search

wazuh / wazuh-packages

Wazuh - Tools for packages creation
https://wazuh.com
GNU General Public License v2.0
105 stars 97 forks source link

Changed algorithms to RSA-4096 and SHA-512 #3066

Open CarlosALgit opened 3 months ago

CarlosALgit commented 3 months ago
Related issue
https://github.com/wazuh/wazuh-installation-assistant/issues/6

Description

The aim of this PR is to change the algorithms of the Cert Tool to use RSA-4906 and SHA-512

Tests

The tests have been done using the latest pre-release v.4.9.0-alpha3 in the following systems.

[!NOTE] The v4.9.0-alpha3 version has been used instead of version 4.10.0 because threre are no packages builded yet.

Ubuntu 22

Install logs: ```shellsession root@ip-172-31-43-44:/home/ubuntu/wazuh-packages/unattended_installer# bash wazuh-install.sh -a 02/08/2024 11:17:39 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0 02/08/2024 11:17:39 INFO: Verbose logging redirected to /var/log/wazuh-install.log 02/08/2024 11:18:09 INFO: Verifying that your system meets the recommended minimum hardware requirements. 02/08/2024 11:18:16 INFO: Wazuh web interface port will be 443. 02/08/2024 11:18:29 INFO: --- Dependencies ---- 02/08/2024 11:18:29 INFO: Installing apt-transport-https. 02/08/2024 11:18:42 INFO: Installing debhelper. 02/08/2024 11:19:32 INFO: Wazuh development repository added. 02/08/2024 11:19:32 INFO: --- Configuration files --- 02/08/2024 11:19:32 INFO: Generating configuration files. 02/08/2024 11:19:33 INFO: Generating the root certificate. 02/08/2024 11:19:34 INFO: Generating Admin certificates. 02/08/2024 11:19:34 INFO: Generating Wazuh indexer certificates. 02/08/2024 11:19:35 INFO: Generating Filebeat certificates. 02/08/2024 11:19:36 INFO: Generating Wazuh dashboard certificates. 02/08/2024 11:19:37 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation. 02/08/2024 11:19:37 INFO: --- Wazuh indexer --- 02/08/2024 11:19:37 INFO: Starting Wazuh indexer installation. 02/08/2024 11:20:29 INFO: Wazuh indexer installation finished. 02/08/2024 11:20:29 INFO: Wazuh indexer post-install configuration finished. 02/08/2024 11:20:29 INFO: Starting service wazuh-indexer. 02/08/2024 11:20:56 INFO: wazuh-indexer service started. 02/08/2024 11:20:56 INFO: Initializing Wazuh indexer cluster security settings. 02/08/2024 11:21:06 INFO: Wazuh indexer cluster security configuration initialized. 02/08/2024 11:21:06 INFO: Wazuh indexer cluster initialized. 02/08/2024 11:21:06 INFO: --- Wazuh server --- 02/08/2024 11:21:06 INFO: Starting the Wazuh manager installation. 02/08/2024 11:23:17 INFO: Wazuh manager installation finished. 02/08/2024 11:23:17 INFO: Wazuh manager vulnerability detection configuration finished. 02/08/2024 11:23:17 INFO: Starting service wazuh-manager. 02/08/2024 11:23:42 INFO: wazuh-manager service started. 02/08/2024 11:23:42 INFO: Starting Filebeat installation. 02/08/2024 11:24:07 INFO: Filebeat installation finished. 02/08/2024 11:24:08 INFO: Filebeat post-install configuration finished. 02/08/2024 11:24:08 INFO: Starting service filebeat. 02/08/2024 11:24:10 INFO: filebeat service started. 02/08/2024 11:24:10 INFO: --- Wazuh dashboard --- 02/08/2024 11:24:10 INFO: Starting Wazuh dashboard installation. 02/08/2024 11:27:20 INFO: Wazuh dashboard installation finished. 02/08/2024 11:27:20 INFO: Wazuh dashboard post-install configuration finished. 02/08/2024 11:27:20 INFO: Starting service wazuh-dashboard. 02/08/2024 11:27:20 INFO: wazuh-dashboard service started. 02/08/2024 11:27:23 INFO: Updating the internal users. 02/08/2024 11:27:32 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder. 02/08/2024 11:27:51 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password. 02/08/2024 11:28:35 INFO: Initializing Wazuh dashboard web application. 02/08/2024 11:28:35 INFO: Wazuh dashboard web application not yet initialized. Waiting... 02/08/2024 11:28:50 INFO: Wazuh dashboard web application not yet initialized. Waiting... 02/08/2024 11:29:05 INFO: Wazuh dashboard web application initialized. 02/08/2024 11:29:05 INFO: --- Summary --- 02/08/2024 11:29:05 INFO: You can access the web interface https://:443 User: admin Password: 9ObZBU?cF7maxkRWqlwENy8nSEUKuhol 02/08/2024 11:29:05 INFO: Installation finished. ```
Dashboard screenshots: #### Dashboard landing: ![imagen](https://github.com/user-attachments/assets/1d9720e0-a8aa-49f4-be83-69eb019fb072) #### Discover page: ![imagen](https://github.com/user-attachments/assets/6e6c37a7-e1e0-4b5c-b7c8-0b64e46d99c8) #### Indexes page: ![imagen](https://github.com/user-attachments/assets/28496175-e79b-436e-bb6a-41d45aee902e)

RHEL 9

Install logs: ```shellsession [root@ip-172-31-36-23 unattended_installer]# bash wazuh-install.sh -a 02/08/2024 11:17:46 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0 02/08/2024 11:17:46 INFO: Verbose logging redirected to /var/log/wazuh-install.log 02/08/2024 11:17:47 INFO: Verifying that your system meets the recommended minimum hardware requirements. 02/08/2024 11:17:48 INFO: Wazuh web interface port will be 443. 02/08/2024 11:17:48 INFO: --- Dependencies --- 02/08/2024 11:17:48 INFO: Installing lsof. 02/08/2024 11:18:17 INFO: Wazuh development repository added. 02/08/2024 11:18:17 INFO: --- Configuration files --- 02/08/2024 11:18:17 INFO: Generating configuration files. 02/08/2024 11:18:17 INFO: Generating the root certificate. 02/08/2024 11:18:18 INFO: Generating Admin certificates. 02/08/2024 11:18:19 INFO: Generating Wazuh indexer certificates. 02/08/2024 11:18:20 INFO: Generating Filebeat certificates. 02/08/2024 11:18:20 INFO: Generating Wazuh dashboard certificates. 02/08/2024 11:18:21 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation. 02/08/2024 11:18:21 INFO: --- Wazuh indexer --- 02/08/2024 11:18:21 INFO: Starting Wazuh indexer installation. 02/08/2024 11:19:21 INFO: Wazuh indexer installation finished. 02/08/2024 11:19:21 INFO: Wazuh indexer post-install configuration finished. 02/08/2024 11:19:21 INFO: Starting service wazuh-indexer. 02/08/2024 11:19:45 INFO: wazuh-indexer service started. 02/08/2024 11:19:45 INFO: Initializing Wazuh indexer cluster security settings. 02/08/2024 11:19:53 INFO: Wazuh indexer cluster security configuration initialized. 02/08/2024 11:19:53 INFO: Wazuh indexer cluster initialized. 02/08/2024 11:19:53 INFO: --- Wazuh server --- 02/08/2024 11:19:53 INFO: Starting the Wazuh manager installation. 02/08/2024 11:21:26 INFO: Wazuh manager installation finished. 02/08/2024 11:21:26 INFO: Wazuh manager vulnerability detection configuration finished. 02/08/2024 11:21:26 INFO: Starting service wazuh-manager. 02/08/2024 11:21:46 INFO: wazuh-manager service started. 02/08/2024 11:21:46 INFO: Starting Filebeat installation. 02/08/2024 11:23:03 INFO: Filebeat installation finished. 02/08/2024 11:23:05 INFO: Filebeat post-install configuration finished. 02/08/2024 11:23:05 INFO: Starting service filebeat. 02/08/2024 11:23:06 INFO: filebeat service started. 02/08/2024 11:23:06 INFO: --- Wazuh dashboard --- 02/08/2024 11:23:06 INFO: Starting Wazuh dashboard installation. 02/08/2024 11:25:30 INFO: Wazuh dashboard installation finished. 02/08/2024 11:25:30 INFO: Wazuh dashboard post-install configuration finished. 02/08/2024 11:25:30 INFO: Starting service wazuh-dashboard. 02/08/2024 11:25:31 INFO: wazuh-dashboard service started. 02/08/2024 11:25:31 INFO: Updating the internal users. 02/08/2024 11:25:39 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder. 02/08/2024 11:25:56 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password. 02/08/2024 11:26:40 INFO: Initializing Wazuh dashboard web application. 02/08/2024 11:26:40 INFO: Wazuh dashboard web application not yet initialized. Waiting... 02/08/2024 11:26:57 INFO: Wazuh dashboard web application not yet initialized. Waiting... 02/08/2024 11:27:12 INFO: Wazuh dashboard web application initialized. 02/08/2024 11:27:12 INFO: --- Summary --- 02/08/2024 11:27:12 INFO: You can access the web interface https://:443 User: admin Password: TL.2rA6*4Huamg5MDA8hGv6TJlu+XBG+ 02/08/2024 11:27:12 INFO: --- Dependencies --- 02/08/2024 11:27:12 INFO: Removing lsof. 02/08/2024 11:27:14 INFO: Installation finished. ```
Dashboard screenshots: #### Dashboard landing: ![imagen](https://github.com/user-attachments/assets/fd293eb3-70e0-481c-a817-14238488e38b) #### Discover page: ![imagen](https://github.com/user-attachments/assets/669308bc-eb4f-4d8c-b720-3204c5f62771) #### Indexes page: ![imagen](https://github.com/user-attachments/assets/fadebf35-282e-455a-9ead-8d5036ef7380)

CentOS 7

Install logs: ```shellsession [root@ip-172-31-34-206 unattended_installer]# bash wazuh-install.sh -a 02/08/2024 11:17:50 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0 02/08/2024 11:17:50 INFO: Verbose logging redirected to /var/log/wazuh-install.log 02/08/2024 11:17:51 INFO: Verifying that your system meets the recommended minimum hardware requirements. 02/08/2024 11:17:51 INFO: Wazuh web interface port will be 443. 02/08/2024 11:17:51 INFO: --- Dependencies --- 02/08/2024 11:17:51 INFO: Installing lsof. 02/08/2024 11:17:56 INFO: Wazuh development repository added. 02/08/2024 11:17:56 INFO: --- Configuration files --- 02/08/2024 11:17:56 INFO: Generating configuration files. 02/08/2024 11:17:56 INFO: Generating the root certificate. 02/08/2024 11:17:57 INFO: Generating Admin certificates. 02/08/2024 11:17:57 INFO: Generating Wazuh indexer certificates. 02/08/2024 11:17:57 INFO: Generating Filebeat certificates. 02/08/2024 11:17:57 INFO: Generating Wazuh dashboard certificates. 02/08/2024 11:17:58 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation. 02/08/2024 11:17:58 INFO: --- Wazuh indexer --- 02/08/2024 11:17:58 INFO: Starting Wazuh indexer installation. 02/08/2024 11:18:41 INFO: Wazuh indexer installation finished. 02/08/2024 11:18:41 INFO: Wazuh indexer post-install configuration finished. 02/08/2024 11:18:41 INFO: Starting service wazuh-indexer. 02/08/2024 11:19:06 INFO: wazuh-indexer service started. 02/08/2024 11:19:06 INFO: Initializing Wazuh indexer cluster security settings. 02/08/2024 11:19:14 INFO: Wazuh indexer cluster security configuration initialized. 02/08/2024 11:19:14 INFO: Wazuh indexer cluster initialized. 02/08/2024 11:19:14 INFO: --- Wazuh server --- 02/08/2024 11:19:14 INFO: Starting the Wazuh manager installation. 02/08/2024 11:20:38 INFO: Wazuh manager installation finished. 02/08/2024 11:20:38 INFO: Wazuh manager vulnerability detection configuration finished. 02/08/2024 11:20:38 INFO: Starting service wazuh-manager. 02/08/2024 11:20:57 INFO: wazuh-manager service started. 02/08/2024 11:20:57 INFO: Starting Filebeat installation. 02/08/2024 11:21:08 INFO: Filebeat installation finished. 02/08/2024 11:21:10 INFO: Filebeat post-install configuration finished. 02/08/2024 11:21:10 INFO: Starting service filebeat. 02/08/2024 11:21:10 INFO: filebeat service started. 02/08/2024 11:21:10 INFO: --- Wazuh dashboard --- 02/08/2024 11:21:10 INFO: Starting Wazuh dashboard installation. 02/08/2024 11:24:20 INFO: Wazuh dashboard installation finished. 02/08/2024 11:24:20 INFO: Wazuh dashboard post-install configuration finished. 02/08/2024 11:24:20 INFO: Starting service wazuh-dashboard. 02/08/2024 11:24:20 INFO: wazuh-dashboard service started. 02/08/2024 11:24:21 INFO: Updating the internal users. 02/08/2024 11:24:27 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder. 02/08/2024 11:24:46 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password. 02/08/2024 11:25:28 INFO: Initializing Wazuh dashboard web application. 02/08/2024 11:25:29 INFO: Wazuh dashboard web application initialized. 02/08/2024 11:25:29 INFO: --- Summary --- 02/08/2024 11:25:29 INFO: You can access the web interface https://:443 User: admin Password: 05btw+oPjVHIVRci6XTnrOGNi+2l?I8D 02/08/2024 11:25:29 INFO: --- Dependencies --- 02/08/2024 11:25:29 INFO: Removing lsof. 02/08/2024 11:25:31 INFO: Installation finished. ```
Dashboard screenshots: #### Dashboard landing: ![imagen](https://github.com/user-attachments/assets/03be5ae8-d32f-4bf5-a733-74bd18c7ff5f) #### Discover page: ![imagen](https://github.com/user-attachments/assets/66cf18a7-796f-49d0-b850-3445800ef77d) #### Indexes page: ![imagen](https://github.com/user-attachments/assets/330c8ada-eb7c-4631-875e-1b5daac12d38)

Amazon Linux 2

Install logs: We performed this change with the `4.8.1` version due to issues with the YUM lock when installing in AL2. ```shellsession [root@ip-172-31-41-84 unattended_installer]# bash wazuh-install.sh -a 02/08/2024 13:36:47 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.1 02/08/2024 13:36:47 INFO: Verbose logging redirected to /var/log/wazuh-install.log 02/08/2024 13:36:49 INFO: Verifying that your system meets the recommended minimum hardware requirements. 02/08/2024 13:36:55 INFO: Wazuh web interface port will be 443. 02/08/2024 13:36:57 INFO: Wazuh repository added. 02/08/2024 13:36:57 INFO: --- Configuration files --- 02/08/2024 13:36:57 INFO: Generating configuration files. 02/08/2024 13:36:57 INFO: Generating the root certificate. 02/08/2024 13:36:58 INFO: Generating Admin certificates. 02/08/2024 13:36:58 INFO: Generating Wazuh indexer certificates. 02/08/2024 13:36:58 INFO: Generating Filebeat certificates. 02/08/2024 13:36:58 INFO: Generating Wazuh dashboard certificates. 02/08/2024 13:36:58 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation. 02/08/2024 13:36:59 INFO: --- Wazuh indexer --- 02/08/2024 13:36:59 INFO: Starting Wazuh indexer installation. 02/08/2024 13:38:41 INFO: Wazuh indexer installation finished. 02/08/2024 13:38:41 INFO: Wazuh indexer post-install configuration finished. 02/08/2024 13:38:41 INFO: Starting service wazuh-indexer. 02/08/2024 13:39:05 INFO: wazuh-indexer service started. 02/08/2024 13:39:05 INFO: Initializing Wazuh indexer cluster security settings. 02/08/2024 13:39:16 INFO: Wazuh indexer cluster security configuration initialized. 02/08/2024 13:39:16 INFO: Wazuh indexer cluster initialized. 02/08/2024 13:39:16 INFO: --- Wazuh server --- 02/08/2024 13:39:16 INFO: Starting the Wazuh manager installation. 02/08/2024 13:40:04 INFO: Wazuh manager installation finished. 02/08/2024 13:40:04 INFO: Wazuh manager vulnerability detection configuration finished. 02/08/2024 13:40:04 INFO: Starting service wazuh-manager. 02/08/2024 13:40:22 INFO: wazuh-manager service started. 02/08/2024 13:40:22 INFO: Starting Filebeat installation. 02/08/2024 13:41:12 INFO: Filebeat installation finished. 02/08/2024 13:41:15 INFO: Filebeat post-install configuration finished. 02/08/2024 13:41:15 INFO: Starting service filebeat. 02/08/2024 13:41:16 INFO: filebeat service started. 02/08/2024 13:41:16 INFO: --- Wazuh dashboard --- 02/08/2024 13:41:16 INFO: Starting Wazuh dashboard installation. 02/08/2024 13:42:45 INFO: Wazuh dashboard installation finished. 02/08/2024 13:42:45 INFO: Wazuh dashboard post-install configuration finished. 02/08/2024 13:42:45 INFO: Starting service wazuh-dashboard. 02/08/2024 13:42:46 INFO: wazuh-dashboard service started. 02/08/2024 13:42:50 INFO: Updating the internal users. 02/08/2024 13:42:57 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder. 02/08/2024 13:43:52 INFO: Initializing Wazuh dashboard web application. 02/08/2024 13:43:53 INFO: Wazuh dashboard web application initialized. 02/08/2024 13:43:53 INFO: --- Summary --- 02/08/2024 13:43:53 INFO: You can access the web interface https://:443 User: admin Password: KKTH?S1McZB3KGHYyt.gFq+i68+uonRa 02/08/2024 13:43:53 INFO: Installation finished. ```
Dashboard screenshots: #### Dashboard landing: ![imagen](https://github.com/user-attachments/assets/5e1a550b-ebef-498c-aa5d-b6fbaef49d6f) #### Discover page: ![imagen](https://github.com/user-attachments/assets/8247bc18-bc12-4b8c-a598-563e74d2b8c7) #### Indexes page: ![imagen](https://github.com/user-attachments/assets/0de591cc-d917-4873-a417-e532fcd3d165)
CarlosALgit commented 3 months ago

Update Report

Changes have been made in both commits.

In both tests the result has been the same: Wazuh AIO installed with no problems and a Wazuh Agent was linked to that AIO with no problems too. Checking the certificates in the AIO we could see that they were updated using RSA-4906 and SHA-512:

root@ip-172-31-43-44:/home/ubuntu/wazuh-packages/unattended_installer# openssl rsa -in /etc/wazuh-dashboard/certs/wazuh-dashboard-key.pem -text -noout
Private-Key: (4096 bit, 2 primes)
...

root@ip-172-31-43-44:/home/ubuntu/wazuh-packages/unattended_installer# openssl x509 -in /etc/wazuh-dashboard/certs/wazuh-dashboard.pem -text -noout
Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (4096 bit)
...
Signature Algorithm: sha512WithRSAEncryption

But I got these errors in the Wazuh Indexer log:

root@ip-172-31-43-44:/home/ubuntu/wazuh-packages/unattended_installer# cat /var/log/wazuh-indexer/wazuh-cluster.log | grep -i -E "error|warn"
[2024-08-06T10:26:40,063][ERROR][o.o.s.s.h.n.SecuritySSLNettyHttpServerTransport] [node-1] Exception during establishing a SSL connection: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
[2024-08-06T10:26:40,118][WARN ][o.o.h.AbstractHttpServerTransport] [node-1] caught exception while handling client http traffic, closing connection Netty4HttpChannel{localAddress=/127.0.0.1:9200, remoteAddress=/127.0.0.1:37154}

Then I repeated the steps with the second commit changes but the result was the same. No errors when installing and linking the agent but same errors in the Wazuh Indexer logs.