All in one installation hangs on rhel 9 #2771
Assignees
Labels
Comments
Update ReportTestingTwo tests have been performed, and the installation is not stopped:
AIO in RHEL9 with vagrant - Log[root@redhat9 vagrant]# bash wazuh-install.sh -a -v -i
12/01/2024 13:48:10 DEBUG: Checking root permissions.
12/01/2024 13:48:10 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0
12/01/2024 13:48:10 INFO: Verbose logging redirected to /var/log/wazuh-install.log
12/01/2024 13:48:10 DEBUG: YUM package manager will be used.
12/01/2024 13:48:10 DEBUG: Checking system distribution.
12/01/2024 13:48:10 DEBUG: Detected distribution name: rhel
12/01/2024 13:48:10 DEBUG: Detected distribution version: 9
12/01/2024 13:48:10 DEBUG: Checking Wazuh installation.
12/01/2024 13:48:15 DEBUG: Installing check dependencies.
12/01/2024 13:48:15 DEBUG: CentOS repository file created.
12/01/2024 13:48:15 DEBUG: CentOS repositories added.
18 files removed
12/01/2024 13:48:26 DEBUG: CentOS repositories and key deleted.
12/01/2024 13:48:26 DEBUG: Checking system architecture.
12/01/2024 13:48:26 WARNING: Hardware and system checks ignored.
12/01/2024 13:48:26 INFO: Wazuh web interface port will be 443.
12/01/2024 13:48:26 DEBUG: Checking ports availability.
12/01/2024 13:48:29 WARNING: The system has Firewalld enabled. Please ensure that traffic is allowed on these ports: 1515, 1514, 443.
12/01/2024 13:48:29 DEBUG: Installing prerequisites dependencies.
12/01/2024 13:48:30 DEBUG: Checking curl tool version.
12/01/2024 13:48:30 DEBUG: Adding the Wazuh repository.
[wazuh]
gpgcheck=1
gpgkey=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
enabled=1
name=EL-${releasever} - Wazuh
baseurl=https://packages-dev.wazuh.com/pre-release/yum/
protect=1
12/01/2024 13:48:31 INFO: Wazuh development repository added.
12/01/2024 13:48:31 INFO: --- Configuration files ---
12/01/2024 13:48:31 INFO: Generating configuration files.
12/01/2024 13:48:31 DEBUG: Creating Wazuh certificates.
12/01/2024 13:48:31 DEBUG: Reading configuration file.
12/01/2024 13:48:32 DEBUG: Creating the root certificate.
.+...+.....+...+.......+...+..+......+.+.....+.+...+......+...............+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+.+............+..+.......+........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.........+.+.................+...+.......+............+..+.........+......+...+................+..+....+...........+...+...............+.......+...+......+...+...+.....+....+.........+..+............................+......+......+...+...........+.+...+...........+...+...+...+......+.+..............+....+..+...............+....+........+..........+.....+...+....+...+......+.....+.+..................+..+.+.....+...+.....................+.+.........+........+.+...............+...........+..........+...........+....+...+............+...........+.......+...............+......+.....+.+.........+......+...+.....+............................+..+......+.+..................+..+.+.....+....+.....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
...+..........+...+......+..+..........+...+.....+.......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.........+....+..+............+.+.........+.....+...+...+....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+...+...+.....+......+..........+.....+...+......+....+...+........+......+...+...+.............+..+.............+.........+.....+.......+.....+....+..+..........+...........................+..+....+.........+..+.............+...+.....+.........+.+.........+.....+.+.................+...+....+......+.....+.......+.....+...+....+........+.+......+...........+....+......+..+.+.....+......+...+.+......+...+..+.........+.+.....+....+.........+..+...+.......+...+......+............+..+...+....+......+..+..................+..........+.........+...........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
12/01/2024 13:48:33 DEBUG: Generating Admin certificates.
Certificate request self-signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = admin
12/01/2024 13:48:33 DEBUG: Generating Wazuh indexer certificates.
12/01/2024 13:48:33 DEBUG: Creating the Wazuh indexer certificates.
12/01/2024 13:48:33 DEBUG: Generating certificate configuration.
........+.....+.+...+...+...+.....+.+.....+...+............+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*...+....+.....+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..........+..........+..+.........+.......+.....+.........+....+.....+.......+...+......+.....+....+..............+.......+........+...+....+...+...............+..+.+.....+............+...+...+....+......+.....+......+....+...........+.+..............+.+..+..........+..+...............+...+.+..+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
.+...+..+...+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.......+.+...+...+............+...........+.......+.....+.......+..+....+..+....+......+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.......+...+...+...+...........+.+.....+.......+........+...+......+.............+..+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
Certificate request self-signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-indexer
12/01/2024 13:48:34 DEBUG: Generating Filebeat certificates.
12/01/2024 13:48:34 DEBUG: Creating the Wazuh server certificates.
12/01/2024 13:48:34 DEBUG: Generating certificate configuration.
.........+......+.+..+.+.....+.........+..........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*...+.....+.........+...+...................+...+...+.....+.......+..+.........+......+.+..+.......+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*........+......+......+.........+........+...+.........+.........................+.....+...+...+.......+...........+.+......+...+.....+......+.+.....+...+....+..+.+.........+..............+....+...+...+.........+......+.....+..........+.........+...+..................+..+...+......+.............+...........+....+.....+.......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
......+..+...+.........+...+.......+........+......+.+...+..+.+...+.....+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+....+......+.....+......+.....................+.......+...+...+.........+.....+.+.....+.+.....+....+.....+.+........+.......+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+...+......+....+.....+.......+......+...+..+...+.......+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
Certificate request self-signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-server
12/01/2024 13:48:34 DEBUG: Generating Wazuh dashboard certificates.
12/01/2024 13:48:34 DEBUG: Creating the Wazuh dashboard certificates.
12/01/2024 13:48:34 DEBUG: Generating certificate configuration.
.+......+..+....+...+........+....+...+.....+.............+...+.....+....+........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*......+.....+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.......+...+.......+...+..+...+.........+...+.+............+..+.+.....+.........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
......+.+.....+...+....+..+..................+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+.....+......+.........+.+.....+.......+..+...+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*........+.......+............+...............+...+..+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
Certificate request self-signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-dashboard
12/01/2024 13:48:35 DEBUG: Cleaning certificate files.
12/01/2024 13:48:35 DEBUG: Generating password file.
12/01/2024 13:48:35 DEBUG: Generating random passwords.
12/01/2024 13:48:35 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
12/01/2024 13:48:35 DEBUG: Extracting Wazuh configuration.
12/01/2024 13:48:35 DEBUG: Reading configuration file.
12/01/2024 13:48:35 INFO: --- Wazuh indexer ---
12/01/2024 13:48:35 INFO: Starting Wazuh indexer installation.
Extra Packages for Enterprise Linux 9 - x86_64 912 kB/s | 20 MB 00:22
EL-9 - Wazuh 2.4 MB/s | 24 MB 00:09
Last metadata expiration check: 0:00:15 ago on Fri 12 Jan 2024 01:49:12 PM UTC.
Dependencies resolved.
================================================================================
Package Architecture Version Repository Size
================================================================================
Installing:
wazuh-indexer x86_64 4.8.0-1 wazuh 743 M
Transaction Summary
================================================================================
Install 1 Package
Total download size: 743 M
Installed size: 1.0 G
Downloading Packages:
wazuh-indexer-4.8.0-1.x86_64.rpm 4.1 MB/s | 743 MB 03:02
--------------------------------------------------------------------------------
Total 4.1 MB/s | 743 MB 03:02
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Running scriptlet: wazuh-indexer-4.8.0-1.x86_64 1/1
Installing : wazuh-indexer-4.8.0-1.x86_64 1/1
Running scriptlet: wazuh-indexer-4.8.0-1.x86_64 1/1
Created opensearch keystore in /etc/wazuh-indexer/opensearch.keystore
Couldn't write '64' to 'kernel/random/read_wakeup_threshold', ignoring: No such file or directory
Verifying : wazuh-indexer-4.8.0-1.x86_64 1/1
Installed products updated.
Installed:
wazuh-indexer-4.8.0-1.x86_64
Complete!
12/01/2024 13:53:54 DEBUG: Checking Wazuh installation.
12/01/2024 13:53:56 DEBUG: There are Wazuh indexer remaining files.
12/01/2024 13:53:59 INFO: Wazuh indexer installation finished.
12/01/2024 13:53:59 DEBUG: Configuring Wazuh indexer.
12/01/2024 13:53:59 DEBUG: Copying Wazuh indexer certificates.
12/01/2024 13:53:59 INFO: Wazuh indexer post-install configuration finished.
12/01/2024 13:53:59 INFO: Starting service wazuh-indexer.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service → /usr/lib/systemd/system/wazuh-indexer.service.
12/01/2024 13:54:28 INFO: wazuh-indexer service started.
12/01/2024 13:54:28 INFO: Initializing Wazuh indexer cluster security settings.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.10.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index does not exists, attempt to create it ... done (0-all replicas)
Populate config from /etc/wazuh-indexer/opensearch-security/
Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml
SUCC: Configuration for 'config' created or updated
Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml
SUCC: Configuration for 'roles' created or updated
Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml
SUCC: Configuration for 'rolesmapping' created or updated
Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml
SUCC: Configuration for 'internalusers' created or updated
Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml
SUCC: Configuration for 'actiongroups' created or updated
Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml
SUCC: Configuration for 'tenants' created or updated
Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml
SUCC: Configuration for 'nodesdn' created or updated
Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml
SUCC: Configuration for 'whitelist' created or updated
Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml
SUCC: Configuration for 'audit' created or updated
Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml
SUCC: Configuration for 'allowlist' created or updated
SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null
Done with success
Will create 'wazuh' index template
SUCC: 'wazuh' template created or updated
Will create 'ism_history_indices' index template
SUCC: 'ism_history_indices' template created or updated
Will disable replicas for 'plugins.index_state_management.history' indices
SUCC: cluster's settings saved
Will create index templates to configure the alias
SUCC: 'wazuh-alerts' template created or updated
SUCC: 'wazuh-archives' template created or updated
Will create the 'rollover_policy' policy
SUCC: 'rollover_policy' policy created
Will create initial indices for the aliases
SUCC: 'wazuh-alerts' write index created
SUCC: 'wazuh-archives' write index created
SUCC: Indexer ISM initialization finished successfully.
12/01/2024 13:54:41 INFO: The Wazuh indexer cluster ISM initialized.
12/01/2024 13:54:41 INFO: Wazuh indexer cluster initialized.
12/01/2024 13:54:41 INFO: --- Wazuh server ---
12/01/2024 13:54:41 INFO: Starting the Wazuh manager installation.
Last metadata expiration check: 0:05:30 ago on Fri 12 Jan 2024 01:49:12 PM UTC.
Dependencies resolved.
================================================================================
Package Architecture Version Repository Size
================================================================================
Installing:
wazuh-manager x86_64 4.8.0-1 wazuh 350 M
Transaction Summary
================================================================================
Install 1 Package
Total download size: 350 M
Installed size: 854 M
Downloading Packages:
wazuh-manager-4.8.0-1.x86_64.rpm 3.7 MB/s | 350 MB 01:35
--------------------------------------------------------------------------------
Total 3.7 MB/s | 350 MB 01:35
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Running scriptlet: wazuh-manager-4.8.0-1.x86_64 1/1
Installing : wazuh-manager-4.8.0-1.x86_64 1/1
Running scriptlet: wazuh-manager-4.8.0-1.x86_64 1/1
Invalid syntax
Bad permission list or expression
Bad class-permissions
Problem filling class-permissions list
Bad allow rule at /var/lib/selinux/targeted/tmp/modules/100/fail2ban/cil:148
Failed to build AST
/var/tmp/rpm-tmp.JDTfFe: line 176: 18765 Segmentation fault (core dumped) semodule -e wazuh
Verifying : wazuh-manager-4.8.0-1.x86_64 1/1
Installed products updated.
Installed:
wazuh-manager-4.8.0-1.x86_64
Complete!
12/01/2024 13:57:51 DEBUG: Checking Wazuh installation.
12/01/2024 13:57:52 DEBUG: There are Wazuh remaining files.
12/01/2024 13:57:53 DEBUG: There are Wazuh indexer remaining files.
12/01/2024 13:57:56 INFO: Wazuh manager installation finished.
12/01/2024 13:57:56 INFO: Starting service wazuh-manager.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-manager.service → /usr/lib/systemd/system/wazuh-manager.service.
12/01/2024 13:58:15 INFO: wazuh-manager service started.
12/01/2024 13:58:15 INFO: Starting Filebeat installation.
Installed:
filebeat-7.10.2-1.x86_64
12/01/2024 13:58:32 DEBUG: Checking Wazuh installation.
12/01/2024 13:58:34 DEBUG: There are Wazuh remaining files.
12/01/2024 13:58:35 DEBUG: There are Wazuh indexer remaining files.
12/01/2024 13:58:36 DEBUG: There are Filebeat remaining files.
12/01/2024 13:58:37 INFO: Filebeat installation finished.
12/01/2024 13:58:37 DEBUG: Configuring Filebeat.
12/01/2024 13:58:37 DEBUG: Filebeat template was download successfully.
wazuh/
wazuh/_meta/
wazuh/_meta/docs.asciidoc
wazuh/_meta/config.yml
wazuh/_meta/fields.yml
wazuh/archives/
wazuh/archives/manifest.yml
wazuh/archives/config/
wazuh/archives/config/archives.yml
wazuh/archives/ingest/
wazuh/archives/ingest/pipeline.json
wazuh/module.yml
wazuh/alerts/
wazuh/alerts/manifest.yml
wazuh/alerts/config/
wazuh/alerts/config/alerts.yml
wazuh/alerts/ingest/
wazuh/alerts/ingest/pipeline.json
12/01/2024 13:58:38 DEBUG: Filebeat module was downloaded successfully.
12/01/2024 13:58:38 DEBUG: Copying Filebeat certificates.
Created filebeat keystore
Successfully updated the keystore
Successfully updated the keystore
12/01/2024 13:58:38 INFO: Filebeat post-install configuration finished.
12/01/2024 13:58:38 INFO: Starting service filebeat.
Created symlink /etc/systemd/system/multi-user.target.wants/filebeat.service → /usr/lib/systemd/system/filebeat.service.
12/01/2024 13:58:39 INFO: filebeat service started.
12/01/2024 13:58:39 INFO: --- Wazuh dashboard ---
12/01/2024 13:58:39 INFO: Starting Wazuh dashboard installation.
Last metadata expiration check: 0:09:28 ago on Fri 12 Jan 2024 01:49:12 PM UTC.
Dependencies resolved.
================================================================================
Package Architecture Version Repository Size
================================================================================
Installing:
wazuh-dashboard x86_64 4.8.0-1 wazuh 273 M
Transaction Summary
================================================================================
Install 1 Package
Total download size: 273 M
Installed size: 902 M
Downloading Packages:
wazuh-dashboard-4.8.0-1.x86_64.rpm 3.6 MB/s | 273 MB 01:15
--------------------------------------------------------------------------------
Total 3.6 MB/s | 273 MB 01:15
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Running scriptlet: wazuh-dashboard-4.8.0-1.x86_64 1/1
Installing : wazuh-dashboard-4.8.0-1.x86_64 1/1
Running scriptlet: wazuh-dashboard-4.8.0-1.x86_64 1/1
Verifying : wazuh-dashboard-4.8.0-1.x86_64 1/1
Installed products updated.
Installed:
wazuh-dashboard-4.8.0-1.x86_64
Complete!
12/01/2024 14:02:22 DEBUG: Checking Wazuh installation.
12/01/2024 14:02:23 DEBUG: There are Wazuh remaining files.
12/01/2024 14:02:24 DEBUG: There are Wazuh indexer remaining files.
12/01/2024 14:02:25 DEBUG: There are Filebeat remaining files.
12/01/2024 14:02:26 DEBUG: There are Wazuh dashboard remaining files.
12/01/2024 14:02:26 INFO: Wazuh dashboard installation finished.
12/01/2024 14:02:26 DEBUG: Configuring Wazuh dashboard.
12/01/2024 14:02:26 DEBUG: Copying Wazuh dashboard certificates.
12/01/2024 14:02:26 DEBUG: Wazuh dashboard certificate setup finished.
12/01/2024 14:02:26 INFO: Wazuh dashboard post-install configuration finished.
12/01/2024 14:02:26 INFO: Starting service wazuh-dashboard.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service → /etc/systemd/system/wazuh-dashboard.service.
12/01/2024 14:02:27 INFO: wazuh-dashboard service started.
12/01/2024 14:02:27 DEBUG: Setting Wazuh indexer cluster passwords.
12/01/2024 14:02:27 DEBUG: Checking Wazuh installation.
12/01/2024 14:02:29 DEBUG: There are Wazuh remaining files.
12/01/2024 14:02:30 DEBUG: There are Wazuh indexer remaining files.
12/01/2024 14:02:31 DEBUG: There are Filebeat remaining files.
12/01/2024 14:02:32 DEBUG: There are Wazuh dashboard remaining files.
12/01/2024 14:02:32 INFO: Updating the internal users.
12/01/2024 14:02:32 DEBUG: Creating password backup.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to localhost:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.10.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml
SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml
Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml
SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml
Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml
SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml
Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml
SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml
Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml
SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml
Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml
SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml
Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml
SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml
Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml
SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml
Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml
SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml
Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml
SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml
12/01/2024 14:02:41 DEBUG: Password backup created in /etc/wazuh-indexer/backup.
12/01/2024 14:02:41 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
12/01/2024 14:02:41 DEBUG: The internal users have been updated before changing the passwords.
12/01/2024 14:02:45 DEBUG: Generating password hashes.
12/01/2024 14:02:51 DEBUG: Password hashes generated.
12/01/2024 14:02:51 DEBUG: Creating password backup.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to localhost:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.10.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml
SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml
Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml
SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml
Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml
SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml
Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml
SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml
Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml
SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml
Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml
SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml
Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml
SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml
Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml
SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml
Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml
SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml
Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml
SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml
12/01/2024 14:02:56 DEBUG: Password backup created in /etc/wazuh-indexer/backup.
Successfully updated the keystore
12/01/2024 14:02:57 DEBUG: Restarting filebeat service...
12/01/2024 14:02:58 DEBUG: filebeat started.
12/01/2024 14:02:59 DEBUG: Restarting wazuh-dashboard service...
12/01/2024 14:03:00 DEBUG: wazuh-dashboard started.
12/01/2024 14:03:00 DEBUG: Running security admin tool.
12/01/2024 14:03:00 DEBUG: Loading new passwords changes.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to localhost:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.10.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Populate config from /home/vagrant
Force type: internalusers
Will update '/internalusers' with /etc/wazuh-indexer/backup/internal_users.yml
SUCC: Configuration for 'internalusers' created or updated
SUCC: Expected 1 config types for node {"updated_config_types":["internalusers"],"updated_config_size":1,"message":null} is 1 (["internalusers"]) due to: null
Done with success
12/01/2024 14:03:07 DEBUG: Passwords changed.
12/01/2024 14:03:07 DEBUG: Changing API passwords.
12/01/2024 14:03:15 INFO: Initializing Wazuh dashboard web application.
12/01/2024 14:03:15 INFO: Wazuh dashboard web application not yet initialized. Waiting...
12/01/2024 14:03:31 INFO: Wazuh dashboard web application not yet initialized. Waiting...
12/01/2024 14:03:46 INFO: Wazuh dashboard web application initialized.
12/01/2024 14:03:46 INFO: --- Summary ---
12/01/2024 14:03:46 INFO: You can access the web interface https://<wazuh-dashboard-ip>:443
User: admin
Password: 5*2E5+.9jq3PjxEm*auMNeg5MOxmDGjW
12/01/2024 14:03:46 DEBUG: Restoring Wazuh repository.
12/01/2024 14:03:46 INFO: Installation finished.
[root@redhat9 vagrant]#
AIO in RHEL9 in EC2 - Log[root@ip-172-31-37-152 ec2-user]# bash wazuh-install.sh -a -i -v
12/01/2024 14:12:48 DEBUG: Checking root permissions.
12/01/2024 14:12:48 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0
12/01/2024 14:12:48 INFO: Verbose logging redirected to /var/log/wazuh-install.log
12/01/2024 14:12:48 DEBUG: YUM package manager will be used.
12/01/2024 14:12:48 DEBUG: Checking system distribution.
12/01/2024 14:12:48 DEBUG: Detected distribution name: rhel
12/01/2024 14:12:48 DEBUG: Detected distribution version: 9
12/01/2024 14:12:48 DEBUG: Checking Wazuh installation.
12/01/2024 14:12:53 DEBUG: Installing check dependencies.
12/01/2024 14:12:53 DEBUG: CentOS repository file created.
12/01/2024 14:12:53 DEBUG: CentOS repositories added.
12/01/2024 14:13:04 INFO: --- Dependencies ---
12/01/2024 14:13:04 INFO: Installing lsof.
Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. CentOS Stream 9 - AppStream 48 MB/s | 18 MB 00:00 CentOS Stream 9 - BaseOS 24 MB/s | 7.9 MB 00:00 Last metadata expiration check: 0:00:03 ago on Fri 12 Jan 2024 02:13:14 PM UTC. Dependencies resolved. ================================================================================ Package Architecture Version Repository Size ================================================================================ Installing: lsof x86_64 4.94.0-3.el9 baseos 239 k Installing dependencies: libtirpc x86_64 1.3.3-2.el9 baseos 93 k Transaction Summary ================================================================================ Install 2 Packages Total download size: 332 k Installed size: 826 k Downloading Packages: (1/2): libtirpc-1.3.3-2.el9.x86_64.rpm 752 kB/s | 93 kB 00:00 (2/2): lsof-4.94.0-3.el9.x86_64.rpm 1.7 MB/s | 239 kB 00:00 -------------------------------------------------------------------------------- Total 2.2 MB/s | 332 kB 00:00 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Installing : libtirpc-1.3.3-2.el9.x86_64 1/2 Installing : lsof-4.94.0-3.el9.x86_64 2/2 Running scriptlet: lsof-4.94.0-3.el9.x86_64 2/2 Verifying : libtirpc-1.3.3-2.el9.x86_64 1/2 Verifying : lsof-4.94.0-3.el9.x86_64 2/2 Installed products updated. Installed: libtirpc-1.3.3-2.el9.x86_64 lsof-4.94.0-3.el9.x86_64 Complete!
Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. CentOS Stream 9 - AppStream 48 MB/s | 18 MB 00:00 CentOS Stream 9 - BaseOS 24 MB/s | 7.9 MB 00:00 Last metadata expiration check: 0:00:03 ago on Fri 12 Jan 2024 02:13:14 PM UTC. Dependencies resolved. ================================================================================ Package Architecture Version Repository Size ================================================================================ Installing: lsof x86_64 4.94.0-3.el9 baseos 239 k Installing dependencies: libtirpc x86_64 1.3.3-2.el9 baseos 93 k Transaction Summary ================================================================================ Install 2 Packages Total download size: 332 k Installed size: 826 k Downloading Packages: (1/2): libtirpc-1.3.3-2.el9.x86_64.rpm 752 kB/s | 93 kB 00:00 (2/2): lsof-4.94.0-3.el9.x86_64.rpm 1.7 MB/s | 239 kB 00:00 -------------------------------------------------------------------------------- Total 2.2 MB/s | 332 kB 00:00 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Installing : libtirpc-1.3.3-2.el9.x86_64 1/2 Installing : lsof-4.94.0-3.el9.x86_64 2/2 Running scriptlet: lsof-4.94.0-3.el9.x86_64 2/2 Verifying : libtirpc-1.3.3-2.el9.x86_64 1/2 Verifying : lsof-4.94.0-3.el9.x86_64 2/2 Installed products updated. Installed: libtirpc-1.3.3-2.el9.x86_64 lsof-4.94.0-3.el9.x86_64 Complete!
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered with an entitlement server. You can use subscription-manager to register.
46 files removed
12/01/2024 14:13:24 DEBUG: CentOS repositories and key deleted.
12/01/2024 14:13:24 DEBUG: Checking system architecture.
12/01/2024 14:13:24 WARNING: Hardware and system checks ignored.
12/01/2024 14:13:24 INFO: Wazuh web interface port will be 443.
12/01/2024 14:13:24 DEBUG: Checking ports availability.
12/01/2024 14:13:27 DEBUG: Installing prerequisites dependencies.
12/01/2024 14:13:28 DEBUG: Checking curl tool version.
12/01/2024 14:13:28 DEBUG: Adding the Wazuh repository.
[wazuh]
gpgcheck=1
gpgkey=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
enabled=1
name=EL-${releasever} - Wazuh
baseurl=https://packages-dev.wazuh.com/pre-release/yum/
protect=1
12/01/2024 14:13:28 INFO: Wazuh development repository added.
12/01/2024 14:13:28 INFO: --- Configuration files ---
12/01/2024 14:13:28 INFO: Generating configuration files.
12/01/2024 14:13:28 DEBUG: Creating Wazuh certificates.
12/01/2024 14:13:28 DEBUG: Reading configuration file.
12/01/2024 14:13:28 DEBUG: Creating the root certificate.
....+...+.........+........+...+....+...+...+.....+...+......+.........+....+..+......+....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*....+........+.......+.........+......+.....+...+...+...+....+...........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+......+...+...........+..........+......+......+.........+........+......+.+......+........+.+...........+..........+.....+.........+...+...+..........+...+......+...+......+...............+......+........+......+.+.....+................+..+...+.........+...+.+.....+................+.....+...+......+.......+..+.+..+..........+..+...+...+.+.....+.+............+...+............+......+.................+...+........................+...+...+....+.....+......+.+...+..................+..................+..............+......+.+......+...+............+........................+.....+.+...+..+..........+............+..+...+.+.....+.....................+...+......+......+...+.......+...+...........+......+.+...+...........+.+............+..+............................+...........+.......+...+......+......+..+.......+...+..+....+..+............+...+....+.....+......+.............+..+....+........+.......+.....+......+........................+.........+......+.+..+................+..+.......+...+..+...+...+......+....+.....+.+........+...+....+.....+..........+..........................+....+...+..+..................+..........+.....+.+.....+.......+..+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
.......+.....+...+.+...+...............+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
12/01/2024 14:13:29 DEBUG: Generating Admin certificates.
Certificate request self-signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = admin
12/01/2024 14:13:30 DEBUG: Generating Wazuh indexer certificates.
12/01/2024 14:13:30 DEBUG: Creating the Wazuh indexer certificates.
12/01/2024 14:13:30 DEBUG: Generating certificate configuration.
..+...+....+.....+.+..+...+.............+.....+.........+...+....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*...+....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*...+...+.+.....+...+.............+...+.....+.+.....+.+..+.......+..............+................+.........+..+...+.+......+..+............+.+..+.+...........+.+...+.....+......+.+..+...+.......+..+....+.....+....+......+..............+.+......+...+.....+...+...+..........+......+.....+.+............+..+..........+......+...+..+...+.........+.+.................+....+......+.........+...+..+..........+........+...+...+.+...+........+...+...............+................+...+........+...+..........+..+....+......+........+.........+......+.+.....+...+...+...+..........+..+.........+...+...+.......+..+......+...................+...+...........+..........+.........+.....+...+....+.....+..................+..........+.....+.+.........+...+.................+............+.+...+.........+............+.....+......+..........+..+...+....+...+.....+.......+...+...+...............+..............+....+..+...+......+...+..........+......+.....+.......+..+.+......+...+.....+............................+..+.+.....+.......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
....+.....+..........+.........+........+.......+...........+.+.........+.....+......+.+...+..+...+.+.....+..........+...+..+.........+....+..+.+..+............+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.......+..+.+.........+.........+.....+............+...+......+................+.....+...+....+...+..+.......+...+..+.+.....+.........+....+..+.........+...+......+.+......+..+......................+..............+.+...+..+..........+...+...+...+.....+.........+...+....+...........+..........+..+..........+.................+......+.......+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
Certificate request self-signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-indexer
12/01/2024 14:13:31 DEBUG: Generating Filebeat certificates.
12/01/2024 14:13:31 DEBUG: Creating the Wazuh server certificates.
12/01/2024 14:13:31 DEBUG: Generating certificate configuration.
...+...+..+.+......+.....+................+..+...+.......+..+...+......+.+......+..+.+..+..........+..+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.............+...+...+...+.......+..+.+.........+..+....+..............+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*....+.+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+..+...+.+.....+.........+.+.........+...+.....+.......+..+....+.....+.......+...+..+............+...+...................+...+...+..+.+.....+.......+.........+.....+...+...+..........+...+.....+.......+...+..+......................+...+..+..........+..+.........................+...+..+.............+......+.........+..+....+...........+....+..+...+.+......+..+..........+..+.+..+............+......+...................+.....+.+........+.........+.+..+.......+..+....+..+.......+...+..+...+....+...+......+......+........+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
Certificate request self-signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-server
12/01/2024 14:13:31 DEBUG: Generating Wazuh dashboard certificates.
12/01/2024 14:13:31 DEBUG: Creating the Wazuh dashboard certificates.
12/01/2024 14:13:31 DEBUG: Generating certificate configuration.
.+..............+.......+...+......+.....+......+.+...+...............+..+....+........+.+..+...+....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*............+...........+...+.+...+..+...+.....................+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*......+..+.......+......+..+.........+...+.+...........+.+..............+.+...............+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
.+..+.+.........+..+...+...+...+.+...........+.......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..................+.........+.....+....+..+.........+.......+..+.............+.....+...+.......+.................+...+.........+......+...+....+......+.....+......+...+.+..............+...+....+.....+..........+...+..+...............+....+...............+.....+...............+.+..............+......+...+......+......+.+........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
Certificate request self-signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-dashboard
12/01/2024 14:13:31 DEBUG: Cleaning certificate files.
12/01/2024 14:13:31 DEBUG: Generating password file.
12/01/2024 14:13:31 DEBUG: Generating random passwords.
12/01/2024 14:13:32 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
12/01/2024 14:13:32 DEBUG: Extracting Wazuh configuration.
12/01/2024 14:13:32 DEBUG: Reading configuration file.
12/01/2024 14:13:32 INFO: --- Wazuh indexer ---
12/01/2024 14:13:32 INFO: Starting Wazuh indexer installation.
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered with an entitlement server. You can use subscription-manager to register.
Red Hat Enterprise Linux 9 for x86_64 - AppStre 55 MB/s | 28 MB 00:00
Red Hat Enterprise Linux 9 for x86_64 - BaseOS 44 MB/s | 16 MB 00:00
Red Hat Enterprise Linux 9 Client Configuration 25 kB/s | 3.8 kB 00:00
EL-9 - Wazuh 18 MB/s | 24 MB 00:01
Last metadata expiration check: 0:00:01 ago on Fri 12 Jan 2024 02:13:51 PM UTC.
Dependencies resolved.
================================================================================
Package Architecture Version Repository Size
================================================================================
Installing:
wazuh-indexer x86_64 4.8.0-1 wazuh 743 M
Transaction Summary
================================================================================
Install 1 Package
Total download size: 743 M
Installed size: 1.0 G
Downloading Packages:
wazuh-indexer-4.8.0-1.x86_64.rpm 105 MB/s | 743 MB 00:07
--------------------------------------------------------------------------------
Total 105 MB/s | 743 MB 00:07
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Running scriptlet: wazuh-indexer-4.8.0-1.x86_64 1/1
Installing : wazuh-indexer-4.8.0-1.x86_64 1/1
Running scriptlet: wazuh-indexer-4.8.0-1.x86_64 1/1
Created opensearch keystore in /etc/wazuh-indexer/opensearch.keystore
Verifying : wazuh-indexer-4.8.0-1.x86_64 1/1
Installed products updated.
Installed:
wazuh-indexer-4.8.0-1.x86_64
Complete!
12/01/2024 14:16:00 DEBUG: Checking Wazuh installation.
12/01/2024 14:16:03 DEBUG: There are Wazuh indexer remaining files.
12/01/2024 14:16:05 INFO: Wazuh indexer installation finished.
12/01/2024 14:16:05 DEBUG: Configuring Wazuh indexer.
12/01/2024 14:16:05 DEBUG: Copying Wazuh indexer certificates.
12/01/2024 14:16:05 INFO: Wazuh indexer post-install configuration finished.
12/01/2024 14:16:05 INFO: Starting service wazuh-indexer.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service → /usr/lib/systemd/system/wazuh-indexer.service.
12/01/2024 14:16:32 INFO: wazuh-indexer service started.
12/01/2024 14:16:32 INFO: Initializing Wazuh indexer cluster security settings.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.10.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index does not exists, attempt to create it ... done (0-all replicas)
Populate config from /etc/wazuh-indexer/opensearch-security/
Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml
SUCC: Configuration for 'config' created or updated
Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml
SUCC: Configuration for 'roles' created or updated
Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml
SUCC: Configuration for 'rolesmapping' created or updated
Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml
SUCC: Configuration for 'internalusers' created or updated
Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml
SUCC: Configuration for 'actiongroups' created or updated
Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml
SUCC: Configuration for 'tenants' created or updated
Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml
SUCC: Configuration for 'nodesdn' created or updated
Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml
SUCC: Configuration for 'whitelist' created or updated
Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml
SUCC: Configuration for 'audit' created or updated
Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml
SUCC: Configuration for 'allowlist' created or updated
SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null
Done with success
Will create 'wazuh' index template
SUCC: 'wazuh' template created or updated
Will create 'ism_history_indices' index template
SUCC: 'ism_history_indices' template created or updated
Will disable replicas for 'plugins.index_state_management.history' indices
SUCC: cluster's settings saved
Will create index templates to configure the alias
SUCC: 'wazuh-alerts' template created or updated
SUCC: 'wazuh-archives' template created or updated
Will create the 'rollover_policy' policy
SUCC: 'rollover_policy' policy created
Will create initial indices for the aliases
SUCC: 'wazuh-alerts' write index created
SUCC: 'wazuh-archives' write index created
SUCC: Indexer ISM initialization finished successfully.
12/01/2024 14:16:47 INFO: The Wazuh indexer cluster ISM initialized.
12/01/2024 14:16:47 INFO: Wazuh indexer cluster initialized.
12/01/2024 14:16:47 INFO: --- Wazuh server ---
12/01/2024 14:16:47 INFO: Starting the Wazuh manager installation.
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered with an entitlement server. You can use subscription-manager to register.
Last metadata expiration check: 0:02:57 ago on Fri 12 Jan 2024 02:13:51 PM UTC.
Dependencies resolved.
================================================================================
Package Architecture Version Repository Size
================================================================================
Installing:
wazuh-manager x86_64 4.8.0-1 wazuh 350 M
Transaction Summary
================================================================================
Install 1 Package
Total download size: 350 M
Installed size: 854 M
Downloading Packages:
wazuh-manager-4.8.0-1.x86_64.rpm 137 MB/s | 350 MB 00:02
--------------------------------------------------------------------------------
Total 137 MB/s | 350 MB 00:02
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Running scriptlet: wazuh-manager-4.8.0-1.x86_64 1/1
Installing : wazuh-manager-4.8.0-1.x86_64 1/1
Running scriptlet: wazuh-manager-4.8.0-1.x86_64 1/1
Verifying : wazuh-manager-4.8.0-1.x86_64 1/1
Installed products updated.
Installed:
wazuh-manager-4.8.0-1.x86_64
Complete!
12/01/2024 14:18:59 DEBUG: Checking Wazuh installation.
12/01/2024 14:19:00 DEBUG: There are Wazuh remaining files.
12/01/2024 14:19:02 DEBUG: There are Wazuh indexer remaining files.
12/01/2024 14:19:04 INFO: Wazuh manager installation finished.
12/01/2024 14:19:04 INFO: Starting service wazuh-manager.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-manager.service → /usr/lib/systemd/system/wazuh-manager.service.
12/01/2024 14:19:26 INFO: wazuh-manager service started.
12/01/2024 14:19:26 INFO: Starting Filebeat installation.
Installed:
filebeat-7.10.2-1.x86_64
12/01/2024 14:19:33 DEBUG: Checking Wazuh installation.
12/01/2024 14:19:34 DEBUG: There are Wazuh remaining files.
12/01/2024 14:19:35 DEBUG: There are Wazuh indexer remaining files.
12/01/2024 14:19:36 DEBUG: There are Filebeat remaining files.
12/01/2024 14:19:37 INFO: Filebeat installation finished.
12/01/2024 14:19:37 DEBUG: Configuring Filebeat.
12/01/2024 14:19:38 DEBUG: Filebeat template was download successfully.
wazuh/
wazuh/_meta/
wazuh/_meta/docs.asciidoc
wazuh/_meta/config.yml
wazuh/_meta/fields.yml
wazuh/archives/
wazuh/archives/manifest.yml
wazuh/archives/config/
wazuh/archives/config/archives.yml
wazuh/archives/ingest/
wazuh/archives/ingest/pipeline.json
wazuh/module.yml
wazuh/alerts/
wazuh/alerts/manifest.yml
wazuh/alerts/config/
wazuh/alerts/config/alerts.yml
wazuh/alerts/ingest/
wazuh/alerts/ingest/pipeline.json
12/01/2024 14:19:38 DEBUG: Filebeat module was downloaded successfully.
12/01/2024 14:19:38 DEBUG: Copying Filebeat certificates.
Created filebeat keystore
Successfully updated the keystore
Successfully updated the keystore
12/01/2024 14:19:39 INFO: Filebeat post-install configuration finished.
12/01/2024 14:19:39 INFO: Starting service filebeat.
Synchronizing state of filebeat.service with SysV service script with /usr/lib/systemd/systemd-sysv-install.
Executing: /usr/lib/systemd/systemd-sysv-install enable filebeat
Created symlink /etc/systemd/system/multi-user.target.wants/filebeat.service → /usr/lib/systemd/system/filebeat.service.
12/01/2024 14:19:40 INFO: filebeat service started.
12/01/2024 14:19:40 INFO: --- Wazuh dashboard ---
12/01/2024 14:19:40 INFO: Starting Wazuh dashboard installation.
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered with an entitlement server. You can use subscription-manager to register.
Last metadata expiration check: 0:05:50 ago on Fri 12 Jan 2024 02:13:51 PM UTC.
Dependencies resolved.
================================================================================
Package Architecture Version Repository Size
================================================================================
Installing:
wazuh-dashboard x86_64 4.8.0-1 wazuh 273 M
Transaction Summary
================================================================================
Install 1 Package
Total download size: 273 M
Installed size: 902 M
Downloading Packages:
wazuh-dashboard-4.8.0-1.x86_64.rpm 63 MB/s | 273 MB 00:04
--------------------------------------------------------------------------------
Total 62 MB/s | 273 MB 00:04
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Running scriptlet: wazuh-dashboard-4.8.0-1.x86_64 1/1
Installing : wazuh-dashboard-4.8.0-1.x86_64 1/1
Running scriptlet: wazuh-dashboard-4.8.0-1.x86_64 1/1
Verifying : wazuh-dashboard-4.8.0-1.x86_64 1/1
Installed products updated.
Installed:
wazuh-dashboard-4.8.0-1.x86_64
Complete!
12/01/2024 14:22:36 DEBUG: Checking Wazuh installation.
12/01/2024 14:22:38 DEBUG: There are Wazuh remaining files.
12/01/2024 14:22:39 DEBUG: There are Wazuh indexer remaining files.
12/01/2024 14:22:41 DEBUG: There are Filebeat remaining files.
12/01/2024 14:22:42 DEBUG: There are Wazuh dashboard remaining files.
12/01/2024 14:22:42 INFO: Wazuh dashboard installation finished.
12/01/2024 14:22:42 DEBUG: Configuring Wazuh dashboard.
12/01/2024 14:22:42 DEBUG: Copying Wazuh dashboard certificates.
12/01/2024 14:22:42 DEBUG: Wazuh dashboard certificate setup finished.
12/01/2024 14:22:42 INFO: Wazuh dashboard post-install configuration finished.
12/01/2024 14:22:42 INFO: Starting service wazuh-dashboard.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service → /etc/systemd/system/wazuh-dashboard.service.
12/01/2024 14:22:43 INFO: wazuh-dashboard service started.
12/01/2024 14:22:43 DEBUG: Setting Wazuh indexer cluster passwords.
12/01/2024 14:22:43 DEBUG: Checking Wazuh installation.
12/01/2024 14:22:44 DEBUG: There are Wazuh remaining files.
12/01/2024 14:22:45 DEBUG: There are Wazuh indexer remaining files.
12/01/2024 14:22:47 DEBUG: There are Filebeat remaining files.
12/01/2024 14:22:48 DEBUG: There are Wazuh dashboard remaining files.
12/01/2024 14:22:48 INFO: Updating the internal users.
12/01/2024 14:22:48 DEBUG: Creating password backup.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to localhost:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.10.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml
SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml
Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml
SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml
Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml
SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml
Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml
SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml
Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml
SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml
Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml
SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml
Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml
SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml
Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml
SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml
Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml
SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml
Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml
SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml
12/01/2024 14:22:58 DEBUG: Password backup created in /etc/wazuh-indexer/backup.
12/01/2024 14:22:58 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
12/01/2024 14:22:58 DEBUG: The internal users have been updated before changing the passwords.
12/01/2024 14:23:00 DEBUG: Generating password hashes.
12/01/2024 14:23:09 DEBUG: Password hashes generated.
12/01/2024 14:23:09 DEBUG: Creating password backup.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to localhost:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.10.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml
SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml
Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml
SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml
Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml
SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml
Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml
SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml
Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml
SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml
Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml
SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml
Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml
SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml
Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml
SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml
Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml
SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml
Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml
SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml
12/01/2024 14:23:15 DEBUG: Password backup created in /etc/wazuh-indexer/backup.
Successfully updated the keystore
12/01/2024 14:23:16 DEBUG: Restarting filebeat service...
12/01/2024 14:23:16 DEBUG: filebeat started.
12/01/2024 14:23:18 DEBUG: Restarting wazuh-dashboard service...
12/01/2024 14:23:19 DEBUG: wazuh-dashboard started.
12/01/2024 14:23:19 DEBUG: Running security admin tool.
12/01/2024 14:23:19 DEBUG: Loading new passwords changes.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to localhost:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.10.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Populate config from /home/ec2-user
Force type: internalusers
Will update '/internalusers' with /etc/wazuh-indexer/backup/internal_users.yml
SUCC: Configuration for 'internalusers' created or updated
SUCC: Expected 1 config types for node {"updated_config_types":["internalusers"],"updated_config_size":1,"message":null} is 1 (["internalusers"]) due to: null
Done with success
12/01/2024 14:23:25 DEBUG: Passwords changed.
12/01/2024 14:23:25 DEBUG: Changing API passwords.
12/01/2024 14:23:33 INFO: Initializing Wazuh dashboard web application.
12/01/2024 14:23:33 INFO: Wazuh dashboard web application not yet initialized. Waiting...
12/01/2024 14:23:50 INFO: Wazuh dashboard web application not yet initialized. Waiting...
12/01/2024 14:24:05 INFO: Wazuh dashboard web application initialized.
12/01/2024 14:24:05 INFO: --- Summary ---
12/01/2024 14:24:05 INFO: You can access the web interface https://<wazuh-dashboard-ip>:443
User: admin
Password: jYQ1C8SKHYm.bwFT+ffikO?5JT2AONQz
12/01/2024 14:24:05 INFO: --- Dependencies ---
12/01/2024 14:24:05 INFO: Removing lsof.
Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. Dependencies resolved. ================================================================================ Package Architecture Version Repository Size ================================================================================ Removing: lsof x86_64 4.94.0-3.el9 @baseos 624 k Removing unused dependencies: libtirpc x86_64 1.3.3-2.el9 @baseos 202 k Transaction Summary ================================================================================ Remove 2 Packages Freed space: 826 k Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Erasing : lsof-4.94.0-3.el9.x86_64 1/2 Erasing : libtirpc-1.3.3-2.el9.x86_64 2/2 Running scriptlet: libtirpc-1.3.3-2.el9.x86_64 2/2 Verifying : libtirpc-1.3.3-2.el9.x86_64 1/2 Verifying : lsof-4.94.0-3.el9.x86_64 2/2 Installed products updated. Removed: libtirpc-1.3.3-2.el9.x86_64 lsof-4.94.0-3.el9.x86_64 Complete!
12/01/2024 14:24:10 DEBUG: Restoring Wazuh repository.
12/01/2024 14:24:10 INFO: Installation finished.
[root@ip-172-31-37-152 ec2-user]#
It would be necessary to specify more information about the tool used to deploy the Wazuh installation. Maybe the firewall is related to this, so please, disable the firewall before performing the installation. |
|
I am doing E2E UX tests - File Integrity monitoring for release 4.8.0 - Alpha 2 and I am using Vagrant as environment. For both rhel8 and rhel9 I have used the same configuration.
I have tried again the installation in Rhel9 by deactivating firewalld but it still hangs with: In both cases I used the same installation method with: UpdateFull log of /var/log/wazuh-install.log 17/01/2024 13:38:18 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0
17/01/2024 13:38:18 INFO: Verbose logging redirected to /var/log/wazuh-install.log
0 files removed
17/01/2024 13:38:24 INFO: Verifying that your system meets the recommended minimum hardware requirements.
17/01/2024 13:38:24 INFO: Wazuh web interface port will be 443.
17/01/2024 13:38:25 WARNING: The system has Firewalld enabled. Please ensure that traffic is allowed on these ports: 1515, 1514, 443.
[wazuh]
gpgcheck=1
gpgkey=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
enabled=1
name=EL-${releasever} - Wazuh
baseurl=https://packages-dev.wazuh.com/pre-release/yum/
protect=1
17/01/2024 13:38:26 INFO: Wazuh development repository added.
17/01/2024 13:38:26 INFO: --- Configuration files ---
17/01/2024 13:38:26 INFO: Generating configuration files.
...+..+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+..+.......+..+.+..+.............+........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.............+...+..+...+......+.+..+..........+..+....+.....+.+...+.....+......+......+.+.................+.+.................+....+.....+....+.........+..+.+..+.......+...+........+....+.........+.....+.......+........+.+........+...+.........+.........+......+.+........+.........+..........+......+.........+...........+....+..+.+.........+........+......+............+...+......+....+.........+......+.........+.....+......+................+...+.....+.+.....+.+.........+......+.....+.+..+..........+......+..+..........+...+..............+..........+............+...+...+..+......+.......+....................+.............+...........+...+.+......+...........+....+...+......+..+.........+...+.+......+......+........+......+.+...............+............+..+...+............+.........+.......+...+..+...+......+.+........+......+......+....+......+.........+...+...........+......+...............+...+.+.....+.......+..+...+.......+.....+.+...........+....+.....+......+..........+......+.....+.......+...+..+.......+.........+..+............+.+..+....+.....+.+..+.+......+.....+...+.+..+...+....+.....+...+....+...+...............+...............+......+.....+.......+...+..+...+....+..+.........+.......+..+.......+.....+.........+.+.....+.............+............+.....+....+.....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
.+.....................+............+.....+....+...+..+.............+..+..........+.....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+..+...+......+..........+........+.......+......+.........+.....+.........+.........+.+.....+.+...+..+...+......+.+...+..+..................+.+..............+.+......+..............+....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*...+.....+......+.+...........+....+...+..+.+..+.....................+.......+..+...+....+.....+....+.........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
Certificate request self-signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = admin
..+..+..........+.........+.....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*............+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+.............+..+...+....+..+...+............+................+..+...+...+....+..+.+...+.................+....+...+...+.....+...+.......+...+.....+......+.+..+.+...............+..+.......+.....+......+....+..+.........+.+......+........+....+.....+......+.+.........+..+.......+.....+.+...............+..+....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
.........+..+...+.+...........+....+..+.......+...+.....+...+.+......+........+.........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.........+.....+.+.........+......+..+...+.......+.........+..............+......+.+..+.+.....+...............+.....................+.+..+.+..+.......+........+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.............+...........+....+..+.+...+......+...+.....+.+..............+...+.........+...+................+.....+.+..............+............+...+....+.....+...+..................+.+.........+..+.........+.+........+.........+.......+...+..+.+..+...+............................+...........+.........+....+.....+.+......+...+...+........+.+...............+.....+.+.....+...+.+...+..................+..+...+.......+..................+..+...+...+.+......+..+.............+..+..........+.....+......+.......+...+..+..........+.....+....+.........+...............+.....+.+...+...........+.+.....+....+.....+....+...............+........+.............+..+.......+......+..+....+...+...........+.........+......+...............+.+...+........+....+.....+.........+..........+...........+...+......+.........+......+......+..........+........+.......+.....+......+.........+....+.....+......+.+...+......+...+..+...+.......+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
Certificate request self-signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-indexer
....+..+.......+.....+.........+.+...+...............+......+.....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*...........+.....+...+....+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.............................+.......+......+.....+.......+...+..+.+...........................+..+...+...+.+.....+.+..+.......+...........+...+.+...+.....+..........+..+......+...+....+..+..................+.+.....+.+......+..............+.+...+.....+.+.....+.........+......+.+........+............+...+.......+...+..+....+.....+......+............+...+..................+.+.....+.+.....+...+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
.........+.+.....+...+....+...........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*....+.+..+.+..............+...+....+...+..................+...+...........+.+........+....+...+..+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*........+..+.........+...+................+..+.......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
Certificate request self-signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-server
.+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*....+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+.+.........+..............+.........+............+.........+..........+..+.........+.+.....+....+.....................+..+.......+...+..+.............+...............+..+....+.....+.........+.+.....+.+.....+.+........+..........+.........+...............+............+......+............+.....+.............+..............+.+..+...+.............+.........+.....+................+.....+.+...........+.........+...+.+......+.....+.+...+...........+...+...+...+.......+..............+.+..+...+.......+.....+.......+...+........+.........+...............+...+..........+..+.............+...+...+............+...+..+.......+..+......+..................+.......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
....+..+.+..+....+...+........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*......+...+.......+...+...+.....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..................+........+.+......+...............+.....+.......+..+..................+.+..+...+.......+..+......+................+..............+.+......+.....+...+....+...+.....+...+....+.....+.+.........+..+...+................+...........+...+............+....+......+...+...+..+......+.+..............+.......+...+..+.............+.................+.........+...+.............+...+......+...+..+.+..............+......+..........+.........+...+..+...+.+.........+...+.....+...+.+......+.................+......+....+..+.+..+......+.......+...+...........+......+.......+..+...+.+.........+........+...+.+.....+....+...........+....+.....+............+...+....+...+............+..+.+.................+.+......+......+..+......+.......+.........+.....+....+.....+.........+......+.+.....+..................+...+....+.....+....+.....+.........+...+...+......+.+.........+..........................+...+.+...+..+.+........+....+...+.........+...+.....+..........+...+..+.......+.....+..........+.........+..+....+......+....................+.......+..+...+...+.......+..+......+.......+...............+.....+.+......+......+............+..+...+...+...+......+....+...............+...........+...+.......+...+...+.....+...+....+.....+.+......+........+......+.+.....+.+............+...+.....+...+......+...+...+....+..............+....+.....+.+..+...+................+........+............+.+.........+......+...+................................+....+...........+........................+...+.............+.....+.......+..+.........+...................+..+......+....+...............+...+..+.+..............+...+...+..........+.........+...+..+.........+.........+...+.......+.....+.......+...............+...+...+...+............+........+.........+...+....+......+...+...........+..........+.........+......+......+..+...+...+....+..+.+..+...............+.+......+.....+...+...+.......+......+.....+............+..................+....+...+...+...........+.+...............+..+.......+...+...........+.+.....+.........+.......+.........+...+........+...+..........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
Certificate request self-signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-dashboard
17/01/2024 13:38:28 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
17/01/2024 13:38:28 INFO: --- Wazuh indexer ---
17/01/2024 13:38:28 INFO: Starting Wazuh indexer installation.
Extra Packages for Enterprise Linux 9 - x86_64 4.5 MB/s | 20 MB 00:04
Extra Packages for Enterprise Linux 9 openh264 1.9 kB/s | 2.5 kB 00:01
EL-9 - Wazuh 9.6 MB/s | 24 MB 00:02
Dependencies resolved.
================================================================================
Package Architecture Version Repository Size
================================================================================
Installing:
wazuh-indexer x86_64 4.8.0-1 wazuh 743 M
Transaction Summary
================================================================================
Install 1 Package
Total download size: 743 M
Installed size: 1.0 G
Downloading Packages:
wazuh-indexer-4.8.0-1.x86_64.rpm 54 MB/s | 743 MB 00:13
--------------------------------------------------------------------------------
Total 54 MB/s | 743 MB 00:13
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Running scriptlet: wazuh-indexer-4.8.0-1.x86_64 1/1
Installing : wazuh-indexer-4.8.0-1.x86_64 1/1
Running scriptlet: wazuh-indexer-4.8.0-1.x86_64 1/1
Created opensearch keystore in /etc/wazuh-indexer/opensearch.keystore
Couldn't write '64' to 'kernel/random/read_wakeup_threshold', ignoring: No such file or directory
Verifying : wazuh-indexer-4.8.0-1.x86_64 1/1
Installed products updated.
Installed:
wazuh-indexer-4.8.0-1.x86_64
Complete!
17/01/2024 13:39:49 INFO: Wazuh indexer installation finished.
17/01/2024 13:39:49 INFO: Wazuh indexer post-install configuration finished.
17/01/2024 13:39:49 INFO: Starting service wazuh-indexer.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service → /usr/lib/systemd/system/wazuh-indexer.service. |
2 tasks
|
I was able to replicate the error on my machine using vagrant, the problem is that the Wazuh indexer service does not start and it remains in process and for this reason the WIA does not advance: ---
17/01/2024 18:15:10 DEBUG: Checking Wazuh installation.
17/01/2024 18:15:10 DEBUG: There are Wazuh indexer remaining files.
17/01/2024 18:15:11 INFO: Wazuh indexer installation finished.
17/01/2024 18:15:11 DEBUG: Configuring Wazuh indexer.
17/01/2024 18:15:11 DEBUG: Copying Wazuh indexer certificates.
17/01/2024 18:15:11 INFO: Wazuh indexer post-install configuration finished.
17/01/2024 18:15:11 INFO: Starting service wazuh-indexer.
+ echo 'entro por el if de systemd'
entro por el if de systemd
+ eval 'systemctl daemon-reload 2>&1 | tee -a /var/log/wazuh-install.log'
++ systemctl daemon-reload
++ tee -a /var/log/wazuh-install.log
+ eval 'systemctl enable wazuh-indexer.service 2>&1 | tee -a /var/log/wazuh-install.log'
++ systemctl enable wazuh-indexer.service
++ tee -a /var/log/wazuh-install.log
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service → /usr/lib/systemd/system/wazuh-indexer.service.
+ eval 'systemctl start wazuh-indexer.service 2>&1 | tee -a /var/log/wazuh-install.log'
++ systemctl start wazuh-indexer.service
++ tee -a /var/log/wazuh-install.log
^C+++ installCommon_cleanExit
+++ rollback_conf=
+++ '[' -n '' ']'
+++ [[ '' =~ ^[N|Y|n|y]$ ]]
+++ echo -ne '\nDo you want to remove the ongoing installation?[Y/N]'
Do you want to remove the ongoing installation?[Y/N]+++ read -r rollback_confReviewing the status of the service, it looks like this: [root@rhel-9 ~]# systemctl status wazuh-indexer
● wazuh-indexer.service - Wazuh-indexer
Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: disabled)
Active: activating (start) since Wed 2024-01-17 19:06:27 UTC; 23s ago
Docs: https://documentation.wazuh.com
Main PID: 13213 (java)
Tasks: 36 (limit: 36152)
Memory: 3.1G
CPU: 24.484s
CGroup: /system.slice/wazuh-indexer.service
└─13213 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true -Dfile.encoding=UTF->
Jan 17 19:06:36 rhel-9 systemd-entrypoint[13213]: at io.netty.channel.AbstractChannel.bind(AbstractChannel.java:260)
Jan 17 19:06:36 rhel-9 systemd-entrypoint[13213]: at io.netty.bootstrap.AbstractBootstrap$2.run(AbstractBootstrap.java:356)
Jan 17 19:06:36 rhel-9 systemd-entrypoint[13213]: at io.netty.util.concurrent.AbstractEventExecutor.runTask(AbstractEventExecutor.java:174)
Jan 17 19:06:36 rhel-9 systemd-entrypoint[13213]: at io.netty.util.concurrent.AbstractEventExecutor.safeExecute(AbstractEventExecutor.java:167)
Jan 17 19:06:36 rhel-9 systemd-entrypoint[13213]: at io.netty.util.concurrent.SingleThreadEventExecutor.runAllTasks(SingleThreadEventExecutor.java:470)
Jan 17 19:06:36 rhel-9 systemd-entrypoint[13213]: at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:569)
Jan 17 19:06:36 rhel-9 systemd-entrypoint[13213]: at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:997)
Jan 17 19:06:36 rhel-9 systemd-entrypoint[13213]: at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
Jan 17 19:06:36 rhel-9 systemd-entrypoint[13213]: at java.base/java.lang.Thread.run(Thread.java:833)
Jan 17 19:06:36 rhel-9 systemd-entrypoint[13213]: For complete error details, refer to the log at /var/log/wazuh-indexer/wazuh-cluster.log
This error can be found in the wazuh-cluster.log org.opensearch.transport.BindTransportException: Failed to bind to [::1]:[9300-9400]cat /etc/wazuh-indexer/opensearch.yml
network.host: "localhost"
node.name: "node-1"
cluster.initial_master_nodes:
- "node-1"
cluster.name: "wazuh-cluster"
node.max_local_storage_nodes: "3"
path.data: /var/lib/wazuh-indexer
path.logs: /var/log/wazuh-indexer
plugins.security.ssl.http.pemcert_filepath: /etc/wazuh-indexer/certs/wazuh-indexer.pem
plugins.security.ssl.http.pemkey_filepath: /etc/wazuh-indexer/certs/wazuh-indexer-key.pem
plugins.security.ssl.http.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem
plugins.security.ssl.transport.pemcert_filepath: /etc/wazuh-indexer/certs/wazuh-indexer.pem
plugins.security.ssl.transport.pemkey_filepath: /etc/wazuh-indexer/certs/wazuh-indexer-key.pem
plugins.security.ssl.transport.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem
plugins.security.ssl.http.enabled: true
plugins.security.ssl.transport.enforce_hostname_verification: false
plugins.security.ssl.transport.resolve_hostname: false
plugins.security.ssl.http.enabled_ciphers:
- "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"
- "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"
- "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"
- "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"
plugins.security.ssl.http.enabled_protocols:
- "TLSv1.2"
plugins.security.authcz.admin_dn:
- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
plugins.security.check_snapshot_restore_write_privileges: true
plugins.security.enable_snapshot_restore_privilege: true
plugins.security.nodes_dn:
- "CN=indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
plugins.security.restapi.roles_enabled:
- "all_access"
- "security_rest_api_access"
plugins.security.system_indices.enabled: true
plugins.security.system_indices.indices: [".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]
### Option to allow Filebeat-oss 7.10.2 to work ###
compatibility.override_main_response_version: true |
|
After new test with the same VM, the installation progressed correctly, I am going to replicate the tests to verify if the error appears again: [vagrant@rhel-9 ~]$ sudo bash wazuh-install.sh -a
18/01/2024 12:08:56 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0
18/01/2024 12:08:56 INFO: Verbose logging redirected to /var/log/wazuh-install.log
18/01/2024 12:09:03 INFO: Verifying that your system meets the recommended minimum hardware requirements.
18/01/2024 12:09:03 INFO: Wazuh web interface port will be 443.
18/01/2024 12:09:04 WARNING: The system has Firewalld enabled. Please ensure that traffic is allowed on these ports: 1515, 1514, 443.
18/01/2024 12:09:06 INFO: Wazuh development repository added.
18/01/2024 12:09:06 INFO: --- Configuration files ---
18/01/2024 12:09:06 INFO: Generating configuration files.
18/01/2024 12:09:08 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
18/01/2024 12:09:08 INFO: --- Wazuh indexer ---
18/01/2024 12:09:08 INFO: Starting Wazuh indexer installation.
18/01/2024 12:11:43 INFO: Wazuh indexer installation finished.
18/01/2024 12:11:43 INFO: Wazuh indexer post-install configuration finished.
18/01/2024 12:11:43 INFO: Starting service wazuh-indexer.
+ echo 'entro por el if de systemd'
entro por el if de systemd
+ eval 'systemctl daemon-reload >> /var/log/wazuh-install.log 2>&1'
++ systemctl daemon-reload
+ eval 'systemctl enable wazuh-indexer.service >> /var/log/wazuh-install.log 2>&1'
++ systemctl enable wazuh-indexer.service
+ eval 'cat /etc/wazuh-indexer/opensearch.yml'
++ cat /etc/wazuh-indexer/opensearch.yml
network.host: "localhost"
node.name: "node-1"
cluster.initial_master_nodes:
- "node-1"
cluster.name: "wazuh-cluster"
node.max_local_storage_nodes: "3"
path.data: /var/lib/wazuh-indexer
path.logs: /var/log/wazuh-indexer
plugins.security.ssl.http.pemcert_filepath: /etc/wazuh-indexer/certs/wazuh-indexer.pem
plugins.security.ssl.http.pemkey_filepath: /etc/wazuh-indexer/certs/wazuh-indexer-key.pem
plugins.security.ssl.http.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem
plugins.security.ssl.transport.pemcert_filepath: /etc/wazuh-indexer/certs/wazuh-indexer.pem
plugins.security.ssl.transport.pemkey_filepath: /etc/wazuh-indexer/certs/wazuh-indexer-key.pem
plugins.security.ssl.transport.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem
plugins.security.ssl.http.enabled: true
plugins.security.ssl.transport.enforce_hostname_verification: false
plugins.security.ssl.transport.resolve_hostname: false
plugins.security.ssl.http.enabled_ciphers:
- "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"
- "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"
- "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"
- "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"
plugins.security.ssl.http.enabled_protocols:
- "TLSv1.2"
plugins.security.authcz.admin_dn:
- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
plugins.security.check_snapshot_restore_write_privileges: true
plugins.security.enable_snapshot_restore_privilege: true
plugins.security.nodes_dn:
- "CN=indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
plugins.security.restapi.roles_enabled:
- "all_access"
- "security_rest_api_access"
plugins.security.system_indices.enabled: true
plugins.security.system_indices.indices: [".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]
### Option to allow Filebeat-oss 7.10.2 to work ###
compatibility.override_main_response_version: true
+ eval 'systemctl start wazuh-indexer.service >> /var/log/wazuh-install.log 2>&1'
++ systemctl start wazuh-indexer.service
+ echo 'este es el pipestatus: 0'
este es el pipestatus: 0
+ '[' 0 '!=' 0 ']'
+ common_logger 'wazuh-indexer service started.'
++ date '+%d/%m/%Y %H:%M:%S'
+ now='18/01/2024 12:11:54'
+ mtype=INFO:
+ debugLogger=
+ nolog=
+ '[' -n 'wazuh-indexer service started.' ']'
+ '[' -n 'wazuh-indexer service started.' ']'
+ case ${1} in
+ message='wazuh-indexer service started.'
+ shift 1
+ '[' -n '' ']'
+ '[' -z '' ']'
+ '[' 0 -eq 0 ']'
+ '[' -z '' ']'
+ printf '%s\n' '18/01/2024 12:11:54 INFO: wazuh-indexer service started.'
+ tee -a /var/log/wazuh-install.log
18/01/2024 12:11:54 INFO: wazuh-indexer service started.
+ set +x
18/01/2024 12:11:54 INFO: Initializing Wazuh indexer cluster security settings.
18/01/2024 12:12:06 INFO: The Wazuh indexer cluster ISM initialized.
18/01/2024 12:12:06 INFO: Wazuh indexer cluster initialized.
18/01/2024 12:12:06 INFO: --- Wazuh server ---
18/01/2024 12:12:06 INFO: Starting the Wazuh manager installation.
18/01/2024 12:13:51 INFO: Wazuh manager installation finished.
18/01/2024 12:13:51 INFO: Starting service wazuh-manager.
+ echo 'entro por el if de systemd'
entro por el if de systemd
+ eval 'systemctl daemon-reload >> /var/log/wazuh-install.log 2>&1'
++ systemctl daemon-reload
+ eval 'systemctl enable wazuh-manager.service >> /var/log/wazuh-install.log 2>&1'
++ systemctl enable wazuh-manager.service
+ eval 'cat /etc/wazuh-indexer/opensearch.yml'
++ cat /etc/wazuh-indexer/opensearch.yml
network.host: "localhost"
node.name: "node-1"
cluster.initial_master_nodes:
- "node-1"
cluster.name: "wazuh-cluster"
node.max_local_storage_nodes: "3"
path.data: /var/lib/wazuh-indexer
path.logs: /var/log/wazuh-indexer
plugins.security.ssl.http.pemcert_filepath: /etc/wazuh-indexer/certs/wazuh-indexer.pem
plugins.security.ssl.http.pemkey_filepath: /etc/wazuh-indexer/certs/wazuh-indexer-key.pem
plugins.security.ssl.http.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem
plugins.security.ssl.transport.pemcert_filepath: /etc/wazuh-indexer/certs/wazuh-indexer.pem
plugins.security.ssl.transport.pemkey_filepath: /etc/wazuh-indexer/certs/wazuh-indexer-key.pem
plugins.security.ssl.transport.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem
plugins.security.ssl.http.enabled: true
plugins.security.ssl.transport.enforce_hostname_verification: false
plugins.security.ssl.transport.resolve_hostname: false
plugins.security.ssl.http.enabled_ciphers:
- "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"
- "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"
- "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"
- "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"
plugins.security.ssl.http.enabled_protocols:
- "TLSv1.2"
plugins.security.authcz.admin_dn:
- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
plugins.security.check_snapshot_restore_write_privileges: true
plugins.security.enable_snapshot_restore_privilege: true
plugins.security.nodes_dn:
- "CN=indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
plugins.security.restapi.roles_enabled:
- "all_access"
- "security_rest_api_access"
plugins.security.system_indices.enabled: true
plugins.security.system_indices.indices: [".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]
### Option to allow Filebeat-oss 7.10.2 to work ###
compatibility.override_main_response_version: true
+ eval 'systemctl start wazuh-manager.service >> /var/log/wazuh-install.log 2>&1'
++ systemctl start wazuh-manager.service
+ echo 'este es el pipestatus: 0'
este es el pipestatus: 0
+ '[' 0 '!=' 0 ']'
+ common_logger 'wazuh-manager service started.'
++ date '+%d/%m/%Y %H:%M:%S'
+ now='18/01/2024 12:13:59'
+ mtype=INFO:
+ debugLogger=
+ nolog=
+ '[' -n 'wazuh-manager service started.' ']'
+ '[' -n 'wazuh-manager service started.' ']'
+ case ${1} in
+ message='wazuh-manager service started.'
+ shift 1
+ '[' -n '' ']'
+ '[' -z '' ']'
+ '[' 0 -eq 0 ']'
+ '[' -z '' ']'
+ printf '%s\n' '18/01/2024 12:13:59 INFO: wazuh-manager service started.'
+ tee -a /var/log/wazuh-install.log
18/01/2024 12:13:59 INFO: wazuh-manager service started.
+ set +x
18/01/2024 12:13:59 INFO: Starting Filebeat installation.
18/01/2024 12:14:10 INFO: Filebeat installation finished.
18/01/2024 12:14:12 INFO: Filebeat post-install configuration finished.
18/01/2024 12:14:12 INFO: Starting service filebeat.
+ echo 'entro por el if de systemd'
entro por el if de systemd
+ eval 'systemctl daemon-reload >> /var/log/wazuh-install.log 2>&1'
++ systemctl daemon-reload
+ eval 'systemctl enable filebeat.service >> /var/log/wazuh-install.log 2>&1'
++ systemctl enable filebeat.service
+ eval 'cat /etc/wazuh-indexer/opensearch.yml'
++ cat /etc/wazuh-indexer/opensearch.yml
network.host: "localhost"
node.name: "node-1"
cluster.initial_master_nodes:
- "node-1"
cluster.name: "wazuh-cluster"
node.max_local_storage_nodes: "3"
path.data: /var/lib/wazuh-indexer
path.logs: /var/log/wazuh-indexer
plugins.security.ssl.http.pemcert_filepath: /etc/wazuh-indexer/certs/wazuh-indexer.pem
plugins.security.ssl.http.pemkey_filepath: /etc/wazuh-indexer/certs/wazuh-indexer-key.pem
plugins.security.ssl.http.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem
plugins.security.ssl.transport.pemcert_filepath: /etc/wazuh-indexer/certs/wazuh-indexer.pem
plugins.security.ssl.transport.pemkey_filepath: /etc/wazuh-indexer/certs/wazuh-indexer-key.pem
plugins.security.ssl.transport.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem
plugins.security.ssl.http.enabled: true
plugins.security.ssl.transport.enforce_hostname_verification: false
plugins.security.ssl.transport.resolve_hostname: false
plugins.security.ssl.http.enabled_ciphers:
- "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"
- "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"
- "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"
- "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"
plugins.security.ssl.http.enabled_protocols:
- "TLSv1.2"
plugins.security.authcz.admin_dn:
- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
plugins.security.check_snapshot_restore_write_privileges: true
plugins.security.enable_snapshot_restore_privilege: true
plugins.security.nodes_dn:
- "CN=indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
plugins.security.restapi.roles_enabled:
- "all_access"
- "security_rest_api_access"
plugins.security.system_indices.enabled: true
plugins.security.system_indices.indices: [".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]
### Option to allow Filebeat-oss 7.10.2 to work ###
compatibility.override_main_response_version: true
+ eval 'systemctl start filebeat.service >> /var/log/wazuh-install.log 2>&1'
++ systemctl start filebeat.service
+ echo 'este es el pipestatus: 0'
este es el pipestatus: 0
+ '[' 0 '!=' 0 ']'
+ common_logger 'filebeat service started.'
++ date '+%d/%m/%Y %H:%M:%S'
+ now='18/01/2024 12:14:12'
+ mtype=INFO:
+ debugLogger=
+ nolog=
+ '[' -n 'filebeat service started.' ']'
+ '[' -n 'filebeat service started.' ']'
+ case ${1} in
+ message='filebeat service started.'
+ shift 1
+ '[' -n '' ']'
+ '[' -z '' ']'
+ '[' 0 -eq 0 ']'
+ '[' -z '' ']'
+ printf '%s\n' '18/01/2024 12:14:12 INFO: filebeat service started.'
+ tee -a /var/log/wazuh-install.log
18/01/2024 12:14:12 INFO: filebeat service started.
+ set +x
18/01/2024 12:14:12 INFO: --- Wazuh dashboard ---
18/01/2024 12:14:12 INFO: Starting Wazuh dashboard installation.
18/01/2024 12:15:41 INFO: Wazuh dashboard installation finished.
18/01/2024 12:15:41 INFO: Wazuh dashboard post-install configuration finished.
18/01/2024 12:15:41 INFO: Starting service wazuh-dashboard.
+ echo 'entro por el if de systemd'
entro por el if de systemd
+ eval 'systemctl daemon-reload >> /var/log/wazuh-install.log 2>&1'
++ systemctl daemon-reload
+ eval 'systemctl enable wazuh-dashboard.service >> /var/log/wazuh-install.log 2>&1'
++ systemctl enable wazuh-dashboard.service
+ eval 'cat /etc/wazuh-indexer/opensearch.yml'
++ cat /etc/wazuh-indexer/opensearch.yml
network.host: "localhost"
node.name: "node-1"
cluster.initial_master_nodes:
- "node-1"
cluster.name: "wazuh-cluster"
node.max_local_storage_nodes: "3"
path.data: /var/lib/wazuh-indexer
path.logs: /var/log/wazuh-indexer
plugins.security.ssl.http.pemcert_filepath: /etc/wazuh-indexer/certs/wazuh-indexer.pem
plugins.security.ssl.http.pemkey_filepath: /etc/wazuh-indexer/certs/wazuh-indexer-key.pem
plugins.security.ssl.http.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem
plugins.security.ssl.transport.pemcert_filepath: /etc/wazuh-indexer/certs/wazuh-indexer.pem
plugins.security.ssl.transport.pemkey_filepath: /etc/wazuh-indexer/certs/wazuh-indexer-key.pem
plugins.security.ssl.transport.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem
plugins.security.ssl.http.enabled: true
plugins.security.ssl.transport.enforce_hostname_verification: false
plugins.security.ssl.transport.resolve_hostname: false
plugins.security.ssl.http.enabled_ciphers:
- "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"
- "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"
- "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"
- "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"
plugins.security.ssl.http.enabled_protocols:
- "TLSv1.2"
plugins.security.authcz.admin_dn:
- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
plugins.security.check_snapshot_restore_write_privileges: true
plugins.security.enable_snapshot_restore_privilege: true
plugins.security.nodes_dn:
- "CN=indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
plugins.security.restapi.roles_enabled:
- "all_access"
- "security_rest_api_access"
plugins.security.system_indices.enabled: true
plugins.security.system_indices.indices: [".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]
### Option to allow Filebeat-oss 7.10.2 to work ###
compatibility.override_main_response_version: true
+ eval 'systemctl start wazuh-dashboard.service >> /var/log/wazuh-install.log 2>&1'
++ systemctl start wazuh-dashboard.service
+ echo 'este es el pipestatus: 0'
este es el pipestatus: 0
+ '[' 0 '!=' 0 ']'
+ common_logger 'wazuh-dashboard service started.'
++ date '+%d/%m/%Y %H:%M:%S'
+ now='18/01/2024 12:15:41'
+ mtype=INFO:
+ debugLogger=
+ nolog=
+ '[' -n 'wazuh-dashboard service started.' ']'
+ '[' -n 'wazuh-dashboard service started.' ']'
+ case ${1} in
+ message='wazuh-dashboard service started.'
+ shift 1
+ '[' -n '' ']'
+ '[' -z '' ']'
+ '[' 0 -eq 0 ']'
+ '[' -z '' ']'
+ printf '%s\n' '18/01/2024 12:15:41 INFO: wazuh-dashboard service started.'
+ tee -a /var/log/wazuh-install.log
18/01/2024 12:15:41 INFO: wazuh-dashboard service started.
+ set +x
18/01/2024 12:15:43 INFO: Updating the internal users.
18/01/2024 12:15:46 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
18/01/2024 12:16:02 INFO: Initializing Wazuh dashboard web application.
18/01/2024 12:16:03 INFO: Wazuh dashboard web application initialized.
18/01/2024 12:16:03 INFO: --- Summary ---
18/01/2024 12:16:03 INFO: You can access the web interface https://<wazuh-dashboard-ip>:443
User: admin
Password: ED6Ka+1Z*ggL.wxDVAJKOitGRVlPg?Ym
18/01/2024 12:16:03 INFO: Installation finished.[vagrant@rhel-9 ~]$ cat /etc/*release
NAME="Red Hat Enterprise Linux"
VERSION="9.0 (Plow)"
ID="rhel"
ID_LIKE="fedora"
VERSION_ID="9.0"
PLATFORM_ID="platform:el9"
PRETTY_NAME="Red Hat Enterprise Linux 9.0 (Plow)"
ANSI_COLOR="0;31"
LOGO="fedora-logo-icon"
CPE_NAME="cpe:/o:redhat:enterprise_linux:9::baseos"
HOME_URL="https://www.redhat.com/"
DOCUMENTATION_URL="https://access.redhat.com/documentation/red_hat_enterprise_linux/9/"
BUG_REPORT_URL="https://bugzilla.redhat.com/"
REDHAT_BUGZILLA_PRODUCT="Red Hat Enterprise Linux 9"
REDHAT_BUGZILLA_PRODUCT_VERSION=9.0
REDHAT_SUPPORT_PRODUCT="Red Hat Enterprise Linux"
REDHAT_SUPPORT_PRODUCT_VERSION="9.0"
Red Hat Enterprise Linux release 9.0 (Plow)
Red Hat Enterprise Linux release 9.0 (Plow)
|
Update reportin a new test, I started with a new fresh VM from the same box, On the first try, the installation got stuck, but after a reboot, the installation finished successfully without any change: cbordon@cbordon-MS-7C88:~/Documents/wazuh/vagrant/rhel/9$ vagrant destroy -f && vagrant up && vagrant ssh
==> default: Forcing shutdown of VM...
==> default: Destroying VM and associated drives...
Bringing machine 'default' up with 'virtualbox' provider...
==> default: Importing base box 'generic/rhel9'...
==> default: Matching MAC address for NAT networking...
==> default: Checking if box 'generic/rhel9' version '4.0.2' is up to date...
==> default: Setting the name of the VM: rhel-9
==> default: Clearing any previously set network interfaces...
==> default: Preparing network interfaces based on configuration...
default: Adapter 1: nat
default: Adapter 2: hostonly
==> default: Forwarding ports...
default: 22 (guest) => 2222 (host) (adapter 1)
==> default: Running 'pre-boot' VM customizations...
==> default: Booting VM...
==> default: Waiting for machine to boot. This may take a few minutes...
default: SSH address: 127.0.0.1:2222
default: SSH username: vagrant
default: SSH auth method: private key
default:
default: Vagrant insecure key detected. Vagrant will automatically replace
default: this with a newly generated keypair for better security.
default:
default: Inserting generated public key within guest...
default: Removing insecure key from the guest if it's present...
default: Key inserted! Disconnecting and reconnecting using new SSH key...
==> default: Machine booted and ready!
==> default: Checking for guest additions in VM...
default: The guest additions on this VM do not match the installed version of
default: VirtualBox! In most cases this is fine, but in rare cases it can
default: prevent things such as shared folders from working properly. If you see
default: shared folder errors, please make sure the guest additions within the
default: virtual machine match the version of VirtualBox you have installed on
default: your host and reload your VM.
default:
default: Guest Additions Version: 6.1.30
default: VirtualBox Version: 7.0
==> default: Setting hostname...
==> default: Configuring and enabling network interfaces...
[vagrant@rhel-9 ~]$ curl -sO https://packages-dev.wazuh.com/4.8/wazuh-install.sh && sudo bash ./wazuh-install.sh -a
18/01/2024 12:23:24 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0
18/01/2024 12:23:24 INFO: Verbose logging redirected to /var/log/wazuh-install.log
18/01/2024 12:23:32 INFO: Verifying that your system meets the recommended minimum hardware requirements.
18/01/2024 12:23:32 INFO: Wazuh web interface port will be 443.
18/01/2024 12:23:33 WARNING: The system has Firewalld enabled. Please ensure that traffic is allowed on these ports: 1515, 1514, 443.
18/01/2024 12:23:35 INFO: Wazuh development repository added.
18/01/2024 12:23:35 INFO: --- Configuration files ---
18/01/2024 12:23:35 INFO: Generating configuration files.
18/01/2024 12:23:37 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
18/01/2024 12:23:37 INFO: --- Wazuh indexer ---
18/01/2024 12:23:37 INFO: Starting Wazuh indexer installation.
18/01/2024 12:26:07 INFO: Wazuh indexer installation finished.
18/01/2024 12:26:07 INFO: Wazuh indexer post-install configuration finished.
18/01/2024 12:26:07 INFO: Starting service wazuh-indexer.
^C
Do you want to remove the ongoing installation?[Y/N]Y
18/01/2024 12:29:22 INFO: --- Removing existing Wazuh installation ---
18/01/2024 12:29:22 INFO: Removing Wazuh indexer.
18/01/2024 12:29:23 INFO: Wazuh indexer removed.
18/01/2024 12:29:24 INFO: Installation cleaned.
[vagrant@rhel-9 ~]$ sudo poweroff
Connection to 127.0.0.1 closed by remote host.
cbordon@cbordon-MS-7C88:~/Documents/wazuh/vagrant/rhel/9$ vagrant up && vagrant ssh
Bringing machine 'default' up with 'virtualbox' provider...
==> default: Checking if box 'generic/rhel9' version '4.0.2' is up to date...
==> default: Clearing any previously set forwarded ports...
==> default: Clearing any previously set network interfaces...
==> default: Preparing network interfaces based on configuration...
default: Adapter 1: nat
default: Adapter 2: hostonly
==> default: Forwarding ports...
default: 22 (guest) => 2222 (host) (adapter 1)
==> default: Running 'pre-boot' VM customizations...
==> default: Booting VM...
==> default: Waiting for machine to boot. This may take a few minutes...
default: SSH address: 127.0.0.1:2222
default: SSH username: vagrant
default: SSH auth method: private key
==> default: Machine booted and ready!
==> default: Checking for guest additions in VM...
default: The guest additions on this VM do not match the installed version of
default: VirtualBox! In most cases this is fine, but in rare cases it can
default: prevent things such as shared folders from working properly. If you see
default: shared folder errors, please make sure the guest additions within the
default: virtual machine match the version of VirtualBox you have installed on
default: your host and reload your VM.
default:
default: Guest Additions Version: 6.1.30
default: VirtualBox Version: 7.0
==> default: Setting hostname...
==> default: Configuring and enabling network interfaces...
==> default: Machine already provisioned. Run `vagrant provision` or use the `--provision`
==> default: flag to force provisioning. Provisioners marked to run always will still run.
Last login: Thu Jan 18 12:26:17 2024 from 10.0.2.2
[vagrant@rhel-9 ~]$ sudo bash ./wazuh-install.sh -a
18/01/2024 12:30:21 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0
18/01/2024 12:30:21 INFO: Verbose logging redirected to /var/log/wazuh-install.log
18/01/2024 12:30:29 INFO: Verifying that your system meets the recommended minimum hardware requirements.
18/01/2024 12:30:29 INFO: Wazuh web interface port will be 443.
18/01/2024 12:30:30 WARNING: The system has Firewalld enabled. Please ensure that traffic is allowed on these ports: 1515, 1514, 443.
18/01/2024 12:30:32 INFO: Wazuh development repository added.
18/01/2024 12:30:32 INFO: --- Configuration files ---
18/01/2024 12:30:32 INFO: Generating configuration files.
18/01/2024 12:30:34 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
18/01/2024 12:30:34 INFO: --- Wazuh indexer ---
18/01/2024 12:30:34 INFO: Starting Wazuh indexer installation.
18/01/2024 12:33:03 INFO: Wazuh indexer installation finished.
18/01/2024 12:33:03 INFO: Wazuh indexer post-install configuration finished.
18/01/2024 12:33:03 INFO: Starting service wazuh-indexer.
18/01/2024 12:33:13 INFO: wazuh-indexer service started.
18/01/2024 12:33:13 INFO: Initializing Wazuh indexer cluster security settings.
18/01/2024 12:33:25 INFO: The Wazuh indexer cluster ISM initialized.
18/01/2024 12:33:25 INFO: Wazuh indexer cluster initialized.
18/01/2024 12:33:25 INFO: --- Wazuh server ---
18/01/2024 12:33:25 INFO: Starting the Wazuh manager installation.
18/01/2024 12:35:05 INFO: Wazuh manager installation finished.
18/01/2024 12:35:05 INFO: Starting service wazuh-manager.
18/01/2024 12:35:15 INFO: wazuh-manager service started.
18/01/2024 12:35:15 INFO: Starting Filebeat installation.
18/01/2024 12:35:24 INFO: Filebeat installation finished.
18/01/2024 12:35:26 INFO: Filebeat post-install configuration finished.
18/01/2024 12:35:26 INFO: Starting service filebeat.
18/01/2024 12:35:26 INFO: filebeat service started.
18/01/2024 12:35:26 INFO: --- Wazuh dashboard ---
18/01/2024 12:35:26 INFO: Starting Wazuh dashboard installation.
18/01/2024 12:36:58 INFO: Wazuh dashboard installation finished.
18/01/2024 12:36:58 INFO: Wazuh dashboard post-install configuration finished.
18/01/2024 12:36:58 INFO: Starting service wazuh-dashboard.
18/01/2024 12:36:58 INFO: wazuh-dashboard service started.
18/01/2024 12:37:01 INFO: Updating the internal users.
18/01/2024 12:37:04 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
18/01/2024 12:37:22 INFO: Initializing Wazuh dashboard web application.
18/01/2024 12:37:23 INFO: Wazuh dashboard web application initialized.
18/01/2024 12:37:23 INFO: --- Summary ---
18/01/2024 12:37:23 INFO: You can access the web interface https://<wazuh-dashboard-ip>:443
User: admin
Password: LX23xavcsLI0tdgRcL?0wZ6?Qxs?F1pc
18/01/2024 12:37:23 INFO: Installation finished. |
New testIn a new VM, restart the VM without doing anything, and after the restart perform the installation without problems cbordon@cbordon-MS-7C88:~/Documents/wazuh/vagrant/rhel/9$ vagrant destroy -f && vagrant up && vagrant ssh
==> default: Forcing shutdown of VM...
==> default: Destroying VM and associated drives...
Bringing machine 'default' up with 'virtualbox' provider...
==> default: Importing base box 'generic/rhel9'...
==> default: Matching MAC address for NAT networking...
==> default: Checking if box 'generic/rhel9' version '4.0.2' is up to date...
==> default: A newer version of the box 'generic/rhel9' for provider 'virtualbox' is
==> default: available! You currently have version '4.0.2'. The latest is version
==> default: '4.3.12'. Run `vagrant box update` to update.
==> default: Setting the name of the VM: rhel-9
==> default: Clearing any previously set network interfaces...
==> default: Preparing network interfaces based on configuration...
default: Adapter 1: nat
default: Adapter 2: hostonly
==> default: Forwarding ports...
default: 22 (guest) => 2222 (host) (adapter 1)
==> default: Running 'pre-boot' VM customizations...
==> default: Booting VM...
==> default: Waiting for machine to boot. This may take a few minutes...
default: SSH address: 127.0.0.1:2222
default: SSH username: vagrant
default: SSH auth method: private key
default:
default: Vagrant insecure key detected. Vagrant will automatically replace
default: this with a newly generated keypair for better security.
default:
default: Inserting generated public key within guest...
default: Removing insecure key from the guest if it's present...
default: Key inserted! Disconnecting and reconnecting using new SSH key...
==> default: Machine booted and ready!
==> default: Checking for guest additions in VM...
default: The guest additions on this VM do not match the installed version of
default: VirtualBox! In most cases this is fine, but in rare cases it can
default: prevent things such as shared folders from working properly. If you see
default: shared folder errors, please make sure the guest additions within the
default: virtual machine match the version of VirtualBox you have installed on
default: your host and reload your VM.
default:
default: Guest Additions Version: 6.1.30
default: VirtualBox Version: 7.0
==> default: Setting hostname...
==> default: Configuring and enabling network interfaces...
[vagrant@rhel-9 ~]$ sudo poweroff
Connection to 127.0.0.1 closed by remote host.
cbordon@cbordon-MS-7C88:~/Documents/wazuh/vagrant/rhel/9$ vagrant up && vagrant ssh
Bringing machine 'default' up with 'virtualbox' provider...
==> default: Checking if box 'generic/rhel9' version '4.0.2' is up to date...
==> default: Clearing any previously set forwarded ports...
==> default: Clearing any previously set network interfaces...
==> default: Preparing network interfaces based on configuration...
default: Adapter 1: nat
default: Adapter 2: hostonly
==> default: Forwarding ports...
default: 22 (guest) => 2222 (host) (adapter 1)
==> default: Running 'pre-boot' VM customizations...
==> default: Booting VM...
==> default: Waiting for machine to boot. This may take a few minutes...
default: SSH address: 127.0.0.1:2222
default: SSH username: vagrant
default: SSH auth method: private key
==> default: Machine booted and ready!
==> default: Checking for guest additions in VM...
default: The guest additions on this VM do not match the installed version of
default: VirtualBox! In most cases this is fine, but in rare cases it can
default: prevent things such as shared folders from working properly. If you see
default: shared folder errors, please make sure the guest additions within the
default: virtual machine match the version of VirtualBox you have installed on
default: your host and reload your VM.
default:
default: Guest Additions Version: 6.1.30
default: VirtualBox Version: 7.0
==> default: Setting hostname...
==> default: Configuring and enabling network interfaces...
==> default: Machine already provisioned. Run `vagrant provision` or use the `--provision`
==> default: flag to force provisioning. Provisioners marked to run always will still run.
Last login: Thu Jan 18 12:43:56 2024 from 10.0.2.2
[vagrant@rhel-9 ~]$ curl -sO https://packages-dev.wazuh.com/4.8/wazuh-install.sh && sudo bash ./wazuh-install.sh -a
18/01/2024 12:45:56 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0
18/01/2024 12:45:56 INFO: Verbose logging redirected to /var/log/wazuh-install.log
18/01/2024 12:46:04 INFO: Verifying that your system meets the recommended minimum hardware requirements.
18/01/2024 12:46:04 INFO: Wazuh web interface port will be 443.
18/01/2024 12:46:05 WARNING: The system has Firewalld enabled. Please ensure that traffic is allowed on these ports: 1515, 1514, 443.
18/01/2024 12:46:07 INFO: Wazuh development repository added.
18/01/2024 12:46:07 INFO: --- Configuration files ---
18/01/2024 12:46:07 INFO: Generating configuration files.
18/01/2024 12:46:08 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
18/01/2024 12:46:08 INFO: --- Wazuh indexer ---
18/01/2024 12:46:08 INFO: Starting Wazuh indexer installation.
18/01/2024 12:48:46 INFO: Wazuh indexer installation finished.
18/01/2024 12:48:46 INFO: Wazuh indexer post-install configuration finished.
18/01/2024 12:48:46 INFO: Starting service wazuh-indexer.
18/01/2024 12:48:56 INFO: wazuh-indexer service started.
18/01/2024 12:48:56 INFO: Initializing Wazuh indexer cluster security settings.
18/01/2024 12:49:09 INFO: The Wazuh indexer cluster ISM initialized.
18/01/2024 12:49:09 INFO: Wazuh indexer cluster initialized.
18/01/2024 12:49:09 INFO: --- Wazuh server ---
18/01/2024 12:49:09 INFO: Starting the Wazuh manager installation.
18/01/2024 12:50:59 INFO: Wazuh manager installation finished.
18/01/2024 12:50:59 INFO: Starting service wazuh-manager.
18/01/2024 12:51:10 INFO: wazuh-manager service started.
18/01/2024 12:51:10 INFO: Starting Filebeat installation.
18/01/2024 12:51:18 INFO: Filebeat installation finished.
18/01/2024 12:51:20 INFO: Filebeat post-install configuration finished.
18/01/2024 12:51:20 INFO: Starting service filebeat.
18/01/2024 12:51:20 INFO: filebeat service started.
18/01/2024 12:51:20 INFO: --- Wazuh dashboard ---
18/01/2024 12:51:20 INFO: Starting Wazuh dashboard installation.
18/01/2024 12:52:54 INFO: Wazuh dashboard installation finished.
18/01/2024 12:52:54 INFO: Wazuh dashboard post-install configuration finished.
18/01/2024 12:52:54 INFO: Starting service wazuh-dashboard.
18/01/2024 12:52:54 INFO: wazuh-dashboard service started.
18/01/2024 12:52:56 INFO: Updating the internal users.
18/01/2024 12:52:58 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
18/01/2024 12:53:15 INFO: Initializing Wazuh dashboard web application.
18/01/2024 12:53:16 INFO: Wazuh dashboard web application initialized.
18/01/2024 12:53:16 INFO: --- Summary ---
18/01/2024 12:53:16 INFO: You can access the web interface https://<wazuh-dashboard-ip>:443
User: admin
Password: tT7CbCCHfPbi1.akxJPVD1zLzgCd*alU
18/01/2024 12:53:16 INFO: Installation finished. |
AMIWith the AWS quickstart AMI this error does not occur: cbordon@cbordon-MS-7C88:~/Downloads$ ssh -i cbordon-1.pem -p 2200 ec2-user@184.73.62.250
The authenticity of host '[184.73.62.250]:2200 ([184.73.62.250]:2200)' can't be established.
ED25519 key fingerprint is SHA256:Yfm+tBB5f2HNpLtDz48Y+I11JruXg9qvq5o50RIkzSY.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '[184.73.62.250]:2200' (ED25519) to the list of known hosts.
Register this system with Red Hat Insights: insights-client --register
Create an account or view all your systems at https://red.ht/insights-dashboard
[ec2-user@ip-172-31-47-163 ~]$ curl -sO https://packages-dev.wazuh.com/4.8/wazuh-install.sh && sudo bash ./wazuh-install.sh -a
18/01/2024 13:04:29 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0
18/01/2024 13:04:29 INFO: Verbose logging redirected to /var/log/wazuh-install.log
18/01/2024 13:04:41 INFO: --- Dependencies ---
18/01/2024 13:04:41 INFO: Installing lsof.
18/01/2024 13:05:00 INFO: Verifying that your system meets the recommended minimum hardware requirements.
18/01/2024 13:05:00 ERROR: Your system does not meet the recommended minimum hardware requirements of 4Gb of RAM and 2 CPU cores. If you want to proceed with the installation use the -i option to ignore these requirements.
[ec2-user@ip-172-31-47-163 ~]$ curl -sO https://packages-dev.wazuh.com/4.8/wazuh-install.sh && sudo bash ./wazuh-install.sh -a -i
18/01/2024 13:05:29 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0
18/01/2024 13:05:29 INFO: Verbose logging redirected to /var/log/wazuh-install.log
18/01/2024 13:05:41 WARNING: Hardware and system checks ignored.
18/01/2024 13:05:41 INFO: Wazuh web interface port will be 443.
18/01/2024 13:05:45 INFO: Wazuh development repository added.
18/01/2024 13:05:45 INFO: --- Configuration files ---
18/01/2024 13:05:45 INFO: Generating configuration files.
18/01/2024 13:05:48 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
18/01/2024 13:05:49 INFO: --- Wazuh indexer ---
18/01/2024 13:05:49 INFO: Starting Wazuh indexer installation.
18/01/2024 13:08:24 INFO: Wazuh indexer installation finished.
18/01/2024 13:08:24 INFO: Wazuh indexer post-install configuration finished.
18/01/2024 13:08:24 INFO: Starting service wazuh-indexer.
18/01/2024 13:08:48 INFO: wazuh-indexer service started.
18/01/2024 13:08:48 INFO: Initializing Wazuh indexer cluster security settings.
18/01/2024 13:09:03 INFO: The Wazuh indexer cluster ISM initialized.
18/01/2024 13:09:03 INFO: Wazuh indexer cluster initialized.
18/01/2024 13:09:03 INFO: --- Wazuh server ---
18/01/2024 13:09:03 INFO: Starting the Wazuh manager installation.
18/01/2024 13:12:58 INFO: Wazuh manager installation finished.
18/01/2024 13:12:58 INFO: Starting service wazuh-manager.
18/01/2024 13:13:18 INFO: wazuh-manager service started.
18/01/2024 13:13:18 INFO: Starting Filebeat installation.
18/01/2024 13:13:30 INFO: Filebeat installation finished.
18/01/2024 13:13:30 INFO: Filebeat post-install configuration finished.
18/01/2024 13:13:30 INFO: Starting service filebeat.
18/01/2024 13:13:31 INFO: filebeat service started.
18/01/2024 13:13:31 INFO: --- Wazuh dashboard ---
18/01/2024 13:13:31 INFO: Starting Wazuh dashboard installation.
18/01/2024 13:13:52 ERROR: Wazuh dashboard installation failed.
18/01/2024 13:13:52 INFO: --- Removing existing Wazuh installation ---
18/01/2024 13:13:52 INFO: Removing Wazuh manager.
18/01/2024 13:14:18 INFO: Wazuh manager removed.
18/01/2024 13:14:18 INFO: Removing Wazuh indexer.
18/01/2024 13:14:21 INFO: Wazuh indexer removed.
18/01/2024 13:14:21 INFO: Removing Filebeat.
18/01/2024 13:14:23 INFO: Filebeat removed.
18/01/2024 13:14:24 INFO: Installation cleaned. Check the /var/log/wazuh-install.log file to learn more about the issue. |
Test with 4.7.2With 4.7.2 this error does not appear, possibly it may be with the version of OpenSearch since the point at which the installation process gets stuck is cbordon@cbordon-MS-7C88:~/Documents/wazuh/vagrant/rhel/9$ vagrant destroy -f && vagrant up && vagrant ssh
==> default: Forcing shutdown of VM...
==> default: Destroying VM and associated drives...
Bringing machine 'default' up with 'virtualbox' provider...
==> default: Importing base box 'generic/rhel9'...
==> default: Matching MAC address for NAT networking...
==> default: Checking if box 'generic/rhel9' version '4.0.2' is up to date...
==> default: Setting the name of the VM: rhel-9
==> default: Clearing any previously set network interfaces...
==> default: Preparing network interfaces based on configuration...
default: Adapter 1: nat
default: Adapter 2: hostonly
==> default: Forwarding ports...
default: 22 (guest) => 2222 (host) (adapter 1)
==> default: Running 'pre-boot' VM customizations...
==> default: Booting VM...
==> default: Waiting for machine to boot. This may take a few minutes...
default: SSH address: 127.0.0.1:2222
default: SSH username: vagrant
default: SSH auth method: private key
default:
default: Vagrant insecure key detected. Vagrant will automatically replace
default: this with a newly generated keypair for better security.
default:
default: Inserting generated public key within guest...
default: Removing insecure key from the guest if it's present...
default: Key inserted! Disconnecting and reconnecting using new SSH key...
==> default: Machine booted and ready!
==> default: Checking for guest additions in VM...
default: The guest additions on this VM do not match the installed version of
default: VirtualBox! In most cases this is fine, but in rare cases it can
default: prevent things such as shared folders from working properly. If you see
default: shared folder errors, please make sure the guest additions within the
default: virtual machine match the version of VirtualBox you have installed on
default: your host and reload your VM.
default:
default: Guest Additions Version: 6.1.30
default: VirtualBox Version: 7.0
==> default: Setting hostname...
==> default: Configuring and enabling network interfaces...
[vagrant@rhel-9 ~]$ curl -sO https://packages-dev.wazuh.com/4.7/wazuh-install.sh && sudo bash ./wazuh-install.sh -a
18/01/2024 13:10:39 INFO: Starting Wazuh installation assistant. Wazuh version: 4.7.2
18/01/2024 13:10:39 INFO: Verbose logging redirected to /var/log/wazuh-install.log
18/01/2024 13:10:47 INFO: Wazuh web interface port will be 443.
18/01/2024 13:10:48 WARNING: The system has Firewalld enabled. Please ensure that traffic is allowed on these ports: 1515, 1514, 443.
18/01/2024 13:10:50 INFO: Wazuh development repository added.
18/01/2024 13:10:50 INFO: --- Configuration files ---
18/01/2024 13:10:50 INFO: Generating configuration files.
18/01/2024 13:10:52 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
18/01/2024 13:10:52 INFO: --- Wazuh indexer ---
18/01/2024 13:10:52 INFO: Starting Wazuh indexer installation.
18/01/2024 13:13:18 INFO: Wazuh indexer installation finished.
18/01/2024 13:13:18 INFO: Wazuh indexer post-install configuration finished.
18/01/2024 13:13:18 INFO: Starting service wazuh-indexer.
18/01/2024 13:13:28 INFO: wazuh-indexer service started.
18/01/2024 13:13:28 INFO: Initializing Wazuh indexer cluster security settings.
18/01/2024 13:13:39 INFO: Wazuh indexer cluster initialized.
18/01/2024 13:13:39 INFO: --- Wazuh server ---
18/01/2024 13:13:39 INFO: Starting the Wazuh manager installation.
18/01/2024 13:14:33 INFO: Wazuh manager installation finished.
18/01/2024 13:14:33 INFO: Starting service wazuh-manager.
18/01/2024 13:14:40 INFO: wazuh-manager service started.
18/01/2024 13:14:40 INFO: Starting Filebeat installation.
18/01/2024 13:14:48 INFO: Filebeat installation finished.
18/01/2024 13:14:48 ERROR: Error downloading wazuh-template.json file.
18/01/2024 13:14:48 INFO: --- Removing existing Wazuh installation ---
18/01/2024 13:14:48 INFO: Removing Wazuh manager.
18/01/2024 13:15:01 INFO: Wazuh manager removed.
18/01/2024 13:15:01 INFO: Removing Wazuh indexer.
18/01/2024 13:15:03 INFO: Wazuh indexer removed.
18/01/2024 13:15:03 INFO: Removing Filebeat.
18/01/2024 13:15:04 INFO: Filebeat removed.
18/01/2024 13:15:04 INFO: Installation cleaned. Check the /var/log/wazuh-install.log file to learn more about the issue. |
New test with
|
Additional testsTests
Findings
|
|
@davidcr01, we have to revert this change:
|
Update ReportThe changes of https://github.com/wazuh/wazuh-packages/pull/2422/files were reverted. TestingCertificates generation - basic configurationConfiguration file config.yml[root@redhat9 vagrant]# cat config.yml
nodes:
# Wazuh indexer nodes
indexer:
- name: node-1
ip: ip-10-0-2-193.us-west-1.compute.internal
- name: node-2
ip: www.google.com
- name: node-3
ip: 192.168.56.254
# Wazuh server nodes
# If there is more than one Wazuh server
# node, each one must have a node_type
server:
- name: wazuh-1
ip: ip-10-0-2-193.us-west-1.compute.internal
node_type: master
- name: wazuh-2
ip: info.wazuh.com
node_type: worker
- name: wazuh-3
ip: 10.10.25.250
node_type: worker
# Wazuh dashboard nodes
dashboard:
- name: dashboard
ip: testing.info.com🟢 The certificates generation worked successfully Certificates generation[root@redhat9 vagrant]# bash wazuh-certs-tool.sh -A
24/01/2024 13:01:32 INFO: Admin certificates created.
24/01/2024 13:01:32 INFO: Wazuh indexer certificates created.
24/01/2024 13:01:33 INFO: Wazuh server certificates created.
24/01/2024 13:01:34 INFO: Wazuh dashboard certificates created.
[root@redhat9 vagrant]# ls -la wazuh-certificates/
total 80
drwxr--r--. 2 root root 4096 Jan 24 13:01 .
drwx------. 4 vagrant vagrant 4096 Jan 24 13:01 ..
-rwxr--r--. 1 root root 1704 Jan 24 13:01 admin-key.pem
-rwxr--r--. 1 root root 1119 Jan 24 13:01 admin.pem
-rwxr--r--. 1 root root 1704 Jan 24 13:01 dashboard-key.pem
-rwxr--r--. 1 root root 1298 Jan 24 13:01 dashboard.pem
-rwxr--r--. 1 root root 1704 Jan 24 13:01 node-1-key.pem
-rwxr--r--. 1 root root 1326 Jan 24 13:01 node-1.pem
-rwxr--r--. 1 root root 1704 Jan 24 13:01 node-2-key.pem
-rwxr--r--. 1 root root 1289 Jan 24 13:01 node-2.pem
-rwxr--r--. 1 root root 1704 Jan 24 13:01 node-3-key.pem
-rwxr--r--. 1 root root 1277 Jan 24 13:01 node-3.pem
-rwxr--r--. 1 root root 1704 Jan 24 13:01 root-ca.key
-rwxr--r--. 1 root root 1204 Jan 24 13:01 root-ca.pem
-rwxr--r--. 1 root root 1704 Jan 24 13:01 wazuh-1-key.pem
-rwxr--r--. 1 root root 1330 Jan 24 13:01 wazuh-1.pem
-rwxr--r--. 1 root root 1704 Jan 24 13:01 wazuh-2-key.pem
-rwxr--r--. 1 root root 1289 Jan 24 13:01 wazuh-2.pem
-rwxr--r--. 1 root root 1704 Jan 24 13:01 wazuh-3-key.pem
-rwxr--r--. 1 root root 1277 Jan 24 13:01 wazuh-3.pem
[root@redhat9 vagrant]# openssl x509 -in wazuh-certificates/dashboard.pem -noout -text | grep DNS
DNS:testing.info.com
[root@redhat9 vagrant]# openssl x509 -in wazuh-certificates/node-1.pem -noout -text | grep DNS
DNS:ip-10-0-2-193.us-west-1.compute.internal
[root@redhat9 vagrant]# openssl x509 -in wazuh-certificates/node-2.pem -noout -text | grep DNS
DNS:www.google.com
[root@redhat9 vagrant]# openssl x509 -in wazuh-certificates/node-3.pem -noout -text | grep IP
IP Address:192.168.56.254
[root@redhat9 vagrant]# openssl x509 -in wazuh-certificates/wazuh-1.pem -noout -text | grep DNS
DNS:ip-10-0-2-193.us-west-1.compute.internal
[root@redhat9 vagrant]# openssl x509 -in wazuh-certificates/wazuh-2.pem -noout -text | grep DNS
DNS:info.wazuh.com
[root@redhat9 vagrant]# openssl x509 -in wazuh-certificates/wazuh-3.pem -noout -text | grep IP
IP Address:10.10.25.250
Certificates generation - multiple IPs and DNSConfiguration file config.yml[root@redhat9 vagrant]# cat config.yml
nodes:
# Wazuh indexer nodes
#indexer:
# - name: node-1
# ip: ip-10-0-2-193.us-west-1.compute.internal
# - name: node-2
# ip: www.google.com
# - name: node-3
# ip: 192.168.56.254
# Wazuh server nodes
# If there is more than one Wazuh server
# node, each one must have a node_type
server:
- name: wazuh-1
ip: ip-10-0-2-193.us-west-1.compute.internal
ip: 192.168.56.250
node_type: master
- name: wazuh-2
ip: info.wazuh.com
ip: 192.168.56.251
ip: 10.10.0.250
node_type: worker
- name: wazuh-3
ip: 10.10.25.250
node_type: worker
# Wazuh dashboard nodes
#dashboard:
# - name: dashboard
# ip: testing.info.com🟢 The certificates generation worked successfully Certificates generation[root@redhat9 vagrant]# bash wazuh-certs-tool.sh -ca
24/01/2024 13:08:22 INFO: Authority certificates created.
[root@redhat9 vagrant]# ls wazuh-certificates/
root-ca.key root-ca.pem
[root@redhat9 vagrant]# mv wazuh-certificates/ wazuh-CA
[root@redhat9 vagrant]# bash wazuh-certs-tool.sh -ws wazuh-CA/root-ca.key wazuh-CA/root-ca.pem
24/01/2024 13:09:52 INFO: Wazuh server certificates created.
[root@redhat9 vagrant]# ls -la wazuh-certificates/
total 36
drwxr--r--. 2 root root 170 Jan 24 13:09 .
drwx------. 5 vagrant vagrant 4096 Jan 24 13:09 ..
-rwxr--r--. 1 root root 1708 Jan 24 13:09 root-ca.key
-rwxr--r--. 1 root root 1204 Jan 24 13:09 root-ca.pem
-rwxr--r--. 1 root root 1704 Jan 24 13:09 wazuh-1-key.pem
-rwxr--r--. 1 root root 1338 Jan 24 13:09 wazuh-1.pem
-rwxr--r--. 1 root root 1704 Jan 24 13:09 wazuh-2-key.pem
-rwxr--r--. 1 root root 1310 Jan 24 13:09 wazuh-2.pem
-rwxr--r--. 1 root root 1704 Jan 24 13:09 wazuh-3-key.pem
-rwxr--r--. 1 root root 1277 Jan 24 13:09 wazuh-3.pem
[root@redhat9 vagrant]# openssl x509 -in wazuh-certificates/wazuh-1.pem -noout -text | grep DNS
DNS:ip-10-0-2-193.us-west-1.compute.internal, IP Address:192.168.56.250
[root@redhat9 vagrant]# openssl x509 -in wazuh-certificates/wazuh-2.pem -noout -text | grep IP
DNS:info.wazuh.com, IP Address:192.168.56.251, IP Address:10.10.0.250
[root@redhat9 vagrant]# openssl x509 -in wazuh-certificates/wazuh-3.pem -noout -text | grep IP
IP Address:10.10.25.250
|
Update ReportInstallation🟢 The installation didn't stop and finished successfully: Show console log[root@redhat9 vagrant]# bash wazuh-install.sh -a -i
24/01/2024 15:15:24 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0
24/01/2024 15:15:24 INFO: Verbose logging redirected to /var/log/wazuh-install.log
24/01/2024 15:15:36 WARNING: Hardware and system checks ignored.
24/01/2024 15:15:36 INFO: Wazuh web interface port will be 443.
24/01/2024 15:15:40 INFO: Wazuh development repository added.
24/01/2024 15:15:40 INFO: --- Configuration files ---
24/01/2024 15:15:40 INFO: Generating configuration files.
24/01/2024 15:15:42 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
24/01/2024 15:15:43 INFO: --- Wazuh indexer ---
24/01/2024 15:15:43 INFO: Starting Wazuh indexer installation.
24/01/2024 15:17:58 INFO: Wazuh indexer installation finished.
24/01/2024 15:17:58 INFO: Wazuh indexer post-install configuration finished.
24/01/2024 15:17:58 INFO: Starting service wazuh-indexer.
24/01/2024 15:18:36 INFO: wazuh-indexer service started.
24/01/2024 15:18:36 INFO: Initializing Wazuh indexer cluster security settings.
24/01/2024 15:18:59 INFO: Wazuh indexer cluster security configuration initialized.
24/01/2024 15:19:04 INFO: The Wazuh indexer cluster ISM initialized.
24/01/2024 15:19:04 INFO: Wazuh indexer cluster initialized.
24/01/2024 15:19:04 INFO: --- Wazuh server ---
24/01/2024 15:19:04 INFO: Starting the Wazuh manager installation.
24/01/2024 15:21:08 INFO: Wazuh manager installation finished.
24/01/2024 15:21:08 INFO: Wazuh manager vulnerability detection configuration finished.
24/01/2024 15:21:08 INFO: Starting service wazuh-manager.
24/01/2024 15:21:29 INFO: wazuh-manager service started.
24/01/2024 15:21:29 INFO: Starting Filebeat installation.
24/01/2024 15:21:54 INFO: Filebeat installation finished.
24/01/2024 15:21:56 INFO: Filebeat post-install configuration finished.
24/01/2024 15:21:56 INFO: Starting service filebeat.
24/01/2024 15:21:58 INFO: filebeat service started.
24/01/2024 15:21:58 INFO: --- Wazuh dashboard ---
24/01/2024 15:21:58 INFO: Starting Wazuh dashboard installation.
^[[A24/01/2024 15:25:03 INFO: Wazuh dashboard installation finished.
24/01/2024 15:25:03 INFO: Wazuh dashboard post-install configuration finished.
24/01/2024 15:25:03 INFO: Starting service wazuh-dashboard.
24/01/2024 15:25:04 INFO: wazuh-dashboard service started.
24/01/2024 15:25:13 INFO: Updating the internal users.
24/01/2024 15:25:32 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
24/01/2024 15:27:20 INFO: Initializing Wazuh dashboard web application.
24/01/2024 15:27:23 INFO: Wazuh dashboard web application initialized.
24/01/2024 15:27:23 INFO: --- Summary ---
24/01/2024 15:27:23 INFO: You can access the web interface https://<wazuh-dashboard-ip>:443
User: admin
Password: Lqc6aZ0C30zTqQBsX2Gm+VNVYIXVrabv
24/01/2024 15:27:23 INFO: Installation finished.Show log - wazuh-install.log[root@redhat9 vagrant]# cat /var/log/wazuh-install.log
24/01/2024 15:15:24 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0
24/01/2024 15:15:24 INFO: Verbose logging redirected to /var/log/wazuh-install.log
0 files removed
24/01/2024 15:15:36 WARNING: Hardware and system checks ignored.
24/01/2024 15:15:36 INFO: Wazuh web interface port will be 443.
[wazuh]
gpgcheck=1
gpgkey=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
enabled=1
name=EL-${releasever} - Wazuh
baseurl=https://packages-dev.wazuh.com/pre-release/yum/
protect=1
24/01/2024 15:15:40 INFO: Wazuh development repository added.
24/01/2024 15:15:40 INFO: --- Configuration files ---
24/01/2024 15:15:40 INFO: Generating configuration files.
...+...+..+...+...+.+.....+....+..+..........+...+..+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*....+...+..+......+.......+..+.+......+......+..+..........+...+.....+...+....+..+.+.....+..................+.+...+.....+.+..+.........+....+...........+..................+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*....+.+........+.........+..................+.........+.+...+..+....+...+.....+.+......+.........+.....+.+.....+...+......+............+....+...+..+...+...+..........+.....+...+.......+.................+......+....+.....+.+......+...............+...........+....+...+.....+......+...............+......+...+...+.......+.....+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
.....+..+...+....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+......+...+............+...+......+.+...+.........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+....+.....+....+......+.....................+.........+.........+..+...+......+......+.+..+.+....................+.+......+...+.....+.......+.....+.......+......+.....+............+...+....+..+.........+.........+.+...........+.+.....+...............+...+....+.....+..........+......+......+......+........+....+.....+.+.....+.......+........+.+..............+.+...+..+......+..........+..+.+..............+......+..........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
Certificate request self-signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = admin
...+.........+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.....+..+.......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+..+............................+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
..+..+......+.........+....+..+...+....+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*...+........+...+....+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*....+...+...+..+...+...+.+.....+.........+.+....................+...+......+....+......+.....+......+.+...+......+...+..+....+......+...+.....+............+.+...+.....+.......+..+......+.......+............+..................+...+..+............+...+...+................+...+..................+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
Certificate request self-signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-indexer
.+..+.......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+..+..........+...+..+...+......+.+......+.........+...+...+..+.+...........+.+........+..............................+.......+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*......+..................+...+......+...+.....+...+...+................+...+.....+.+......+.....+.............+..+.+..+...+.........+......+.......+.....+...+....+.........+..+..................+......+....+...........+....+......+...+..+.+........+......+.....................+....+.....+...+...+...+.+...+........+.......+...........+.........+.+..+....+...+..............................+..+.+..+............+...+.+.....+.........+.+......+........+.......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
..+..........+..+...+............+............+.+.........+........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*....+...+......+..+...+.......+..+.+..............+.......+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*................+...+...+.........+....+............+...+...........+......+..........+...+.........+...+.................+...+.........+.+..+.......+...........+...+....+......+...............+.....+.+...+.....+...+...+.........+.+...........+.+............+.....+......+....+..+.+...+.....+....+..+..........+.........+..+...+....+.....+.......+.....+....+......+.....+.+...........................+..+....+...........+....+.........+..+...+.+..+...+......................+..+.+............+.....+..........+..+..........+..+.+........+....+..+.+............+......+..+...+.........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
Certificate request self-signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-server
.........+..+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+...+..............+......+.+.....+....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.........+............+.......+........+....+.....+....+.....+......+.+..+.+.........+.....+.+..............+......+.+.....................+.........+...+.....+......+...............+......+...+...+....+.........+............+...+..+....+.........+...........+.+.....+.......+.....+......+......+....+........................+.....+.+..+....+...............+.....+.+.........+......+..+...+....+......+..+......+......+......+...+.......+...+...........+.............+......+.........+..+...................+............+..+............+....+.....+....+........+.......+.....+......+.......+..+...+...+......+...+.+......+......+..............+.+..+...+...+..........+.........+.....+.+..+.........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
...+............+.........+...+.......+.....+....+..+...+.+......+.....+.......+...+...+..............+.......+.....+......+....+...........+...+....+...........+......+......+.........+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.......+....+...+.....+.+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*...............+....+.........+..+......+............+...+.......+...+........+.+.....+....+..+.......+........+.......+..+...............+.+..................+..+.............+..+...+....+......+.....+.+..............+.......+..+...+.......+...........+......+.+..+...+...............+...+.........+.+...........+....+...........+.+..+.......+.....+......+....+.....+.+............+..+.............+.....+.+......+...+...+..+.......+......+..............+.+..+...+....+.....+.+...............+........+....+......+......+........+......................+........+............+...............+.+.....+...+.+.....+......+...+..........+......+.....+...+...+.......+.................+....+.....+......+.+........+....+...+.....+....+.....+.+.....+..........+...+..+............+...............+.......+...+...+..+......+.+......+.....+...+.+...+..+..........+.....+...............+...+.+..............+..........+......+..+..........+...+......+...............+...+...........+.+...+...+.....+.........+.............+......+.........+...+.....+.......+..+.+........+.+.....+....+..............+......+............+.........+.+............+..+....+.....+.+........+.......+......+..+......+............+....+...+........+....+..................+..+....+..+...............+...+.......+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
Certificate request self-signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-dashboard
24/01/2024 15:15:42 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
24/01/2024 15:15:43 INFO: --- Wazuh indexer ---
24/01/2024 15:15:43 INFO: Starting Wazuh indexer installation.
Extra Packages for Enterprise Linux 9 - x86_64 9.0 MB/s | 20 MB 00:02
EL-9 - Wazuh 7.5 MB/s | 24 MB 00:03
Last metadata expiration check: 0:00:11 ago on Wed 24 Jan 2024 03:16:00 PM UTC.
Dependencies resolved.
================================================================================
Package Architecture Version Repository Size
================================================================================
Installing:
wazuh-indexer x86_64 4.8.0-1 wazuh 743 M
Transaction Summary
================================================================================
Install 1 Package
Total download size: 743 M
Installed size: 1.0 G
Downloading Packages:
wazuh-indexer-4.8.0-1.x86_64.rpm 30 MB/s | 743 MB 00:25
--------------------------------------------------------------------------------
Total 30 MB/s | 743 MB 00:25
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Running scriptlet: wazuh-indexer-4.8.0-1.x86_64 1/1
Installing : wazuh-indexer-4.8.0-1.x86_64 1/1
Running scriptlet: wazuh-indexer-4.8.0-1.x86_64 1/1
Created opensearch keystore in /etc/wazuh-indexer/opensearch.keystore
Couldn't write '64' to 'kernel/random/read_wakeup_threshold', ignoring: No such file or directory
Verifying : wazuh-indexer-4.8.0-1.x86_64 1/1
Installed products updated.
Installed:
wazuh-indexer-4.8.0-1.x86_64
Complete!
24/01/2024 15:17:58 INFO: Wazuh indexer installation finished.
24/01/2024 15:17:58 INFO: Wazuh indexer post-install configuration finished.
24/01/2024 15:17:58 INFO: Starting service wazuh-indexer.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service → /usr/lib/systemd/system/wazuh-indexer.service.
24/01/2024 15:18:36 INFO: wazuh-indexer service started.
24/01/2024 15:18:36 INFO: Initializing Wazuh indexer cluster security settings.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.10.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index does not exists, attempt to create it ... done (0-all replicas)
Populate config from /etc/wazuh-indexer/opensearch-security/
Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml
SUCC: Configuration for 'config' created or updated
Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml
SUCC: Configuration for 'roles' created or updated
Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml
SUCC: Configuration for 'rolesmapping' created or updated
Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml
SUCC: Configuration for 'internalusers' created or updated
Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml
SUCC: Configuration for 'actiongroups' created or updated
Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml
SUCC: Configuration for 'tenants' created or updated
Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml
SUCC: Configuration for 'nodesdn' created or updated
Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml
SUCC: Configuration for 'whitelist' created or updated
Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml
SUCC: Configuration for 'audit' created or updated
Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml
SUCC: Configuration for 'allowlist' created or updated
SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null
Done with success
24/01/2024 15:18:59 INFO: Wazuh indexer cluster security configuration initialized.
Will create 'wazuh' index template
SUCC: 'wazuh' template created or updated
Will create 'ism_history_indices' index template
SUCC: 'ism_history_indices' template created or updated
Will disable replicas for 'plugins.index_state_management.history' indices
SUCC: cluster's settings saved
Will create index templates to configure the alias
SUCC: 'wazuh-alerts' template created or updated
SUCC: 'wazuh-archives' template created or updated
Will create the 'rollover_policy' policy
SUCC: 'rollover_policy' policy created
Will create initial indices for the aliases
SUCC: 'wazuh-alerts' write index created
SUCC: 'wazuh-archives' write index created
SUCC: Indexer ISM initialization finished successfully.
24/01/2024 15:19:04 INFO: The Wazuh indexer cluster ISM initialized.
24/01/2024 15:19:04 INFO: Wazuh indexer cluster initialized.
24/01/2024 15:19:04 INFO: --- Wazuh server ---
24/01/2024 15:19:04 INFO: Starting the Wazuh manager installation.
Last metadata expiration check: 0:03:06 ago on Wed 24 Jan 2024 03:16:00 PM UTC.
Dependencies resolved.
================================================================================
Package Architecture Version Repository Size
================================================================================
Installing:
wazuh-manager x86_64 4.8.0-1 wazuh 350 M
Transaction Summary
================================================================================
Install 1 Package
Total download size: 350 M
Installed size: 854 M
Downloading Packages:
wazuh-manager-4.8.0-1.x86_64.rpm 33 MB/s | 350 MB 00:10
--------------------------------------------------------------------------------
Total 32 MB/s | 350 MB 00:10
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Running scriptlet: wazuh-manager-4.8.0-1.x86_64 1/1
Installing : wazuh-manager-4.8.0-1.x86_64 1/1
Running scriptlet: wazuh-manager-4.8.0-1.x86_64 1/1
Verifying : wazuh-manager-4.8.0-1.x86_64 1/1
Installed products updated.
Installed:
wazuh-manager-4.8.0-1.x86_64
Complete!
24/01/2024 15:21:08 INFO: Wazuh manager installation finished.
24/01/2024 15:21:08 INFO: Wazuh manager vulnerability detection configuration finished.
24/01/2024 15:21:08 INFO: Starting service wazuh-manager.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-manager.service → /usr/lib/systemd/system/wazuh-manager.service.
24/01/2024 15:21:29 INFO: wazuh-manager service started.
24/01/2024 15:21:29 INFO: Starting Filebeat installation.
Installed:
filebeat-7.10.2-1.x86_64
24/01/2024 15:21:54 INFO: Filebeat installation finished.
wazuh/
wazuh/archives/
wazuh/archives/ingest/
wazuh/archives/ingest/pipeline.json
wazuh/archives/config/
wazuh/archives/config/archives.yml
wazuh/archives/manifest.yml
wazuh/_meta/
wazuh/_meta/config.yml
wazuh/_meta/docs.asciidoc
wazuh/_meta/fields.yml
wazuh/alerts/
wazuh/alerts/ingest/
wazuh/alerts/ingest/pipeline.json
wazuh/alerts/config/
wazuh/alerts/config/alerts.yml
wazuh/alerts/manifest.yml
wazuh/module.yml
Created filebeat keystore
Successfully updated the keystore
Successfully updated the keystore
24/01/2024 15:21:56 INFO: Filebeat post-install configuration finished.
24/01/2024 15:21:56 INFO: Starting service filebeat.
Created symlink /etc/systemd/system/multi-user.target.wants/filebeat.service → /usr/lib/systemd/system/filebeat.service.
24/01/2024 15:21:58 INFO: filebeat service started.
24/01/2024 15:21:58 INFO: --- Wazuh dashboard ---
24/01/2024 15:21:58 INFO: Starting Wazuh dashboard installation.
Last metadata expiration check: 0:06:00 ago on Wed 24 Jan 2024 03:16:00 PM UTC.
Dependencies resolved.
================================================================================
Package Architecture Version Repository Size
================================================================================
Installing:
wazuh-dashboard x86_64 4.8.0-1 wazuh 273 M
Transaction Summary
================================================================================
Install 1 Package
Total download size: 273 M
Installed size: 902 M
Downloading Packages:
wazuh-dashboard-4.8.0-1.x86_64.rpm 27 MB/s | 273 MB 00:09
--------------------------------------------------------------------------------
Total 27 MB/s | 273 MB 00:10
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Running scriptlet: wazuh-dashboard-4.8.0-1.x86_64 1/1
Installing : wazuh-dashboard-4.8.0-1.x86_64 1/1
Running scriptlet: wazuh-dashboard-4.8.0-1.x86_64 1/1
Verifying : wazuh-dashboard-4.8.0-1.x86_64 1/1
Installed products updated.
Installed:
wazuh-dashboard-4.8.0-1.x86_64
Complete!
24/01/2024 15:25:03 INFO: Wazuh dashboard installation finished.
24/01/2024 15:25:03 INFO: Wazuh dashboard post-install configuration finished.
24/01/2024 15:25:03 INFO: Starting service wazuh-dashboard.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service → /etc/systemd/system/wazuh-dashboard.service.
24/01/2024 15:25:04 INFO: wazuh-dashboard service started.
24/01/2024 15:25:13 INFO: Updating the internal users.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.10.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml
SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml
Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml
SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml
Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml
SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml
Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml
SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml
Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml
SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml
Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml
SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml
Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml
SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml
Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml
SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml
Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml
SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml
Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml
SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml
24/01/2024 15:25:32 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.10.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml
SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml
Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml
SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml
Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml
SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml
Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml
SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml
Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml
SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml
Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml
SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml
Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml
SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml
Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml
SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml
Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml
SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml
Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml
SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml
Successfully updated the keystore
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.10.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Populate config from /home/vagrant
Force type: internalusers
Will update '/internalusers' with /etc/wazuh-indexer/backup/internal_users.yml
SUCC: Configuration for 'internalusers' created or updated
SUCC: Expected 1 config types for node {"updated_config_types":["internalusers"],"updated_config_size":1,"message":null} is 1 (["internalusers"]) due to: null
Done with success
24/01/2024 15:27:20 INFO: Initializing Wazuh dashboard web application.
24/01/2024 15:27:23 INFO: Wazuh dashboard web application initialized.
24/01/2024 15:27:23 INFO: Installation finished.
Errors were found in the [root@redhat9 vagrant]# cat /var/ossec/logs/ossec.log | grep -i -E "error|warn"
2024/01/24 16:54:45 wazuh-modulesd:content-updater: ERROR: Action for 'vulnerability_feed_manager' failed: Orchestration run failed: Error -1 from server: Couldn't resolve host nameThe Wazuh indexer service was successfully activated: ● wazuh-indexer.service - Wazuh-indexer
Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; enabled; preset: disabled)
Active: active (running) since Wed 2024-01-24 15:18:35 UTC; 10min ago
Docs: https://documentation.wazuh.com
Main PID: 6332 (java)
Tasks: 62 (limit: 4688)
Memory: 366.5M
CPU: 1min 23.761s
CGroup: /system.slice/wazuh-indexer.service
└─6332 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=t>
Jan 24 15:17:59 redhat9 systemd[1]: Starting Wazuh-indexer...
Jan 24 15:18:02 redhat9 systemd-entrypoint[6332]: WARNING: A terminally deprecated method in java.lang.System has been called
Jan 24 15:18:02 redhat9 systemd-entrypoint[6332]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
Jan 24 15:18:02 redhat9 systemd-entrypoint[6332]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch
Jan 24 15:18:02 redhat9 systemd-entrypoint[6332]: WARNING: System::setSecurityManager will be removed in a future release
Jan 24 15:18:06 redhat9 systemd-entrypoint[6332]: WARNING: A terminally deprecated method in java.lang.System has been called
Jan 24 15:18:06 redhat9 systemd-entrypoint[6332]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
Jan 24 15:18:06 redhat9 systemd-entrypoint[6332]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
Jan 24 15:18:06 redhat9 systemd-entrypoint[6332]: WARNING: System::setSecurityManager will be removed in a future release[root@redhat9 vagrant]# cat /etc/wazuh-indexer/opensearch.yml
network.host: "127.0.0.1"
node.name: "node-1"
cluster.initial_master_nodes:
- "node-1"
cluster.name: "wazuh-cluster"
node.max_local_storage_nodes: "3"
path.data: /var/lib/wazuh-indexer
path.logs: /var/log/wazuh-indexer
plugins.security.ssl.http.pemcert_filepath: /etc/wazuh-indexer/certs/wazuh-indexer.pem
plugins.security.ssl.http.pemkey_filepath: /etc/wazuh-indexer/certs/wazuh-indexer-key.pem
plugins.security.ssl.http.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem
plugins.security.ssl.transport.pemcert_filepath: /etc/wazuh-indexer/certs/wazuh-indexer.pem
plugins.security.ssl.transport.pemkey_filepath: /etc/wazuh-indexer/certs/wazuh-indexer-key.pem
plugins.security.ssl.transport.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem
plugins.security.ssl.http.enabled: true
plugins.security.ssl.transport.enforce_hostname_verification: false
plugins.security.ssl.transport.resolve_hostname: false
plugins.security.ssl.http.enabled_ciphers:
- "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"
- "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"
- "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"
- "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"
plugins.security.ssl.http.enabled_protocols:
- "TLSv1.2"
plugins.security.authcz.admin_dn:
- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
plugins.security.check_snapshot_restore_write_privileges: true
plugins.security.enable_snapshot_restore_privilege: true
plugins.security.nodes_dn:
- "CN=indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
plugins.security.restapi.roles_enabled:
- "all_access"
- "security_rest_api_access"
plugins.security.system_indices.enabled: true
plugins.security.system_indices.indices: [".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]
### Option to allow Filebeat-oss 7.10.2 to work ###
compatibility.override_main_response_version: true
[root@redhat9 vagrant]# cat /etc/wazuh-dashboard/opensearch_dashboards.yml
server.host: 0.0.0.0
opensearch.hosts: https://127.0.0.1:9200
server.port: 443
opensearch.ssl.verificationMode: certificate
# opensearch.username: kibanaserver
# opensearch.password: kibanaserver
opensearch.requestHeadersAllowlist: ["securitytenant","Authorization"]
opensearch_security.multitenancy.enabled: false
opensearch_security.readonly_mode.roles: ["kibana_read_only"]
server.ssl.enabled: true
server.ssl.key: "/etc/wazuh-dashboard/certs/wazuh-dashboard-key.pem"
server.ssl.certificate: "/etc/wazuh-dashboard/certs/wazuh-dashboard.pem"
opensearch.ssl.certificateAuthorities: ["/etc/wazuh-dashboard/certs/root-ca.pem"]
uiSettings.overrides.defaultRoute: /app/wz-home
opensearch_security.cookie.secure: true🔴 The problem seems to be the hosts:
- default:
url: https://localhost
port: 55000
username: wazuh-wui
password: "TCHJrSVBdonZpe7DXL+N4lzv*kzZMHWr"
run_as: falseThis value enables the IPv6, which is causing the problem. If the |
Update ReportDevelopmentIn the if [ -f "/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml" ]; then
eval "sed -i 's,url: https://localhost,url: https://${wazuh_api_address},g' /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml ${debug}"
fiBut this replacement is not done in the function dashboard_initializeAIO() {
common_logger "Initializing Wazuh dashboard web application."
installCommon_getPass "admin"
http_code=$(curl -XGET https://localhost:"${http_port}"/status -uadmin:"${u_pass}" -k -w %"{http_code}" -s -o /dev/null)
retries=0
max_dashboard_initialize_retries=20
while [ "${http_code}" -ne "200" ] && [ "${retries}" -lt "${max_dashboard_initialize_retries}" ]
do
http_code=$(curl -XGET https://localhost:"${http_port}"/status -uadmin:"${u_pass}" -k -w %"{http_code}" -s -o /dev/null)
common_logger "Wazuh dashboard web application not yet initialized. Waiting..."
retries=$((retries+1))
sleep 15
done
if [ "${http_code}" -eq "200" ]; then
if [ -f "/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml" ]; then
eval "sed -i 's,url: https://localhost,url: https://127.0.0.1,g' /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml ${debug}"
fi
common_logger "Wazuh dashboard web application initialized."
common_logger -nl "--- Summary ---"
common_logger -nl "You can access the web interface https://<wazuh-dashboard-ip>:${http_port}\n User: admin\n Password: ${u_pass}"
else
common_logger -e "Wazuh dashboard installation failed."
installCommon_rollBack
exit 1
fi
}
[root@redhat9 vagrant]# netstat -tuln
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:55000 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:1514 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:1515 0.0.0.0:* LISTEN
tcp6 0 0 127.0.0.1:9300 :::* LISTEN
tcp6 0 0 :::22 :::* LISTEN
tcp6 0 0 127.0.0.1:9200 :::* LISTEN
udp 0 0 127.0.0.1:323 0.0.0.0:*
udp6 0 0 ::1:323
[root@redhat9 vagrant]# cat /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml | grep "url: https://127" -A 5
url: https://127.0.0.1
port: 55000
username: wazuh-wui
password: "iKxH?70x*gvfha2FX1TacgmJJxF3QOYK"
run_as: false
[root@redhat9 vagrant]# |
This was referenced Apr 23, 2024
Closed
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I have experienced a problem with the all-in-one installation with RHEL 9.
I have followed the documentation, and executed the command:
curl -sO https://packages-dev.wazuh.com/4.8/wazuh-install.sh && sudo bash ./wazuh-install.sh -aBut it gets blocked in the indexer when it reaches this step:
INFO: Starting service wazuh-dashboard. Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service → /etc/systemd/system/wazuh-dashboard.service.I have tried to give more CPU and memory but the same thing happens and I have also used the command with the -i parameter but it still blocks in the same place.
Finally, I did the installation again in exactly the same way but this time on RHEL 8, and everything worked correctly.
The text was updated successfully, but these errors were encountered: