-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Release 4.6.0 - Alpha 1 - E2E UX tests - Configuration assessment #18833
Comments
Environment 🟢Set up the environment with Vagrantfile
System informationIndexer 🟢OS information
Indexer 2 🟢OS information
Manager 🟢OS information
Dashboard 🟢OS information
Wazuh Agent - Debian 10 🟢OS information
Wazuh Agent - Fedora 38 🟢OS information
Wazuh Agent - macOS 🟢OS information
Wazuh Agent - Windows server 2016 x86_64 🟢 |
Install environmentAn issue 234 was opened due to the fact that during the environment installation, the indexer does not correctly perform its installation. It seems that everything was an IP configuration problem.. Wazuh Indexer 🟢Initial configuration[vagrant@indexer ~]$ sudo su
[root@indexer vagrant]# curl -sO https://packages-dev.wazuh.com/4.6/wazuh-install.sh
[root@indexer vagrant]# curl -sO https://packages-dev.wazuh.com/4.6/config.yml
[root@indexer vagrant]# nano config.yml
[root@indexer vagrant]# cat config.yml
nodes:
# Wazuh indexer nodes
indexer:
- name: node-1
ip: 192.168.56.101
- name: node-2
ip: "192.168.56102
#- name: node-3
# ip: "<indexer-node-ip>"
# Wazuh server nodes
# If there is more than one Wazuh server
# node, each one must have a node_type
server:
- name: wazuh-1
ip: 192.168.56.103
# node_type: master
#- name: wazuh-2
# ip: "<wazuh-manager-ip>"
# node_type: worker
#- name: wazuh-3
# ip: "<wazuh-manager-ip>"
# node_type: worker
# Wazuh dashboard nodes
dashboard:
- name: dashboard
ip: 192.168.56.104
[root@indexer vagrant]# bash wazuh-install.sh --generate-config-files -i
08/09/2023 13:19:59 INFO: Starting Wazuh installation assistant. Wazuh version: 4.6.0
08/09/2023 13:19:59 INFO: Verbose logging redirected to /var/log/wazuh-install.log
08/09/2023 13:20:05 WARNING: Hardware and system checks ignored.
08/09/2023 13:20:05 INFO: --- Configuration files ---
08/09/2023 13:20:05 INFO: Generating configuration files.
08/09/2023 13:20:07 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
[root@indexer vagrant]# bash wazuh-install.sh --wazuh-indexer node-1 -i
11/09/2023 09:54:46 INFO: Starting Wazuh installation assistant. Wazuh version: 4.6.0
11/09/2023 09:54:46 INFO: Verbose logging redirected to /var/log/wazuh-install.log
11/09/2023 09:54:53 WARNING: Hardware and system checks ignored.
11/09/2023 09:54:55 INFO: Wazuh development repository added.
11/09/2023 09:54:55 INFO: --- Wazuh indexer ---
11/09/2023 09:54:55 INFO: Starting Wazuh indexer installation.
11/09/2023 09:56:06 INFO: Wazuh indexer installation finished.
11/09/2023 09:56:06 INFO: Wazuh indexer post-install configuration finished.
11/09/2023 09:56:06 INFO: Starting service wazuh-indexer.
11/09/2023 09:56:50 INFO: wazuh-indexer service started.
11/09/2023 09:56:50 INFO: Initializing Wazuh indexer cluster security settings.
11/09/2023 09:56:50 INFO: Wazuh indexer cluster initialized.
11/09/2023 09:56:50 INFO: Installation finished.
[root@indexer vagrant]# bash wazuh-install.sh --start-cluster -i
11/09/2023 11:36:28 INFO: Starting Wazuh installation assistant. Wazuh version: 4.6.0
11/09/2023 11:36:28 INFO: Verbose logging redirected to /var/log/wazuh-install.log
11/09/2023 11:36:35 WARNING: Hardware and system checks ignored.
11/09/2023 11:36:43 INFO: Wazuh indexer cluster security configuration initialized.
11/09/2023 11:37:43 INFO: Wazuh indexer cluster started.
Start the indexer cluster[root@indexer vagrant]# tar -axf wazuh-install-files.tar wazuh-install-files/wazuh-passwords.txt -O | grep -P "\'admin\'" -A 1
indexer_username: 'admin'
indexer_password: 'LToKtl?rGkUL+VBqkJxFF3ZDqSb8QRkS' [root@indexer vagrant]# curl -k -u admin:LToKtl?rGkUL+VBqkJxFF3ZDqSb8QRkS https://192.168.56.101:9200
{
"name" : "node-1",
"cluster_name" : "wazuh-indexer-cluster",
"cluster_uuid" : "KjSQmPCdQK69lTrsWH7gbw",
"version" : {
"number" : "7.10.2",
"build_type" : "rpm",
"build_hash" : "db90a415ff2fd428b4f7b3f800a51dc229287cb4",
"build_date" : "2023-06-03T06:24:25.112415503Z",
"build_snapshot" : false,
"lucene_version" : "9.6.0",
"minimum_wire_compatibility_version" : "7.10.0",
"minimum_index_compatibility_version" : "7.0.0"
},
"tagline" : "The OpenSearch Project: https://opensearch.org/"
Wazuh Indexer2 🟢Initial configuration[vagrant@indexer2 ~]$ sudo su
[root@indexer2 vagrant]# curl -sO https://packages-dev.wazuh.com/4.6/wazuh-install.sh [root@indexer2 vagrant]# bash wazuh-install.sh --wazuh-indexer node-2 -i
11/09/2023 09:54:46 INFO: Starting Wazuh installation assistant. Wazuh version: 4.6.0
11/09/2023 09:54:46 INFO: Verbose logging redirected to /var/log/wazuh-install.log
11/09/2023 09:54:53 WARNING: Hardware and system checks ignored.
11/09/2023 09:54:55 INFO: Wazuh development repository added.
11/09/2023 09:54:55 INFO: --- Wazuh indexer ---
11/09/2023 09:54:55 INFO: Starting Wazuh indexer installation.
11/09/2023 09:56:06 INFO: Wazuh indexer installation finished.
11/09/2023 09:56:06 INFO: Wazuh indexer post-install configuration finished.
11/09/2023 09:56:06 INFO: Starting service wazuh-indexer.
11/09/2023 09:56:50 INFO: wazuh-indexer service started.
11/09/2023 09:56:50 INFO: Initializing Wazuh indexer cluster security settings.
11/09/2023 09:56:50 INFO: Wazuh indexer cluster initialized.
11/09/2023 09:56:50 INFO: Installation finished. Start the indexer cluster[root@indexer2 vagrant]# tar -axf wazuh-install-files.tar wazuh-install-files/wazuh-passwords.txt -O | grep -P "\'admin\'" -A 1
indexer_username: 'admin'
indexer_password: 'LToKtl?rGkUL+VBqkJxFF3ZDqSb8QRkS'
[root@indexer2 vagrant]# curl -k -u admin:LToKtl?rGkUL+VBqkJxFF3ZDqSb8QRkS https://192.168.56.102:9200
{
"name" : "node-2",
"cluster_name" : "wazuh-indexer-cluster",
"cluster_uuid" : "KjSQmPCdQK69lTrsWH7gbw",
"version" : {
"number" : "7.10.2",
"build_type" : "rpm",
"build_hash" : "db90a415ff2fd428b4f7b3f800a51dc229287cb4",
"build_date" : "2023-06-03T06:24:25.112415503Z",
"build_snapshot" : false,
"lucene_version" : "9.6.0",
"minimum_wire_compatibility_version" : "7.10.0",
"minimum_index_compatibility_version" : "7.0.0"
},
"tagline" : "The OpenSearch Project: https://opensearch.org/"
}
Wazuh server 🟢Wazuh server installation[root@manager vagrant]# curl -sO https://packages-dev.wazuh.com/4.6/wazuh-install.sh
[root@manager vagrant]# bash wazuh-install.sh --wazuh-server wazuh-1 -i
11/09/2023 14:36:39 INFO: Starting Wazuh installation assistant. Wazuh version: 4.6.0
11/09/2023 14:36:39 INFO: Verbose logging redirected to /var/log/wazuh-install.log
11/09/2023 14:36:47 WARNING: Hardware and system checks ignored.
11/09/2023 14:36:48 INFO: Wazuh development repository added.
11/09/2023 14:36:49 INFO: --- Wazuh server ---
11/09/2023 14:36:49 INFO: Starting the Wazuh manager installation.
11/09/2023 14:38:04 INFO: Wazuh manager installation finished.
11/09/2023 14:38:04 INFO: Starting service wazuh-manager.
11/09/2023 14:38:19 INFO: wazuh-manager service started.
11/09/2023 14:38:19 INFO: Starting Filebeat installation.
11/09/2023 14:38:28 INFO: Filebeat installation finished.
11/09/2023 14:38:30 INFO: Filebeat post-install configuration finished.
11/09/2023 14:38:36 INFO: Starting service filebeat.
11/09/2023 14:38:37 INFO: filebeat service started.
11/09/2023 14:38:37 INFO: Installation finished.
[root@manager vagrant]# /var/ossec/bin/wazuh-control status
wazuh-clusterd not running...
wazuh-modulesd is running...
wazuh-monitord is running...
wazuh-logcollector is running...
wazuh-remoted is running...
wazuh-syscheckd is running...
wazuh-analysisd is running...
wazuh-maild not running...
wazuh-execd is running...
wazuh-db is running...
wazuh-authd is running...
wazuh-agentlessd not running...
wazuh-integratord not running...
wazuh-dbd not running...
wazuh-csyslogd not running...
wazuh-apid is running...
Wazuh dashboard 🟢Wazuh dashboard installation[root@dashboard vagrant]# curl -sO https://packages-dev.wazuh.com/4.6/wazuh-install.sh
[root@dashboard vagrant]# bash wazuh-install.sh --wazuh-dashboard dashboard -i
11/09/2023 14:47:08 INFO: Starting Wazuh installation assistant. Wazuh version: 4.6.0
11/09/2023 14:47:08 INFO: Verbose logging redirected to /var/log/wazuh-install.log
11/09/2023 14:47:11 INFO: --- Dependencies ---
11/09/2023 14:47:11 INFO: Installing lsof.
11/09/2023 14:47:20 WARNING: Hardware and system checks ignored.
11/09/2023 14:47:20 INFO: Wazuh web interface port will be 443.
11/09/2023 14:47:22 INFO: Wazuh development repository added.
11/09/2023 14:47:22 INFO: --- Wazuh dashboard ----
11/09/2023 14:47:26 INFO: --- Dependencies ---
11/09/2023 14:47:26 INFO: Installing chromium.
11/09/2023 14:48:35 INFO: Installing xorg-x11-fonts-100dpi.
11/09/2023 14:48:40 INFO: Installing xorg-x11-fonts-75dpi.
11/09/2023 14:48:44 INFO: Installing xorg-x11-utils.
11/09/2023 14:48:45 WARNING: Cannot install optional dependency: xorg-x11-utils.
11/09/2023 14:48:45 INFO: Installing xorg-x11-fonts-cyrillic.
11/09/2023 14:48:48 INFO: Installing xorg-x11-fonts-Type1.
11/09/2023 14:48:51 INFO: Installing xorg-x11-fonts-misc.
11/09/2023 14:48:56 WARNING: Wazuh dashboard dependencies skipped. PDF report generation may not work.
11/09/2023 14:48:56 INFO: Starting Wazuh dashboard installation.
11/09/2023 14:51:31 INFO: Wazuh dashboard installation finished.
11/09/2023 14:51:31 INFO: Wazuh dashboard post-install configuration finished.
11/09/2023 14:51:31 INFO: Starting service wazuh-dashboard.
11/09/2023 14:51:32 INFO: wazuh-dashboard service started.
11/09/2023 14:51:52 INFO: Initializing Wazuh dashboard web application.
11/09/2023 14:51:53 INFO: Wazuh dashboard web application initialized.
11/09/2023 14:51:53 INFO: --- Summary ---
11/09/2023 14:51:53 INFO: You can access the web interface https://192.168.56.104:443
User: admin
Password: LToKtl?rGkUL+VBqkJxFF3ZDqSb8QRkS
11/09/2023 14:51:53 INFO: Installation finished. Print passwords[root@dashboard vagrant]# tar -O -xvf wazuh-install-files.tar wazuh-install-files/wazuh-passwords.txt
wazuh-install-files/wazuh-passwords.txt
# Admin user for the web user interface and Wazuh indexer. Use this user to log in to Wazuh dashboard
indexer_username: 'admin'
indexer_password: 'LToKtl?rGkUL+VBqkJxFF3ZDqSb8QRkS'
# Wazuh dashboard user for establishing the connection with Wazuh indexer
indexer_username: 'kibanaserver'
indexer_password: '3Ap5k+6mp+Nb.fyCZCarrs2czJN9A4r7'
# Regular Dashboard user, only has read permissions to all indices and all permissions on the .kibana index
indexer_username: 'kibanaro'
indexer_password: 'ineJX8nlm810.oPl8AkKJfTU37Gmm1XT'
# Filebeat user for CRUD operations on Wazuh indices
indexer_username: 'logstash'
indexer_password: 'Bw2qjuUjPLlL6MlzDm3FcvuC.7IJ?YyT'
# User with READ access to all indices
indexer_username: 'readall'
indexer_password: 'AaF+u5OkGx4xnCP?x6Av6.?**RtR2Zhe'
# User with permissions to perform snapshot and restore operations
indexer_username: 'snapshotrestore'
indexer_password: 'at6hprDREXA7+MZm+q.BesnlyZ9wkPUb'
# Password for wazuh API user
api_username: 'wazuh'
api_password: 'dxvsAj5FpSnYMBoc?OPv+P7ser?h5sOU'
# Password for wazuh-wui API user
api_username: 'wazuh-wui'
api_password: 'nSoSOWGzNLfl7K.tJ6wouwTWUm.Wze0F'
Dashboard URL 🟢Wazuh agent - Debian 🟢Wazuh agent - Fedora 🟢Wazuh agent - macOS 🟡Wazuh WUI using FQDNThe sh-3.2# curl -so wazuh-agent.pkg https://packages-dev.wazuh.com/pre-release/macos/wazuh-agent-4.6.0-1.arm64.pkg && echo -e "WAZUH_MANAGER='81.35.99.235'\nWAZUH_AGENT_GROUP='default'\nWAZUH_AGENT_NAME='macOS'\n" > /tmp/wazuh_envs && sudo installer -pkg ./wazuh-agent.pkg -target /
installer: Package name is Wazuh Agent
installer: Installing at base path /
installer: The install was successful.
sh-3.2# sudo /Library/Ossec/bin/wazuh-control start
2023/09/12 01:33:14 wazuh-agentd: ERROR: (4112): Invalid server address found: 'MANAGER_IP'
2023/09/12 01:33:14 wazuh-agentd: ERROR: (1215): No client configured. Exiting.
wazuh-agentd: Configuration error. Exiting It seems that this error is already reported in the following issue Accessing the Wazuh agent - windows 🟢 |
Check 2. Use and activate a custom policy for any of them 🟢Wazuh agent - DebianI created a custom policy in
This policy only has a check that ensure the Then, I created a the
Restart the agent
The following logs can be seen in the Wazuh agent logs
The In the Wazuh dashboard, we can see the results: If I delete the
The SCA check fails after restarting the Wazuh agent. |
Check 3. Disable an used policy and confirm it is not used anymore 🟢Wazuh agent-DebianDisabling the custom policy through the configuration file
After restarting the Wazuh agent, the following logs can be found in the agent:
Now the |
Check 4. Push SCA config through centralized config and check it applies properlyWazuh agent- Debian 🟢I created a new agent group through the UI called I created the following policy
And I enabled the sca.remote_commands in the
I added the following configuration to the centralized configuration of the
The agent was restarted and the following logs can be seen:
Note the
Wazuh agent- Fedora 🟡I created a new agent group through the UI called I created the following policy
And I enabled the sca.remote_commands in the
I added the following configuration to the centralized configuration of the
With the Fedora agent, it does not work as it should: This is because the Fedora operating system does not have an SCA policy as mentioned in this issue Wazuh agent- macOS 🟢I created a new agent group through the UI called I created the following policy
And I enabled the sca.remote_commands in the
I added the following configuration to the centralized configuration of the
The agent was restarted and the following logs can be seen:
Wazuh agent - Windows server 2016 🟡I created a new agent group through the UI called I created the following policy
I added the following configuration to the centralized configuration of the <agent_config>
<!-- Shared agent configuration here -->
<sca>
<policies>
<policy>shared/shared_custom_policy.yml</policy>
</policies>
</sca>
</agent_config> The agent was restarted and the following logs can be seen: It seems that the policy of searching for the custom_config file in I opened the following issue for investigation: #18981 |
There are a few typos that need to be corrected, but otherwise, LGTM!
And according to the last failure, after a test I was not able to replicate it (except in the case that there was no such file in the directory). But well, we will continue with the tests on the open issue: |
After verifying the problem with the following comment: I consider that as it is a mistake of the tester, it should not be considered as a failure. |
Agents deployment was not done using FQDN. macOS agent deployed with an incorrect architecture, as the deployment section mentioned using ARM. Please, correct the typos mentioned by @MarcelKemp here: #18833 (comment) |
Corrected typographical errors! |
LGTM! |
End-to-End (E2E) Testing Guideline
For the conclusions and the issue testing and updates, use the following legend:
Status legend
Deployment requirements
Test description
For the selected Wazuh Agent OS:
Known issues
Conclusions
Summarize the errors detected (Known Issues included). Illustrate using the table below, removing current examples:
WAZUH_MANAGER
variable did not work on the installationFeedback
We value your feedback. Please provide insights on your testing experience.
Everything was clear and without any ambiguity
No
Reviewers validation
The criteria for completing this task is based on the validation of the conclusions and the test results by all reviewers.
All the checkboxes below must be marked in order to close this issue.
The text was updated successfully, but these errors were encountered: