14:32:49 DEBUG: Loading new passwords changes. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to 127.0.0.1:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.10.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: GREEN Number of nodes: 1 Number of data nodes: 1 .opendistro_security index already exists, so we do not need to create one. Populate config from /home/ec2-user Force type: internalusers Will update '/internalusers' with /etc/wazuh-indexer/backup/internal_users.yml SUCC: Configuration for 'internalusers' created or updated SUCC: Expected 1 config types for node {"updated_config_types":["internalusers"],"updated_config_size":1,"message":null} is 1 (["internalusers"]) due to: null Done with success 12/06/2024 14:33:04 DEBUG: Passwords changed. 12/06/2024 14:33:04 DEBUG: Changing API passwords. 12/06/2024 14:33:13 INFO: Initializing Wazuh dashboard web application. 12/06/2024 14:33:14 INFO: Wazuh dashboard web application not yet initialized. Waiting... 12/06/2024 14:33:30 INFO: Wazuh dashboard web application not yet initialized. Waiting... 12/06/2024 14:33:45 INFO: Wazuh dashboard web application initialized. 12/06/2024 14:33:45 INFO: --- Summary --- 12/06/2024 14:33:45 INFO: You can access the web interface https://:1443 User: admin Password: O*rqPIo?Kr0q?StvBoYg0wZEVKjNodHJ 12/06/2024 14:33:45 INFO: --- Dependencies --- 12/06/2024 14:33:45 INFO: Removing lsof. Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. Dependencies resolved. ================================================================================ Package Arch Version Repository Size ================================================================================ Removing: lsof x86_64 4.94.0-3.el9 @baseos 624 k Removing unused dependencies: libtirpc x86_64 1.3.3-8.el9_4 @rhel-9-baseos-rhui-rpms 202 k Transaction Summary ================================================================================ Remove 2 Packages Freed space: 826 k Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Erasing : lsof-4.94.0-3.el9.x86_64 1/2 Erasing : libtirpc-1.3.3-8.el9_4.x86_64 2/2 Running scriptlet: libtirpc-1.3.3-8.el9_4.x86_64 2/2 Verifying : libtirpc-1.3.3-8.el9_4.x86_64 1/2 Verifying : lsof-4.94.0-3.el9.x86_64 2/2 Installed products updated. Removed: libtirpc-1.3.3-8.el9_4.x86_64 lsof-4.94.0-3.el9.x86_64 Complete! 12/06/2024 14:33:47 INFO: Removing tar. Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. Dependencies resolved. ================================================================================ Package Arch Version Repository Size ================================================================================ Removing: tar x86_64 2:1.34-6.el9_1 @rhel-9-baseos-rhui-rpms 3.0 M Transaction Summary ================================================================================ Remove 1 Package Freed space: 3.0 M Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Erasing : tar-2:1.34-6.el9_1.x86_64 1/1 Running scriptlet: tar-2:1.34-6.el9_1.x86_64 1/1 Verifying : tar-2:1.34-6.el9_1.x86_64 1/1 Installed products updated. Removed: tar-2:1.34-6.el9_1.x86_64 Complete! 12/06/2024 14:33:50 DEBUG: Restoring Wazuh repository. 12/06/2024 14:33:50 INFO: Installation finished. [root@ip-172-31-71-82 ec2-user]# ```

In the following screenshoots, it is proved that the web interface port change was successful (notice the URL)

Ubuntu 22

root@ip-172-31-71-48:/home/ubuntu# lsof -sTCP:LISTEN -i:1443
COMMAND    PID            USER   FD   TYPE  DEVICE SIZE/OFF NODE NAME
node    166678 wazuh-dashboard   18u  IPv4 1108355      0t0  TCP *:1443 (LISTEN)

ub22

RHEL9

[root@ip-172-31-71-82 ec2-user]# lsof -sTCP:LISTEN -i:1443
COMMAND   PID            USER   FD   TYPE  DEVICE SIZE/OFF NODE NAME
node    26550 wazuh-dashboard   18u  IPv4 3418656      0t0  TCP *:ies-lm (LISTEN)

rhel9

PRs

The following PRs belong to this development. It should be desirable to merge them simultaneously in order to avoid unexpected behaviors.

wazuh-packages: https://github.com/wazuh/wazuh-packages/pull/3002 wazuh-packages - OVA: https://github.com/wazuh/wazuh-packages/pull/3003 wazuh-jenkins - OVA and AMI: https://github.com/wazuh/wazuh-jenkins/pull/6601 wazuh-jenkins - Assistant tests and pipelines: https://github.com/wazuh/wazuh-jenkins/pull/6602 wazuh-documentation: https://github.com/wazuh/wazuh-documentation/pull/7397

Apart from this, the following issue has been opened to adapt the QA modules: https://github.com/wazuh/wazuh-qa/issues/5497

Need to resolve conflicts.

wazuh / wazuh-packages

Installation assistant must ask for confirmation before installing dependencies #2879

Description

Context

Feature request

Steps before development

Steps after development

Update Report

Approach

Update Report

New approach

Update Report

Update Report

Validating behavior with new parameter

Using the script without the new option, needing Wazuh and Assistant dependencies

Using the script without the new option, needing Assistant dependencies

Using the script without the new option, needing Wazuh dependencies

Using the script without the new option, no dependencies needed

Checking port usage is working

Update Report

Wazuh indexer

Update Report

Wazuh manager

Update Report

Wazuh dashboard

Update Report

AIO installation

Update Report

Fixing bugs

Update Report

Dashboard port change

PRs