search

wazuh / wazuh

Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
https://wazuh.com/
Other
10.69k stars 1.64k forks source link

Release 4.9.1 - RC1 - Docker and Kubernetes upgrade #25851

Closed davidcr01 closed 3 weeks ago

davidcr01 commented 3 weeks ago

The following test will review the operation of the upgrade of the environments deployed with Docker and Kubernetes, starting with the productive version v4.9.0 and ending with version v4.9.1-rc1.
Main release candidate issue https://github.com/wazuh/wazuh/issues/25833
Version 4.9.1
Release candidate # Beta RC1
Tag v4.9.1-rc1
Previous Docker and Kubernetes upgrade https://github.com/wazuh/wazuh/issues/25061

For the conclusions and the issue testing and updates, use the following legend:

Status legend

#

Deployment Kubernetes requirements

Component Installation Type OS
Indexer Deployment on Kubernetes - -
Server Deployment on Kubernetes - -
Dashboard Deployment on Kubernetes - -

Test description

Test Upgrade Wazuh installed in Kubernetes.

Remember to update the version of the Docker image to point to the current v4.9.1-rc1 under tests.

#

Deployment Docker requirements

Component Installation Type OS
Indexer Deployment on docker Single node and multi node -
Server Deployment on docker Single node and multi node -
Dashboard Deployment on docker - -

Test description

Test deployment of Docker repository.

Remember to edit docker-compose.yml to deploy the adequate development version for this v4.9.1-rc1.

Conclusions

Summarize the errors detected (Known Issues included). Illustrate using the table below. REMOVE CURRENT EXAMPLES:

Status Test Failure type Notes
🔴 Upgrade Docker single-node deployment 🔴 New issue: https://github.com/wazuh/wazuh-documentation/issues/7807
🔴 Upgrade Docker multi-node deployment 🔴 New issue: https://github.com/wazuh/wazuh-documentation/issues/7807
🔴 Upgrade Kubernetes deployment 🔴 New issue: https://github.com/wazuh/wazuh-documentation/issues/7809

Reviewers validation

The criteria for completing this task are based on the validation of the conclusions and the test results by all reviewers.

All the checkboxes below must be marked in order to close this issue.

Enaraque commented 3 weeks ago

Upgrade Wazuh single-node on Docker 🟢

Deploy Wazuh v4.9.0 single-node on Docker:

Logs ``` Console root@ip-172-31-45-171:/home/ubuntu# git clone https://github.com/wazuh/wazuh-docker.git -b v4.9.0 Cloning into 'wazuh-docker'... remote: Enumerating objects: 13590, done. remote: Counting objects: 100% (910/910), done. remote: Compressing objects: 100% (498/498), done. remote: Total 13590 (delta 454), reused 802 (delta 380), pack-reused 12680 (from 1) Receiving objects: 100% (13590/13590), 314.65 MiB | 31.82 MiB/s, done. Resolving deltas: 100% (7083/7083), done. Note: switching to 'cb63566719ce2e78b9d3c111a0a61d743fc699fc'. You are in 'detached HEAD' state. You can look around, make experimental changes and commit them, and you can discard any commits you make in this state without impacting any branches by switching back to a branch. If you want to create a new branch to retain commits you create, you may do so (now or later) by using -c with the switch command. Example: git switch -c Or undo this operation with: git switch - Turn off this advice by setting config variable advice.detachedHead to false root@ip-172-31-45-171:/home/ubuntu# cd wazuh-docker/ root@ip-172-31-45-171:/home/ubuntu/wazuh-docker# cd single-node/ root@ip-172-31-45-171:/home/ubuntu/wazuh-docker/single-node# docker-compose -f generate-indexer-certs.yml run --rm generator [+] Running 1/1 ⠿ Network single-node_default Created 0.2s [+] Running 5/5 ⠿ generator Pulled 3.6s ⠿ 17d0386c2fff Pull complete 2.4s ⠿ 7ce91ec7d1d3 Pull complete 3.4s ⠿ 5249716d429c Pull complete 3.4s ⠿ d7003467fd14 Pull complete 3.4s The tool to create the certificates exists in the in Packages bucket 23/09/2024 08:54:52 INFO: Generating the root certificate. 23/09/2024 08:54:52 INFO: Generating Admin certificates. 23/09/2024 08:54:52 INFO: Admin certificates created. 23/09/2024 08:54:52 INFO: Generating Wazuh indexer certificates. 23/09/2024 08:54:52 INFO: Wazuh indexer certificates created. 23/09/2024 08:54:52 INFO: Generating Filebeat certificates. 23/09/2024 08:54:52 INFO: Wazuh Filebeat certificates created. 23/09/2024 08:54:52 INFO: Generating Wazuh dashboard certificates. 23/09/2024 08:54:52 INFO: Wazuh dashboard certificates created. Moving created certificates to the destination directory Changing certificate permissions Setting UID indexer and dashboard Setting UID for wazuh manager and worker root@ip-172-31-45-171:/home/ubuntu/wazuh-docker/single-node# docker-compose up -d [+] Running 44/44 ⠿ wazuh.dashboard Pulled 86.8s ⠿ d69f1c40cdd2 Pull complete 20.8s ⠿ 23db20106b4e Pull complete 21.4s ⠿ a786ffa9b469 Pull complete 22.0s ⠿ d1e1d6602142 Pull complete 22.5s ⠿ 89bb95e67fe9 Pull complete 23.2s ⠿ 2a4730cba52e Pull complete 23.6s ⠿ 378daa8a0ede Pull complete 24.0s ⠿ fea0bf982a0c Pull complete 24.1s ⠿ 3c335d67b26d Pull complete 86.6s ⠿ 79ca90777905 Pull complete 86.6s ⠿ 6c3009a0a8d3 Pull complete 86.6s ⠿ wazuh.manager Pulled 51.6s ⠿ 2b2620593fa7 Pull complete 7.1s ⠿ 7744edc44346 Pull complete 8.3s ⠿ 391bf73741c5 Pull complete 8.3s ⠿ 7b05dda979cf Pull complete 8.4s ⠿ fc1cef51f0ac Pull complete 8.6s ⠿ c315b9766eeb Pull complete 8.7s ⠿ 791381ef8a52 Pull complete 8.8s ⠿ cbc01960a0c6 Pull complete 50.9s ⠿ b021e912a530 Pull complete 51.0s ⠿ e18e1eeb7552 Pull complete 51.0s ⠿ 96920bf35360 Pull complete 51.1s ⠿ ff8839290f29 Pull complete 51.1s ⠿ 3b3fa7a47215 Pull complete 51.1s ⠿ d2d7e54b851e Pull complete 51.2s ⠿ 90acd0227241 Pull complete 51.4s ⠿ wazuh.indexer Pulled 72.3s ⠿ f9dd052e142d Pull complete 7.0s ⠿ 2f8354c90bfc Pull complete 9.5s ⠿ fa249f6889bf Pull complete 9.5s ⠿ f608eb455c9a Pull complete 9.7s ⠿ 5ef66777e3d3 Pull complete 9.8s ⠿ 48a66c1138a6 Pull complete 9.8s ⠿ 943c1d0235ee Pull complete 9.8s ⠿ 1d5f05b7a27c Pull complete 9.8s ⠿ 9092330cb249 Pull complete 10.1s ⠿ 3946f6b8a01c Pull complete 52.0s ⠿ 6907bd94efad Pull complete 52.1s ⠿ 3641d8f13081 Pull complete 52.1s ⠿ 4f4fb700ef54 Pull complete 86.7s ⠿ 005448c3a277 Pull complete 71.8s ⠿ fd952b3f8660 Pull complete 72.2s [+] Running 17/17 ⠿ Volume "single-node_wazuh_etc" Created 0.0s ⠿ Volume "single-node_wazuh-dashboard-config" Created 0.0s ⠿ Volume "single-node_filebeat_etc" Created 0.0s ⠿ Volume "single-node_wazuh_queue" Created 0.0s ⠿ Volume "single-node_wazuh_api_configuration" Created 0.0s ⠿ Volume "single-node_wazuh_var_multigroups" Created 0.0s ⠿ Volume "single-node_wazuh_active_response" Created 0.0s ⠿ Volume "single-node_wazuh_integrations" Created 0.0s ⠿ Volume "single-node_wazuh_wodles" Created 0.0s ⠿ Volume "single-node_wazuh_logs" Created 0.0s ⠿ Volume "single-node_wazuh_agentless" Created 0.0s ⠿ Volume "single-node_wazuh-indexer-data" Created 0.0s ⠿ Volume "single-node_wazuh-dashboard-custom" Created 0.0s ⠿ Volume "single-node_filebeat_var" Created 0.0s ⠿ Container single-node-wazuh.indexer-1 Started 4.5s ⠿ Container single-node-wazuh.manager-1 Started 4.7s ⠿ Container single-node-wazuh.dashboard-1 Started root@ip-172-31-45-171:/home/ubuntu/wazuh-docker/single-node# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 9c2610abdc8a wazuh/wazuh-dashboard:4.9.0 "/entrypoint.sh" 4 minutes ago Up 4 minutes 443/tcp, 0.0.0.0:443->5601/tcp, [::]:443->5601/tcp single-node-wazuh.dashboard-1 a0a673b2088e wazuh/wazuh-manager:4.9.0 "/init" 4 minutes ago Up 4 minutes 0.0.0.0:1514-1515->1514-1515/tcp, :::1514-1515->1514-1515/tcp, 0.0.0.0:514->514/udp, :::514->514/udp, 0.0.0.0:55000->55000/tcp, :::55000->55000/tcp, 1516/tcp single-node-wazuh.manager-1 038cd84961c3 wazuh/wazuh-indexer:4.9.0 "/entrypoint.sh open…" 4 minutes ago Up 4 minutes 0.0.0.0:9200->9200/tcp, :::9200->9200/tcp single-node-wazuh.indexer-1 ```
Screenshots ![Captura de pantalla 2024-09-23 a las 11 04 47](https://github.com/user-attachments/assets/7780f1d2-33b5-4080-b02b-4d217cb939a5) ![Captura de pantalla 2024-09-23 a las 11 07 41](https://github.com/user-attachments/assets/ed51f996-1909-46ab-b0ec-9faf2b80af72) ![Captura de pantalla 2024-09-23 a las 11 05 14](https://github.com/user-attachments/assets/1823035a-49a8-4e8d-8a2b-e4d63670f146)

Turn off Wazuh containers before upgrading and checkout new tag:

Logs ``` console root@ip-172-31-45-171:/home/ubuntu/wazuh-docker/single-node# docker-compose down [+] Running 4/4 â ¿ Container single-node-wazuh.dashboard-1 Removed 10.5s â ¿ Container single-node-wazuh.manager-1 Removed 4.1s â ¿ Container single-node-wazuh.indexer-1 Removed 0.7s â ¿ Network single-node_default Removed 0.2s root@ip-172-31-45-171:/home/ubuntu/wazuh-docker/single-node# cd .. root@ip-172-31-45-171:/home/ubuntu/wazuh-docker# git checkout v4.9.1-rc1 Previous HEAD position was cb63566 Merge pull request #1526 from wazuh/enhancement/1520-revert-create_user.py-script-deletion HEAD is now at a335684 Merge pull request #1533 from wazuh/enhancement/1531-change-image-tag ```

Deploy Wazuh v4.9.1 single-node:

Logs ``` console root@ip-172-31-45-171:/home/ubuntu/wazuh-docker# cd single-node/ root@ip-172-31-45-171:/home/ubuntu/wazuh-docker/single-node# docker-compose up -d [+] Running 44/44 ⠿ wazuh.manager Pulled 64.8s ⠿ 18948b32a00f Pull complete 2.2s ⠿ 49926de7388e Pull complete 4.0s ⠿ 599ebd4b69d2 Pull complete 4.1s ⠿ 9a28977a4a66 Pull complete 4.1s ⠿ 723c78f17703 Pull complete 4.2s ⠿ fa39c39b03e5 Pull complete 4.2s ⠿ 97e01c5bc06f Pull complete 4.3s ⠿ 844d8e5404e9 Pull complete 57.2s ⠿ 73157849c3b7 Pull complete 57.5s ⠿ e09976b5cdc3 Pull complete 57.7s ⠿ a190ef1688a4 Pull complete 57.9s ⠿ 341b0e106afb Pull complete 58.3s ⠿ 5f6578690cec Pull complete 58.7s ⠿ e253f394893b Pull complete 64.4s ⠿ 90dcea1dfab9 Pull complete 64.5s ⠿ wazuh.indexer Pulled 83.5s ⠿ f9dd052e142d Already exists 0.0s ⠿ 573a16d9c30e Pull complete 3.7s ⠿ b16dbfd04609 Pull complete 3.7s ⠿ 6a0976a96989 Pull complete 3.8s ⠿ 8b3885432d17 Pull complete 3.8s ⠿ f31d44a7ee95 Pull complete 3.9s ⠿ 9c9b783c5ad2 Pull complete 3.9s ⠿ 61508b2c2d3e Pull complete 3.9s ⠿ 56d14d0f7f09 Pull complete 4.0s ⠿ 6176661b726c Pull complete 62.2s ⠿ 3ab953715e16 Pull complete 62.5s ⠿ eb9961950b77 Pull complete 62.6s ⠿ 4f4fb700ef54 Pull complete 94.2s ⠿ 76f1b4c098bd Pull complete 83.3s ⠿ ccd42b972410 Pull complete 83.3s ⠿ wazuh.dashboard Pulled 94.4s ⠿ d87f318fb750 Pull complete 23.2s ⠿ f40abf1acb3f Pull complete 23.5s ⠿ dd7c91874fce Pull complete 24.0s ⠿ e5b3322b95df Pull complete 24.2s ⠿ 0f2b7e15e46b Pull complete 24.4s ⠿ 465c8951e3e5 Pull complete 24.6s ⠿ 6df089bb0fac Pull complete 24.8s ⠿ 5fef75647a0d Pull complete 25.1s ⠿ b9be18020d90 Pull complete 94.1s ⠿ f3ceb219b793 Pull complete 94.1s ⠿ 89a7dfcbac0b Pull complete 94.1s [+] Running 4/4 ⠿ Network single-node_default Created 0.1s ⠿ Container single-node-wazuh.indexer-1 Started 4.5s ⠿ Container single-node-wazuh.manager-1 Started 4.6s ⠿ Container single-node-wazuh.dashboard-1 Started root@ip-172-31-45-171:/home/ubuntu/wazuh-docker/single-node# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 7384b1896bff wazuh/wazuh-dashboard:4.9.1-rc1 "/entrypoint.sh" About a minute ago Up About a minute 443/tcp, 0.0.0.0:443->5601/tcp, [::]:443->5601/tcp single-node-wazuh.dashboard-1 8e47e4f91e8c wazuh/wazuh-manager:4.9.1-rc1 "/init" About a minute ago Up About a minute 0.0.0.0:1514-1515->1514-1515/tcp, :::1514-1515->1514-1515/tcp, 0.0.0.0:514->514/udp, :::514->514/udp, 0.0.0.0:55000->55000/tcp, :::55000->55000/tcp, 1516/tcp single-node-wazuh.manager-1 c4433d6eda69 wazuh/wazuh-indexer:4.9.1-rc1 "/entrypoint.sh open…" About a minute ago Up About a minute 0.0.0.0:9200->9200/tcp, :::9200->9200/tcp single-node-wazuh.indexer-1 ```
Screenshots ![Captura de pantalla 2024-09-23 a las 11 27 33](https://github.com/user-attachments/assets/bf4844f2-8e24-4f08-83d6-87fdec1e752b) ![Captura de pantalla 2024-09-23 a las 11 27 47](https://github.com/user-attachments/assets/9f5447fc-4ae5-4af8-8cb9-ad197f768bca) ![Captura de pantalla 2024-09-23 a las 11 28 01](https://github.com/user-attachments/assets/f18042b5-68e9-4cad-ae6d-68649a6aeea7)
ossec.log ``` java root@ip-172-31-45-171:/home/ubuntu/wazuh-docker/single-node# docker exec -it single-node-wazuh.manager-1 cat /var/ossec/logs/ossec.log 2024/09/23 08:58:26 wazuh-modulesd:router: INFO: Loaded router module. 2024/09/23 08:58:26 wazuh-modulesd:content_manager: INFO: Loaded content_manager module. 2024/09/23 08:58:35 wazuh-csyslogd: INFO: Remote syslog server not configured. Clean exit. 2024/09/23 08:58:35 wazuh-dbd: INFO: Database not configured. Clean exit. 2024/09/23 08:58:35 wazuh-integratord: INFO: Remote integrations not configured. Clean exit. 2024/09/23 08:58:35 wazuh-agentlessd: INFO: Not configured. Exiting. 2024/09/23 08:58:35 wazuh-authd: INFO: Started (pid: 602). 2024/09/23 08:58:35 wazuh-authd: INFO: Accepting connections on port 1515. No password required. 2024/09/23 08:58:35 wazuh-authd: INFO: Setting network timeout to 1.000000 sec. 2024/09/23 08:58:36 wazuh-db: INFO: Started (pid: 619). 2024/09/23 08:58:37 wazuh-db: INFO: Created Global database backup "backup/db/global.db-backup-2024-09-23-08:58:37.gz" 2024/09/23 08:58:37 wazuh-execd: INFO: Started (pid: 645). 2024/09/23 08:58:40 wazuh-syscheckd: INFO: Started (pid: 672). 2024/09/23 08:58:40 wazuh-syscheckd: INFO: (6003): Monitoring path: '/bin', with options 'size | permissions | owner | group | mtime | inode | hash_md5 | hash_sha1 | hash_sha256 | scheduled'. 2024/09/23 08:58:40 wazuh-syscheckd: INFO: (6003): Monitoring path: '/boot', with options 'size | permissions | owner | group | mtime | inode | hash_md5 | hash_sha1 | hash_sha256 | scheduled'. 2024/09/23 08:58:40 wazuh-syscheckd: INFO: (6003): Monitoring path: '/etc', with options 'size | permissions | owner | group | mtime | inode | hash_md5 | hash_sha1 | hash_sha256 | scheduled'. 2024/09/23 08:58:40 wazuh-syscheckd: INFO: (6003): Monitoring path: '/sbin', with options 'size | permissions | owner | group | mtime | inode | hash_md5 | hash_sha1 | hash_sha256 | scheduled'. 2024/09/23 08:58:40 wazuh-syscheckd: INFO: (6003): Monitoring path: '/usr/bin', with options 'size | permissions | owner | group | mtime | inode | hash_md5 | hash_sha1 | hash_sha256 | scheduled'. 2024/09/23 08:58:40 wazuh-syscheckd: INFO: (6003): Monitoring path: '/usr/sbin', with options 'size | permissions | owner | group | mtime | inode | hash_md5 | hash_sha1 | hash_sha256 | scheduled'. 2024/09/23 08:58:40 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/mtab' 2024/09/23 08:58:40 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/hosts.deny' 2024/09/23 08:58:40 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/mail/statistics' 2024/09/23 08:58:40 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/random-seed' 2024/09/23 08:58:40 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/random.seed' 2024/09/23 08:58:40 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/adjtime' 2024/09/23 08:58:40 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/httpd/logs' 2024/09/23 08:58:40 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/utmpx' 2024/09/23 08:58:40 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/wtmpx' 2024/09/23 08:58:40 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/cups/certs' 2024/09/23 08:58:40 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/dumpdates' 2024/09/23 08:58:40 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/svc/volatile' 2024/09/23 08:58:40 wazuh-syscheckd: INFO: (6207): Ignore 'file' sregex '.log$|.swp$' 2024/09/23 08:58:40 wazuh-syscheckd: INFO: (6004): No diff for file: '/etc/ssl/private.key' 2024/09/23 08:58:40 wazuh-syscheckd: INFO: (6000): Starting daemon... 2024/09/23 08:58:40 wazuh-syscheckd: INFO: (6010): File integrity monitoring scan frequency: 43200 seconds 2024/09/23 08:58:40 wazuh-syscheckd: INFO: (6008): File integrity monitoring scan started. 2024/09/23 08:58:40 rootcheck: INFO: Starting rootcheck scan. 2024/09/23 08:58:41 wazuh-remoted: INFO: Started (pid: 690). Listening on port 1514/TCP (secure). 2024/09/23 08:58:41 wazuh-remoted: INFO: (1410): Reading authentication keys file. 2024/09/23 08:58:41 wazuh-analysisd: INFO: Total rules enabled: '7006' 2024/09/23 08:58:41 wazuh-analysisd: INFO: Started (pid: 658). 2024/09/23 08:58:41 wazuh-analysisd: INFO: EPS limit disabled 2024/09/23 08:58:41 wazuh-analysisd: INFO: (7200): Logtest started 2024/09/23 08:58:42 wazuh-logcollector: INFO: Monitoring output of command(360): df -P 2024/09/23 08:58:42 wazuh-logcollector: INFO: Monitoring full output of command(360): netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d 2024/09/23 08:58:42 wazuh-logcollector: INFO: Monitoring full output of command(360): last -n 20 2024/09/23 08:58:42 wazuh-logcollector: INFO: (1950): Analyzing file: '/var/ossec/logs/active-responses.log'. 2024/09/23 08:58:42 wazuh-logcollector: INFO: Started (pid: 757). 2024/09/23 08:58:43 wazuh-monitord: INFO: Started (pid: 776). 2024/09/23 08:58:44 wazuh-modulesd:router: INFO: Loaded router module. 2024/09/23 08:58:44 wazuh-modulesd:content_manager: INFO: Loaded content_manager module. 2024/09/23 08:58:44 wazuh-modulesd: INFO: Started (pid: 797). 2024/09/23 08:58:44 wazuh-modulesd:ciscat: INFO: Module disabled. Exiting... 2024/09/23 08:58:44 wazuh-modulesd:control: INFO: Starting control thread. 2024/09/23 08:58:44 wazuh-modulesd:osquery: INFO: Module disabled. Exiting... 2024/09/23 08:58:44 wazuh-modulesd:download: INFO: Module started. 2024/09/23 08:58:44 wazuh-modulesd:database: INFO: Module started. 2024/09/23 08:58:44 wazuh-modulesd:content_manager: INFO: Starting content_manager module. 2024/09/23 08:58:44 wazuh-modulesd:router: INFO: Starting router module. 2024/09/23 08:58:44 wazuh-modulesd:vulnerability-scanner: INFO: Starting vulnerability_scanner module. 2024/09/23 08:58:44 sca: INFO: Module started. 2024/09/23 08:58:44 sca: INFO: Loaded policy '/var/ossec/ruleset/sca/cis_amazon_linux_2023.yml' 2024/09/23 08:58:44 sca: INFO: Starting Security Configuration Assessment scan. 2024/09/23 08:58:44 wazuh-modulesd:agent-upgrade: INFO: (8153): Module Agent Upgrade started. 2024/09/23 08:58:44 wazuh-modulesd:task-manager: INFO: (8200): Module Task Manager started. 2024/09/23 08:58:44 wazuh-modulesd:syscollector: INFO: Module started. 2024/09/23 08:58:44 wazuh-modulesd:syscollector: INFO: Starting evaluation. 2024/09/23 08:58:44 sca: INFO: Starting evaluation of policy: '/var/ossec/ruleset/sca/cis_amazon_linux_2023.yml' 2024/09/23 08:58:45 indexer-connector: WARNING: IndexerConnector initialization failed for index 'wazuh-states-vulnerabilities-wazuh.manager', retrying until the connection is successful. 2024/09/23 08:58:45 wazuh-modulesd:vulnerability-scanner: INFO: Starting database file decompression. 2024/09/23 08:58:45 wazuh-modulesd:syscollector: INFO: Evaluation finished. 2024/09/23 08:58:52 wazuh-syscheckd: INFO: (6009): File integrity monitoring scan ended. 2024/09/23 08:58:52 wazuh-syscheckd: INFO: FIM sync module started. 2024/09/23 08:59:28 sca: INFO: Evaluation finished for policy '/var/ossec/ruleset/sca/cis_amazon_linux_2023.yml' 2024/09/23 08:59:28 sca: INFO: Security Configuration Assessment scan finished. Duration: 44 seconds. 2024/09/23 08:59:30 rootcheck: INFO: Ending rootcheck scan. 2024/09/23 08:59:49 indexer-connector: INFO: IndexerConnector initialized successfully for index: wazuh-states-vulnerabilities-wazuh.manager. 2024/09/23 09:01:00 wazuh-modulesd:vulnerability-scanner: INFO: Database decompression finished. 2024/09/23 09:01:01 wazuh-modulesd:vulnerability-scanner: INFO: Vulnerability scanner module started. 2024/09/23 09:07:08 wazuh-modulesd:vulnerability-scanner: INFO: Initiating update feed process. 2024/09/23 09:09:32 wazuh-authd: INFO: (1225): SIGNAL [(1)-(Hangup)] Received. Exit Cleaning... 2024/09/23 09:09:32 wazuh-db: INFO: (1225): SIGNAL [(1)-(Hangup)] Received. Exit Cleaning... 2024/09/23 09:09:32 wazuh-execd: INFO: (1314): Shutdown received. Deleting responses. 2024/09/23 09:09:32 wazuh-execd: INFO: (1225): SIGNAL [(15)-(Terminated)] Received. Exit Cleaning... 2024/09/23 09:09:32 wazuh-logcollector: INFO: (1225): SIGNAL [(15)-(Terminated)] Received. Exit Cleaning... 2024/09/23 09:09:32 wazuh-authd: INFO: (1225): SIGNAL [(15)-(Terminated)] Received. Exit Cleaning... 2024/09/23 09:09:32 wazuh-db: INFO: (1225): SIGNAL [(15)-(Terminated)] Received. Exit Cleaning... 2024/09/23 09:09:32 wazuh-analysisd: INFO: (1225): SIGNAL [(15)-(Terminated)] Received. Exit Cleaning... 2024/09/23 09:09:32 wazuh-syscheckd: INFO: (1756): Shutdown received. Releasing resources. 2024/09/23 09:09:32 wazuh-remoted: INFO: (1225): SIGNAL [(15)-(Terminated)] Received. Exit Cleaning... 2024/09/23 09:09:32 wazuh-monitord: INFO: (1225): SIGNAL [(15)-(Terminated)] Received. Exit Cleaning... 2024/09/23 09:09:32 wazuh-syscheckd: INFO: (1225): SIGNAL [(15)-(Terminated)] Received. Exit Cleaning... 2024/09/23 09:09:32 wazuh-db: INFO: Graceful process shutdown. 2024/09/23 09:09:32 wazuh-authd: INFO: Exiting... 2024/09/23 09:25:08 wazuh-modulesd:router: INFO: Loaded router module. 2024/09/23 09:25:08 wazuh-modulesd:content_manager: INFO: Loaded content_manager module. 2024/09/23 09:25:17 wazuh-csyslogd: INFO: Remote syslog server not configured. Clean exit. 2024/09/23 09:25:17 wazuh-dbd: INFO: Database not configured. Clean exit. 2024/09/23 09:25:17 wazuh-integratord: INFO: Remote integrations not configured. Clean exit. 2024/09/23 09:25:17 wazuh-agentlessd: INFO: Not configured. Exiting. 2024/09/23 09:25:17 wazuh-authd: INFO: Started (pid: 592). 2024/09/23 09:25:17 wazuh-authd: INFO: Accepting connections on port 1515. No password required. 2024/09/23 09:25:17 wazuh-authd: INFO: Setting network timeout to 1.000000 sec. 2024/09/23 09:25:18 wazuh-db: INFO: Started (pid: 611). 2024/09/23 09:25:19 wazuh-db: INFO: Created Global database backup "backup/db/global.db-backup-2024-09-23-09:25:19.gz" 2024/09/23 09:25:19 wazuh-execd: INFO: Started (pid: 635). 2024/09/23 09:25:22 wazuh-syscheckd: INFO: Started (pid: 665). 2024/09/23 09:25:22 wazuh-syscheckd: INFO: (6003): Monitoring path: '/bin', with options 'size | permissions | owner | group | mtime | inode | hash_md5 | hash_sha1 | hash_sha256 | scheduled'. 2024/09/23 09:25:22 wazuh-syscheckd: INFO: (6003): Monitoring path: '/boot', with options 'size | permissions | owner | group | mtime | inode | hash_md5 | hash_sha1 | hash_sha256 | scheduled'. 2024/09/23 09:25:22 wazuh-syscheckd: INFO: (6003): Monitoring path: '/etc', with options 'size | permissions | owner | group | mtime | inode | hash_md5 | hash_sha1 | hash_sha256 | scheduled'. 2024/09/23 09:25:22 wazuh-syscheckd: INFO: (6003): Monitoring path: '/sbin', with options 'size | permissions | owner | group | mtime | inode | hash_md5 | hash_sha1 | hash_sha256 | scheduled'. 2024/09/23 09:25:22 wazuh-syscheckd: INFO: (6003): Monitoring path: '/usr/bin', with options 'size | permissions | owner | group | mtime | inode | hash_md5 | hash_sha1 | hash_sha256 | scheduled'. 2024/09/23 09:25:22 wazuh-syscheckd: INFO: (6003): Monitoring path: '/usr/sbin', with options 'size | permissions | owner | group | mtime | inode | hash_md5 | hash_sha1 | hash_sha256 | scheduled'. 2024/09/23 09:25:22 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/mtab' 2024/09/23 09:25:22 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/hosts.deny' 2024/09/23 09:25:22 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/mail/statistics' 2024/09/23 09:25:22 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/random-seed' 2024/09/23 09:25:22 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/random.seed' 2024/09/23 09:25:22 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/adjtime' 2024/09/23 09:25:22 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/httpd/logs' 2024/09/23 09:25:22 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/utmpx' 2024/09/23 09:25:22 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/wtmpx' 2024/09/23 09:25:22 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/cups/certs' 2024/09/23 09:25:22 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/dumpdates' 2024/09/23 09:25:22 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/svc/volatile' 2024/09/23 09:25:22 wazuh-syscheckd: INFO: (6207): Ignore 'file' sregex '.log$|.swp$' 2024/09/23 09:25:22 wazuh-syscheckd: INFO: (6004): No diff for file: '/etc/ssl/private.key' 2024/09/23 09:25:22 wazuh-syscheckd: INFO: (6000): Starting daemon... 2024/09/23 09:25:22 wazuh-syscheckd: INFO: (6010): File integrity monitoring scan frequency: 43200 seconds 2024/09/23 09:25:22 wazuh-syscheckd: INFO: (6008): File integrity monitoring scan started. 2024/09/23 09:25:22 rootcheck: INFO: Starting rootcheck scan. 2024/09/23 09:25:23 wazuh-remoted: INFO: Started (pid: 682). Listening on port 1514/TCP (secure). 2024/09/23 09:25:23 wazuh-remoted: INFO: (1410): Reading authentication keys file. 2024/09/23 09:25:23 wazuh-analysisd: INFO: Total rules enabled: '7006' 2024/09/23 09:25:23 wazuh-analysisd: INFO: Started (pid: 652). 2024/09/23 09:25:24 wazuh-analysisd: INFO: EPS limit disabled 2024/09/23 09:25:24 wazuh-analysisd: INFO: (7200): Logtest started 2024/09/23 09:25:24 wazuh-logcollector: INFO: Monitoring output of command(360): df -P 2024/09/23 09:25:24 wazuh-logcollector: INFO: Monitoring full output of command(360): netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d 2024/09/23 09:25:24 wazuh-logcollector: INFO: Monitoring full output of command(360): last -n 20 2024/09/23 09:25:24 wazuh-logcollector: INFO: (1950): Analyzing file: '/var/ossec/logs/active-responses.log'. 2024/09/23 09:25:24 wazuh-logcollector: INFO: Started (pid: 749). 2024/09/23 09:25:25 wazuh-monitord: INFO: Started (pid: 768). 2024/09/23 09:25:26 wazuh-modulesd:router: INFO: Loaded router module. 2024/09/23 09:25:26 wazuh-modulesd:content_manager: INFO: Loaded content_manager module. 2024/09/23 09:25:26 wazuh-modulesd: INFO: Started (pid: 790). 2024/09/23 09:25:26 wazuh-modulesd:control: INFO: Starting control thread. 2024/09/23 09:25:26 wazuh-modulesd:download: INFO: Module started. 2024/09/23 09:25:26 wazuh-modulesd:content_manager: INFO: Starting content_manager module. 2024/09/23 09:25:26 wazuh-modulesd:router: INFO: Starting router module. 2024/09/23 09:25:26 wazuh-modulesd:vulnerability-scanner: INFO: Starting vulnerability_scanner module. 2024/09/23 09:25:26 wazuh-modulesd:database: INFO: Module started. 2024/09/23 09:25:26 sca: INFO: Module started. 2024/09/23 09:25:26 sca: INFO: Loaded policy '/var/ossec/ruleset/sca/cis_amazon_linux_2023.yml' 2024/09/23 09:25:26 wazuh-modulesd:osquery: INFO: Module disabled. Exiting... 2024/09/23 09:25:26 wazuh-modulesd:ciscat: INFO: Module disabled. Exiting... 2024/09/23 09:25:26 wazuh-modulesd:agent-upgrade: INFO: (8153): Module Agent Upgrade started. 2024/09/23 09:25:26 sca: INFO: Starting Security Configuration Assessment scan. 2024/09/23 09:25:26 wazuh-modulesd:task-manager: INFO: (8200): Module Task Manager started. 2024/09/23 09:25:26 sca: INFO: Starting evaluation of policy: '/var/ossec/ruleset/sca/cis_amazon_linux_2023.yml' 2024/09/23 09:25:26 wazuh-modulesd:syscollector: INFO: Module started. 2024/09/23 09:25:26 wazuh-modulesd:syscollector: INFO: Starting evaluation. 2024/09/23 09:25:27 indexer-connector: WARNING: IndexerConnector initialization failed for index 'wazuh-states-vulnerabilities-wazuh.manager', retrying until the connection is successful. 2024/09/23 09:25:27 wazuh-modulesd:vulnerability-scanner: INFO: Starting database file decompression. 2024/09/23 09:25:27 wazuh-modulesd:syscollector: INFO: Evaluation finished. 2024/09/23 09:25:34 wazuh-syscheckd: INFO: (6009): File integrity monitoring scan ended. 2024/09/23 09:25:34 wazuh-syscheckd: INFO: FIM sync module started. 2024/09/23 09:25:59 sca: INFO: Evaluation finished for policy '/var/ossec/ruleset/sca/cis_amazon_linux_2023.yml' 2024/09/23 09:25:59 sca: INFO: Security Configuration Assessment scan finished. Duration: 33 seconds. 2024/09/23 09:26:13 rootcheck: INFO: Ending rootcheck scan. 2024/09/23 09:26:29 indexer-connector: INFO: IndexerConnector initialized successfully for index: wazuh-states-vulnerabilities-wazuh.manager. 2024/09/23 09:27:50 wazuh-modulesd:vulnerability-scanner: INFO: Database decompression finished. 2024/09/23 09:27:51 wazuh-modulesd:vulnerability-scanner: INFO: Vulnerability scanner module started. 2024/09/23 09:27:51 wazuh-modulesd:vulnerability-scanner: INFO: Initiating update feed process. ```
Enaraque commented 3 weeks ago

Upgrade Wazuh multi-node on Docker 🟢

Deploy Wazuh v4.9.0 multi-node on Docker:

Logs ``` Console root@ip-172-31-45-171:/home/ubuntu/wazuh-docker# git checkout v4.9.0 Previous HEAD position was a335684 Merge pull request #1533 from wazuh/enhancement/1531-change-image-tag HEAD is now at cb63566 Merge pull request #1526 from wazuh/enhancement/1520-revert-create_user.py-script-deletion root@ip-172-31-45-171:/home/ubuntu/wazuh-docker# cd multi-node/ root@ip-172-31-45-171:/home/ubuntu/wazuh-docker/multi-node# sysctl -w vm.max_map_count=262144 vm.max_map_count = 262144 root@ip-172-31-45-171:/home/ubuntu/wazuh-docker/multi-node# docker-compose -f generate-indexer-certs.yml run --rm generator [+] Running 1/1 ⠿ Network multi-node_default Created 0.1s The tool to create the certificates exists in the in Packages bucket 23/09/2024 09:34:25 INFO: Generating the root certificate. 23/09/2024 09:34:25 INFO: Generating Admin certificates. 23/09/2024 09:34:25 INFO: Admin certificates created. 23/09/2024 09:34:25 INFO: Generating Wazuh indexer certificates. 23/09/2024 09:34:26 INFO: Wazuh indexer certificates created. 23/09/2024 09:34:26 INFO: Generating Filebeat certificates. 23/09/2024 09:34:26 INFO: Wazuh Filebeat certificates created. 23/09/2024 09:34:26 INFO: Generating Wazuh dashboard certificates. 23/09/2024 09:34:26 INFO: Wazuh dashboard certificates created. Moving created certificates to the destination directory Changing certificate permissions Setting UID indexer and dashboard Setting UID for wazuh manager and worker root@ip-172-31-45-171:/home/ubuntu/wazuh-docker/multi-node# docker-compose up -d [+] Running 8/8 ⠿ nginx Pulled 4.7s ⠿ a2318d6c47ec Pull complete 2.7s ⠿ b44dc9d9a940 Pull complete 4.3s ⠿ 00e681681ca4 Pull complete 4.4s ⠿ 875870a2219a Pull complete 4.4s ⠿ de5334d30305 Pull complete 4.4s ⠿ 2bf1074ae678 Pull complete 4.4s ⠿ f6add69c74a5 Pull complete 4.4s [+] Running 34/34 ⠿ Volume "multi-node_wazuh-indexer-data-1" Created 0.0s ⠿ Volume "multi-node_master-wazuh-etc" Created 0.0s ⠿ Volume "multi-node_master-wazuh-active-response" Created 0.0s ⠿ Volume "multi-node_worker-wazuh-api-configuration" Created 0.0s ⠿ Volume "multi-node_worker-wazuh-etc" Created 0.0s ⠿ Volume "multi-node_worker-wazuh-agentless" Created 0.0s ⠿ Volume "multi-node_master-wazuh-integrations" Created 0.0s ⠿ Volume "multi-node_master-filebeat-etc" Created 0.0s ⠿ Volume "multi-node_wazuh-dashboard-custom" Created 0.0s ⠿ Volume "multi-node_master-wazuh-queue" Created 0.0s ⠿ Volume "multi-node_worker-wazuh-queue" Created 0.0s ⠿ Volume "multi-node_wazuh-dashboard-config" Created 0.0s ⠿ Volume "multi-node_worker-wazuh-var-multigroups" Created 0.0s ⠿ Volume "multi-node_master-wazuh-api-configuration" Created 0.0s ⠿ Volume "multi-node_worker-wazuh-active-response" Created 0.0s ⠿ Volume "multi-node_worker-filebeat-var" Created 0.0s ⠿ Volume "multi-node_worker-wazuh-wodles" Created 0.0s ⠿ Volume "multi-node_master-wazuh-var-multigroups" Created 0.0s ⠿ Volume "multi-node_worker-wazuh-integrations" Created 0.0s ⠿ Volume "multi-node_worker-wazuh-logs" Created 0.0s ⠿ Volume "multi-node_wazuh-indexer-data-2" Created 0.0s ⠿ Volume "multi-node_wazuh-indexer-data-3" Created 0.0s ⠿ Volume "multi-node_master-filebeat-var" Created 0.0s ⠿ Volume "multi-node_master-wazuh-agentless" Created 0.0s ⠿ Volume "multi-node_master-wazuh-wodles" Created 0.0s ⠿ Volume "multi-node_worker-filebeat-etc" Created 0.0s ⠿ Volume "multi-node_master-wazuh-logs" Created 0.0s ⠿ Container multi-node-wazuh.master-1 Started 2.0s ⠿ Container multi-node-wazuh.worker-1 Started 1.6s ⠿ Container multi-node-wazuh2.indexer-1 Started 1.8s ⠿ Container multi-node-wazuh3.indexer-1 Started 1.7s ⠿ Container multi-node-wazuh1.indexer-1 Started 1.8s ⠿ Container multi-node-wazuh.dashboard-1 Started 2.3s ⠿ Container multi-node-nginx-1 Started 3.3s root@ip-172-31-45-171:/home/ubuntu/wazuh-docker/multi-node# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES f95f4d0ac4d3 nginx:stable "/docker-entrypoint.…" 10 seconds ago Up 7 seconds 80/tcp, 0.0.0.0:1514->1514/tcp, :::1514->1514/tcp multi-node-nginx-1 dc921a046cab wazuh/wazuh-dashboard:4.9.0 "/entrypoint.sh" 10 seconds ago Up 8 seconds 443/tcp, 0.0.0.0:443->5601/tcp, [::]:443->5601/tcp multi-node-wazuh.dashboard-1 8206abc25a3c wazuh/wazuh-indexer:4.9.0 "/entrypoint.sh open…" 11 seconds ago Up 9 seconds 9200/tcp multi-node-wazuh3.indexer-1 5590c6f08a8d wazuh/wazuh-manager:4.9.0 "/init" 11 seconds ago Up 9 seconds 1514/tcp, 0.0.0.0:1515->1515/tcp, :::1515->1515/tcp, 0.0.0.0:514->514/udp, :::514->514/udp, 1516/tcp, 0.0.0.0:55000->55000/tcp, :::55000->55000/tcp multi-node-wazuh.master-1 67d2970f2149 wazuh/wazuh-indexer:4.9.0 "/entrypoint.sh open…" 11 seconds ago Up 9 seconds 0.0.0.0:9200->9200/tcp, :::9200->9200/tcp multi-node-wazuh1.indexer-1 17f8cf42847f wazuh/wazuh-manager:4.9.0 "/init" 11 seconds ago Up 9 seconds 1514-1516/tcp, 514/udp, 55000/tcp multi-node-wazuh.worker-1 2cc349333f56 wazuh/wazuh-indexer:4.9.0 "/entrypoint.sh open…" 11 seconds ago Up 9 seconds 9200/tcp multi-node-wazuh2.indexer-1 ```
Screenshots ![Captura de pantalla 2024-09-23 a las 11 49 13](https://github.com/user-attachments/assets/da10f24f-745c-4b94-b2cf-568f50a068fb) ![Captura de pantalla 2024-09-23 a las 11 49 28](https://github.com/user-attachments/assets/798f18b6-8183-4a33-9cfd-8a437e5be789) ![Captura de pantalla 2024-09-23 a las 11 49 41](https://github.com/user-attachments/assets/2da32bb5-7ee9-40b7-94d4-0a56bd0c802f)

Turn off Wazuh containers before upgrading and checkout new tag:

Logs ``` console root@ip-172-31-45-171:/home/ubuntu/wazuh-docker/multi-node# docker-compose down [+] Running 8/8 â ¿ Container multi-node-nginx-1 Removed 0.8s â ¿ Container multi-node-wazuh2.indexer-1 Removed 1.2s â ¿ Container multi-node-wazuh3.indexer-1 Removed 1.1s â ¿ Container multi-node-wazuh.dashboard-1 Removed 10.4s â ¿ Container multi-node-wazuh.worker-1 Removed 4.1s â ¿ Container multi-node-wazuh.master-1 Removed 4.2s â ¿ Container multi-node-wazuh1.indexer-1 Removed 10.5s â ¿ Network multi-node_default Removed 0.2s root@ip-172-31-45-171:/home/ubuntu/wazuh-docker/multi-node# cd .. root@ip-172-31-45-171:/home/ubuntu/wazuh-docker# git checkout v4.9.1-rc1 Previous HEAD position was cb63566 Merge pull request #1526 from wazuh/enhancement/1520-revert-create_user.py-script-deletion HEAD is now at a335684 Merge pull request #1533 from wazuh/enhancement/1531-change-image-tag ```

Deploy Wazuh v4.9.1 multi-node:

Logs ``` console root@ip-172-31-45-171:/home/ubuntu/wazuh-docker# cd multi-node/ root@ip-172-31-45-171:/home/ubuntu/wazuh-docker/multi-node# docker-compose up -d [+] Running 8/8 ⠿ Network multi-node_default Created 0.1s ⠿ Container multi-node-wazuh.worker-1 Started 1.6s ⠿ Container multi-node-wazuh3.indexer-1 Started 1.6s ⠿ Container multi-node-wazuh1.indexer-1 Started 1.5s ⠿ Container multi-node-wazuh2.indexer-1 Started 1.4s ⠿ Container multi-node-wazuh.master-1 Started 1.6s ⠿ Container multi-node-wazuh.dashboard-1 Started 2.2s ⠿ Container multi-node-nginx-1 Started 3.2s root@ip-172-31-45-171:/home/ubuntu/wazuh-docker/multi-node# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 6f753ace8fe7 nginx:stable "/docker-entrypoint.…" 8 seconds ago Up 6 seconds 80/tcp, 0.0.0.0:1514->1514/tcp, :::1514->1514/tcp multi-node-nginx-1 1dcf50be44f1 wazuh/wazuh-dashboard:4.9.1-rc1 "/entrypoint.sh" 8 seconds ago Up 6 seconds 443/tcp, 0.0.0.0:443->5601/tcp, [::]:443->5601/tcp multi-node-wazuh.dashboard-1 66754bb415f9 wazuh/wazuh-indexer:4.9.1-rc1 "/entrypoint.sh open…" 9 seconds ago Up 8 seconds 9200/tcp multi-node-wazuh3.indexer-1 a353769a7340 wazuh/wazuh-manager:4.9.1-rc1 "/init" 9 seconds ago Up 7 seconds 1514/tcp, 0.0.0.0:1515->1515/tcp, :::1515->1515/tcp, 0.0.0.0:514->514/udp, :::514->514/udp, 1516/tcp, 0.0.0.0:55000->55000/tcp, :::55000->55000/tcp multi-node-wazuh.master-1 5b6214088f48 wazuh/wazuh-indexer:4.9.1-rc1 "/entrypoint.sh open…" 9 seconds ago Up 7 seconds 0.0.0.0:9200->9200/tcp, :::9200->9200/tcp multi-node-wazuh1.indexer-1 519a97290038 wazuh/wazuh-manager:4.9.1-rc1 "/init" 9 seconds ago Up 8 seconds 1514-1516/tcp, 514/udp, 55000/tcp multi-node-wazuh.worker-1 c832cc30c05c wazuh/wazuh-indexer:4.9.1-rc1 "/entrypoint.sh open…" 9 seconds ago Up 8 seconds 9200/tcp multi-node-wazuh2.indexer-1 ```
Screenshots ![Captura de pantalla 2024-09-23 a las 12 02 17](https://github.com/user-attachments/assets/fda990e9-30bc-492d-9ed4-9674ff747751) ![Captura de pantalla 2024-09-23 a las 12 02 31](https://github.com/user-attachments/assets/ab278f73-f67c-45c8-8baf-3b02bb397680) ![Captura de pantalla 2024-09-23 a las 12 02 40](https://github.com/user-attachments/assets/49224363-7c89-40d6-89b0-644a53e304dc)
ossec.log ``` java root@ip-172-31-45-171:/home/ubuntu/wazuh-docker/multi-node# docker exec -it multi-node-wazuh.master-1 cat /var/ossec/logs/ossec.log 2024/09/23 09:36:54 wazuh-modulesd:router: INFO: Loaded router module. 2024/09/23 09:36:54 wazuh-modulesd:content_manager: INFO: Loaded content_manager module. 2024/09/23 09:37:13 wazuh-csyslogd: INFO: Remote syslog server not configured. Clean exit. 2024/09/23 09:37:13 wazuh-dbd: INFO: Database not configured. Clean exit. 2024/09/23 09:37:14 wazuh-integratord: INFO: Remote integrations not configured. Clean exit. 2024/09/23 09:37:14 wazuh-agentlessd: INFO: Not configured. Exiting. 2024/09/23 09:37:14 wazuh-authd: INFO: Started (pid: 600). 2024/09/23 09:37:14 wazuh-authd: INFO: Accepting connections on port 1515. No password required. 2024/09/23 09:37:14 wazuh-authd: INFO: Setting network timeout to 1.000000 sec. 2024/09/23 09:37:15 wazuh-db: INFO: Started (pid: 618). 2024/09/23 09:37:16 wazuh-db: INFO: Created Global database backup "backup/db/global.db-backup-2024-09-23-09:37:16.gz" 2024/09/23 09:37:16 wazuh-execd: INFO: Started (pid: 644). 2024/09/23 09:37:19 wazuh-syscheckd: INFO: Started (pid: 672). 2024/09/23 09:37:19 wazuh-syscheckd: INFO: (6003): Monitoring path: '/bin', with options 'size | permissions | owner | group | mtime | inode | hash_md5 | hash_sha1 | hash_sha256 | scheduled'. 2024/09/23 09:37:19 wazuh-syscheckd: INFO: (6003): Monitoring path: '/boot', with options 'size | permissions | owner | group | mtime | inode | hash_md5 | hash_sha1 | hash_sha256 | scheduled'. 2024/09/23 09:37:19 wazuh-syscheckd: INFO: (6003): Monitoring path: '/etc', with options 'size | permissions | owner | group | mtime | inode | hash_md5 | hash_sha1 | hash_sha256 | scheduled'. 2024/09/23 09:37:19 wazuh-syscheckd: INFO: (6003): Monitoring path: '/sbin', with options 'size | permissions | owner | group | mtime | inode | hash_md5 | hash_sha1 | hash_sha256 | scheduled'. 2024/09/23 09:37:19 wazuh-syscheckd: INFO: (6003): Monitoring path: '/usr/bin', with options 'size | permissions | owner | group | mtime | inode | hash_md5 | hash_sha1 | hash_sha256 | scheduled'. 2024/09/23 09:37:19 wazuh-syscheckd: INFO: (6003): Monitoring path: '/usr/sbin', with options 'size | permissions | owner | group | mtime | inode | hash_md5 | hash_sha1 | hash_sha256 | scheduled'. 2024/09/23 09:37:19 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/mtab' 2024/09/23 09:37:19 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/hosts.deny' 2024/09/23 09:37:19 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/mail/statistics' 2024/09/23 09:37:19 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/random-seed' 2024/09/23 09:37:19 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/random.seed' 2024/09/23 09:37:19 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/adjtime' 2024/09/23 09:37:19 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/httpd/logs' 2024/09/23 09:37:19 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/utmpx' 2024/09/23 09:37:19 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/wtmpx' 2024/09/23 09:37:19 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/cups/certs' 2024/09/23 09:37:19 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/dumpdates' 2024/09/23 09:37:19 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/svc/volatile' 2024/09/23 09:37:19 wazuh-syscheckd: INFO: (6207): Ignore 'file' sregex '.log$|.swp$' 2024/09/23 09:37:19 wazuh-syscheckd: INFO: (6004): No diff for file: '/etc/ssl/private.key' 2024/09/23 09:37:19 wazuh-syscheckd: INFO: (6000): Starting daemon... 2024/09/23 09:37:19 wazuh-syscheckd: INFO: (6010): File integrity monitoring scan frequency: 43200 seconds 2024/09/23 09:37:19 wazuh-syscheckd: INFO: (6008): File integrity monitoring scan started. 2024/09/23 09:37:19 rootcheck: INFO: Starting rootcheck scan. 2024/09/23 09:37:21 wazuh-remoted: INFO: Started (pid: 689). Listening on port 1514/TCP (secure). 2024/09/23 09:37:21 wazuh-remoted: INFO: (1410): Reading authentication keys file. 2024/09/23 09:37:22 wazuh-logcollector: INFO: Monitoring output of command(360): df -P 2024/09/23 09:37:22 wazuh-logcollector: INFO: Monitoring full output of command(360): netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d 2024/09/23 09:37:22 wazuh-logcollector: INFO: Monitoring full output of command(360): last -n 20 2024/09/23 09:37:22 wazuh-logcollector: INFO: (1950): Analyzing file: '/var/ossec/logs/active-responses.log'. 2024/09/23 09:37:22 wazuh-logcollector: INFO: Started (pid: 724). 2024/09/23 09:37:23 wazuh-monitord: INFO: Started (pid: 744). 2024/09/23 09:37:25 wazuh-modulesd:router: INFO: Loaded router module. 2024/09/23 09:37:25 wazuh-modulesd:content_manager: INFO: Loaded content_manager module. 2024/09/23 09:37:25 wazuh-modulesd: INFO: Started (pid: 765). 2024/09/23 09:37:25 wazuh-modulesd:vulnerability-scanner: INFO: Starting vulnerability_scanner module. 2024/09/23 09:37:25 wazuh-modulesd:router: INFO: Starting router module. 2024/09/23 09:37:25 wazuh-modulesd:content_manager: INFO: Starting content_manager module. 2024/09/23 09:37:25 wazuh-modulesd:database: INFO: Module started. 2024/09/23 09:37:25 wazuh-modulesd:download: INFO: Module started. 2024/09/23 09:37:25 wazuh-modulesd:control: INFO: Starting control thread. 2024/09/23 09:37:25 sca: INFO: Module started. 2024/09/23 09:37:25 sca: INFO: Loaded policy '/var/ossec/ruleset/sca/cis_amazon_linux_2023.yml' 2024/09/23 09:37:25 wazuh-modulesd:osquery: INFO: Module disabled. Exiting... 2024/09/23 09:37:25 wazuh-modulesd:agent-upgrade: INFO: (8153): Module Agent Upgrade started. 2024/09/23 09:37:25 wazuh-modulesd:ciscat: INFO: Module disabled. Exiting... 2024/09/23 09:37:25 sca: INFO: Starting Security Configuration Assessment scan. 2024/09/23 09:37:25 wazuh-modulesd:task-manager: INFO: (8200): Module Task Manager started. 2024/09/23 09:37:25 sca: INFO: Starting evaluation of policy: '/var/ossec/ruleset/sca/cis_amazon_linux_2023.yml' 2024/09/23 09:37:25 wazuh-modulesd:syscollector: INFO: Module started. 2024/09/23 09:37:25 wazuh-modulesd:syscollector: INFO: Starting evaluation. 2024/09/23 09:37:26 indexer-connector: WARNING: IndexerConnector initialization failed for index 'wazuh-states-vulnerabilities-wazuh', retrying until the connection is successful. 2024/09/23 09:37:26 wazuh-modulesd:syscollector: INFO: Evaluation finished. 2024/09/23 09:37:26 wazuh-modulesd:vulnerability-scanner: INFO: Starting database file decompression. 2024/09/23 09:37:26 wazuh-analysisd: INFO: Total rules enabled: '7006' 2024/09/23 09:37:27 wazuh-analysisd: INFO: Started (pid: 658). 2024/09/23 09:37:28 wazuh-analysisd: INFO: (7200): Logtest started 2024/09/23 09:37:28 wazuh-analysisd: INFO: EPS limit disabled 2024/09/23 09:37:55 wazuh-syscheckd: INFO: (6009): File integrity monitoring scan ended. 2024/09/23 09:37:55 wazuh-syscheckd: INFO: FIM sync module started. 2024/09/23 09:39:17 sca: INFO: Evaluation finished for policy '/var/ossec/ruleset/sca/cis_amazon_linux_2023.yml' 2024/09/23 09:39:17 sca: INFO: Security Configuration Assessment scan finished. Duration: 112 seconds. 2024/09/23 09:39:34 rootcheck: INFO: Ending rootcheck scan. 2024/09/23 09:40:11 wazuh-modulesd:vulnerability-scanner: ERROR: VulnerabilityScannerFacade::start: Write failed. 2024/09/23 09:40:28 indexer-connector: INFO: IndexerConnector initialized successfully for index: wazuh-states-vulnerabilities-wazuh. 2024/09/23 09:51:09 wazuh-authd: INFO: (1225): SIGNAL [(1)-(Hangup)] Received. Exit Cleaning... 2024/09/23 09:51:09 wazuh-db: INFO: (1225): SIGNAL [(1)-(Hangup)] Received. Exit Cleaning... 2024/09/23 09:51:09 wazuh-analysisd: INFO: (1225): SIGNAL [(15)-(Terminated)] Received. Exit Cleaning... 2024/09/23 09:51:09 wazuh-authd: INFO: (1225): SIGNAL [(15)-(Terminated)] Received. Exit Cleaning... 2024/09/23 09:51:09 wazuh-db: INFO: (1225): SIGNAL [(15)-(Terminated)] Received. Exit Cleaning... 2024/09/23 09:51:09 wazuh-execd: INFO: (1314): Shutdown received. Deleting responses. 2024/09/23 09:51:09 wazuh-execd: INFO: (1225): SIGNAL [(15)-(Terminated)] Received. Exit Cleaning... 2024/09/23 09:51:09 wazuh-syscheckd: INFO: (1756): Shutdown received. Releasing resources. 2024/09/23 09:51:09 wazuh-remoted: INFO: (1225): SIGNAL [(15)-(Terminated)] Received. Exit Cleaning... 2024/09/23 09:51:09 wazuh-logcollector: INFO: (1225): SIGNAL [(15)-(Terminated)] Received. Exit Cleaning... 2024/09/23 09:51:09 wazuh-monitord: INFO: (1225): SIGNAL [(15)-(Terminated)] Received. Exit Cleaning... 2024/09/23 09:51:09 wazuh-syscheckd: INFO: (1225): SIGNAL [(15)-(Terminated)] Received. Exit Cleaning... 2024/09/23 09:51:10 wazuh-authd: INFO: Exiting... 2024/09/23 09:51:10 wazuh-db: INFO: Graceful process shutdown. 2024/09/23 09:53:15 wazuh-modulesd:router: INFO: Loaded router module. 2024/09/23 09:53:15 wazuh-modulesd:content_manager: INFO: Loaded content_manager module. 2024/09/23 09:53:34 wazuh-csyslogd: INFO: Remote syslog server not configured. Clean exit. 2024/09/23 09:53:34 wazuh-dbd: INFO: Database not configured. Clean exit. 2024/09/23 09:53:34 wazuh-integratord: INFO: Remote integrations not configured. Clean exit. 2024/09/23 09:53:34 wazuh-agentlessd: INFO: Not configured. Exiting. 2024/09/23 09:53:35 wazuh-authd: INFO: Started (pid: 594). 2024/09/23 09:53:35 wazuh-authd: INFO: Accepting connections on port 1515. No password required. 2024/09/23 09:53:35 wazuh-authd: INFO: Setting network timeout to 1.000000 sec. 2024/09/23 09:53:36 wazuh-db: INFO: Started (pid: 609). 2024/09/23 09:53:36 wazuh-db: INFO: Created Global database backup "backup/db/global.db-backup-2024-09-23-09:53:36.gz" 2024/09/23 09:53:37 wazuh-execd: INFO: Started (pid: 636). 2024/09/23 09:53:40 wazuh-syscheckd: INFO: Started (pid: 664). 2024/09/23 09:53:40 wazuh-syscheckd: INFO: (6003): Monitoring path: '/bin', with options 'size | permissions | owner | group | mtime | inode | hash_md5 | hash_sha1 | hash_sha256 | scheduled'. 2024/09/23 09:53:40 wazuh-syscheckd: INFO: (6003): Monitoring path: '/boot', with options 'size | permissions | owner | group | mtime | inode | hash_md5 | hash_sha1 | hash_sha256 | scheduled'. 2024/09/23 09:53:40 wazuh-syscheckd: INFO: (6003): Monitoring path: '/etc', with options 'size | permissions | owner | group | mtime | inode | hash_md5 | hash_sha1 | hash_sha256 | scheduled'. 2024/09/23 09:53:40 wazuh-syscheckd: INFO: (6003): Monitoring path: '/sbin', with options 'size | permissions | owner | group | mtime | inode | hash_md5 | hash_sha1 | hash_sha256 | scheduled'. 2024/09/23 09:53:40 wazuh-syscheckd: INFO: (6003): Monitoring path: '/usr/bin', with options 'size | permissions | owner | group | mtime | inode | hash_md5 | hash_sha1 | hash_sha256 | scheduled'. 2024/09/23 09:53:40 wazuh-syscheckd: INFO: (6003): Monitoring path: '/usr/sbin', with options 'size | permissions | owner | group | mtime | inode | hash_md5 | hash_sha1 | hash_sha256 | scheduled'. 2024/09/23 09:53:40 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/mtab' 2024/09/23 09:53:40 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/hosts.deny' 2024/09/23 09:53:40 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/mail/statistics' 2024/09/23 09:53:40 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/random-seed' 2024/09/23 09:53:40 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/random.seed' 2024/09/23 09:53:40 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/adjtime' 2024/09/23 09:53:40 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/httpd/logs' 2024/09/23 09:53:40 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/utmpx' 2024/09/23 09:53:40 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/wtmpx' 2024/09/23 09:53:40 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/cups/certs' 2024/09/23 09:53:40 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/dumpdates' 2024/09/23 09:53:40 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/svc/volatile' 2024/09/23 09:53:40 wazuh-syscheckd: INFO: (6207): Ignore 'file' sregex '.log$|.swp$' 2024/09/23 09:53:40 wazuh-syscheckd: INFO: (6004): No diff for file: '/etc/ssl/private.key' 2024/09/23 09:53:40 wazuh-syscheckd: INFO: (6000): Starting daemon... 2024/09/23 09:53:40 wazuh-syscheckd: INFO: (6010): File integrity monitoring scan frequency: 43200 seconds 2024/09/23 09:53:40 wazuh-syscheckd: INFO: (6008): File integrity monitoring scan started. 2024/09/23 09:53:40 rootcheck: INFO: Starting rootcheck scan. 2024/09/23 09:53:42 wazuh-remoted: INFO: Started (pid: 681). Listening on port 1514/TCP (secure). 2024/09/23 09:53:42 wazuh-remoted: INFO: (1410): Reading authentication keys file. 2024/09/23 09:53:43 wazuh-logcollector: INFO: Monitoring output of command(360): df -P 2024/09/23 09:53:43 wazuh-logcollector: INFO: Monitoring full output of command(360): netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d 2024/09/23 09:53:43 wazuh-logcollector: INFO: Monitoring full output of command(360): last -n 20 2024/09/23 09:53:43 wazuh-logcollector: INFO: (1950): Analyzing file: '/var/ossec/logs/active-responses.log'. 2024/09/23 09:53:43 wazuh-logcollector: INFO: Started (pid: 717). 2024/09/23 09:53:44 wazuh-monitord: INFO: Started (pid: 737). 2024/09/23 09:53:46 wazuh-modulesd:router: INFO: Loaded router module. 2024/09/23 09:53:46 wazuh-modulesd:content_manager: INFO: Loaded content_manager module. 2024/09/23 09:53:46 wazuh-modulesd: INFO: Started (pid: 758). 2024/09/23 09:53:46 wazuh-modulesd:agent-upgrade: INFO: (8153): Module Agent Upgrade started. 2024/09/23 09:53:46 wazuh-modulesd:osquery: INFO: Module disabled. Exiting... 2024/09/23 09:53:46 sca: INFO: Module started. 2024/09/23 09:53:46 sca: INFO: Loaded policy '/var/ossec/ruleset/sca/cis_amazon_linux_2023.yml' 2024/09/23 09:53:46 wazuh-modulesd:content_manager: INFO: Starting content_manager module. 2024/09/23 09:53:46 wazuh-modulesd:ciscat: INFO: Module disabled. Exiting... 2024/09/23 09:53:46 wazuh-modulesd:router: INFO: Starting router module. 2024/09/23 09:53:46 wazuh-modulesd:vulnerability-scanner: INFO: Starting vulnerability_scanner module. 2024/09/23 09:53:46 wazuh-modulesd:download: INFO: Module started. 2024/09/23 09:53:46 wazuh-modulesd:database: INFO: Module started. 2024/09/23 09:53:46 wazuh-modulesd:task-manager: INFO: (8200): Module Task Manager started. 2024/09/23 09:53:46 sca: INFO: Starting Security Configuration Assessment scan. 2024/09/23 09:53:46 wazuh-modulesd:control: INFO: Starting control thread. 2024/09/23 09:53:46 sca: INFO: Starting evaluation of policy: '/var/ossec/ruleset/sca/cis_amazon_linux_2023.yml' 2024/09/23 09:53:47 wazuh-modulesd:syscollector: INFO: Module started. 2024/09/23 09:53:47 wazuh-modulesd:syscollector: INFO: Starting evaluation. 2024/09/23 09:53:48 indexer-connector: WARNING: IndexerConnector initialization failed for index 'wazuh-states-vulnerabilities-wazuh', retrying until the connection is successful. 2024/09/23 09:53:48 wazuh-modulesd:vulnerability-scanner: INFO: Starting database file decompression. 2024/09/23 09:53:49 wazuh-modulesd:syscollector: INFO: Evaluation finished. 2024/09/23 09:53:49 wazuh-analysisd: INFO: Total rules enabled: '7006' 2024/09/23 09:53:49 wazuh-analysisd: INFO: Started (pid: 651). 2024/09/23 09:53:51 wazuh-analysisd: INFO: EPS limit disabled 2024/09/23 09:53:51 wazuh-analysisd: INFO: (7200): Logtest started 2024/09/23 09:54:13 wazuh-syscheckd: INFO: (6009): File integrity monitoring scan ended. 2024/09/23 09:54:13 wazuh-syscheckd: INFO: FIM sync module started. 2024/09/23 09:55:29 sca: INFO: Evaluation finished for policy '/var/ossec/ruleset/sca/cis_amazon_linux_2023.yml' 2024/09/23 09:55:29 sca: INFO: Security Configuration Assessment scan finished. Duration: 103 seconds. 2024/09/23 09:55:57 rootcheck: INFO: Ending rootcheck scan. 2024/09/23 09:56:17 wazuh-modulesd:vulnerability-scanner: ERROR: VulnerabilityScannerFacade::start: Error saving data: No space left on device. 2024/09/23 09:56:50 indexer-connector: INFO: IndexerConnector initialized successfully for index: wazuh-states-vulnerabilities-wazuh. ```
c-bordon commented 3 weeks ago

LGTM

rauldpm commented 3 weeks ago

Missing documentation tests

Enaraque commented 3 weeks ago

Upgrade Kubernetes deployment 🟢

Create EKS cluster for deployment:

Logs ```console $ eksctl create cluster --name wazuh-491-rc1-upgrade --with-oidc --region us-west-1 --nodes 5 --managed --spot -t t3a.large --tags "issue=https://github.com/wazuh/wazuh/issues/25851,team=devops,termination_date=2030-12-15 21:00:00" 2024-09-23 10:11:11 [ℹ] eksctl version 0.176.0 2024-09-23 10:11:11 [ℹ] using region us-west-1 2024-09-23 10:11:13 [ℹ] setting availability zones to [us-west-1b us-west-1c] 2024-09-23 10:11:13 [ℹ] subnets for us-west-1b - public:192.168.0.0/19 private:192.168.64.0/19 2024-09-23 10:11:13 [ℹ] subnets for us-west-1c - public:192.168.32.0/19 private:192.168.96.0/19 2024-09-23 10:11:13 [ℹ] nodegroup "ng-93a1b687" will use "" [AmazonLinux2/1.29] 2024-09-23 10:11:13 [ℹ] using Kubernetes version 1.29 2024-09-23 10:11:13 [ℹ] creating EKS cluster "wazuh-491-rc1-upgrade" in "us-west-1" region with managed nodes 2024-09-23 10:11:13 [ℹ] will create 2 separate CloudFormation stacks for cluster itself and the initial managed nodegroup 2024-09-23 10:11:13 [ℹ] if you encounter any issues, check CloudFormation console or try 'eksctl utils describe-stacks --region=us-west-1 --cluster=wazuh-491-rc1-upgrade' 2024-09-23 10:11:13 [ℹ] Kubernetes API endpoint access will use default of {publicAccess=true, privateAccess=false} for cluster "wazuh-491-rc1-upgrade" in "us-west-1" 2024-09-23 10:11:13 [ℹ] CloudWatch logging will not be enabled for cluster "wazuh-491-rc1-upgrade" in "us-west-1" 2024-09-23 10:11:13 [ℹ] you can enable it with 'eksctl utils update-cluster-logging --enable-types={SPECIFY-YOUR-LOG-TYPES-HERE (e.g. all)} --region=us-west-1 --cluster=wazuh-491-rc1-upgrade' 2024-09-23 10:11:13 [ℹ] 2 sequential tasks: { create cluster control plane "wazuh-491-rc1-upgrade", 2 sequential sub-tasks: { 4 sequential sub-tasks: { wait for control plane to become ready, associate IAM OIDC provider, 2 sequential sub-tasks: { create IAM role for serviceaccount "kube-system/aws-node", create serviceaccount "kube-system/aws-node", }, restart daemonset "kube-system/aws-node", }, create managed nodegroup "ng-93a1b687", } } 2024-09-23 10:11:13 [ℹ] building cluster stack "eksctl-wazuh-491-rc1-upgrade-cluster" 2024-09-23 10:11:16 [ℹ] deploying stack "eksctl-wazuh-491-rc1-upgrade-cluster" 2024-09-23 10:11:46 [ℹ] waiting for CloudFormation stack "eksctl-wazuh-491-rc1-upgrade-cluster" 2024-09-23 10:12:18 [ℹ] waiting for CloudFormation stack "eksctl-wazuh-491-rc1-upgrade-cluster" 2024-09-23 10:13:20 [ℹ] waiting for CloudFormation stack "eksctl-wazuh-491-rc1-upgrade-cluster" 2024-09-23 10:14:21 [ℹ] waiting for CloudFormation stack "eksctl-wazuh-491-rc1-upgrade-cluster" 2024-09-23 10:15:24 [ℹ] waiting for CloudFormation stack "eksctl-wazuh-491-rc1-upgrade-cluster" 2024-09-23 10:16:25 [ℹ] waiting for CloudFormation stack "eksctl-wazuh-491-rc1-upgrade-cluster" 2024-09-23 10:17:33 [ℹ] waiting for CloudFormation stack "eksctl-wazuh-491-rc1-upgrade-cluster" 2024-09-23 10:18:35 [ℹ] waiting for CloudFormation stack "eksctl-wazuh-491-rc1-upgrade-cluster" 2024-09-23 10:20:48 [ℹ] building iamserviceaccount stack "eksctl-wazuh-491-rc1-upgrade-addon-iamserviceaccount-kube-system-aws-node" 2024-09-23 10:20:50 [ℹ] deploying stack "eksctl-wazuh-491-rc1-upgrade-addon-iamserviceaccount-kube-system-aws-node" 2024-09-23 10:20:50 [ℹ] waiting for CloudFormation stack "eksctl-wazuh-491-rc1-upgrade-addon-iamserviceaccount-kube-system-aws-node" 2024-09-23 10:21:22 [ℹ] waiting for CloudFormation stack "eksctl-wazuh-491-rc1-upgrade-addon-iamserviceaccount-kube-system-aws-node" 2024-09-23 10:21:23 [ℹ] serviceaccount "kube-system/aws-node" already exists 2024-09-23 10:21:24 [ℹ] updated serviceaccount "kube-system/aws-node" 2024-09-23 10:21:26 [ℹ] daemonset "kube-system/aws-node" restarted 2024-09-23 10:21:27 [ℹ] building managed nodegroup stack "eksctl-wazuh-491-rc1-upgrade-nodegroup-ng-93a1b687" 2024-09-23 10:21:31 [ℹ] deploying stack "eksctl-wazuh-491-rc1-upgrade-nodegroup-ng-93a1b687" 2024-09-23 10:21:31 [ℹ] waiting for CloudFormation stack "eksctl-wazuh-491-rc1-upgrade-nodegroup-ng-93a1b687" 2024-09-23 10:22:03 [ℹ] waiting for CloudFormation stack "eksctl-wazuh-491-rc1-upgrade-nodegroup-ng-93a1b687" 2024-09-23 10:23:02 [ℹ] waiting for CloudFormation stack "eksctl-wazuh-491-rc1-upgrade-nodegroup-ng-93a1b687" 2024-09-23 10:24:13 [ℹ] waiting for CloudFormation stack "eksctl-wazuh-491-rc1-upgrade-nodegroup-ng-93a1b687" 2024-09-23 10:24:14 [ℹ] waiting for the control plane to become ready 2024-09-23 10:24:16 [✔] saved kubeconfig as "/Users/enriquearaqueespinosa/.kube/config" 2024-09-23 10:24:16 [ℹ] no tasks 2024-09-23 10:24:16 [✔] all EKS cluster resources for "wazuh-491-rc1-upgrade" have been created 2024-09-23 10:24:16 [✔] created 0 nodegroup(s) in cluster "wazuh-491-rc1-upgrade" 2024-09-23 10:24:18 [ℹ] nodegroup "ng-93a1b687" has 5 node(s) 2024-09-23 10:24:18 [ℹ] node "ip-192-168-21-229.us-west-1.compute.internal" is ready 2024-09-23 10:24:18 [ℹ] node "ip-192-168-25-239.us-west-1.compute.internal" is ready 2024-09-23 10:24:18 [ℹ] node "ip-192-168-43-0.us-west-1.compute.internal" is ready 2024-09-23 10:24:18 [ℹ] node "ip-192-168-44-116.us-west-1.compute.internal" is ready 2024-09-23 10:24:18 [ℹ] node "ip-192-168-63-155.us-west-1.compute.internal" is ready 2024-09-23 10:24:18 [ℹ] waiting for at least 5 node(s) to become ready in "ng-93a1b687" 2024-09-23 10:24:18 [ℹ] nodegroup "ng-93a1b687" has 5 node(s) 2024-09-23 10:24:18 [ℹ] node "ip-192-168-21-229.us-west-1.compute.internal" is ready 2024-09-23 10:24:18 [ℹ] node "ip-192-168-25-239.us-west-1.compute.internal" is ready 2024-09-23 10:24:18 [ℹ] node "ip-192-168-43-0.us-west-1.compute.internal" is ready 2024-09-23 10:24:18 [ℹ] node "ip-192-168-44-116.us-west-1.compute.internal" is ready 2024-09-23 10:24:18 [ℹ] node "ip-192-168-63-155.us-west-1.compute.internal" is ready 2024-09-23 10:24:18 [✔] created 1 managed nodegroup(s) in cluster "wazuh-491-rc1-upgrade" 2024-09-23 10:24:19 [ℹ] kubectl command should work with "/Users/enriquearaqueespinosa/.kube/config", try 'kubectl get nodes' 2024-09-23 10:24:19 [✔] EKS cluster "wazuh-491-rc1-upgrade" in "us-west-1" region is ready $ eksctl create iamserviceaccount --name ebs-csi-controller-sa --namespace kube-system --cluster wazuh-491-rc1-upgrade --role-name AmazonEKS_EBS_CSI_DriverRole --role-only --attach-policy-arn arn:aws:iam::aws:policy/service-role/Amazo nEBSCSIDriverPolicy --approve 2024-09-23 16:06:52 [ℹ] 1 existing iamserviceaccount(s) (kube-system/aws-node) will be excluded 2024-09-23 16:06:52 [ℹ] 1 iamserviceaccount (kube-system/ebs-csi-controller-sa) was included (based on the include/exclude rules) 2024-09-23 16:06:52 [!] serviceaccounts in Kubernetes will not be created or modified, since the option --role-only is used 2024-09-23 16:06:52 [ℹ] 1 task: { create IAM role for serviceaccount "kube-system/ebs-csi-controller-sa" } 2024-09-23 16:06:52 [ℹ] building iamserviceaccount stack "eksctl-wazuh-491-rc1-upgrade-addon-iamserviceaccount-kube-system-ebs-csi-controller-sa" 2024-09-23 16:06:53 [ℹ] deploying stack "eksctl-wazuh-491-rc1-upgrade-addon-iamserviceaccount-kube-system-ebs-csi-controller-sa" 2024-09-23 16:06:53 [ℹ] waiting for CloudFormation stack "eksctl-wazuh-491-rc1-upgrade-addon-iamserviceaccount-kube-system-ebs-csi-controller-sa" 2024-09-23 16:07:24 [ℹ] waiting for CloudFormation stack "eksctl-wazuh-491-rc1-upgrade-addon-iamserviceaccount-kube-system-ebs-csi-controller-sa" $ eksctl create addon --name aws-ebs-csi-driver --cluster wazuh-491-rc1-upgrade --service-account-role-arn ***** --force 2024-09-23 16:08:33 [ℹ] Kubernetes version "1.29" in use by cluster "wazuh-491-rc1-upgrade" 2024-09-23 16:08:33 [ℹ] using provided ServiceAccountRoleARN "******" 2024-09-23 16:08:33 [ℹ] creating addon ```

Deploy Wazuh v4.9.0 on Kubernetes:

Logs ``` console $ wazuh/certs/indexer_cluster/generate_certs.sh Root CA Admin cert create: admin-key-temp.pem create: admin-key.pem create: admin.csr Ignoring -days without -x509; not generating a certificate create: admin.pem Certificate request self-signature ok subject=C=US, L=California, O=Company, CN=admin * Node cert create: node-key-temp.pem create: node-key.pem create: node.csr Ignoring -days without -x509; not generating a certificate create: node.pem Certificate request self-signature ok subject=C=US, L=California, O=Company, CN=indexer * dashboard cert create: dashboard-key-temp.pem create: dashboard-key.pem create: dashboard.csr Ignoring -days without -x509; not generating a certificate create: dashboard.pem Certificate request self-signature ok subject=C=US, L=California, O=Company, CN=dashboard * Filebeat cert create: filebeat-key-temp.pem create: filebeat-key.pem create: filebeat.csr Ignoring -days without -x509; not generating a certificate create: filebeat.pem Certificate request self-signature ok subject=C=US, L=California, O=Company, CN=filebeat $ bash wazuh/certs/dashboard_http/generate_certs.sh ...+........+...+...+.+.........+......+.......................+.+.........+...........+.+.....+....+..+.......+......+..+....+.....+...+...+...+.......+..+++++++++++++++++++++++++++++++++++++++*...+...+......+.+...+..+.+++++++++++++++++++++++++++++++++++++++*.................+......+........+......+....+........+....+.....+.+...+....................+......+.+..+......+.......+...++++++ ....+....+........+...+...+....+...+..+...+....+......+...+++++++++++++++++++++++++++++++++++++++*.+....+......+.....+......+..........+..+++++++++++++++++++++++++++++++++++++++*....+..........+..+.......+..+.........+.+.....+....+.........+...+..+.......+........+..........+.....+.+..+...+.......+........+.+...............+...........+...+....+...............+..+.+.....+.........+...+..........+...+...+.....+.+.....+...............+...+.+......+......+.........+....................+...+.+.........+......+..+..........++++++ ----- $ kubectl apply -k envs/eks/ namespace/wazuh created storageclass.storage.k8s.io/wazuh-storage created configmap/dashboard-conf-46kfc92gfm created configmap/indexer-conf-t8tdh7thct created configmap/wazuh-conf-54bf8bh7fk created secret/dashboard-certs-6km4g7cdc5 created secret/dashboard-cred created secret/indexer-certs-hmf5hfmf52 created secret/indexer-cred created secret/wazuh-api-cred created secret/wazuh-authd-pass created secret/wazuh-cluster-key created service/dashboard created service/indexer created service/wazuh created service/wazuh-cluster created service/wazuh-indexer created service/wazuh-workers created deployment.apps/wazuh-dashboard created statefulset.apps/wazuh-indexer created statefulset.apps/wazuh-manager-master created Warning: spec.template.spec.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[0].podAffinityTerm.labelSelector: a null labelSelector results in matching no pod statefulset.apps/wazuh-manager-worker created $ kubectl get all -n wazuh -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES pod/wazuh-dashboard-6f7f5f8d57-nmk6p 1/1 Running 0 5m8s 192.168.57.144 ip-192-168-44-116.us-west-1.compute.internal pod/wazuh-indexer-0 1/1 Running 0 5m7s 192.168.12.176 ip-192-168-25-239.us-west-1.compute.internal pod/wazuh-indexer-1 1/1 Running 0 4m16s 192.168.46.154 ip-192-168-63-155.us-west-1.compute.internal pod/wazuh-indexer-2 1/1 Running 0 3m22s 192.168.48.175 ip-192-168-43-0.us-west-1.compute.internal pod/wazuh-manager-master-0 1/1 Running 0 5m6s 192.168.51.80 ip-192-168-43-0.us-west-1.compute.internal pod/wazuh-manager-worker-0 1/1 Running 0 5m6s 192.168.14.206 ip-192-168-21-229.us-west-1.compute.internal pod/wazuh-manager-worker-1 1/1 Running 0 5m6s 192.168.63.236 ip-192-168-44-116.us-west-1.compute.internal NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR service/dashboard LoadBalancer 10.100.1.143 a5ba9bcae94c54c2e811c0ff182c9a03-1259798919.us-west-1.elb.amazonaws.com 443:32394/TCP 5m14s app=wazuh-dashboard service/indexer LoadBalancer 10.100.34.183 ab9a92d0106a4498c955c4e87b047eb2-857307175.us-west-1.elb.amazonaws.com 9200:30816/TCP 5m13s app=wazuh-indexer service/wazuh LoadBalancer 10.100.37.169 a6c9a8bc050a34cb6a2ef92820d8a172-1684670115.us-west-1.elb.amazonaws.com 1515:32369/TCP,55000:32472/TCP 5m12s app=wazuh-manager,node-type=master service/wazuh-cluster ClusterIP None 1516/TCP 5m11s app=wazuh-manager service/wazuh-indexer ClusterIP None 9300/TCP 5m10s app=wazuh-indexer service/wazuh-workers LoadBalancer 10.100.115.181 internal-a49863f1ae0134fea84db08ec26eb3c9-2098995677.us-west-1.elb.amazonaws.com 1514:32588/TCP 5m10s app=wazuh-manager,node-type=worker NAME READY UP-TO-DATE AVAILABLE AGE CONTAINERS IMAGES SELECTOR deployment.apps/wazuh-dashboard 1/1 1 1 5m10s wazuh-dashboard wazuh/wazuh-dashboard:4.9.0 app=wazuh-dashboard NAME DESIRED CURRENT READY AGE CONTAINERS IMAGES SELECTOR replicaset.apps/wazuh-dashboard-6f7f5f8d57 1 1 1 5m10s wazuh-dashboard wazuh/wazuh-dashboard:4.9.0 app=wazuh-dashboard,pod-template-hash=6f7f5f8d57 NAME READY AGE CONTAINERS IMAGES statefulset.apps/wazuh-indexer 3/3 5m9s wazuh-indexer wazuh/wazuh-indexer:4.9.0 statefulset.apps/wazuh-manager-master 1/1 5m8s wazuh-manager wazuh/wazuh-manager:4.9.0 statefulset.apps/wazuh-manager-worker 2/2 5m8s wazuh-manager wazuh/wazuh-manager:4.9.0 ```
Screenshots ![Captura de pantalla 2024-09-23 a las 16 20 09](https://github.com/user-attachments/assets/94a42724-e6d8-48c0-8ac7-0ebb8f856b9c) ![Captura de pantalla 2024-09-23 a las 16 20 26](https://github.com/user-attachments/assets/9455045c-77c8-4e58-ac11-1880eae5a303) ![Captura de pantalla 2024-09-23 a las 16 20 40](https://github.com/user-attachments/assets/351318f1-2510-40f2-b389-ea7cb810f5b8)

Deploy Wazuh v4.9.1 on Kubernetes:

Logs ``` console $ git checkout v4.9.1-rc1 Previous HEAD position was cb1c04e Merge pull request #807 from wazuh/enhancement/804-revert-image-tag HEAD is now at fa303b8 Merge pull request #823 from wazuh/enhancement/821-change-image-tag $ wazuh/certs/indexer_cluster/generate_certs.sh Root CA Admin cert create: admin-key-temp.pem create: admin-key.pem create: admin.csr Ignoring -days without -x509; not generating a certificate create: admin.pem Certificate request self-signature ok subject=C=US, L=California, O=Company, CN=admin * Node cert create: node-key-temp.pem create: node-key.pem create: node.csr Ignoring -days without -x509; not generating a certificate create: node.pem Certificate request self-signature ok subject=C=US, L=California, O=Company, CN=indexer * dashboard cert create: dashboard-key-temp.pem create: dashboard-key.pem create: dashboard.csr Ignoring -days without -x509; not generating a certificate create: dashboard.pem Certificate request self-signature ok subject=C=US, L=California, O=Company, CN=dashboard * Filebeat cert create: filebeat-key-temp.pem create: filebeat-key.pem create: filebeat.csr Ignoring -days without -x509; not generating a certificate create: filebeat.pem Certificate request self-signature ok subject=C=US, L=California, O=Company, CN=filebeat $ wazuh/certs/dashboard_http/generate_certs.sh .............+......+.+..............+...+.+..+...+....+.....+...+....+...+...+..+.+......+.....+......+....+++++++++++++++++++++++++++++++++++++++*.....+...+..+......+....+.....+......+..........+++++++++++++++++++++++++++++++++++++++*............+.....+....+.........+.........+......+......+...+.....+...+....+...+...+.....+.......+....................+.+......+...+.....+.......+.....+....+.....+....+..+....+..+............+......+.+...........+..........+...+......+......+........+......+.........+.+.....+.+...............+..+..........+...........+....+...........+.+..............+.+.....+...+.+.....+......+.+..................+........................+.....+.......+.........+..+.......+.....+............+.+..+...+...+....+.....+...+....+.....+.+.....+.........+.............+..+....+.....+.........+.+.....+.......+...+...........+....+.........+..+.+..+...+......................+..+...+......................+......+..+.+..+...+.+......+..+......+.......+...+......+......+........+....+..+.+........+........................+..........+...+..+...+.......+..+...+......+.......+...+......+...+...+.........+........................+..+.......+......+......+......+........+....+.....+.+...........+.+.....+...+.........+.............+........+..........++++++ ......+++++++++++++++++++++++++++++++++++++++*......+......+.+.....+...+...+....+.........+..+...+....+.....+.+..+.............+......+........+.+..+............+..................+....+.....+.+.....+.........+....+.....+....+..+...+.+.........+..+...+...+..........+..+...+...+.+.........+............+.....+.......+...........+.......+++++++++++++++++++++++++++++++++++++++*...+......+.+.................+.+......+.....+......+....+...........+...+.+...+.....+......+......+...+...+...+.........+...+...............+...+....+...+...+..+....+...+..+....+..+...+.........+......+................+......+..+.+.........+...+........+..........+...........+.+.....+.........+...+...............+.+..+...+..........+......+.....+.+.........+...+..+.+.....+...+...................+..+.+...+......+.........+.........+........+...+.........+.+............+..+.+.....+....+..+.............+...+.....+..........+..+...+...................+...........+.........+..........+.....+......+...+.+......+.........+...+......+..+...+....+......+..+.......+........+...+.+......+............+...+..+.......+.....+...+......+......+.+.....+...+....+..+.+........+....+...+..+..................+....+......+.....+....+...+..+...............+...+.+.....+....+...+..............+.........+.......+..+...............+...+..........+...+......+...+..+....+.....+......+.............+.....+......+.......+.....+.........+.+...+.........+.....+...+............+.+.........+............+.........+...........+.............+..+.+...+..+.......+.................+..........+...+...+..+.+............+..+.............+..+...+....+...+.....+...+...+.+.....+......+............+.......+...+......++++++ ----- $ kubectl apply -k envs/eks/ namespace/wazuh unchanged storageclass.storage.k8s.io/wazuh-storage unchanged configmap/dashboard-conf-46kfc92gfm unchanged configmap/indexer-conf-t8tdh7thct unchanged configmap/wazuh-conf-54bf8bh7fk unchanged secret/dashboard-certs-tggd8btd2t created secret/dashboard-cred unchanged secret/indexer-certs-59dgd2mch8 created secret/indexer-cred unchanged secret/wazuh-api-cred unchanged secret/wazuh-authd-pass unchanged secret/wazuh-cluster-key unchanged service/dashboard unchanged service/indexer unchanged service/wazuh unchanged service/wazuh-cluster unchanged service/wazuh-indexer unchanged service/wazuh-workers unchanged deployment.apps/wazuh-dashboard configured statefulset.apps/wazuh-indexer configured statefulset.apps/wazuh-manager-master configured Warning: spec.template.spec.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[0].podAffinityTerm.labelSelector: a null labelSelector results in matching no pod statefulset.apps/wazuh-manager-worker configured $ kubectl get all -n wazuh -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES pod/wazuh-dashboard-78c6c89d76-s8dhm 1/1 Running 0 6m4s 192.168.14.71 ip-192-168-25-239.us-west-1.compute.internal pod/wazuh-indexer-0 1/1 Running 0 4m11s 192.168.4.223 ip-192-168-25-239.us-west-1.compute.internal pod/wazuh-indexer-1 1/1 Running 0 5m6s 192.168.39.154 ip-192-168-63-155.us-west-1.compute.internal pod/wazuh-indexer-2 1/1 Running 0 6m1s 192.168.44.110 ip-192-168-43-0.us-west-1.compute.internal pod/wazuh-manager-master-0 1/1 Running 0 5m58s 192.168.36.174 ip-192-168-44-116.us-west-1.compute.internal pod/wazuh-manager-worker-0 1/1 Running 0 4m53s 192.168.27.169 ip-192-168-21-229.us-west-1.compute.internal pod/wazuh-manager-worker-1 1/1 Running 0 5m57s 192.168.62.209 ip-192-168-43-0.us-west-1.compute.internal NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR service/dashboard LoadBalancer 10.100.1.143 a5ba9bcae94c54c2e811c0ff182c9a03-1259798919.us-west-1.elb.amazonaws.com 443:32394/TCP 17m app=wazuh-dashboard service/indexer LoadBalancer 10.100.34.183 ab9a92d0106a4498c955c4e87b047eb2-857307175.us-west-1.elb.amazonaws.com 9200:30816/TCP 17m app=wazuh-indexer service/wazuh LoadBalancer 10.100.37.169 a6c9a8bc050a34cb6a2ef92820d8a172-1684670115.us-west-1.elb.amazonaws.com 1515:32369/TCP,55000:32472/TCP 17m app=wazuh-manager,node-type=master service/wazuh-cluster ClusterIP None 1516/TCP 17m app=wazuh-manager service/wazuh-indexer ClusterIP None 9300/TCP 17m app=wazuh-indexer service/wazuh-workers LoadBalancer 10.100.115.181 internal-a49863f1ae0134fea84db08ec26eb3c9-2098995677.us-west-1.elb.amazonaws.com 1514:32588/TCP 17m app=wazuh-manager,node-type=worker NAME READY UP-TO-DATE AVAILABLE AGE CONTAINERS IMAGES SELECTOR deployment.apps/wazuh-dashboard 1/1 1 1 17m wazuh-dashboard wazuh/wazuh-dashboard:4.9.1-rc1 app=wazuh-dashboard NAME DESIRED CURRENT READY AGE CONTAINERS IMAGES SELECTOR replicaset.apps/wazuh-dashboard-6f7f5f8d57 0 0 0 17m wazuh-dashboard wazuh/wazuh-dashboard:4.9.0 app=wazuh-dashboard,pod-template-hash=6f7f5f8d57 replicaset.apps/wazuh-dashboard-78c6c89d76 1 1 1 6m6s wazuh-dashboard wazuh/wazuh-dashboard:4.9.1-rc1 app=wazuh-dashboard,pod-template-hash=78c6c89d76 NAME READY AGE CONTAINERS IMAGES statefulset.apps/wazuh-indexer 3/3 17m wazuh-indexer wazuh/wazuh-indexer:4.9.1-rc1 statefulset.apps/wazuh-manager-master 1/1 17m wazuh-manager wazuh/wazuh-manager:4.9.1-rc1 statefulset.apps/wazuh-manager-worker 2/2 17m wazuh-manager wazuh/wazuh-manager:4.9.1-rc1 ```
Screenshots ![Captura de pantalla 2024-09-23 a las 16 31 34](https://github.com/user-attachments/assets/01fae96e-acd1-420f-b114-8f91af0b82db) ![Captura de pantalla 2024-09-23 a las 16 31 51](https://github.com/user-attachments/assets/f1cacc9f-c60e-40d1-a924-60517559c9e6) ![Captura de pantalla 2024-09-23 a las 16 32 02](https://github.com/user-attachments/assets/8a0afb27-fdee-407a-8730-580841a0103e)
ossec.log ``` java $ kubectl exec --stdin --tty -n wazuh pod/wazuh-manager-master-0 -- /bin/bash bash-5.2# cat /var/ossec/logs/ossec.log 2024/09/23 14:13:38 wazuh-modulesd:router: INFO: Loaded router module. 2024/09/23 14:13:38 wazuh-modulesd:content_manager: INFO: Loaded content_manager module. 2024/09/23 14:13:42 wazuh-csyslogd: INFO: Remote syslog server not configured. Clean exit. 2024/09/23 14:13:42 wazuh-dbd: INFO: Database not configured. Clean exit. 2024/09/23 14:13:42 wazuh-integratord: INFO: Remote integrations not configured. Clean exit. 2024/09/23 14:13:42 wazuh-agentlessd: INFO: Not configured. Exiting. 2024/09/23 14:13:42 wazuh-authd: INFO: Started (pid: 603). 2024/09/23 14:13:42 wazuh-authd: INFO: Accepting connections on port 1515. Using password specified on file: etc/authd.pass 2024/09/23 14:13:42 wazuh-authd: INFO: Setting network timeout to 1.000000 sec. 2024/09/23 14:13:43 wazuh-db: INFO: Started (pid: 619). 2024/09/23 14:13:43 wazuh-db: INFO: Created Global database backup "backup/db/global.db-backup-2024-09-23-14:13:43.gz" 2024/09/23 14:13:44 wazuh-execd: INFO: Started (pid: 645). 2024/09/23 14:13:46 wazuh-analysisd: INFO: Total rules enabled: '7006' 2024/09/23 14:13:46 wazuh-analysisd: INFO: The option is deprecated and won't apply. Set up each queue size in the internal_options file. 2024/09/23 14:13:46 wazuh-analysisd: INFO: Started (pid: 661). 2024/09/23 14:13:46 wazuh-syscheckd: WARNING: The check_unixaudit option is deprecated in favor of the SCA module. 2024/09/23 14:13:46 wazuh-syscheckd: INFO: Started (pid: 674). 2024/09/23 14:13:46 wazuh-syscheckd: INFO: (6003): Monitoring path: '/bin', with options 'size | permissions | owner | group | mtime | inode | hash_md5 | hash_sha1 | hash_sha256 | scheduled'. 2024/09/23 14:13:46 wazuh-syscheckd: INFO: (6003): Monitoring path: '/boot', with options 'size | permissions | owner | group | mtime | inode | hash_md5 | hash_sha1 | hash_sha256 | scheduled'. 2024/09/23 14:13:46 wazuh-syscheckd: INFO: (6003): Monitoring path: '/etc', with options 'size | permissions | owner | group | mtime | inode | hash_md5 | hash_sha1 | hash_sha256 | scheduled'. 2024/09/23 14:13:46 wazuh-syscheckd: INFO: (6003): Monitoring path: '/sbin', with options 'size | permissions | owner | group | mtime | inode | hash_md5 | hash_sha1 | hash_sha256 | scheduled'. 2024/09/23 14:13:46 wazuh-syscheckd: INFO: (6003): Monitoring path: '/usr/bin', with options 'size | permissions | owner | group | mtime | inode | hash_md5 | hash_sha1 | hash_sha256 | scheduled'. 2024/09/23 14:13:46 wazuh-syscheckd: INFO: (6003): Monitoring path: '/usr/sbin', with options 'size | permissions | owner | group | mtime | inode | hash_md5 | hash_sha1 | hash_sha256 | scheduled'. 2024/09/23 14:13:46 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/mtab' 2024/09/23 14:13:46 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/hosts.deny' 2024/09/23 14:13:46 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/mail/statistics' 2024/09/23 14:13:46 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/random-seed' 2024/09/23 14:13:46 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/random.seed' 2024/09/23 14:13:46 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/adjtime' 2024/09/23 14:13:46 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/httpd/logs' 2024/09/23 14:13:46 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/utmpx' 2024/09/23 14:13:46 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/wtmpx' 2024/09/23 14:13:46 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/cups/certs' 2024/09/23 14:13:46 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/dumpdates' 2024/09/23 14:13:46 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/svc/volatile' 2024/09/23 14:13:46 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/sys/kernel/security' 2024/09/23 14:13:46 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/sys/kernel/debug' 2024/09/23 14:13:46 wazuh-syscheckd: INFO: (6004): No diff for file: '/etc/ssl/private.key' 2024/09/23 14:13:46 wazuh-syscheckd: INFO: (6000): Starting daemon... 2024/09/23 14:13:46 wazuh-syscheckd: INFO: (6010): File integrity monitoring scan frequency: 43200 seconds 2024/09/23 14:13:46 wazuh-syscheckd: INFO: (6008): File integrity monitoring scan started. 2024/09/23 14:13:46 rootcheck: INFO: Starting rootcheck scan. 2024/09/23 14:13:47 wazuh-analysisd: INFO: EPS limit disabled 2024/09/23 14:13:47 wazuh-analysisd: INFO: (7200): Logtest started 2024/09/23 14:13:47 wazuh-syscheckd: INFO: (6009): File integrity monitoring scan ended. 2024/09/23 14:13:47 wazuh-remoted: INFO: Started (pid: 722). Listening on port 1514/TCP (secure). 2024/09/23 14:13:47 wazuh-syscheckd: INFO: FIM sync module started. 2024/09/23 14:13:47 wazuh-remoted: INFO: (1410): Reading authentication keys file. 2024/09/23 14:13:48 wazuh-logcollector: INFO: Monitoring output of command(360): df -P 2024/09/23 14:13:48 wazuh-logcollector: INFO: Monitoring full output of command(360): netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d 2024/09/23 14:13:48 wazuh-logcollector: INFO: Monitoring full output of command(360): last -n 20 2024/09/23 14:13:48 wazuh-logcollector: INFO: (1950): Analyzing file: '/var/ossec/logs/active-responses.log'. 2024/09/23 14:13:48 wazuh-logcollector: INFO: Started (pid: 922). 2024/09/23 14:13:49 wazuh-monitord: INFO: Started (pid: 1031). 2024/09/23 14:13:50 wazuh-modulesd:router: INFO: Loaded router module. 2024/09/23 14:13:50 wazuh-modulesd:content_manager: INFO: Loaded content_manager module. 2024/09/23 14:13:50 wazuh-modulesd: INFO: Started (pid: 1090). 2024/09/23 14:13:50 wazuh-modulesd:ciscat: INFO: Module disabled. Exiting... 2024/09/23 14:13:50 wazuh-modulesd:router: INFO: Starting router module. 2024/09/23 14:13:50 wazuh-modulesd:vulnerability-scanner: INFO: Starting vulnerability_scanner module. 2024/09/23 14:13:50 wazuh-modulesd:osquery: INFO: Module disabled. Exiting... 2024/09/23 14:13:50 wazuh-modulesd:agent-upgrade: INFO: (8153): Module Agent Upgrade started. 2024/09/23 14:13:50 wazuh-modulesd:content_manager: INFO: Starting content_manager module. 2024/09/23 14:13:50 wazuh-modulesd:database: INFO: Module started. 2024/09/23 14:13:50 wazuh-modulesd:oscap: INFO: Module disabled. Exiting... 2024/09/23 14:13:50 wazuh-modulesd:control: INFO: Starting control thread. 2024/09/23 14:13:50 wazuh-modulesd:download: INFO: Module started. 2024/09/23 14:13:51 wazuh-modulesd:task-manager: INFO: (8200): Module Task Manager started. 2024/09/23 14:13:51 wazuh-modulesd:syscollector: INFO: Module started. 2024/09/23 14:13:51 wazuh-modulesd:syscollector: INFO: Starting evaluation. 2024/09/23 14:13:51 wazuh-modulesd:syscollector: INFO: Evaluation finished. 2024/09/23 14:13:51 indexer-connector: WARNING: IndexerConnector initialization failed for index 'wazuh-states-vulnerabilities-wazuh', retrying until the connection is successful. 2024/09/23 14:13:51 wazuh-modulesd:vulnerability-scanner: INFO: Starting database file decompression. 2024/09/23 14:14:10 rootcheck: INFO: Ending rootcheck scan. 2024/09/23 14:15:41 wazuh-modulesd:vulnerability-scanner: INFO: Database decompression finished. 2024/09/23 14:15:42 wazuh-modulesd:vulnerability-scanner: INFO: Vulnerability scanner module started. 2024/09/23 14:16:53 indexer-connector: INFO: IndexerConnector initialized successfully for index: wazuh-states-vulnerabilities-wazuh. 2024/09/23 14:21:49 wazuh-modulesd:vulnerability-scanner: INFO: Initiating update feed process. 2024/09/23 14:24:05 wazuh-db: INFO: (1225): SIGNAL [(1)-(Hangup)] Received. Exit Cleaning... 2024/09/23 14:24:05 wazuh-authd: INFO: (1225): SIGNAL [(1)-(Hangup)] Received. Exit Cleaning... 2024/09/23 14:24:05 wazuh-execd: INFO: (1314): Shutdown received. Deleting responses. 2024/09/23 14:24:05 wazuh-analysisd: INFO: (1225): SIGNAL [(15)-(Terminated)] Received. Exit Cleaning... 2024/09/23 14:24:05 wazuh-remoted: INFO: (1225): SIGNAL [(15)-(Terminated)] Received. Exit Cleaning... 2024/09/23 14:24:05 wazuh-execd: INFO: (1225): SIGNAL [(15)-(Terminated)] Received. Exit Cleaning... 2024/09/23 14:24:05 wazuh-authd: INFO: (1225): SIGNAL [(15)-(Terminated)] Received. Exit Cleaning... 2024/09/23 14:24:05 wazuh-syscheckd: INFO: (1756): Shutdown received. Releasing resources. 2024/09/23 14:24:05 wazuh-logcollector: INFO: (1225): SIGNAL [(15)-(Terminated)] Received. Exit Cleaning... 2024/09/23 14:24:05 wazuh-monitord: INFO: (1225): SIGNAL [(15)-(Terminated)] Received. Exit Cleaning... 2024/09/23 14:24:05 wazuh-db: INFO: (1225): SIGNAL [(15)-(Terminated)] Received. Exit Cleaning... 2024/09/23 14:24:05 wazuh-syscheckd: INFO: (1225): SIGNAL [(15)-(Terminated)] Received. Exit Cleaning... 2024/09/23 14:24:05 wazuh-db: INFO: Graceful process shutdown. 2024/09/23 14:24:06 wazuh-authd: INFO: Exiting... 2024/09/23 14:25:02 wazuh-modulesd:router: INFO: Loaded router module. 2024/09/23 14:25:02 wazuh-modulesd:content_manager: INFO: Loaded content_manager module. 2024/09/23 14:25:06 wazuh-csyslogd: INFO: Remote syslog server not configured. Clean exit. 2024/09/23 14:25:06 wazuh-dbd: INFO: Database not configured. Clean exit. 2024/09/23 14:25:06 wazuh-integratord: INFO: Remote integrations not configured. Clean exit. 2024/09/23 14:25:06 wazuh-agentlessd: INFO: Not configured. Exiting. 2024/09/23 14:25:06 wazuh-authd: INFO: Started (pid: 595). 2024/09/23 14:25:06 wazuh-authd: INFO: Accepting connections on port 1515. Using password specified on file: etc/authd.pass 2024/09/23 14:25:06 wazuh-authd: INFO: Setting network timeout to 1.000000 sec. 2024/09/23 14:25:07 wazuh-db: INFO: Started (pid: 612). 2024/09/23 14:25:08 wazuh-db: INFO: Created Global database backup "backup/db/global.db-backup-2024-09-23-14:25:08.gz" 2024/09/23 14:25:08 wazuh-execd: INFO: Started (pid: 637). 2024/09/23 14:25:11 wazuh-syscheckd: WARNING: The check_unixaudit option is deprecated in favor of the SCA module. 2024/09/23 14:25:11 wazuh-syscheckd: INFO: Started (pid: 665). 2024/09/23 14:25:11 wazuh-syscheckd: INFO: (6003): Monitoring path: '/bin', with options 'size | permissions | owner | group | mtime | inode | hash_md5 | hash_sha1 | hash_sha256 | scheduled'. 2024/09/23 14:25:11 wazuh-syscheckd: INFO: (6003): Monitoring path: '/boot', with options 'size | permissions | owner | group | mtime | inode | hash_md5 | hash_sha1 | hash_sha256 | scheduled'. 2024/09/23 14:25:11 wazuh-syscheckd: INFO: (6003): Monitoring path: '/etc', with options 'size | permissions | owner | group | mtime | inode | hash_md5 | hash_sha1 | hash_sha256 | scheduled'. 2024/09/23 14:25:11 wazuh-syscheckd: INFO: (6003): Monitoring path: '/sbin', with options 'size | permissions | owner | group | mtime | inode | hash_md5 | hash_sha1 | hash_sha256 | scheduled'. 2024/09/23 14:25:11 wazuh-syscheckd: INFO: (6003): Monitoring path: '/usr/bin', with options 'size | permissions | owner | group | mtime | inode | hash_md5 | hash_sha1 | hash_sha256 | scheduled'. 2024/09/23 14:25:11 wazuh-syscheckd: INFO: (6003): Monitoring path: '/usr/sbin', with options 'size | permissions | owner | group | mtime | inode | hash_md5 | hash_sha1 | hash_sha256 | scheduled'. 2024/09/23 14:25:11 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/mtab' 2024/09/23 14:25:11 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/hosts.deny' 2024/09/23 14:25:11 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/mail/statistics' 2024/09/23 14:25:11 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/random-seed' 2024/09/23 14:25:11 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/random.seed' 2024/09/23 14:25:11 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/adjtime' 2024/09/23 14:25:11 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/httpd/logs' 2024/09/23 14:25:11 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/utmpx' 2024/09/23 14:25:11 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/wtmpx' 2024/09/23 14:25:11 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/cups/certs' 2024/09/23 14:25:11 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/dumpdates' 2024/09/23 14:25:11 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/svc/volatile' 2024/09/23 14:25:11 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/sys/kernel/security' 2024/09/23 14:25:11 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/sys/kernel/debug' 2024/09/23 14:25:11 wazuh-syscheckd: INFO: (6004): No diff for file: '/etc/ssl/private.key' 2024/09/23 14:25:11 wazuh-syscheckd: INFO: (6000): Starting daemon... 2024/09/23 14:25:11 wazuh-syscheckd: INFO: (6010): File integrity monitoring scan frequency: 43200 seconds 2024/09/23 14:25:11 wazuh-syscheckd: INFO: (6008): File integrity monitoring scan started. 2024/09/23 14:25:11 rootcheck: INFO: Starting rootcheck scan. 2024/09/23 14:25:11 wazuh-analysisd: INFO: Total rules enabled: '7006' 2024/09/23 14:25:11 wazuh-analysisd: INFO: The option is deprecated and won't apply. Set up each queue size in the internal_options file. 2024/09/23 14:25:11 wazuh-analysisd: INFO: Started (pid: 653). 2024/09/23 14:25:11 wazuh-analysisd: INFO: EPS limit disabled 2024/09/23 14:25:11 wazuh-analysisd: INFO: (7200): Logtest started 2024/09/23 14:25:12 wazuh-remoted: INFO: Started (pid: 712). Listening on port 1514/TCP (secure). 2024/09/23 14:25:12 wazuh-remoted: INFO: (1410): Reading authentication keys file. 2024/09/23 14:25:12 wazuh-syscheckd: INFO: (6009): File integrity monitoring scan ended. 2024/09/23 14:25:12 wazuh-syscheckd: INFO: FIM sync module started. 2024/09/23 14:25:13 wazuh-logcollector: INFO: Monitoring output of command(360): df -P 2024/09/23 14:25:13 wazuh-logcollector: INFO: Monitoring full output of command(360): netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d 2024/09/23 14:25:13 wazuh-logcollector: INFO: Monitoring full output of command(360): last -n 20 2024/09/23 14:25:13 wazuh-logcollector: INFO: (1950): Analyzing file: '/var/ossec/logs/active-responses.log'. 2024/09/23 14:25:13 wazuh-logcollector: INFO: Started (pid: 819). 2024/09/23 14:25:14 wazuh-monitord: INFO: Started (pid: 1008). 2024/09/23 14:25:15 wazuh-modulesd:router: INFO: Loaded router module. 2024/09/23 14:25:15 wazuh-modulesd:content_manager: INFO: Loaded content_manager module. 2024/09/23 14:25:15 wazuh-modulesd: INFO: Started (pid: 1059). 2024/09/23 14:25:15 wazuh-modulesd:agent-upgrade: INFO: (8153): Module Agent Upgrade started. 2024/09/23 14:25:15 wazuh-modulesd:osquery: INFO: Module disabled. Exiting... 2024/09/23 14:25:15 wazuh-modulesd:oscap: INFO: Module disabled. Exiting... 2024/09/23 14:25:15 wazuh-modulesd:vulnerability-scanner: INFO: Starting vulnerability_scanner module. 2024/09/23 14:25:15 wazuh-modulesd:router: INFO: Starting router module. 2024/09/23 14:25:15 wazuh-modulesd:ciscat: INFO: Module disabled. Exiting... 2024/09/23 14:25:15 wazuh-modulesd:database: INFO: Module started. 2024/09/23 14:25:15 wazuh-modulesd:task-manager: INFO: (8200): Module Task Manager started. 2024/09/23 14:25:15 wazuh-modulesd:download: INFO: Module started. 2024/09/23 14:25:15 wazuh-modulesd:control: INFO: Starting control thread. 2024/09/23 14:25:15 wazuh-modulesd:content_manager: INFO: Starting content_manager module. 2024/09/23 14:25:15 wazuh-modulesd:syscollector: INFO: Module started. 2024/09/23 14:25:15 wazuh-modulesd:syscollector: INFO: Starting evaluation. 2024/09/23 14:25:15 indexer-connector: WARNING: IndexerConnector initialization failed for index 'wazuh-states-vulnerabilities-wazuh', retrying until the connection is successful. 2024/09/23 14:25:15 wazuh-modulesd:syscollector: INFO: Evaluation finished. 2024/09/23 14:25:15 wazuh-modulesd:vulnerability-scanner: INFO: Starting database file decompression. 2024/09/23 14:25:38 rootcheck: INFO: Ending rootcheck scan. 2024/09/23 14:26:47 wazuh-modulesd:vulnerability-scanner: INFO: Database decompression finished. 2024/09/23 14:26:48 wazuh-modulesd:vulnerability-scanner: INFO: Vulnerability scanner module started. 2024/09/23 14:26:49 wazuh-modulesd:vulnerability-scanner: INFO: Initiating update feed process. 2024/09/23 14:28:17 indexer-connector: INFO: IndexerConnector initialized successfully for index: wazuh-states-vulnerabilities-wazuh. ```
Enaraque commented 3 weeks ago

Deploy Wazuh v4.3.0 single-node 🔴

Check indexer and dashboard files path in docker-compose ```console root@ip-172-31-47-153:/home/ubuntu# git clone https://github.com/wazuh/wazuh-docker.git -b v4.3.0 Cloning into 'wazuh-docker'... remote: Enumerating objects: 13622, done. remote: Counting objects: 100% (942/942), done. remote: Compressing objects: 100% (510/510), done. remote: Total 13622 (delta 473), reused 828 (delta 398), pack-reused 12680 (from 1) Receiving objects: 100% (13622/13622), 314.66 MiB | 35.80 MiB/s, done. Resolving deltas: 100% (7102/7102), done. Note: switching to '73018f87ac49441c4d5695cc8db486a33ff195c1'. You are in 'detached HEAD' state. You can look around, make experimental changes and commit them, and you can discard any commits you make in this state without impacting any branches by switching back to a branch. If you want to create a new branch to retain commits you create, you may do so (now or later) by using -c with the switch command. Example: git switch -c Or undo this operation with: git switch - Turn off this advice by setting config variable advice.detachedHead to false root@ip-172-31-47-153:/home/ubuntu# cd wazuh-docker/single-node/ root@ip-172-31-47-153:/home/ubuntu/wazuh-docker/single-node# sed -n '41,89p' docker-compose.yml wazuh.indexer: image: wazuh/wazuh-indexer:4.3.0 hostname: wazuh.indexer restart: always ports: - "9200:9200" environment: - "OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m" ulimits: memlock: soft: -1 hard: -1 nofile: soft: 65536 hard: 65536 volumes: - wazuh-indexer-data:/var/lib/wazuh-indexer - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/config/certs/root-ca.pem - ./config/wazuh_indexer_ssl_certs/wazuh.indexer-key.pem:/usr/share/wazuh-indexer/config/certs/wazuh.indexer.key - ./config/wazuh_indexer_ssl_certs/wazuh.indexer.pem:/usr/share/wazuh-indexer/config/certs/wazuh.indexer.pem - ./config/wazuh_indexer_ssl_certs/admin.pem:/usr/share/wazuh-indexer/config/certs/admin.pem - ./config/wazuh_indexer_ssl_certs/admin-key.pem:/usr/share/wazuh-indexer/config/certs/admin-key.pem - ./config/wazuh_indexer/wazuh.indexer.yml:/usr/share/wazuh-indexer/config/opensearch.yml - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/internal_users.yml wazuh.dashboard: image: wazuh/wazuh-dashboard:4.3.0 hostname: wazuh.dashboard restart: always ports: - 443:443 environment: - INDEXER_USERNAME=admin - INDEXER_PASSWORD=SecretPassword - WAZUH_API_URL=https://wazuh.manager - API_USERNAME=acme-user - API_PASSWORD=MyS3cr37P450r.*- volumes: - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard-key.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-dashboard/certs/root-ca.pem - ./config/wazuh_dashboard/opensearch_dashboards.yml:/usr/share/wazuh-dashboard/config/opensearch_dashboards.yml - ./config/wazuh_dashboard/wazuh.yml:/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml depends_on: - wazuh.indexer links: - wazuh.indexer:wazuh.indexer - wazuh.manager:wazuh.manager ```
Single-node deployment ```console root@ip-172-31-47-153:/home/ubuntu/wazuh-docker/single-node# docker-compose -f generate-indexer-certs.yml run --rm generator [+] Running 1/1 ⠿ Network single-node_default Created 0.1s [+] Running 5/5 ⠿ generator Pulled 3.4s ⠿ edaedc954fb5 Pull complete 2.2s ⠿ 573f4d11a520 Pull complete 3.1s ⠿ 8f200922197d Pull complete 3.1s ⠿ 55a86de68c5c Pull complete 3.2s The tool to create the certificates exists in the in Packages bucket 26/09/2024 08:54:26 INFO: Admin certificates created. 26/09/2024 08:54:26 INFO: Wazuh indexer certificates created. 26/09/2024 08:54:26 INFO: Wazuh server certificates created. 26/09/2024 08:54:27 INFO: Wazuh dashboard certificates created. Moving created certificates to the destination directory Changing certificate permissions Setting UID indexer and dashboard Setting UID for wazuh manager and worker root@ip-172-31-47-153:/home/ubuntu/wazuh-docker/single-node# docker-compose up -d [+] Running 37/37 ⠿ wazuh.dashboard Pulled 54.1s ⠿ 6b8e413f071e Pull complete 6.1s ⠿ ec83951aef01 Pull complete 6.2s ⠿ 0b0703f5945f Pull complete 6.3s ⠿ d34fcd853d8a Pull complete 6.3s ⠿ 1468554731c9 Pull complete 6.4s ⠿ 1ed8dbdbf1e3 Pull complete 6.5s ⠿ 1793922b927b Pull complete 6.7s ⠿ 6081b8d2f19c Pull complete 6.7s ⠿ c676f842281f Pull complete 53.8s ⠿ wazuh.manager Pulled 33.1s ⠿ b30c913e0942 Pull complete 6.1s ⠿ 4737e1b118c3 Pull complete 20.7s ⠿ 456d73af7c7b Pull complete 22.9s ⠿ f0565776bbcd Pull complete 23.7s ⠿ 36525e5b83c1 Pull complete 24.3s ⠿ 45557825b959 Pull complete 24.8s ⠿ 9316c8cab39e Pull complete 25.2s ⠿ 97a8c7c9d60b Pull complete 25.5s ⠿ fc7e726cc881 Pull complete 25.9s ⠿ f6b138595b92 Pull complete 26.6s ⠿ 117721d9704f Pull complete 32.7s ⠿ bb243896fcd8 Pull complete 32.8s ⠿ wazuh.indexer Pulled 31.1s ⠿ d5fd17ec1767 Pull complete 3.2s ⠿ 3d0b60051712 Pull complete 3.2s ⠿ 291057b8a134 Pull complete 3.3s ⠿ 7796cc75cec0 Pull complete 3.3s ⠿ b883828eff8d Pull complete 3.3s ⠿ 1cfc100f01cb Pull complete 3.4s ⠿ 1149a02fc112 Pull complete 3.5s ⠿ 46271dcd970d Pull complete 3.5s ⠿ 141f1032559e Pull complete 28.3s ⠿ 3f3cebf6b781 Pull complete 29.0s ⠿ fa7fd22ecec5 Pull complete 29.7s ⠿ fb64bf16ae21 Pull complete 30.1s ⠿ cd409c0494c2 Pull complete 30.6s [+] Running 15/15 ⠿ Volume "single-node_wazuh_wodles" Created 0.0s ⠿ Volume "single-node_filebeat_etc" Created 0.0s ⠿ Volume "single-node_filebeat_var" Created 0.0s ⠿ Volume "single-node_wazuh_api_configuration" Created 0.0s ⠿ Volume "single-node_wazuh-indexer-data" Created 0.0s ⠿ Volume "single-node_wazuh_agentless" Created 0.0s ⠿ Volume "single-node_wazuh_logs" Created 0.0s ⠿ Volume "single-node_wazuh_queue" Created 0.0s ⠿ Volume "single-node_wazuh_var_multigroups" Created 0.0s ⠿ Volume "single-node_wazuh_active_response" Created 0.0s ⠿ Volume "single-node_wazuh_etc" Created 0.0s ⠿ Volume "single-node_wazuh_integrations" Created 0.0s ⠿ Container single-node-wazuh.indexer-1 Started 5.3s ⠿ Container single-node-wazuh.manager-1 Started 5.5s ⠿ Container single-node-wazuh.dashboard-1 Started 1.2s root@ip-172-31-47-153:/home/ubuntu/wazuh-docker/single-node# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 7f07f3e79459 wazuh/wazuh-dashboard:4.3.0 "/entrypoint.sh" 11 seconds ago Up 10 seconds 0.0.0.0:443->443/tcp, :::443->443/tcp single-node-wazuh.dashboard-1 2903fa6f6961 wazuh/wazuh-indexer:4.3.0 "/entrypoint.sh open…" 16 seconds ago Up 10 seconds 0.0.0.0:9200->9200/tcp, :::9200->9200/tcp single-node-wazuh.indexer-1 143ba8807bc6 wazuh/wazuh-manager:4.3.0 "/init" 16 seconds ago Up 10 seconds 0.0.0.0:1514-1515->1514-1515/tcp, :::1514-1515->1514-1515/tcp, 0.0.0.0:514->514/udp, :::514->514/udp, 0.0.0.0:55000->55000/tcp, :::55000->55000/tcp, 1516/tcp single-node-wazuh.manager-1 ```
Screenshots ![Captura de pantalla 2024-09-26 a las 10 59 32](https://github.com/user-attachments/assets/a1b35ad1-57f1-4928-83de-fc2df21765aa) ![Captura de pantalla 2024-09-26 a las 11 00 11](https://github.com/user-attachments/assets/13316d84-d0c3-4b94-be4b-4cfa1d871530)

Deploy Wazuh v4.9.1 single-node keeping custom docker-compose files from v4.3.0 🔴

Change files path in docker-compose ```console root@ip-172-31-47-153:/home/ubuntu/wazuh-docker/single-node# docker-compose down [+] Running 4/4 ⠿ Container single-node-wazuh.dashboard-1 Removed 10.3s ⠿ Container single-node-wazuh.indexer-1 Removed 0.4s ⠿ Container single-node-wazuh.manager-1 Removed 4.0s ⠿ Network single-node_default Removed 0.2s root@ip-172-31-47-153:/home/ubuntu/wazuh-docker/single-node# vi docker-compose.yml root@ip-172-31-47-153:/home/ubuntu/wazuh-docker/single-node# sed -n '41,89p' docker-compose.yml wazuh.indexer: image: wazuh/wazuh-indexer:4.9.1-rc1 hostname: wazuh.indexer restart: always ports: - "9200:9200" environment: - "OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m" ulimits: memlock: soft: -1 hard: -1 nofile: soft: 65536 hard: 65536 volumes: - wazuh-indexer-data:/var/lib/wazuh-indexer - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/certs/root-ca.pem - ./config/wazuh_indexer_ssl_certs/wazuh.indexer-key.pem:/usr/share/wazuh-indexer/certs/wazuh.indexer.key - ./config/wazuh_indexer_ssl_certs/wazuh.indexer.pem:/usr/share/wazuh-indexer/certs/wazuh.indexer.pem - ./config/wazuh_indexer_ssl_certs/admin.pem:/usr/share/wazuh-indexer/certs/admin.pem - ./config/wazuh_indexer_ssl_certs/admin-key.pem:/usr/share/wazuh-indexer/certs/admin-key.pem - ./config/wazuh_indexer/wazuh.indexer.yml:/usr/share/wazuh-indexer/config/opensearch.yml - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml wazuh.dashboard: image: wazuh/wazuh-dashboard:4.9.1-rc1 hostname: wazuh.dashboard restart: always ports: - 443:443 environment: - INDEXER_USERNAME=admin - INDEXER_PASSWORD=SecretPassword - WAZUH_API_URL=https://wazuh.manager - API_USERNAME=acme-user - API_PASSWORD=MyS3cr37P450r.*- volumes: - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard-key.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-dashboard/certs/root-ca.pem - ./config/wazuh_dashboard/opensearch_dashboards.yml:/usr/share/wazuh-dashboard/config/opensearch_dashboards.yml - ./config/wazuh_dashboard/wazuh.yml:/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml depends_on: - wazuh.indexer links: - wazuh.indexer:wazuh.indexer - wazuh.manager:wazuh.manager ``` After changing the corresponding names as per the documentation, the indexer is not starting correctly: ```console root@ip-172-31-47-153:/home/ubuntu/wazuh-docker/single-node# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES c676e28d319f wazuh/wazuh-dashboard:4.9.1-rc1 "/entrypoint.sh" 2 minutes ago Up 2 minutes 0.0.0.0:443->443/tcp, :::443->443/tcp single-node-wazuh.dashboard-1 0e1d61f7d48a wazuh/wazuh-indexer:4.9.1-rc1 "/entrypoint.sh open…" 2 minutes ago Up 5 seconds 0.0.0.0:9200->9200/tcp, :::9200->9200/tcp single-node-wazuh.indexer-1 ee3f8e9018b8 wazuh/wazuh-manager:4.9.1-rc1 "/init" 2 minutes ago Up 2 minutes 0.0.0.0:1514-1515->1514-1515/tcp, :::1514-1515->1514-1515/tcp, 0.0.0.0:514->514/udp, :::514->514/udp, 0.0.0.0:55000->55000/tcp, :::55000->55000/tcp, 1516/tcp single-node-wazuh.manager-1 ``` This issue was resolved by changing the line: ```console environment: - "OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m" ``` to: ``` environment: - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g" ``` Once this was done, the containers were relaunched, but this time it failed when trying to access the dashboard. ![Captura de pantalla 2024-09-26 a las 12 43 24](https://github.com/user-attachments/assets/e08bc36e-4ba0-4c6a-b7c7-8b3b4b17e98b) 🔴 New issue: https://github.com/wazuh/wazuh-documentation/issues/7807
Enaraque commented 3 weeks ago

Upgrade Kubernetes deployment v4.3.0 to v4.9.1 🔴

Deploy Wazuh v4.9.1 Keeping custom manifests from v4.3.0

Changing manifest in v4.9.1 deploy The `v4.9.1-rc1` configuration was used with the `v4.3.0` manifests. In these manifests, the paths mentioned in the documentation were changed. ```console $ wazuh/certs/indexer_cluster/generate_certs.sh Root CA Admin cert create: admin-key-temp.pem create: admin-key.pem create: admin.csr Ignoring -days without -x509; not generating a certificate create: admin.pem Certificate request self-signature ok subject=C=US, L=California, O=Company, CN=admin * Node cert create: node-key-temp.pem create: node-key.pem create: node.csr Ignoring -days without -x509; not generating a certificate create: node.pem Certificate request self-signature ok subject=C=US, L=California, O=Company, CN=indexer * dashboard cert create: dashboard-key-temp.pem create: dashboard-key.pem create: dashboard.csr Ignoring -days without -x509; not generating a certificate create: dashboard.pem Certificate request self-signature ok subject=C=US, L=California, O=Company, CN=dashboard * Filebeat cert create: filebeat-key-temp.pem create: filebeat-key.pem create: filebeat.csr Ignoring -days without -x509; not generating a certificate create: filebeat.pem Certificate request self-signature ok subject=C=US, L=California, O=Company, CN=filebeat $ bash wazuh/certs/dashboard_http/generate_certs.sh ...+..+....+...+...+.....+...+.+......+..............+.+.........+.....+...+++++++++++++++++++++++++++++++++++++++*......+..+.+..............+...+.+++++++++++++++++++++++++++++++++++++++*......+.+.....+......+.......+..+.+.....+....+.........+..+....+......+........+..........+.....+.+....................+.+.........+.....++++++ .+.....+............+.......+..+....+......+...+.....+.+.........+...+.................+...+...............+...+..........+..+...+............+....+...+++++++++++++++++++++++++++++++++++++++*..............+...+..+...+......+.+........+.+++++++++++++++++++++++++++++++++++++++*................+......+..+...+...+....+.....+.....................+......+......+...+..........+..+.........+...+...+....+.....+....+......+...+.....+......+......+.+........+.......+..+.+..............+.......+.....+.+...+.....+.........+.......+.....+...+.......+...+........+.......+...+..+............+.....................+....+.........+..+...+......+..........+...+..+.....................+.........+.+..+.+.....+.+.....+...+...+.........+...+......+....+........++++++ ----- $ kubectl apply -k envs/eks/ namespace/wazuh created storageclass.storage.k8s.io/wazuh-storage created configmap/dashboard-conf-tgmhtkc5dm created configmap/indexer-conf-67g4h64bf2 created configmap/wazuh-conf-9hf9g2fgk8 created secret/dashboard-certs-tftb7g9kb2 created secret/dashboard-cred created secret/indexer-certs-k6gfk65t5k created secret/indexer-cred created secret/wazuh-api-cred created secret/wazuh-authd-pass created secret/wazuh-cluster-key created service/dashboard created service/indexer created service/wazuh created service/wazuh-cluster created service/wazuh-indexer created service/wazuh-workers created deployment.apps/wazuh-dashboard created statefulset.apps/wazuh-indexer created statefulset.apps/wazuh-manager-master created Warning: spec.template.spec.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[0].podAffinityTerm.labelSelector: a null labelSelector results in matching no pod statefulset.apps/wazuh-manager-worker created $ kubectl get all -n wazuh -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES pod/wazuh-dashboard-f8469d76f-4kvjq 1/1 Running 0 15m 192.168.36.172 ip-192-168-44-116.us-west-1.compute.internal pod/wazuh-indexer-0 0/1 CrashLoopBackOff 7 (74s ago) 15m 192.168.12.198 ip-192-168-25-239.us-west-1.compute.internal pod/wazuh-indexer-1 0/1 CrashLoopBackOff 7 (92s ago) 14m 192.168.39.154 ip-192-168-63-155.us-west-1.compute.internal pod/wazuh-indexer-2 0/1 CrashLoopBackOff 6 (3m33s ago) 14m 192.168.3.195 ip-192-168-0-197.us-west-1.compute.internal pod/wazuh-manager-master-0 1/1 Running 0 15m 192.168.14.251 ip-192-168-0-197.us-west-1.compute.internal pod/wazuh-manager-worker-0 1/1 Running 0 15m 192.168.12.160 ip-192-168-21-229.us-west-1.compute.internal pod/wazuh-manager-worker-1 1/1 Running 0 15m 192.168.45.164 ip-192-168-44-116.us-west-1.compute.internal NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR service/dashboard LoadBalancer 10.100.208.239 aed3529a7de754c65be525bf865515cc-1620662039.us-west-1.elb.amazonaws.com 443:31537/TCP 15m app=wazuh-dashboard service/indexer LoadBalancer 10.100.93.171 aba2bf7a50f5f4ceda953f7d14e06761-887038420.us-west-1.elb.amazonaws.com 9200:31952/TCP 15m app=wazuh-indexer service/wazuh LoadBalancer 10.100.205.96 a256ea0b2e88642fab0690e3f2108813-530720907.us-west-1.elb.amazonaws.com 1515:30138/TCP,55000:31654/TCP 15m app=wazuh-manager,node-type=master service/wazuh-cluster ClusterIP None 1516/TCP 15m app=wazuh-manager service/wazuh-indexer ClusterIP None 9300/TCP 15m app=wazuh-indexer service/wazuh-workers LoadBalancer 10.100.48.238 internal-ae1ef45d8bfd44e4095436c18f36cc14-1414787834.us-west-1.elb.amazonaws.com 1514:31846/TCP 15m app=wazuh-manager,node-type=worker NAME READY UP-TO-DATE AVAILABLE AGE CONTAINERS IMAGES SELECTOR deployment.apps/wazuh-dashboard 1/1 1 1 15m wazuh-dashboard wazuh/wazuh-dashboard:4.9.1-rc1 app=wazuh-dashboard NAME DESIRED CURRENT READY AGE CONTAINERS IMAGES SELECTOR replicaset.apps/wazuh-dashboard-f8469d76f 1 1 1 15m wazuh-dashboard wazuh/wazuh-dashboard:4.9.1-rc1 app=wazuh-dashboard,pod-template-hash=f8469d76f NAME READY AGE CONTAINERS IMAGES statefulset.apps/wazuh-indexer 0/3 15m wazuh-indexer wazuh/wazuh-indexer:4.9.1-rc1 statefulset.apps/wazuh-manager-master 1/1 15m wazuh-manager wazuh/wazuh-manager:4.9.1-rc1 statefulset.apps/wazuh-manager-worker 2/2 15m wazuh-manager wazuh/wazuh-manager:4.9.1-rc1 ``` After the deployment, it can be observed that the indexers do not start correctly, indicating that more information in the manifests needs to be changed besides the paths mentioned in the documentation. 🔴 New issue: https://github.com/wazuh/wazuh-documentation/issues/7809