search

wazuh / wazuh-packages

Wazuh - Tools for packages creation
https://wazuh.com
GNU General Public License v2.0
105 stars 98 forks source link

Change Filebeat passwords only when installing Wazuh Server or changing passwords #3118

Closed CarlosALgit closed 2 months ago

CarlosALgit commented 2 months ago
Related issue
https://github.com/wazuh/wazuh-packages/issues/3115

Description

The aim of this PR is to modify the Wazuh Installation Assistant to only update Filebeat Keystore passwords when installing the Wazuh Manager/Server or when using the Wazuh Password Tool itself and Filebeat is actually installed.

Tests

For the tests, I performed several installations on both deb and rpm package managers using the Wazuh Installation Assistant. installing an AIO, component by component and offline. Also, I performed a change of passwords of all users using the Wazuh Passwords Tool to check the change works correctly not only when installing.

All in One installation :white_check_mark:

Ubuntu 22 :white_check_mark:

Installation logs: ```shellsession root@ip-172-31-43-240:/home/ubuntu# bash ./wazuh-install.sh -a 12/09/2024 10:07:18 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0 12/09/2024 10:07:18 INFO: Verbose logging redirected to /var/log/wazuh-install.log 12/09/2024 10:07:28 INFO: Verifying that your system meets the recommended minimum hardware requirements. 12/09/2024 10:07:28 INFO: Wazuh web interface port will be 443. 12/09/2024 10:07:40 INFO: Wazuh repository added. 12/09/2024 10:07:40 INFO: --- Configuration files --- 12/09/2024 10:07:40 INFO: Generating configuration files. 12/09/2024 10:07:41 INFO: Generating the root certificate. 12/09/2024 10:07:42 INFO: Generating Admin certificates. 12/09/2024 10:07:42 INFO: Generating Wazuh indexer certificates. 12/09/2024 10:07:43 INFO: Generating Filebeat certificates. 12/09/2024 10:07:43 INFO: Generating Wazuh dashboard certificates. 12/09/2024 10:07:44 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation. 12/09/2024 10:07:44 INFO: --- Wazuh indexer --- 12/09/2024 10:07:44 INFO: Starting Wazuh indexer installation. 12/09/2024 10:08:09 INFO: Wazuh indexer installation finished. 12/09/2024 10:08:10 INFO: Wazuh indexer post-install configuration finished. 12/09/2024 10:08:10 INFO: Starting service wazuh-indexer. 12/09/2024 10:08:35 INFO: wazuh-indexer service started. 12/09/2024 10:08:35 INFO: Initializing Wazuh indexer cluster security settings. 12/09/2024 10:08:43 INFO: Wazuh indexer cluster security configuration initialized. 12/09/2024 10:08:43 INFO: Wazuh indexer cluster initialized. 12/09/2024 10:08:43 INFO: --- Wazuh server --- 12/09/2024 10:08:43 INFO: Starting the Wazuh manager installation. 12/09/2024 10:10:04 INFO: Wazuh manager installation finished. 12/09/2024 10:10:04 INFO: Wazuh manager vulnerability detection configuration finished. 12/09/2024 10:10:04 INFO: Starting service wazuh-manager. 12/09/2024 10:10:27 INFO: wazuh-manager service started. 12/09/2024 10:10:27 INFO: Starting Filebeat installation. 12/09/2024 10:10:45 INFO: Filebeat installation finished. 12/09/2024 10:10:46 INFO: Filebeat post-install configuration finished. 12/09/2024 10:10:46 INFO: Starting service filebeat. 12/09/2024 10:10:48 INFO: filebeat service started. 12/09/2024 10:10:48 INFO: --- Wazuh dashboard --- 12/09/2024 10:10:48 INFO: Starting Wazuh dashboard installation. 12/09/2024 10:13:17 INFO: Wazuh dashboard installation finished. 12/09/2024 10:13:17 INFO: Wazuh dashboard post-install configuration finished. 12/09/2024 10:13:17 INFO: Starting service wazuh-dashboard. 12/09/2024 10:13:18 INFO: wazuh-dashboard service started. 12/09/2024 10:13:21 INFO: Updating the internal users. 12/09/2024 10:13:30 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder. 12/09/2024 10:13:48 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password. 12/09/2024 10:14:31 INFO: Initializing Wazuh dashboard web application. 12/09/2024 10:14:31 INFO: Wazuh dashboard web application not yet initialized. Waiting... 12/09/2024 10:14:46 INFO: Wazuh dashboard web application not yet initialized. Waiting... 12/09/2024 10:15:01 INFO: Wazuh dashboard web application initialized. 12/09/2024 10:15:01 INFO: --- Summary --- 12/09/2024 10:15:01 INFO: You can access the web interface https://:443 User: admin Password: *c1LGSJ+.kSR?D3Ys4zZOIXefdJML?YE 12/09/2024 10:15:01 INFO: Installation finished. ```
Tests logs: ```shellsession root@ip-172-31-43-240:/home/ubuntu# filebeat test output elasticsearch: https://127.0.0.1:9200... parse url... OK connection... parse host... OK dns lookup... OK addresses: 127.0.0.1 dial up... OK TLS... security: server's certificate chain verification is enabled handshake... OK TLS version: TLSv1.2 dial up... OK talk to server... OK version: 7.10.2 root@ip-172-31-43-240:/home/ubuntu# bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/wazuh-passwords-tool.sh -a -A -au wazuh -ap z?CfN*HlNpIiVS1CTC7gmFBZLlMX7TRa 12/09/2024 10:38:02 INFO: Updating the internal users. 12/09/2024 10:38:10 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder. 12/09/2024 10:38:31 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password. 12/09/2024 10:39:12 INFO: The password for user admin is CCx?qKR81P+81mAL+YGBklQtrvtlEnVD 12/09/2024 10:39:12 INFO: The password for user anomalyadmin is HW?mI1Wi16wLkI7WRWQJxA*U.5I3+lpp 12/09/2024 10:39:12 INFO: The password for user kibanaserver is 6qTmOOBU+ez?oafbY9A38U8eUWgyCk*d 12/09/2024 10:39:12 INFO: The password for user kibanaro is vhVDBJiFRhRLobY6H0BMOqF55bfn8?9N 12/09/2024 10:39:12 INFO: The password for user logstash is D9kmEMRYhS.YPF1MmDTqZc+*ntcUsTsI 12/09/2024 10:39:12 INFO: The password for user readall is KYXYjbqm.bIU9SwIAejUdM.fr.D5BENl 12/09/2024 10:39:12 INFO: The password for user snapshotrestore is 6F0Qrq88rGcbt**kzyvI5bV++t08dq9s 12/09/2024 10:39:12 WARNING: Wazuh indexer passwords changed. Remember to update the password in the Wazuh dashboard, Wazuh server, and Filebeat nodes if necessary, and restart the services. 12/09/2024 10:39:16 INFO: The password for Wazuh API user wazuh is GCi3S0EtfilKrl09XVUMEubtI+uWbZ7K 12/09/2024 10:39:17 INFO: The password for Wazuh API user wazuh-wui is euAYykK+B3ZZZdFPEtHTIkLjecG5*k6r 12/09/2024 10:39:17 INFO: Updated wazuh-wui user password in wazuh dashboard. Remember to restart the service. ```
Web Dashboard: Landing page: ![landing-page-ubuntu-aio](https://github.com/user-attachments/assets/2af4f12d-56cb-4eb9-96ba-7e20d782cb2a) About: ![about-ubuntu-aio](https://github.com/user-attachments/assets/cae560ff-6aa9-4a7b-a924-beb7359e7b4b)

Amazon Linux 2023 :white_check_mark:

Installation logs: ```shellsession [root@ip-172-31-46-224 ec2-user]# bash ./wazuh-install.sh -a 11/09/2024 14:51:39 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0 11/09/2024 14:51:39 INFO: Verbose logging redirected to /var/log/wazuh-install.log 11/09/2024 14:51:39 INFO: Verifying that your system meets the recommended minimum hardware requirements. 11/09/2024 14:51:39 INFO: Wazuh web interface port will be 443. 11/09/2024 14:51:39 INFO: Wazuh repository added. 11/09/2024 14:51:39 INFO: --- Configuration files --- 11/09/2024 14:51:39 INFO: Generating configuration files. 11/09/2024 14:51:40 INFO: Generating the root certificate. 11/09/2024 14:51:40 INFO: Generating Admin certificates. 11/09/2024 14:51:41 INFO: Generating Wazuh indexer certificates. 11/09/2024 14:51:41 INFO: Generating Filebeat certificates. 11/09/2024 14:51:42 INFO: Generating Wazuh dashboard certificates. 11/09/2024 14:51:43 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation. 11/09/2024 14:51:43 INFO: --- Wazuh indexer --- 11/09/2024 14:51:43 INFO: Starting Wazuh indexer installation. 11/09/2024 14:52:43 INFO: Wazuh indexer installation finished. 11/09/2024 14:52:43 INFO: Wazuh indexer post-install configuration finished. 11/09/2024 14:52:43 INFO: Starting service wazuh-indexer. 11/09/2024 14:53:08 INFO: wazuh-indexer service started. 11/09/2024 14:53:08 INFO: Initializing Wazuh indexer cluster security settings. 11/09/2024 14:53:16 INFO: Wazuh indexer cluster security configuration initialized. 11/09/2024 14:53:16 INFO: Wazuh indexer cluster initialized. 11/09/2024 14:53:16 INFO: --- Wazuh server --- 11/09/2024 14:53:16 INFO: Starting the Wazuh manager installation. 11/09/2024 14:54:37 INFO: Wazuh manager installation finished. 11/09/2024 14:54:37 INFO: Wazuh manager vulnerability detection configuration finished. 11/09/2024 14:54:37 INFO: Starting service wazuh-manager. 11/09/2024 14:54:57 INFO: wazuh-manager service started. 11/09/2024 14:54:57 INFO: Starting Filebeat installation. 11/09/2024 14:55:15 INFO: Filebeat installation finished. 11/09/2024 14:55:16 INFO: Filebeat post-install configuration finished. 11/09/2024 14:55:16 INFO: Starting service filebeat. 11/09/2024 14:55:17 INFO: filebeat service started. 11/09/2024 14:55:17 INFO: --- Wazuh dashboard --- 11/09/2024 14:55:17 INFO: Starting Wazuh dashboard installation. 11/09/2024 14:57:38 INFO: Wazuh dashboard installation finished. 11/09/2024 14:57:39 INFO: Wazuh dashboard post-install configuration finished. 11/09/2024 14:57:39 INFO: Starting service wazuh-dashboard. 11/09/2024 14:57:39 INFO: wazuh-dashboard service started. 11/09/2024 14:57:40 INFO: Updating the internal users. 11/09/2024 14:57:48 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder. 11/09/2024 14:58:06 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password. 11/09/2024 14:58:48 INFO: Initializing Wazuh dashboard web application. 11/09/2024 14:58:48 INFO: Wazuh dashboard web application not yet initialized. Waiting... 11/09/2024 14:59:04 INFO: Wazuh dashboard web application not yet initialized. Waiting... 11/09/2024 14:59:19 INFO: Wazuh dashboard web application initialized. 11/09/2024 14:59:19 INFO: --- Summary --- 11/09/2024 14:59:19 INFO: You can access the web interface https://:443 User: admin Password: 8BSv+1er6pJye+remYiax7D+5D4UN6Wv 11/09/2024 14:59:19 INFO: Installation finished. ```
Tests logs: ```shellsession [root@ip-172-31-46-224 ec2-user]# filebeat test output elasticsearch: https://127.0.0.1:9200... parse url... OK connection... parse host... OK dns lookup... OK addresses: 127.0.0.1 dial up... OK TLS... security: server's certificate chain verification is enabled handshake... OK TLS version: TLSv1.2 dial up... OK talk to server... OK version: 7.10.2 [root@ip-172-31-46-224 ec2-user]# bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/wazuh-passwords-tool.sh -a -A -au wazuh -ap cGfZk*z97Q2Gj?ntm0y1x3dSoUt?8vE+ 12/09/2024 08:30:48 INFO: Updating the internal users. 12/09/2024 08:30:53 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder. 12/09/2024 08:31:06 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password. 12/09/2024 08:31:43 INFO: The password for user admin is nZ2Lubz6Y95R?80BobI6j?nXlMXnqYnN 12/09/2024 08:31:43 INFO: The password for user anomalyadmin is QycM.25u7dVqRW8W2Ysh7V9*UK?o.xo? 12/09/2024 08:31:43 INFO: The password for user kibanaserver is ApYdrLx3ngyoXL7YLNosr?haDr5Q5ZFe 12/09/2024 08:31:43 INFO: The password for user kibanaro is 2FTb8KutmW9TIH.yQEZeLfPRgV2RpUWA 12/09/2024 08:31:43 INFO: The password for user logstash is Tql4pDsX1lCk+v0WJczZ?li8f+tOLfoX 12/09/2024 08:31:43 INFO: The password for user readall is hZIPdlwBNm?V4pww+PJvh+i1dK+mD9u5 12/09/2024 08:31:43 INFO: The password for user snapshotrestore is SnDTj?SxqEZsrgvcp.UrAeC9ixK0sJ23 12/09/2024 08:31:43 WARNING: Wazuh indexer passwords changed. Remember to update the password in the Wazuh dashboard, Wazuh server, and Filebeat nodes if necessary, and restart the services. 12/09/2024 08:31:45 INFO: The password for Wazuh API user wazuh is YG2u0r*MS97veLH3WdStBR+7a+yozqRV 12/09/2024 08:31:46 INFO: The password for Wazuh API user wazuh-wui is DMG508Gamqf1hFB66+sB7lzXzwPcLJh3 12/09/2024 08:31:46 INFO: Updated wazuh-wui user password in wazuh dashboard. Remember to restart the service. ```
Web Dashboard: Landing page: ![landing-page-amazon-aio](https://github.com/user-attachments/assets/58d4c5a9-3470-43bc-812c-b504eee3ec37) About: ![about-amazon-aio](https://github.com/user-attachments/assets/f3f4a935-49b2-427d-9ece-eec7dde6dc7a)

Component by component installation :white_check_mark:

Ubuntu 22 :white_check_mark:

Installation logs: ```shellsession root@ip-172-31-43-240:/home/ubuntu# bash wazuh-install.sh --generate-config-files 11/09/2024 11:05:17 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0 11/09/2024 11:05:17 INFO: Verbose logging redirected to /var/log/wazuh-install.log 11/09/2024 11:05:44 INFO: Verifying that your system meets the recommended minimum hardware requirements. 11/09/2024 11:05:44 INFO: --- Configuration files --- 11/09/2024 11:05:44 INFO: Generating configuration files. 11/09/2024 11:05:44 INFO: Generating the root certificate. 11/09/2024 11:05:45 INFO: Generating Admin certificates. 11/09/2024 11:05:45 INFO: Generating Wazuh indexer certificates. 11/09/2024 11:05:46 INFO: Generating Filebeat certificates. 11/09/2024 11:05:46 INFO: Generating Wazuh dashboard certificates. 11/09/2024 11:05:47 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation. root@ip-172-31-43-240:/home/ubuntu# bash wazuh-install.sh --wazuh-indexer node-1 11/09/2024 11:06:37 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0 11/09/2024 11:06:37 INFO: Verbose logging redirected to /var/log/wazuh-install.log 11/09/2024 11:06:46 INFO: Verifying that your system meets the recommended minimum hardware requirements. 11/09/2024 11:06:53 INFO: --- Dependencies ---- 11/09/2024 11:06:53 INFO: Installing apt-transport-https. 11/09/2024 11:07:06 INFO: Wazuh repository added. 11/09/2024 11:07:07 INFO: --- Wazuh indexer --- 11/09/2024 11:07:07 INFO: Starting Wazuh indexer installation. 11/09/2024 11:08:07 INFO: Wazuh indexer installation finished. 11/09/2024 11:08:07 INFO: Wazuh indexer post-install configuration finished. 11/09/2024 11:08:07 INFO: Starting service wazuh-indexer. 11/09/2024 11:08:33 INFO: wazuh-indexer service started. 11/09/2024 11:08:33 INFO: Initializing Wazuh indexer cluster security settings. 11/09/2024 11:08:36 INFO: Wazuh indexer cluster initialized. 11/09/2024 11:08:36 INFO: Installation finished. root@ip-172-31-43-240:/home/ubuntu# bash wazuh-install.sh --start-cluster 11/09/2024 11:09:29 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0 11/09/2024 11:09:29 INFO: Verbose logging redirected to /var/log/wazuh-install.log 11/09/2024 11:09:38 INFO: Verifying that your system meets the recommended minimum hardware requirements. 11/09/2024 11:09:45 INFO: Wazuh indexer cluster security configuration initialized. 11/09/2024 11:09:59 INFO: Updating the internal users. 11/09/2024 11:10:03 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder. 11/09/2024 11:10:21 INFO: Wazuh indexer cluster started. root@ip-172-31-43-240:/home/ubuntu# tar -axf wazuh-install-files.tar wazuh-install-files/wazuh-passwords.txt -O | grep -P "\'admin\'" -A 1 indexer_username: 'admin' indexer_password: 'SK1CY2P4VxiJGdl+zb7UV.AEVfupqcP8' root@ip-172-31-43-240:/home/ubuntu# curl -k -u admin:SK1CY2P4VxiJGdl+zb7UV.AEVfupqcP8 https://127.0.0.1:9200 { "name" : "node-1", "cluster_name" : "wazuh-indexer-cluster", "cluster_uuid" : "Qj-6rkgJTwep1dBE7yL9kA", "version" : { "number" : "7.10.2", "build_type" : "deb", "build_hash" : "9fd1835bba77ae04d48550eb4dc9be4787070806", "build_date" : "2024-08-30T10:06:03.028357Z", "build_snapshot" : false, "lucene_version" : "9.10.0", "minimum_wire_compatibility_version" : "7.10.0", "minimum_index_compatibility_version" : "7.0.0" }, "tagline" : "The OpenSearch Project: https://opensearch.org/" } root@ip-172-31-43-240:/home/ubuntu# curl -k -u admin:SK1CY2P4VxiJGdl+zb7UV.AEVfupqcP8 https://127.0.0.1:9200/_cat/nodes?v ip heap.percent ram.percent cpu load_1m load_5m load_15m node.role node.roles cluster_manager name 127.0.0.1 48 53 14 0.10 0.33 0.23 dimr data,ingest,master,remote_cluster_client * node-1 root@ip-172-31-43-240:/home/ubuntu# bash wazuh-install.sh --wazuh-server wazuh-1 11/09/2024 11:13:47 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0 11/09/2024 11:13:47 INFO: Verbose logging redirected to /var/log/wazuh-install.log 11/09/2024 11:13:56 INFO: Verifying that your system meets the recommended minimum hardware requirements. 11/09/2024 11:14:03 INFO: Wazuh repository added. 11/09/2024 11:14:03 INFO: --- Wazuh server --- 11/09/2024 11:14:03 INFO: Starting the Wazuh manager installation. 11/09/2024 11:15:51 INFO: Wazuh manager installation finished. 11/09/2024 11:15:51 INFO: Wazuh manager vulnerability detection configuration finished. 11/09/2024 11:15:51 INFO: Starting service wazuh-manager. 11/09/2024 11:16:14 INFO: wazuh-manager service started. 11/09/2024 11:16:14 INFO: Starting Filebeat installation. 11/09/2024 11:16:32 INFO: Filebeat installation finished. 11/09/2024 11:16:34 INFO: Filebeat post-install configuration finished. 11/09/2024 11:16:39 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password. 11/09/2024 11:17:07 INFO: Starting service filebeat. 11/09/2024 11:17:09 INFO: filebeat service started. 11/09/2024 11:17:09 INFO: Installation finished. root@ip-172-31-43-240:/home/ubuntu# bash wazuh-install.sh --wazuh-dashboard dashboard 11/09/2024 11:18:23 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0 11/09/2024 11:18:23 INFO: Verbose logging redirected to /var/log/wazuh-install.log 11/09/2024 11:18:33 INFO: Verifying that your system meets the recommended minimum hardware requirements. 11/09/2024 11:18:33 INFO: Wazuh web interface port will be 443. 11/09/2024 11:18:41 INFO: --- Dependencies ---- 11/09/2024 11:18:41 INFO: Installing debhelper. 11/09/2024 11:19:33 INFO: Wazuh repository added. 11/09/2024 11:19:33 INFO: --- Wazuh dashboard ---- 11/09/2024 11:19:33 INFO: Starting Wazuh dashboard installation. 11/09/2024 11:20:34 INFO: Wazuh dashboard installation finished. 11/09/2024 11:20:34 INFO: Wazuh dashboard post-install configuration finished. 11/09/2024 11:20:34 INFO: Starting service wazuh-dashboard. 11/09/2024 11:20:35 INFO: wazuh-dashboard service started. 11/09/2024 11:20:59 INFO: Initializing Wazuh dashboard web application. 11/09/2024 11:21:00 INFO: Wazuh dashboard web application initialized. 11/09/2024 11:21:00 INFO: --- Summary --- 11/09/2024 11:21:00 INFO: You can access the web interface https://:443 User: admin Password: SK1CY2P4VxiJGdl+zb7UV.AEVfupqcP8 11/09/2024 11:21:00 INFO: Installation finished. ```
Tests logs: ```shellsession root@ip-172-31-43-240:/home/ubuntu# filebeat test output elasticsearch: https://127.0.0.1:9200... parse url... OK connection... parse host... OK dns lookup... OK addresses: 127.0.0.1 dial up... OK TLS... security: server's certificate chain verification is enabled handshake... OK TLS version: TLSv1.2 dial up... OK talk to server... OK version: 7.10.2 root@ip-172-31-43-240:/home/ubuntu# bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/wazuh-passwords-tool.sh -a -A -au admin -ap SK1CY2P4VxiJGdl+zb7UV.AEVfupqcP8 11/09/2024 14:33:04 INFO: Updating the internal users. 11/09/2024 14:33:12 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder. 11/09/2024 14:33:12 ERROR: Invalid admin user credentials root@ip-172-31-43-240:/home/ubuntu# bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/wazuh-passwords-tool.sh -a -A -au wazuh -ap cIn9KR?24EId0OGQ28FpnEKOHF.Q7*hE 11/09/2024 14:34:01 INFO: Updating the internal users. 11/09/2024 14:34:09 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder. 11/09/2024 14:34:32 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password. 11/09/2024 14:35:11 INFO: The password for user admin is kYyq1H0Opq.xfg4fxDEjl9SEi9qq9kSP 11/09/2024 14:35:11 INFO: The password for user anomalyadmin is xvGtEhp02nuwVxx5h?+egA6UjyKPIjxv 11/09/2024 14:35:11 INFO: The password for user kibanaserver is f.BlpJHO25gDX9IRBRfuGC+WV0Zyi10d 11/09/2024 14:35:11 INFO: The password for user kibanaro is 7c7NzFwxYHoLC+S80egFN1j?hRuVCXtc 11/09/2024 14:35:11 INFO: The password for user logstash is ?Y3Y+o1f+4Bt7BP+jY8.h0pm6GX0.aeZ 11/09/2024 14:35:11 INFO: The password for user readall is uXBQt7hu?A2ML6x2pDh7f*+GFSl9UQXv 11/09/2024 14:35:11 INFO: The password for user snapshotrestore is A20L?FR6lcrPLHd58ooLhGnU37x+D2lM 11/09/2024 14:35:11 WARNING: Wazuh indexer passwords changed. Remember to update the password in the Wazuh dashboard, Wazuh server, and Filebeat nodes if necessary, and restart the services. 11/09/2024 14:35:16 INFO: The password for Wazuh API user wazuh is tNWh8Wj31+f?ujSnCklHf*1voWSG*M6H 11/09/2024 14:35:17 INFO: The password for Wazuh API user wazuh-wui is WK.9Bna7gr5GrTwN2qbfxpeTt.jh.Aw4 11/09/2024 14:35:17 INFO: Updated wazuh-wui user password in wazuh dashboard. Remember to restart the service. ```
Web Dashboard: Landing page: ![landing-page-ubuntu-component](https://github.com/user-attachments/assets/0d6c1f0b-75b8-44e0-90be-c48aac924381) About: ![about-ubuntu-component](https://github.com/user-attachments/assets/1c5b0291-7b66-490c-9d40-6060d7aebde6)

Amazon Linux 2023 :white_check_mark:

Installation logs: ```shellsession [root@ip-172-31-46-224 ec2-user]# bash wazuh-install.sh --generate-config-files 12/09/2024 10:18:52 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0 12/09/2024 10:18:52 INFO: Verbose logging redirected to /var/log/wazuh-install.log 12/09/2024 10:18:52 INFO: Verifying that your system meets the recommended minimum hardware requirements. 12/09/2024 10:18:52 INFO: --- Configuration files --- 12/09/2024 10:18:52 INFO: Generating configuration files. 12/09/2024 10:18:52 INFO: Generating the root certificate. 12/09/2024 10:18:53 INFO: Generating Admin certificates. 12/09/2024 10:18:54 INFO: Generating Wazuh indexer certificates. 12/09/2024 10:18:54 INFO: Generating Filebeat certificates. 12/09/2024 10:18:54 INFO: Generating Wazuh dashboard certificates. 12/09/2024 10:18:55 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation. [root@ip-172-31-46-224 ec2-user]# bash wazuh-install.sh --wazuh-indexer node-1 12/09/2024 10:19:38 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0 12/09/2024 10:19:38 INFO: Verbose logging redirected to /var/log/wazuh-install.log 12/09/2024 10:19:38 INFO: Verifying that your system meets the recommended minimum hardware requirements. 12/09/2024 10:19:39 INFO: Wazuh repository added. 12/09/2024 10:19:39 INFO: --- Wazuh indexer --- 12/09/2024 10:19:39 INFO: Starting Wazuh indexer installation. 12/09/2024 10:20:28 INFO: Wazuh indexer installation finished. 12/09/2024 10:20:28 INFO: Wazuh indexer post-install configuration finished. 12/09/2024 10:20:28 INFO: Starting service wazuh-indexer. 12/09/2024 10:20:52 INFO: wazuh-indexer service started. 12/09/2024 10:20:52 INFO: Initializing Wazuh indexer cluster security settings. 12/09/2024 10:20:53 INFO: Wazuh indexer cluster initialized. 12/09/2024 10:20:53 INFO: Installation finished. [root@ip-172-31-46-224 ec2-user]# bash wazuh-install.sh --start-cluster 12/09/2024 10:40:44 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0 12/09/2024 10:40:44 INFO: Verbose logging redirected to /var/log/wazuh-install.log 12/09/2024 10:40:44 INFO: Verifying that your system meets the recommended minimum hardware requirements. 12/09/2024 10:40:50 INFO: Wazuh indexer cluster security configuration initialized. 12/09/2024 10:41:06 INFO: Updating the internal users. 12/09/2024 10:41:10 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder. 12/09/2024 10:41:27 INFO: Wazuh indexer cluster started. [root@ip-172-31-46-224 ec2-user]# tar -axf wazuh-install-files.tar wazuh-install-files/wazuh-passwords.txt -O | grep -P "\'admin\'" -A 1 indexer_username: 'admin' indexer_password: '1ODub*8rE27HawveSnp34n58yepxQa4e' [root@ip-172-31-46-224 ec2-user]# curl -k -u admin:1ODub*8rE27HawveSnp34n58yepxQa4e https://127.0.0.1:9200 { "name" : "node-1", "cluster_name" : "wazuh-indexer-cluster", "cluster_uuid" : "wa-g9hYWSMCLiMfxaOZPTA", "version" : { "number" : "7.10.2", "build_type" : "rpm", "build_hash" : "9fd1835bba77ae04d48550eb4dc9be4787070806", "build_date" : "2024-08-30T10:04:33.447803Z", "build_snapshot" : false, "lucene_version" : "9.10.0", "minimum_wire_compatibility_version" : "7.10.0", "minimum_index_compatibility_version" : "7.0.0" }, "tagline" : "The OpenSearch Project: https://opensearch.org/" } [root@ip-172-31-46-224 ec2-user]# curl -k -u admin:1ODub*8rE27HawveSnp34n58yepxQa4e https://127.0.0.1:9200/_cat/nodes?v ip heap.percent ram.percent cpu load_1m load_5m load_15m node.role node.roles cluster_manager name 127.0.0.1 61 40 3 0.24 0.19 0.12 dimr data,ingest,master,remote_cluster_client * node-1 [root@ip-172-31-46-224 ec2-user]# bash wazuh-install.sh --wazuh-server wazuh-1 12/09/2024 10:43:41 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0 12/09/2024 10:43:41 INFO: Verbose logging redirected to /var/log/wazuh-install.log 12/09/2024 10:43:41 INFO: Verifying that your system meets the recommended minimum hardware requirements. 12/09/2024 10:43:41 INFO: Wazuh repository added. 12/09/2024 10:43:42 INFO: --- Wazuh server --- 12/09/2024 10:43:42 INFO: Starting the Wazuh manager installation. 12/09/2024 10:44:58 INFO: Wazuh manager installation finished. 12/09/2024 10:44:58 INFO: Wazuh manager vulnerability detection configuration finished. 12/09/2024 10:44:58 INFO: Starting service wazuh-manager. 12/09/2024 10:45:18 INFO: wazuh-manager service started. 12/09/2024 10:45:18 INFO: Starting Filebeat installation. 12/09/2024 10:45:55 INFO: Filebeat installation finished. 12/09/2024 10:45:59 INFO: Filebeat post-install configuration finished. 12/09/2024 10:46:00 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password. 12/09/2024 10:46:28 INFO: Starting service filebeat. 12/09/2024 10:46:30 INFO: filebeat service started. 12/09/2024 10:46:30 INFO: Installation finished. [root@ip-172-31-46-224 ec2-user]# bash wazuh-install.sh --wazuh-dashboard dashboard 12/09/2024 10:49:21 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0 12/09/2024 10:49:21 INFO: Verbose logging redirected to /var/log/wazuh-install.log 12/09/2024 10:49:22 INFO: Verifying that your system meets the recommended minimum hardware requirements. 12/09/2024 10:49:22 INFO: Wazuh web interface port will be 443. 12/09/2024 10:49:22 INFO: Wazuh repository added. 12/09/2024 10:49:22 INFO: --- Wazuh dashboard ---- 12/09/2024 10:49:22 INFO: Starting Wazuh dashboard installation. 12/09/2024 10:51:30 INFO: Wazuh dashboard installation finished. 12/09/2024 10:51:30 INFO: Wazuh dashboard post-install configuration finished. 12/09/2024 10:51:30 INFO: Starting service wazuh-dashboard. 12/09/2024 10:51:31 INFO: wazuh-dashboard service started. 12/09/2024 10:51:53 INFO: Initializing Wazuh dashboard web application. 12/09/2024 10:51:54 INFO: Wazuh dashboard web application initialized. 12/09/2024 10:51:54 INFO: --- Summary --- 12/09/2024 10:51:54 INFO: You can access the web interface https://:443 User: admin Password: 1ODub*8rE27HawveSnp34n58yepxQa4e 12/09/2024 10:51:54 INFO: Installation finished. ```
Tests logs: ```shellsession [root@ip-172-31-46-224 ec2-user]# filebeat test output elasticsearch: https://127.0.0.1:9200... parse url... OK connection... parse host... OK dns lookup... OK addresses: 127.0.0.1 dial up... OK TLS... security: server's certificate chain verification is enabled handshake... OK TLS version: TLSv1.2 dial up... OK talk to server... OK version: 7.10.2 [root@ip-172-31-46-224 ec2-user]# bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/wazuh-passwords-tool.sh -a -A -au wazuh -ap IjiNThuO?uE7pwC*w8f1M11QB+1ijBYV 12/09/2024 11:20:30 INFO: Updating the internal users. 12/09/2024 11:20:37 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder. 12/09/2024 11:20:59 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password. 12/09/2024 11:21:38 INFO: The password for user admin is d+3vKUZqyosc1+npKIR2OEUh3iDMtunw 12/09/2024 11:21:38 INFO: The password for user anomalyadmin is TYuotplr1nj6jEbKy6wzWt*?U30pX07R 12/09/2024 11:21:38 INFO: The password for user kibanaserver is +Yl?pne2*Iy0Cn6h47ebB5bUe.+2kDG* 12/09/2024 11:21:38 INFO: The password for user kibanaro is WqvzGQ?+uST*eoV1RO9a*9Qlo1BSdvxk 12/09/2024 11:21:38 INFO: The password for user logstash is FWVlsdEmfMqdJ*.zim1LEgGG9Czks5Io 12/09/2024 11:21:38 INFO: The password for user readall is 6gYNkG2ATow3OAG54JMfKhyR?sSnI4Aw 12/09/2024 11:21:38 INFO: The password for user snapshotrestore is 2R+yETyBec6jNELBQH+0V9i?+VXYsuGP 12/09/2024 11:21:38 WARNING: Wazuh indexer passwords changed. Remember to update the password in the Wazuh dashboard, Wazuh server, and Filebeat nodes if necessary, and restart the services. 12/09/2024 11:21:41 INFO: The password for Wazuh API user wazuh is R+Uz*yBb6Qc*nHCvu0M8CBsfaa?d6hDA 12/09/2024 11:21:41 INFO: The password for Wazuh API user wazuh-wui is AD.K*EL10nFUADozLY8R9lb9C5Xry*oh 12/09/2024 11:21:41 INFO: Updated wazuh-wui user password in wazuh dashboard. Remember to restart the service. ```
Web Dashboard: Landing page: ![landing-page-amazon-component](https://github.com/user-attachments/assets/c8f621ce-e070-41e6-b476-d1c25c33b471) About: ![about-amazon-components](https://github.com/user-attachments/assets/b7587e40-1e49-45b3-ae21-3af798a95229)

Offline installation :white_check_mark:

Ubuntu 22 :white_check_mark:

Installation logs: ```shellsession root@ip-172-31-41-116:/home/ubuntu# ls wazuh-install-files.tar wazuh-install.sh wazuh-offline.tar.gz root@ip-172-31-41-116:/home/ubuntu# bash wazuh-install.sh --offline-installation --wazuh-indexer node-1 13/09/2024 09:57:58 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0 13/09/2024 09:57:58 INFO: Verbose logging redirected to /var/log/wazuh-install.log 13/09/2024 09:57:58 INFO: Checking installed dependencies for Offline installation. 13/09/2024 09:58:03 INFO: Verifying that your system meets the recommended minimum hardware requirements. 13/09/2024 09:58:04 INFO: Checking prerequisites for Offline installation. 13/09/2024 09:58:07 INFO: Checking wazuh-offline.tar.gz file. 13/09/2024 09:58:18 INFO: --- Wazuh indexer --- 13/09/2024 09:58:18 INFO: Starting Wazuh indexer installation. 13/09/2024 09:59:11 INFO: Wazuh indexer installation finished. 13/09/2024 09:59:11 INFO: Wazuh indexer post-install configuration finished. 13/09/2024 09:59:11 INFO: Starting service wazuh-indexer. 13/09/2024 09:59:35 INFO: wazuh-indexer service started. 13/09/2024 09:59:35 INFO: Initializing Wazuh indexer cluster security settings. 13/09/2024 09:59:38 INFO: Wazuh indexer cluster initialized. 13/09/2024 09:59:38 INFO: Installation finished. root@ip-172-31-41-116:/home/ubuntu# bash wazuh-install.sh --offline-installation --start-cluster 13/09/2024 10:01:24 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0 13/09/2024 10:01:24 INFO: Verbose logging redirected to /var/log/wazuh-install.log 13/09/2024 10:01:24 INFO: Checking installed dependencies for Offline installation. 13/09/2024 10:01:29 INFO: Verifying that your system meets the recommended minimum hardware requirements. 13/09/2024 10:01:29 INFO: Checking wazuh-offline.tar.gz file. 13/09/2024 10:01:35 INFO: Wazuh indexer cluster security configuration initialized. 13/09/2024 10:01:54 INFO: Updating the internal users. 13/09/2024 10:01:58 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder. 13/09/2024 10:02:15 INFO: Wazuh indexer cluster started. root@ip-172-31-41-116:/home/ubuntu# tar -axf wazuh-install-files.tar wazuh-install-files/wazuh-passwords.txt -O | grep -P "\'admin\'" -A 1 indexer_username: 'admin' indexer_password: 'M+dHTlkpqj+U5fQoYLOyYCxFPHyEqXxr' root@ip-172-31-41-116:/home/ubuntu# curl -k -u admin:M+dHTlkpqj+U5fQoYLOyYCxFPHyEqXxr https://127.0.0.1:9200 { "name" : "node-1", "cluster_name" : "wazuh-indexer-cluster", "cluster_uuid" : "O7y4BbMrSOKCCcUTUhy8Jw", "version" : { "number" : "7.10.2", "build_type" : "deb", "build_hash" : "9fd1835bba77ae04d48550eb4dc9be4787070806", "build_date" : "2024-08-30T10:06:03.028357Z", "build_snapshot" : false, "lucene_version" : "9.10.0", "minimum_wire_compatibility_version" : "7.10.0", "minimum_index_compatibility_version" : "7.0.0" }, "tagline" : "The OpenSearch Project: https://opensearch.org/" } root@ip-172-31-41-116:/home/ubuntu# curl -k -u admin:M+dHTlkpqj+U5fQoYLOyYCxFPHyEqXxr https://127.0.0.1:9200/_cat/nodes?v ip heap.percent ram.percent cpu load_1m load_5m load_15m node.role node.roles cluster_manager name 127.0.0.1 51 76 12 0.11 0.41 0.25 dimr data,ingest,master,remote_cluster_client * node-1 root@ip-172-31-41-116:/home/ubuntu# bash wazuh-install.sh --offline-installation --wazuh-server wazuh-1 13/09/2024 10:05:06 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0 13/09/2024 10:05:06 INFO: Verbose logging redirected to /var/log/wazuh-install.log 13/09/2024 10:05:06 INFO: Checking installed dependencies for Offline installation. 13/09/2024 10:05:11 INFO: Verifying that your system meets the recommended minimum hardware requirements. 13/09/2024 10:05:12 INFO: Checking prerequisites for Offline installation. 13/09/2024 10:05:15 INFO: Checking wazuh-offline.tar.gz file. 13/09/2024 10:05:15 INFO: --- Wazuh server --- 13/09/2024 10:05:15 INFO: Starting the Wazuh manager installation. 13/09/2024 10:07:06 INFO: Wazuh manager installation finished. 13/09/2024 10:07:06 INFO: Wazuh manager vulnerability detection configuration finished. 13/09/2024 10:07:06 INFO: Starting service wazuh-manager. 13/09/2024 10:07:30 INFO: wazuh-manager service started. 13/09/2024 10:07:30 INFO: Starting Filebeat installation. 13/09/2024 10:07:51 INFO: Filebeat installation finished. 13/09/2024 10:07:51 INFO: Filebeat post-install configuration finished. 13/09/2024 10:07:56 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password. 13/09/2024 10:08:23 INFO: Starting service filebeat. 13/09/2024 10:08:25 INFO: filebeat service started. 13/09/2024 10:08:26 INFO: Installation finished. root@ip-172-31-41-116:/home/ubuntu# bash wazuh-install.sh --offline-installation --wazuh-dashboard dashboard 13/09/2024 10:12:54 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0 13/09/2024 10:12:54 INFO: Verbose logging redirected to /var/log/wazuh-install.log 13/09/2024 10:12:54 INFO: Checking installed dependencies for Offline installation. 13/09/2024 10:12:59 INFO: Verifying that your system meets the recommended minimum hardware requirements. 13/09/2024 10:12:59 INFO: Wazuh web interface port will be 443. 13/09/2024 10:13:00 INFO: Checking prerequisites for Offline installation. 13/09/2024 10:13:03 INFO: Checking wazuh-offline.tar.gz file. 13/09/2024 10:13:04 INFO: --- Wazuh dashboard ---- 13/09/2024 10:13:04 INFO: Starting Wazuh dashboard installation. 13/09/2024 10:14:02 INFO: Wazuh dashboard installation finished. 13/09/2024 10:14:02 INFO: Wazuh dashboard post-install configuration finished. 13/09/2024 10:14:02 INFO: Starting service wazuh-dashboard. 13/09/2024 10:14:03 INFO: wazuh-dashboard service started. 13/09/2024 10:14:28 INFO: Initializing Wazuh dashboard web application. 13/09/2024 10:14:29 INFO: Wazuh dashboard web application initialized. 13/09/2024 10:14:29 INFO: --- Summary --- 13/09/2024 10:14:29 INFO: You can access the web interface https://:443 User: admin Password: M+dHTlkpqj+U5fQoYLOyYCxFPHyEqXxr 13/09/2024 10:14:29 INFO: Installation finished. ```
Tests logs: ```shellsession root@ip-172-31-41-116:/home/ubuntu# filebeat test output elasticsearch: https://127.0.0.1:9200... parse url... OK connection... parse host... OK dns lookup... OK addresses: 127.0.0.1 dial up... OK TLS... security: server's certificate chain verification is enabled handshake... OK TLS version: TLSv1.2 dial up... OK talk to server... OK version: 7.10.2 root@ip-172-31-41-116:/home/ubuntu# bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/wazuh-passwords-tool.sh -a -A -au wazuh -ap oNEN3+?8B5AOb8GODL4UQeM+DUwkHbiP 13/09/2024 10:19:54 INFO: Updating the internal users. 13/09/2024 10:19:59 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder. 13/09/2024 10:20:13 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password. 13/09/2024 10:20:47 INFO: The password for user admin is HlmPR2E?gWp.ClsYs2*f8ELZwZZs5JMU 13/09/2024 10:20:47 INFO: The password for user anomalyadmin is 8jVd*I6NwASuGlCt927q4Clmg?mreY8h 13/09/2024 10:20:47 INFO: The password for user kibanaserver is Oq.HCY4K.4.va*q65Bx?TMJzq5nLTnqA 13/09/2024 10:20:47 INFO: The password for user kibanaro is OlxjhDd8ugDU+iQaF5uGnURK08gFAA*P 13/09/2024 10:20:47 INFO: The password for user logstash is SvQ.+OzyBlzg64v65yOxuY2vddPRjavL 13/09/2024 10:20:47 INFO: The password for user readall is Z?CE69bwg3zLNdACp4mTFBYXWyXTkNYW 13/09/2024 10:20:47 INFO: The password for user snapshotrestore is 4+uq?uGIuhiqpF5?PgR9QZaS9B1*mruM 13/09/2024 10:20:47 WARNING: Wazuh indexer passwords changed. Remember to update the password in the Wazuh dashboard, Wazuh server, and Filebeat nodes if necessary, and restart the services. 13/09/2024 10:20:49 INFO: The password for Wazuh API user wazuh is ML.E2FZBEgedth0CuPiSMX*WxBZ1nTUr 13/09/2024 10:20:49 INFO: The password for Wazuh API user wazuh-wui is aH1fN5mSmc2w+*M6FOQk0eCmbX3Og6x? 13/09/2024 10:20:49 INFO: Updated wazuh-wui user password in wazuh dashboard. Remember to restart the service. ```
Web Dashboard: Landing page: ![imagen](https://github.com/user-attachments/assets/478abedf-e45d-44ad-b203-08dc69a398e2) About: ![imagen](https://github.com/user-attachments/assets/c814b2d0-fd99-4b93-adf9-62f28f3eca07)

Amazon Linux 2023 :white_check_mark:

Installation logs: ```shellsession [root@ip-172-31-33-251 ec2-user]# ls wazuh-install-files.tar wazuh-install.sh wazuh-offline.tar.gz [root@ip-172-31-33-251 ec2-user]# bash wazuh-install.sh --offline-installation --wazuh-indexer node-1 13/09/2024 09:32:04 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0 13/09/2024 09:32:04 INFO: Verbose logging redirected to /var/log/wazuh-install.log 13/09/2024 09:32:04 INFO: Checking installed dependencies for Offline installation. 13/09/2024 09:32:07 INFO: Verifying that your system meets the recommended minimum hardware requirements. 13/09/2024 09:32:07 INFO: Checking prerequisites for Offline installation. 13/09/2024 09:32:08 INFO: Checking wazuh-offline.tar.gz file. 13/09/2024 09:32:21 INFO: --- Wazuh indexer --- 13/09/2024 09:32:21 INFO: Starting Wazuh indexer installation. 13/09/2024 09:32:45 INFO: Wazuh indexer installation finished. 13/09/2024 09:32:45 INFO: Wazuh indexer post-install configuration finished. 13/09/2024 09:32:45 INFO: Starting service wazuh-indexer. 13/09/2024 09:33:09 INFO: wazuh-indexer service started. 13/09/2024 09:33:09 INFO: Initializing Wazuh indexer cluster security settings. 13/09/2024 09:33:10 INFO: Wazuh indexer cluster initialized. 13/09/2024 09:33:10 INFO: Installation finished. [root@ip-172-31-33-251 ec2-user]# bash wazuh-install.sh --offline-installation --start-cluster 13/09/2024 09:33:46 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0 13/09/2024 09:33:46 INFO: Verbose logging redirected to /var/log/wazuh-install.log 13/09/2024 09:33:46 INFO: Checking installed dependencies for Offline installation. 13/09/2024 09:33:48 INFO: Verifying that your system meets the recommended minimum hardware requirements. 13/09/2024 09:33:48 INFO: Checking wazuh-offline.tar.gz file. 13/09/2024 09:33:55 INFO: Wazuh indexer cluster security configuration initialized. 13/09/2024 09:34:05 INFO: Updating the internal users. 13/09/2024 09:34:10 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder. 13/09/2024 09:34:27 INFO: Wazuh indexer cluster started. [root@ip-172-31-33-251 ec2-user]# tar -axf wazuh-install-files.tar wazuh-install-files/wazuh-passwords.txt -O | grep -P "\'admin\'" -A 1 indexer_username: 'admin' indexer_password: '2ADziTtn?Mq*lqip8rpycDli9EGgNPcY' [root@ip-172-31-33-251 ec2-user]# curl -k -u admin:2ADziTtn?Mq*lqip8rpycDli9EGgNPcY https://127.0.0.1:9200 { "name" : "node-1", "cluster_name" : "wazuh-indexer-cluster", "cluster_uuid" : "WxbFqwmoTfCSW4M7fvQsDA", "version" : { "number" : "7.10.2", "build_type" : "rpm", "build_hash" : "9fd1835bba77ae04d48550eb4dc9be4787070806", "build_date" : "2024-08-30T10:04:33.447803Z", "build_snapshot" : false, "lucene_version" : "9.10.0", "minimum_wire_compatibility_version" : "7.10.0", "minimum_index_compatibility_version" : "7.0.0" }, "tagline" : "The OpenSearch Project: https://opensearch.org/" } [root@ip-172-31-33-251 ec2-user]# curl -k -u admin:2ADziTtn?Mq*lqip8rpycDli9EGgNPcY https://127.0.0.1:9200/_cat/nodes?v ip heap.percent ram.percent cpu load_1m load_5m load_15m node.role node.roles cluster_manager name 127.0.0.1 29 70 16 0.24 0.39 0.20 dimr data,ingest,master,remote_cluster_client * node-1 [root@ip-172-31-33-251 ec2-user]# bash wazuh-install.sh --offline-installation --wazuh-server wazuh-1 13/09/2024 09:37:24 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0 13/09/2024 09:37:24 INFO: Verbose logging redirected to /var/log/wazuh-install.log 13/09/2024 09:37:24 INFO: Checking installed dependencies for Offline installation. 13/09/2024 09:37:27 INFO: Verifying that your system meets the recommended minimum hardware requirements. 13/09/2024 09:37:27 INFO: Checking wazuh-offline.tar.gz file. 13/09/2024 09:37:28 INFO: --- Wazuh server --- 13/09/2024 09:37:28 INFO: Starting the Wazuh manager installation. 13/09/2024 09:38:38 INFO: Wazuh manager installation finished. 13/09/2024 09:38:38 INFO: Wazuh manager vulnerability detection configuration finished. 13/09/2024 09:38:38 INFO: Starting service wazuh-manager. 13/09/2024 09:38:57 INFO: wazuh-manager service started. 13/09/2024 09:38:57 INFO: Starting Filebeat installation. 13/09/2024 09:39:18 INFO: Filebeat installation finished. 13/09/2024 09:39:19 INFO: Filebeat post-install configuration finished. 13/09/2024 09:39:21 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password. 13/09/2024 09:39:47 INFO: Starting service filebeat. 13/09/2024 09:39:48 INFO: filebeat service started. 13/09/2024 09:39:48 INFO: Installation finished. [root@ip-172-31-33-251 ec2-user]# bash wazuh-install.sh --offline-installation --wazuh-dashboard dashboard 13/09/2024 09:42:05 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0 13/09/2024 09:42:05 INFO: Verbose logging redirected to /var/log/wazuh-install.log 13/09/2024 09:42:05 INFO: Checking installed dependencies for Offline installation. 13/09/2024 09:42:07 INFO: Verifying that your system meets the recommended minimum hardware requirements. 13/09/2024 09:42:08 INFO: Wazuh web interface port will be 443. 13/09/2024 09:42:08 INFO: Checking prerequisites for Offline installation. 13/09/2024 09:42:08 INFO: Checking wazuh-offline.tar.gz file. 13/09/2024 09:42:09 INFO: --- Wazuh dashboard ---- 13/09/2024 09:42:09 INFO: Starting Wazuh dashboard installation. 13/09/2024 09:44:01 INFO: Wazuh dashboard installation finished. 13/09/2024 09:44:01 INFO: Wazuh dashboard post-install configuration finished. 13/09/2024 09:44:01 INFO: Starting service wazuh-dashboard. 13/09/2024 09:44:02 INFO: wazuh-dashboard service started. 13/09/2024 09:44:20 INFO: Initializing Wazuh dashboard web application. 13/09/2024 09:44:22 INFO: Wazuh dashboard web application initialized. 13/09/2024 09:44:22 INFO: --- Summary --- 13/09/2024 09:44:22 INFO: You can access the web interface https://:443 User: admin Password: 2ADziTtn?Mq*lqip8rpycDli9EGgNPcY 13/09/2024 09:44:22 INFO: Installation finished. ```
Tests logs: ```shellsession [root@ip-172-31-33-251 ec2-user]# filebeat test output elasticsearch: https://127.0.0.1:9200... parse url... OK connection... parse host... OK dns lookup... OK addresses: 127.0.0.1 dial up... OK TLS... security: server's certificate chain verification is enabled handshake... OK TLS version: TLSv1.2 dial up... OK talk to server... OK version: 7.10.2 [root@ip-172-31-33-251 ec2-user]# bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/wazuh-passwords-tool.sh -a -A -au wazuh -ap ?+0lCak49m2?oeUMihe?cTjp5QUdd*3r 13/09/2024 10:20:55 INFO: Updating the internal users. 13/09/2024 10:21:00 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder. 13/09/2024 10:21:13 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password. 13/09/2024 10:21:47 INFO: The password for user admin is XUh?ZTu9pbwlHZxpK62LmSchppm?opQE 13/09/2024 10:21:47 INFO: The password for user anomalyadmin is 3sXeLK1werKWmdWhOI6.oxIV6msMn1TD 13/09/2024 10:21:47 INFO: The password for user kibanaserver is YMZlanG+JWoQR6G5wYhUkB51d*6s5*Qg 13/09/2024 10:21:47 INFO: The password for user kibanaro is GHYt6N8fHr*1e0fGCD9BJ5t.+sGs?9li 13/09/2024 10:21:47 INFO: The password for user logstash is .oEgVCreq.EomgQiS0Gl9Xi5QZOd.na5 13/09/2024 10:21:47 INFO: The password for user readall is 1tBZ06?D+ts0PK1e**8+lgCo2QaUCL.e 13/09/2024 10:21:47 INFO: The password for user snapshotrestore is Z4tt9*YzySnR05q?dnhedFnnNvT0o7?x 13/09/2024 10:21:47 WARNING: Wazuh indexer passwords changed. Remember to update the password in the Wazuh dashboard, Wazuh server, and Filebeat nodes if necessary, and restart the services. 13/09/2024 10:21:49 INFO: The password for Wazuh API user wazuh is MQTuCZce452rXEw?YKP622giDYFNPzbe 13/09/2024 10:21:50 INFO: The password for Wazuh API user wazuh-wui is 840TirJ1vY6+IGZ*tHBeNOW37b0wXDk9 13/09/2024 10:21:50 INFO: Updated wazuh-wui user password in wazuh dashboard. Remember to restart the service. ```
Web Dashboard: Landing page: ![imagen](https://github.com/user-attachments/assets/01160f7b-f5fd-446c-b8e0-8263eca111d7) About: ![imagen](https://github.com/user-attachments/assets/72faf656-eba9-4c83-b098-148ecf784ce5)