Open iasdeoupxe opened 1 week ago
Adding the following to /var/ossec/api/configuration/api.yaml
:
logs:
level: "debug2"
and restarting wazuh-manager
yields this:
2024/09/05 22:37:38 ERROR: [Errno 13] Permission denied
Traceback (most recent call last):
File "/var/ossec/api/scripts/wazuh_apid.py", line 234, in start
uvicorn.run(app, **params)
File "/var/ossec/framework/python/lib/python3.10/site-packages/uvicorn/main.py", line 587, in run
server.run()
File "/var/ossec/framework/python/lib/python3.10/site-packages/uvicorn/server.py", line 61, in run
return asyncio.run(self.serve(sockets=sockets))
File "/var/ossec/framework/python/lib/python3.10/asyncio/runners.py", line 44, in run
return loop.run_until_complete(main)
File "uvloop/loop.pyx", line 1517, in uvloop.loop.Loop.run_until_complete
File "/var/ossec/framework/python/lib/python3.10/site-packages/uvicorn/server.py", line 68, in serve
config.load()
File "/var/ossec/framework/python/lib/python3.10/site-packages/uvicorn/config.py", line 430, in load
self.ssl: Optional[ssl.SSLContext] = create_ssl_context(
File "/var/ossec/framework/python/lib/python3.10/site-packages/uvicorn/config.py", line 121, in create_ssl_context
ctx.load_cert_chain(certfile, keyfile, get_password)
PermissionError: [Errno 13] Permission denied
Is this maybe due to the following usage of the server certs below? Any chances to improve the error message to include the file which has the permission issues?
# ls -la /var/ossec/api/configuration/ssl/
total 8
drwxrwx--- 2 root wazuh 4096 Nov 4 2022 .
drwxrwx--- 4 root wazuh 4096 Sep 5 22:41 ..
lrwxrwxrwx 1 root root 50 Nov 4 2022 ca.crt -> /etc/letsencrypt/live/example.com/chain.pem
lrwxrwxrwx 1 root root 54 Nov 4 2022 server.crt -> /etc/letsencrypt/live/example.com/fullchain.pem
lrwxrwxrwx 1 root root 52 Nov 4 2022 server.key -> /etc/letsencrypt/live/example.com/privkey.pem
After updating an existing working Wazuh installation from 4.8.2 to 4.9.0 the start of the Wazuh API/wazuh-apid is failing and the following can be seen in the
/var/ossec/logs/api.log
logs:for testing purposes i have also tried to start the daemon manually via:
giving this:
When starting it as root it seems it is starting successfully:
so this seems to be indeed some kind of permission issue. But it is not clear (due to the lack of into in the Permission denied message) what kind of permission issue this is: