rauldpm
commented
1 month ago Tests results
Debian 12
4.8.2 config.yml file checksum
# sha512sum /usr/share/wazuh-indexer/plugins/opensearch-security/tools/config.yml
dba0e4a53a63709a3f39d8916ef29d400108edde5c0c32b5a62922661742711da9d0efe9c17ea73b26cf446954fda6db712d8634ce2e56c710de63fa85fb6aed /usr/share/wazuh-indexer/plugins/opensearch-security/tools/config.yml
# dpkg -L wazuh-indexer | grep config.yml
/etc/wazuh-indexer/opensearch-security/config.yml
/usr/share/wazuh-indexer/plugins/opensearch-security/tools/config.ymlUpgrade to 4.9.1
root@ubuntu18stack:/home/vagrant# apt install ./wazuh-indexer_4.9.1_amd64.deb
Reading package lists... Done
Building dependency tree
Reading state information... Done
Note, selecting 'wazuh-indexer' instead of './wazuh-indexer_4.9.1_amd64.deb'
The following packages will be upgraded:
wazuh-indexer
1 upgraded, 0 newly installed, 0 to remove and 10 not upgraded.
Need to get 0 B/851 MB of archives.
After this operation, 26.8 MB of additional disk space will be used.
Get:1 /home/vagrant/wazuh-indexer_4.9.1_amd64.deb wazuh-indexer amd64 4.9.1-0 [851 MB]
(Reading database ... 220693 files and directories currently installed.)
Preparing to unpack .../wazuh-indexer_4.9.1_amd64.deb ...
Running Wazuh Indexer Pre-Installation Script
Stop existing wazuh-indexer.service
Unpacking wazuh-indexer (4.9.1-0) over (4.8.2-1) ...
Setting up wazuh-indexer (4.9.1-0) ...
Installing new version of config file /etc/default/wazuh-indexer ...
Configuration file '/etc/init.d/wazuh-indexer'
==> Deleted (by you or by a script) since installation.
==> Package distributor has shipped an updated version.
What would you like to do about it ? Your options are:
Y or I : install the package maintainer's version
N or O : keep your currently-installed version
D : show the differences between the versions
Z : start a shell to examine the situation
The default action is to keep your current version.
*** wazuh-indexer (Y/I/N/O/D/Z) [default=N] ? N
Configuration file '/etc/wazuh-indexer/jvm.options'
==> Modified (by you or by a script) since installation.
==> Package distributor has shipped an updated version.
What would you like to do about it ? Your options are:
Y or I : install the package maintainer's version
N or O : keep your currently-installed version
D : show the differences between the versions
Z : start a shell to examine the situation
The default action is to keep your current version.
*** jvm.options (Y/I/N/O/D/Z) [default=N] ? N
Installing new version of config file /etc/wazuh-indexer/log4j2.properties ...
Installing new version of config file /etc/wazuh-indexer/opensearch-performance-analyzer/opensearch_security.policy ...
Configuration file '/etc/wazuh-indexer/opensearch-security/internal_users.yml'
==> Modified (by you or by a script) since installation.
==> Package distributor has shipped an updated version.
What would you like to do about it ? Your options are:
Y or I : install the package maintainer's version
N or O : keep your currently-installed version
D : show the differences between the versions
Z : start a shell to examine the situation
The default action is to keep your current version.
*** internal_users.yml (Y/I/N/O/D/Z) [default=N] ? N
Installing new version of config file /etc/wazuh-indexer/opensearch-security/roles.yml ...
Installing new version of config file /etc/wazuh-indexer/opensearch-security/roles_mapping.yml ...
Running Wazuh Indexer Post-Installation Script
### NOT starting on installation, please execute the following statements to configure wazuh-indexer service to start automatically using systemd
sudo systemctl daemon-reload
sudo systemctl enable wazuh-indexer.service
### You can start wazuh-indexer service by executing
sudo systemctl start wazuh-indexer.service
Processing triggers for systemd (237-3ubuntu10.57) ...
Processing triggers for ureadahead (0.100.0-21) ...4.9.1 config.yml file checksum
# sha512sum /usr/share/wazuh-indexer/plugins/opensearch-security/tools/config.yml
dba0e4a53a63709a3f39d8916ef29d400108edde5c0c32b5a62922661742711da9d0efe9c17ea73b26cf446954fda6db712d8634ce2e56c710de63fa85fb6aed /usr/share/wazuh-indexer/plugins/opensearch-security/tools/config.yml
root@ubuntu18stack:/home/vagrant# ls -l /usr/share/wazuh-indexer/plugins/opensearch-security/tools/
total 100
-rwxr----- 1 wazuh-indexer wazuh-indexer 1388 Sep 19 17:47 audit_config_migrater.sh
-rw-r----- 1 wazuh-indexer wazuh-indexer 636 Sep 19 17:47 config.yml
-rwxr----- 1 wazuh-indexer wazuh-indexer 1392 Sep 19 17:47 hash.sh
-rwxr----- 1 wazuh-indexer wazuh-indexer 1417 Sep 19 17:47 securityadmin.sh
-rw-r----- 1 wazuh-indexer wazuh-indexer 4013 Sep 19 17:47 SECURITY_ADMIN_TESTS.md
-rwxr----- 1 wazuh-indexer wazuh-indexer 36475 Sep 19 17:47 wazuh-certs-tool.sh
-rwxr----- 1 wazuh-indexer wazuh-indexer 44178 Sep 19 17:47 wazuh-passwords-tool.shConclusion
- Upgrade asks to overwrite configuration files
- Upgrade does not ask nor refer to the config.yml file
- The config.yml file does not change and has the same content in 4.8.2 and 4.9.1
CentOS 7
4.8.2 config.yml file checksum
# sha512sum /usr/share/wazuh-indexer/plugins/opensearch-security/tools/config.yml
dba0e4a53a63709a3f39d8916ef29d400108edde5c0c32b5a62922661742711da9d0efe9c17ea73b26cf446954fda6db712d8634ce2e56c710de63fa85fb6aed /usr/share/wazuh-indexer/plugins/opensearch-security/tools/config.yml
# repoquery --installed -l wazuh-indexer | grep config.yml
/etc/wazuh-indexer/opensearch-security/config.yml
/usr/share/wazuh-indexer/plugins/opensearch-security/tools/config.ymlUpgrade to 4.9.1
[root@centos7 vagrant]# yum upgrade wazuh-indexer-4.9.1.x86_64.rpm
Loaded plugins: fastestmirror
Examining wazuh-indexer-4.9.1.x86_64.rpm: wazuh-indexer-4.9.1-0.x86_64
Marking wazuh-indexer-4.9.1.x86_64.rpm as an update to wazuh-indexer-4.8.2-1.x86_64
Resolving Dependencies
--> Running transaction check
---> Package wazuh-indexer.x86_64 0:4.8.2-1 will be updated
---> Package wazuh-indexer.x86_64 0:4.9.1-0 will be an update
--> Finished Dependency Resolution
Dependencies Resolved
========================================================================================================
Package Arch Version Repository Size
========================================================================================================
Updating:
wazuh-indexer x86_64 4.9.1-0 /wazuh-indexer-4.9.1.x86_64 1.0 G
Transaction Summary
========================================================================================================
Upgrade 1 Package
Total size: 1.0 G
Is this ok [y/d/N]: y
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Stop existing wazuh-indexer.service
Updating : wazuh-indexer-4.9.1-0.x86_64 1/2
warning: /etc/wazuh-indexer/jvm.options created as /etc/wazuh-indexer/jvm.options.rpmnew
warning: /etc/wazuh-indexer/opensearch-security/internal_users.yml created as /etc/wazuh-indexer/opensearch-security/internal_users.yml.rpmnew
### NOT starting on installation, please execute the following statements to configure wazuh-indexer service to start automatically using systemd
sudo systemctl daemon-reload
sudo systemctl enable wazuh-indexer.service
### You can start wazuh-indexer service by executing
sudo systemctl start wazuh-indexer.service
Cleanup : wazuh-indexer-4.8.2-1.x86_64 2/2
Verifying : wazuh-indexer-4.9.1-0.x86_64 1/2
Verifying : wazuh-indexer-4.8.2-1.x86_64 2/2
Updated:
wazuh-indexer.x86_64 0:4.9.1-0
Complete!4.9.1 config.yml file checksum
# sha512sum /usr/share/wazuh-indexer/plugins/opensearch-security/tools/config.yml
dba0e4a53a63709a3f39d8916ef29d400108edde5c0c32b5a62922661742711da9d0efe9c17ea73b26cf446954fda6db712d8634ce2e56c710de63fa85fb6aed /usr/share/wazuh-indexer/plugins/opensearch-security/tools/config.yml
# ls -l /usr/share/wazuh-indexer/plugins/opensearch-security/tools/
total 100
-rwxr-----. 1 wazuh-indexer wazuh-indexer 1388 Sep 19 17:55 audit_config_migrater.sh
-rw-r-----. 1 wazuh-indexer wazuh-indexer 636 Sep 19 17:55 config.yml
-rwxr-----. 1 wazuh-indexer wazuh-indexer 1392 Sep 19 17:55 hash.sh
-rwxr-----. 1 wazuh-indexer wazuh-indexer 1417 Sep 19 17:55 securityadmin.sh
-rw-r-----. 1 wazuh-indexer wazuh-indexer 4013 Sep 19 17:55 SECURITY_ADMIN_TESTS.md
-rwxr-----. 1 wazuh-indexer wazuh-indexer 36475 Sep 19 17:55 wazuh-certs-tool.sh
-rwxr-----. 1 wazuh-indexer wazuh-indexer 44178 Sep 19 17:55 wazuh-passwords-tool.shConclusion
- Upgrade does not ask to overwrite configuration files
- Upgrade does not ask nor refer to the config.yml file
- The config.yml file does not change and has the same content in 4.8.2 and 4.9.1
General conclusion
- There is an incongruence between the
.deband the.rpmpackage about how the upgrade handles the configuration files - Probably related https://github.com/wazuh/wazuh-indexer/pull/410
- The config.yml file is not updated and has the same content in both versions
- Found a bug in the Wazuh indexer removal after being upgraded from 4.8.2, reported in https://github.com/wazuh/wazuh-indexer/issues/416
- Found inconsistency in the Debian system in the upgrade process, reported in https://github.com/wazuh/wazuh-indexer/issues/417
- Created issue to improve package generation documentation https://github.com/wazuh/wazuh-indexer/issues/419
- Created issue to fix wrong GitHub reference (version) https://github.com/wazuh/wazuh-indexer/issues/418
hossam1522
Description
We have been requested to test the 4.9.1 Wazuh indexer upgrade and check how the package handles the upgrade, for this, the
/usr/share/wazuh-indexer/plugins/opensearch-security/tools/config.ymlshould be monitored, this file should not change and a new file should be created with the content of the new versionThis should be tested in a CentOS and a Debian system
Tasks