search

wazuh / wazuh

Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
https://wazuh.com/
Other
10.42k stars 1.6k forks source link

Wazuh API/wazuh-apid failing to start after 4.8.2 -> 4.9.0 update: [Errno 13] Permission denied #25604

Open iasdeoupxe opened 1 week ago

iasdeoupxe commented 1 week ago
Wazuh version Component Install type Install method Platform
4.9.0 Wazuh API/wazuh-apid Manager Packages Debian 12.7

After updating an existing working Wazuh installation from 4.8.2 to 4.9.0 the start of the Wazuh API/wazuh-apid is failing and the following can be seen in the /var/ossec/logs/api.log logs:

2024/09/05 20:39:56 INFO: Starting API in foreground
2024/09/05 20:39:56 INFO: Checking RBAC database integrity...
2024/09/05 20:39:56 INFO: /var/ossec/api/configuration/security/rbac.db file was detected
2024/09/05 20:39:56 INFO: RBAC database integrity check finished successfully
2024/09/05 20:39:59 ERROR: [Errno 13] Permission denied

for testing purposes i have also tried to start the daemon manually via:

# /var/ossec/bin/wazuh-apid -f -d -d

giving this:

2024/09/05 22:25:31 INFO: Starting API in foreground
2024/09/05 22:25:31 INFO: Checking RBAC database integrity...
2024/09/05 22:25:31 INFO: /var/ossec/api/configuration/security/rbac.db file was detected
2024/09/05 22:25:31 INFO: RBAC database integrity check finished successfully
2024/09/05 22:25:35 ERROR: [Errno 13] Permission denied
Internal error when trying to start the Wazuh API. [Errno 13] Permission denied

When starting it as root it seems it is starting successfully:

# /var/ossec/bin/wazuh-apid -f -d -d -r
2024/09/05 22:28:58 INFO: Starting API in foreground
2024/09/05 22:28:58 INFO: Starting API as root
2024/09/05 22:28:58 INFO: Checking RBAC database integrity...
2024/09/05 22:28:58 INFO: /var/ossec/api/configuration/security/rbac.db file was detected
2024/09/05 22:28:58 INFO: RBAC database integrity check finished successfully
2024/09/05 22:29:01 INFO: Listening on 0.0.0.0:55000.
2024/09/05 22:29:01 INFO: Getting installation UID...
2024/09/05 22:29:01 INFO: Getting updates information...

so this seems to be indeed some kind of permission issue. But it is not clear (due to the lack of into in the Permission denied message) what kind of permission issue this is:

  1. Some TLS certificate file / path issue?
  2. Some log file / path issue?
  3. Port / interface listening issue?
  4. Something else?
iasdeoupxe commented 1 week ago

Adding the following to /var/ossec/api/configuration/api.yaml:

logs:
  level: "debug2"

and restarting wazuh-manager yields this:

2024/09/05 22:37:38 ERROR: [Errno 13] Permission denied 
Traceback (most recent call last):
  File "/var/ossec/api/scripts/wazuh_apid.py", line 234, in start
    uvicorn.run(app, **params)
  File "/var/ossec/framework/python/lib/python3.10/site-packages/uvicorn/main.py", line 587, in run
    server.run()
  File "/var/ossec/framework/python/lib/python3.10/site-packages/uvicorn/server.py", line 61, in run
    return asyncio.run(self.serve(sockets=sockets))
  File "/var/ossec/framework/python/lib/python3.10/asyncio/runners.py", line 44, in run
    return loop.run_until_complete(main)
  File "uvloop/loop.pyx", line 1517, in uvloop.loop.Loop.run_until_complete
  File "/var/ossec/framework/python/lib/python3.10/site-packages/uvicorn/server.py", line 68, in serve
    config.load()
  File "/var/ossec/framework/python/lib/python3.10/site-packages/uvicorn/config.py", line 430, in load
    self.ssl: Optional[ssl.SSLContext] = create_ssl_context(
  File "/var/ossec/framework/python/lib/python3.10/site-packages/uvicorn/config.py", line 121, in create_ssl_context 
    ctx.load_cert_chain(certfile, keyfile, get_password)
PermissionError: [Errno 13] Permission denied
iasdeoupxe commented 1 week ago

Is this maybe due to the following usage of the server certs below? Any chances to improve the error message to include the file which has the permission issues?

# ls -la /var/ossec/api/configuration/ssl/
total 8
drwxrwx--- 2 root wazuh 4096 Nov  4  2022 .
drwxrwx--- 4 root wazuh 4096 Sep  5 22:41 ..
lrwxrwxrwx 1 root root    50 Nov  4  2022 ca.crt -> /etc/letsencrypt/live/example.com/chain.pem
lrwxrwxrwx 1 root root    54 Nov  4  2022 server.crt -> /etc/letsencrypt/live/example.com/fullchain.pem
lrwxrwxrwx 1 root root    52 Nov  4  2022 server.key -> /etc/letsencrypt/live/example.com/privkey.pem